powerdns / pdnsutil / remove-record

powerdns / pdnsutil / remove-record

  • Written by
    Walter Doekes
  • Published on

The PowerDNS nameserver pdnsutil utility has an add-record, but no remove-record. How can we remove records programmatically for many domains at once?

Step one: make sure we can list all domains. For our PowerDNS 4 setup, we could do the following:

$ list_all() {
    ( for type in master native; do pdnsutil list-all-zones $type; done ) |
    grep -vE '^.$|:' | sort -V; }

$ list_all

Step two: filter the domains where we want to remove anything. In this case, a stale MX record we want removed.

$ list_relevant() {
    list_all | while read zone; do pdnsutil list-zone $zone |
      grep -q IN.*MX.*oldmx.example.com && echo $zone; done; }

$ list_relevant

Step three: remove the record. Here we’ll resort to a bit of magic using the EDITOR environment variable and sed(1).

$ EDITOR=cat pdnsutil edit-zone domain2.tld
; Warning - every name in this file is ABSOLUTE!
domain2.tld  86400 IN  SOA ns1.example.com info.example.com 2010090200 14400 3600 604800 3600
domain2.tld  86400 IN  MX  20 oldmx.example.com

We can replace that phony cat “editor” with a sed command instead:

$ update_record() {
    EDITOR="/bin/sed -i -e '/IN.*MX.*oldmx.example.com/d'" pdnsutil edit-zone $1
    pdnsutil increase-serial $1; pdns_control notify $1; }

$ yes a | update_record domain2.tld
Checked 8 records of 'domain2.tld', 0 errors, 0 warnings.
Detected the following changes:
-domain2.tld 86400 IN MX 20 backupmx.osso.nl

(a)pply these changes, (e)dit again, (r)etry with original zone, (q)uit:
Adding empty non-terminals for non-DNSSEC zone
SOA serial for zone domain2.tld set to 2010090202
Added to queue

Wrapping it all up:

$ list_relevant | while read zone; do yes a | update_record $zone; done

Note that I ran into bug 4185 concerning edit-zone complaining about TXT records without quotes. I could edit those two records by hand. Fixing all of that is for another day.

Back to overview Newer post: sudo / cron / silence logging / authlog Older post: gdb / debugging asterisk / ao2_containers