基于私钥删除 DNS 记录

add_dns_record.py

#!/bin/env python
#-*- coding: utf-8 -*-
 
""" 此脚本作为参考:
    根据私钥增加 DNS 正向和反向记录.

"""
 
 
import os
import sys
import logging
import subprocess
 
logging.basicConfig(level=logging.DEBUG, stream=sys.stdout,
                    format='%(message)s')
 
 
def shell(cmd):
    process = subprocess.Popen(args=cmd, stdout=subprocess.PIPE,
                               stderr=subprocess.PIPE, shell=True)
    std_out, std_err = process.communicate()
    return_code = process.poll()
    return return_code, std_out, std_err
 
 
def _shell(cmd, _exit=1):
    rc , so, se = shell(cmd)
    if rc == 0:
        message = "cmd:%s" % cmd
        logging.info(message)
        return so.strip()
    else:
        message = "cmd:%s, error:%s" % (cmd, se)
        logging.error(message)
        if _exit == 1:
            sys.exit(1)
        else:
            return False
 
 
def main():
    domain = "ilo.wandoujia.com."
    domain_reverse = "2.10.in-addr.arpa."
    server = "10.0.11.14"
    private_key_path = "Kilo.wandoujia.com.+157+25978.key"
    hostname = "idrac-53LT42X"
    ip = "10.2.7.79"
 
    cmd = """
cat <<EOF | /usr/bin/nsupdate -k %s -v
server %s
zone %s
update add %s.%s 34560000 A %s
show
send
EOF
""" % (private_key_path, server, domain, hostname, domain, ip)
     # print cmd
    _shell(cmd)
 
    ip_reverse = ".".join(ip.split(".")[::-1])
    cmd = """
cat <<EOF | /usr/bin/nsupdate -k %s -v
server %s
zone %s
update add %s.in-addr.arpa 34560000 PTR %s.%s
show
send
EOF
""" % (private_key_path, server, domain_reverse, ip_reverse, hostname, domain)
    # print cmd
    _shell(cmd)
 
 
if __name__ == "__main__":
    main()

del_dns_record.py

#!/bin/env python
#-*- coding: utf-8 -*-

""" 根据私钥删除 DNS 正向和反向记录.

在我们的装机中依赖了 DDNS 服务, idrac 向 DHCP 申请 IP 之后自动向 DNS 注册.

现在发现了一个问题, 如果一个 idrac 重新申请到一个不同的 IP(此种情况可能见于换 idrac 卡), 
而 DNS 记录已经存在, 那么 DNS 没法注册, 会报: 
'RRset exists (value dependent)' prerequisite not satisfied (NXRRSET)

为了修复这个问题, 首先要删除 DNS 中的正向和反向记录, 然后让 idrac 卡重新获取 IP.

update:
  后来发现通过在 DHCP 中增加 update-conflict-detection false 配置可以解决这个问题。

"""


import os
import sys
import logging
import subprocess

logging.basicConfig(level=logging.DEBUG, stream=sys.stdout,
                    format='%(message)s')


def shell(cmd):
    process = subprocess.Popen(args=cmd, stdout=subprocess.PIPE,
                               stderr=subprocess.PIPE, shell=True)
    std_out, std_err = process.communicate()
    return_code = process.poll()
    return return_code, std_out, std_err


def _shell(cmd, _exit=1):
    rc , so, se = shell(cmd)
    if rc == 0:
        message = "cmd:%s" % cmd
        logging.info(message)
        return so.strip()
    else:
        message = "cmd:%s, error:%s" % (cmd, se)
        logging.error(message)
        if _exit == 1:
            sys.exit(1)
        else:
            return False


def dns_resolv(hostname, server="127.0.0.1"):
    cmd = ''' nslookup %s %s |grep -v "#53" |grep "Address:" ''' % (hostname, server)
    return _shell(cmd).split(":")[-1].strip()


def main():
    domain = "ilo.wandoujia.com."
    domain_reverse = "2.10.in-addr.arpa."
    server = "10.0.11.14"
    private_key_path = "Kilo.wandoujia.com.+157+25978.key"
    hostname = "idrac-2MYNGZX"
    
    ip = dns_resolv(hostname + "." + domain, server)

    cmd = """
cat <<EOF | /usr/bin/nsupdate -k %s -v
server %s
zone %s
update delete %s.%s 
show
send
EOF
""" % (private_key_path, server, domain, hostname, domain)
    # print cmd
    _shell(cmd)

    ip_reverse = ".".join(ip.split(".")[::-1])
    cmd = """
cat <<EOF | /usr/bin/nsupdate -k %s -v
server %s
zone %s
update delete %s.in-addr.arpa
show
send
EOF
""" % (private_key_path, server, domain_reverse, ip_reverse)
    # print cmd
    _shell(cmd)


if __name__ == "__main__":
    main()