<%- | String $server, String $key_file, String $records_file, String $state_file | -%> #!/bin/bash # Managed by puppet (profiles::dns::updater). Applies this host's records to the # authoritative DNS server via TSIG nsupdate. Only the delta since the last # successful run is sent; removed records are deleted. set -euo pipefail SERVER="<%= $server %>" KEYFILE="<%= $key_file %>" RECORDS="<%= $records_file %>" STATE="<%= $state_file %>" [ -f "$RECORDS" ] || exit 0 touch "$STATE" # Format per line: zone|name|type|ttl|value (name is relative to zone, or @). desired="$(grep -vE '^[[:space:]]*(#|$)' "$RECORDS" | sort -u || true)" applied="$(grep -vE '^[[:space:]]*(#|$)' "$STATE" 2>/dev/null | sort -u || true)" [ "$desired" = "$applied" ] && exit 0 fqdn() { # name zone if [ -z "$1" ] || [ "$1" = "@" ]; then printf '%s.' "$2"; else printf '%s.%s.' "$1" "$2"; fi } msg="$(mktemp)" trap 'rm -f "$msg"' EXIT printf 'server %s\n' "$SERVER" >> "$msg" # Process per zone so each UPDATE message targets a single zone. zones="$(printf '%s\n%s\n' "$desired" "$applied" | cut -d'|' -f1 | sort -u | grep -v '^$' || true)" for zone in $zones; do printf 'zone %s.\n' "$zone" >> "$msg" # Additions/updates: replace the RRset for every desired record in this zone. printf '%s\n' "$desired" | awk -F'|' -v z="$zone" 'NF>=5 && $1==z' | \ while IFS='|' read -r z name type ttl value; do f="$(fqdn "$name" "$z")" printf 'update delete %s %s\n' "$f" "$type" >> "$msg" printf 'update add %s %s %s %s\n' "$f" "$ttl" "$type" "$value" >> "$msg" done # Deletions: records present last run but gone now. comm -23 <(printf '%s\n' "$applied") <(printf '%s\n' "$desired") | \ awk -F'|' -v z="$zone" 'NF>=5 && $1==z' | \ while IFS='|' read -r z name type ttl value; do f="$(fqdn "$name" "$z")" printf 'update delete %s %s %s\n' "$f" "$type" "$value" >> "$msg" done printf 'send\n' >> "$msg" done if nsupdate -k "$KEYFILE" "$msg"; then printf '%s\n' "$desired" > "$STATE" else echo "dns-update: nsupdate to ${SERVER} failed" >&2 exit 1 fi