# HG changeset patch # User asuess@dns.net.schlittermann.de # Date 1281347143 -7200 # Node ID d5337081ed028415a6af7eb792e209500b5a3c0b # Parent 0342c09abf979fe276f6a5e6b159ea83dfc71ed2 advance scripts with perltidy diff -r 0342c09abf97 -r d5337081ed02 README --- a/README Thu Aug 05 10:49:36 2010 +0200 +++ b/README Mon Aug 09 11:45:43 2010 +0200 @@ -1,23 +1,27 @@ Zonedatei erstellen - - mkdomain + - zone-mk - mkready Zonedatei loeschen - - rmdomain + - zone-rm - mkready -dnssec benutzen +DNSSec benutzen / Schlüßel erstellen - dnssec-creatkey - dnssec-sign - mkready -neuen KSK/ZSK erstellen +neuen KSK und ZSK erstellen - dnssec-creatkey - dnssec-sign - mkready - - dnssec-killkeys (nach der ablaufzeit) + - dnssec-killkey (nach der Ablauf des Key-Rollover) - mkready + +Schluessel loeschen + - dnssec-killkey + - mkready diff -r 0342c09abf97 -r d5337081ed02 dnssec-creatkey --- a/dnssec-creatkey Thu Aug 05 10:49:36 2010 +0200 +++ b/dnssec-creatkey Mon Aug 09 11:45:43 2010 +0200 @@ -3,33 +3,31 @@ use strict; use FindBin; - # liest die Konfiguration ein -my @configs = ("$FindBin::Bin/dnstools.conf", "/etc/dnstools.conf"); +my @configs = ( "$FindBin::Bin/dnstools.conf", "/etc/dnstools.conf" ); my %config; -for (grep {-f} @configs) { - open(CONFIG, $_) or die "Can't open $_: $!\n"; +for ( grep {-f} @configs ) { + open( CONFIG, $_ ) or die "Can't open $_: $!\n"; } -unless (seek(CONFIG,0 ,0 )) { - die "Can't open config (searched: @configs)\n" +unless ( seek( CONFIG, 0, 0 ) ) { + die "Can't open config (searched: @configs)\n"; } while () { - chomp; - s/#.*//; - s/\t//g; - s/\s//g; + chomp; + s/#.*//; + s/\t//g; + s/\s//g; - next unless length; - my ($cname, $ccont) = split (/\s*=\s*/, $_,2); - $config{$cname} = $ccont; + next unless length; + my ( $cname, $ccont ) = split( /\s*=\s*/, $_, 2 ); + $config{$cname} = $ccont; } -close (CONFIG); +close(CONFIG); - -my $master_dir = $config{master_dir}; +my $master_dir = $config{master_dir}; my $key_counter_end = $config{key_counter_end}; my @change; my @manu; @@ -39,168 +37,172 @@ # prueft ob eingaben in ARGV domains sind und gibt sie in die liste @manu for (@ARGV) { - chomp (my $zone = `idn --quiet "$_"`); + chomp( my $zone = `idn --quiet "$_"` ); - if (-d "$master_dir/$zone") { - push (@manu, $zone); - } - else { - print " $zone not exist\n "; - } + if ( -d "$master_dir/$zone" ) { + push( @manu, $zone ); + } + else { + print " $zone not exist\n "; + } } - + # gibt alle zonen mit abgelaufenen keycounter in die liste @change while (<$master_dir/*>) { - chomp ($zone = $_); - my $key; + chomp( $zone = $_ ); + my $key; - unless (-f "$zone/.keycounter") { - next - } + unless ( -f "$zone/.keycounter" ) { + next; + } - open (KEY, "$zone/.keycounter") or die "$zone/.keycounter: $!\n"; - $key = ; - close (KEY); + open( KEY, "$zone/.keycounter" ) or die "$zone/.keycounter: $!\n"; + $key = ; + close(KEY); - if ($key_counter_end <= $key) { - $zone =~ s#($master_dir/)(.*)#$2#; - push (@change, $zone); - } + if ( $key_counter_end <= $key ) { + $zone =~ s#($master_dir/)(.*)#$2#; + push( @change, $zone ); + } } #erzeugt zsks -for (@change, @manu) { - $zone = $_; +for ( @change, @manu ) { + $zone = $_; - chdir "$master_dir/$zone" or die "$master_dir/$zone: $!\n"; - $keyname = `dnssec-keygen -a RSASHA1 -b 512 -n ZONE $zone`; + chdir "$master_dir/$zone" or die "$master_dir/$zone: $!\n"; + $keyname = `dnssec-keygen -a RSASHA1 -b 512 -n ZONE $zone`; - unless (-f ".index.zsk") { - @index = (); - } - else { - open (INDEX, ".index.zsk") or die "$master_dir/$zone/.index.zsk: $!\n"; - @index = ; - close (INDEX); - } + unless ( -f ".index.zsk" ) { + @index = (); + } + else { + open( INDEX, ".index.zsk" ) + or die "$master_dir/$zone/.index.zsk: $!\n"; + @index = ; + close(INDEX); + } - push @index, $keyname; - if (@index > 2){ - shift (@index); - } + push @index, $keyname; + if ( @index > 2 ) { + shift(@index); + } - open (INDEX, ">.index.zsk") or die "$master_dir/$zone/.index.zsk: $!\n"; - print INDEX @index; - close (INDEX); + open( INDEX, ">.index.zsk" ) or die "$master_dir/$zone/.index.zsk: $!\n"; + print INDEX @index; + close(INDEX); - chomp ($keyname); - print "$keyname (ZSK) erzeugt fuer $zone \n"; + chomp($keyname); + print "$keyname (ZSK) erzeugt fuer $zone \n"; - open (KC, ">.keycounter") or die "$master_dir/$zone/keycounter: $!\n"; - print KC "0"; - close (KC); + open( KC, ">.keycounter" ) or die "$master_dir/$zone/keycounter: $!