diff -r 9cad6f1c5505 -r a1eefce2bd5e dnssec-sign --- a/dnssec-sign Tue Jun 29 09:54:44 2010 +0200 +++ b/dnssec-sign Wed Jun 30 13:15:11 2010 +0200 @@ -1,26 +1,56 @@ #!/bin/bash +source ./dnstools.conf +master_dir=$MASTER_DIR -ZONE_DIR="/etc/bind/master" -ZSKLIVE=60 +function time_out { #prüft den ablauf der signatur + unowtime=`date +%s` + alerttime=`date -d @$[unowtime - $[ 3600 * $SIGN_ALERT_TIME ] ] +%Y%m%d%H` -function AENDERUNG { - for DOMAIN in $ZONE_DIR/* - do - find $DOMAIN -name "*.signed" -mmin -1440 >/dev/null && echo $DOMAIN + for zone in $master_dir/* + do + domain=${zone##/*/} + if [ -f $zone/$domain.signed ] + then + endtime=`cat $zone/$domain.signed | egrep 'DNSKEY' | egrep '[0-9]{14}' | head -n1 | cut -d" " -f5 | cut -c 1-10` + fi + + if [ $endtime ] + then + if [ $alerttime -ge $endtime ] + then + echo $zone + fi + fi done } -AENDERUNG - -for ZONE in `AENDERUNG` -do - cd $ZONE +function new_sign { # prüft nach der ersten signatur + for zone in $master_dir/* + do + if [ `< $zone/keycounter` -le 0 ] + then + echo $zone + fi + done +} - DOMAIN=${ZONE##/*/} +function aenderung { # manuelle eingabe + for domain in $@ + do + test -d $master_dir/$domain && echo $master_dir/$domain + done +} - STARTTIME=`ls index.zsk -l --time-style=+%s | cut -d' ' -f6` - ENDTIME=$[STARTTIME + $[ZSKLIVE * 86400]] +zone_aenderung=`aenderung $@` +zone_new_sign=`new_sign` +zone_time_out=`time_out` - dnssec-signzone -e `date -d @$ENDTIME +%Y%m%d000000` $DOMAIN +for zone in $zone_aenderung $zone_new_sign $zone_time_out +do + cd $zone + domain=${zone##/*/} + dnssec-signzone $domain + key_counter=`< keycounter` + echo $[ key_counter + 1 ] > keycounter done