mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-22 01:59:26 +00:00
Code Issues Releases Wiki Activity

Remove contrib/scripts

Browse Source 
The scripts are ancient, trivial and/or unmaintained.
Since switching to Meson, we don't even build `*.in` ones.
This commit is contained in:
Štěpán Balážik 2025-07-08 15:34:42 +02:00
parent 04fb8bcebc
commit c2b800a552
7 changed files with 0 additions and 513 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
bin/tests/system/catz/tests.sh
View File

@ -1402,8 +1402,6 @@ for special in \
this.zone/domain.has.a.slash.dom10.example \
this.zone\\\\domain.has.backslash.dom10.example \
this.zone:domain.has.a.colon.dom.10.example; do
# hashes below are generated by:
# python ${TOP}/contrib/scripts/catzhash.py "${special}"
case "$special" in
this.is.a.very.very.long.long.long.domain.that.will.cause.catalog.zones.to.generate.hash.instead.of.using.regular.filename.dom10.example)

5
contrib/README
View File

@ -15,11 +15,6 @@ This directory contains scripts, tools, and other useful accessories to
BIND 9. Contrib software is not supported by ISC, but reported bugs will
be fixed as time permits.
- scripts/
Assorted useful scripts, including 'zone-edit'
which enables editing of a dynamic zone, and others.
- gitchangelog/
QA utility to produce changelog and release notes from git log.

2
contrib/scripts/.gitignore vendored
View File

@ -1,2 +0,0 @@
check-secure-delegation.pl
zone-edit.sh

34
contrib/scripts/catzhash.py
View File

@ -1,34 +0,0 @@
#!/usr/bin/python
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# SPDX-License-Identifier: MPL-2.0
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, you can obtain one at https://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
# catzhash.py: generate the SHA-1 hash of a domain name in wire format.
#
# This can be used to determine the label to use in a catalog zone to
# represent the specified zone. For example, the zone
# "domain.example" can be represented in a catalog zone called
# "catalog.example" by adding the following record:
#
# 5960775ba382e7a4e09263fc06e7c00569b6a05c.zones.catalog.example. \
# IN PTR domain.example.
#
# The label "5960775ba382e7a4e09263fc06e7c00569b6a05c" is the output of
# this script when run with the argument "domain.example".
import sys
import hashlib
import dns.name
if len(sys.argv) < 2:
print("Usage: %s name" % sys.argv[0])
NAME = dns.name.from_text(sys.argv[1]).to_wire()
print(hashlib.sha1(NAME).hexdigest())

116
contrib/scripts/check-secure-delegation.pl.in
View File

@ -1,116 +0,0 @@
#!@PERL@
#
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# SPDX-License-Identifier: MPL-2.0
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, you can obtain one at https://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
use warnings;
use FileHandle;
use IPC::Open2;
use POSIX qw/strftime/;
#
# We only compare keyid / DNSSEC algorithm pairs. If this succeeds then
# the crypto will likely succeed. If it fails then the crypto will definitely
# fail.
#
$prefix = "@prefix@";
$dig = "$prefix/bin/dig +cd +dnssec +noall +answer";
$dsfromkey = "$prefix/sbin/dnssec-dsfromkey -1 -A -f /dev/stdin";
# Get "now" in a RRSIG datestamp format.
$now = strftime "%Y%m%d%H%M%S", gmtime;
foreach $zone (@ARGV) {
my %algorithms = ();
my %dnskeygood = ();
my %dnskeyalg = ();
my %dnskey = ();
my %dsgood = ();
my %ds = ();
# Read the DS records and extract the key id, algorithm pairs
open(DS, "$dig -t DS -q $zone|") || die("dig DS failed");
while(<DS>) {
@words = split;
if ($words[3] eq "RRSIG" && $words[4] eq "DS") {
next if ($words[8] >= $now && $words[9] <= $now);
print "BAD SIG DATES: $_";
}
next if ($words[3] ne "DS");
$ds{"$words[4] $words[5]"} = 1;
$algorithms{"$words[5]"} = 1;
}
close(DS);
# Read the RRSIG(DNSKEY) records and extract the key id,
# algorithm pairs. Set good if we have a match against the DS
# records. DNSKEY records should be before the RRSIG records.
open(DNSKEY, "$dig -t DNSKEY -q $zone|") || die("dig DNSKEY failed");
while (<DNSKEY>) {
@words = split;
if ($words[3] eq "DNSKEY") {
$dnskeyalg{"$words[6]"} = 1;
next if (! -e "/dev/stdin");
# get the key id ($dswords[3]).
$pid = open2(*Reader, *Writer, "$dsfromkey $zone");
die("dsfromkey failed") if ($pid == -1);
print Writer "$_";
close(Writer);
$line = <Reader>;
close(Reader);
@dswords = split /\s/, $line;
$dnskey{"$dswords[3] $dswords[4]"} = 1;
next;
}
next if ($words[3] ne "RRSIG" || $words[4] ne "DNSKEY");
if ($words[8] >= $now && $words[9] <= $now) {
# If we don't have /dev/stdin then just check for the
# RRSIG otherwise check for both the DNSKEY and
# RRSIG.
$dsgood{"$words[5]"} = 1
if (! -e "/dev/stdin" &&
exists($ds{"$words[10] $words[5]"}));
$dsgood{"$words[5]"} = 1
if (exists($ds{"$words[10] $words[5]"}) &&
exists($dnskey{"$words[10] $words[5]"}));
$dnskeygood{"$words[5]"} = 1
if (! -e "/dev/stdin");
$dnskeygood{"$words[5]"} = 1
if (exists($dnskey{"$words[10] $words[5]"}));
} else {
$dnskeygood{"$words[5]"} = 1;
print "BAD SIG DATES: $_";
}
}
close(DNSKEY);
# Do we have signatures for all DNSKEY algorithms?
foreach $alg ( keys %dnskeyalg ) {
print "Missing $zone DNSKEY RRSIG for algorithm $alg\n"
if (!exists($dnskeygood{$alg}));
}
# Do we have a matching self signed DNSKEY for all DNSSEC algorithms
# in the DS records.
$count = 0;
foreach $alg ( keys %algorithms ) {
if (exists($dsgood{$alg})) {
print "$zone algorithm $alg good " .
"(found DS / self signed DNSKEY pair)\n";
} else {
print "$zone algorithm $alg bad " .
"(no DS / self signed DNSKEY pair found)\n";
}
$count++;
}
print "$zone has no secure delegation records\n"
if (! $count);
}