\n"; + print KC "0"; + close(KC); } #erzeugt ksks for (@manu) { - $zone = $_; - - chdir "$master_dir/$zone" or die "$master_dir/$zone: $!\n"; - $keyname = `dnssec-keygen -a RSASHA1 -b 2048 -f KSK -n ZONE $zone`; + $zone = $_; - unless (-f ".index.ksk") { - @index = (); - } else { - open (INDEX, ".index.ksk") or die "$master_dir/$zone/.index.ksk: $!\n"; - @index = ; - close (INDEX); - } + chdir "$master_dir/$zone" or die "$master_dir/$zone: $!\n"; + $keyname = `dnssec-keygen -a RSASHA1 -b 2048 -f KSK -n ZONE $zone`; - push @index, $keyname; - if (@index > 2){ - shift (@index); - } + unless ( -f ".index.ksk" ) { + @index = (); + } + else { + open( INDEX, ".index.ksk" ) + or die "$master_dir/$zone/.index.ksk: $!\n"; + @index = ; + close(INDEX); + } - open (INDEX, ">.index.ksk") or die "$master_dir/$zone/.index.ksk: $!\n"; - print INDEX @index; - close (INDEX); + push @index, $keyname; + if ( @index > 2 ) { + shift(@index); + } - chomp ($keyname); - print "$keyname (KSK) erzeugt fuer $zone \n"; + open( INDEX, ">.index.ksk" ) or die "$master_dir/$zone/.index.ksk: $!\n"; + print INDEX @index; + close(INDEX); + + chomp($keyname); + print "$keyname (KSK) erzeugt fuer $zone \n"; } - # loescht alle unbenoetigten schluessel, fuegt die schluessel in # die zone-datei -for (@change, @manu) { - $zone = $_; - my @old_zone_content = (); - my @new_zone_content = (); - my @keylist = (); - my $file = (); - +for ( @change, @manu ) { + $zone = $_; + my @old_zone_content = (); + my @new_zone_content = (); + my @keylist = (); + my $file = (); - open (INDEX, "<$master_dir/$zone/.index.zsk") or die "$master_dir/$zone/.index.zsk: $!\n"; - @keylist = ; - close (INDEX); + open( INDEX, "<$master_dir/$zone/.index.zsk" ) + or die "$master_dir/$zone/.index.zsk: $!\n"; + @keylist = ; + close(INDEX); - open (INDEX, "<$master_dir/$zone/.index.ksk") or die "$master_dir/$zone/.index.ksk: $!\n"; - push @keylist, ; - close (INDEX); + open( INDEX, "<$master_dir/$zone/.index.ksk" ) + or die "$master_dir/$zone/.index.ksk: $!\n"; + push @keylist, ; + close(INDEX); - open (ZONE, "<$master_dir/$zone/$zone") or die "$master_dir/$zone/$zone: $!\n"; - @old_zone_content = ; - close (ZONE); + open( ZONE, "<$master_dir/$zone/$zone" ) + or die "$master_dir/$zone/$zone: $!\n"; + @old_zone_content = ; + close(ZONE); - # kuerzt die schluessel-bezeichnung aus der indexdatei auf die id um sie - # besser vergleichen zu koennen. - for (@keylist) { - chomp; - s#K.*\+.*\+(.*)#$1#; - } + # kuerzt die schluessel-bezeichnung aus der indexdatei auf die id um sie + # besser vergleichen zu koennen. + for (@keylist) { + chomp; + s#K.*\+.*\+(.*)#$1#; + } - # filtert alle schluessel aus der zonedatei - # old_zone_content ==> new_zone_content - for (@old_zone_content) { - unless (/IN\sDNSKEY/) { - push @new_zone_content, $_; - } - } + # filtert alle schluessel aus der zonedatei + # old_zone_content ==> new_zone_content + for (@old_zone_content) { + unless (/IN\sDNSKEY/) { + push @new_zone_content, $_; + } + } - # prueft alle schluesseldateien (ksk, zsk) ob sie in der jeweiligen - # indexdatei beschrieben sind. wenn nicht werden sie geloescht. - for (`ls $master_dir/$zone/K*[key,private]`){ - chomp; - $file = $_; - my $rm_count = 1; + # prueft alle schluesseldateien (ksk, zsk) ob sie in der jeweiligen + # indexdatei beschrieben sind. wenn nicht werden sie geloescht. + for (`ls $master_dir/$zone/K*[key,private]`) { + chomp; + $file = $_; + my $rm_count = 1; + + for (@keylist) { - for (@keylist) { + if ( $file =~ /$_/ ) { + $rm_count = 0; - if ($file =~ /$_/) { - $rm_count = 0; + # schluessel die in der indexdatei standen, werden an die + # zonedatei angehangen. + if ( $file =~ /.*key/ ) { + open( KEYFILE, "<$file" ) or next "$file: $!\n"; + push @new_zone_content, ; + close(KEYFILE); - # schluessel die in der indexdatei standen, werden an die - # zonedatei angehangen. - if ($file =~ /.*key/) { - open (KEYFILE, "<$file") or next "$file: $!\n"; - push @new_zone_content, ; - close (KEYFILE); - - last; - } - } - } + last; + } + } + } - #loescht alle unbenoetigten schluessel - if ($rm_count == 1) { - unlink "$file"; - } - } - + #loescht alle unbenoetigten schluessel + if ( $rm_count == 1 ) { + unlink "$file"; + } + } - open (ZONE, ">$master_dir/$zone/$zone") or die "$master_dir/$zone/$zone: $!