--- a/dnssec-creatkey Wed Aug 11 14:08:33 2010 +0200
+++ b/dnssec-creatkey Thu Aug 12 10:18:58 2010 +0200
@@ -3,6 +3,12 @@
use strict;
use FindBin;
+sub del_double {
+ my %all;
+ grep { $all{$_} = 0 } @_;
+ return ( keys %all );
+}
+
# liest die Konfiguration ein
my @configs = ( "$FindBin::Bin/dnstools.conf", "/etc/dnstools.conf" );
my %config;
@@ -35,7 +41,6 @@
my $zone;
my $keyname;
-
# prueft ob eingaben in ARGV domains sind und gibt sie in die liste @manu
for (@ARGV) {
chomp( my $zone = `idn --quiet "$_"` );
@@ -51,13 +56,14 @@
# prueft ob zonen mit schluesselmaterial ueber index- und keycounterdatei
# verfuegen.
# legt .index.ksk an falls nicht und gibt die entsprechende zone in die
-# liste @change
+# liste @change
while (<$master_dir/*>) {
chomp( $zone = $_ );
- if (-f "$zone/.index.zsk" and
- -f "$zone/.index.ksk" and
- -f "$zone/.keycounter") {
+ if ( -f "$zone/.index.zsk"
+ and -f "$zone/.index.ksk"
+ and -f "$zone/.keycounter" )
+ {
next;
}
@@ -65,26 +71,25 @@
if (m#^K#) {
my $file_in_zone = $_;
- open (KEY,$_) or die "$_: $!\n";
+ open( KEY, $_ ) or die "$_: $!\n";
for (<KEY>) {
if (m#DNSKEY.257#) {
$file_in_zone =~ s#(/.*/)(.*).key#$2#;
- open (INDEX, ">$zone/.index.ksk") or die;
+ open( INDEX, ">$zone/.index.ksk" ) or die;
print INDEX "$file_in_zone\n";
- close (INDEX);
+ close(INDEX);
$zone =~ s#($master_dir/)(.*)#$2#;
push( @change, $zone );
}
}
- close (KEY);
+ close(KEY);
}
}
}
-
# gibt alle zonen mit abgelaufenen keycounter in die liste @change
while (<$master_dir/*>) {
chomp( $zone = $_ );
@@ -105,7 +110,7 @@
}
#erzeugt zsks
-for ( @change, @manu ) {
+for ( &del_double( @change, @manu ) ) {
$zone = $_;
chdir "$master_dir/$zone" or die "$master_dir/$zone: $!\n";
@@ -139,14 +144,14 @@
}
#erzeugt ksks
-for (@manu) {
+for ( &del_double(@manu) ) {
$zone = $_;
chdir "$master_dir/$zone" or die "$master_dir/$zone: $!\n";
$keyname = `dnssec-keygen -a RSASHA1 -b 2048 -f KSK -n ZONE $zone`;
print "creat new KSK for $zone? (no): ";
- unless (<STDIN> =~ m/^yes/) {
+ unless ( <STDIN> =~ m/^yes/ ) {
next;
}
@@ -176,7 +181,7 @@
# loescht alle unbenoetigten schluessel, fuegt die schluessel in
# die zone-datei
-for ( @change, @manu ) {
+for ( &del_double( @change, @manu ) ) {
$zone = $_;
my @old_zone_content = ();
my @new_zone_content = ();
