feat: documentation, and a license
This commit is contained in:
parent
658472902c
commit
9b0768da79
2 changed files with 59 additions and 0 deletions
30
README.md
30
README.md
|
|
@ -4,4 +4,34 @@ Check if the DNSKEY for given domains is the same for the primary and
|
|||
the secondary DNS server, if not, push by updating the SOA record of
|
||||
that zone with the current date and a running number.
|
||||
|
||||
## Prerequisites
|
||||
|
||||
- PowerDNS authoritative server
|
||||
- MySQL/MariaDB backend, and your ability to give the dnssec-fix script access
|
||||
- uv (fantastic package manager for Python)
|
||||
|
||||
## Security
|
||||
|
||||
The script needs the ability to reach all the nameservers mentioned in the config,
|
||||
and has to have an account on the MySQL/MariaDB server that has the SELECT and
|
||||
UPDATE privileges for the records table in the PowerDNS database.
|
||||
|
||||
## Future ideas
|
||||
|
||||
Or ideas for the future...
|
||||
|
||||
- convert to Django for more features:
|
||||
- better logging
|
||||
- delayed action (only publish new SOA records after three mis-lookups in a row)
|
||||
- better configurability
|
||||
- more detailed error handling, recognize timeouts and don't react to them as if
|
||||
the script got "wrong" data
|
||||
- get the list of nameservers from DNS instead of a config file (more correct for
|
||||
zones with varying nameserver configurations)
|
||||
|
||||
## License
|
||||
|
||||
This isn't a big script. It isn't a complicated script either. Actually it's more
|
||||
of a hack. So I license this code with the 3-clause BSD license.
|
||||
|
||||
Michael Hinz - 2026-02-12
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue