# HG changeset patch
# User asuess@dns.net.schlittermann.de
# Date 1281711637 -7200
# Node ID d3269961e944092575e7c2ab77cfdc9246398f5b
# Parent  d1addc2ec71242b3b2e06e2842173cd5f442c6c9
added update-index

diff -r d1addc2ec712 -r d3269961e944 README
--- a/README	Fri Aug 13 10:09:37 2010 +0200
+++ b/README	Fri Aug 13 17:00:37 2010 +0200
@@ -1,27 +1,31 @@
 Zonedatei erstellen
  - zone-mk <kundenname> <domainname>
- - mkready
+ - update-zone
 
 
 Zonedatei loeschen
  - zone-rm
- - mkready
+ - update-zone
 
 
-DNSSec benutzen / Schlüßel erstellen
- - dnssec-creatkey
- - dnssec-sign
- - mkready
+neuen ZSK/KSK erstellen
+ - dnssec-creatkey <domain>
+ - update-zone
 
 
-neuen KSK und ZSK erstellen
- - dnssec-creatkey <domain>
- - dnssec-sign
- - mkready
+ - dnssec-killkey (nach der Ablauf des Key-Rollover)
+ - update-zone
 
- - dnssec-killkey (nach der Ablauf des Key-Rollover)
- - mkready
 
 Schluessel loeschen
  - dnssec-killkey <domain>
- - mkready
+ - update-zone
+
+
+Signatur update
+ - update-zone
+
+
+Schlüssel update
+ - dnssec-creatkey
+ - update-zone
diff -r d1addc2ec712 -r d3269961e944 dnssec-creatkey
--- a/dnssec-creatkey	Fri Aug 13 10:09:37 2010 +0200
+++ b/dnssec-creatkey	Fri Aug 13 17:00:37 2010 +0200
@@ -9,7 +9,7 @@
     return ( keys %all );
 }
 
-# liest die Konfiguration ein
+# liest die Konfiguration
 my @configs = ( "$FindBin::Bin/dnstools.conf", "/etc/dnstools.conf" );
 my %config;
 
diff -r d1addc2ec712 -r d3269961e944 dnssec-killkey
--- a/dnssec-killkey	Fri Aug 13 10:09:37 2010 +0200
+++ b/dnssec-killkey	Fri Aug 13 17:00:37 2010 +0200
@@ -47,20 +47,33 @@
 for (@ARGV) {
     chomp( $zone = `idn --quiet $_` );
     my $zdir = "$master_dir/$zone";
+    my $ep = 0;
+
     unless ( -e "$master_dir/$zone" ) {
         print "$zone ist keine verwaltete zone \n";
     }
     else {
-        if ( -e "$zdir/$zone.signed" )  { unlink "$zdir/$zone.signed" }
-        if ( -e "$zdir/.keycounter" )   { unlink "$zdir/.keycounter" }
-        if ( -e "$zdir/.index.ksk" )    { unlink "$zdir/.index.ksk" }
-        if ( -e "$zdir/.index.zsk" )    { unlink "$zdir/.index.zsk" }
-        if ( -e "$zdir/dsset-$zone." )  { unlink "$zdir/dsset-$zone." }
-        if ( -e "$zdir/keyset-$zone." ) { unlink "$zdir/keyset-$zone." }
-        for (`ls $master_dir/$zone/K*[key,private]`) { unlink $_ }
+        if ( -e "$zdir/$zone.signed" )  { 
+            unlink "$zdir/$zone.signed"  and $ep = 1 }
+        if ( -e "$zdir/.keycounter" )   {
+            unlink "$zdir/.keycounter"   and $ep = 1 }
+        if ( -e "$zdir/.index.ksk" )    {
+            unlink "$zdir/.index.ksk"    and $ep = 1 }
+        if ( -e "$zdir/.index.zsk" )    {
+            unlink "$zdir/.index.zsk"    and $ep = 1 }
+        if ( -e "$zdir/dsset-$zone." )  { 
+            unlink "$zdir/dsset-$zone."  and $ep = 1 }
+        if ( -e "$zdir/keyset-$zone." ) { 
+            unlink "$zdir/keyset-$zone." and $ep = 1 }
 
