# HG changeset patch
# User asuess@dns.net.schlittermann.de
# Date 1281528513 -7200
# Node ID 5ac92c1ffdf921bf2a69b7d73eaf3d260a9b2828
# Parent  ef4b45dd761864dbd47f332af35a83b2499a987e
improvement, added update-serial

diff -r ef4b45dd7618 -r 5ac92c1ffdf9 dnssec-creatkey
--- a/dnssec-creatkey	Wed Aug 11 11:15:49 2010 +0200
+++ b/dnssec-creatkey	Wed Aug 11 14:08:33 2010 +0200
@@ -231,7 +231,7 @@
                 if ( $file =~ /.*key/ ) {
 
                     $file =~ s#/.*/(K.*)#$1#;
-                    push @new_zone_content, "\$include $file\t\t; dnssec-zsk\n" ;
+                    push @new_zone_content, "\$INCLUDE \"$file\"\t\t; dnssec-zsk\n" ;
 
                     last;
                 }
@@ -247,7 +247,7 @@
                 if ( $file =~ /.*key/ ) {
 
                     $file =~ s#/.*/(K.*)#$1#;
-                    push @new_zone_content, "\$include $file\t\t; dnssec-ksk\n" ;
+                    push @new_zone_content, "\$INCLUDE \"$file\"\t\t; dnssec-ksk\n" ;
 
                     last;
                 }
diff -r ef4b45dd7618 -r 5ac92c1ffdf9 dnssec-killkey
--- a/dnssec-killkey	Wed Aug 11 11:15:49 2010 +0200
+++ b/dnssec-killkey	Wed Aug 11 14:08:33 2010 +0200
@@ -32,6 +32,8 @@
 my $zone;
 my @status;
 my @auto;
+my @old_zone_content;
+my @new_zone_content;
 chomp( my $now_time = `date +%s` );    # aktuelle unixzeit
 
 # prueft zonen aus ARGV und loescht das schluesselmaterial
@@ -182,7 +184,7 @@
                 if ( $file =~ /.*key/ ) {
 
                     $file =~ s#/.*/(K.*)#$1#;
-                    push @new_zone_content, "\$include $file\t\t; dnssec-zsk\n" ;
+                    push @new_zone_content, "\$INCLUDE \"$file\"\t\t; dnssec-zsk\n" ;
 
                     last;
                 }
@@ -198,7 +200,7 @@
                 if ( $file =~ /.*key/ ) {
 
                     $file =~ s#/.*/(K.*)#$1#;
-                    push @new_zone_content, "\$include $file\t\t; dnssec-ksk\n" ;
+                    push @new_zone_content, "\$INCLUDE \"$file\"\t\t; dnssec-ksk\n" ;
 
