Dnext

December 18, 2023 5:52pm

A simple script that can create/update the #TLSA #DANE record for my #SMTP server. Requires #DNSSEC.

#!/bin/bash

TLSA="3 0 1 $(openssl x509 -in "$DANE_CERTIFICATE" -outform DER | openssl sha256 | cut -d' ' -f2)"

NAME="_25._tcp.smtp.koehn.com"

CURRENT="$(dig +short $NAME TLSA | tr '[:upper:]' '[:lower:]' | cut -c 1-62,64-)"

SERVER="ns1.koehn.com"
ZONE="koehn.com"

if [ "$TLSA" != "$CURRENT" ] ; then
  UPDATE="
  server $SERVER
  zone $ZONE
  update delete $NAME TLSA
  update add $NAME 300 TLSA $TLSA
  send"

  echo "$UPDATE" | nsupdate -vy "$TSIG_KEY"
fi

anonymiss

October 15, 2023 2:31pm

"Dance like no one is watching, love like you've never been hurt; sing like no one is listening, and live like it's heaven on earth."

#dane #love #sing #life #quote #wisdom #destiny

0 Persons are tagged with #dane

#dane