1 #!/bin/bash |
1 #!/bin/bash |
|
2 set -e |
|
3 |
2 source dnstools.conf |
4 source dnstools.conf |
3 |
5 |
4 master_dir=$MASTER_DIR |
6 master_dir=$MASTER_DIR |
5 key_counter_end=$KEY_COUNTER_END |
7 key_counter_end=$KEY_COUNTER_END |
6 |
8 |
|
9 function test_zsk_new { # prueft ob es einen ZSK gibt |
|
10 for zone in $master_dir/* |
|
11 do |
|
12 test -f $zone/${zone##*/}.signed || continue |
|
13 test -f $zone/.index.zsk || echo ${zone##/*/} |
|
14 done |
|
15 } |
|
16 |
|
17 function test_ksk_new { # prueft ob es einen KSK gibt |
|
18 for zone in $master_dir/* |
|
19 do |
|
20 test -f $zone/${zone##*/}.signed || continue |
|
21 test -f $zone/.index.ksk || echo ${zone##/*/} |
|
22 done |
|
23 } |
|
24 |
|
25 function test_zsk_time { # prueft den keycounter |
|
26 for zone in $master_dir/* |
|
27 do |
|
28 test -f $zone/${zone##*/}.signed || continue |
|
29 key_counter_end=$1 |
|
30 test -f $zone/keycounter || echo 0 > $zone/keycounter |
|
31 key_counter=`< $zone/keycounter` |
|
32 |
|
33 if [ $key_counter_end -le $key_counter ] |
|
34 then |
|
35 echo ${zone##/*/} |
|
36 fi |
|
37 done |
|
38 } |
7 |
39 |
8 #prüft die eingegebnen domains |
40 #prüft die eingegebnen domains |
9 for utf8domain in $@ |
41 for utf8domain in $@ |
10 do |
42 do |
11 domain=$(idn --quiet "$utf8domain") |
43 domain=$(idn --quiet "$utf8domain") |
16 else |
48 else |
17 echo $domain ist keine verwaltete Zone |
49 echo $domain ist keine verwaltete Zone |
18 fi |
50 fi |
19 done |
51 done |
20 |
52 |
21 function test_zsk_new { # prueft ob es einen ZSK gibt |
|
22 for zone in $master_dir/* |
|
23 do |
|
24 test -f $zone/index.zsk || echo ${zone##/*/} |
|
25 done |
|
26 } |
|
27 |
|
28 function test_ksk_new { # prueft ob es einen KSK gibt |
|
29 for zone in $master_dir/* |
|
30 do |
|
31 test -f $zone/index.ksk || echo ${zone##/*/} |
|
32 done |
|
33 } |
|
34 |
|
35 function test_zsk_time { # prueft den keycounter |
|
36 for zone in $master_dir/* |
|
37 do |
|
38 key_counter_end=$1 |
|
39 test -f $zone/keycounter || echo 0 > $zone/keycounter |
|
40 key_counter=`< $zone/keycounter` |
|
41 |
|
42 if [ $key_counter_end -le $key_counter ] |
|
43 then |
|
44 echo ${zone##/*/} |
|
45 fi |
|
46 done |
|
47 } |
|
48 |
53 |
49 zsk_time=`test_zsk_time $key_counter_end` |
54 zsk_time=`test_zsk_time $key_counter_end` |
50 zsk_new=`test_zsk_new` |
55 zsk_new=`test_zsk_new` |
51 ksk_new=`test_ksk_new` |
56 ksk_new=`test_ksk_new` |
52 |
57 |
53 |
58 |
54 for NEW_ZSK_ZONE in $zsk_new $zsk_time $zsk_aenderung # Erstellt ZSK |
59 for NEW_ZSK_ZONE in $zsk_new $zsk_time $zsk_aenderung # Erstellt ZSK |
55 do |
60 do |
56 cd $master_dir/$NEW_ZSK_ZONE |
61 cd $master_dir/$NEW_ZSK_ZONE |
57 echo "erzeugt zsk fuer" $NEW_ZSK_ZONE |
62 echo "erzeugt zsk fuer" $NEW_ZSK_ZONE |
58 dnssec-keygen -a RSASHA1 -b 512 -n ZONE $NEW_ZSK_ZONE >> index.zsk |
63 dnssec-keygen -a RSASHA1 -b 512 -n ZONE $NEW_ZSK_ZONE >> .index.zsk |
59 INDEX_ZSK=$( tail -n2 index.zsk ) |
64 INDEX_ZSK=$( tail -n2 .index.zsk ) |
60 echo $INDEX_ZSK | fmt -w1 > index.zsk |
65 echo $INDEX_ZSK | fmt -w1 > .index.zsk |
61 |
66 |
62 echo 0 > keycounter |
67 echo 0 > keycounter |
63 done |
68 done |
64 |
69 |
65 for NEW_KSK_ZONE in $ksk_new # Erstellt KSK |
70 for NEW_KSK_ZONE in $ksk_new # Erstellt KSK |
66 do |
71 do |
67 cd $master_dir/$NEW_KSK_ZONE |
72 cd $master_dir/$NEW_KSK_ZONE |
68 echo "erzeugt ksk fuer" $NEW_KSK_ZONE |
73 echo "erzeugt ksk fuer" $NEW_KSK_ZONE |
69 dnssec-keygen -a RSASHA1 -b 2048 -f KSK -n ZONE $NEW_KSK_ZONE >> index.ksk |
74 dnssec-keygen -a RSASHA1 -b 2048 -f KSK -n ZONE $NEW_KSK_ZONE >> .index.ksk |
70 INDEX_KSK=$( tail -n2 index.ksk ) |
75 INDEX_KSK=$( tail -n2 .index.ksk ) |
71 echo $INDEX_KSK | fmt -w1 > index.ksk |
76 echo $INDEX_KSK | fmt -w1 > .index.ksk |
72 done |
77 done |
73 |
78 |
74 |
79 |
75 |
80 |
76 for ZONE in $zsk_time $zsk_new $ksk_new $zsk_aenderung |
81 for ZONE in $zsk_time $zsk_new $ksk_new $zsk_aenderung |
77 do |
82 do |
78 cd $master_dir/$ZONE |
83 cd $master_dir/$ZONE |
79 |
84 |
80 #loescht alle Schluessel die nicht in der indexdatei stehen |
85 #loescht alle Schluessel die nicht in der indexdatei stehen |
81 rm $(ls K*[key,private] | grep -v "`cat index.zsk`" | grep -v "`cat index.ksk`") 2> /dev/null |
86 rm $(ls K*[key,private] | grep -v "`cat .index.zsk`" | grep -v "`cat .index.ksk`") 2> /dev/null |
82 |
87 |
83 #erzeugt ein backup und entfernt alle schluessel aus der zonedatei |
88 #erzeugt ein backup und entfernt alle schluessel aus der zonedatei |
84 mv $ZONE $ZONE.old |
89 mv $ZONE $ZONE.old |
85 grep -v 'DNSKEY' $ZONE.old >> $ZONE |
90 grep -v 'DNSKEY' $ZONE.old >> $ZONE |
86 |
91 |