210
contrib/scripts/check5011.pl
View File

@ -1,210 +0,0 @@
#!/usr/bin/perl
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# SPDX-License-Identifier: MPL-2.0
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, you can obtain one at https://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
use warnings;
use strict;
use POSIX qw(strftime);
my $now = strftime "%Y%m%d%H%M%S", gmtime;
sub ext8601 ($) {
my $d = shift;
$d =~ s{(....)(..)(..)(..)(..)(..)}
{$1-$2-$3.$4:$5:$6+0000};
return $d;
}
sub getkey ($$) {
my $h = shift;
my $k = shift;
m{\s+(\d+)\s+(\d+)\s+(\d+)\s+[(]\s*$};
$k->{flags} = $1;
$k->{protocol} = $2;
$k->{algorithm} = $3;
my $data = "(";
while (<$h>) {
s{^\s+}{};
s{\s+$}{};
last if m{^[)]};
$data .= $_;
}
m{ alg = (\S+)\s*; key id = (\d+)};
$k->{alg} = $1;
$k->{id} = $2;
$k->{data} = $data;
return $k;
}
sub fmtkey ($) {
my $k = shift;
return sprintf "%16s tag %s", $k->{name}, $k->{id};
}
sub printstatus ($) {
my $a = shift;
if ($a->{removehd} ne "19700101000000") {
printf " untrusted and to be removed at %s\n", ext8601 $a->{removehd};
} elsif ($a->{addhd} le $now) {
printf " trusted\n";
} else {
printf " waiting for %s\n", ext8601 $a->{addhd};
}
}
sub digkeys ($) {
my $name = shift;
my $keys;
open my $d, "-|", qw{dig +multiline DNSKEY}, $name;
while (<$d>) {
next unless m{^([a-z0-9.-]*)\s+\d+\s+IN\s+DNSKEY\s+};
next unless $name eq $1;
push @$keys, getkey $d, { name => $name };
}
return $keys;
}
my $anchor;
my $owner = ".";
while (<>) {
next unless m{^([a-z0-9.-]*)\s+KEYDATA\s+(\d+)\s+(\d+)\s+(\d+)\s+};
my $k = getkey *ARGV, {
name => $1,
refresh => $2,
addhd => $3,
removehd => $4,
};
if ($k->{name} eq "") {
$k->{name} = $owner;
} else {
$owner = $k->{name};
}
$k->{name} =~ s{[.]*$}{.};
push @{$anchor->{$k->{name}}}, $k;
}
for my $name (keys %$anchor) {
my $keys = digkeys $name;
my $anchors = $anchor->{$name};
for my $k (@$keys) {
if ($k->{flags} & 1) {
printf "%s %s", fmtkey $k, $k->{alg};
} else {
# ZSK - skipping
next;
}
if ($k->{flags} & 512) {
print " revoked;";
}
my $a;
for my $t (@$anchors) {
if ($t->{data} eq $k->{data} and
$t->{protocol} eq $k->{protocol} and
$t->{algorithm} eq $k->{algorithm}) {
$t->{matched} = 1;
$a = $t;
last;
}
}
if (not defined $a) {
print " no trust anchor\n";
next;
}
printstatus $a;
}
for my $a (@$anchors) {
next if $a->{matched};
printf "%s %s missing;", fmtkey $a, $a->{alg};
printstatus $a;
}
}
exit;
__END__
=head1 NAME
check5011 - summarize DNSSEC trust anchor status
=head1 SYNOPSIS
check5011 <I<managed-keys.bind>>
=head1 DESCRIPTION
The BIND managed-keys file contains DNSSEC trust anchors
that can be automatically updated according to RFC 5011. The
B<check5011> program reads this file and prints a summary of the
status of the trust anchors. It fetches the corresponding
DNSKEY records using B<dig> and compares them to the trust anchors.
Each key is printed on a line with its name, its tag, and its
algorithm, followed by a summary of its status.
=over
=item C<trusted>
The key is currently trusted.
=item C<waiting for ...>
The key is new, and B<named> is waiting for the "add hold-down" period
to pass before the key will be trusted.
=item C<untrusted and to be removed at ...>
The key was revoked and will be removed at the stated time.
=item C<no trust anchor>
The key is present in the DNS but not in the managed-keys file.
=item C<revoked>
The key has its revoked flag set. This is printed before the key's
trust anchor status which should normally be C<untrusted...> if
B<named> has observed the revocation.
=item C<missing>
There is no DNSKEY record for this trust anchor. This is printed
before the key's trust anchor status.
=back
By default the managed keys are stored in a file called
F<managed-keys.bind> in B<named>'s working directory. This location
can be changed with B<named>'s B<managed-keys-directory> option. If
you are using views the file may be named with the SHA256 hash of a
view name with a F<.mkeys> extension added.
=head1 AUTHOR
=over
=item Written by Tony Finch <fanf2@cam.ac.uk> <dot@dotat.at>
=item at the University of Cambridge Computing Service.
=item You may do anything with this. It has no warranty.
=item L<http://creativecommons.org/publicdomain/zero/1.0/>
=back
=head1 SEE ALSO
dig(1), named(8)
=cut