@@ -201,7 +206,7 @@
# kuerzt die schluessel-bezeichnung aus der indexdatei auf die id um sie
# besser vergleichen zu koennen.
- for (@kkeylist, @zkeylist) {
+ for ( @kkeylist, @zkeylist ) {
chomp;
s#K.*\+.*\+(.*)#$1#;
}
@@ -231,7 +236,8 @@
if ( $file =~ /.*key/ ) {
$file =~ s#/.*/(K.*)#$1#;
- push @new_zone_content, "\$INCLUDE \"$file\"\t\t; dnssec-zsk\n" ;
+ push @new_zone_content,
+ "\$INCLUDE \"$file\"\t\t; dnssec-zsk\n";
last;
}
@@ -247,7 +253,8 @@
if ( $file =~ /.*key/ ) {
$file =~ s#/.*/(K.*)#$1#;
- push @new_zone_content, "\$INCLUDE \"$file\"\t\t; dnssec-ksk\n" ;
+ push @new_zone_content,
+ "\$INCLUDE \"$file\"\t\t; dnssec-ksk\n";
last;
}
--- a/dnssec-killkey Wed Aug 11 14:08:33 2010 +0200
+++ b/dnssec-killkey Thu Aug 12 10:18:58 2010 +0200
@@ -3,6 +3,12 @@
use strict;
use FindBin;
+sub del_double {
+ my %all;
+ grep { $all{$_} = 0 } @_;
+ return ( keys %all );
+}
+
# liest die Konfiguration ein
my @configs = ( "$FindBin::Bin/dnstools.conf", "/etc/dnstools.conf" );
my %config;
@@ -129,7 +135,7 @@
# nach abgeschlossenem key-rollover werden fuer die entsprechende zone
# unbenoetigte schluessel entfernt und die vorhandenen schluessel in die
# zonedatei geschrieben.
-for (@auto) {
+for ( &del_double(@auto) ) {
my $zone = $_;
my @old_zone_content = ();
my @new_zone_content = ();
@@ -154,7 +160,7 @@
# kuerzt die schluessel-bezeichnung aus der indexdatei auf die
# id um sie besser vergleichen zu koennen.
- for (@kkeylist, @zkeylist) {
+ for ( @kkeylist, @zkeylist ) {
chomp;
s#K.*\+.*\+(.*)#$1#;
}
@@ -184,7 +190,8 @@
if ( $file =~ /.*key/ ) {
$file =~ s#/.*/(K.*)#$1#;
- push @new_zone_content, "\$INCLUDE \"$file\"\t\t; dnssec-zsk\n" ;
+ push @new_zone_content,
+ "\$INCLUDE \"$file\"\t\t; dnssec-zsk\n";
last;
}
@@ -200,7 +207,8 @@
if ( $file =~ /.*key/ ) {
$file =~ s#/.*/(K.*)#$1#;
- push @new_zone_content, "\$INCLUDE \"$file\"\t\t; dnssec-ksk\n" ;
+ push @new_zone_content,
+ "\$INCLUDE \"$file\"\t\t; dnssec-ksk\n";
last;
}
--- a/dnssec-sign Wed Aug 11 14:08:33 2010 +0200
+++ b/dnssec-sign Thu Aug 12 10:18:58 2010 +0200
@@ -4,6 +4,12 @@
use warnings;
use FindBin;
+sub del_double {
+ my %all;
+ grep { $all{$_} = 0 } @_;
+ return ( keys %all );
+}
+
# liest die Konfiguration ein
my @configs = ( "$FindBin::Bin/dnstools.conf", "/etc/dnstools.conf" );
my %config;
@@ -95,7 +101,7 @@
# signiert alle zonen in @auto und @manu und erhoeht den wert in
# der keycounter-datei
-for ( @auto, @manu ) {
+for ( &del_double( @auto, @manu ) ) {
$zone = $_;
chdir "$master_dir/$zone";
--- a/mkready Wed Aug 11 14:08:33 2010 +0200
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,106 +0,0 @@
-#!/usr/bin/perl
-
-use strict;
-use FindBin;
-
-# liest die Konfiguration ein
-my @configs = ( "$FindBin::Bin/dnstools.conf", "/etc/dnstools.conf" );
-my %config;
-
-foreach ( grep {-f} @configs ) {
- open( CONFIG, $_ ) or die "Can't open $_: $!\n";
-}
-
-unless ( seek( CONFIG, 0, 0 ) ) {
- die "Can't open config (searched: @configs)\n";
-}
-
-while (<CONFIG>) {
- chomp;
- s/#.*//;
- s/\t//g;
- s/\s//g;
- next unless length;
- my ( $cname, $ccont ) = split( /\s*=\s*/, $_, 2 );
- $config{$cname} = $ccont;
-}
-close(CONFIG);
-
-my $bind_dir = $config{bind_dir};
-my $conf_dir = $config{zone_conf_dir};
-my $master_dir = $config{master_dir};
-
-unless ( -d $master_dir and -r $master_dir ) {
- die "$master_dir: $!\n";
-}
-
-unless ( -d $bind_dir and -r $bind_dir ) {
- die "$bind_dir: $!\n";
-}
-
-# prueft jede domain, die ein verzeichnis in $master_dir hat, ob es eine
-# datei $zone_file.signed gibt und ob diese datei in $config_file eingetragen
-# ist.
