62 lines
1.7 KiB
Markdown
62 lines
1.7 KiB
Markdown
# iway-dns-update
|
|
Simple script to update DNS records
|
|
|
|
# Project Structure
|
|
|
|
* `main.py`: The entry point that handles command-line arguments.
|
|
* `api.py`: The core module containing logic for login, CSRF handling, DNS patching, and logout.
|
|
* `iway-certbot-dns-auth.yml`: Your private configuration file (contains credentials).
|
|
|
|
# Setup
|
|
|
|
## Requirements
|
|
|
|
I'm using `uv`, but feel free to use what you need.
|
|
|
|
```
|
|
uv sync
|
|
uv lock --upgrade
|
|
```
|
|
|
|
## Configuration
|
|
|
|
Create a file `iway-certbot-dns-auth.yml` with content:
|
|
```
|
|
account:
|
|
username: 'api user'
|
|
password: 'secret'
|
|
```
|
|
|
|
## Security
|
|
|
|
Just ensure that you don't save any credentials in this git repo
|
|
|
|
# Usage
|
|
|
|
You can run the script from the terminal by passing the domain, record name, type, and the new value.
|
|
|
|
Example: Update a TLSA record
|
|
|
|
```bash
|
|
python main.py \
|
|
--domain dasbaum.ch \
|
|
--name _25._tcp.mail.dasbaum.ch \
|
|
--type TLSA \
|
|
--value "3 1 1 <sha512>"
|
|
```
|
|
|
|
|Argument|Description|Example|
|
|
|--------|-----------|-------|
|
|
|--domain|The zone domain|dasbaum.ch
|
|
|--name|Full record name|_acme-challenge.dasbaum.ch
|
|
|--type|DNS Record Type|"TXT, TLSA, A"
|
|
|--value|New record content|your-secret-token
|
|
|--config| (Optional) Path to config|my-config.yml
|
|
|
|
# How it works
|
|
|
|
1. **Authentication**: The script logs into the iWay API to retrieve a Bearer token and a `csrftoken` cookie.
|
|
2. **CSRF Handling**: It extracts the `csrftoken` from the response cookies and includes it in the `X-CSRFToken` header for subsequent requests.
|
|
3. **DNS Patching**: It sends a `PATCH` request to the forward zone endpoint to update the specific `rrsets`.
|
|
4. **Session Cleanup**: It performs a logout request to invalidate the tokens immediately after the work is done.
|