\n"; - print ZONE @new_zone_content; - close (ZONE); - - print "$master_dir/$zone/$zone wurde neu erstellt \n"; + open( ZONE, ">$master_dir/$zone/$zone" ) + or die "$master_dir/$zone/$zone: $!\n"; + print ZONE @new_zone_content; + close(ZONE); + + print "$master_dir/$zone/$zone wurde neu erstellt \n"; } diff -r 0342c09abf97 -r d5337081ed02 dnssec-killkey --- a/dnssec-killkey Thu Aug 05 10:49:36 2010 +0200 +++ b/dnssec-killkey Mon Aug 09 11:45:43 2010 +0200 @@ -3,104 +3,107 @@ use strict; use FindBin; - # liest die Konfiguration ein -my @configs = ("$FindBin::Bin/dnstools.conf", "/etc/dnstools.conf"); +my @configs = ( "$FindBin::Bin/dnstools.conf", "/etc/dnstools.conf" ); my %config; -for (grep {-f} @configs) { - open(CONFIG, $_) or die "Can't open $_: $!\n"; +for ( grep {-f} @configs ) { + open( CONFIG, $_ ) or die "Can't open $_: $!\n"; } -unless (seek(CONFIG,0 ,0 )) { - die "Can't open config (searched: @configs)\n" +unless ( seek( CONFIG, 0, 0 ) ) { + die "Can't open config (searched: @configs)\n"; } while () { - chomp; - s/#.*//; - s/\t//g; - s/\s//g; + chomp; + s/#.*//; + s/\t//g; + s/\s//g; - next unless length; - my ($cname, $ccont) = split (/\s*=\s*/, $_,2); - $config{$cname} = $ccont; + next unless length; + my ( $cname, $ccont ) = split( /\s*=\s*/, $_, 2 ); + $config{$cname} = $ccont; } -close (CONFIG); +close(CONFIG); -my $master_dir = $config{master_dir}; +my $master_dir = $config{master_dir}; my $ablauf_zeit = $config{abl_zeit}; my $zone; my @status; my @auto; -chomp (my $now_time=`date +%s`); # aktuelle unixzeit - +chomp( my $now_time = `date +%s` ); # aktuelle unixzeit # prueft zonen aus ARGV und loescht das schluesselmaterial for (@ARGV) { - chomp ($zone = `idn --quiet $_`); - my $zdir = "$master_dir/$zone"; - unless (-e "$master_dir/$zone") { - print "$zone ist keine verwaltete zone \n"; - } else { - if (-e "$zdir/$zone.signed") { unlink "$zdir/$zone.signed"} - if (-e "$zdir/.keycounter") { unlink "$zdir/.keycounter"} - if (-e "$zdir/.index.ksk") { unlink "$zdir/.index.ksk"} - if (-e "$zdir/.index.zsk") { unlink "$zdir/.index.zsk"} - if (-e "$zdir/dsset-$zone.") { unlink "$zdir/dsset-$zone."} - if (-e "$zdir/keyset-$zone.") { unlink "$zdir/keyset-$zone."} - for (`ls $master_dir/$zone/K*[key,private]`){ unlink $_} - } + chomp( $zone = `idn --quiet $_` ); + my $zdir = "$master_dir/$zone"; + unless ( -e "$master_dir/$zone" ) { + print "$zone ist keine verwaltete zone \n"; + } + else { + if ( -e "$zdir/$zone.signed" ) { unlink "$zdir/$zone.signed" } + if ( -e "$zdir/.keycounter" ) { unlink "$zdir/.keycounter" } + if ( -e "$zdir/.index.ksk" ) { unlink "$zdir/.index.ksk" } + if ( -e "$zdir/.index.zsk" ) { unlink "$zdir/.index.zsk" } + if ( -e "$zdir/dsset-$zone." ) { unlink "$zdir/dsset-$zone." } + if ( -e "$zdir/keyset-$zone." ) { unlink "$zdir/keyset-$zone." } + for (`ls $master_dir/$zone/K*[key,private]`) { unlink $_ } + } } # beendet den key-rollover for (<$master_dir/*>) { - $zone = $_; - $zone =~ s#($master_dir/)(.*)#$2#; + $zone = $_; + $zone =~ s#($master_dir/)(.*)#$2#; - my @index = (); - my $index_wc; + my @index = (); + my $index_wc; - # prueft nach der ".index.zsk"-datei und erstellt den zeitpunkt - # an dem das key-rollover endet. - $status[9] - if (-e "$master_dir/$zone/.index.zsk") { - @status = stat("$master_dir/$zone/.index.zsk"); - $status[9] += (3600 * $ablauf_zeit); - } - else { - next; - } + # prueft nach der ".index.zsk"-datei und erstellt den zeitpunkt + # an dem das key-rollover endet. - $status[9] + if ( -e "$master_dir/$zone/.index.zsk" ) { + @status = stat("$master_dir/$zone/.index.zsk"); + $status[9] += ( 3600 * $ablauf_zeit ); + } + else { + next; + } - # prueft ob das key-rollover-ende erreicht ist - unless ($status[9] < $now_time ) { - next; - } + # prueft ob das key-rollover-ende erreicht ist + unless ( $status[9] < $now_time ) { + next; + } - # prueft die anzahl der schluessel in der ".index.zsk" - # loescht alte schluessel - open (INDEX, "$master_dir/$zone/.index.zsk") or die "$master_dir/$zone/.index.zsk: $!\n"; - @index = ; - $index_wc = @index; - close (INDEX); - if ($index_wc > 1) { - open (INDEX, ">$master_dir/$zone/.index.zsk")or die "$master_dir/$zone/.index.zsk: $!\n"; - print INDEX $index[1]; - close (INDEX); - push @auto, $zone; - } + # prueft die anzahl der schluessel in der ".index.zsk" + # loescht alte schluessel + open( INDEX, "$master_dir/$zone/.index.zsk" ) + or die "$master_dir/$zone/.index.zsk: $!