-# passt die eintraege in $config_file falls noetig an.
-while (<$master_dir/*>) {
- s#($master_dir/)(.*)#$2#;
- my $zone = $_;
-
- my $zone_file = "$master_dir/$zone/$zone";
- my $conf_file = "$conf_dir/$zone";
- my @c_content;
-
- unless ( -f "$conf_file" ) {
- die "$conf_file: $! \n";
- }
-
- if ( -f "$zone_file.signed" ) {
-
- open( FILE, "<$conf_file" ) or die "$conf_file: $!\n";
- @c_content = <FILE>;
- close(FILE);
-
- for (@c_content) {
- if (m{(.*)($zone_file)(";)}) {
- print "$2 ==> $2.signed\n";
- $_ = "$1$2.signed$3\n";
- }
-
- open( FILE, ">$conf_file" ) or die "$conf_file: $!\n";
- print FILE @c_content;
- close(FILE);
-
- }
- }
- else {
-
- open( FILE, "<$conf_file" ) or die "$conf_file: $!\n";
- @c_content = <FILE>;
- close(FILE);
-
- for (@c_content) {
- if (m{(.*)($zone_file)\.signed(.*)}) {
- print "$2.signed ==> $2\n";
- $_ = "$1$2$3\n";
- }
- }
-
- open( FILE, ">$conf_file" ) or die "$conf_file: $!\n";
- print FILE @c_content;
- close(FILE);
- }
-}
-
-# erzeugt eine named.conf-datei aus den entsprechenden vorlagen.
-open( TO, ">$bind_dir/named.conf.zones" )
- or die "$bind_dir/named.conf.zones: $!\n";
-while (<$conf_dir/*>) {
- open( FROM, "$_" ) or die "$_: $! \n";
- print TO <FROM>;
- close(FROM);
-}
-close(TO);
-
-system "named-checkconf";
-system "named-checkconf -z";
-system "rndc reload";
--- a/update-serial Wed Aug 11 14:08:33 2010 +0200
+++ b/update-serial Thu Aug 12 10:18:58 2010 +0200
@@ -4,16 +4,15 @@
# … work in progress do integrate dnssec (branch suess)
#
# Update the serial numbers in zone files
-# The serial number needs to match a specified pattern (see
+# The serial number needs to match a specified pattern (see
# the line marked w/ PATTERN.
-#
+#
# ToDo:
# . test against an md5 sum, not just the date of the stamp file
-# . FIXME: handle `/' in file names (currently only working in
+# . FIXME: handle `/' in file names (currently only working in
# the current directory)
# . optionally reload the named
-
use strict;
use warnings;
@@ -22,9 +21,11 @@
use FindBin;
my @configs = ( "$FindBin::Bin/dnstools.conf", "/etc/dnstools.conf" );
-my @dnssec_signs = ( "$FindBin::Bin/dnssec-sign", "/usr/bin/dnstools/dnssec-sign");
+my @dnssec_signs
+ = ( "$FindBin::Bin/dnssec-sign", "/usr/bin/dnstools/dnssec-sign" );
my %config;
my $dnssec_sign;
+my @change_names = ();
foreach ( grep {-f} @configs ) {
open( CONFIG, $_ ) or die "Can't open $_: $!\n";
@@ -34,15 +35,14 @@
die "Can't open config (searched: @configs)\n";
}
foreach ( grep {-f} @dnssec_signs ) {
- if (-x $_) {
- $dnssec_sign = $_;
- }
- else {
- die "Can't run $_\n"
- }
+ if ( -x $_ ) {
+ $dnssec_sign = $_;
+ }
+ else {
+ die "Can't run $_\n";
+ }
}
-
while (<CONFIG>) {
chomp;
s/#.*//;
@@ -69,114 +69,125 @@
END { cleanup(); }
for (@ARGV) {
- if ($_ eq "-y") {
- $opt_yes = 1;
- shift @ARGV;
- }
+ if ( $_ eq "-y" ) {
+ $opt_yes = 1;
+ shift @ARGV;
+ }
}
@Zones = @ARGV ? @ARGV : glob("$master_dir/*");
+MAIN: {
+ my $changed;
+ my ( $dd, $mm, $yy ) = ( localtime() )[ 3 .. 5 ];
+ my $date;
+ $mm++;
