From 44c7ea4b64a3488dec2654c06741a7f30ef772ce Mon Sep 17 00:00:00 2001 From: Phil Date: Mon, 25 Aug 2025 21:17:15 +0100 Subject: [PATCH] Updated the script so you no longer need to specify zones. The zones will be looked up against the account and it will pull down and zones into seperate config files. This means that the config file now only needs one API key from the account that has Zone:Read and DNS:Read permissions. --- Cloudflare/README.md | 123 ++++++++++++++++++++++++---- Cloudflare/config.conf | 11 +-- Cloudflare/export_dns_cloudflare.sh | 52 ++++++------ 3 files changed, 132 insertions(+), 54 deletions(-) mode change 100644 => 100755 Cloudflare/export_dns_cloudflare.sh diff --git a/Cloudflare/README.md b/Cloudflare/README.md index 4dae96b..a6777e7 100644 --- a/Cloudflare/README.md +++ b/Cloudflare/README.md @@ -1,24 +1,115 @@ -# Export_DNS -## Cloudflare +# Cloudflare DNS Export Script -### Config File -Add your Cloudflare API key here. The key need to be able to read any DNS zones that you list below -``` -API_KEY=your_single_api_key +This script automates exporting DNS records for all zones in a Cloudflare account. +It uses the Cloudflare **API Token** authentication method (recommended for security). + +Each run saves the DNS export of every zone into an `export/` folder, with filenames containing the zone name and a timestamp. + +--- + +## 📦 Requirements + +- **bash** (any modern Linux/macOS environment will work) +- **curl** +- **jq** (for parsing JSON) + +Install `jq` if you don’t already have it: + +```bash +# Ubuntu/Debian +sudo apt install jq -y + +# macOS (Homebrew) +brew install jq ``` -Add the Zone ID to the zone_id_value section and set the site_name_value to the name of the domain. This will be the name of the file that is created with the DNS infomation. -``` -ZONE_ID_1=zone_id_value_1 -SITE_NAME_1=site_name_value_1 +--- -ZONE_ID_2=zone_id_value_2 -SITE_NAME_2=site_name_value_2 +## ⚙️ Setup + +1. Clone or copy these files: + - `import_dns_records.sh` + - `config.conf` + +2. Edit the `config.conf` file and add your **Cloudflare API Token**: + +```bash +# config.conf +CLOUDFLARE_API_TOKEN=your_api_token_here ``` -### The Script -Inside the script is the following below (Line 7) +> 🔑 When creating your API Token in Cloudflare Dashboard, give it at least: +> - **Zone: Read** +> - **DNS: Read** + +--- + +## ▶️ Usage + +Make the script executable: + +```bash +chmod +x import_dns_records.sh ``` -EXPORT_FOLDER="export" + +Run the script: + +```bash +./import_dns_records.sh ``` -Change the value from export, to the location that the script should export the files to (E.g. /folder1/folder2/) + +--- + +## 📂 Output + +- All exports are saved into the `export/` folder. +- Each export is a plain text file containing the zone’s DNS records in BIND format. +- Filenames follow the format: + +``` +export/__.txt +``` + +Example: + +``` +export/example.com_20250825_153012.txt +export/testdomain.net_20250825_153015.txt +``` + +--- + +## 🔒 Security Notes + +- Never commit `config.conf` (it contains your API token). +- Limit API token permissions to the minimum required (Zone:Read, DNS:Read). +- Rotate API tokens periodically for best security practices. + +--- + +## ✅ Example Workflow + +```bash +# 1. Configure your token +echo 'CLOUDFLARE_API_TOKEN=abc123xyz...' > config.conf + +# 2. Run the export +./import_dns_records.sh + +# 3. Check the export folder +ls export/ +``` + +--- + +## 🛠 Troubleshooting + +- **Empty export files?** + Ensure your API Token has the correct permissions (Zone:Read, DNS:Read). + +- **Script fails with `jq: command not found`?** + Install `jq` as shown above. + +- **Only some zones exported?** + Check the API Token’s scope. If it was created for a specific zone, it won’t return all zones. + Create a token scoped for “All zones - Read” to export everything. diff --git a/Cloudflare/config.conf b/Cloudflare/config.conf index 7fc44e4..6fb81d4 100644 --- a/Cloudflare/config.conf +++ b/Cloudflare/config.conf @@ -1,9 +1,2 @@ -API_KEY=your_single_api_key - -ZONE_ID_1=zone_id_value_1 -SITE_NAME_1=site_name_value_1 - -ZONE_ID_2=zone_id_value_2 -SITE_NAME_2=site_name_value_2 - -# Add more entries as needed +# Cloudflare API Token (must have Zone:Read + DNS:Read permissions) +CLOUDFLARE_API_TOKEN=your_api_token_here diff --git a/Cloudflare/export_dns_cloudflare.sh b/Cloudflare/export_dns_cloudflare.sh old mode 100644 new mode 100755 index b70b361..f7b5955 --- a/Cloudflare/export_dns_cloudflare.sh +++ b/Cloudflare/export_dns_cloudflare.sh @@ -1,44 +1,38 @@ #!/bin/bash +set -euo pipefail -# Source the configuration file +# Load config source config.conf -# Create the export folder if it doesn't exist EXPORT_FOLDER="export" mkdir -p "$EXPORT_FOLDER" -# Function to export DNS records -export_dns_records() { - local ZONE_ID=$1 - local SITE_NAME=$2 +# Step 1: Fetch all zones from Cloudflare +echo "Fetching zone list from Cloudflare..." +zones_json=$(curl -s https://api.cloudflare.com/client/v4/zones \ + -H "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \ + -H "Content-Type: application/json") - # Get current date and time - TIMESTAMP=$(date +"%Y%m%d_%H%M%S") +# Step 2: Parse zones (needs jq) +zone_count=$(echo "$zones_json" | jq '.result | length') +echo "Found $zone_count zones." - # Define the output filename with timestamp - OUTPUT_FILE="$EXPORT_FOLDER/${SITE_NAME}_$TIMESTAMP" +# Step 3: Loop through zones +for ((i=0; i Saved to $OUTPUT_FILE" done +echo "✅ All exports complete. Files are in the '$EXPORT_FOLDER' folder." +