#!/bin/sh
#
# dyndnsupdate - Do DNS-SEC signed DDNS updates for clients with dynamic IPs
# Copyright 2007 Bernie Innocenti <bernie@codewiz.org>
# All rights reserved.
#
#
# Installation:
# - generate SIG(0) keypair:
#    dnssec-keygen -k -r /dev/urandom -a RSAMD5 -b 1024 -n ZONE danux.dynamic.codewiz.org.
# - strip random numbers (e.g.: +001+48630) from generated filenames
# - send .public key to DNS admin
# - ask DNS admin to install key zone file
# - ask DNS admin to grant access to zone: update-policy { grant * self * ANY; }
# - configure vars below
# - launch this script from ip-up.local or similar place
#
# TODO: http://ip.discoveryvip.com/ip.asp
#

name=`hostname | sed 's/\..*$//'`
zone=dynamic.codewiz.org
ttl=300
server=ns1.codewiz.org
key=/etc/K${name}.dynamic.codewiz.org.private
iface=eth0
ip4=`/sbin/ip addr show dev $iface scope global | sed -n -e 's/ *inet \(.*\)\/.*/\1/p' | head -n 1`
ip6=`/sbin/ip addr show dev $iface scope global | sed -n -e 's/ *inet6 \(.*\)\/.*/\1/p' | head -n 1`

# Sanity checks
if ! [ -r $key ]; then
	echo "Key '$key' is not readable -- not root?"
	exit 1
fi
if [ -z "$ip4" ]; then
	echo "Can't read IPv4 addr from $eth"
	exit 2
fi
if ! [ -z "$ip6" ]; then
	update_ip6="update add $name.$zone. $ttl AAAA $ip6"
fi

#cat <<EOF
nsupdate -k $key -v <<EOF
server $server
zone $zone
update delete $name.$zone. A
update delete $name.$zone. AAAA
update add $name.$zone. $ttl A $ip4
$update_ip6
show
send
EOF