initial commit
This commit is contained in:
commit
6928dc33f4
6 changed files with 176 additions and 0 deletions
27
2021-08-11/20210811-1.private
Normal file
27
2021-08-11/20210811-1.private
Normal file
|
|
@ -0,0 +1,27 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEpAIBAAKCAQEA3g5YC8JHTBAg0Bklb0aRDpQTuEDUnORzryro2DUxpTX4CKOf
|
||||
3RA6tM8wNgbH5Bta7Gks2QbHcxucHMB94maXi8OwzesrOpBBxlKxqMxR5A6axdg3
|
||||
QnQApKDlqetWvM+iiYqnhK7I4lA5YAV2niSbOfuQysRbjyPWXBOcEoBBRqBXjWAU
|
||||
r1kGeLeyd9IihAzKjW4JtbgnkVgIKYebacOUcXYRFjHSOjsA80HLz5nJUmB5bOm4
|
||||
YQiqksa46qsx63AkfiS7OVH6Nsu9Nx3AaEXJkwKtZYGb3FBrPnOS00chdGyvDDRX
|
||||
0MvdtI+CkawSJuB8kiFGX4fv0iYmLZ9tcdbmqwIDAQABAoIBAFRjSx6c5I+JiY7M
|
||||
H6fcP4A00hGxwZsmTriBLCAOhyFsEyjlVfmjE0xneMDvbsPHiZRSnBKWOvIJyhg7
|
||||
JxwFNQ6OfgCjoLgO3pBKGO43R9/NlRAfDVEZ2Ky34M/kegAjQHfY07Te38TyC/vr
|
||||
15pd+wfcDLiiStFpIyu24Bc/2o7F54cWTUuzE87NRrrjLZCAwczLjNRrFXatp6vH
|
||||
JhtCth2ZNL9KDv5n/4I2IXSMk6N8oXzYkcUmcp+nIDDgxuArcYD9ALNXOz8lLf6p
|
||||
D73h2xdQL3B/zaB9OhYtiCeLRdThECNSP2egpkYG9Qlxapt1WglRaoyGbcdoqaVG
|
||||
aHh7elECgYEA77Dmz2VcUOg5hlxt3kl5XKVJfj2LVAaS1yQF/m2/miu7RD6Op4Rg
|
||||
Oe8y0WCnQscEBsv/pPJXpdNMSHw1z4pOT8MxAKP3HS+9qZkIn6QXdxiSQega8IMB
|
||||
NxkFVtW+PV7MqySwizFiqSZF/mqD312pGikwbQ9JVmsAc/a1e+D9Ko0CgYEA7SpD
|
||||
pz6YNa3BW7yP0qHqA3c6a+9TeasDX6v9zRBRV1UCv0T5LPeGY/08uL7veyzwTm67
|
||||
wQVlD8lEIN/sw1alB+8fC9fGuLLuHm6qoxcCq0YWTzyxyM3xVUpqxvzcuuLW30mx
|
||||
SP7g5BEprr5Z7QvyHIyiR79zDu4+ySg2/radZBcCgYEAhn3HdNXWD9vN81NHnrOx
|
||||
ckeYTkpwNEyf9jHTXyjrmrExGaDUYLCJYdiStiM6luCepMWwgzgr7/L42a9AblyX
|
||||
hm/qvgZCsVDJZjFlQlZLiFr0LiDzhMKtWuIiOdAjN8JKqzkiCmhCiNDd81yG9D1U
|
||||
lkZIUtmB+AiAL5Fd0c2zoD0CgYAvcjAcqkobGwq+xodjVR8S2GxooXVqtsqy/h6F
|
||||
QslzFj+5chwDYfWR1VyrfQ897iyZFFAdem3Qbaxig0nDfnb/klf8r4tC8hDvJ6ad
|
||||
gAH5r8jQy0yp5oFsVbns2zNxc+YWv5BnEQ5+sexL2Cr3YFdsXLoubl+fUgxfg9sU
|
||||
tAXiuwKBgQC7IShDY9ZpSQKHDzkqyIwS3k64w2k4x9h+7+6owAnZlj2Mk0nzRxwI
|
||||
PSMTdhMwDTUTrcUCWwsyf5vn7i0oaLBujzGsHTSCrM1ly52Gkv83LkV9bXjuhqTR
|
||||
zMvQhAC5o5z8AF0vUTdUtt+aasbAcum0Jp3GSwhIkRtSkOGCwuKw6g==
|
||||
-----END RSA PRIVATE KEY-----
|
||||
3
2021-08-11/20210811-1.txt
Normal file
3
2021-08-11/20210811-1.txt
Normal file
|
|
@ -0,0 +1,3 @@
|
|||
20210811-1._domainkey IN TXT ( "v=DKIM1; h=sha256; k=rsa; "
|
||||
"p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3g5YC8JHTBAg0Bklb0aRDpQTuEDUnORzryro2DUxpTX4CKOf3RA6tM8wNgbH5Bta7Gks2QbHcxucHMB94maXi8OwzesrOpBBxlKxqMxR5A6axdg3QnQApKDlqetWvM+iiYqnhK7I4lA5YAV2niSbOfuQysRbjyPWXBOcEoBBRqBXjWAUr1kGeLeyd9IihAzKjW4JtbgnkVgIKY"
