[186] | 1 | #!/bin/sh -
|
---|
| 2 | #
|
---|
| 3 | # KISS Dynamic DNS service (no locking (hint lockf wrapper), no advanced checking)
|
---|
| 4 | # 'ping' is based on ssh call or CGI call
|
---|
| 5 | #
|
---|
[188] | 6 | # = PREREQUISITES =
|
---|
| 7 | # 1) Make sure your SOA is within the first 10 lines of your zone file and has
|
---|
| 8 | # the format YYYYMMDDNN
|
---|
| 9 | # 2) Make sure your DNS entries has zones like this to allow remote updating
|
---|
| 10 | # example 60 IN A 192.0.32.10
|
---|
| 11 | # example 60 IN TXT "dyndns"
|
---|
| 12 | #
|
---|
[186] | 13 | # = INSTALL - SSH =
|
---|
| 14 | # 1) Make sure to allow rndc reload in your sudoers file
|
---|
[187] | 15 | # ssh_user ALL=(ALL) NOPASSWD: /usr/sbin/rndc reload
|
---|
[186] | 16 | # 2) prefix your ssh authorized key to allow only this script
|
---|
[187] | 17 | # command="/home/ssh_user/dyndns/dyndns.sh"
|
---|
| 18 | # 3) Call for the remote host from crontab:
|
---|
| 19 | # ssh -a -p 1022 -i id_rsa dnsserver.example.net `hostname -s`
|
---|
[186] | 20 | #
|
---|
| 21 | # = INSTALL - CGI =
|
---|
[187] | 22 | # 1) Put your secret password in ``.cgi_secret''
|
---|
| 23 | # 2) Alter your apache configuration to allow executing the script
|
---|
| 24 | # ScriptAlias /dyndns /path/to/dyndns/dyndns.sh
|
---|
| 25 | # 1) Make sure to allow rndc reload in your sudoers file
|
---|
| 26 | # www_user ALL=(ALL) NOPASSWD: /usr/sbin/rndc reload
|
---|
| 27 | # 3) Call from the remote host from crontab:
|
---|
| 28 | # fetch -q -o - "http://dnsserver.example.net/dyndns/`hostname -s`/SECRET/"
|
---|
[186] | 29 | #
|
---|
| 30 | #
|
---|
[188] | 31 | # License: BSDLike - http://rickvanderzwet.nl/LICENSE
|
---|
[186] | 32 | # Rick van der Zwet <info@rickvanderzwet.nl>
|
---|
| 33 | #
|
---|
| 34 | ZONE='vanderzwet.net'
|
---|
| 35 | ZONEFILE="/etc/namedb/master/$ZONE"
|
---|
[187] | 36 | CGI_SECRET_FILE="`dirname $0`/.cgi_secret"
|
---|
[186] | 37 |
|
---|
| 38 | ### NO USER EDITABLE PARTS BELOW HERE ###
|
---|
[187] | 39 | exec 2>&1
|
---|
| 40 | if [ -n "$SSH_ORIGINAL_COMMAND" ]; then
|
---|
| 41 | # SSH specific details
|
---|
| 42 | HOSTNAME=`echo $SSH_ORIGINAL_COMMAND | tr -c -d '[a-zA-Z0-9\-_\.]' | cut -d ' ' -f 1 | cut -d '.' -f 1`
|
---|
| 43 | REMOTEIP=`echo $SSH_CLIENT | cut -d ' ' -f 1`
|
---|
| 44 | else
|
---|
| 45 | # CGI specific details
|
---|
| 46 | HOSTNAME=`echo $REQUEST_URI | tr -c -d '[a-zA-Z0-9\-_\./]' | awk -F/ '{print $3}'`
|
---|
| 47 | SECRET=`echo $REQUEST_URI | tr -c -d '[a-zA-Z0-9\-_\./\!_]' | awk -F/ '{print $4}'`
|
---|
| 48 | REMOTEIP=$REMOTE_ADDR
|
---|
| 49 | echo "Content-Type: text/plain"
|
