# HG changeset patch
# User asuess@dns.net.schlittermann.de
# Date 1291390932 -3600
# Node ID d50f6874b7abb77a1a14f4e66e053ce496e4e245
# Parent  d3158de72598127f15be91315489434d3adabe09
added keytool, removed a lot

diff -r d3158de72598 -r d50f6874b7ab dnssec-creatkey
--- a/dnssec-creatkey	Thu Dec 02 16:46:17 2010 +0100
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,281 +0,0 @@
-#!/usr/bin/perl -w
-
-use strict;
-use FindBin;
-
-sub del_double {
-    my %all;
-    grep { $all{$_} = 0 } @_;
-    return ( keys %all );
-}
-
-# liest die Konfiguration
-my @configs = ( "$FindBin::Bin/dnstools.conf", "/etc/dnstools.conf" );
-my %config;
-
-for ( grep {-f} @configs ) {
-    open( CONFIG, $_ ) or die "Can't open $_: $!\n";
-}
-
-unless ( seek( CONFIG, 0, 0 ) ) {
-    die "Can't open config (searched: @configs)\n";
-}
-
-while (<CONFIG>) {
-    chomp;
-    s/#.*//;
-    s/\t//g;
-    s/\s//g;
-
-    next unless length;
-    my ( $cname, $ccont ) = split( /\s*=\s*/, $_, 2 );
-    $config{$cname} = $ccont;
-}
-close(CONFIG);
-
-my $master_dir      = $config{master_dir};
-my $key_counter_end = $config{key_counter_end};
-my @change;
-my @manu;
-my @index;
-my $zone;
-my $keyname;
-
-# prueft ob eingaben in ARGV domains sind und gibt sie in die liste @manu
-for (@ARGV) {
-    chomp( my $zone = `idn --quiet "$_"` );
-
-    if ( -d "$master_dir/$zone" ) {
-        push( @manu, $zone );
-    }
-    else {
-        print " $zone not exist\n ";
-    }
-}
-
-# prueft ob zonen mit schluesselmaterial ueber index- und keycounterdatei
-# verfuegen.
-# legt .index.ksk an falls nicht und gibt die entsprechende zone in die
-# liste @change
-while (<$master_dir/*>) {
-    chomp( $zone = $_ );
-
-    if (    -f "$zone/.index.zsk"
-        and -f "$zone/.index.ksk"
-        and -f "$zone/.keycounter" )
-    {
-        next;
-    }
-
-    while (<$zone/*>) {
-        if (m#^K#) {
-            my $file_in_zone = $_;
-
-            open( KEY, $_ ) or die "$_: $!\n";
-            for (<KEY>) {
-                if (m#DNSKEY.257#) {
-                    $file_in_zone =~ s#(/.*/)(.*).key#$2#;
-
-                    open( INDEX, ">$zone/.index.ksk" ) or die;
-                    print INDEX "$file_in_zone\n";
-                    close(INDEX);
-
-                    $zone =~ s#($master_dir/)(.*)#$2#;
-                    push( @change, $zone );
-
-                }
-            }
-            close(KEY);
-        }
-    }
-}
-
-# gibt alle zonen mit abgelaufenen keycounter in die liste @change
-while (<$master_dir/*>) {
-    chomp( $zone = $_ );
-    my $key;
-
-    unless ( -f "$zone/.keycounter" ) {
-        next;
-    }
-
-    open( KEY, "$zone/.keycounter" ) or die "$zone/.keycounter: $!\n";
-    $key = <KEY>;
-    close(KEY);
-
-    if ( $key_counter_end <= $key ) {
-        $zone =~ s#($master_dir/)(.*)#$2#;
-        push( @change, $zone );
-    }
-}
-
-#erzeugt zsks
-for ( &del_double( @change, @manu ) ) {
-    $zone = $_;
-
-    chdir "$master_dir/$zone" or die "$master_dir/$zone: $!\n";
-    $keyname = `dnssec-keygen -a RSASHA1 -b 512 -n ZONE $zone`;
-
-    unless ( -f ".index.zsk" ) {
-        @index = ();
-    }
-    else {
-        open( INDEX, ".index.zsk" )
-            or die "$master_dir/$zone/.index.zsk: $!\n";
-        @index = <INDEX>;
-        close(INDEX);
-    }
-
-    push @index, $keyname;
-    if ( @index > 2 ) {
-        shift(@index);
-    }
-
-    open( INDEX, ">.index.zsk" ) or die "$master_dir/$zone/.index.zsk: $!\n";
-    print INDEX @index;
-    close(INDEX);
-
-    chomp($keyname);
-    print "$keyname (ZSK) creat for $zone \n";
-
-    open( KC, ">.keycounter" ) or die "$master_dir/$zone/keycounter: $!\n";
-    print KC "0";
-    close(KC);
-}
-
-#erzeugt ksks
-for ( &del_double(@manu) ) {
-    $zone = $_;
-
-    chdir "$master_dir/$zone" or die "$master_dir/$zone: $!\n";
-    $keyname = `dnssec-keygen -a RSASHA1 -b 2048 -f KSK -n ZONE $zone`;
-
-    print "creat new KSK for $zone? (no): ";
-    unless ( <STDIN> =~ m/^yes/ ) {
-        next;
-    }
-
-    unless ( -f ".index.ksk" ) {
-        @index = ();
-    }
-    else {
-
-        open( INDEX, ".index.ksk" )
-            or die "$master_dir/$zone/.index.ksk: $!\n";
-        @index = <INDEX>;
-        close(INDEX);
-    }
-
-    push @index, $keyname;
-    if ( @index > 2 ) {
-        shift(@index);
-    }
-
-    open( INDEX, ">.index.ksk" ) or die "$master_dir/$zone/.index.ksk: $!\n";
-    print INDEX @index;
-    close(INDEX);
-
-    chomp($keyname);
-    print "$keyname (KSK) creat for $zone \n";
-}
-
-# loescht alle unbenoetigten schluessel, fuegt die schluessel in
-# die zone-datei
-for ( &del_double( @change, @manu ) ) {
-    $zone = $_;
-    my @old_zone_content = ();
-    my @new_zone_content = ();
-    my @kkeylist         = ();
-    my @zkeylist         = ();
-    my $file             = ();
-
-    open( INDEX, "<$master_dir/$zone/.index.zsk" )
-        or die "$master_dir/$zone/.index.zsk: $!\n";
-    @zkeylist = <INDEX>;
-    close(INDEX);
-
-    open( INDEX, "<$master_dir/$zone/.index.ksk" )
-        or die "$master_dir/$zone/.index.ksk: $!\n";
-    @kkeylist = <INDEX>;
-    close(INDEX);
-
-    open( ZONE, "<$master_dir/$zone/$zone" )
-        or die "$master_dir/$zone/$zone: $!\n";
-    @old_zone_content = <ZONE>;
-    close(ZONE);
-
-    # kuerzt die schluessel-bezeichnung aus der indexdatei auf die id um sie
-    # besser vergleichen zu koennen.