\n"; + @index = ; + $index_wc = @index; + close(INDEX); + if ( $index_wc > 1 ) { + open( INDEX, ">$master_dir/$zone/.index.zsk" ) + or die "$master_dir/$zone/.index.zsk: $!\n"; + print INDEX $index[1]; + close(INDEX); + push @auto, $zone; + } - # prueft die anzahl der schluessel in der ".index.ksk" - # loescht alte schluessel - open (INDEX, "$master_dir/$zone/.index.ksk") or die "$master_dir/$zone/.index.ksk: $!\n"; - @index = ; - $index_wc = @index; - close (INDEX); - if ($index_wc > 1) { - open (INDEX, ">$master_dir/$zone/.index.ksk") or die "$master_dir/$zone/.index.ksk: $!\n"; - print INDEX $index[1]; - close (INDEX); - push @auto, $zone; - } + # prueft die anzahl der schluessel in der ".index.ksk" + # loescht alte schluessel + open( INDEX, "$master_dir/$zone/.index.ksk" ) + or die "$master_dir/$zone/.index.ksk: $!\n"; + @index = ; + $index_wc = @index; + close(INDEX); + if ( $index_wc > 1 ) { + open( INDEX, ">$master_dir/$zone/.index.ksk" ) + or die "$master_dir/$zone/.index.ksk: $!\n"; + print INDEX $index[1]; + close(INDEX); + push @auto, $zone; + } } @@ -108,72 +111,76 @@ # unbenoetigte schluessel entfernt und die vorhandenen schluessel in die # zonedatei geschrieben. for (@auto) { - my $zone = $_; - my @old_zone_content = (); - my @new_zone_content = (); - my @keylist = (); - my $file; + my $zone = $_; + my @old_zone_content = (); + my @new_zone_content = (); + my @keylist = (); + my $file; - open (INDEX, "$master_dir/$zone/.index.zsk") or die "$master_dir/$zone/.index.zsk: $!\n"; - @keylist = ; - close (INDEX); + open( INDEX, "$master_dir/$zone/.index.zsk" ) + or die "$master_dir/$zone/.index.zsk: $!\n"; + @keylist = ; + close(INDEX); - open (INDEX, "$master_dir/$zone/.index.ksk") or die "$master_dir/$zone/.index.ksk: $!\n"; - push @keylist, ; - close (INDEX); + open( INDEX, "$master_dir/$zone/.index.ksk" ) + or die "$master_dir/$zone/.index.ksk: $!\n"; + push @keylist, ; + close(INDEX); - open (ZONE, "$master_dir/$zone/$zone") or die "$master_dir/$zone/$zone: $!\n"; - @old_zone_content = ; - close (ZONE); + open( ZONE, "$master_dir/$zone/$zone" ) + or die "$master_dir/$zone/$zone: $!\n"; + @old_zone_content = ; + close(ZONE); - # kuerzt die schluessel-bezeichnung aus der indexdatei auf die - # id um sie besser vergleichen zu koennen. - for (@keylist) { - chomp; - s#K.*\+.*\+(.*)#$1#; - } + # kuerzt die schluessel-bezeichnung aus der indexdatei auf die + # id um sie besser vergleichen zu koennen. + for (@keylist) { + chomp; + s#K.*\+.*\+(.*)#$1#; + } - # filtert alle schluessel aus der zonedatei - # old_zone_content ==> new_zone_content - for (@old_zone_content) { - unless (/IN\sDNSKEY/) { - push @new_zone_content, $_; - } - } + # filtert alle schluessel aus der zonedatei + # old_zone_content ==> new_zone_content + for (@old_zone_content) { + unless (/IN\sDNSKEY/) { + push @new_zone_content, $_; + } + } - # prueft alle schluesseldateien (ksk, zsk) ob sie in der jeweiligen - # indexdatei beschrieben sind. wenn nicht werden sie geloescht. - for (`ls $master_dir/$zone/K*[key,private]`){ - chomp; - $file = $_; - my $rm_count = 1; + # prueft alle schluesseldateien (ksk, zsk) ob sie in der jeweiligen + # indexdatei beschrieben sind. wenn nicht werden sie geloescht. + for (`ls $master_dir/$zone/K*[key,private]`) { + chomp; + $file = $_; + my $rm_count = 1; + + for (@keylist) { - for (@keylist) { + if ( $file =~ /$_/ ) { + $rm_count = 0; - if ($file =~ /$_/) { - $rm_count = 0; + # schluessel die in der indexdatei standen, werden an die + # zonedatei angehangen. + if ( $file =~ /.*key/ ) { + open( KEYFILE, "$file" ) or die "$file: $!\n"; + push @new_zone_content, ; + close(KEYFILE); - # schluessel die in der indexdatei standen, werden an die - # zonedatei angehangen. - if ($file =~ /.*key/) { - open (KEYFILE, "$file") or die "$file: $!\n"; - push @new_zone_content, ; - close (KEYFILE); - - last; - } - } - } + last; + } + } + } - #loescht alle unbenoetigten schluessel - if ($rm_count == 1) { - print `rm -f $file`; - } - } + #loescht alle unbenoetigten schluessel + if ( $rm_count == 1 ) { + print `rm -f $file`; + } + } - open (ZONE, ">$master_dir/$zone/$zone") or die "$master_dir/$zone/$zone: $!\n"; - print ZONE @new_zone_content; - close (ZONE); - - print "$master_dir/$zone/$zone wurde neu erstellt \n"; + open( ZONE, ">$master_dir/$zone/$zone" ) + or die "$master_dir/$zone/$zone: $!