forked from asifbacchus/CloudflareDDNS
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathcfddns.sh
More file actions
552 lines (511 loc) · 19.6 KB
/
cfddns.sh
File metadata and controls
552 lines (511 loc) · 19.6 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
#!/bin/sh
#
# update Cloudflare DNS records with current (dynamic) IP address
# Script by Asif Bacchus <asif@bacchus.cloud>
# Last modified: May 10, 2021
# Version 2.2
#
### text formatting presets using tput
if command -v tput >/dev/null; then
[ -z "$TERM" ] && export TERM=xterm
bold=$(tput bold)
cyan=$(tput setaf 6)
err=$(tput bold)$(tput setaf 1)
magenta=$(tput setaf 5)
norm=$(tput sgr0)
ok=$(tput setaf 2)
warn=$(tput bold)$(tput setaf 3)
yellow=$(tput setaf 3)
width=$(tput cols)
else
bold=""
cyan=""
err=""
magenta=""
norm=""
ok=""
warn=""
yellow=""
width=80
fi
### functions
badParam() {
if [ "$1" = "null" ]; then
printf "\n%sERROR: '%s' cannot have a NULL (empty) value.\n" "$err" "$2"
printf "%sPlease use '--help' for assistance.%s\n\n" "$cyan" "$norm"
exit 1
elif [ "$1" = "dne" ]; then
printf "\n%sERROR: '%s %s'\n" "$err" "$2" "$3"
printf "file or directory does not exist or is empty.%s\n\n" "$norm"
exit 1
elif [ "$1" = "errMsg" ]; then
printf "\n%sERROR: %s%s\n\n" "$err" "$2" "$norm"
exit 1
fi
}
exitError() {
case "$1" in
3)
errMsg="Unable to connect to Cloudflare servers. This is probably a temporary networking issue. Please try again later."
;;
10)
errMsg="Unable to auto-detect IP address. Try again later or supply the IP address to be used."
;;
20)
errMsg="Cloudflare authorized email address (cfEmail) is either null or undefined. Please check your Cloudflare credentials file."
;;
21)
errMsg="Cloudflare authorized API key (cfKey) is either null or undefined. Please check your Cloudflare credentials file."
;;
22)
errMsg="Cloudflare zone id (cfZoneId) is either null or undefined. Please check your Cloudflare credentials file."
;;
25)
errMsg="Cloudflare API error. Please review any 'CF-ERR:' lines in this log for details."
;;
26)
errMsg="${failedHostCount} host update(s) failed. Any 'CF-ERR:' lines noted in this log may help determine what went wrong."
;;
*)
writeLog error "An unspecified error occurred. (code: 99)"
printf "%s[%s] -- Cloudflare DDNS update-script: completed with error(s) --%s\n" "$err" "$(stamp)" "$norm" >>"$logFile"
exit 99
;;
esac
writeLog error "$errMsg" "$1"
printf "%s[%s] -- Cloudflare DDNS update-script: completed with error(s) --%s\n" "$err" "$(stamp)" "$norm" >>"$logFile"
exit "$1"
}
exitOK() {
printf "%s[%s] -- Cloudflare DDNS update-script: completed successfully --%s\n" "$ok" "$(stamp)" "$norm" >>"$logFile"
exit 0
}
listCFErrors() {
# extract error codes and messages in separate variables, replace newlines with underscores
codes="$(printf "%s" "$1" | jq -r '.errors | .[] | .code' | tr '\n' '_')"
messages="$(printf "%s" "$1" | jq -r '.errors | .[] | .message' | tr '\n' '_')"
# iterate codes and messages and assemble into coherent messages in log
while [ -n "$codes" ] && [ -n "$messages" ]; do
# get first code and message in respective sets
code="${codes%%_*}"
message="${messages%%_*}"
# update codes and messages sets by removing first item in each set
codes="${codes#*_}"
messages="${messages#*_}"
# output to log
writeLog cf "$message" "$code"
done
}
scriptExamples() {
newline
printf "Update Cloudflare DNS host A/AAAA records with current IP address.\n"
printf "%sUsage: %s --records host.domain.tld[,host2.domain.tld,...] [parameters]%s\n\n" "$bold" "$scriptName" "$norm"
textBlock "${magenta}--- usage examples ---${norm}"
newline
textBlockSwitches "${scriptName} -r myserver.mydomain.net"
textBlock "Update Cloudflare DNS records for myserver.mydomain.net with the auto-detected public IP4 address. Credentials will be expected in the default location and the log will be written in the default location also."
