initial commit

This commit is contained in:
Dia Pacifica 2024-10-01 19:00:42 -07:00
commit 6928dc33f4
6 changed files with 176 additions and 0 deletions

View file

@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA3g5YC8JHTBAg0Bklb0aRDpQTuEDUnORzryro2DUxpTX4CKOf
3RA6tM8wNgbH5Bta7Gks2QbHcxucHMB94maXi8OwzesrOpBBxlKxqMxR5A6axdg3
QnQApKDlqetWvM+iiYqnhK7I4lA5YAV2niSbOfuQysRbjyPWXBOcEoBBRqBXjWAU
r1kGeLeyd9IihAzKjW4JtbgnkVgIKYebacOUcXYRFjHSOjsA80HLz5nJUmB5bOm4
YQiqksa46qsx63AkfiS7OVH6Nsu9Nx3AaEXJkwKtZYGb3FBrPnOS00chdGyvDDRX
0MvdtI+CkawSJuB8kiFGX4fv0iYmLZ9tcdbmqwIDAQABAoIBAFRjSx6c5I+JiY7M
H6fcP4A00hGxwZsmTriBLCAOhyFsEyjlVfmjE0xneMDvbsPHiZRSnBKWOvIJyhg7
JxwFNQ6OfgCjoLgO3pBKGO43R9/NlRAfDVEZ2Ky34M/kegAjQHfY07Te38TyC/vr
15pd+wfcDLiiStFpIyu24Bc/2o7F54cWTUuzE87NRrrjLZCAwczLjNRrFXatp6vH
JhtCth2ZNL9KDv5n/4I2IXSMk6N8oXzYkcUmcp+nIDDgxuArcYD9ALNXOz8lLf6p
D73h2xdQL3B/zaB9OhYtiCeLRdThECNSP2egpkYG9Qlxapt1WglRaoyGbcdoqaVG
aHh7elECgYEA77Dmz2VcUOg5hlxt3kl5XKVJfj2LVAaS1yQF/m2/miu7RD6Op4Rg
Oe8y0WCnQscEBsv/pPJXpdNMSHw1z4pOT8MxAKP3HS+9qZkIn6QXdxiSQega8IMB
NxkFVtW+PV7MqySwizFiqSZF/mqD312pGikwbQ9JVmsAc/a1e+D9Ko0CgYEA7SpD
pz6YNa3BW7yP0qHqA3c6a+9TeasDX6v9zRBRV1UCv0T5LPeGY/08uL7veyzwTm67
wQVlD8lEIN/sw1alB+8fC9fGuLLuHm6qoxcCq0YWTzyxyM3xVUpqxvzcuuLW30mx
SP7g5BEprr5Z7QvyHIyiR79zDu4+ySg2/radZBcCgYEAhn3HdNXWD9vN81NHnrOx
ckeYTkpwNEyf9jHTXyjrmrExGaDUYLCJYdiStiM6luCepMWwgzgr7/L42a9AblyX
hm/qvgZCsVDJZjFlQlZLiFr0LiDzhMKtWuIiOdAjN8JKqzkiCmhCiNDd81yG9D1U
lkZIUtmB+AiAL5Fd0c2zoD0CgYAvcjAcqkobGwq+xodjVR8S2GxooXVqtsqy/h6F
QslzFj+5chwDYfWR1VyrfQ897iyZFFAdem3Qbaxig0nDfnb/klf8r4tC8hDvJ6ad
gAH5r8jQy0yp5oFsVbns2zNxc+YWv5BnEQ5+sexL2Cr3YFdsXLoubl+fUgxfg9sU
tAXiuwKBgQC7IShDY9ZpSQKHDzkqyIwS3k64w2k4x9h+7+6owAnZlj2Mk0nzRxwI
PSMTdhMwDTUTrcUCWwsyf5vn7i0oaLBujzGsHTSCrM1ly52Gkv83LkV9bXjuhqTR
zMvQhAC5o5z8AF0vUTdUtt+aasbAcum0Jp3GSwhIkRtSkOGCwuKw6g==
-----END RSA PRIVATE KEY-----

View file

@ -0,0 +1,3 @@
20210811-1._domainkey IN TXT ( "v=DKIM1; h=sha256; k=rsa; "
"p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3g5YC8JHTBAg0Bklb0aRDpQTuEDUnORzryro2DUxpTX4CKOf3RA6tM8wNgbH5Bta7Gks2QbHcxucHMB94maXi8OwzesrOpBBxlKxqMxR5A6axdg3QnQApKDlqetWvM+iiYqnhK7I4lA5YAV2niSbOfuQysRbjyPWXBOcEoBBRqBXjWAUr1kGeLeyd9IihAzKjW4JtbgnkVgIKY"
"ebacOUcXYRFjHSOjsA80HLz5nJUmB5bOm4YQiqksa46qsx63AkfiS7OVH6Nsu9Nx3AaEXJkwKtZYGb3FBrPnOS00chdGyvDDRX0MvdtI+CkawSJuB8kiFGX4fv0iYmLZ9tcdbmqwIDAQAB" ) ; ----- DKIM key 20210811-1 for mail

