dsn_nsd: Increment serial number

Let's Encrypt could validate against any authoritative server and without
a bumped serial number, secondary servers never get a chance to update
TXT records.

dnsapi/dns_nsd.sh

@@ -3,6 +3,8 @@
 #Nsd_ZoneFile="/etc/nsd/zones/example.com.zone"
 #Nsd_Command="sudo nsd-control reload"
 
+########  Public functions #####################
+
 # args: fulldomain txtvalue
 dns_nsd_add() {
   fulldomain=$1
@@ -30,6 +32,7 @@ dns_nsd_add() {
   _savedomainconf Nsd_ZoneFile "$Nsd_ZoneFile"
   _savedomainconf Nsd_Command "$Nsd_Command"
 
+  _increment_serial || return 1
   echo "$fulldomain. $ttlvalue IN TXT \"$txtvalue\"" >>"$Nsd_ZoneFile"
   _info "Added TXT record for $fulldomain"
   _debug "Running $Nsd_Command"
@@ -51,6 +54,7 @@ dns_nsd_rm() {
   Nsd_ZoneFile="${Nsd_ZoneFile:-$(_readdomainconf Nsd_ZoneFile)}"
   Nsd_Command="${Nsd_Command:-$(_readdomainconf Nsd_Command)}"
 
+  _increment_serial || return 1
   sed -i "/$fulldomain. $ttlvalue IN TXT \"$txtvalue\"/d" "$Nsd_ZoneFile"
   _info "Removed TXT record for $fulldomain"
   _debug "Running $Nsd_Command"
@@ -62,3 +66,19 @@ dns_nsd_rm() {
     return 1
   fi
 }
+
+####################  Private functions below ##################################
+
+_increment_serial() {
+  tmpfile=$(mktemp) || return 1
+  awk '$3 == "SOA" {
+    if ($6 == "(") {
+      print "Multi-line SOA record not supported yet";
+      exit 1
+    } else
+      $6++
+  }
+  { print }' "$Nsd_ZoneFile" > "$tmpfile" || return 1
+  awk '{print}' "$tmpfile" > "$Nsd_ZoneFile"
+  rm -f "$tmpfile"
+}