---|
| 50 | echo ""
|
---|
| 51 | CGI_SECRET=`cat $CGI_SECRET_FILE`
|
---|
| 52 | if [ -z "$CGI_SECRET" ]; then
|
---|
| 53 | echo "Secret not readable from $CGI_SECRET_FILE"
|
---|
| 54 | exit 1
|
---|
| 55 | fi
|
---|
| 56 | if [ "$SECRET" != "$CGI_SECRET" ]; then
|
---|
| 57 | echo "Secret invalid"
|
---|
| 58 | exit 1
|
---|
| 59 | fi
|
---|
| 60 | fi
|
---|
[186] | 61 |
|
---|
| 62 | # Tmpfile creation for editing 'in between'
|
---|
| 63 | TMPFILE=`mktemp -t $(basename $0 .sh).XXX`
|
---|
| 64 | trap "rm -f $TMPFILE; exit 1" 0 1 2 15
|
---|
| 65 | cp $ZONEFILE $TMPFILE || exit 1
|
---|
| 66 |
|
---|
| 67 |
|
---|
| 68 | # See whether there exists a dynamic entry for it, like this
|
---|
| 69 | # example 60 IN A 192.0.32.10
|
---|
| 70 | # example 60 IN TXT "dyndns"
|
---|
| 71 | LINENR=`awk -v host=$HOSTNAME '{if ($1 == host) { if ($4 == "A") { line=NR } else if($5 ~ /dyndns/) {print line; exit} }}' $TMPFILE`
|
---|
| 72 | if [ -z "$LINENR" ]; then
|
---|
| 73 | echo "$HOSTNAME does not exists or is not marked as dynamic"
|
---|
| 74 | exit 1
|
---|
| 75 | fi
|
---|
| 76 |
|
---|
| 77 | # Do we need to update the entry
|
---|
| 78 | OLDIP=`awk -v linenr=$LINENR 'NR==linenr {print $5}' $TMPFILE`
|
---|
| 79 | if [ "$OLDIP" = "$REMOTEIP" ]; then
|
---|
| 80 | echo "No changes"
|
---|
| 81 | exit 0
|
---|
| 82 | fi
|
---|
| 83 |
|
---|
| 84 | # Update the entry
|
---|
| 85 | sed -i '' "${LINENR}s/$OLDIP/$REMOTEIP/" $TMPFILE || exit 1
|
---|
| 86 |
|
---|
| 87 | # Update serial of zone name
|
---|
| 88 | # YYYYMMDDNN where NN is from 00 till 99
|
---|
| 89 | TODAY=`date "+%Y%m%d"`
|
---|
| 90 | OLDSERIAL=`sed -n '1,10s/.*\([0-9]\{10\}\).*/\1/p' $TMPFILE`
|
---|
| 91 | if [ -z "$OLDSERIAL" ]; then
|
---|
| 92 | echo "Error Unable to find SERIAL of zone"
|
---|
| 93 | exit 1
|
---|
| 94 | fi
|
---|
| 95 | if `echo $OLDSERIAL | grep -q "^$TODAY"`; then
|
---|
| 96 | if `echo $OLDSERIAL | grep -q '99$'`; then
|
---|
| 97 | echo "Sorry domain update limit reached no more updates for today"
|
---|
| 98 | exit 1
|
---|
| 99 | fi
|
---|
| 100 | NEWSERIAL=`expr $OLDSERIAL + 1`
|
---|
| 101 | else
|
---|
| 102 | NEWSERIAL="${TODAY}00"
|
---|
| 103 | fi
|
---|
| 104 | sed -i '' "1,10s/$OLDSERIAL/$NEWSERIAL/g" $TMPFILE || exit 1
|
---|
| 105 |
|
---|
| 106 | # Install and activate
|
---|
[187] | 107 | if `/usr/sbin/named-checkzone -q $TMPFILE $ZONE`; then
|
---|
[186] | 108 | echo "New zone failed to validate"
|
---|
| 109 | exit 1
|
---|
| 110 | fi
|
---|
[187] | 111 | cp $TMPFILE $ZONEFILE || exit 1
|
---|
| 112 | sudo /usr/sbin/rndc reload || exit 1
|
---|
[186] | 113 | echo "Entry updated"
|
---|