-    for ( @kkeylist, @zkeylist ) {
-        chomp;
-        s#K.*\+.*\+(.*)#$1#;
-    }
-
-    # filtert alle schluessel aus der zonedatei
-    # old_zone_content ==> new_zone_content
-    for (@old_zone_content) {
-        unless (/dnssec-(zsk|ksk)/) {
-            push @new_zone_content, $_;
-        }
-    }
-
-    # prueft alle schluesseldateien (ksk, zsk) ob sie in der jeweiligen
-    # indexdatei beschrieben sind. wenn nicht werden sie geloescht.
-    for (`ls $master_dir/$zone/K*[key,private]`) {
-        chomp;
-        $file = $_;
-        my $rm_count = 1;
-
-        for (@zkeylist) {
-
-            if ( $file =~ /$_/ ) {
-                $rm_count = 0;
-
-                # schluessel die in der indexdatei standen, werden an die
-                # zonedatei angehangen.
-                if ( $file =~ /.*key/ ) {
-
-                    $file =~ s#/.*/(K.*)#$1#;
-                    push @new_zone_content,
-                        "\$INCLUDE \"$file\"\t\t; dnssec-zsk\n";
-
-                    last;
-                }
-            }
-        }
-        for (@kkeylist) {
-
-            if ( $file =~ /$_/ ) {
-                $rm_count = 0;
-
-                # schluessel die in der indexdatei standen, werden an die
-                # zonedatei angehangen.
-                if ( $file =~ /.*key/ ) {
-
-                    $file =~ s#/.*/(K.*)#$1#;
-                    push @new_zone_content,
-                        "\$INCLUDE \"$file\"\t\t; dnssec-ksk\n";
-
-                    last;
-                }
-            }
-        }
-
-        #loescht alle unbenoetigten schluessel
-        if ( $rm_count == 1 ) {
-            unlink "$file";
-        }
-    }
-
-    open( ZONE, ">$master_dir/$zone/$zone" )
-        or die "$master_dir/$zone/$zone: $!\n";
-    print ZONE @new_zone_content;
-    close(ZONE);
-
-}
-
-# "toucht" alle zonen damit der serial erhoeht und die
-# zone neu signiert wird
-for ( &del_double( @change, @manu ) ) {
-	system "touch $master_dir/$_/$_";
-}
diff -r d3158de72598 -r d50f6874b7ab dnssec-keytool
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/dnssec-keytool	Fri Dec 03 16:42:12 2010 +0100
@@ -0,0 +1,350 @@
+#!/usr/bin/perl -w
+
+use strict;
+use FindBin;
+
+sub del_double {
+    my %all;
+    grep { $all{$_} = 0 } @_;
+    return ( keys %all );
+}
+
+sub read_conf {
+    # liest die Konfiguration ein
+    my @configs = ( "$FindBin::Bin/dnstools.conf", "/etc/dnstools.conf" );
+    our %config;
+
+    for ( grep {-f} @configs ) {
+        open( CONFIG, $_ ) or die "Can't open $_: $!\n";
+    }
+    unless ( seek( CONFIG, 0, 0 ) ) {
+        die "Can't open config (searched: @configs)\n";
+    }
+    while (<CONFIG>) {
+        chomp;
+        s/#.*//;
+        s/\t//g;
+        s/\s//g;
+
+        next unless length;
+        my ( $cname, $ccont ) = split( /\s*=\s*/, $_, 2 );
+        $config{$cname} = $ccont;
+    }
+    close(CONFIG);
+}
+
+sub read_argv {
+    # wertet argv aus oder gibt die hilfe aus
+    my $arg = shift @ARGV;
+    my $zone;
+    our $do;
+    our @zones;
+    our $master_dir;
+
+    if ( ! defined $arg ) {
+        print " usage: dnssec-keytool <option> zone\n";
+        print "   -z  erstellt einen neuen ZSK\n";
+        print "   -k  erstellt je einen neuen ZSK und KSK\n";
+        print "   -rm loescht das Schluesselmaterial einer Zone\n";
+        print "   -c  erstellt bei existierenden ksk konfigurationsdateien\n";
+        print "       fuer die dnstools, sowie einen neuen zsk\n";
+        print "\n";
+
+        exit;
+    }
+    elsif ($arg eq "-k")  {$do = "ksk";}
+    elsif ($arg eq "-rm") {$do = "rm";}
+    elsif ($arg eq "-c")  {$do = "ck";}
+    elsif ($arg eq "-z") {$do = "zsk";}
+    else {
+        print "keine gueltige Option.\n";
+        exit;
+    }
+
+    # prueft die zonen in argv ob es verwaltete zonen sind
+    for (@ARGV) {
+        chomp( $zone = `idn --quiet "$_"` );
+        if ( -e "$master_dir/$zone/$zone" ) {
+            push @zones, $zone;
+        }
+    }
+}
+
+sub rm_keys {
+    our @zones;
+    our $master_dir;
+    my $zone;
+    my @new_zone_content;
+    my @old_zone_content;
+
+    for (@zones) {
+        $zone = $_;
+
+        my $zpf = "$master_dir/$zone";
+        my $ep = 0;
+
+        if ( -e "$zpf/$zone.signed" )  { 
+            unlink "$zpf/$zone.signed"  and $ep = 1 }
+        if ( -e "$zpf/.keycounter" )   {
+            unlink "$zpf/.keycounter"   and $ep = 1 }
+        if ( -e "$zpf/.index.ksk" )    {
+            unlink "$zpf/.index.ksk"    and $ep = 1 }
+        if ( -e "$zpf/.index.zsk" )    {
