--- a/README Fri Aug 13 10:09:37 2010 +0200
+++ b/README Fri Aug 13 17:00:37 2010 +0200
@@ -1,27 +1,31 @@
Zonedatei erstellen
- zone-mk <kundenname> <domainname>
- - mkready
+ - update-zone
Zonedatei loeschen
- zone-rm
- - mkready
+ - update-zone
-DNSSec benutzen / Schlüßel erstellen
- - dnssec-creatkey
- - dnssec-sign
- - mkready
+neuen ZSK/KSK erstellen
+ - dnssec-creatkey <domain>
+ - update-zone
-neuen KSK und ZSK erstellen
- - dnssec-creatkey <domain>
- - dnssec-sign
- - mkready
+ - dnssec-killkey (nach der Ablauf des Key-Rollover)
+ - update-zone
- - dnssec-killkey (nach der Ablauf des Key-Rollover)
- - mkready
Schluessel loeschen
- dnssec-killkey <domain>
- - mkready
+ - update-zone
+
+
+Signatur update
+ - update-zone
+
+
+Schlüssel update
+ - dnssec-creatkey
+ - update-zone
--- a/dnssec-creatkey Fri Aug 13 10:09:37 2010 +0200
+++ b/dnssec-creatkey Fri Aug 13 17:00:37 2010 +0200
@@ -9,7 +9,7 @@
return ( keys %all );
}
-# liest die Konfiguration ein
+# liest die Konfiguration
my @configs = ( "$FindBin::Bin/dnstools.conf", "/etc/dnstools.conf" );
my %config;
--- a/dnssec-killkey Fri Aug 13 10:09:37 2010 +0200
+++ b/dnssec-killkey Fri Aug 13 17:00:37 2010 +0200
@@ -47,20 +47,33 @@
for (@ARGV) {
chomp( $zone = `idn --quiet $_` );
my $zdir = "$master_dir/$zone";
+ my $ep = 0;
+
unless ( -e "$master_dir/$zone" ) {
print "$zone ist keine verwaltete zone \n";
}
else {
- if ( -e "$zdir/$zone.signed" ) { unlink "$zdir/$zone.signed" }
- if ( -e "$zdir/.keycounter" ) { unlink "$zdir/.keycounter" }
- if ( -e "$zdir/.index.ksk" ) { unlink "$zdir/.index.ksk" }
- if ( -e "$zdir/.index.zsk" ) { unlink "$zdir/.index.zsk" }
- if ( -e "$zdir/dsset-$zone." ) { unlink "$zdir/dsset-$zone." }
- if ( -e "$zdir/keyset-$zone." ) { unlink "$zdir/keyset-$zone." }
- for (`ls $master_dir/$zone/K*[key,private]`) { unlink $_ }
+ if ( -e "$zdir/$zone.signed" ) {
+ unlink "$zdir/$zone.signed" and $ep = 1 }
+ if ( -e "$zdir/.keycounter" ) {
+ unlink "$zdir/.keycounter" and $ep = 1 }
+ if ( -e "$zdir/.index.ksk" ) {
+ unlink "$zdir/.index.ksk" and $ep = 1 }
+ if ( -e "$zdir/.index.zsk" ) {
+ unlink "$zdir/.index.zsk" and $ep = 1 }
+ if ( -e "$zdir/dsset-$zone." ) {
+ unlink "$zdir/dsset-$zone." and $ep = 1 }
+ if ( -e "$zdir/keyset-$zone." ) {
+ unlink "$zdir/keyset-$zone." and $ep = 1 }
- print "keys removed \n";
-
+ for (`ls $master_dir/$zone/K*[key,private]`) {
+ unlink $_ and $ep = 1
+ }
+
+ if ($ep == 1) {
+ print "$zone: keys removed\n";
+ }
+
open( ZONE, "$master_dir/$zone/$zone" )
or die "$master_dir/$zone/$zone: $!\n";
@old_zone_content = <ZONE>;
--- a/dnssec-sign Fri Aug 13 10:09:37 2010 +0200
+++ b/dnssec-sign Fri Aug 13 17:00:37 2010 +0200
@@ -88,49 +88,21 @@
}
#gibt zonen mit schluessel aber ohne signatur in die liste @auto
-for (<$master_dir/*>) {
- s#($master_dir/)(.*)#$2#;
- $zone = $_;
-
- if ( -e "$master_dir/$zone/.keycounter" ) {
-
- open( KC, "$master_dir/$zone/.keycounter" );
- $kc = <KC>;
- close(KC);
-
- if ( $kc < 1 ) {
- push @auto, $zone;
- }
- }
-}
-
-#erhoeht den serial der zone
-for ( &del_double( @auto, @manu ) ) {
- unless ($serial_up == 1) {
- last
- }
-
- $zone = $_;
- my @zonefile = ();
- my $serial;
-
- open ( ZONEFILE, "$master_dir/$zone/$zone")
- or die "$master_dir/$zone/$zone: $!\n";
- @zonefile = <ZONEFILE>;
- close (ZONEFILE);
-
- for (@zonefile) {
- if (m#([0-9]{10}).*;.*serial#) {
- $serial = $1 + 1;
- s#(.*)([0-9]{10})(.*)#$1$serial$3#;
- }
- }
-
- open ( ZONEFILE, ">$master_dir/$zone/$zone")
- or die "$master_dir/$zone/$zone: $!\n";
- print ZONEFILE @zonefile;
- close (ZONEFILE);
-}
+#for (<$master_dir/*>) {
+# s#($master_dir/)(.*)#$2#;
+# $zone = $_;
+#
+# if ( -e "$master_dir/$zone/.keycounter" ) {
+#
+# open( KC, "$master_dir/$zone/.keycounter" );