|
||||
"ebacOUcXYRFjHSOjsA80HLz5nJUmB5bOm4YQiqksa46qsx63AkfiS7OVH6Nsu9Nx3AaEXJkwKtZYGb3FBrPnOS00chdGyvDDRX0MvdtI+CkawSJuB8kiFGX4fv0iYmLZ9tcdbmqwIDAQAB" ) ; ----- DKIM key 20210811-1 for mail
|
||||
29
README.md
Normal file
29
README.md
Normal file
|
|
@ -0,0 +1,29 @@
|
|||
# Script to update DKIM entry in BIND zone file
|
||||
|
||||
This script takes two arguments:
|
||||
1. a BIND DNS zone file
|
||||
2. a DNS record generated by 'opendkim-genkey'
|
||||
|
||||
`opendkim-genkey` is part of the `opendkim-tools` Debian package
|
||||
|
||||
This script use regex to
|
||||
1. extract the DKIM selector and the value of the TXT record from the DKIM TXT record generated by opendkim-genkey
|
||||
2. replace the DKIM selector and TXT value in the zone file with the new values
|
||||
|
||||
|
||||
## Example
|
||||
|
||||
- generate a new DKIM key for mail.example.org
|
||||
- remember to increase the increment if generating a new key on the same date
|
||||
```bash
|
||||
INCREMENT=1; /usr/sbin/opendkim-genkey -b 2048 -d mail -s $(/bin/date +%Y%m%d)-$INCREMENT
|
||||
|
||||
# generate a DNS DKIM TXT record such as '20210811-1.txt'
|
||||
/usr/sbin/opendkim-genkey -b 2048 -d example.org -s $(/bin/date +%Y%m%d)-1
|
||||
```
|
||||
Then run this update-dkim.py, passing the zone file you want to update and the above .txt file:
|
||||
```bash
|
||||
update-dkim.py <zone file> 20210811-1.txt
|
||||
```
|
||||
```sh
|
||||
```
|
||||
27
test/20210812-1.private
Normal file
27
test/20210812-1.private
Normal file
|
|
@ -0,0 +1,27 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEpQIBAAKCAQEAq6SijFR9E9G6DPPhlgedI+shjQF5Q7YZ0u3bk4up9pnZYroz
|
||||
sBNPZK8OLSFOyl4PQlurS56x4Blr0zZ6/AXocBKwP+8a4JN316mM5ucqu0FZ9LcP
|
||||
ac58LJxwsUS3oL/WKJLm9L0Y+NzXwlWio9mUZrzCt6IylLc45z3tnNIMBmpB+Z5S
|
||||
R29Z4fWIH9OjbcoXS/nMPOreqvsJJ0UcwOcD6DAzCUab3unTQFbwzmqjXPQjLExO
|
||||
AFOF6D5a+LYYy01T2Sb/caLrWc04R/Q/u8z/jdCRjgbWPXfoKs2ib59vANaTfydx
|
||||
4ELNY0PcrdykckhcGNDo65jJlRKbNxBDolRnYQIDAQABAoIBAQCOLy5b0u1dyqE1
|
||||
c52Om7YHeBLt7KeYeLQBr/nxyoM7/Yw/pYGFvSlKfVzf87SCHNLFJIzMcqRkwIo6
|
||||
h+nu9bHrjP+lppt8J4ziANjwudQDFIrBFhfVjS/+AIW1wvfeWKu+JprdZ/vUw5ST
|
||||
rj6xPl8ZkAo49kqyOOkRXZKFEtbVRDnzNRHOfYG5nGW/tyJH+Cyd7cP/e9jPLeo0
|
||||
lH4fxyU3sFGIfHnc6ln3ej/x2hin0D3wc68AIQI0Roe8bay0hKUxLCGMGy+LE53T
|
||||
iIJ/DHvfUJUxaJ+h6Qu7uQCKFZIkIR5wtDPDDNQ/696nSis+Mbgovbr7JjiQRUnB
|
||||
nTZ6+zTBAoGBAOOmpFi5qJ/Ug432EIeUvbSF62vuNInG7aP4AEZpssNx2EbBh9VL
|
||||
hcSWvMyGwsh+2NHryvBRxMp64Sj+D+q5YakhsO8rS8qF/ej+CfHEY0MlyLRz7eJW
|
||||
