danectl-zonefile - Adapt danectl DNS RR output to modify BIND9 zonefiles
danectl rollover <cert-name> | danectl-zonefile <zonefile>
danectl tlsa-check <cert-name> | danectl-zonefile <zonefile>
danectl sshfp-check <hostname> | danectl-zonefile <zonefile>
danectl -1 smimea-check <cert.pem> | danectl-zonefile <zonefile>
danectl -1 openpgpkey-check <email> | danectl-zonefile <zonefile>danectl-zonefile is an output adapter for danectl(1). Certain danectl(1) commands (see the examples above) produce output that indicates DNS RRs that need to be removed or added to the DNS.
This adapter is a filter that accepts that output from danectl(1), then backs up and modifies the BIND9 zonefile whose name is supplied on the command line.
There are many ways to implement changes to the DNS. danectl currently provides two adapters for this purpose. Contributions of more adapters would be welcomed.
This assumes that any DNS RRs to be deleted from the zonefile were added to the zonefile from danectl(1) output. If the RRs are not formatted exactly the same as in danectl(1) output, it will not be detected and it will not be deleted. But the new RRs to be added will still be added to the zonefile. If this happens, the old undeleted DNS RRs will have to be manually deleted.
The serial number in the SOA is not modified. That will need to be done separately.
danectl(1), named(8), danectl-nsupdate(1).
raf <raf@raf.org>