--- a/dnssec-sign	Tue Jun 29 09:54:44 2010 +0200
+++ b/dnssec-sign	Wed Jun 30 13:15:11 2010 +0200
@@ -1,26 +1,56 @@
 #!/bin/bash
+source ./dnstools.conf
+master_dir=$MASTER_DIR
 
-ZONE_DIR="/etc/bind/master"
-ZSKLIVE=60
+function time_out {			#prüft den ablauf der signatur
+	unowtime=`date +%s`
+	alerttime=`date -d @$[unowtime - $[ 3600 * $SIGN_ALERT_TIME  ] ] +%Y%m%d%H`
 
-function AENDERUNG {
-	for DOMAIN in $ZONE_DIR/*
-	do
-		find $DOMAIN -name "*.signed" -mmin -1440 >/dev/null && echo $DOMAIN
+	for zone in $master_dir/*
+	do	
+		domain=${zone##/*/}
+		if [ -f $zone/$domain.signed ]
+		then
+			endtime=`cat $zone/$domain.signed | egrep 'DNSKEY' | egrep '[0-9]{14}' | head -n1 | cut -d" " -f5 | cut -c 1-10`
+		fi
+
+		if [ $endtime ]
+		then
+			if [ $alerttime -ge $endtime ]
+			then
+				echo $zone
+			fi
+		fi
 	done
 }
 
-AENDERUNG
-
-for ZONE in `AENDERUNG`
-do
-	cd $ZONE
+function new_sign {		# prüft nach der ersten signatur
+	for zone in $master_dir/*
+	do
+		if [ `< $zone/keycounter` -le 0 ]
+		then
+			echo $zone
+		fi
+	done
+}
 
-	DOMAIN=${ZONE##/*/}
+function aenderung {		# manuelle eingabe
+	for domain in $@
+	do
+		test -d $master_dir/$domain && echo $master_dir/$domain
+	done
+}
 
-	STARTTIME=`ls index.zsk -l --time-style=+%s | cut -d' ' -f6`
-	ENDTIME=$[STARTTIME + $[ZSKLIVE * 86400]]
+zone_aenderung=`aenderung $@`
+zone_new_sign=`new_sign`
+zone_time_out=`time_out`
 
-	dnssec-signzone -e `date -d @$ENDTIME +%Y%m%d000000` $DOMAIN
+for zone in $zone_aenderung $zone_new_sign $zone_time_out
+do
+	cd $zone
+	domain=${zone##/*/}
+	dnssec-signzone $domain
 
+	key_counter=`< keycounter`
+	echo $[ key_counter + 1 ] > keycounter
 done