commit 6928dc33f45f43c01d3636586d3dbff402965b7a Author: Dia Pacifica Date: Tue Oct 1 19:00:42 2024 -0700 initial commit diff --git a/2021-08-11/20210811-1.private b/2021-08-11/20210811-1.private new file mode 100644 index 0000000..c91b444 --- /dev/null +++ b/2021-08-11/20210811-1.private @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA3g5YC8JHTBAg0Bklb0aRDpQTuEDUnORzryro2DUxpTX4CKOf +3RA6tM8wNgbH5Bta7Gks2QbHcxucHMB94maXi8OwzesrOpBBxlKxqMxR5A6axdg3 +QnQApKDlqetWvM+iiYqnhK7I4lA5YAV2niSbOfuQysRbjyPWXBOcEoBBRqBXjWAU +r1kGeLeyd9IihAzKjW4JtbgnkVgIKYebacOUcXYRFjHSOjsA80HLz5nJUmB5bOm4 +YQiqksa46qsx63AkfiS7OVH6Nsu9Nx3AaEXJkwKtZYGb3FBrPnOS00chdGyvDDRX +0MvdtI+CkawSJuB8kiFGX4fv0iYmLZ9tcdbmqwIDAQABAoIBAFRjSx6c5I+JiY7M +H6fcP4A00hGxwZsmTriBLCAOhyFsEyjlVfmjE0xneMDvbsPHiZRSnBKWOvIJyhg7 +JxwFNQ6OfgCjoLgO3pBKGO43R9/NlRAfDVEZ2Ky34M/kegAjQHfY07Te38TyC/vr +15pd+wfcDLiiStFpIyu24Bc/2o7F54cWTUuzE87NRrrjLZCAwczLjNRrFXatp6vH +JhtCth2ZNL9KDv5n/4I2IXSMk6N8oXzYkcUmcp+nIDDgxuArcYD9ALNXOz8lLf6p +D73h2xdQL3B/zaB9OhYtiCeLRdThECNSP2egpkYG9Qlxapt1WglRaoyGbcdoqaVG +aHh7elECgYEA77Dmz2VcUOg5hlxt3kl5XKVJfj2LVAaS1yQF/m2/miu7RD6Op4Rg +Oe8y0WCnQscEBsv/pPJXpdNMSHw1z4pOT8MxAKP3HS+9qZkIn6QXdxiSQega8IMB +NxkFVtW+PV7MqySwizFiqSZF/mqD312pGikwbQ9JVmsAc/a1e+D9Ko0CgYEA7SpD +pz6YNa3BW7yP0qHqA3c6a+9TeasDX6v9zRBRV1UCv0T5LPeGY/08uL7veyzwTm67 +wQVlD8lEIN/sw1alB+8fC9fGuLLuHm6qoxcCq0YWTzyxyM3xVUpqxvzcuuLW30mx +SP7g5BEprr5Z7QvyHIyiR79zDu4+ySg2/radZBcCgYEAhn3HdNXWD9vN81NHnrOx +ckeYTkpwNEyf9jHTXyjrmrExGaDUYLCJYdiStiM6luCepMWwgzgr7/L42a9AblyX +hm/qvgZCsVDJZjFlQlZLiFr0LiDzhMKtWuIiOdAjN8JKqzkiCmhCiNDd81yG9D1U +lkZIUtmB+AiAL5Fd0c2zoD0CgYAvcjAcqkobGwq+xodjVR8S2GxooXVqtsqy/h6F +QslzFj+5chwDYfWR1VyrfQ897iyZFFAdem3Qbaxig0nDfnb/klf8r4tC8hDvJ6ad +gAH5r8jQy0yp5oFsVbns2zNxc+YWv5BnEQ5+sexL2Cr3YFdsXLoubl+fUgxfg9sU +tAXiuwKBgQC7IShDY9ZpSQKHDzkqyIwS3k64w2k4x9h+7+6owAnZlj2Mk0nzRxwI +PSMTdhMwDTUTrcUCWwsyf5vn7i0oaLBujzGsHTSCrM1ly52Gkv83LkV9bXjuhqTR +zMvQhAC5o5z8AF0vUTdUtt+aasbAcum0Jp3GSwhIkRtSkOGCwuKw6g== +-----END RSA PRIVATE KEY----- diff --git a/2021-08-11/20210811-1.txt b/2021-08-11/20210811-1.txt new file mode 100644 index 0000000..e23a81e --- /dev/null +++ b/2021-08-11/20210811-1.txt @@ -0,0 +1,3 @@ +20210811-1._domainkey IN TXT ( "v=DKIM1; h=sha256; k=rsa; " + "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3g5YC8JHTBAg0Bklb0aRDpQTuEDUnORzryro2DUxpTX4CKOf3RA6tM8wNgbH5Bta7Gks2QbHcxucHMB94maXi8OwzesrOpBBxlKxqMxR5A6axdg3QnQApKDlqetWvM+iiYqnhK7I4lA5YAV2niSbOfuQysRbjyPWXBOcEoBBRqBXjWAUr1kGeLeyd9IihAzKjW4JtbgnkVgIKY" + "ebacOUcXYRFjHSOjsA80HLz5nJUmB5bOm4YQiqksa46qsx63AkfiS7OVH6Nsu9Nx3AaEXJkwKtZYGb3FBrPnOS00chdGyvDDRX0MvdtI+CkawSJuB8kiFGX4fv0iYmLZ9tcdbmqwIDAQAB" ) ; ----- DKIM key 20210811-1 for mail diff --git a/README.md b/README.md new file mode 100644 index 0000000..5d7f627 --- /dev/null +++ b/README.md @@ -0,0 +1,29 @@ +# Script to update DKIM entry in BIND zone file + +This script takes two arguments: + 1. a BIND DNS zone file + 2. a DNS record generated by 'opendkim-genkey' + +`opendkim-genkey` is part of the `opendkim-tools` Debian package + +This script use regex to +1. extract the DKIM selector and the value of the TXT record from the DKIM TXT record generated by opendkim-genkey +2. replace the DKIM selector and TXT value in the zone file with the new values + + +## Example + +- generate a new DKIM key for mail.example.org +- remember to increase the increment if generating a new key on the same date +```bash +INCREMENT=1; /usr/sbin/opendkim-genkey -b 2048 -d mail -s $(/bin/date +%Y%m%d)-$INCREMENT + +# generate a DNS DKIM TXT record such as '20210811-1.txt' +/usr/sbin/opendkim-genkey -b 2048 -d example.org -s $(/bin/date +%Y%m%d)-1 +``` +Then run this update-dkim.py, passing the zone file you want to update and the above .txt file: +```bash +update-dkim.py 20210811-1.txt +``` +```sh +``` diff --git a/test/20210812-1.private b/test/20210812-1.private new file mode 100644 index 0000000..308be14 --- /dev/null +++ b/test/20210812-1.private @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEAq6SijFR9E9G6DPPhlgedI+shjQF5Q7YZ0u3bk4up9pnZYroz +sBNPZK8OLSFOyl4PQlurS56x4Blr0zZ6/AXocBKwP+8a4JN316mM5ucqu0FZ9LcP +ac58LJxwsUS3oL/WKJLm9L0Y+NzXwlWio9mUZrzCt6IylLc45z3tnNIMBmpB+Z5S +R29Z4fWIH9OjbcoXS/nMPOreqvsJJ0UcwOcD6DAzCUab3unTQFbwzmqjXPQjLExO +AFOF6D5a+LYYy01T2Sb/caLrWc04R/Q/u8z/jdCRjgbWPXfoKs2ib59vANaTfydx +4ELNY0PcrdykckhcGNDo65jJlRKbNxBDolRnYQIDAQABAoIBAQCOLy5b0u1dyqE1 +c52Om7YHeBLt7KeYeLQBr/nxyoM7/Yw/pYGFvSlKfVzf87SCHNLFJIzMcqRkwIo6 +h+nu9bHrjP+lppt8J4ziANjwudQDFIrBFhfVjS/+AIW1wvfeWKu+JprdZ/vUw5ST +rj6xPl8ZkAo49kqyOOkRXZKFEtbVRDnzNRHOfYG5nGW/tyJH+Cyd7cP/e9jPLeo0 +lH4fxyU3sFGIfHnc6ln3ej/x2hin0D3wc68AIQI0Roe8bay0hKUxLCGMGy+LE53T +iIJ/DHvfUJUxaJ+h6Qu7uQCKFZIkIR5wtDPDDNQ/696nSis+Mbgovbr7JjiQRUnB +nTZ6+zTBAoGBAOOmpFi5qJ/Ug432EIeUvbSF62vuNInG7aP4AEZpssNx2EbBh9VL +hcSWvMyGwsh+2NHryvBRxMp64Sj+D+q5YakhsO8rS8qF/ej+CfHEY0MlyLRz7eJW +wYSya9dEWOznuD/kYEYzWOuEpn3Q5wI2LbngLUtK0CP7FBx/z5PbK9JJAoGBAMEE +gD534EFn4h/UfgM0QhtXvDHalsYpbZliCGBgVjZ/y6Za3wrP3IjEPmKsyyq+c7ck +LSZNyme/znPASvejVew02ExbzUbe7tQfr7M75q7cE76OERUWH6eI8HvJsAMGsGVk +bvqjQhgE1oni+jIhotbfVSy02h1NYwF9yil4VexZAoGANVu8z7MMjBHil+ah7zV0 +1ZhCGvUlSVngH3ukjNx/cwH/IG6CKQNfojl2nTXE9/uLVIDA+10fFBqDJfmOv4Se +GGd2MkjipeCMKA1LRWizn2x+w5Ucn92X1EOBtV4mvbh+XjNoQWwNnn5kC79oNgN+ +6j9aPniVmqliCGAIxm4rskkCgYEAka+OBJiCoZuBZ7kBa/Wzt+Oe3po4l1WJre36 +mJPePsByvBt2ojiGIozM8bmul5Ks0Jzznye0EF8Luv53FzcnkWPJpsjbxhRae612 +9nfOBEmEdZ3RcvMB7XhE24o92erglYca5P740hxEukqhwdj1ie2D4nyW7OsOQX/q +aSa04/ECgYEAnJ83soHDL+NTahLWaD8oPxYlxxLbdCRdUG2lNJheYxkw+k/Z4ow9 +dnsdQbPOsFT+qNXnuaozqiIvgX5XwSZ3cKXh2Z/Myoy4b5A1RZNhikWsU6CQOvBl +NqaiOE8Mc6fvuTfwBE8jxVc+FeGFZwAxPUBDgMLyR65IBerhSIZm4vY= +-----END RSA PRIVATE KEY----- diff --git a/test/20210812-1.txt b/test/20210812-1.txt new file mode 100644 index 0000000..6e9545c --- /dev/null +++ b/test/20210812-1.txt @@ -0,0 +1,3 @@ +20210812-1._domainkey IN TXT ( "v=DKIM1; h=sha256; k=rsa; " + "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq6SijFR9E9G6DPPhlgedI+shjQF5Q7YZ0u3bk4up9pnZYrozsBNPZK8OLSFOyl4PQlurS56x4Blr0zZ6/AXocBKwP+8a4JN316mM5ucqu0FZ9LcPac58LJxwsUS3oL/WKJLm9L0Y+NzXwlWio9mUZrzCt6IylLc45z3tnNIMBmpB+Z5SR29Z4fWIH9OjbcoXS/nMPOreqvsJJ0" + "UcwOcD6DAzCUab3unTQFbwzmqjXPQjLExOAFOF6D5a+LYYy01T2Sb/caLrWc04R/Q/u8z/jdCRjgbWPXfoKs2ib59vANaTfydx4ELNY0PcrdykckhcGNDo65jJlRKbNxBDolRnYQIDAQAB" ) ; ----- DKIM key 20210812-1 for mail.example.org diff --git a/update-dkim.py b/update-dkim.py new file mode 100644 index 0000000..288b9c0 --- /dev/null +++ b/update-dkim.py @@ -0,0 +1,87 @@ +#!/usr/bin/env python3 +# +# +# This script takes two arguments: +# 1) a BIND DNS zone file +# 2) a DNS record generated by 'opendkim-genkey' +# +# 'opendkim-genkey' is part of the 'opendkim-tools' Debian package +# +# This script use regex to +# 1) extract the DKIM selector and the value of the TXT record from the +# DKIM TXT record generated by opendkim-genkey +# 2) replace the DKIM selector and TXT value in the zone file with the +# new values +# +# Example: +# First run: +# /usr/sbin/opendkim-genkey -b 2048 -d example.org -s $(/bin/date +%Y%m%d)-1 +# which will generate a DNS DKIM TXT record such as '20210811-1.txt' +# Then run this script, passing the zone file you want to update and the above +# .txt file: +# update-dkim.py 20210811-1.txt +# + +import sys + +# Make sure Python is at least version 3.6 (required for f-string literals support) +if not (sys.version_info.major == 3 and sys.version_info.minor >= 6): + print("This script requires Python 3.6 or higher") + print("You are using Python {}.{}.".format(sys.version_info.major, sys.version_info.minor)) + sys.exit(1) + +import argparse +import re + +# Create an ArgumentParser object to parse the command-line arguments +parser = argparse.ArgumentParser( + description='Update DNS zone file DKIM TXT record(s)' +) + +# First argument is the zone file which will be updated +parser.add_argument( + 'zone_file', type=argparse.FileType('r+') +) + +# Second argument is the opendkim-genkey-generated DKIM TXT record +parser.add_argument( + 'dkim_txt', type=argparse.FileType('r') +) + +args = parser.parse_args() + +# Read the files into corresponding string variables +zone_text = args.zone_file.read() +dkim_txt = args.dkim_txt.read() + +# This regex strips the old DKIM selector and TXT value from the zone file +# The remaining text is captured in a backreference +zone_re = re.compile( + r'^[\d-]+(\._domainkey\.?[a-z.]*\s+[0-9h]+\s+IN\s+TXT\s+\()[\s"=;+\/\w]+', + re.MULTILINE +) + +# This regex uses two backreferences to capture the DKIM selector and TXT value +# from the opendkim-genkey-generated DKIM record +dkim_txt_re = re.compile( + r'^([\d-]+)\._domainkey\s+IN\s+TXT\s+\(([\s"=;+\/\w]+).+\s+$', + re.MULTILINE +) + +# Store the captured values as variables +selector = dkim_txt_re.sub(r'\1', dkim_txt) +dkim_value = dkim_txt_re.sub(r'\2', dkim_txt) + +# Perform the regex substitution on the zone file +# use f-strings to provide the variables in the substitution +zone = zone_re.sub(rf"{selector}\1{dkim_value}", zone_text) + +# print("\nselector: ", selector, "\ndkim_value: ", dkim_value, "\n\nzone:\n", zone) +print(zone) + +# Sample DKIM TXT record +# +# 20160525-014646._domainkey.whitehall 3h IN TXT ( "v=DKIM1; k=rsa; t=y; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCA" +# "QEAulkdTaAsWGpcN4O6HRMzCN6i67AWoMyjemrryvd+j/2epCSZ3qNfkD/ZV8g4S" +# "42IVk4dBs3evQQCyCGQhhoqpQIDAQAB" ) +