newline
textBlockSwitches "${scriptName} -r myserver.mydomain.net -6"
textBlock "Same as above, but update AAAA host records with the auto-detected public IP6 address."
newline
textBlockSwitches "${scriptName} -r myserver.mydomain.net,myserver2.mydomain.net -l /var/log/cfddns.log --nc"
textBlock "Update DNS entries for both listed hosts using auto-detected IP4 address. Write a non-coloured log to '/var/log/cfddns.log'."
newline
textBlockSwitches "${scriptName} -r myserver.mydomain.net,myserver2.mydomain.net -l /var/log/cfddns.log --ip6 --ip fd21:7a62:2737:9c3a::a151"
textBlock "Update DNS AAAA entries for listed hosts using the *specified* IP address. Write a colourful log to the location specified."
newline
textBlockSwitches "${scriptName} -r myserver.mydomain.net -c /root/cloudflare.creds -l /var/log/cfddns.log --ip 1.2.3.4"
textBlock "Update DNS A entry for listed hostname with the provided IP address. Read cloudflare credentials file from specified location, save log in specified location."
newline
textBlockSwitches "${scriptName} -r myserver.mydomain.net -c /root/cloudflare.creds -l /var/log/cfddns.log -6 -i fd21:7a62:2737:9c3a::a151"
textBlock "Exact same as above, but change the AAAA record. This is how you run the script once for IP4 and again for IP6."
exit 0
}
scriptHelp() {
newline
printf "Update Cloudflare DNS host A/AAAA records with current IP address.\n"
printf "%sUsage: %s --records host.domain.tld[,host2.domain.tld,...] [parameters]%s\n\n" "$bold" "$scriptName" "$norm"
textBlock "The only required parameter is '--records' which is a comma-delimited list of hostnames to update. However, there are several other options which may be useful to implement."
textBlock "Parameters are listed below and followed by a description of their effect. If a default value exists, it will be listed on the following line in (parentheses)."
newline
textBlock "${magenta}--- script related parameters ---${norm}"
newline
textBlockSwitches "-c | --cred | --creds | --credentials | -f (deprecated, backward-compatibility)"
textBlock "Path to file containing your Cloudflare *token* credentials. Please refer to the repo README for more information on format, etc."
textBlockDefaults "(${accountFile})"
newline
textBlockSwitches "-l | --log"
textBlock "Path where the log file should be written."
textBlockDefaults "(${logFile})"
newline
textBlockSwitches "--nc | --no-color | --no-colour"
textBlock "Switch value. Disables ANSI colours in the log. Useful if you review the logs using a reader that does not parse ANSI colour codes."
textBlockDefaults "(disabled: print logs in colour)"
newline
textBlockSwitches "--log-console"
textBlock "Switch value. Output log to console (stdout) instead of a log file. Can be combined with --nc if desired."
textBlockDefaults "(disabled: output to log file)"
newline
textBlockSwitches "--no-log"
textBlock "Switch value. Do not create a log (i.e. no console, no file). You will not have *any* output from the script if you choose this option, so you will not know if updates succeeded or failed."
textBlockDefaults "(disabled: output to log file)"
newline
textBlockSwitches "-h | --help | -?"
textBlock "Display this help screen."
newline
textBlockSwitches "--examples"
textBlock "Show some usage examples."
newline
textBlock "${magenta}--- DNS related parameters ---${norm}"
newline
textBlockSwitches "-r | --record | --records"
textBlock "Comma-delimited list of hostnames for which IP addresses should be updated in Cloudflare DNS. This parameter is REQUIRED. Note that this script will only *update* records, it will not create new ones. If you supply hostnames that are not already defined in DNS, the script will log a warning and will skip those hostnames."
newline
textBlockSwitches "-i | --ip | --ip-address | -a | --address"
textBlock "New IP address for DNS host records. If you omit this, the script will attempt to auto-detect your public IP address and use that."