29
README.md Normal file
View file

@ -0,0 +1,29 @@
# Script to update DKIM entry in BIND zone file
This script takes two arguments:
1. a BIND DNS zone file
2. a DNS record generated by 'opendkim-genkey'
`opendkim-genkey` is part of the `opendkim-tools` Debian package
This script use regex to
1. extract the DKIM selector and the value of the TXT record from the DKIM TXT record generated by opendkim-genkey
2. replace the DKIM selector and TXT value in the zone file with the new values
## Example
- generate a new DKIM key for mail.example.org
- remember to increase the increment if generating a new key on the same date
```bash
INCREMENT=1; /usr/sbin/opendkim-genkey -b 2048 -d mail -s $(/bin/date +%Y%m%d)-$INCREMENT
# generate a DNS DKIM TXT record such as '20210811-1.txt'
/usr/sbin/opendkim-genkey -b 2048 -d example.org -s $(/bin/date +%Y%m%d)-1
```
Then run this update-dkim.py, passing the zone file you want to update and the above .txt file:
```bash
update-dkim.py <zone file> 20210811-1.txt
```
```sh
```

27
test/20210812-1.private Normal file
View file

@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEAq6SijFR9E9G6DPPhlgedI+shjQF5Q7YZ0u3bk4up9pnZYroz
sBNPZK8OLSFOyl4PQlurS56x4Blr0zZ6/AXocBKwP+8a4JN316mM5ucqu0FZ9LcP
ac58LJxwsUS3oL/WKJLm9L0Y+NzXwlWio9mUZrzCt6IylLc45z3tnNIMBmpB+Z5S
R29Z4fWIH9OjbcoXS/nMPOreqvsJJ0UcwOcD6DAzCUab3unTQFbwzmqjXPQjLExO
AFOF6D5a+LYYy01T2Sb/caLrWc04R/Q/u8z/jdCRjgbWPXfoKs2ib59vANaTfydx
4ELNY0PcrdykckhcGNDo65jJlRKbNxBDolRnYQIDAQABAoIBAQCOLy5b0u1dyqE1
c52Om7YHeBLt7KeYeLQBr/nxyoM7/Yw/pYGFvSlKfVzf87SCHNLFJIzMcqRkwIo6
h+nu9bHrjP+lppt8J4ziANjwudQDFIrBFhfVjS/+AIW1wvfeWKu+JprdZ/vUw5ST
rj6xPl8ZkAo49kqyOOkRXZKFEtbVRDnzNRHOfYG5nGW/tyJH+Cyd7cP/e9jPLeo0
lH4fxyU3sFGIfHnc6ln3ej/x2hin0D3wc68AIQI0Roe8bay0hKUxLCGMGy+LE53T
iIJ/DHvfUJUxaJ+h6Qu7uQCKFZIkIR5wtDPDDNQ/696nSis+Mbgovbr7JjiQRUnB
nTZ6+zTBAoGBAOOmpFi5qJ/Ug432EIeUvbSF62vuNInG7aP4AEZpssNx2EbBh9VL
hcSWvMyGwsh+2NHryvBRxMp64Sj+D+q5YakhsO8rS8qF/ej+CfHEY0MlyLRz7eJW
wYSya9dEWOznuD/kYEYzWOuEpn3Q5wI2LbngLUtK0CP7FBx/z5PbK9JJAoGBAMEE
gD534EFn4h/UfgM0QhtXvDHalsYpbZliCGBgVjZ/y6Za3wrP3IjEPmKsyyq+c7ck
LSZNyme/znPASvejVew02ExbzUbe7tQfr7M75q7cE76OERUWH6eI8HvJsAMGsGVk
bvqjQhgE1oni+jIhotbfVSy02h1NYwF9yil4VexZAoGANVu8z7MMjBHil+ah7zV0
1ZhCGvUlSVngH3ukjNx/cwH/IG6CKQNfojl2nTXE9/uLVIDA+10fFBqDJfmOv4Se
GGd2MkjipeCMKA1LRWizn2x+w5Ucn92X1EOBtV4mvbh+XjNoQWwNnn5kC79oNgN+
6j9aPniVmqliCGAIxm4rskkCgYEAka+OBJiCoZuBZ7kBa/Wzt+Oe3po4l1WJre36
mJPePsByvBt2ojiGIozM8bmul5Ks0Jzznye0EF8Luv53FzcnkWPJpsjbxhRae612
9nfOBEmEdZ3RcvMB7XhE24o92erglYca5P740hxEukqhwdj1ie2D4nyW7OsOQX/q
aSa04/ECgYEAnJ83soHDL+NTahLWaD8oPxYlxxLbdCRdUG2lNJheYxkw+k/Z4ow9
dnsdQbPOsFT+qNXnuaozqiIvgX5XwSZ3cKXh2Z/Myoy4b5A1RZNhikWsU6CQOvBl
NqaiOE8Mc6fvuTfwBE8jxVc+FeGFZwAxPUBDgMLyR65IBerhSIZm4vY=
-----END RSA PRIVATE KEY-----