+            unlink "$zpf/.index.zsk"    and $ep = 1 }
+        if ( -e "$zpf/dsset-$zone." )  { 
+            unlink "$zpf/dsset-$zone."  and $ep = 1 }
+        if ( -e "$zpf/keyset-$zone." ) { 
+            unlink "$zpf/keyset-$zone." and $ep = 1 }
+
+        for (`ls $zpf/K$zone*`) { 
+            chomp($_);
+            print "weg du scheissezwerg $_";
+            unlink ("$_");
+        }
+
+        if ($ep == 1) {
+            print " * $zone: schluesselmaterial entfernt\n";
+        }
+
+        open( ZONE, "$zpf/$zone" )
+            or die "$zpf/$zone: $!\n";
+        @old_zone_content = <ZONE>;
+        close(ZONE);
+        
+        for (@old_zone_content) {
+            unless (m#\$INCLUDE.*\"K$zone.*\.key\"#) {
+                push @new_zone_content, $_;
+            }
+        }
+
+        open( ZONE, ">$zpf/$zone" ) or die "$zpf/$zone: $!\n";
+        print ZONE @new_zone_content;
+        close(ZONE);
+    }
+}
+
+sub creat_ksk {
+    our @zones;
+    our $master_dir;
+    my @index;
+    my $zone;
+    my $keyname;
+    my $zpf;
+
+    for (@zones) {
+        $zone = $_;
+        $zpf = "$master_dir/$zone";
+
+        chdir "$zpf" or die "$zpf: $!\n";
+        $keyname = `dnssec-keygen -a RSASHA1 -b 2048 -f KSK -n ZONE $zone`;
+
+        unless ( -f ".index.ksk" ) { @index = ();}
+        else {
+            open( INDEX, ".index.ksk" ) or die "$zpf/.index.ksk: $!\n";
+            @index = <INDEX>;
+            close(INDEX);
+        }
+
+        push @index, $keyname;
+        if ( @index > 2 ) { shift(@index);}
+
+        open( INDEX, ">.index.ksk" ) or die "$zpf/.index.ksk: $!\n";
+        print INDEX @index;
+        close(INDEX);
+
+        chomp($keyname);
+        print " * $zone: neuer KSK $keyname\n";
+        
+
+        print "!! DER KSK muss der Chain of Trust veroeffentlicht werden !! \n";
+
+    }
+}
+
+sub creat_zsk {
+    our @zones;
+    our $master_dir;
+    my @index;
+    my $zone;
+    my $keyname;
+    my $zpf;
+
+    for (@zones) {
+        $zone = $_;
+        $zpf = "$master_dir/$zone";
+
+        chdir "$zpf" or die "$zpf: $!\n";
+        $keyname = `dnssec-keygen -a RSASHA1 -b 512 -n ZONE $zone`;
+
+        unless ( -f ".index.zsk" ) { @index = ();}
+        else {
+            open( INDEX, ".index.zsk" ) or die "$zpf/.index.zsk: $!\n";
+            @index = <INDEX>;
+            close(INDEX);
+        }
+
+        push @index, $keyname;
+        if ( @index > 2 ) { shift(@index);}
+
+        open( INDEX, ">.index.zsk" ) or die "$zpf/.index.zsk: $!\n";
+        print INDEX @index;
+        close(INDEX);
+
+        chomp($keyname);
+        print " * $zone: neuer ZSK $keyname\n";
+
+        open( KC, ">.keycounter" ) or die "$zpf/keycounter: $!\n";
+        print KC "0";
+        close(KC);
+
+    }
+}
+
+sub ck_zone {
+    our @zones;
+    our $master_dir;
+    my $zone;
+
+    for (@zones) {
+        $zone = $_;
+        my $zpf = "$master_dir/$zone";
+        my $keyfile;
+        my @content;
+        my @keylist;
+
+        for (<$zpf/*>) {
+            if (m#(K$zone.*\.key)#) {
+                $keyfile = $1;
+                open (KEYFILE, "<$zpf/$keyfile");
+                @content = <KEYFILE>;
+                close (KEYFILE);
+                for (@content) {
+                    if (m#DNSKEY.257#) {
+                        push @keylist, $keyfile;
+                    }
+                }
+            }
+        }
+
+        open( INDEX, ">.index.ksk" ) or die "$zpf/.index.ksk: $!\n";
+        for (@keylist) {
+            s#\.key##;
+            print INDEX "$_\n";
+        }
+        close(INDEX);
+        
+        print " * $zone: neue .index.ksk erzeugt\n";
+
+        if (-f "$zpf/.index.zsk") {
+            unlink ("$zpf/.index.zsk") or die "$zpf/.index.zsk: $!\n";
+        }
+    }
+}
+
+sub post_creat {
+    our @zones;
+    our $master_dir;
+
+    for (@zones) {
+        my $zone = $_;
+        `touch $master_dir/$zone/$zone`;
+
+        &kill_useless_keys($zone);
+        &key_to_zonefile($zone);
+    }
+
+}
+
+sub kill_useless_keys {
+    # die funktion loescht alle schluessel die nicht in der index.zsk
+    # der uebergebenen zone stehen
+    our $master_dir;
+    my $zone     = $_[0];
+    my @keylist  = ();
+    my $zpf      = "$master_dir/$zone";
+
+    open (INDEX, "<$zpf/.index.zsk") or die "$zpf/.index.zsk: $!\n";
+    @keylist = <INDEX>;
+    close(INDEX);
+    open (INDEX, "<$zpf/.index.ksk") or die "$zpf/.index.ksk: $!\n";
+    push @keylist, <INDEX>;
+
+    # kuerzt die schluessel-bezeichnung aus der indexdatei auf die id um sie
+    # besser vergleichen zu koennen.
