script for managing SOA serial in zone files

Juako · 02-25-2011, 11:05 AM

Here's a little tool that does this:

without arguments, updates the SOA serial in a zonefile to the current date. If the date was already updated, just updates the revision number (incrementing up to 99, and then again 01). Uses RFC 1912* recommended format.
with $1 == <two digit number>, auto updates (if necessary) just the date part and uses your provided revision number.
with $1 == <eight digit number>, uses that as a date (no validation of any kind), and just auto update the revision number
with $1 == <full serial>, will just replace whatever the serial is with the provided serial, without any validation

* YYYYMMDDRR (4-digit year, 2-digit month, 2-digit day of month, 2-digit revision number)

This script + keeping SOA/NS/MX/CNAME RRs in a common file $included from other files with $ORIGIN and A/PTR/TXT RRs, made everything way easier to manage, enabling me to script some zone switchers, automatic failover/redirection of DNS on WAN changes, etc, etc. I think this stuff might be cool to integrate with something like this script and make nice CLI toolset for bind. Looking forward to implement it.

Please report errors, etc. Hope you find it useful.

code in pastebin

Code:

#!/bin/bash

# globals-------------------------------------------------------------------
script_name="${0##*/}"
script_dir=$(readlink -f "${0%/*}")
script_version=1

# this can be modded to be supplied from command line
named_dir='/var/named'
serialfile="ufis-common.txt"

# main----------------------------------------------------------------------
[[ "$1" ]] && {
    (( ${#1} == 10 )) && newserial=$1
    (( ${#1} == 8 )) && date=$1
    (( ${#1} == 2 )) && revision=$1
    ! [[ "$1" =~ ^[0-9]+$ ]] || [[ -z "$newserial$date$revision" ]] && echo "$script_name: ERROR: can't do anything with $1" && exit 1
}   

curserial="$( sed -ne 's/^.*\([0-9]\{10\}\).*/\1/g; /^[0-9]*$/p' "$named_dir/$serialfile" )"

# if we haven't been passed a serial lets build one
[[ -z "$newserial" ]] && {
# if we don't have a date get current
    [[ -z "$date" ]] && date="$(date +%Y%m%d)"
# if we don't have revision number get next from the current, if current=99 or date<>today it'll be "01"
    [[ -z "$contador" ]] && {
        revision="01"
        (( ${curserial:0:8} == $date )) && {
            revision=$( printf "%02d" $(( 10#${curserial:8:2}+1 )) )
            (( 10#$revision == 100 )) && echo "$script_name: warning: revision counter looped to 01" && revision="01"
        }
    }
    newserial=$date$revision
}

# replace the serial
# some sanity checks here won't hurt
# this is a minimal one
(( ${#newserial} == 10 )) && {
    echo "$script_name: new serial number $newserial"
    sed -i "s/\(^.*\)$curserial\(.*$\)/\1$newserial\2/" "$named_dir/$serialfile"
}

acid_kewpie · 02-26-2011, 04:26 AM

The forum here really isn't the best place for things like this, they tend to sink without trace. But it's a useful script potentially. What use did you have for this in your practises? Personally I'd recommend just using nsupdate to manipulate the zone files, and then it will deal with incrementing the serial on your behalf. I don't really pay attention to what the serial is - date encodings etc... just as long as you are consistent in how you update the file, all slaves will be in line etc, and there's nothing to care about.

BTW, there's a syntax bug on line 17. Double negative.

Juako · 02-26-2011, 05:17 AM

Well i guess as long it's indexed in some some search engine "someone" looking for this will get to find it :P, i'm a novice in bind and hadn't heard of nsupdate, i'm checking its man now and looks cool, will try it out. That said i got used to tune zone files by hand, and have some includes (as i mentioned in the OP) which really makes all this very easy.

I just have two direct zones and some reverse zones, don't know how my scheme would scale, ymmv i guess. My main use for the script is in other scripts that poll my router to check what WAN routes are active and if changes are to be made they bring up the relevant zone files, update the serial and restart bind.

Couldn't find the error you mention in line 17, it seems it's just a closing brace. Could you expand on that?

Code:

$ sed -n '17p' soa-update-serial 
}

acid_kewpie · 02-26-2011, 05:40 AM

You said 'can't do nothing'...double negative.

Juako · 02-26-2011, 05:45 AM

Ahh hahaha i see, so it's a spelling error, not a bug. Thanks for noticing, we do in spanish say it as a double negative, "no puedo hacer nada". Seems indeed not a valid construction in english.