#!/bin/bash

# example of script to remove token from local dns using nsupdate

fulldomain="$1"
token="$2"

# VARIABLES:
#
# DNS_NSUPDATE_KEYFILE - path to a TSIG key file, if required
# DNS_NSUPDATE_GETKEY  - command to execute if access to the key file requires
#                        some special action: dismounting a disk, encrypting a
#                         file... Called with the operation 'del' and action
#                          'open" / 'close'

if [ -n "${DNS_NSUPDATE_KEYFILE}" ]; then
    if [ -n "${DNS_NSUPDATE_KEY_HOOK}" ] && ! ${DNS_NSUPDATE_KEY_HOOK} 'del' 'open' ${fulldomain} ; then
        exit $(( $? + 128 ))
    fi

    options="-k ${DNS_NSUPDATE_KEYFILE}"
fi

# Note that blank line is a "send" command to nsupdate

nsupdate ${options} -v <<EOF
update delete  _acme-challenge.${fulldomain}. 300 in TXT "${token}"

EOF

sts=$?

if [ -n "${DNS_NSUPDATE_KEYFILE}" ]; then
    if [ -n "${DNS_NSUPDATE_KEY_HOOK}" ] && ! ${DNS_NSUPDATE_KEY_HOOK} 'del' 'close'  ${fulldomain} ; then
        exit $(( ${sts} + ( $? * 10 ) ))
    fi
fi

exit ${sts}