Page MenuHomeMiraheze
Paste P501

newest version SSL dns/cname resolve
ActivePublic

Authored by Reception123 on Feb 1 2024, 10:55.
Tags
None
Referenced Files
F2710874: newest version SSL dns/cname resolve
Feb 3 2024, 07:48
F2710091: newest version SSL dns/cname resolve
Feb 1 2024, 10:55
Subscribers
None
#!/usr/bin/python3 -u
# Generate a DNS zone
import argparse
import os
import string
import subprocess
#from dns import resolver
from dns import reversename, resolver
from datetime import datetime
# construct the argument parse and parse the arguments
ap = argparse.ArgumentParser(description="Script to generate a DNS zone.")
ap.add_argument("-d", "--domain", required=True, help="name of the domain")
ap.add_argument(
"-g",
"--generate",
required=False,
action="store_true",
default=False,
help="generates DNS zone",
)
args = vars(ap.parse_args())
class DnsZone:
def __init__(self):
self.domain = args["domain"]
timestamp = datetime.now().timestamp()
dt = datetime.fromtimestamp(timestamp)
self.date = datetime.strftime(dt, "%Y%m%d000001")
self.dns_resolver = resolver.Resolver(configure=False)
self.dns_resolver.nameservers = ['2606:4700:4700::1111']
def on_init(self):
# try:
# cname = str(self.dns_resolver.resolve(self.domain, "CNAME")[0])
# except resolver.NoAnswer:
# cname = None
# if cname == "mw-lb.miraheze.org.":
# print("CNAME is pointed at mw-lb.miraheze.org. No further action required")
# elif cname is None:
# print("No CNAME is pointed. Trying NS...")
nameservers = []
try:
nameserversans = self.dns_resolver.resolve(self.domain, 'NS')
for nameserver in nameserversans:
nameserver = str(nameserver)
nameservers.append(nameserver)
flatten_manadatory_providers = (
'.ns.cloudflare.com.',
'.dreamhost.com.',
'.ns.porkbun.com.',
'.registrar-servers.com.',
)
cname_check_impossible = nameserver.endswith(flatten_manadatory_providers)
except resolver.NoAnswer:
nameservers = None
if sorted(list(nameservers)) == sorted(['ns1.miraheze.org.', 'ns2.miraheze.org.']):
print("Nameservers are pointed to ns1 and ns2. Generating zone file")
os.system(
"git config --global core.sshCommand \"ssh -i /var/lib/nagios/id_ed25519 -F /dev/null -o ProxyCommand='nc -6 -X connect -x bast.miraheze.org:8080 %h %p'\""
)
os.system("cd /srv/dns/ && git clone git@github.com:miraheze/dns.git")
os.system('git -C /srv/dns/dns config user.name "MirahezeSSLBot"')
os.system('git -C /srv/dns/dns config user.email "noreply@miraheze.org"')
os.system("git -C /srv/dns/dns reset --hard origin/master")
os.system("git -C /srv/dns/dns pull")
os.system(f"touch /srv/dns/dns/zones/{self.domain}")
with open(f"/srv/dns/dns/zones/{self.domain}", "a") as zone:
zone.write("$TTL 300\n")
zone.write(f"$ORIGIN {self.domain}\n")
zone.write("\n")
zone.write("@\t\tSOA ns1.miraheze.org. hostmaster.miraheze.org. (\n")
zone.write(f"\t\t{self.date} ; serial\n")
zone.write("\t\t7200 ; refresh\n")
zone.write("\t\t30M ; retry\n")
zone.write("\t\t3D ; expire\n")
zone.write("\t\t900 ; ncache\n")
zone.write(")\n")
zone.write("\n")
zone.write("; Wildcard services\n")
zone.write("@\t\tDYNA geoip!cp\n")
zone.write("\n")
zone.write("; Name servers\n")
zone.write("@\t\tNS\tns1.miraheze.org.\n")
zone.write("@\t\tNS\tns2.miraheze.org.\n")
zone.write("\n")
zone.write("; CAA (issue: letsencrypt.com, iodef: operations)\n")
zone.write(
"@\t\tTYPE257 \# 22 000569737375656C657473656E63727970742E6F7267\n"
)
zone.write(
"@\t\tTYPE257 \# 37 0005696F6465666D61696C746F3A6F7065726174696F6E73406D69726168657A652E6F7267\n"
)
zone.write("\n")
zone.write("; Mail exchangers\n")
zone.write("\n")
zone.write("; Servers\n")
zone.write("\n")
zone.write("; Services\n")
zone.write("www DYNA geoip!cp\n")
zone.write("\n")
zone.write("; load balancers\n")
zone.write("\n")
zone.write("; Other\n")
os.system(f"git -C /srv/dns/dns add /srv/dns/{self.domain}")
os.system(
f'git -C /srv/dns/dns commit -m "Bot: Add DNS zone for {self.domain}" -m "DNS zone committed by {os.getlogin()}"'
)
os.system("git -C /srv/dns/dns push origin master")
else:
print("No NS is pointed. Domain is not pointed to Miraheze")
zone = DnsZone()
zone.on_init()