newline
textBlockSwitches "-4 | --ip4 | --ipv4"
textBlock "Switch value. Update Host 'A' records (IP4) only. Note that this script can only update either A *or* AAAA records. If you need to update both, you'll have to run the script once in IP4 mode and again in IP6 mode. If you specify both this switch and the IP6 switch, the last one specified will take effect."
textBlockDefaults "(enabled: update A records)"
newline
textBlockSwitches "-6 | --ip6 | --ipv6"
textBlock "Switch value. Update Host 'AAAA' records (IP6) only. Note that this script can only update either A *or* AAAA records. If you need to update both, you'll have to run the script once in IP4 mode and again in IP6 mode. If you specify both this switch and the IP4 switch, the last one specified will take effect."
textBlockDefaults "(disabled: update A records)"
newline
textBlock "Please refer to the repo README for more detailed information regarding this script and how to automate and monitor it."
newline
exit 0
}
stamp() {
(date +%F" "%T)
}
newline() {
printf "\n"
}
textBlock() {
printf "%s\n" "$1" | fold -w "$width" -s
}
textBlockDefaults() {
printf "%s%s%s\n" "$yellow" "$1" "$norm"
}
textBlockSwitches() {
printf "%s%s%s\n" "$cyan" "$1" "$norm"
}
writeLog() {
case "$1" in
cf)
printf "[%s] CF-ERR: %s (code: %s)\n" "$(stamp)" "$2" "$3" >>"$logFile"
;;
err)
printf "%s[%s] ERR: %s%s\n" "$err" "$(stamp)" "$2" "$norm" >>"$logFile"
;;
error)
printf "%s[%s] ERROR: %s (code: %s)%s\n" "$err" "$(stamp)" "$2" "$3" "$norm" >>"$logFile"
;;
process)
printf "%s[%s] %s... %s" "$cyan" "$(stamp)" "$2" "$norm" >>"$logFile"
;;
process-done)
printf "%s%s%s\n" "$cyan" "$2" "$norm" >>"$logFile"
;;
process-error)
printf "%sERROR%s\n" "$err" "$norm" >>"$logFile"
;;
process-warning)
printf "%s%s%s\n" "$warn" "$2" "$norm" >>"$logFile"
;;
stamped)
printf "[%s] %s\n" "$(stamp)" "$2" >>"$logFile"
;;
success)
printf "%s[%s] SUCCESS: %s%s\n" "$ok" "$(stamp)" "$2" "$norm" >>"$logFile"
;;
warn)
printf "%s[%s] WARN: %s%s\n" "$warn" "$(stamp)" "$2" "$norm" >>"$logFile"
;;
warning)
printf "%s[%s] WARNING: %s%s\n" "$warn" "$(stamp)" "$2" "$norm" >>"$logFile"
;;
*)
printf "%s\n" "$2" >>"$logFile"
;;
esac
}
### default variable values
scriptPath="$(CDPATH='' \cd -- "$(dirname -- "$0")" && pwd -P)"
scriptName="$(basename "$0")"
logFile="$scriptPath/${scriptName%.*}.log"
accountFile="$scriptPath/cloudflare.credentials"
colourizeLogFile=1
dnsRecords=""
dnsSeparator=","
ipAddress=""
ip4=1
ip6=0
ip4DetectionSvc="http://ipv4.icanhazip.com"
ip6DetectionSvc="http://ipv6.icanhazip.com"
invalidDomainCount=0
failedHostCount=0
### process startup parameters
if [ -z "$1" ]; then
scriptHelp
fi
while [ $# -gt 0 ]; do
case "$1" in
-h | -\? | --help)
# display help
scriptHelp
;;
--examples)
# display sample commands
scriptExamples
;;
-l | --log)
# set log file location
if [ -n "$2" ]; then
logFile="${2%/}"
shift
else
badParam null "$@"
fi
;;
--log-console)
# log to the console instead of a file
logFile="/dev/stdout"
;;
--no-log)
# do not log anything
logFile="/dev/null"
;;
--nc | --no-color | --no-colour)
# do not colourize log file
colourizeLogFile=0
;;
-c | --cred* | -f)
# path to Cloudflare credentials file
if [ -n "$2" ]; then
if [ -f "$2" ] && [ -s "$2" ]; then
