1
mirror of https://git.dn42.dev/dn42/registry.git synced 2024-11-14 08:07:36 +01:00
registry/fix-infrastructure-objects
Zhaofeng Li 6c83de09ae fix-infrastructure-objects: Don't assume /bin/bash to be present
Unlike /bin/sh, /bin/bash is not mandated by POSIX and is not
present on some platforms (e.g., NixOS). Use the bash in the
user's PATH.
2020-11-26 19:32:40 -08:00

78 lines
2.8 KiB
Bash
Executable File

#!/usr/bin/env bash
set -e
KSK_PATTERN="(3096|64441)"
DS_NSERVER="fd42:180:3de0:10:5054:ff:fe87:ea39"
fix_dns() {
set -e
SRC="$1"
DST="$2"
TMP="$(mktemp "/tmp/${DST}.XXXXXX")"
cp "data/dns/${DST}" "${TMP}"
{
set -e
echo "domain: ${DST}"
cat "${TMP}" | grep -E '^(remarks):' || true
cat "data/dns/${SRC}" | grep '^nserver:' | tr -s " " | cut -d' ' -f2 | sort | uniq | xargs -i echo 'nserver: {}'
drill -t "${DST}" "@${DS_NSERVER}" DNSKEY -s | grep sha256 | cut -d: -f2 | sed -E 's/^ [^\t ]+\t900\tIN\tDS\t/ds-rdata: /g' | grep -E "${KSK_PATTERN}"
echo 'org: ORG-DN42'
echo 'mnt-by: DN42-MNT'
echo 'source: DN42'
} > "data/dns/${DST}"
rm "${TMP}"
}
fix_inetnum() {
set -e
SRC="$1"
DST="$2"
CLASS="$3"
POLICY="$4"
DNS_NAME="$5"
if [ -f "data/${CLASS}/${DST}" ]; then
sed -r -i '/^(nserver|ds-rdata|status|org|policy|mnt-by|source|admin-c|tech-c):.*$/d' "data/${CLASS}/${DST}"
{
set -e
cat "data/dns/${SRC}" | grep '^nserver:' | tr -s " " | cut -d' ' -f2 | sort | uniq | xargs -i echo 'nserver: {}'
drill -t "${DNS_NAME}" "@${DS_NSERVER}" DNSKEY -s | grep sha256 | cut -d: -f2 | sed -E 's/^ [^\t ]+\t900\tIN\tDS\t/ds-rdata: /g' | grep -E "${KSK_PATTERN}"
echo 'status: ALLOCATED'
echo "policy: ${POLICY}"
echo 'org: ORG-DN42'
echo 'mnt-by: DN42-MNT'
echo 'source: DN42'
} >> "data/${CLASS}/${DST}"
fi
}
fix_dns_ds_only() {
set -e
DST="$1"
TMP="$(mktemp "/tmp/${DST}.XXXXXX")"
cp "data/dns/${DST}" "${TMP}"
{
set -e
echo "domain: ${DST}"
cat "${TMP}" | grep -E '^(nserver|remarks):' || true
drill -t "${DST}" "@${DS_NSERVER}" DNSKEY -s | grep sha256 | cut -d: -f2 | sed -E 's/^ [^\t ]+\t900\tIN\tDS\t/ds-rdata: /g' | grep -E "${KSK_PATTERN}"
echo 'org: ORG-DN42'
echo 'mnt-by: DN42-MNT'
echo 'source: DN42'
} > "data/dns/${DST}"
rm "${TMP}"
}
fix_dns 'delegation-servers.dn42' 'dn42'
fix_dns 'delegation-servers.dn42' 'registry-sync.dn42'
fix_dns_ds_only 'delegation-servers.dn42'
fix_dns_ds_only 'recursive-servers.dn42'
fix_inetnum 'delegation-servers.dn42' 'fd00::_8' 'inet6num' 'open' 'd.f.ip6.arpa'
fix_inetnum 'delegation-servers.dn42' '10.0.0.0_8' 'inetnum' 'closed' '10.in-addr.arpa'
fix_inetnum 'delegation-servers.dn42' "172.20.0.0_16" 'inetnum' 'reserved' "20.172.in-addr.arpa"
fix_inetnum 'delegation-servers.dn42' "172.21.0.0_16" 'inetnum' 'reserved' "21.172.in-addr.arpa"
fix_inetnum 'delegation-servers.dn42' "172.22.0.0_16" 'inetnum' 'reserved' "22.172.in-addr.arpa"
fix_inetnum 'delegation-servers.dn42' "172.23.0.0_16" 'inetnum' 'open' "23.172.in-addr.arpa"
fix_inetnum 'delegation-servers.dn42' "172.31.0.0_16" 'inetnum' 'closed' "31.172.in-addr.arpa"