
531 lines
16 KiB
Raw Normal View History

2019-01-06 16:34:39 +01:00
<!DOCTYPE html>
<html lang="en-us">
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<meta name="twitter:card" content="summary"/>
<meta name="twitter:title" content="DNS zone versioning"/>
<meta name="twitter:description" content=""/>
<meta name="twitter:site" content="@"/>
<meta property="og:title" content="DNS zone versioning &middot; Sysadmining. All day. Every day." />
<meta property="og:site_name" content="Sysadmining. All day. Every day." />
<meta property="og:url" content="" />
<meta property="og:image" content="/images/cover.jpg"/>
<meta property="og:description" content="" />
<meta property="og:type" content="article" />
<meta property="article:published_time" content="2018-04-14T00:00:00&#43;01:00" />
<title>DNS zone versioning &middot; Sysadmining. All day. Every day.</title>
<meta name="description" content="I&amp;rsquo;ve been using PowerDNS with a SQL backend as a hidden master DNS server for a few years now.
I&amp;rsquo;ve been wanting to write a quick shell script to ve" />
<meta name="HandheldFriendly" content="True" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
2019-01-26 14:45:34 +01:00
<link rel="apple-touch-icon" sizes="180x180" href="">
<link rel="icon" type="image/png" sizes="32x32" href="">
<link rel="icon" type="image/png" sizes="16x16" href="">
<link rel="manifest" href="">
<link rel="mask-icon" href="" color="#5bbad5">
<meta name="msapplication-TileColor" content="#9f00a7">
<meta name="theme-color" content="#ffffff">
2019-01-06 16:34:39 +01:00
2019-01-07 13:56:01 +01:00
<link rel="stylesheet" type="text/css" href="" />
<link rel="stylesheet" type="text/css" href="" />
<link rel="stylesheet" type="text/css" href=",700,700italic,300italic|Open+Sans:700,400|Inconsolata:700,400" />
2019-01-06 16:34:39 +01:00
2019-01-06 18:41:13 +01:00
<link rel="stylesheet" href="" integrity="sha384-bFKDPkG3geCujYJIbPornilfOgmYQoPS45Oh/8daqqo1SUwNY06OeHorpgnNvx82" crossorigin="anonymous">
<script src="" integrity="sha384-BlPof9RtjBqeJFskKv3sK3dh4Wk70iKlpIe92FeVN+6qxaGUOUu+mZNpALZ+K7ya" crossorigin="anonymous"></script>
2019-01-06 16:34:39 +01:00
2019-01-07 13:56:01 +01:00
<script type="text/javascript" src=""></script>
2019-01-06 16:34:39 +01:00
2019-01-07 13:56:01 +01:00
<link href="" rel="alternate" type="application/rss+xml" title="Sysadmining. All day. Every day." />
2019-01-06 16:34:39 +01:00
2019-02-21 18:20:24 +01:00
<meta name="generator" content="Hugo 0.54.0" />
2019-01-06 16:34:39 +01:00
<link rel="canonical" href="" />
<script type="application/ld+json">
"@context": "",
"@type": "Article",
"publisher": {
"@type": "Organization",
"name": ,
"author": {
"@type": "Person",
"name": ,
"image": {
"@type": "ImageObject",
"width": 250,
"height": 250
"sameAs": [
"description": Geek | Gamer | TV Shows Aficionado
"headline": DNS zone versioning,
"name": DNS zone versioning,
"wordCount": 621,
"timeRequired": "PT3M",
"inLanguage": {
"@type": "Language",
"alternateName": en
"datePublished": 2018-04-14T00:00Z,
"dateModified": 2018-04-14T00:00Z,
"description": ,
"mainEntityOfPage": {
"@type": "WebPage",
2021-10-10 01:04:20 +02:00
<script data-goatcounter=""
async src="//"></script>
2019-01-06 17:58:41 +01:00
2019-03-02 20:54:50 +01:00
<link rel="stylesheet" href="" integrity="sha256-gsmEoJAws/Kd3CjuOQzLie5Q3yshhvmo7YNtBG7aaEY=" crossorigin="anonymous">
2019-01-06 16:34:39 +01:00
<body class="nav-closed">
<div class="nav">
<h3 class="nav-title">Menu</h3>
<a href="#" class="nav-close">
<span class="hidden">Close</span>
<h3>This site</h3>
<li class="nav-opened" role="presentation">
2019-01-07 13:56:01 +01:00
<a href="">Home</a>
2019-01-06 16:34:39 +01:00
<li class="nav-opened" role="presentation">
2019-01-07 13:56:01 +01:00
<a href="">About</a>
2019-01-06 16:34:39 +01:00
<li class="nav-opened" role="presentation">
2019-01-07 13:56:01 +01:00
<a href="">Resume</a>
2019-01-06 16:34:39 +01:00
<h3>Other services</h3>
<li class="nav-opened" role="presentation">
2019-03-09 11:25:21 +01:00
<a href="">Rocket.Chat</a>
2019-01-06 16:34:39 +01:00
<li class="nav-opened" role="presentation">