+# $kc = <KC>;
+# close(KC);
+#
+# if ( $kc < 1 ) {
+# push @auto, $zone;
+# }
+# }
+#}
# signiert alle zonen in @auto und @manu und erhoeht den wert in
# der keycounter-datei
--- a/dnstools.conf Fri Aug 13 10:09:37 2010 +0200
+++ b/dnstools.conf Fri Aug 13 17:00:37 2010 +0200
@@ -6,6 +6,7 @@
abl_zeit = 1 # Dauer des Key-Rollover (2 Schluessel) in h
secondary = hh.schlittermann.de
primary = pu.schlittermann.de
+indexzone = index.zone.eins.lan
#this_host
#this_ip
#this_domain
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/update-index Fri Aug 13 17:00:37 2010 +0200
@@ -0,0 +1,68 @@
+#! /usr/bin/perl
+
+use strict;
+use warnings;
+use File::Basename;
+use FindBin;
+
+# liest die Konfiguration
+my @configs = ( "$FindBin::Bin/dnstools.conf", "/etc/dnstools.conf" );
+my %config;
+
+for ( grep {-f} @configs ) {
+ open( CONFIG, $_ ) or die "Can't open $_: $!\n";
+}
+
+unless ( seek( CONFIG, 0, 0 ) ) {
+ die "Can't open config (searched: @configs)\n";
+}
+
+while (<CONFIG>) {
+ chomp;
+ s/#.*//;
+ s/\t//g;
+ s/\s//g;
+ next unless length;
+ my ( $cname, $ccont ) = split( /\s*=\s*/, $_, 2 );
+ $config{$cname} = $ccont;
+}
+close(CONFIG);
+
+my $master_dir = $config{master_dir};
+my $indexzone = $config{indexzone};
+my @iz_content_old = ();
+my @iz_content_new = ();
+my $iz_line;
+my $zone;
+
+unless ( -d $master_dir and -r $master_dir ) {
+ die "$master_dir: $!\n";
+}
+
+open (INDEXZONE, "$master_dir/$indexzone/$indexzone")
+ or die "$master_dir/$indexzone/$indexzone: $!\n";
+@iz_content_old = <INDEXZONE>,
+close (INDEXZONE);
+
+for (@iz_content_old) {
+ unless (m#ZONE::#) {
+ push @iz_content_new, $_;
+ }
+}
+
+
+for my $dir ( glob "$master_dir/*" ) {
+ $zone = basename($dir);
+
+ $iz_line = "\t\tIN TXT\t\t\"ZONE::$zone\"\n";
+
+ push @iz_content_new, $iz_line;
+}
+
+
+open (INDEXZONE, ">$master_dir/$indexzone/$indexzone")
+ or die "$master_dir/$indexzone/$indexzone: $!\n";
+print INDEXZONE @iz_content_new;
+close (INDEXZONE);
+
+print "index domain $indexzone updated \n";
--- a/update-zone Fri Aug 13 10:09:37 2010 +0200
+++ b/update-zone Fri Aug 13 17:00:37 2010 +0200
@@ -83,10 +83,6 @@
my $date;
$mm++;
-
- # fuehrt automatische aktuallisierungen der zonen durch
- system "$dnssec_sign";
-
# prueft jede domain, die ein verzeichnis in $master_dir hat, ob sie
# dnssec nutzt.
# passt die eintraege in $config_file falls noetig an.
@@ -223,35 +219,32 @@
print "\n";
}
- if ($changed) {
- my $pidfile;
-
+ my $pidfile;
- print
- "** Changed $changed files, the nameserver needs to be reloaded!\n";
- foreach (
- qw(/var/run/bind/run/named.pid /var/run/named.pid /etc/named.pid))
- {
- -f $_ and $pidfile = $_ and last;
- }
+ print
+ "** Changed $changed files, the nameserver needs to be reloaded!\n";
+ foreach (
+ qw(/var/run/bind/run/named.pid /var/run/named.pid /etc/named.pid))
+ {
+ -f $_ and $pidfile = $_ and last;
+ }
- # dnssec-sign aufruf fuer geanderten domains
- system "$dnssec_sign @change_names";
- die "$dnssec_sign not found ($!)" if $? == -1;
- exit 1 if $?;
+ # dnssec-sign aufruf fuer geanderten domains
+ system "$dnssec_sign @change_names";
+ die "$dnssec_sign not found ($!)" if $? == -1;
+ exit 1 if $?;
- if ($pidfile) {
- if ($opt_yes) {
- $_ = "y";
- print "** Nameserver will be reloaded\n";
- }
- else { print "** Reload now? [Y/n]: "; $_ = <STDIN>; }
- /^y|^$/i and system "rndc reload";
+ if ($pidfile) {
+ if ($opt_yes) {
+ $_ = "y";
+ print "** Nameserver will be reloaded\n";
}
- else {
- print
- "** No PID of a running named found. Please reload manually.\n";
- }
+ else { print "** Reload now? [Y/n]: "; $_ = <STDIN>; }
+ /^y|^$/i and system "rndc reload";
+ }
+ else {
+ print
+ "** No PID of a running named found. Please reload manually.\n";
}