about summary refs log tree commit diff stats
path: root/scripts
diff options
context:
space:
mode:
authorBenedikt Peetz <benedikt.peetz@b-peetz.de>2025-03-07 17:32:12 +0100
committerBenedikt Peetz <benedikt.peetz@b-peetz.de>2025-03-09 13:44:42 +0100
commit88df4f2772080062ca25c3f84b0305ce3df06351 (patch)
tree57519b6f5d942be1e0dbd07495b5c3a224bc3d47 /scripts
parentmodules/stalwart-mail: Remove now unneeded `allowInsecureSmtp` option (diff)
downloadnixos-server-88df4f2772080062ca25c3f84b0305ce3df06351.zip
scripts/get_dns.sh: Init
This script is useful, when migrating from a hosted DNS server to our
own.

An example output looks like this (for `get_dns.sh b-peetz.de`):
```
(A) 92.60.38.179 [b-peetz.de]
(AAAA) 2a03:4000:33:25b::4f4e [b-peetz.de]
(CAA) 0 issue "letsencrypt.org" [b-peetz.de]
(CNAME) <Not set> [b-peetz.de]
(DNAME) <Not set> [b-peetz.de]
(MX) 10 mail.foss-syndicate.org. [b-peetz.de]
(NS) second-dns.netcup.net. [b-peetz.de]
(NS) third-dns.netcup.net. [b-peetz.de]
(NS) root-dns.netcup.net. [b-peetz.de]
(SOA) root-dns.netcup.net. dnsadmin.netcup.net. 2025012510 28800 7200 1209600 86400 [b-peetz.de]
(SRV) <Not set> [b-peetz.de]
(TXT) "v=spf1 +mx -all" [b-peetz.de]
(PTR) <Not set> [b-peetz.de]
(DNSKEY) <Not set> [b-peetz.de]
(DS) <Not set> [b-peetz.de]
(SSHFP) <Not set> [b-peetz.de]
(TLSA) <Not set> [b-peetz.de]
(OPENPGPKEY) <Not set> [b-peetz.de]
(SVCB) <Not set> [b-peetz.de]
(HTTPS) <Not set> [b-peetz.de]
(TXT) "v=DKIM1; k=rsa; t=s; s=email; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDZ0lbL3BHTuWmiRj/8ZqbEsKK/yBrhXeKDmu8Oj1IGGbQCiqxGkkrdUMzRrZD+6hH0OWjppqc4Sw/oC8ilgSzSntYzkygGjM/7uBLhWVgLjcO7ovsoF7GIldhXcQSD/3hbI0QOoMV2/w7dEZmbYsulw6b2m8FbSAHPn+RvGmwjzQIDAQAB" [mail._domainkey.b-peetz.de]
(TXT) "v=DMARC1; p=reject" [_dmarc.b-peetz.de]
```
Diffstat (limited to 'scripts')
-rwxr-xr-xscripts/get_dns.sh55
1 files changed, 55 insertions, 0 deletions
diff --git a/scripts/get_dns.sh b/scripts/get_dns.sh
new file mode 100755
index 0000000..2d82925
--- /dev/null
+++ b/scripts/get_dns.sh
@@ -0,0 +1,55 @@
+#! /usr/bin/env nix-shell
+#! nix-shell -p dig -p dash -i dash --impure
+# shellcheck shell=dash
+
+get_dns_types() {
+    cat <<EOF
+    A
+    AAAA
+    CAA
+    CNAME
+    DNAME
+    MX
+    NS
+    SOA
+    SRV
+    TXT
+    PTR
+    DNSKEY
+    DS
+    SSHFP
+    TLSA
+    OPENPGPKEY
+    SVCB
+    HTTPS
+EOF
+}
+
+check_type() {
+    domain="$1"
+    type="$2"
+
+    if [ "$(dig +short -t "$type" "$domain" | wc -c)" -ne 0 ]; then
+        dig +short -t "$type" "$domain" | while IFS="$(printf "\n")" read -r output; do
+            printf "(%s) %s [%s]\n" "$type" "$output" "$domain"
+        done
+    else
+        printf "(%s) <Not set> [%s]\n" "$type" "$domain"
+    fi
+}
+
+get_dns() {
+    original_domain="$1"
+
+    get_dns_types | while read -r type; do
+        check_type "$original_domain" "$type"
+    done
+
+    # DKIM
+    check_type "mail._domainkey.$original_domain" "TXT"
+
+    # DMARC
+    check_type "_dmarc.$original_domain" "TXT"
+}
+
+get_dns "$1"
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-03-12 18:58:12 +0000