2019-03-09 11:25:21 +01:00
<a href="">CodiMD</a>
<li class="nav-opened" role="presentation">
<a href="">Gitea</a>
2019-01-06 16:34:39 +01:00
<li class="nav-opened" role="presentation">
<a href="">Privatebin</a>
<li class="nav-opened" role="presentation">
2019-03-09 11:25:21 +01:00
<a href="">Pics</a>
2019-01-06 16:34:39 +01:00
2019-01-07 13:56:01 +01:00
<a class="subscribe-button icon-feed" href="">Subscribe</a>
2019-01-06 16:34:39 +01:00
<span class="nav-cover"></span>
<div class="site-wrapper">
<header class="main-header post-head no-cover">
<nav class="main-nav clearfix">
2019-01-07 13:56:01 +01:00
<a class="blog-logo" href=""><img src="" alt="Home" /></a>
2019-01-06 16:34:39 +01:00
<a class="menu-button" href="#"><span class="burger">&#9776;</span><span class="word">Menu</span></a>
<main class="content" role="main">
<article class="post post">
<header class="post-header">
<h1 class="post-title">DNS zone versioning</h1>
<section class="post-meta">
<time class="post-date" datetime="2018-04-14T00:00:00&#43;01:00">
14 April 2018
<section class="post-content">
<p>I&rsquo;ve been using <a href="">PowerDNS</a> with a SQL backend as a hidden master DNS server for a few years now.</p>
<p>I&rsquo;ve been wanting to write a quick shell script to version my DNS zones for a while, and since I&rsquo;ve finally taken the time to do so today, I figured I&rsquo;d share it here.</p>
<p>The script uses PowerDNS API to list the configured zones. It then exports them to a file in an AXFR-like format, commits and finally pushes them on a git repository</p>
<h1 id="configuration">Configuration</h1>
<h2 id="powerdns">PowerDNS</h2>
<p>For the script to work, we have to activate PowerDNS&rsquo; API.</p>
<p>To do so, let&rsquo;s create a <code>/etc/powerdns/pdns.d/api.conf</code> file with the following content :</p>
<p>You should change <em>mysupersecretapikey</em> to an actual secret.</p>
<p>You should also adapt the <code>webserver-address</code> and <code>webserver-allow-from</code> to reflect your network configuration.</p>
<p>Once the file is created, we have to restart pdnsd :</p>
<pre><code>systemctl restart pdns.service
<p><strong>N.B. :</strong> As with all my other articles, I&rsquo;m assuming here you&rsquo;re running Debian. The path of the configuration file you have to create or edit might not be the same if you&rsquo;re running another distribution or if you&rsquo;ve installed PowerDNS from source.</p>
<h2 id="jq">jq</h2>
<p><a href="">jq</a> is required for the script to work, so let&rsquo;s install it !</p>
<pre><code>apt install jq
<h2 id="git">Git</h2>
<p>We now have to create a git repository to host our zone files.</p>
<p>To do so, you can follow my <a href="">previous tutorial</a> on the subject if you want.</p>
<p>I&rsquo;ve personnaly migrated my git repos to a self-hosted <a href="">Gogs</a> installation a while back.</p>
<p>If you don&rsquo;t care about your zones content being public (it already is, technically), you could create a GitHub repo for that use (or on any other available git hosting).</p>
<p>Once you&rsquo;ve created your repo, you should clone it on the machine that will run the script. For me, the path to the repo will be <code>/home/captainark/backup/dnsexport</code>.</p>
<pre><code>apt install git
mkdir ~/backup &amp;&amp; cd ~/backup
git clone ssh://
<p>You should also create a <code>~/.gitconfig</code> for the user that will run the script with the following parameters configured :</p>
email =
name = CaptainArk
default = simple
<p>Also, make sure your user can push to the remote server before running the script. The following should work :</p>
<pre><code>cd ~/backup/dnsexport
echo '# DNSEXPORT' &gt;
git add
git commit -m 'adding README'
git push
<h1 id="script">Script</h1>
<p>Once we&rsquo;ve finished configuring PowerDNS and Git, we can run the script.</p>
<p>You can copy the following to <code>~/bin/dnsexport</code> :</p>
<pre><code class="language-bash">#!/bin/bash
ZoneList=$(/usr/bin/curl -sH &quot;X-API-Key: ${ApiKey}&quot; ${PdnsZoneUrl} | jq -r '.[].id')
updateremote() {
cd $ExportFolder
git add db.${Zone%.}