+    for ( @keylist ) {
+        chomp;
+        s#K.*\+.*\+(.*)#$1#;
+    }
+
+    # prueft alle schluesseldateien (ksk, zsk) ob sie in der jeweiligen
+    # indexdatei beschrieben sind. wenn nicht werden sie geloescht.
+    for (`ls $master_dir/$zone/K*[key,private]`) {
+        chomp;
+        my $file = $_;
+        my $rm_count = 1;
+        my $keyname;
+        for (@keylist) {
+            if ( $file =~ /$_/ ) { $rm_count = 0;}
+        }
+        if ($rm_count == 1) {
+            unlink "$file";
+            if ($file =~ /$zpf\/(.*\.key)/ ) {
+                print " * $zone: Schluessel $1 entfernt \n";
+            }
+        }
+    }
+}
+
+sub key_to_zonefile {
+    # die funktion fugt alle schluessel in eine zonedatei
+    our $master_dir;
+    my $zone = $_[0];
+    my $zpf = "$master_dir/$zone";
+    my @old_content;
+    my @new_content = ();
+
+    open(ZONEFILE, "<$zpf/$zone");
+    @old_content = <ZONEFILE>;
+    close(ZONEFILE);
+
+    for (@old_content) {
+        unless (m#INCLUDE.*key#) { push @new_content, $_; }
+    }
+
+    for (<$zpf/*>) {
+        if (m#(.*\/)(K.*\.key)#) {
+            push @new_content, "\$INCLUDE \"$2\"\n";
+        }
+    }
+    open( ZONEFILE, ">$zpf/$zone" ) or die "$zpf/$zone: $!\n";
+    print ZONEFILE @new_content;
+    close(ZONEFILE);
+}
+
+
+&read_conf;
+
+our %config;
+our $do;     # arbeitsschritte aus argv
+our @zones;  # liste der zonen in argv
+our $master_dir      = $config{master_dir};
+our $bind_dir        = $config{bind_dir};
+our $conf_dir        = $config{zone_conf_dir};
+our $sign_alert_time = $config{sign_alert_time};
+our $indexzone       = $config{indexzone};
+our $key_counter_end = $config{key_counter_end};
+our $ablauf_zeit     = $config{abl_zeit};
+
+&read_argv;
+
+unless (@zones) {exit;} # beendet das programm, wurden keine
+                        # gueltigen zonen uebergeben
+
+if ($do eq "rm") { &rm_keys; exit;}
+if ($do eq "ck") { &ck_zone;}
+if ($do eq "ksk") { &creat_ksk; }
+
+&creat_zsk;
+&post_creat;
+
+
diff -r d3158de72598 -r d50f6874b7ab dnssec-killkey
--- a/dnssec-killkey	Thu Dec 02 16:46:17 2010 +0100
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,254 +0,0 @@
-#!/usr/bin/perl -w
-
-use strict;
-use FindBin;
-
-sub del_double {
-    my %all;
-    grep { $all{$_} = 0 } @_;
-    return ( keys %all );
-}
-
-# liest die Konfiguration ein
-my @configs = ( "$FindBin::Bin/dnstools.conf", "/etc/dnstools.conf" );
-my %config;
-
-for ( grep {-f} @configs ) {
-    open( CONFIG, $_ ) or die "Can't open $_: $!\n";
-}
-
-unless ( seek( CONFIG, 0, 0 ) ) {
-    die "Can't open config (searched: @configs)\n";
-}
-
-while (<CONFIG>) {
-    chomp;
-    s/#.*//;
-    s/\t//g;
-    s/\s//g;
-
-    next unless length;
-    my ( $cname, $ccont ) = split( /\s*=\s*/, $_, 2 );
-    $config{$cname} = $ccont;
-}
-close(CONFIG);
-
-my $master_dir  = $config{master_dir};
-my $ablauf_zeit = $config{abl_zeit};
-my $zone;
-my @status;
-my @auto;
-my @manu;
-my @old_zone_content;
-my @new_zone_content;
-chomp( my $now_time = `date +%s` );    # aktuelle unixzeit
-
-# prueft zonen aus ARGV und loescht das schluesselmaterial
-for (@ARGV) {
-    chomp( $zone = `idn --quiet $_` );
-    my $zdir = "$master_dir/$zone";
-    my $ep = 0;
-
-    unless ( -e "$master_dir/$zone" ) {
-        print "$zone ist keine verwaltete zone \n";
-    }
-    else {
-        if ( -e "$zdir/$zone.signed" )  { 
-            unlink "$zdir/$zone.signed"  and $ep = 1 }
-        if ( -e "$zdir/.keycounter" )   {
-            unlink "$zdir/.keycounter"   and $ep = 1 }
-        if ( -e "$zdir/.index.ksk" )    {
-            unlink "$zdir/.index.ksk"    and $ep = 1 }
-        if ( -e "$zdir/.index.zsk" )    {
-            unlink "$zdir/.index.zsk"    and $ep = 1 }
-        if ( -e "$zdir/dsset-$zone." )  { 
-            unlink "$zdir/dsset-$zone."  and $ep = 1 }
-        if ( -e "$zdir/keyset-$zone." ) { 
-            unlink "$zdir/keyset-$zone." and $ep = 1 }
-
-        for (`ls $master_dir/$zone/K*[key,private]`) { 
-            unlink $_ and $ep = 1
-        }
-
-        if ($ep == 1) {
-            print "$zone: keys removed\n";
-        }
-
-        open( ZONE, "$master_dir/$zone/$zone" )
-            or die "$master_dir/$zone/$zone: $!\n";