-MAIN: {
- my $changed;
- my ($dd, $mm, $yy) =(localtime())[3..5];
- my $date;
- $mm++;
+ foreach ( $dd, $mm ) { s/^\d$/0$&/; }
+ $yy += 1900;
+ $date = "$yy$mm$dd";
- foreach ($dd, $mm) { s/^\d$/0$&/; }
- $yy += 1900;
- $date = "$yy$mm$dd";
-
+ while ( my $file = shift @Zones ) {
- while (my $file = shift @Zones) {
+ my $file_basename = basename($file);
- my $file_basename = basename($file);
+ $file =~ s#($master_dir)(/.*)#$1$2$2#;
+ local ( *I, *O );
+ my $done = 0;
- $file =~ s#($master_dir)(/.*)#$1$2$2#;
- local (*I, *O);
- my $done = 0;
+ my $new = "$file.$$.tmp";
+ my $bak = "$file.bak";
+ my $stamp = $master_dir . "/.stamp/" . basename($file);
- my $new = "$file.$$.tmp";
- my $bak = "$file.bak";
- my $stamp = $master_dir . "/.stamp/" . basename($file);
+ $file =~ /(\.bak|~)$/ and next;
+ $file !~ /\./ and next;
+
+ $verbose && print "$file:";
- $file =~ /(\.bak|~)$/ and next;
- $file !~ /\./ and next;
-
- $verbose && print "$file:";
+ if ( -f $stamp && ( ( stat($stamp) )[9] >= ( stat($file) )[9] ) ) {
+ $verbose && print " fresh, skipping.\n";
+ next;
+ }
-
- if (-f $stamp && ((stat($stamp))[9] >= (stat($file))[9])) {
- $verbose && print " fresh, skipping.\n";
- next;
- }
+ $done = 0;
+ push @tmpfiles, $new;
+ open( *I, "<$file" ) or die("Can't open < $file: $!\n");
+ open( *O, ">$new" ) or die("Can't open > $new: $!\n");
- $done = 0;
- push @tmpfiles, $new;
- open(*I, "<$file") or die("Can't open < $file: $!\n");
- open(*O, ">$new") or die("Can't open > $new: $!\n");
+ while (<I>) {
+ /^\s+((\d+)(\d{2}))\s*;\s*serial/i and do { # PATTERN
+ my ( $sdate, $scount, $serial ) = ( $2, $3, $1 );
+ $done = 1;
+ print " [$file] serial $sdate$scount";
+
+ if ( $date eq $sdate ) { $scount++; }
+ else { $sdate = $date; $scount = "00"; }
- while (<I>) {
- /^\s+((\d+)(\d{2}))\s*;\s*serial/i and do { # PATTERN
- my ($sdate, $scount, $serial) = ($2, $3, $1);
- $done = 1;
- print " [$file] serial $sdate$scount";
+ print " bumping to $sdate$scount";
+ s/$serial/$sdate$scount/;
- if ($date eq $sdate) { $scount++; }
- else { $sdate = $date; $scount = "00"; }
+ };
+ print O;
+ }
+
+ close(O);
+ close(I);
- print " bumping to $sdate$scount \n";
- s/$serial/$sdate$scount/;
+ if ($done) {
+
+ # copy($file, $bak) or die("Can't copy $file -> $bak: $!\n");
- };
- print O;
- }
+ open( I, "<$new" ) or die("Can't open <$new: $!\n");
+ open( O, ">$file" ) or die("Can't open >$file: $!\n");
+ while (<I>) { print O or die("Can't write to $file: $!\n"); }
+ close(I) or die("Can't close $new: $!\n");
+ close(O) or die("Can't close $file: $!\n");
- close(O); close(I);
-
- if ($done) {
- # copy($file, $bak) or die("Can't copy $file -> $bak: $!\n");
+ unlink $new;
- open(I, "<$new") or die("Can't open <$new: $!\n");
- open(O, ">$file") or die("Can't open >$file: $!\n");
- while (<I>) { print O or die("Can't write to $file: $!\n"); }
- close(I) or die("Can't close $new: $!\n");
- close(O) or die("Can't close $file: $!\n");
+ open( O, ">$stamp" ) or die("Can't open >$stamp: $!\n");
+ close(O);
+ $changed++;
+
