# HG changeset patch # User asuess@dns.net.schlittermann.de # Date 1281451126 -7200 # Node ID 4807ad9b8d19fbd7438b4deb5d17f917558e79e9 # Parent d5337081ed028415a6af7eb792e209500b5a3c0b added function in dnssec-creatkey to migrate zones including ksk diff -r d5337081ed02 -r 4807ad9b8d19 dnssec-creatkey --- a/dnssec-creatkey Mon Aug 09 11:45:43 2010 +0200 +++ b/dnssec-creatkey Tue Aug 10 16:38:46 2010 +0200 @@ -35,6 +35,7 @@ my $zone; my $keyname; + # prueft ob eingaben in ARGV domains sind und gibt sie in die liste @manu for (@ARGV) { chomp( my $zone = `idn --quiet "$_"` ); @@ -47,6 +48,43 @@ } } +# prueft ob zonen mit schluesselmaterial ueber index- und keycounterdatei +# verfuegen. +# legt .index.ksk an falls nicht und gibt die entsprechende zone in die +# liste @change +while (<$master_dir/*>) { + chomp( $zone = $_ ); + + if (-f "$zone/.index.zsk" and + -f "$zone/.index.ksk" and + -f "$zone/.keycounter") { + next; + } + + while (<$zone/*>) { + if (m#^K#) { + my $file_in_zone = $_; + + open (KEY,$_) or die "$_: $!\n"; + for () { + if (m#DNSKEY.257#) { + $file_in_zone =~ s#(/.*/)(.*).key#$2#; + + open (INDEX, ">$zone/.index.ksk") or die; + print INDEX "$file_in_zone\n"; + close (INDEX); + + $zone =~ s#($master_dir/)(.*)#$2#; + push( @change, $zone ); + + } + } + close (KEY); + } + } +} + + # gibt alle zonen mit abgelaufenen keycounter in die liste @change while (<$master_dir/*>) { chomp( $zone = $_ ); @@ -93,7 +131,7 @@ close(INDEX); chomp($keyname); - print "$keyname (ZSK) erzeugt fuer $zone \n"; + print "$keyname (ZSK) creat for $zone \n"; open( KC, ">.keycounter" ) or die "$master_dir/$zone/keycounter: $!\n"; print KC "0"; @@ -107,10 +145,16 @@ chdir "$master_dir/$zone" or die "$master_dir/$zone: $!\n"; $keyname = `dnssec-keygen -a RSASHA1 -b 2048 -f KSK -n ZONE $zone`; + print "creat new KSK for $zone? (no): "; + unless ( =~ m/^yes/) { + next; + } + unless ( -f ".index.ksk" ) { @index = (); } else { + open( INDEX, ".index.ksk" ) or die "$master_dir/$zone/.index.ksk: $!\n"; @index = ; @@ -127,7 +171,7 @@ close(INDEX); chomp($keyname); - print "$keyname (KSK) erzeugt fuer $zone \n"; + print "$keyname (KSK) creat for $zone \n"; } # loescht alle unbenoetigten schluessel, fuegt die schluessel in @@ -204,5 +248,4 @@ print ZONE @new_zone_content; close(ZONE); - print "$master_dir/$zone/$zone wurde neu erstellt \n"; } diff -r d5337081ed02 -r 4807ad9b8d19 zone-ls --- a/zone-ls Mon Aug 09 11:45:43 2010 +0200 +++ b/zone-ls Tue Aug 10 16:38:46 2010 +0200 @@ -46,7 +46,7 @@ $info_status = "OK"; for (`dig \@localhost $zone`) { if (/root-servers/) { - $info_status = "FAILD"; + $info_status = "FAILED"; last; } }