-        @old_zone_content = <ZONE>;
-        close(ZONE);
-        
-        for (@old_zone_content) {
-            unless (/dnssec-(ksk|zsk)/) {
-                push @new_zone_content, $_;
-            }
-        }
-
-        open( ZONE, ">$master_dir/$zone/$zone" )
-            or die "$master_dir/$zone/$zone: $!\n";
-        print ZONE @new_zone_content;
-        close(ZONE);
-        
-        push @manu, $zone;
-    }
-}
-
-# beendet den key-rollover
-for (<$master_dir/*>) {
-    $zone = $_;
-    $zone =~ s#($master_dir/)(.*)#$2#;
-
-    my @index = ();
-    my $index_wc;
-
-    # prueft nach der ".index.zsk"-datei und erstellt den zeitpunkt
-    # an dem das key-rollover endet. - $status[9]
-    if ( -e "$master_dir/$zone/.index.zsk" ) {
-        @status = stat("$master_dir/$zone/.index.zsk");
-        $status[9] += ( 3600 * $ablauf_zeit );
-    }
-    else {
-        next;
-    }
-
-    # prueft ob das key-rollover-ende erreicht ist
-    unless ( $status[9] < $now_time ) {
-        next;
-    }
-
-    # prueft die anzahl der schluessel in der ".index.zsk"
-    # loescht alte schluessel
-    open( INDEX, "$master_dir/$zone/.index.zsk" )
-        or die "$master_dir/$zone/.index.zsk: $!\n";
-    @index    = <INDEX>;
-    $index_wc = @index;
-    close(INDEX);
-    if ( $index_wc > 1 ) {
-        open( INDEX, ">$master_dir/$zone/.index.zsk" )
-            or die "$master_dir/$zone/.index.zsk: $!\n";
-        print INDEX $index[1];
-        close(INDEX);
-        push @auto, $zone;
-    }
-
-    # prueft die anzahl der schluessel in der ".index.ksk"
-    # loescht alte schluessel
-    open( INDEX, "$master_dir/$zone/.index.ksk" )
-        or die "$master_dir/$zone/.index.ksk: $!\n";
-    @index    = <INDEX>;
-    $index_wc = @index;
-    close(INDEX);
-    if ( $index_wc > 1 ) {
-        open( INDEX, ">$master_dir/$zone/.index.ksk" )
-            or die "$master_dir/$zone/.index.ksk: $!\n";
-        print INDEX $index[1];
-        close(INDEX);
-        push @auto, $zone;
-    }
-
-}
-
-# nach abgeschlossenem key-rollover werden fuer die entsprechende zone
-# unbenoetigte schluessel entfernt und die vorhandenen schluessel in die
-# zonedatei geschrieben.
-for ( &del_double(@auto) ) {
-    my $zone             = $_;
-    my @old_zone_content = ();
-    my @new_zone_content = ();
-    my @kkeylist         = ();
-    my @zkeylist         = ();
-    my $file;
-
-    open( INDEX, "$master_dir/$zone/.index.zsk" )
-        or die "$master_dir/$zone/.index.zsk: $!\n";
-    @zkeylist = <INDEX>;
-    close(INDEX);
-
-    open( INDEX, "$master_dir/$zone/.index.ksk" )
-        or die "$master_dir/$zone/.index.ksk: $!\n";
-    @kkeylist = <INDEX>;
-    close(INDEX);
-
-    open( ZONE, "$master_dir/$zone/$zone" )
-        or die "$master_dir/$zone/$zone: $!\n";
-    @old_zone_content = <ZONE>;
-    close(ZONE);
-
-    # kuerzt die schluessel-bezeichnung aus der indexdatei auf die
-    # id um sie besser vergleichen zu koennen.
-    for ( @kkeylist, @zkeylist ) {
-        chomp;
-        s#K.*\+.*\+(.*)#$1#;
-    }
-
-    # filtert alle schluessel aus der zonedatei
-    # old_zone_content ==> new_zone_content
-    for (@old_zone_content) {
-        unless (/dnssec-(ksk|zsk)/) {
-            push @new_zone_content, $_;
-        }
-    }
-
-    # prueft alle schluesseldateien (ksk, zsk) ob sie in der jeweiligen
-    # indexdatei beschrieben sind. wenn nicht werden sie geloescht.
-    for (`ls $master_dir/$zone/K*[key,private]`) {
-        chomp;
-        $file = $_;
-        my $rm_count = 1;
-
-        for (@zkeylist) {
-
-            if ( $file =~ /$_/ ) {
-                $rm_count = 0;
-
-                # schluessel die in der indexdatei standen, werden an die
-                # zonedatei angehangen.
-                if ( $file =~ /.*key/ ) {
-
-                    $file =~ s#/.*/(K.*)#$1#;
-                    push @new_zone_content,
-                        "\$INCLUDE \"$file\"\t\t; dnssec-zsk\n";
-
-                    last;
-                }
-            }
-        }
-        for (@kkeylist) {
-
-            if ( $file =~ /$_/ ) {
-                $rm_count = 0;
-
-                # schluessel die in der indexdatei standen, werden an die
-                # zonedatei angehangen.