\n"; + print ZONE @new_zone_content; + close(ZONE); + + print "$master_dir/$zone/$zone wurde neu erstellt \n"; } diff -r 0342c09abf97 -r d5337081ed02 dnssec-sign --- a/dnssec-sign Thu Aug 05 10:49:36 2010 +0200 +++ b/dnssec-sign Mon Aug 09 11:45:43 2010 +0200 @@ -4,115 +4,116 @@ use warnings; use FindBin; - # liest die Konfiguration ein -my @configs = ("$FindBin::Bin/dnstools.conf", "/etc/dnstools.conf"); +my @configs = ( "$FindBin::Bin/dnstools.conf", "/etc/dnstools.conf" ); my %config; -for (grep {-f} @configs) { - open(CONFIG, $_) or die "Can't open $_: $!\n"; +for ( grep {-f} @configs ) { + open( CONFIG, $_ ) or die "Can't open $_: $!\n"; } -unless (seek(CONFIG,0 ,0 )) { - die "Can't open config (searched: @configs)\n" +unless ( seek( CONFIG, 0, 0 ) ) { + die "Can't open config (searched: @configs)\n"; } while () { - chomp; - s/#.*//; - s/\t//g; - s/\s//g; + chomp; + s/#.*//; + s/\t//g; + s/\s//g; - next unless length; - my ($cname, $ccont) = split (/\s*=\s*/, $_,2); - $config{$cname} = $ccont; + next unless length; + my ( $cname, $ccont ) = split( /\s*=\s*/, $_, 2 ); + $config{$cname} = $ccont; } -close (CONFIG); +close(CONFIG); -my $master_dir=$config{master_dir} ; -my $sign_alert_time=$config{sign_alert_time}; +my $master_dir = $config{master_dir}; +my $sign_alert_time = $config{sign_alert_time}; my $zone; -my (@manu, @auto); +my ( @manu, @auto ); my @zone_sig_content; my $sig_date; my $kc; # prueft zonen aus ARGV und fuegt sie in die liste @manu ein for (@ARGV) { - chomp (my $zone = `idn --quiet "$_"`); + chomp( my $zone = `idn --quiet "$_"` ); - if (-e "$master_dir/$zone") { - push @manu, $zone; - } else { - print "$zone ist keine verwaltete zone \n"; - } + if ( -e "$master_dir/$zone" ) { + push @manu, $zone; + } + else { + print "$zone ist keine verwaltete zone \n"; + } } -chomp (my $unixtime=`date +%s`); -$unixtime = $unixtime + (3600 * $sign_alert_time); +chomp( my $unixtime = `date +%s` ); +$unixtime = $unixtime + ( 3600 * $sign_alert_time ); my $time = `date -d \@$unixtime +%Y%m%d%H`; # vergleicht fuer alle zonen im ordner $master_dir mit einer # .signed-datei den zeitpunkt in $time mit dem ablaufdatum der # signatur, welcher aus der datei .signed ausgelesen wird. for (<$master_dir/*>) { - s#($master_dir/)(.*)#$2#; - $zone = $_; + s#($master_dir/)(.*)#$2#; + $zone = $_; - if (-e "$master_dir/$zone/$zone.signed") { + if ( -e "$master_dir/$zone/$zone.signed" ) { - open (ZONE, "$master_dir/$zone/$zone.signed"); - @zone_sig_content = ; - close (ZONE); + open( ZONE, "$master_dir/$zone/$zone.signed" ); + @zone_sig_content = ; + close(ZONE); - for (@zone_sig_content) { - if (m#SOA.*[0-9]{14}#) { - s#.*([0-9]{10})([0-9]{4}).*#$1#; - if ($_ < $time) { - push @auto, $zone; - } - } - } - } + for (@zone_sig_content) { + if (m#SOA.*[0-9]{14}#) { + s#.*([0-9]{10})([0-9]{4}).*#$1#; + if ( $_ < $time ) { + push @auto, $zone; + } + } + } + } } #gibt zonen mit schluessel aber ohne signatur in die liste @auto for (<$master_dir/*>) { - s#($master_dir/)(.*)#$2#; - $zone = $_; + s#($master_dir/)(.*)#$2#; + $zone = $_; - if (-e "$master_dir/$zone/.keycounter") { + if ( -e "$master_dir/$zone/.keycounter" ) { - open (KC, "$master_dir/$zone/.keycounter" ); - $kc = ; - close (KC); + open( KC, "$master_dir/$zone/.keycounter" ); + $kc = ; + close(KC); - if ( $kc < 1) { - push @auto, $zone; - } - } + if ( $kc < 1 ) { + push @auto, $zone; + } + } } # signiert alle zonen in @auto und @manu und erhoeht den wert in # der keycounter-datei -for (@auto, @manu) { - $zone = $_ ; +for ( @auto, @manu ) { + $zone = $_; - chdir "$master_dir/$zone"; + chdir "$master_dir/$zone"; - if (`dnssec-signzone $zone 2>/dev/null`) { - print "$zone neu signiert \n"; + if (`dnssec-signzone $zone 2>/dev/null`) { + print "$zone neu signiert \n"; - open (KC, "$master_dir/$zone/.keycounter" ); - $kc = ; - close (KC); - $kc += 1; - open (KC, ">$master_dir/$zone/.keycounter" ); - print KC $kc; - close (KC); + open( KC, "$master_dir/$zone/.keycounter" ); + $kc = ; + close(KC); + $kc += 1; + open( KC, ">$master_dir/$zone/.keycounter" ); + print KC $kc; + close(KC); - } else { - print "$zone konnte nicht signiert werden \n"; - } + } + else { + print "$zone konnte nicht signiert werden \n"; + } } diff -r 0342c09abf97 -r d5337081ed02 dnstools.conf --- a/dnstools.conf Thu Aug 05 10:49:36 2010 +0200 +++ b/dnstools.conf Mon Aug 09 11:45:43 2010 +0200 @@ -1,9 +1,9 @@ bind_dir = /etc/bind master_dir = /etc/bind/master zone_conf_dir = /etc/bind/zones.d -key_counter_end = 5 # Anzahl der maximalen Signierungen bis zum Key-Rollover -sign_alert_time = 48 # Warn-Zeitraum vor dem ablauf einer Zone-Signatur in h -abl_zeit = 48 # Dauer des Key-Rollover in h +key_counter_end = 5 # Anzahl der Signierungen bis zum Key-Rollover +sign_alert_time = 48 # Warn-Zeitraum vor dem Ablauf einer Zone-Signatur in h +abl_zeit = 48 # Dauer des Key-Rollover (2 Schluessel) in h secondary = hh.schlittermann.de primary = pu.schlittermann.de #this_host diff -r 0342c09abf97 -r d5337081ed02 mkready --- a/mkready Thu Aug 05 10:49:36 2010 +0200 +++ b/mkready Mon Aug 09 11:45:43 2010 +0200 @@ -3,105 +3,104 @@ use strict; use FindBin; - # liest die Konfiguration ein -my @configs = ("$FindBin::Bin/dnstools.conf", "/etc/dnstools.conf"); +my @configs = ( "$FindBin::Bin/dnstools.conf", "/etc/dnstools.conf" ); my %config; -foreach (grep {-f} @configs) { - open(CONFIG, $_) or die "Can't open $_: $!\n"; +foreach ( grep {-f} @configs ) { + open( CONFIG, $_ ) or die "Can't open $_: $!\n"; } -unless (seek(CONFIG,0 ,0 )) { - die "Can't open config (searched: @configs)\n" +unless ( seek( CONFIG, 0, 0 ) ) { + die "Can't open config (searched: @configs)\n"; } while () { - chomp; - s/#.*//; - s/\t//g; - s/\s//g; - next unless length; - my ($cname, $ccont) = split (/\s*=\s*/, $_,2); - $config{$cname} = $ccont; + chomp; + s/#.*//; + s/\t//g; + s/\s//g; + next unless length; + my ( $cname, $ccont ) = split( /\s*=\s*/, $_, 2 ); + $config{$cname} = $ccont; } -close (CONFIG); +close(CONFIG); -my $bind_dir = $config{bind_dir}; -my $conf_dir = $config{zone_conf_dir}; +my $bind_dir = $config{bind_dir}; +my $conf_dir = $config{zone_conf_dir}; my $master_dir = $config{master_dir}; -unless (-d $master_dir and -r $master_dir) { - die "$master_dir: $!\n"; +unless ( -d $master_dir and -r $master_dir ) { + die "$master_dir: $!\n"; } -unless (-d $bind_dir and -r $bind_dir) { - die "$bind_dir: $!\n"; +unless ( -d $bind_dir and -r $bind_dir ) { + die "$bind_dir: $!\n"; } # prueft jede domain, die ein verzeichnis in $master_dir hat, ob es eine -# datei $zone_file.signed gibt und ob diese datei in $config_file eingetragen +# datei $zone_file.signed gibt und ob diese datei in $config_file eingetragen # ist. # passt die eintraege in $config_file falls noetig an. while (<$master_dir/*>) { - s#($master_dir/)(.*)#$2#; - my $zone = $_; + s#($master_dir/)(.*)#$2#; + my $zone = $_; - my $zone_file = "$master_dir/$zone/$zone"; - my $conf_file = "$conf_dir/$zone"; - my @c_content; + my $zone_file = "$master_dir/$zone/$zone"; + my $conf_file = "$conf_dir/$zone"; + my @c_content; - unless (-f "$conf_file" ) { - die "$conf_file: $! \n"; - } + unless ( -f "$conf_file" ) { + die "$conf_file: $! \n"; + } - if (-f "$zone_file.signed") { + if ( -f "$zone_file.signed" ) { - open (FILE, "<$conf_file") or die "$conf_file: $!\n"; - @c_content = ; - close (FILE); + open( FILE, "<$conf_file" ) or die "$conf_file: $!\n"; + @c_content = ; + close(FILE); - for (@c_content) { - if (m{(.*)($zone_file)(";)}) { - print "$2 ==> $2.signed\n"; - $_ = "$1$2.signed$3\n"; - } + for (@c_content) { + if (m{(.*)($zone_file)(";)}) { + print "$2 ==> $2.signed\n"; + $_ = "$1$2.signed$3\n"; + } - open (FILE, ">$conf_file") or die "$conf_file: $!\n"; - print FILE @c_content; - close (FILE); + open( FILE, ">$conf_file" ) or die "$conf_file: $!\n"; + print FILE @c_content; + close(FILE); - } - } - else { + } + } + else { + + open( FILE, "<$conf_file" ) or die "$conf_file: $!\n"; + @c_content = ; + close(FILE); - open (FILE, "<$conf_file") or die "$conf_file: $!\n"; - @c_content = ; - close (FILE); - - for (@c_content) { - if (m{(.*)($zone_file)\.signed(.*)}) { - print "$2.signed ==> $2\n"; - $_ = "$1$2$3\n"; - } - } + for (@c_content) { + if (m{(.*)($zone_file)\.signed(.*)}) { + print "$2.signed ==> $2\n"; + $_ = "$1$2$3\n"; + } + } - open (FILE, ">$conf_file") or die "$conf_file: $!\n"; - print FILE @c_content; - close (FILE); - } + open( FILE, ">$conf_file" ) or die "$conf_file: $!\n"; + print FILE @c_content; + close(FILE); + } } # erzeugt eine named.conf-datei aus den entsprechenden vorlagen. -open( TO, ">$bind_dir/named.conf.zones") or die "$bind_dir/named.conf.zones: $!\n"; +open( TO, ">$bind_dir/named.conf.zones" ) + or die "$bind_dir/named.conf.zones: $!