diff options
| author | Benedikt Peetz <benedikt.peetz@b-peetz.de> | 2025-03-07 17:32:12 +0100 |
|---|---|---|
| committer | Benedikt Peetz <benedikt.peetz@b-peetz.de> | 2025-03-09 13:44:42 +0100 |
| commit | 88df4f2772080062ca25c3f84b0305ce3df06351 (patch) | |
| tree | 57519b6f5d942be1e0dbd07495b5c3a224bc3d47 | |
| parent | modules/stalwart-mail: Remove now unneeded `allowInsecureSmtp` option (diff) | |
| download | nixos-server-88df4f2772080062ca25c3f84b0305ce3df06351.zip | |
scripts/get_dns.sh: Init
This script is useful, when migrating from a hosted DNS server to our
own.
An example output looks like this (for `get_dns.sh b-peetz.de`):
```
(A) 92.60.38.179 [b-peetz.de]
(AAAA) 2a03:4000:33:25b::4f4e [b-peetz.de]
(CAA) 0 issue "letsencrypt.org" [b-peetz.de]
(CNAME) <Not set> [b-peetz.de]
(DNAME) <Not set> [b-peetz.de]
(MX) 10 mail.foss-syndicate.org. [b-peetz.de]
(NS) second-dns.netcup.net. [b-peetz.de]
(NS) third-dns.netcup.net. [b-peetz.de]
(NS) root-dns.netcup.net. [b-peetz.de]
(SOA) root-dns.netcup.net. dnsadmin.netcup.net. 2025012510 28800 7200 1209600 86400 [b-peetz.de]
(SRV) <Not set> [b-peetz.de]
(TXT) "v=spf1 +mx -all" [b-peetz.de]
(PTR) <Not set> [b-peetz.de]
(DNSKEY) <Not set> [b-peetz.de]
(DS) <Not set> [b-peetz.de]
(SSHFP) <Not set> [b-peetz.de]
(TLSA) <Not set> [b-peetz.de]
(OPENPGPKEY) <Not set> [b-peetz.de]
(SVCB) <Not set> [b-peetz.de]
(HTTPS) <Not set> [b-peetz.de]
(TXT) "v=DKIM1; k=rsa; t=s; s=email; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDZ0lbL3BHTuWmiRj/8ZqbEsKK/yBrhXeKDmu8Oj1IGGbQCiqxGkkrdUMzRrZD+6hH0OWjppqc4Sw/oC8ilgSzSntYzkygGjM/7uBLhWVgLjcO7ovsoF7GIldhXcQSD/3hbI0QOoMV2/w7dEZmbYsulw6b2m8FbSAHPn+RvGmwjzQIDAQAB" [mail._domainkey.b-peetz.de]
(TXT) "v=DMARC1; p=reject" [_dmarc.b-peetz.de]
```
| -rwxr-xr-x | scripts/get_dns.sh | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/scripts/get_dns.sh b/scripts/get_dns.sh new file mode 100755 index 0000000..2d82925 --- /dev/null +++ b/scripts/get_dns.sh @@ -0,0 +1,55 @@ +#! /usr/bin/env nix-shell +#! nix-shell -p dig -p dash -i dash --impure +# shellcheck shell=dash + +get_dns_types() { + cat <<EOF + A + AAAA + CAA + CNAME + DNAME + MX + NS + SOA + SRV + TXT + PTR + DNSKEY + DS + SSHFP + TLSA + OPENPGPKEY + SVCB + HTTPS +EOF +} + +check_type() { + domain="$1" + type="$2" + + if [ "$(dig +short -t "$type" "$domain" | wc -c)" -ne 0 ]; then + dig +short -t "$type" "$domain" | while IFS="$(printf "\n")" read -r output; do + printf "(%s) %s [%s]\n" "$type" "$output" "$domain" + done + else + printf "(%s) <Not set> [%s]\n" "$type" "$domain" + fi +} + +get_dns() { + original_domain="$1" + + get_dns_types | while read -r type; do + check_type "$original_domain" "$type" + done + + # DKIM + check_type "mail._domainkey.$original_domain" "TXT" + + # DMARC + check_type "_dmarc.$original_domain" "TXT" +} + +get_dns "$1" |