booth-f · December 16, 2020 00:15
diff --git a/update_zones.sh b/update_zones.sh
 #!/bin/bash

 # Update Zones DNS Script
 # Update DNS zones automatically and keep a running log

 # Set DNS zone records location
 location="/etc/bind/pri"

 # Set Log Location
 log="/var/log/dnsmond"

 # Change to DNS server dir
 cd $location

 # Set Domains
 domains=`ls *{.com,.net,.org}`

 # Fetch current date for serial generation
 date=`date +%Y%m%d``

 for domain in $domains
 do
    # Set Control Bools
    dateJump=0
    serialMismatch=0
    hashMissing=0

    # Take a backup of the zone before we make any changes
    cp $location/$domain $location/.backup/$domain
    status=$?
    if [ $status -eq 0 ];
    then
        # Good
                echo "$domain Backed Up"
        else
                # Move the bad record to disabled status to prevent the DNS service from completely dying when we reload
                echo "$domain backup failed! Fatal error not continuing"
        exit 1
        fi


    # Check if the hash store exists
    if [ -d $location/.hashes ];
    then
        # Do nothing directory exists
        echo "Zone hash storage OK"
    else
        # Create the directory
        echo "Zone hash storage missing... Creating..."
        mkdir $location/.hashes/
    fi

    # Check if a hash for this domain exists
    if [ -f $location/.hashes/$domain.sha512 ];
    then
        # Check our current hash to see if changes to the zone have taken place
        HASH=`cat $location/.hashes/$domain.sha512`
    else
        hashMissing=1
    fi

    GENHASH=`/usr/bin/sha512sum $location/$domain | cut -b 1-128`

    # Grab the current DNS serial
    SERIAL=`/usr/sbin/named-checkzone $domain $domain | egrep -ho '[0-9]{10}'`

    # Grab the first 8 numbers of the serial
    dateCheck=`echo $SERIAL | cut -b 1-8`

    if [ ! $dateCheck == $date ];
    then
        newSerial="$date"
        zero="00"

        # Update the DNS serial to have today's date and reset DNS counter to 0
        sed -i 's/'$SERIAL'/'$(($newSerial$zero))'/' $domain
        dateJump=1

    else
        if [ $hashMissing == 0 ];
        then

            # Check if the zone hash is different
            if [ ! $HASH == $GENHASH ];
            then
                serialMismatch=1
            fi
        fi
    fi

    if [ $dateJump -eq 1 ] || [ $serialMismatch -eq 1 ] || [ $hashMissing -eq 1 ];
    then
        # Increment the current serial
        sed -i 's/'$SERIAL'/'$(($SERIAL+1))'/' $domain

        # Save new hash
        /usr/bin/sha512sum $location/$domain | cut -b 1-128 > $location/.hashes/$domain.sha512
    else
        # Do nothing, no changes to be made
            echo "$domain zone has no changes, moving on"
    fi

    # Run a zone check
    /usr/sbin/named-checkzone $domain $domain
    status=$?
    if [ $status -eq 0 ];
    then
        # Good
        echo "$domain OK"
    else
        # Restore zone from backup and let us know the zone failed to update
        mv $location/.backup/$domain $location/$domain
        echo "$domain was restored from backup, manual intervention required"

        # Rerun the checkzone against the domain again
        /usr/sbin/named-checkzone $domain $domain
        status=$?
        if [ $status -eq 0 ];
        then
            # Restore worked successfully
            echo "$domain restored from backup and passed zone check"
        else
            # Restore failed, fatal error
            echo "$domain was restored from backup but still failed the zone check"
            echo "ERROR! ERROR! ERROR! $domain record requires manual intervention!"