accountFile="${2%/}"
shift
else
badParam dne "$@"
fi
else
badParam null "$@"
fi
;;
-r | --record | --records)
# DNS records to update
if [ -n "$2" ]; then
dnsRecords=$(printf "%s" "$2" | sed -e 's/ //g')
shift
else
badParam null "$@"
fi
;;
-i | --ip | --ip-address | -a | --address)
# IP address to use (not parsed for correctness)
if [ -n "$2" ]; then
ipAddress="$2"
shift
else
badParam null "$@"
fi
;;
-4 | --ip4 | --ipv4)
# operate in IP4 mode (default)
ip4=1
ip6=0
;;
-6 | --ip6 | --ipv6)
# operate in IP6 mode
ip6=1
ip4=0
;;
*)
printf "\n%sUnknown option: %s\n" "$err" "$1"
printf "%sUse '--help' for valid options.%s\n\n" "$cyan" "$norm"
exit 1
;;
esac
shift
done
### pre-flight checks
if ! command -v curl >/dev/null; then
printf "\n%sThis script requires 'curl' be installed and accessible. Exiting.%s\n\n" "$err" "$norm"
exit 2
fi
if ! command -v jq >/dev/null; then
printf "\n%sThis script requires 'jq' be installed and accessible. Exiting.%s\n\n" "$err" "$norm"
exit 2
fi
[ -z "$dnsRecords" ] && badParam errMsg "You must specify at least one DNS record to update. Exiting."
# verify credentials file exists and is not empty (default check)
if [ ! -f "$accountFile" ] || [ ! -s "$accountFile" ]; then
badParam errMsg "Cannot find Cloudflare credentials file (${accountFile}). Exiting."
fi
# turn off log file colourization if parameter is set
if [ "$colourizeLogFile" -eq 0 ]; then
bold=""
cyan=""
err=""
magenta=""
norm=""
ok=""
warn=""
yellow=""
fi
### initial log entries
{
printf "%s[%s] -- Cloudflare DDNS update-script: starting --%s\n" "$ok" "$(stamp)" "$norm"
printf "Parameters:\n"
printf "script path: %s\n" "$scriptPath/$scriptName"
printf "credentials file: %s\n" "$accountFile"
if [ "$ip4" -eq 1 ]; then
printf "mode: IP4\n"
elif [ "$ip6" -eq 1 ]; then
printf "mode: IP6\n"
fi
# detect and report IP address
if [ -z "$ipAddress" ]; then
# detect public ip address
if [ "$ip4" -eq 1 ]; then
if ! ipAddress="$(curl -s $ip4DetectionSvc)"; then
printf "ddns ip address:%s ERROR%s\n" "$err" "$norm"
exitError 10
fi
fi
if [ "$ip6" -eq 1 ]; then
if ! ipAddress="$(curl -s $ip6DetectionSvc)"; then
printf "ddns ip address:%s ERROR%s\n" "$err" "$norm"
exitError 10
fi
fi
printf "ddns ip address (detected): %s\n" "$ipAddress"
else
printf "ddns ip address (supplied): %s\n" "$ipAddress"
fi
# iterate DNS records to update
dnsRecordsToUpdate="$(printf '%s' "${dnsRecords}" | sed "s/${dnsSeparator}*$//")$dnsSeparator"
while [ -n "$dnsRecordsToUpdate" ] && [ "$dnsRecordsToUpdate" != "$dnsSeparator" ]; do
record="${dnsRecordsToUpdate%%${dnsSeparator}*}"
dnsRecordsToUpdate="${dnsRecordsToUpdate#*${dnsSeparator}}"
if [ -z "$record" ]; then continue; fi
printf "updating record: %s\n" "$record"
done
printf "(end of parameter list)\n"
} >>"$logFile"
### read Cloudflare credentials
writeLog process "Reading Cloudflare credentials"
case "$accountFile" in
/*)
# absolute path, use as-is
# shellcheck source=./cloudflare.credentials
. "$accountFile"
;;
*)
# relative path, rewrite
# shellcheck source=./cloudflare.credentials
. "./$accountFile"
;;
esac
if [ -z "$cfKey" ]; then
writeLog process-error
exitError 21
fi
if [ -z "$cfZoneId" ]; then
writeLog process-error
exitError 22
fi
writeLog process-done "DONE"