                     last;
                 }
diff -r ef4b45dd7618 -r 5ac92c1ffdf9 dnstools.conf
--- a/dnstools.conf	Wed Aug 11 11:15:49 2010 +0200
+++ b/dnstools.conf	Wed Aug 11 14:08:33 2010 +0200
@@ -3,7 +3,7 @@
 zone_conf_dir = /etc/bind/zones.d
 key_counter_end = 20	# Anzahl der Signierungen bis zum Key-Rollover
 sign_alert_time = 48	# Warn-Zeitraum vor dem Ablauf einer Zone-Signatur in h
-abl_zeit = 24		# Dauer des Key-Rollover (2 Schluessel) in h
+abl_zeit = 1		# Dauer des Key-Rollover (2 Schluessel) in h
 secondary = hh.schlittermann.de
 primary = pu.schlittermann.de
 #this_host
diff -r ef4b45dd7618 -r 5ac92c1ffdf9 update-serial
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/update-serial	Wed Aug 11 14:08:33 2010 +0200
@@ -0,0 +1,182 @@
+#! /usr/bin/perl
+# (c) 1998 Heiko Schlittermann <heiko@datom.de>
+#
+# … work in progress do integrate dnssec (branch suess)
+#
+# Update the serial numbers in zone files
+# The serial number needs to match a specified pattern (see 
+# the line marked w/ PATTERN.
+# 
+# ToDo:
+# . test against an md5 sum, not just the date of the stamp file
+# . FIXME: handle `/' in file names (currently only working in 
+#   the current directory)
+# . optionally reload the named
+
+
+use strict;
+use warnings;
+
+use File::Basename;
+use File::Copy;
+use FindBin;
+
+my @configs = ( "$FindBin::Bin/dnstools.conf", "/etc/dnstools.conf" );
+my @dnssec_signs = ( "$FindBin::Bin/dnssec-sign", "/usr/bin/dnstools/dnssec-sign");
+my %config;
+my $dnssec_sign;
+
+foreach ( grep {-f} @configs ) {
+    open( CONFIG, $_ ) or die "Can't open $_: $!\n";
+}
+
+unless ( seek( CONFIG, 0, 0 ) ) {
+    die "Can't open config (searched: @configs)\n";
+}
+foreach ( grep {-f} @dnssec_signs ) {
+	if (-x $_) {
+		$dnssec_sign = $_;
+	}
+	else {
+		die "Can't run $_\n"
+	}
+}
+
+
+while (<CONFIG>) {
+    chomp;
+    s/#.*//;
+    s/\t//g;
+    s/\s//g;
+    next unless length;
+    my ( $cname, $ccont ) = split( /\s*=\s*/, $_, 2 );
+    $config{$cname} = $ccont;
+}
+close(CONFIG);
+
+my $bind_dir   = $config{bind_dir};
+my $conf_dir   = $config{zone_conf_dir};
+my $master_dir = $config{master_dir};
+
+my $ME = basename $0;
+my @tmpfiles;
+my $verbose = 0;
+my $opt_yes = 0;
+my @Zones;
+my $file;
+
+sub cleanup() { unlink @tmpfiles; }
+END { cleanup(); }
+
+for (@ARGV) {
+	if ($_ eq "-y") {
+		$opt_yes = 1;
+		shift @ARGV;
+	}
+}
+
+@Zones = @ARGV ? @ARGV : glob("$master_dir/*");
+
+
+MAIN: {
+	my $changed;
+	my ($dd, $mm, $yy) =(localtime())[3..5];
+	my $date;
+	$mm++;
+
+	foreach ($dd, $mm) { s/^\d$/0$&/; }
+	$yy += 1900;
+	$date = "$yy$mm$dd";
+
+
+	while (my $file = shift @Zones) {
+
+		my $file_basename = basename($file);
+
+		$file =~ s#($master_dir)(/.*)#$1$2$2#;
+		local (*I, *O);
+		my $done = 0;
+
+		my $new = "$file.$$.tmp";
+		my $bak = "$file.bak";
+		my $stamp = $master_dir . "/.stamp/" . basename($file);	
+
+		$file =~ /(\.bak|~)$/ and next;
+		$file !~ /\./ and next;
+
+		$verbose && print "$file:";
+
+
+		if (-f $stamp && ((stat($stamp))[9] >= (stat($file))[9])) {
+			$verbose && print " fresh, skipping.\n";
+			next;
+		}
+
+		$done = 0;
+		push @tmpfiles, $new;
+		open(*I, "<$file") or die("Can't open < $file: $!\n");
+		open(*O, ">$new") or die("Can't open > $new: $!\n");
+
+		while (<I>) {
+			/^\s+((\d+)(\d{2}))\s*;\s*serial/i and do {		# PATTERN
+				my ($sdate, $scount, $serial) = ($2, $3, $1);
+				$done = 1;
+				print " [$file] serial $sdate$scount";
+
+				if ($date eq $sdate) { $scount++; }
+				else { $sdate = $date; $scount = "00"; }
+
+				print " bumping to $sdate$scount \n";
+				s/$serial/$sdate$scount/;
+
+			};
+			print O;
+		}
+
+		close(O); close(I);
+
+		if ($done) {
+			# copy($file, $bak) or die("Can't copy $file -> $bak: $!\n");
+
+			open(I, "<$new") or die("Can't open <$new: $!\n");
+			open(O, ">$file") or die("Can't open >$file: $!\n");
+			while (<I>) { print O or die("Can't write to $file: $!\n"); }
+			close(I) or die("Can't close $new: $!\n");
+			close(O) or die("Can't close $file: $!\n");
+
+			unlink $new;
+
+			open(O, ">$stamp") or die("Can't open >$stamp: $!\n");
+			close(O);
+			$changed++;
+
+			# dnssec - new sign
+			system "$dnssec_sign $file_basename";
+			die "$dnssec_sign not found ($!)" if $? == -1;
+			exit 1 if $?;
+
+		} else {
+			print " $file: no serial number found: no zone file?";
+		}
+		print "\n";
+	}
+
+	if ($changed) {
+		my $pidfile;
+
+		print "** Changed $changed files, the nameserver needs to be reloaded!\n";
+		foreach (qw(/var/run/bind/run/named.pid /var/run/named.pid /etc/named.pid)) { 
+			-f $_ and $pidfile = $_ and last; }
+
+		if ($pidfile) {
+			if ($opt_yes) { $_ = "y"; print "** Nameserver will be reloaded\n"; } 
+			else { print "** Reload now? [Y/n]: "; $_ = <STDIN>; }
+			/^y|^$/i and system "rndc reload";
+		} else {
+			print "** No PID of a running named found.  Please reload manually.\n";
+		}
+
+	}
+}
+
+# vim:ts=4:sw=4:ai:aw:
diff -r ef4b45dd7618 -r 5ac92c1ffdf9 zone-mk
--- a/zone-mk	Wed Aug 11 11:15:49 2010 +0200
+++ b/zone-mk	Wed Aug 11 14:08:33 2010 +0200
@@ -31,14 +31,14 @@
     open( TEMPCONF, $_ ) or die "Can't open $_: $!\n";
 }
 unless ( seek( TEMPCONF, 0, 0 ) ) {
-    die "Can't open config (searched: @templc)\n";
+    die "Can't open template (searched: @templc)\n";
 }
 
 for ( grep {-f} @templz ) {
     open( TEMPZONE, $_ ) or die "Can't open $_: $!\n";
 }
 unless ( seek( TEMPZONE, 0, 0 ) ) {
-    die "Can't open config (searched: @templz)\n";
+    die "Can't open template (searched: @templz)\n";
 }
 
 while (<CONFIG>) {