+ push @change_names, $file_basename;
- unlink $new;
+ }
+ else {
+ print " $file: no serial number found: no zone file?";
+ }
+ print "\n";
+ }
- open(O, ">$stamp") or die("Can't open >$stamp: $!\n");
- close(O);
- $changed++;
+ if ($changed) {
+ my $pidfile;
- # dnssec - new sign
- system "$dnssec_sign $file_basename";
- die "$dnssec_sign not found ($!)" if $? == -1;
- exit 1 if $?;
+ # dnssec - new sign
+ system "$dnssec_sign @change_names";
+ die "$dnssec_sign not found ($!)" if $? == -1;
+ exit 1 if $?;
- } else {
- print " $file: no serial number found: no zone file?";
- }
- print "\n";
- }
-
- if ($changed) {
- my $pidfile;
+ print
+ "** Changed $changed files, the nameserver needs to be reloaded!\n";
+ foreach (
+ qw(/var/run/bind/run/named.pid /var/run/named.pid /etc/named.pid))
+ {
+ -f $_ and $pidfile = $_ and last;
+ }
- print "** Changed $changed files, the nameserver needs to be reloaded!\n";
- foreach (qw(/var/run/bind/run/named.pid /var/run/named.pid /etc/named.pid)) {
- -f $_ and $pidfile = $_ and last; }
+ if ($pidfile) {
+ if ($opt_yes) {
+ $_ = "y";
+ print "** Nameserver will be reloaded\n";
+ }
+ else { print "** Reload now? [Y/n]: "; $_ = <STDIN>; }
+ /^y|^$/i and system "rndc reload";
+ }
+ else {
+ print
+ "** No PID of a running named found. Please reload manually.\n";
+ }
- if ($pidfile) {
- if ($opt_yes) { $_ = "y"; print "** Nameserver will be reloaded\n"; }
- else { print "** Reload now? [Y/n]: "; $_ = <STDIN>; }
- /^y|^$/i and system "rndc reload";
- } else {
- print "** No PID of a running named found. Please reload manually.\n";
- }
-
- }
+ }
}
# vim:ts=4:sw=4:ai:aw:
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/update-zone Thu Aug 12 10:18:58 2010 +0200
@@ -0,0 +1,124 @@
+#!/usr/bin/perl
+
+use strict;
+use FindBin;
+
+# liest die Konfiguration ein
+my @configs = ( "$FindBin::Bin/dnstools.conf", "/etc/dnstools.conf" );
+my @dnssec_signs
+ = ( "$FindBin::Bin/dnssec-sign", "/usr/bin/dnstools/dnssec-sign" );
+my %config;
+my $dnssec_sign;
+
+for ( grep {-f} @configs ) {
+ open( CONFIG, $_ ) or die "Can't open $_: $!\n";
+}
+unless ( seek( CONFIG, 0, 0 ) ) {
+ die "Can't open config (searched: @configs)\n";
+}
+
+for ( grep {-f} @dnssec_signs ) {
+ if ( -x $_ ) {
+ $dnssec_sign = $_;
+ }
+ else {
+ die "Can't run $_\n";
+ }
+}
+
+while (<CONFIG>) {
+ chomp;
+ s/#.*//;
+ s/\t//g;
+ s/\s//g;
+ next unless length;
+ my ( $cname, $ccont ) = split( /\s*=\s*/, $_, 2 );
+ $config{$cname} = $ccont;
+}
+close(CONFIG);
+
+my $bind_dir = $config{bind_dir};
+my $conf_dir = $config{zone_conf_dir};
+my $master_dir = $config{master_dir};
+
+unless ( -d $master_dir and -r $master_dir ) {
+ die "$master_dir: $!\n";
+}
+
+unless ( -d $bind_dir and -r $bind_dir ) {
+ die "$bind_dir: $!\n";
+}
+
+# dnssec - new sign
+system "$dnssec_sign";
+die "$dnssec_sign not found ($!)" if $? == -1;
+exit 1 if $?;
+
+
+# prueft jede domain, die ein verzeichnis in $master_dir hat, ob es eine
+# datei $zone_file.signed gibt und ob diese datei in $config_file eingetragen
+# ist.