wYSya9dEWOznuD/kYEYzWOuEpn3Q5wI2LbngLUtK0CP7FBx/z5PbK9JJAoGBAMEE
|
||||
gD534EFn4h/UfgM0QhtXvDHalsYpbZliCGBgVjZ/y6Za3wrP3IjEPmKsyyq+c7ck
|
||||
LSZNyme/znPASvejVew02ExbzUbe7tQfr7M75q7cE76OERUWH6eI8HvJsAMGsGVk
|
||||
bvqjQhgE1oni+jIhotbfVSy02h1NYwF9yil4VexZAoGANVu8z7MMjBHil+ah7zV0
|
||||
1ZhCGvUlSVngH3ukjNx/cwH/IG6CKQNfojl2nTXE9/uLVIDA+10fFBqDJfmOv4Se
|
||||
GGd2MkjipeCMKA1LRWizn2x+w5Ucn92X1EOBtV4mvbh+XjNoQWwNnn5kC79oNgN+
|
||||
6j9aPniVmqliCGAIxm4rskkCgYEAka+OBJiCoZuBZ7kBa/Wzt+Oe3po4l1WJre36
|
||||
mJPePsByvBt2ojiGIozM8bmul5Ks0Jzznye0EF8Luv53FzcnkWPJpsjbxhRae612
|
||||
9nfOBEmEdZ3RcvMB7XhE24o92erglYca5P740hxEukqhwdj1ie2D4nyW7OsOQX/q
|
||||
aSa04/ECgYEAnJ83soHDL+NTahLWaD8oPxYlxxLbdCRdUG2lNJheYxkw+k/Z4ow9
|
||||
dnsdQbPOsFT+qNXnuaozqiIvgX5XwSZ3cKXh2Z/Myoy4b5A1RZNhikWsU6CQOvBl
|
||||
NqaiOE8Mc6fvuTfwBE8jxVc+FeGFZwAxPUBDgMLyR65IBerhSIZm4vY=
|
||||
-----END RSA PRIVATE KEY-----
|
||||
3
test/20210812-1.txt
Normal file
3
test/20210812-1.txt
Normal file
|
|
@ -0,0 +1,3 @@
|
|||
20210812-1._domainkey IN TXT ( "v=DKIM1; h=sha256; k=rsa; "
|
||||
"p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq6SijFR9E9G6DPPhlgedI+shjQF5Q7YZ0u3bk4up9pnZYrozsBNPZK8OLSFOyl4PQlurS56x4Blr0zZ6/AXocBKwP+8a4JN316mM5ucqu0FZ9LcPac58LJxwsUS3oL/WKJLm9L0Y+NzXwlWio9mUZrzCt6IylLc45z3tnNIMBmpB+Z5SR29Z4fWIH9OjbcoXS/nMPOreqvsJJ0"
|
||||
"UcwOcD6DAzCUab3unTQFbwzmqjXPQjLExOAFOF6D5a+LYYy01T2Sb/caLrWc04R/Q/u8z/jdCRjgbWPXfoKs2ib59vANaTfydx4ELNY0PcrdykckhcGNDo65jJlRKbNxBDolRnYQIDAQAB" ) ; ----- DKIM key 20210812-1 for mail.example.org
|
||||
87
update-dkim.py
Normal file
87
update-dkim.py
Normal file
|
|
@ -0,0 +1,87 @@
|
|||
#!/usr/bin/env python3
|
||||
#
|
||||
#
|
||||
# This script takes two arguments:
|
||||
# 1) a BIND DNS zone file
|
||||
# 2) a DNS record generated by 'opendkim-genkey'
|
||||
#
|
||||
# 'opendkim-genkey' is part of the 'opendkim-tools' Debian package
|
||||
#
|
||||
# This script use regex to
|
||||
# 1) extract the DKIM selector and the value of the TXT record from the
|
||||
# DKIM TXT record generated by opendkim-genkey
|
||||
# 2) replace the DKIM selector and TXT value in the zone file with the
|
||||
# new values
|
||||
#
|
||||
# Example:
|
||||
# First run:
|
||||
# /usr/sbin/opendkim-genkey -b 2048 -d example.org -s $(/bin/date +%Y%m%d)-1
|
||||
# which will generate a DNS DKIM TXT record such as '20210811-1.txt'
|
||||
# Then run this script, passing the zone file you want to update and the above
|
||||
# .txt file:
|
||||
# update-dkim.py <zone file> 20210811-1.txt
|
||||
#
|
||||
|
||||