\n"; while (<$conf_dir/*>) { - open (FROM, "$_") or die "$_: $! \n"; - print TO ; - close (FROM); + open( FROM, "$_" ) or die "$_: $! \n"; + print TO ; + close(FROM); } close(TO); - system "named-checkconf"; system "named-checkconf -z"; system "rndc reload"; diff -r 0342c09abf97 -r d5337081ed02 zone-ls --- a/zone-ls Thu Aug 05 10:49:36 2010 +0200 +++ b/zone-ls Mon Aug 09 11:45:43 2010 +0200 @@ -5,86 +5,94 @@ use File::Basename; use FindBin; - # liest die Konfiguration ein -my @configs = ("$FindBin::Bin/dnstools.conf", "/etc/dnstools.conf"); +my @configs = ( "$FindBin::Bin/dnstools.conf", "/etc/dnstools.conf" ); my %config; -for (grep {-f} @configs) { - open(CONFIG, $_) or die "Can't open $_: $!\n"; +for ( grep {-f} @configs ) { + open( CONFIG, $_ ) or die "Can't open $_: $!\n"; } -unless (seek(CONFIG,0 ,0 )) { - die "Can't open config (searched: @configs)\n" +unless ( seek( CONFIG, 0, 0 ) ) { + die "Can't open config (searched: @configs)\n"; } while () { - chomp; - s/#.*//; - s/\t//g; - s/\s//g; - next unless length; - my ($cname, $ccont) = split (/\s*=\s*/, $_,2); - $config{$cname} = $ccont; + chomp; + s/#.*//; + s/\t//g; + s/\s//g; + next unless length; + my ( $cname, $ccont ) = split( /\s*=\s*/, $_, 2 ); + $config{$cname} = $ccont; } -close (CONFIG); - +close(CONFIG); my $master_dir = $config{master_dir}; -my $zone; -my ($info_zsk, $info_ksk, $info_kc, $info_end); +my $zone; +my ( $info_zsk, $info_ksk, $info_kc, $info_end, $info_status ); -unless (-d $master_dir and -r $master_dir) { - die "$master_dir: $!\n"; +unless ( -d $master_dir and -r $master_dir ) { + die "$master_dir: $!\n"; } - -printf "%-25s %1s/%1s %3s %7s\n", "Domain", "ZSK", "KSK", "Used", "Sig-end"; +printf "%-25s %-8s %1s/%1s %3s %7s\n", "Domain", "Status", "ZSK", "KSK", "Used", "Sig-end"; -foreach my $dir (glob "$master_dir/*") { - - $zone = basename($dir); +for my $dir ( glob "$master_dir/*" ) { + + $zone = basename($dir); - if (not -f "$dir/.index.zsk") { - $info_zsk = $info_ksk = $info_kc = 0; - $info_end = "-"; - next; + # prueft mit dig nach der zone + $info_status = "OK"; + for (`dig \@localhost $zone`) { + if (/root-servers/) { + $info_status = "FAILD"; + last; } + } - # prueft wie viele zsks genutzt werden - close(FILE); - open(FILE, $_ = "<$dir/.index.zsk") or die "Can't open $_: $!\n"; - () = ; - $info_zsk = $.; + if ( not -f "$dir/.index.zsk" ) { + $info_zsk = $info_ksk = $info_kc = 0; + $info_end = "-"; + next; + } - # prueft wie viele ksks genutzt werden - close(FILE); - open(FILE, $_ = "<$dir/.index.ksk") or die "Can't open $_: $!\n"; - () = ; - $info_ksk = $.; + # prueft wie viele zsks genutzt werden + close(FILE); + open( FILE, $_ = "<$dir/.index.zsk" ) or die "Can't open $_: $!\n"; + () = ; + $info_zsk = $.; - # prueft wie oft die schluessel zum signieren genutzt wurden - open(FILE, $_ = "<$dir/.keycounter") or die "Can't open $_: $!\n"; - chomp ($info_kc = ); + # prueft wie viele ksks genutzt werden + close(FILE); + open( FILE, $_ = "<$dir/.index.ksk" ) or die "Can't open $_: $!\n"; + () = ; + $info_ksk = $.; - # prueft das ablaufdatum - if (!-f "$dir/$zone.signed") { - $info_end = "-"; - next; - } - - open(FILE, $_ = "<$dir/$zone.signed") or die "Can't open $_: $!\n"; - while () { - $info_end = "$+{day}.$+{mon}.$+{year} $+{hour}:$+{min}" - if /RSIG.*SOA.*\s + # prueft wie oft die schluessel zum signieren genutzt wurden + open( FILE, $_ = "<$dir/.keycounter" ) or die "Can't open $_: $!\n"; + chomp( $info_kc = ); + + # prueft das ablaufdatum + if ( !-f "$dir/$zone.signed" ) { + $info_end = "-"; + next; + } + + open( FILE, $_ = "<$dir/$zone.signed" ) or die "Can't open $_: $!\n"; + while () { + $info_end = "$+{day}.$+{mon}.$+{year} $+{hour}:$+{min}" + if /RSIG.*SOA.*\s (?\d\d\d\d) (?\d\d) (?\d\d) (?\d\d) (?\d\d)\d+\s\(/ix; - } + } -} continue { - printf "%-25s %1d/%1d %5d %19s\n", $zone, $info_zsk, $info_ksk, $info_kc, $info_end; +} +continue { + printf "%-25s %-8s %1d/%1d %5d %19s\n", $zone, $info_status, $info_zsk, $info_ksk, $info_kc, + $info_end; } diff -r 0342c09abf97 -r d5337081ed02 zone-mk --- a/zone-mk Thu Aug 05 10:49:36 2010 +0200 +++ b/zone-mk Mon Aug 09 11:45:43 2010 +0200 @@ -3,128 +3,132 @@ use strict; use FindBin; -if (@ARGV < 2) { - print "usage: zone-mk kundennummer domain ... \n"; - exit 1; +if ( @ARGV < 2 ) { + print "usage: zone-mk kundennummer domain ... \n"; + exit 1; } # oeffnet Konfigurations- und Templatefiles - relativ oder absolut -my @configs = ("$FindBin::Bin/dnstools.conf", "/etc/dnstools.conf"); -my @templc = ("$FindBin::Bin/templates/named.config","/etc/dnstools/templates/named.config"); -my @templz = ("$FindBin::Bin/templates/named.zone","/etc/dnstools/templates/named.zone"); +my @configs = ( "$FindBin::Bin/dnstools.conf", "/etc/dnstools.conf" ); +my @templc = ( + "$FindBin::Bin/templates/named.config", + "/etc/dnstools/templates/named.config" +); +my @templz = ( + "$FindBin::Bin/templates/named.zone", + "/etc/dnstools/templates/named.zone" +); my %config; -for (grep {-f} @configs) { - open(CONFIG, $_) or die "Can't open $_: $!