--- a/dnssec-creatkey Wed Jun 30 16:48:26 2010 +0200
+++ b/dnssec-creatkey Tue Jul 13 15:32:08 2010 +0200
@@ -1,9 +1,41 @@
#!/bin/bash
+set -e
+
source dnstools.conf
master_dir=$MASTER_DIR
key_counter_end=$KEY_COUNTER_END
+function test_zsk_new { # prueft ob es einen ZSK gibt
+ for zone in $master_dir/*
+ do
+ test -f $zone/${zone##*/}.signed || continue
+ test -f $zone/.index.zsk || echo ${zone##/*/}
+ done
+}
+
+function test_ksk_new { # prueft ob es einen KSK gibt
+ for zone in $master_dir/*
+ do
+ test -f $zone/${zone##*/}.signed || continue
+ test -f $zone/.index.ksk || echo ${zone##/*/}
+ done
+}
+
+function test_zsk_time { # prueft den keycounter
+ for zone in $master_dir/*
+ do
+ test -f $zone/${zone##*/}.signed || continue
+ key_counter_end=$1
+ test -f $zone/keycounter || echo 0 > $zone/keycounter
+ key_counter=`< $zone/keycounter`
+
+ if [ $key_counter_end -le $key_counter ]
+ then
+ echo ${zone##/*/}
+ fi
+ done
+}
#prüft die eingegebnen domains
for utf8domain in $@
@@ -18,33 +50,6 @@
fi
done
-function test_zsk_new { # prueft ob es einen ZSK gibt
- for zone in $master_dir/*
- do
- test -f $zone/index.zsk || echo ${zone##/*/}
- done
-}
-
-function test_ksk_new { # prueft ob es einen KSK gibt
- for zone in $master_dir/*
- do
- test -f $zone/index.ksk || echo ${zone##/*/}
- done
-}
-
-function test_zsk_time { # prueft den keycounter
- for zone in $master_dir/*
- do
- key_counter_end=$1
- test -f $zone/keycounter || echo 0 > $zone/keycounter
- key_counter=`< $zone/keycounter`
-
- if [ $key_counter_end -le $key_counter ]
- then
- echo ${zone##/*/}
- fi
- done
-}
zsk_time=`test_zsk_time $key_counter_end`
zsk_new=`test_zsk_new`
@@ -55,9 +60,9 @@
do
cd $master_dir/$NEW_ZSK_ZONE
echo "erzeugt zsk fuer" $NEW_ZSK_ZONE
- dnssec-keygen -a RSASHA1 -b 512 -n ZONE $NEW_ZSK_ZONE >> index.zsk
- INDEX_ZSK=$( tail -n2 index.zsk )
- echo $INDEX_ZSK | fmt -w1 > index.zsk
+ dnssec-keygen -a RSASHA1 -b 512 -n ZONE $NEW_ZSK_ZONE >> .index.zsk
+ INDEX_ZSK=$( tail -n2 .index.zsk )
+ echo $INDEX_ZSK | fmt -w1 > .index.zsk
echo 0 > keycounter
done
@@ -66,9 +71,9 @@
do
cd $master_dir/$NEW_KSK_ZONE
echo "erzeugt ksk fuer" $NEW_KSK_ZONE
- dnssec-keygen -a RSASHA1 -b 2048 -f KSK -n ZONE $NEW_KSK_ZONE >> index.ksk
- INDEX_KSK=$( tail -n2 index.ksk )
- echo $INDEX_KSK | fmt -w1 > index.ksk
+ dnssec-keygen -a RSASHA1 -b 2048 -f KSK -n ZONE $NEW_KSK_ZONE >> .index.ksk
+ INDEX_KSK=$( tail -n2 .index.ksk )
+ echo $INDEX_KSK | fmt -w1 > .index.ksk
done
@@ -78,7 +83,7 @@
cd $master_dir/$ZONE
#loescht alle Schluessel die nicht in der indexdatei stehen
- rm $(ls K*[key,private] | grep -v "`cat index.zsk`" | grep -v "`cat index.ksk`") 2> /dev/null
+ rm $(ls K*[key,private] | grep -v "`cat .index.zsk`" | grep -v "`cat .index.ksk`") 2> /dev/null
#erzeugt ein backup und entfernt alle schluessel aus der zonedatei
mv $ZONE $ZONE.old
--- a/dnssec-killkey Wed Jun 30 16:48:26 2010 +0200
+++ b/dnssec-killkey Tue Jul 13 15:32:08 2010 +0200
@@ -27,8 +27,8 @@
echo $DNS_KEY > $ZONE_DIR/$DOMAIN/$INDEX # schreibt nur die variable
# DNS_KEY in die indexdatei
- rm $(ls K*[key,private] | grep -v "`cat index.zsk`" | \
- grep -v "`cat index.ksk`") 2> /dev/null # loesche alle schluessel die nicht in der indexdatei
+ rm $(ls K*[key,private] | grep -v "`cat .index.zsk`" | \
+ grep -v "`cat .index.ksk`") 2> /dev/null # loesche alle schluessel die nicht in der indexdatei
# stehen
mv $DOMAIN $DOMAIN.old
grep -v 'DNSKEY' $DOMAIN.old >> $DOMAIN # erzeugt ein backup und entfernt alle schluessel