-                if ( $file =~ /.*key/ ) {
-
-                    $file =~ s#/.*/(K.*)#$1#;
-                    push @new_zone_content,
-                        "\$INCLUDE \"$file\"\t\t; dnssec-ksk\n";
-
-                    last;
-                }
-            }
-        }
-
-        #loescht alle unbenoetigten schluessel
-        if ( $rm_count == 1 ) {
-            print `rm -f $file`;
-        }
-    }
-
-    open( ZONE, ">$master_dir/$zone/$zone" )
-        or die "$master_dir/$zone/$zone: $!\n";
-    print ZONE @new_zone_content;
-    close(ZONE);
-
-    print "$master_dir/$zone/$zone wurde neu erstellt \n";
-}
-
-# "toucht" alle zonen damit der serial erhoht wird und die
-# zone neu signiert wird
-for ( &del_double( @auto, @manu ) ) {
-        system "touch $master_dir/$_/$_";
-}
-
diff -r d3158de72598 -r d50f6874b7ab dnssec-sign
--- a/dnssec-sign	Thu Dec 02 16:46:17 2010 +0100
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,131 +0,0 @@
-#!/usr/bin/perl 
-
-use strict;
-use warnings;
-use FindBin;
-
-sub del_double {
-    my %all;
-    grep { $all{$_} = 0 } @_;
-    return ( keys %all );
-}
-
-# liest die Konfiguration ein
-my @configs = ( "$FindBin::Bin/dnstools.conf", "/etc/dnstools.conf" );
-my %config;
-
-for ( grep {-f} @configs ) {
-    open( CONFIG, $_ ) or die "Can't open $_: $!\n";
-}
-
-unless ( seek( CONFIG, 0, 0 ) ) {
-    die "Can't open config (searched: @configs)\n";
-}
-
-while (<CONFIG>) {
-    chomp;
-    s/#.*//;
-    s/\t//g;
-    s/\s//g;
-
-    next unless length;
-    my ( $cname, $ccont ) = split( /\s*=\s*/, $_, 2 );
-    $config{$cname} = $ccont;
-}
-close(CONFIG);
-
-my $master_dir      = $config{master_dir};
-my $sign_alert_time = $config{sign_alert_time};
-my $zone;
-my ( @manu, @auto );
-my @zone_sig_content;
-my $sig_date;
-my $kc;
-my $serial_up = 0;
-
-for (@ARGV) {
-    if ( $_ eq "-s" ) {
-        $serial_up = 1;
-        shift @ARGV;
-    }
-}
-
-# prueft zonen aus ARGV und fuegt sie in die liste @manu ein
-for (@ARGV) {
-    chomp( my $zone = `idn --quiet "$_"` );
-
-    if ( -e "$master_dir/$zone/.keycounter" ) {
-        push @manu, $zone;
-    }
-}
-
-chomp( my $unixtime = `date +%s` );
-$unixtime = $unixtime + ( 3600 * $sign_alert_time );
-my $time = `date -d \@$unixtime +%Y%m%d%H`;
-
-# vergleicht fuer alle zonen im ordner $master_dir mit einer
-# <zone>.signed-datei den zeitpunkt in $time mit dem ablaufdatum der
-# signatur, welcher aus der datei <zone>.signed ausgelesen wird.
-for (<$master_dir/*>) {
-    s#($master_dir/)(.*)#$2#;
-    $zone = $_;
-
-    if ( -e "$master_dir/$zone/$zone.signed" ) {
-
-        open( ZONE, "$master_dir/$zone/$zone.signed" );
-        @zone_sig_content = <ZONE>;
-        close(ZONE);
-
-        for (@zone_sig_content) {
-            if (m#SOA.*[0-9]{14}#) {
-                s#.*([0-9]{10})([0-9]{4}).*#$1#;
-                if ( $_ < $time ) {
-                    push @auto, $zone;
-                    `touch $master_dir/$zone/$zone`
-                }
-            }
-        }
-    }
-}
-
-#gibt zonen mit schluessel aber ohne signatur in die liste @auto
-#for (<$master_dir/*>) {
-#    s#($master_dir/)(.*)#$2#;
-#    $zone = $_;
-#
-#    if ( -e "$master_dir/$zone/.keycounter" ) {
-#
-#        open( KC, "$master_dir/$zone/.keycounter" );
-#        $kc = <KC>;
-#        close(KC);
-#
-#        if ( $kc < 1 ) {
-#            push @auto, $zone;
-#        }
-#    }
-#}
-
-# signiert alle zonen in @auto und @manu und erhoeht den wert in
-# der keycounter-datei
-for ( &del_double( @auto, @manu ) ) {
-    $zone = $_;
-
-    chdir "$master_dir/$zone";
-
-    if (`dnssec-signzone $zone 2>/dev/null`) {
-        print "$zone neu signiert \n";
-
-        open( KC, "$master_dir/$zone/.keycounter" );
-        $kc = <KC>;
-        close(KC);
-        $kc += 1;
-        open( KC, ">$master_dir/$zone/.keycounter" );
-        print KC $kc;
-        close(KC);
-
-    }
-    else {
-        print "$zone konnte nicht signiert werden \n";
-    }
-}
-
diff -r d3158de72598 -r d50f6874b7ab update-index
--- a/update-index	Thu Dec 02 16:46:17 2010 +0100
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,73 +0,0 @@
-#! /usr/bin/perl
-
-use strict;
-use warnings;
-use File::Basename;
-use FindBin;
-
-# liest die Konfiguration
-my @configs = ( "$FindBin::Bin/dnstools.conf", "/etc/dnstools.conf" );
-my %config;
-
-for ( grep {-f} @configs ) {