import sys
|
||||
|
||||
# Make sure Python is at least version 3.6 (required for f-string literals support)
|
||||
if not (sys.version_info.major == 3 and sys.version_info.minor >= 6):
|
||||
print("This script requires Python 3.6 or higher")
|
||||
print("You are using Python {}.{}.".format(sys.version_info.major, sys.version_info.minor))
|
||||
sys.exit(1)
|
||||
|
||||
import argparse
|
||||
import re
|
||||
|
||||
# Create an ArgumentParser object to parse the command-line arguments
|
||||
parser = argparse.ArgumentParser(
|
||||
description='Update DNS zone file DKIM TXT record(s)'
|
||||
)
|
||||
|
||||
# First argument is the zone file which will be updated
|
||||
parser.add_argument(
|
||||
'zone_file', type=argparse.FileType('r+')
|
||||
)
|
||||
|
||||
# Second argument is the opendkim-genkey-generated DKIM TXT record
|
||||
parser.add_argument(
|
||||
'dkim_txt', type=argparse.FileType('r')
|
||||
)
|
||||
|
||||
args = parser.parse_args()
|
||||
|
||||
# Read the files into corresponding string variables
|
||||
zone_text = args.zone_file.read()
|
||||
dkim_txt = args.dkim_txt.read()
|
||||
|
||||
# This regex strips the old DKIM selector and TXT value from the zone file
|
||||
# The remaining text is captured in a backreference
|
||||
zone_re = re.compile(
|
||||
r'^[\d-]+(\._domainkey\.?[a-z.]*\s+[0-9h]+\s+IN\s+TXT\s+\()[\s"=;+\/\w]+',
|
||||
re.MULTILINE
|
||||
)
|
||||
|
||||
# This regex uses two backreferences to capture the DKIM selector and TXT value
|
||||
# from the opendkim-genkey-generated DKIM record
|
||||
dkim_txt_re = re.compile(
|
||||
r'^([\d-]+)\._domainkey\s+IN\s+TXT\s+\(([\s"=;+\/\w]+).+\s+$',
|
||||
re.MULTILINE
|
||||
)
|
||||
|
||||
# Store the captured values as variables
|
||||
selector = dkim_txt_re.sub(r'\1', dkim_txt)
|
||||
dkim_value = dkim_txt_re.sub(r'\2', dkim_txt)
|
||||
|
||||
# Perform the regex substitution on the zone file
|
||||
# use f-strings to provide the variables in the substitution
|
||||
zone = zone_re.sub(rf"{selector}\1{dkim_value}", zone_text)
|
||||
|
||||
# print("\nselector: ", selector, "\ndkim_value: ", dkim_value, "\n\nzone:\n", zone)
|
||||
print(zone)
|
||||
|
||||
# Sample DKIM TXT record
|
||||
#
|
||||
# 20160525-014646._domainkey.whitehall 3h IN TXT ( "v=DKIM1; k=rsa; t=y; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCA"
|
||||
# "QEAulkdTaAsWGpcN4O6HRMzCN6i67AWoMyjemrryvd+j/2epCSZ3qNfkD/ZV8g4S"
|
||||
# "42IVk4dBs3evQQCyCGQhhoqpQIDAQAB" )
|
||||
|
||||
Loading…
Add table
Add a link
Reference in a new issue