-        print "keys removed \n";
-        
+        for (`ls $master_dir/$zone/K*[key,private]`) { 
+            unlink $_ and $ep = 1
+        }
+
+        if ($ep == 1) {
+            print "$zone: keys removed\n";
+        }
+
         open( ZONE, "$master_dir/$zone/$zone" )
             or die "$master_dir/$zone/$zone: $!\n";
         @old_zone_content = <ZONE>;
diff -r d1addc2ec712 -r d3269961e944 dnssec-sign
--- a/dnssec-sign	Fri Aug 13 10:09:37 2010 +0200
+++ b/dnssec-sign	Fri Aug 13 17:00:37 2010 +0200
@@ -88,49 +88,21 @@
 }
 
 #gibt zonen mit schluessel aber ohne signatur in die liste @auto
-for (<$master_dir/*>) {
-    s#($master_dir/)(.*)#$2#;
-    $zone = $_;
-
-    if ( -e "$master_dir/$zone/.keycounter" ) {
-
-        open( KC, "$master_dir/$zone/.keycounter" );
-        $kc = <KC>;
-        close(KC);
-
-        if ( $kc < 1 ) {
-            push @auto, $zone;
-        }
-    }
-}
-
-#erhoeht den serial der zone 
-for ( &del_double( @auto, @manu ) ) {
-    unless ($serial_up == 1) {
-        last
-    }
-
-    $zone = $_;
-    my @zonefile = ();
-    my $serial;
-
-    open ( ZONEFILE, "$master_dir/$zone/$zone")
-        or die "$master_dir/$zone/$zone: $!\n";
-    @zonefile = <ZONEFILE>;
-    close (ZONEFILE);
-
-    for (@zonefile) {
-        if (m#([0-9]{10}).*;.*serial#) {
-            $serial = $1 + 1;
-            s#(.*)([0-9]{10})(.*)#$1$serial$3#;
-        }
-    }
-
-    open ( ZONEFILE, ">$master_dir/$zone/$zone")
-        or die "$master_dir/$zone/$zone: $!\n";
-    print ZONEFILE @zonefile;
-    close (ZONEFILE);
-}
+#for (<$master_dir/*>) {
+#    s#($master_dir/)(.*)#$2#;
+#    $zone = $_;
+#
+#    if ( -e "$master_dir/$zone/.keycounter" ) {
+#
+#        open( KC, "$master_dir/$zone/.keycounter" );
+#        $kc = <KC>;
+#        close(KC);
+#
+#        if ( $kc < 1 ) {
+#            push @auto, $zone;
+#        }
+#    }
+#}
 