-    open( CONFIG, $_ ) or die "Can't open $_: $!\n";
-}
-
-unless ( seek( CONFIG, 0, 0 ) ) {
-    die "Can't open config (searched: @configs)\n";
-}
-
-while (<CONFIG>) {
-    chomp;
-    s/#.*//;
-    s/\t//g;
-    s/\s//g;
-    next unless length;
-    my ( $cname, $ccont ) = split( /\s*=\s*/, $_, 2 );
-    $config{$cname} = $ccont;
-}
-close(CONFIG);
-
-my $master_dir = $config{master_dir};
-my $indexzone = $config{indexzone};
-my @iz_content_old = ();
-my @iz_content_new = ();
-my $iz_line;
-my $zone;
-
-unless ( -d $master_dir and -r $master_dir ) {
-    die "$master_dir: $!\n";
-}
-
-open (INDEXZONE, "$master_dir/$indexzone/$indexzone")
-    or die "$master_dir/$indexzone/$indexzone: $!\n";
-@iz_content_old = <INDEXZONE>,
-close (INDEXZONE);
-
-for (@iz_content_old) {
-    unless (m#ZONE::#) {
-        push @iz_content_new, $_;
-    }
-}
-
-
-for my $dir ( glob "$master_dir/*" ) {
-    $zone = basename($dir);
-    my $info_end = "::sec-off";
-
-    if (-e "$dir/.keycounter") {
-        $info_end = "::sec-on";
-    }
-
-    $iz_line = "\t\tIN TXT\t\t\"ZONE::$zone$info_end\"\n";
-
-    push @iz_content_new, $iz_line;
-}
-
-
-open (INDEXZONE, ">$master_dir/$indexzone/$indexzone")
-    or die "$master_dir/$indexzone/$indexzone: $!\n";
-print INDEXZONE @iz_content_new;
-close (INDEXZONE);
-
-print "index domain $indexzone updated \n";
diff -r d3158de72598 -r d50f6874b7ab update-serial
--- a/update-serial	Thu Dec 02 16:46:17 2010 +0100
+++ b/update-serial	Fri Dec 03 16:42:12 2010 +0100
@@ -412,6 +412,7 @@
 }
 
 sub key_to_zonefile {
+    # die funktion fugt alle schluessel in eine zonedatei
     our $master_dir;
     my $zone = $_[0];
     my $zpf = "$master_dir/$zone";
diff -r d3158de72598 -r d50f6874b7ab update-zone
--- a/update-zone	Thu Dec 02 16:46:17 2010 +0100
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,298 +0,0 @@
-#! /usr/bin/perl
-# (c) 1998 Heiko Schlittermann <heiko@datom.de>
-#
-# … work in progress do integrate dnssec (branch suess)
-#
-# Update the serial numbers in zone files
-# The serial number needs to match a specified pattern (see
-# the line marked w/ PATTERN.
-#
-# ToDo:
-# . test against an md5 sum, not just the date of the stamp file
-# . FIXME: handle `/' in file names (currently only working in
-#   the current directory)
-# . optionally reload the named
-
-use strict;
-use warnings;
-
-use File::Basename;
-use File::Copy;
-use FindBin;
-
-my @configs = ( "$FindBin::Bin/dnstools.conf", "/etc/dnstools.conf" );
-my @dnssec_killkeys
-    = ( "$FindBin::Bin/dnssec-killkey", "/usr/bin/dnstools/dnssec-killkey" );
-my $dnssec_killkey;
-my @dnssec_creatkeys
-    = ( "$FindBin::Bin/dnssec-creatkey", "/usr/bin/dnstools/dnssec-creatkey" );
-my $dnssec_creatkey;
-my @dnssec_signs
-    = ( "$FindBin::Bin/dnssec-sign", "/usr/bin/dnstools/dnssec-sign" );
-my %config;
-my $dnssec_sign;
-my @change_names = ();
-
-foreach ( grep {-f} @configs ) {
-    open( CONFIG, $_ ) or die "Can't open $_: $!\n";
-}
-
-unless ( seek( CONFIG, 0, 0 ) ) {
-    die "Can't open config (searched: @configs)\n";
-}
-foreach ( grep {-f} @dnssec_killkeys ) {
-    if ( -x $_ ) {
-        $dnssec_killkey = $_;
-    }
-    else {
-        die "Can't run $_\n";
-    }
-}
-foreach ( grep {-f} @dnssec_creatkeys ) {
-    if ( -x $_ ) {
-        $dnssec_creatkey = $_;
-    }
-    else {
-        die "Can't run $_\n";
-    }
-}
-foreach ( grep {-f} @dnssec_signs ) {
-    if ( -x $_ ) {
-        $dnssec_sign = $_;
-    }
-    else {
-        die "Can't run $_\n";
-    }
-}
-
-while (<CONFIG>) {
-    chomp;
-    s/#.*//;
-    s/\t//g;
-    s/\s//g;
-    next unless length;
-    my ( $cname, $ccont ) = split( /\s*=\s*/, $_, 2 );
-    $config{$cname} = $ccont;
-}
-close(CONFIG);
-
-my $bind_dir   = $config{bind_dir};
-my $conf_dir   = $config{zone_conf_dir};
-my $master_dir = $config{master_dir};
-
-my $ME = basename $0;
-my @tmpfiles;
-my $verbose = 0;
-my $opt_yes = 0;
-my @Zones;
-my $file;
-
-
-sub cleanup() { unlink @tmpfiles; }
-END { cleanup(); }
-
-for (@ARGV) {
-    if ( $_ eq "-y" ) {
-        $opt_yes = 1;
-        shift @ARGV;
-    }
-}
-
-@Zones = @ARGV ? @ARGV : glob("$master_dir/*");
-
-MAIN: {
-    my $changed = 0;
-    my ( $dd, $mm, $yy ) = ( localtime() )[ 3 .. 5 ];
-    my $date;
-    $mm++;
-
-    # prueft jede domain, die ein verzeichnis in $master_dir hat, ob sie
-    # dnssec nutzt.
-    # passt die eintraege in $config_file falls noetig an.
