mirror of
https://gitlab.nic.cz/knot/knot-dns.git
synced 2026-02-03 18:49:28 -05:00
54 lines
1.5 KiB
Bash
Executable file
54 lines
1.5 KiB
Bash
Executable file
#!/usr/bin/env bash
|
|
# Copyright (C) CZ.NIC, z.s.p.o. and contributors
|
|
# SPDX-License-Identifier: GPL-2.0-or-later
|
|
# For more information, see <https://www.knot-dns.cz/>
|
|
|
|
# This package is needed on Debian derived ditributions: libglib2.0-bin
|
|
|
|
# This is an example script demonstrating Knot DNS's interface for external zone update verification.
|
|
#
|
|
# Expected configuration:
|
|
#
|
|
# server:
|
|
# ...
|
|
# dbus-event: external-verify
|
|
#
|
|
# external:
|
|
# - id: extval_example
|
|
# dump-removals: %s.zonediff
|
|
# dump-additions: %s.zonediff
|
|
#
|
|
# zone:
|
|
# ...
|
|
# external-validation: extval_example
|
|
|
|
ZONEFILE=/var/lib/knot/%szonediff
|
|
MAX_NS_DIFF=1000 # maximum allowed changed NS records
|
|
|
|
function validate() {
|
|
DIFF="$1"
|
|
NSCOUNT=$(awk '{ if ($3 == "NS") nscount++; } END { print nscount; }' "$DIFF")
|
|
if [[ "$?" -gt 0 ]]; then
|
|
return 1
|
|
fi
|
|
if [[ "$NSCOUNT" -gt "$MAX_NS_DIFF" ]]; then
|
|
echo "...failed"
|
|
# TODO send yourself an e-mail here
|
|
return 1
|
|
fi
|
|
echo "...passed"
|
|
}
|
|
|
|
gdbus monitor --system --dest cz.nic.knotd --object-path /cz/nic/knotd \
|
|
| while read dest event args; do
|
|
if [[ "$dest" =~ ^/cz/nic/knotd:* && "$event" =~ \.external_verify$ ]]; then
|
|
ZONE=$(echo "$args" | cut -d "'" -f 2)
|
|
ZONEDIFF=${ZONEFILE//%s/$ZONE}
|
|
echo "Validating diff of zone '$ZONE' at $ZONEDIFF"
|
|
if validate "$ZONEDIFF"; then
|
|
knotc zone-commit "$ZONE"
|
|
else
|
|
knotc zone-abort "$ZONE"
|
|
fi
|
|
fi
|
|
done
|