\n"; +for ( grep {-f} @configs ) { + open( CONFIG, $_ ) or die "Can't open $_: $!\n"; } -unless (seek(CONFIG,0 ,0 )) { - die "Can't open config (searched: @configs)\n"; +unless ( seek( CONFIG, 0, 0 ) ) { + die "Can't open config (searched: @configs)\n"; } -for (grep {-f} @templc) { - open(TEMPCONF, $_) or die "Can't open $_: $!\n"; +for ( grep {-f} @templc ) { + open( TEMPCONF, $_ ) or die "Can't open $_: $!\n"; } -unless (seek(TEMPCONF,0 ,0 )) { - die "Can't open config (searched: @templc)\n"; +unless ( seek( TEMPCONF, 0, 0 ) ) { + die "Can't open config (searched: @templc)\n"; } -for (grep {-f} @templz) { - open(TEMPZONE, $_) or die "Can't open $_: $!\n"; +for ( grep {-f} @templz ) { + open( TEMPZONE, $_ ) or die "Can't open $_: $!\n"; } -unless (seek(TEMPZONE,0 ,0 )) { - die "Can't open config (searched: @templz)\n"; +unless ( seek( TEMPZONE, 0, 0 ) ) { + die "Can't open config (searched: @templz)\n"; } while () { - chomp; - s/#.*//; - s/\t//g; - s/\s//g; - next unless length; - my ($cname, $ccont) = split (/\s*=\s*/, $_,2); - $config{$cname} = $ccont; + chomp; + s/#.*//; + s/\t//g; + s/\s//g; + next unless length; + my ( $cname, $ccont ) = split( /\s*=\s*/, $_, 2 ); + $config{$cname} = $ccont; } -close (CONFIG); - +close(CONFIG); -my $primary = $config{primary}; -my $secondary= $config{secondary}; -my $zone_conf_dir= $config{zone_conf_dir}; -my $master_dir = $config{master_dir}; -my $customer = shift @ARGV; -chomp (my $primary_ip = `dig +short $primary`); -chomp (my $secondary_ip = `dig +short $secondary`); -chomp (my $this_host= `hostname -f`); -chomp (my $this_ip= `hostname -i`); -chomp (my $this_domain = `hostname -d`); -chomp (my $time = `date +%Y%m%d00`); -chomp (my $start= `date -I`); +my $primary = $config{primary}; +my $secondary = $config{secondary}; +my $zone_conf_dir = $config{zone_conf_dir}; +my $master_dir = $config{master_dir}; +my $customer = shift @ARGV; +chomp( my $primary_ip = `dig +short $primary` ); +chomp( my $secondary_ip = `dig +short $secondary` ); +chomp( my $this_host = `hostname -f` ); +chomp( my $this_ip = `hostname -i` ); +chomp( my $this_domain = `hostname -d` ); +chomp( my $time = `date +%Y%m%d00` ); +chomp( my $start = `date -I` ); my $hostmaster = "hostmaster.$this_domain"; -unless (-d $master_dir and -r $master_dir) { - die "$master_dir: $!\n"; +unless ( -d $master_dir and -r $master_dir ) { + die "$master_dir: $!\n"; } -unless (-d $zone_conf_dir and -r $zone_conf_dir) { - die "$master_dir: $!\n"; +unless ( -d $zone_conf_dir and -r $zone_conf_dir ) { + die "$master_dir: $!\n"; } - # legt fuer jede domain in @ARGV ein verzeichnis in $master_dir an. # schreibt aus den angegebenen templates die dateien $zonefile und $config # in die entsprechenden verzeichnisse. for (@ARGV) { - chomp (my $domain = `idn --quiet "$_"`); - my $zonefile = "$master_dir/$domain/$domain"; - my $config = "$zone_conf_dir/$domain"; - my $utf8domain = "$_"; + chomp( my $domain = `idn --quiet "$_"` ); + my $zonefile = "$master_dir/$domain/$domain"; + my $config = "$zone_conf_dir/$domain"; + my $utf8domain = "$_"; - unless ( -d "$master_dir/$domain") { - `mkdir $master_dir/$domain`; - } + unless ( -d "$master_dir/$domain" ) { + `mkdir $master_dir/$domain`; + } - if (-f $zonefile) { - $zonefile =~ s#/.*/##; - print "$zonefile exists. Skipping $domain\n"; - next; - } - if (-f $config) { - $config =~ s#/.*/##; - print "$config exists. Skipping $domain\n"; - next; - } + if ( -f $zonefile ) { + $zonefile =~ s#/.*/##; + print "$zonefile exists. Skipping $domain\n"; + next; + } + if ( -f $config ) { + $config =~ s#/.*/##; + print "$config exists. Skipping $domain\n"; + next; + } - print "$domain ($_) for $customer \n"; + print "$domain ($_) for $customer \n"; - my @tempzone = ; - for (@tempzone) { - s##$start#; - s##$domain#; - s#