-    while (<$master_dir/*>) {
-        s#($master_dir/)(.*)#$2#;
-        my $zone = $_;
-
-        my $zone_file = "$master_dir/$zone/$zone";
-        my $conf_file = "$conf_dir/$zone";
-        my @c_content;
-
-        unless ( -f "$conf_file" ) {
-            die "$conf_file: $! \n";
-        }
-
-        if ( -e "$master_dir/$zone/.keycounter" ) {
-
-            open( FILE, "<$conf_file" ) or die "$conf_file: $!\n";
-            @c_content = <FILE>;
-            close(FILE);
-
-            for (@c_content) {
-                if (m{(.*)($zone_file)(";)}) {
-                    print "$2 ==> $2.signed\n";
-                    $_ = "$1$2.signed$3\n";
-                }
-            }
-
-            open( FILE, ">$conf_file" ) or die "$conf_file: $!\n";
-            print FILE @c_content;
-            close(FILE);
-            
-        }
-        else {
-
-            open( FILE, "<$conf_file" ) or die "$conf_file: $!\n";
-            @c_content = <FILE>;
-            close(FILE);
-
-            for (@c_content) {
-                if (m{(.*)($zone_file)\.signed(.*)}) {
-                    print "$2.signed ==> $2\n";
-                    $_ = "$1$2$3\n";
-                }
-            }
-    
-            open( FILE, ">$conf_file" ) or die "$conf_file: $!\n";
-            print FILE @c_content;
-            close(FILE);
-        }
-    }
-
-    # erzeugt eine named.conf-datei aus den entsprechenden vorlagen.
-    print "** creat named.conf.zones **\n";
-    open( TO, ">$bind_dir/named.conf.zones" )
-        or die "$bind_dir/named.conf.zones: $!\n";
-    while (<$conf_dir/*>) {
-        open( FROM, "$_" ) or die "$_: $! \n";
-        print TO <FROM>;
-        close(FROM);
-    }
-    close(TO);
-
-    # aufruf von dnssec-killkey
-    print "** execute dnssec-killkey for keyrollover **\n";
-    system "$dnssec_killkey";
-    die "$dnssec_killkey not found ($!)" if $? == -1;
-    exit 1 if $?;
-    
-    # aufruf von dnssec-creatkey
-    print "** execute dnssec-creatkey for keyrollover **\n";
-    system "$dnssec_creatkey";
-    die "$dnssec_creatkey not found ($!)" if $? == -1;
-    exit 1 if $?;
-
-    # aufruf von dnssec-sign
-    print "** execute dnssec-sign for sign-update **\n";
-    system "$dnssec_sign";
-    die "$dnssec_sign not found ($!)" if $? == -1;
-    exit 1 if $?;
-
-    # update-serial
-    print "** update serial **\n";
-    foreach ( $dd, $mm ) { s/^\d$/0$&/; }
-    $yy += 1900;
-    $date = "$yy$mm$dd";
-
-    while ( my $file = shift @Zones ) {
-
-        my $file_basename = basename($file);
-
-        $file =~ s#($master_dir)(/.*)#$1$2$2#;
-        local ( *I, *O );
-        my $done = 0;
-
-        my $new   = "$file.$$.tmp";
-        my $bak   = "$file.bak";
-        my $stamp = $master_dir . "/.stamp/" . basename($file);
-
-        $file =~ /(\.bak|~)$/ and next;
-        $file !~ /\./ and next;
-
-        $verbose && print "$file:";
-
-        if ( -f $stamp && ( ( stat($stamp) )[9] >= ( stat($file) )[9] ) ) {
-            $verbose && print " fresh, skipping.\n";
-            next;
-        }
-
-        $done = 0;
-        push @tmpfiles, $new;
-        open( *I, "<$file" ) or die("Can't open < $file: $!\n");
-        open( *O, ">$new" )  or die("Can't open > $new: $!\n");
-
-        while (<I>) {
-            /^\s+((\d+)(\d{2}))\s*;\s*serial/i and do {    # PATTERN
-                my ( $sdate, $scount, $serial ) = ( $2, $3, $1 );
-                $done = 1;
-                print " [$file] serial $sdate$scount";
-
-                if   ( $date eq $sdate ) { $scount++; }
-                else                     { $sdate = $date; $scount = "00"; }
-
-                print " bumping to $sdate$scount";
-                s/$serial/$sdate$scount/;
-
-            };
-            print O;
-        }
-
-        close(O);
-        close(I);
-
-        if ($done) {
-
-            open( I, "<$new" )  or die("Can't open <$new: $!\n");
-            open( O, ">$file" ) or die("Can't open >$file: $!\n");
-            while (<I>) { print O or die("Can't write to $file: $!\n"); }
-            close(I) or die("Can't close $new: $!\n");
-            close(O) or die("Can't close $file: $!\n");
-
-            unlink $new;
-
-            open( O, ">$stamp" ) or die("Can't open >$stamp: $!\n");
-            close(O);
-            $changed++;
-
-            push @change_names, $file_basename;
-
-        }
-        else {
-            print " $file: no serial number found: no zone file?";
-        }
-        print "\n";
-    }
-
-    my $pidfile;
-
-    unless ($changed == 0) {
-        print "Changed $changed files.\n";
-    }
-
-    foreach (
-        qw(/var/run/bind/run/named.pid /var/run/named.pid /etc/named.pid))
-    {
-        -f $_ and $pidfile = $_ and last;
-    }
-
-    # dnssec-sign aufruf fuer geanderten domains
-    print "** execute dnssec-sign **\n";
-    system "$dnssec_sign @change_names";
-    die "$dnssec_sign not found ($!)" if $? == -1;
-    exit 1 if $?;
-
-    if ($pidfile) {
-        if ($opt_yes) {
-            $_ = "y";
-            print "** Nameserver will be reloaded\n";
-        }
-        else { print "** Reload now? [Y/n]: "; $_ = <STDIN>; }
-        /^y|^$/i and system "rndc reload";
-    }
-    else {
-        print
-            "** No PID of a running named found.  Please reload manually.\n";
-
-    }
-
-}
-