script to add/delete dns records using nsupdate, based on: https://blog.gnuers.org/?p=890

dnsrec.sh

#!/bin/bash
usage(){
    echo "usage: $0 <addrec> <view> <zone> <domain> <type> <value> <mxpr> <ttl>"
    echo "usage: $0 <delrec> <view> <zone> <domain> [type] [value] [mxpr] [ttl]"
    exit 1
}

DEBUG() {
    if [[ $DEBUG = true ]]; then
        "$@"
    fi
}

die() {
    echo "dnsrec error: $*" >&2
    exit 1
}

is_digit() {
    if [[ "$1" =~ ^([1-9][0-9]{0,14}|0)$ ]]; then
        return 0
    fi
    return 1
}

dnsupdate() {
    local action=$1
    local view=$2
    local zone=$3
    local domain=$4
    local dtype=$5
    local value=$6
    local mxpr=$7
    local ttl=$8
    if [[ $mxpr = "-" ]] || [[ $mxpr = "NULL" ]]; then
        mxpr=""
    fi

    if [[ $action = "fmode" ]]; then
        /usr/bin/nsupdate -v -y "$view:${views[${view}]}" "$domain"
        return $?
    fi

    DEBUG echo -e "
    /usr/bin/nsupdate -y \"$view:${views[${view}]}\" <<-EOF\n
    server 127.0.0.1\n
    zone $zone\n
    update $action $domain $ttl $dtype $mxpr $value\n
    send\n
EOF
"

    /usr/bin/nsupdate -y "$view:${views[${view}]}" <<-EOF
    server 127.0.0.1
    zone $zone
    update $action $domain $ttl $dtype $mxpr $value
    send
EOF
}

if [ $# -lt 4 ]; then
    echo "bad arg: $*" >&2
    usage
fi
action=$1
route=$2
zone=$3
domain=$4
dtype=$5
value=$6
mxpr=$7
ttl=$8
zone=$(echo "$zone"|tr '[:upper:]' '[:lower:]')
domain=$(echo "$domain"|tr '[:upper:]' '[:lower:]')
zonetpl=/etc/named/zone.tpl
viewlst=/etc/named/view.lst
keylst=/etc/named/key.lst

if ! [ -f $zonetpl ]; then
    die "cannot find zone tpl"
fi
if ! [ -f $viewlst ]; then
    die "cannot find view list"
fi
if ! [ -f $keylst ]; then
    die "cannot find key list"
fi
declare -A views
source /etc/named/key.lst

if is_digit "$route"; then
    view=$(awk "\$1 ~ /^$route$/ {print \$2}" $viewlst)
else
    view=$route
fi
if ! [[ -n $view ]]; then
    die "route error :$route"
fi
if ! [[ -n ${views[${view}]} ]]; then
    die "cannot find key for $view"
fi
basedir=/var/named/views/"$view"
viewdir="$basedir"/"${zone:0:1}"

case $action in
    addrec)
        if [ $# -ne 8 ]; then
            echo "error: $action bad arg: $*" >&2
            usage
        fi

        [ -d "$basedir" ] || ( mkdir -p "$basedir" && chown named.named "$basedir" )
        [ -d "$viewdir" ] || ( mkdir -p "$viewdir" && chown named.named "$viewdir" )
        if ! [ -f "$viewdir"/"${zone}".db ] && ! [ -f "$basedir"/"${zone}".db ]; then
            cat $zonetpl > "$viewdir"/"${zone}".db
            chown named.named "$viewdir"/"${zone}".db
            res=$(/usr/sbin/rndc addzone "$zone" IN "$view" "{type master;file \"views/$view/${zone:0:1}/${zone}.db\";};" 2>&1)
            retval=$?
            if [ $retval -ne 0 ]; then
                if echo "$res" | grep -q "already exists"; then
                    DEBUG echo "warn: addzone $zone already exists"
                else
                    rm -f "$viewdir"/"${zone}".db
                    die "$action: addzone $zone failed: $res"
                fi
            fi
        fi

        dnsupdate add "$view" "$zone" "$domain" "$dtype" "$value" "$mxpr" "$ttl"
        retval=$?
        if [ $retval -eq 0 ]; then
            DEBUG echo "info: $* success"
        else
            die "$* failed with retval:$retval"
        fi
        ;;
    delrec)
        if [ $# -lt 4 ]; then
            echo "error: $action: bad arg: $*" >&2
            usage
        fi

        if ! [ -f "$viewdir"/"${zone}".db ] && ! [ -f "$basedir"/"${zone}".db ]; then
            DEBUG echo "warn: $action cannot find zone $zone in view $view"
            notzone=true
        else
            notzone=false
        fi

        if [ $# -eq 4 ]; then
            if ! [ -f "$domain" ]; then
                die "$action: cannot find batch file for $domain"
            fi
            dnsupdate fmode "$view" "$zone" "$domain"
            retval=$?
            if [ $retval -eq 0 ]; then
                DEBUG echo "info: $* success"
            elif [[ "$notzone" = true ]]; then
                DEBUG echo "warn: no zone $zone,just ignore this error"
            else
                die "$* failed with retval:$retval"
            fi
            res=$(/usr/sbin/rndc delzone "$zone" IN "$view" 2>&1)
            retval=$?
            if [ $retval -eq 0 ]; then
                rm -f "$viewdir"/"${zone}".db*
                DEBUG echo "info: delzone $zone success"
            else
                if echo "$res" | grep -q 'not found'; then
                    rm -f "$viewdir"/"${zone}".db*
                    DEBUG echo "warn: delzone $zone not found"
                elif [[ "$notzone" = true ]]; then
                    DEBUG echo "warn: no zone $zone,just ignore this error"
                else
                    die "$action: delzone $zone failed: $res"
                fi
            fi
        else
            res=$(dnsupdate delete "$view" "$zone" "$domain" "$dtype" "$value" "$mxpr" "$ttl" 2>&1)
            retval=$?
            if [ $retval -eq 0 ]; then
                DEBUG echo "info: $* success"
            elif [[ "$notzone" = true ]]; then
                DEBUG echo "warn: no zone $zone,just ignore this error"
            else
                die "$* failed: $res, retval:$retval"
            fi
        fi
        ;;
    *)
        usage
        ;;
esac

must change named.conf to make this script work:

recursion no;
additional-from-auth no;
additional-from-cache no;
check-integrity no;
notify no;
allow-transfer { none; };
allow-update { 127.0.0.1; };
allow-new-zones yes;