 # signiert alle zonen in @auto und @manu und erhoeht den wert in
 # der keycounter-datei
diff -r d1addc2ec712 -r d3269961e944 dnstools.conf
--- a/dnstools.conf	Fri Aug 13 10:09:37 2010 +0200
+++ b/dnstools.conf	Fri Aug 13 17:00:37 2010 +0200
@@ -6,6 +6,7 @@
 abl_zeit = 1		# Dauer des Key-Rollover (2 Schluessel) in h
 secondary = hh.schlittermann.de
 primary = pu.schlittermann.de
+indexzone = index.zone.eins.lan
 #this_host
 #this_ip
 #this_domain
diff -r d1addc2ec712 -r d3269961e944 update-index
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/update-index	Fri Aug 13 17:00:37 2010 +0200
@@ -0,0 +1,68 @@
+#! /usr/bin/perl
+
+use strict;
+use warnings;
+use File::Basename;
+use FindBin;
+
+# liest die Konfiguration
+my @configs = ( "$FindBin::Bin/dnstools.conf", "/etc/dnstools.conf" );
+my %config;
+
+for ( grep {-f} @configs ) {
+    open( CONFIG, $_ ) or die "Can't open $_: $!\n";
+}
+
+unless ( seek( CONFIG, 0, 0 ) ) {
+    die "Can't open config (searched: @configs)\n";
+}
+
+while (<CONFIG>) {
+    chomp;
+    s/#.*//;
+    s/\t//g;
+    s/\s//g;
+    next unless length;
+    my ( $cname, $ccont ) = split( /\s*=\s*/, $_, 2 );
+    $config{$cname} = $ccont;
+}
+close(CONFIG);
+
+my $master_dir = $config{master_dir};
+my $indexzone = $config{indexzone};
+my @iz_content_old = ();
+my @iz_content_new = ();
+my $iz_line;
+my $zone;
+
+unless ( -d $master_dir and -r $master_dir ) {
+    die "$master_dir: $!\n";
+}
+
+open (INDEXZONE, "$master_dir/$indexzone/$indexzone")
+    or die "$master_dir/$indexzone/$indexzone: $!\n";
+@iz_content_old = <INDEXZONE>,
+close (INDEXZONE);
+
+for (@iz_content_old) {
+    unless (m#ZONE::#) {
+        push @iz_content_new, $_;
+    }
+}
+
+
+for my $dir ( glob "$master_dir/*" ) {
+    $zone = basename($dir);
+
+    $iz_line = "\t\tIN TXT\t\t\"ZONE::$zone\"\n";
+
+    push @iz_content_new, $iz_line;
+}
+
+
+open (INDEXZONE, ">$master_dir/$indexzone/$indexzone")
+    or die "$master_dir/$indexzone/$indexzone: $!\n";
+print INDEXZONE @iz_content_new;
+close (INDEXZONE);
+
+print "index domain $indexzone updated \n";
diff -r d1addc2ec712 -r d3269961e944 update-zone
--- a/update-zone	Fri Aug 13 10:09:37 2010 +0200
+++ b/update-zone	Fri Aug 13 17:00:37 2010 +0200
@@ -83,10 +83,6 @@
     my $date;
     $mm++;
 
-
-    # fuehrt automatische aktuallisierungen der zonen durch
-    system "$dnssec_sign";
-
     # prueft jede domain, die ein verzeichnis in $master_dir hat, ob sie
     # dnssec nutzt.
     # passt die eintraege in $config_file falls noetig an.
@@ -223,35 +219,32 @@
         print "\n";
     }
 
-    if ($changed) {
-        my $pidfile;
-
+    my $pidfile;
 
-        print
-            "** Changed $changed files, the nameserver needs to be reloaded!\n";
-        foreach (
-            qw(/var/run/bind/run/named.pid /var/run/named.pid /etc/named.pid))
-        {
-            -f $_ and $pidfile = $_ and last;
-        }
+    print
+        "** Changed $changed files, the nameserver needs to be reloaded!\n";
+    foreach (
+        qw(/var/run/bind/run/named.pid /var/run/named.pid /etc/named.pid))
+    {
+        -f $_ and $pidfile = $_ and last;
+    }
 
-        # dnssec-sign aufruf fuer geanderten domains
-        system "$dnssec_sign @change_names";
-        die "$dnssec_sign not found ($!)" if $? == -1;
-        exit 1 if $?;
+    # dnssec-sign aufruf fuer geanderten domains
+    system "$dnssec_sign @change_names";
+    die "$dnssec_sign not found ($!)" if $? == -1;
+    exit 1 if $?;
 
-        if ($pidfile) {
-            if ($opt_yes) {
-                $_ = "y";
-                print "** Nameserver will be reloaded\n";
-            }
-            else { print "** Reload now? [Y/n]: "; $_ = <STDIN>; }
-            /^y|^$/i and system "rndc reload";
+    if ($pidfile) {
+        if ($opt_yes) {
+            $_ = "y";
+            print "** Nameserver will be reloaded\n";
         }
-        else {
-            print
-                "** No PID of a running named found.  Please reload manually.\n";
-        }
+        else { print "** Reload now? [Y/n]: "; $_ = <STDIN>; }
+        /^y|^$/i and system "rndc reload";
+    }
+    else {
+        print
+            "** No PID of a running named found.  Please reload manually.\n";
 
     }