144
contrib/scripts/zone-edit.sh.in
View File

@ -1,144 +0,0 @@
#!/bin/sh
#
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# SPDX-License-Identifier: MPL-2.0
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, you can obtain one at https://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
dir=/tmp/zone-edit.$$
mkdir ${dir} || exit 1
trap "/bin/rm -rf ${dir}" 0
prefix=@prefix@
exec_prefix=@exec_prefix@
bindir=@bindir@
dig=${bindir}/dig
checkzone=${bindir}/named-checkzone
nsupdate=${bindir}/nsupdate
case $# in
0)
echo "Usage: zone-edit <zone> [dig options] [ -- nsupdate options ]"
exit 0
;;
esac
# What kind of echo are we using?
try=$(echo -n "")
if test "X$try" = "X-n "; then
echo_arg=""
bsc="\\c"
else
echo_arg="-n"
bsc=""
fi
zone="${1}"
shift
digopts=
while test $# -ne 0; do
case "${1}" in
--)
shift
break
;;
*)
digopts="$digopts $1"
shift
;;
esac
done
${dig} axfr "$zone" $digopts \
| awk '$4 == "RRSIG" || $4 == "NSEC" || $4 == "NSEC3" || $4 == "NSEC3PARAM" { next; } { print; }' >${dir}/old
if test -s ${dir}/old; then
${checkzone} -q -D "$zone" ${dir}/old >${dir}/ooo
fi
if test -s ${dir}/ooo; then
cp ${dir}/ooo ${dir}/new
while :; do
if ${VISUAL:-${EDITOR:-/bin/ed}} ${dir}/new; then
if ${checkzone} -q -D "$zone" ${dir}/new >${dir}/nnn; then
sort ${dir}/ooo >${dir}/s1
sort ${dir}/nnn >${dir}/s2
comm -23 ${dir}/s1 ${dir}/s2 \
| sed 's/^/update delete /' >${dir}/ccc
comm -13 ${dir}/s1 ${dir}/s2 \
| sed 's/^/update add /' >>${dir}/ccc
if test -s ${dir}/ccc; then
cat ${dir}/ccc | more
while :; do
echo ${echo_arg} "Update (u), Abort (a), Redo (r), Modify (m), Display (d) : $bsc"
read ans
case "$ans" in
u)
(
echo zone "$zone"
cat ${dir}/ccc
echo send
) | ${nsupdate} "$@"
break 2
;;
a)
break 2
;;
d)
cat ${dir}/ccc | more
;;
r)
cp ${dir}/ooo ${dir}/new
break
;;
m)
break
;;
esac
done
else
while :; do
echo ${echo_arg} "Abort (a), Redo (r), Modify (m) : $bsc"
read ans
case "$ans" in
a)
break 2
;;
r)
cp ${dir}/ooo ${dir}/new
break
;;
m)
break
;;
esac
done
fi
else
while :; do
echo ${echo_arg} "Abort (a), Redo (r), Modify (m) : $bsc"
read ans
case "$ans" in
a)
break 2
;;
r)
cp ${dir}/ooo ${dir}/new
break
;;
m)
break
;;
esac
done
fi
fi
done
fi