            # Move bad record so we can still safely operate the DNS server
            mv $location/$domain $location/$domain.disabled
            echo "$domain record has been moved to $domain.disabled"
        fi
    fi
 done

 # Reload DNS
 /usr/sbin/rndc reload
 exit 0
	#!/bin/bash

	# Update Zones DNS Script
	# Update DNS zones automatically and keep a running log

	# Set DNS zone records location
	location="/etc/bind/pri"

	# Set Log Location
	log="/var/log/dnsmond"

	# Change to DNS server dir
	cd $location

	# Set Domains
	domains=`ls *{.com,.net,.org}`

	# Fetch current date for serial generation
	date=`date +%Y%m%d``

	for domain in $domains
	do
	# Set Control Bools
	dateJump=0
	serialMismatch=0
	hashMissing=0

	# Take a backup of the zone before we make any changes
	cp $location/$domain $location/.backup/$domain
	status=$?
	if [ $status -eq 0 ];
	then
	# Good
	echo "$domain Backed Up"
	else
	# Move the bad record to disabled status to prevent the DNS service from completely dying when we reload
	echo "$domain backup failed! Fatal error not continuing"
	exit 1
	fi


	# Check if the hash store exists
	if [ -d $location/.hashes ];
	then
	# Do nothing directory exists
	echo "Zone hash storage OK"
	else
	# Create the directory
	echo "Zone hash storage missing... Creating..."
	mkdir $location/.hashes/
	fi

	# Check if a hash for this domain exists
	if [ -f $location/.hashes/$domain.sha512 ];
	then
	# Check our current hash to see if changes to the zone have taken place
	HASH=`cat $location/.hashes/$domain.sha512`
	else
	hashMissing=1
	fi

	GENHASH=`/usr/bin/sha512sum $location/$domain \| cut -b 1-128`

	# Grab the current DNS serial
	SERIAL=`/usr/sbin/named-checkzone $domain $domain \| egrep -ho '[0-9]{10}'`

	# Grab the first 8 numbers of the serial
	dateCheck=`echo $SERIAL \| cut -b 1-8`

	if [ ! $dateCheck == $date ];
	then
	newSerial="$date"
	zero="00"

	# Update the DNS serial to have today's date and reset DNS counter to 0
	sed -i 's/'$SERIAL'/'$(($newSerial$zero))'/' $domain
	dateJump=1

	else
	if [ $hashMissing == 0 ];
	then

	# Check if the zone hash is different
	if [ ! $HASH == $GENHASH ];
	then
	serialMismatch=1
	fi
	fi
	fi

	if [ $dateJump -eq 1 ] \|\| [ $serialMismatch -eq 1 ] \|\| [ $hashMissing -eq 1 ];
	then
	# Increment the current serial
	sed -i 's/'$SERIAL'/'$(($SERIAL+1))'/' $domain

	# Save new hash
	/usr/bin/sha512sum $location/$domain \| cut -b 1-128 > $location/.hashes/$domain.sha512
	else
	# Do nothing, no changes to be made
	echo "$domain zone has no changes, moving on"
	fi

	# Run a zone check
	/usr/sbin/named-checkzone $domain $domain
	status=$?
	if [ $status -eq 0 ];
	then
	# Good
	echo "$domain OK"
	else
	# Restore zone from backup and let us know the zone failed to update
	mv $location/.backup/$domain $location/$domain
	echo "$domain was restored from backup, manual intervention required"

	# Rerun the checkzone against the domain again
	/usr/sbin/named-checkzone $domain $domain
	status=$?
	if [ $status -eq 0 ];
	then
	# Restore worked successfully
	echo "$domain restored from backup and passed zone check"
	else
	# Restore failed, fatal error
	echo "$domain was restored from backup but still failed the zone check"
	echo "ERROR! ERROR! ERROR! $domain record requires manual intervention!"

	# Move bad record so we can still safely operate the DNS server
	mv $location/$domain $location/$domain.disabled
	echo "$domain record has been moved to $domain.disabled"
	fi
	fi
	done

	# Reload DNS
	/usr/sbin/rndc reload
	exit 0