No description

Python 100%

Find a file

Michael Hinz 9b0768da79 feat: documentation, and a license		2026-02-12 16:18:29 +01:00
.env-example	fix: make nameservers configurable	2026-02-12 15:48:10 +01:00
.gitignore	feat: first prototype, "works on my machine" edition	2026-02-12 15:18:27 +01:00
.python-version	feat: first prototype, "works on my machine" edition	2026-02-12 15:18:27 +01:00
LICENSE	feat: documentation, and a license	2026-02-12 16:18:29 +01:00
main.py	fix: less debug output	2026-02-12 15:50:23 +01:00
pyproject.toml	feat: ask DNS, and get config from a .env file	2026-02-12 15:31:00 +01:00
README.md	feat: documentation, and a license	2026-02-12 16:18:29 +01:00
uv.lock	feat: ask DNS, and get config from a .env file	2026-02-12 15:31:00 +01:00

README.md

DNSSEC fix

Check if the DNSKEY for given domains is the same for the primary and the secondary DNS server, if not, push by updating the SOA record of that zone with the current date and a running number.

Prerequisites

PowerDNS authoritative server
MySQL/MariaDB backend, and your ability to give the dnssec-fix script access
uv (fantastic package manager for Python)

Security

The script needs the ability to reach all the nameservers mentioned in the config, and has to have an account on the MySQL/MariaDB server that has the SELECT and UPDATE privileges for the records table in the PowerDNS database.

Future ideas

Or ideas for the future...

convert to Django for more features:
- better logging
- delayed action (only publish new SOA records after three mis-lookups in a row)
- better configurability
more detailed error handling, recognize timeouts and don't react to them as if the script got "wrong" data
get the list of nameservers from DNS instead of a config file (more correct for zones with varying nameserver configurations)

License

This isn't a big script. It isn't a complicated script either. Actually it's more of a hack. So I license this code with the 3-clause BSD license.

Michael Hinz - 2026-02-12