### connect to Cloudflare and do what needs to be done!
dnsRecordsToUpdate="$dnsRecords$dnsSeparator"
if [ "$ip4" -eq 1 ]; then
recordType="A"
elif [ "$ip6" -eq 1 ]; then
recordType="AAAA"
fi
# iterate hosts to update
while [ -n "$dnsRecordsToUpdate" ] && [ "$dnsRecordsToUpdate" != "$dnsSeparator" ]; do
record="${dnsRecordsToUpdate%%${dnsSeparator}*}"
dnsRecordsToUpdate="${dnsRecordsToUpdate#*${dnsSeparator}}"
if [ -z "$record" ]; then continue; fi
writeLog process "Processing ${record}"
# exit if curl/network error
if ! cfLookup="$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones/${cfZoneId}/dns_records?name=${record}&type=${recordType}" \
-H "Authorization: Bearer ${cfKey}" \
-H "Content-Type: application/json")"; then
writeLog process-error
exitError 3
fi
# exit if API error
# exit here since API errors on GET request probably indicates authentication error which would affect all remaining operations
# no reason to continue processing other hosts and pile-up errors which might look like a DoS attempt
cfSuccess="$(printf "%s" "$cfLookup" | jq -r '.success')"
if [ "$cfSuccess" = "false" ]; then
writeLog process-error
listCFErrors "$cfLookup"
exitError 25
fi
resultCount="$(printf "%s" "$cfLookup" | jq '.result_info.count')"
# skip to next host if cannot find existing host record (this script *updates* only, does not create!)
if [ "$resultCount" = "0" ]; then
# warn if record of host not found
writeLog process-warning "NOT FOUND"
writeLog warn "Cannot find existing record to update for DNS entry: ${record}"
invalidDomainCount=$((invalidDomainCount + 1))
continue
fi
objectId=$(printf "%s" "$cfLookup" | jq -r '.result | .[] | .id')
currentIpAddr=$(printf "%s" "$cfLookup" | jq -r '.result | .[] | .content')
writeLog process-done "FOUND: IP = ${currentIpAddr}"
# skip to next hostname if record already up-to-date
if [ "$currentIpAddr" = "$ipAddress" ]; then
writeLog stamped "IP address for ${record} is already up-to-date"
continue
fi
# update record
writeLog process "Updating IP address for ${record}"
updateJSON="$(jq -n --arg key0 content --arg value0 "${ipAddress}" '{($key0):$value0}')"
# exit if curl/network error
if ! cfResult="$(curl -s -X PATCH "https://api.cloudflare.com/client/v4/zones/${cfZoneId}/dns_records/${objectId}" \
-H "Authorization: Bearer ${cfKey}" \
-H "Content-Type: application/json" \
--data "${updateJSON}")"; then
writeLog process-error
exitError 3
fi
# note update success or failure
cfSuccess="$(printf "%s" "$cfResult" | jq '.success')"
if [ "$cfSuccess" = "true" ]; then
writeLog process-done "DONE"
writeLog success "IP address for ${record} updated."
else
writeLog process-error
listCFErrors "$cfResult"
writeLog err "Unable to update IP address for ${record}"
# do not exit with error, API error here is probably an update issue specific to this host
# increment counter and note it after all processing finished
failedHostCount=$((failedHostCount + 1))
fi
done
# exit
if [ "$invalidDomainCount" -ne 0 ]; then
writeLog warning "${invalidDomainCount} invalid host(s) supplied for updating."
fi
if [ "$failedHostCount" -ne 0 ]; then
exitError 26
else
exitOK
fi
### exit return codes
# 0: normal exit, no errors
# 1: invalid or unknown parameter
# 2: cannot find or access required external program(s)
# 3: curl error (probably connection)
# 10: cannot auto-detect IP address
# 21: accountFile has a null or missing cfKey variable
# 22: accountFile has a null or missing cfZoneId variable
# 25: Cloudflare API error
# 26: one or more updates failed
# 99: unspecified error occurred