--- a/mkready Wed Jun 30 16:48:26 2010 +0200
+++ b/mkready Tue Jul 13 15:32:08 2010 +0200
@@ -1,7 +1,10 @@
#!/bin/bash
+set -e
+
BIND_DIR=/etc/bind
cat $BIND_DIR/zones.d/* > $BIND_DIR/named.conf.zones
-
+named-checkconf
+named-checkconf -z
rndc reload
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/templates/named.conf.zone Tue Jul 13 15:32:08 2010 +0200
@@ -0,0 +1,10 @@
+zone "[% domain %]" {
+// Start: [% start %]
+// Invoice: [% customer %]
+// UTF8: [% utf8domain %]
+ type master;
+ file "[% file %]";
+ allow-transfer { localhost; [% primary_ip %]; [% secondary_ip %]; };
+ allow-query { any; };
+ also-notify { [% primary_ip %]; };
+};
--- a/zone-ls Wed Jun 30 16:48:26 2010 +0200
+++ b/zone-ls Tue Jul 13 15:32:08 2010 +0200
@@ -4,27 +4,29 @@
zsklive=$ZSKLIVE
ksklive=$KSKLIVE
+printf "%-25s %2s/%2s %8s\n" "Domain" "ZSK" "KSK" "Endtime"
for zone in $master_dir/*
do
domain=${zone##/*/}
- test -f $zone/index.zsk && anzahl_zsk=`wc -l < $zone/index.zsk` || anzahl_zsk="0"
- test -f $zone/index.ksk && anzahl_ksk=`wc -l < $zone/index.ksk` || anzahl_ksk="0"
+ test -f $zone/.index.zsk && anzahl_zsk=`wc -l < $zone/.index.zsk` || anzahl_zsk="0"
+ test -f $zone/.index.ksk && anzahl_ksk=`wc -l < $zone/.index.ksk` || anzahl_ksk="0"
test -f $zone/keycounter && key_counter=`< $zone/keycounter` || key_counter="0"
if [ -f $zone/$domain.signed ]
then
endtime1=`cat $zone/$domain.signed | egrep 'DNSKEY' | egrep '[0-9]{14}' | head -n1 | cut -d" " -f5`
- endtime2=`echo $endtime1 | cut -c 7-8 ; echo $endtime1 | cut -c 5-6 ; echo $endtime1 | cut -c 1-4`
+ endtime2="${endtime1:6:2} ${endtime1:4:2} ${endtime1:0:4}"
+
else
endtime2="0"
fi
- ausgabe="$domain:keys-$anzahl_zsk/$anzahl_ksk:ablauf-$endtime2:signiert-$key_counter"
+ printf "%-25s %2d/%2d %8s\n" \
+ "$domain" "$anzahl_zsk" "$anzahl_ksk" "$endtime2"
- echo $ausgabe | tr ":" "\t"
done
--- a/zone-mk Wed Jun 30 16:48:26 2010 +0200
+++ b/zone-mk Tue Jul 13 15:32:08 2010 +0200
@@ -18,6 +18,9 @@
# config
source dnstools.conf
+primary=$PRIMARY
+primary_ip=${PRIMARY_IP:-$(dig +short $primary)}
+
secondary=$SECONDARY
secondary_ip=${SECONDARY_IP:-$(dig +short $secondary)}
@@ -72,7 +75,7 @@
cat <<xxx >$zonefile
\$ORIGIN $domain.
\$TTL 1d
-@ IN SOA $this_host. $hostmaster. (
+@ IN SOA $primary. $hostmaster. (
$(date +%Y%m%d00) ; serial
1d ; refresh
2h ; retry
@@ -89,18 +92,17 @@
xxx
- cat <<xxx >$config
-zone "$domain" {
-// Start: $start
-// Invoice: $customer
-// UTF8: $utf8domain
- type master;
- file "$master_dir/$domain/$domain.signed";
- allow-transfer { $secondary_ip; };
- allow-query { any; };
-};
+ tpage \
+ --define domain="$domain" \
+ --define start="$start" \
+ --define customer="$customer" \
+ --define utf8domain="$utf8domain" \
+ --define file="$master_dir/$domain/$domain" \
+ --define primary_ip="$primary_ip" \
+ --define secondary_ip="$secondary_ip" \
+ templates/named.conf.zone \
+ >$config
-xxx
done
--- a/zone-rm Wed Jun 30 16:48:26 2010 +0200
+++ b/zone-rm Tue Jul 13 15:32:08 2010 +0200
@@ -11,7 +11,7 @@
domain=$(idn --quiet $utf8domain )
echo $domain
- test -d $master_dir/$domain && rm -r $master_dir/$domain && echo "-> Zonedatei entfernt"
- test -f $conf_dir/$domain && rm $conf_dir/$domain && echo "-> Konfiguration entfernt"
+ test -d $master_dir/$domain && rm -rf $master_dir/$domain && echo "-> Zonedatei entfernt"
+ test -f $conf_dir/$domain && rm -f $conf_dir/$domain && echo "-> Konfiguration entfernt"
done