+# passt die eintraege in $config_file falls noetig an.
+while (<$master_dir/*>) {
+ s#($master_dir/)(.*)#$2#;
+ my $zone = $_;
+
+ my $zone_file = "$master_dir/$zone/$zone";
+ my $conf_file = "$conf_dir/$zone";
+ my @c_content;
+
+ unless ( -f "$conf_file" ) {
+ die "$conf_file: $! \n";
+ }
+
+ if ( -f "$zone_file.signed" ) {
+
+ open( FILE, "<$conf_file" ) or die "$conf_file: $!\n";
+ @c_content = <FILE>;
+ close(FILE);
+
+ for (@c_content) {
+ if (m{(.*)($zone_file)(";)}) {
+ print "$2 ==> $2.signed\n";
+ $_ = "$1$2.signed$3\n";
+ }
+
+ open( FILE, ">$conf_file" ) or die "$conf_file: $!\n";
+ print FILE @c_content;
+ close(FILE);
+
+ }
+ }
+ else {
+
+ open( FILE, "<$conf_file" ) or die "$conf_file: $!\n";
+ @c_content = <FILE>;
+ close(FILE);
+
+ for (@c_content) {
+ if (m{(.*)($zone_file)\.signed(.*)}) {
+ print "$2.signed ==> $2\n";
+ $_ = "$1$2$3\n";
+ }
+ }
+
+ open( FILE, ">$conf_file" ) or die "$conf_file: $!\n";
+ print FILE @c_content;
+ close(FILE);
+ }
+}
+
+# erzeugt eine named.conf-datei aus den entsprechenden vorlagen.
+open( TO, ">$bind_dir/named.conf.zones" )
+ or die "$bind_dir/named.conf.zones: $!\n";
+while (<$conf_dir/*>) {
+ open( FROM, "$_" ) or die "$_: $! \n";
+ print TO <FROM>;
+ close(FROM);
+}
+close(TO);
+
+
+system "named-checkconf";
+system "named-checkconf -z";
+system "rndc reload";
--- a/zone-ls Wed Aug 11 14:08:33 2010 +0200
+++ b/zone-ls Thu Aug 12 10:18:58 2010 +0200
@@ -36,7 +36,8 @@
die "$master_dir: $!\n";
}
-printf "%-25s %-8s %1s/%1s %3s %7s\n", "Domain", "Status", "ZSK", "KSK", "Used", "Sig-end";
+printf "%-25s %-8s %1s/%1s %3s %7s\n", "Domain", "Status", "ZSK", "KSK",
+ "Used", "Sig-end";
for my $dir ( glob "$master_dir/*" ) {
@@ -48,7 +49,7 @@
if (/root-servers/) {
$info_status = "FAILED";
last;
- }
+ }
}
if ( not -f "$dir/.index.zsk" ) {
@@ -92,7 +93,8 @@
}
continue {
- printf "%-25s %-8s %1d/%1d %5d %19s\n", $zone, $info_status, $info_zsk, $info_ksk, $info_kc,
+ printf "%-25s %-8s %1d/%1d %5d %19s\n", $zone, $info_status, $info_zsk,
+ $info_ksk, $info_kc,
$info_end;
}