git commit -m &quot;Automated commit due to modification on ${Zone%.} at $(date -Iseconds)&quot;
git push
cd -
for Zone in ${ZoneList}; do
CurrentShaSum=$(/usr/bin/sha256sum ${ZoneFile})
/usr/bin/curl -o ${ZoneFile} -sH &quot;X-API-Key: ${ApiKey}&quot; ${PdnsZoneUrl}/${Zone}/export
NewShaSum=$(/usr/bin/sha256sum ${ZoneFile})
[[ ${NewShaSum% *} != ${CurrentShaSum% *} ]] &amp;&amp; updateremote
<p>It&rsquo;s nothing fancy, but it does the job.</p>
<p>You&rsquo;ll have to adapt the <code>ApiKey</code>, <code>PdnsUrl</code> and <code>ExportFolder</code> variables to your configuration.</p>
<p>Once that&rsquo;s done, let&rsquo;s fix the permissions on the script :</p>
<pre><code>chmod 700 ~/bin/dnsexport
<p>You should run the script manually once to make sure everything is working OK. If it is, you should see a new commit on the repo for each zone you have configured in PowerDNS.</p>
<p>Once the script has executed once without issue, you can schedule it regularly. I have it running every 10 minutes in my user&rsquo;s crontab :</p>
<pre><code>crontab -e
*/10 * * * * /home/captainark/bin/dnsexport
<h1 id="conclusion">Conclusion</h1>
<p>That&rsquo;s all !</p>
<p>As always, if you&rsquo;ve found this article useful, please feel free to make use of the comments section below !</p>
<p>Hopefully it won&rsquo;t take as long before I write another article here next time !</p>
<footer class="post-footer">
<figure class="author-image">
<a class="img" href="" style="background-image: url(/images/author.jpg)"><span class="hidden">Antoine Joubert's Picture</span></a>
<section class="author">
<h4><a href="">Antoine Joubert</a></h4>
<p>Geek | Gamer | TV Shows Aficionado</p>
<div class="author-meta">
<span class="author-location icon-location">Angers, France</span>
<span class="author-link icon-link"><a href=""></a></span>
2019-01-06 17:14:04 +01:00
<!-- isso -->
<script data-isso="" src=""></script>
<noscript>Please enable JavaScript to view comments</noscript>
<section id="isso-thread"></section>
<!-- end isso -->
2019-01-06 16:34:39 +01:00
<aside class="read-next">
2019-01-07 13:56:01 +01:00
<a class="read-next-story" style="no-cover" href="">
2019-01-06 16:34:39 +01:00
<section class="post">
<h2>Self-hosted report-uri</h2>
2019-01-07 13:56:01 +01:00
<a class="read-next-story prev" style="no-cover" href="">
2019-01-06 16:34:39 +01:00
<section class="post">
2019-01-06 18:06:10 +01:00
<h2>Installing Ghost</h2>
2019-01-06 16:34:39 +01:00
<a class="fa-icons" href="">
<span class="fa-stack fa-lg">
<i class="fa fa-circle fa-stack-2x"></i>
<i class="fa fa-envelope fa-stack-1x fa-inverse"></i>
<a class="fa-icons" href="">
<span class="fa-stack fa-lg">
<i class="fa fa-circle fa-stack-2x"></i>
<i class="fa fa-twitter fa-stack-1x fa-inverse"></i>
<a class="fa-icons" href="">
<span class="fa-stack fa-lg">
<i class="fa fa-circle fa-stack-2x"></i>
<i class="fa fa-mastodon-alt fa-stack-1x fa-inverse"></i>
<a class="fa-icons" href="">
<span class="fa-stack fa-lg">
<i class="fa fa-circle fa-stack-2x"></i>
<i class="fa fa-github fa-stack-1x fa-inverse"></i>
<a class="fa-icons" href="">
<span class="fa-stack fa-lg">
<i class="fa fa-circle fa-stack-2x"></i>
<i class="fa fa-lastfm fa-stack-1x fa-inverse"></i>
<a class="fa-icons" href="">
<span class="fa-stack fa-lg">
<i class="fa fa-circle fa-stack-2x"></i>
<i class="fa fa-steam fa-stack-1x fa-inverse"></i>
<a class="fa-icons" href="">
<span class="fa-stack fa-lg">
<i class="fa fa-circle fa-stack-2x"></i>
<i class="fa fa-twitch fa-stack-1x fa-inverse"></i>
<footer class="site-footer clearfix">
<section class="copyright"><a href="">Sysadmining. All day. Every day.</a> © 2015 - 2019</section>
<section class="poweredby">Proudly generated by <a class="icon-hugo" href="">HUGO</a>, with <a class="icon-theme" href="">Casper</a> theme</section>
<script src="" integrity="sha384-CgeP3wqr9h5YanePjYLENwCTSSEz42NJkbFpAFgHWQz7u3Zk8D00752ScNpXqGjS" crossorigin="anonymous"></script>
<script src="" integrity="sha384-2/VQUb0aZHixKnNLh7pD38DZk+acGpEw5LeHieWVDPR0h/H326kp/1qnRPDYmFXM" crossorigin="anonymous"></script>
2019-01-07 13:56:01 +01:00
<script type="text/javascript" src=""></script>
2019-01-06 16:34:39 +01:00