3
test/20210812-1.txt Normal file
View file

@ -0,0 +1,3 @@
20210812-1._domainkey IN TXT ( "v=DKIM1; h=sha256; k=rsa; "
"p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq6SijFR9E9G6DPPhlgedI+shjQF5Q7YZ0u3bk4up9pnZYrozsBNPZK8OLSFOyl4PQlurS56x4Blr0zZ6/AXocBKwP+8a4JN316mM5ucqu0FZ9LcPac58LJxwsUS3oL/WKJLm9L0Y+NzXwlWio9mUZrzCt6IylLc45z3tnNIMBmpB+Z5SR29Z4fWIH9OjbcoXS/nMPOreqvsJJ0"
"UcwOcD6DAzCUab3unTQFbwzmqjXPQjLExOAFOF6D5a+LYYy01T2Sb/caLrWc04R/Q/u8z/jdCRjgbWPXfoKs2ib59vANaTfydx4ELNY0PcrdykckhcGNDo65jJlRKbNxBDolRnYQIDAQAB" ) ; ----- DKIM key 20210812-1 for mail.example.org

87
update-dkim.py Normal file
View file

@ -0,0 +1,87 @@
#!/usr/bin/env python3
#
#
# This script takes two arguments:
# 1) a BIND DNS zone file
# 2) a DNS record generated by 'opendkim-genkey'
#
# 'opendkim-genkey' is part of the 'opendkim-tools' Debian package
#
# This script use regex to
# 1) extract the DKIM selector and the value of the TXT record from the
# DKIM TXT record generated by opendkim-genkey
# 2) replace the DKIM selector and TXT value in the zone file with the
# new values
#
# Example:
# First run:
# /usr/sbin/opendkim-genkey -b 2048 -d example.org -s $(/bin/date +%Y%m%d)-1
# which will generate a DNS DKIM TXT record such as '20210811-1.txt'
# Then run this script, passing the zone file you want to update and the above
# .txt file:
# update-dkim.py <zone file> 20210811-1.txt
#
import sys
# Make sure Python is at least version 3.6 (required for f-string literals support)
if not (sys.version_info.major == 3 and sys.version_info.minor >= 6):
print("This script requires Python 3.6 or higher")
print("You are using Python {}.{}.".format(sys.version_info.major, sys.version_info.minor))
sys.exit(1)
import argparse
import re
# Create an ArgumentParser object to parse the command-line arguments
parser = argparse.ArgumentParser(
description='Update DNS zone file DKIM TXT record(s)'
)
# First argument is the zone file which will be updated
parser.add_argument(
'zone_file', type=argparse.FileType('r+')
)
# Second argument is the opendkim-genkey-generated DKIM TXT record
parser.add_argument(
'dkim_txt', type=argparse.FileType('r')
)
args = parser.parse_args()
# Read the files into corresponding string variables
zone_text = args.zone_file.read()
dkim_txt = args.dkim_txt.read()
# This regex strips the old DKIM selector and TXT value from the zone file
# The remaining text is captured in a backreference
zone_re = re.compile(
r'^[\d-]+(\._domainkey\.?[a-z.]*\s+[0-9h]+\s+IN\s+TXT\s+\()[\s"=;+\/\w]+',
re.MULTILINE
)
# This regex uses two backreferences to capture the DKIM selector and TXT value
# from the opendkim-genkey-generated DKIM record
dkim_txt_re = re.compile(
r'^([\d-]+)\._domainkey\s+IN\s+TXT\s+\(([\s"=;+\/\w]+).+\s+$',
re.MULTILINE
)
# Store the captured values as variables
selector = dkim_txt_re.sub(r'\1', dkim_txt)
dkim_value = dkim_txt_re.sub(r'\2', dkim_txt)
# Perform the regex substitution on the zone file
# use f-strings to provide the variables in the substitution
zone = zone_re.sub(rf"{selector}\1{dkim_value}", zone_text)
# print("\nselector: ", selector, "\ndkim_value: ", dkim_value, "\n\nzone:\n", zone)
print(zone)
# Sample DKIM TXT record
#
# 20160525-014646._domainkey.whitehall 3h IN TXT ( "v=DKIM1; k=rsa; t=y; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCA"
# "QEAulkdTaAsWGpcN4O6HRMzCN6i67AWoMyjemrryvd+j/2epCSZ3qNfkD/ZV8g4S"
# "42IVk4dBs3evQQCyCGQhhoqpQIDAQAB" )