#!/bin/bash # Function to display usage usage() { echo "Usage: $0 -d domain -u email -k key -i ip_checker" echo " -d The domain to check" echo " -u The Cloudflare email" echo " -k The Cloudflare API key" echo " -i The IP checker service URL" echo " -e The expected IP of the domain. Optional, use instead of -i" exit 1 } expected_ip="" while getopts d:u:k:i:e: flag do case "${flag}" in d) domain=${OPTARG};; u) email=${OPTARG};; k) key=${OPTARG};; i) ip_checker=${OPTARG};; e) expected_ip=${OPTARG};; *) usage;; esac done # Check that all arguments were provided if [ -z "$domain" ] || [ -z "$email" ] || [ -z "$key" ] || [ -z "$ip_checker" ]; then usage fi # Get the zone id for the domain response=$(curl -s -w "\n%{http_code}" -X GET "https://api.cloudflare.com/client/v4/zones?name=$domain" \ -H "Authorization: Bearer $key" \ -H "Content-Type: application/json") http_code=$(echo "$response" | tail -n1) if [ "$http_code" != "200" ]; then echo "Failed to get zone id for $domain, HTTP status code was $http_code" exit 1 fi zone_id=$(echo "$response" | head -n-1 | jq -r '.result[0].id') # Get the A record for the domain response=$(curl -s -w "\n%{http_code}" -X GET "https://api.cloudflare.com/client/v4/zones/$zone_id/dns_records?type=A&name=$domain" \ -H "Authorization: Bearer $key" \ -H "Content-Type: application/json") http_code=$(echo "$response" | tail -n1) if [ "$http_code" != "200" ]; then echo "Failed to get A record for $domain, HTTP status code was $http_code" exit 1 fi a_record=$(echo "$response" | head -n-1 | jq -r '.result[0].content') if [ -z "$expected_ip" ]; then public_ip=$(curl -s "$ip_checker") else public_ip="$expected_ip" fi if [ "$a_record" == "$public_ip" ]; then echo "OK - $domain resolves to $public_ip" exit 1 else echo "CRITICAL - $domain does not resolve to $public_ip. A Record: $a_record" exit 2 fi