mirror of
https://gitlab.isc.org/isc-projects/bind9
synced 2025-08-22 10:10:06 +00:00
Simplify trailing period handling in system tests
Windows systems do not allow a trailing period in file names while Unix
systems do. When BIND system tests are run, the $TP environment
variable is set to an empty string on Windows systems and to "." on Unix
systems. This environment variable is then used by system test scripts
for handling this discrepancy properly.
In multiple system test scripts, a variable holding a zone name is set
to a string with a trailing period while the names of the zone's
corresponding dlvset-* and/or dsset-* files are determined using
numerous sed invocations like the following one:
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
In order to improve code readability, use zone names without trailing
periods and replace sed invocations with variable substitutions.
To retain local consistency, also remove the trailing period from
certain other zone names used in system tests that are not subsequently
processed using sed.
This commit is contained in:
Michał Kępień
parent
79357f93c0
commit
da2c1b74ad
@ -16,29 +16,29 @@ SYSTEMTESTTOP=../..
|
|||||||
|
|
||||||
echo_i "dlv/ns3/sign.sh"
|
echo_i "dlv/ns3/sign.sh"
|
||||||
|
|
||||||
dlvzone="dlv.utld."
|
dlvzone="dlv.utld"
|
||||||
dlvsets=
|
dlvsets=
|
||||||
dssets=
|
dssets=
|
||||||
|
|
||||||
disableddlvzone="disabled-algorithm-dlv.utld."
|
disableddlvzone="disabled-algorithm-dlv.utld"
|
||||||
disableddlvsets=
|
disableddlvsets=
|
||||||
disableddssets=
|
disableddssets=
|
||||||
|
|
||||||
unsupporteddlvzone="unsupported-algorithm-dlv.utld."
|
unsupporteddlvzone="unsupported-algorithm-dlv.utld"
|
||||||
unsupporteddlvsets=
|
unsupporteddlvsets=
|
||||||
unsupporteddssets=
|
unsupporteddssets=
|
||||||
|
|
||||||
# Signed zone below unsigned TLD with DLV entry.
|
# Signed zone below unsigned TLD with DLV entry.
|
||||||
zone=child1.utld.
|
zone=child1.utld
|
||||||
infile=child.db.in
|
infile=child.db.in
|
||||||
zonefile=child1.utld.db
|
zonefile=child1.utld.db
|
||||||
outfile=child1.signed
|
outfile=child1.signed
|
||||||
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
|
dlvsets="$dlvsets dlvset-${zone}${TP}"
|
||||||
|
|
||||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||||
|
|
||||||
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
|
dsfilename=../ns6/dsset-grand.${zone}${TP}
|
||||||
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
|
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
|
||||||
|
|
||||||
$SIGNER -O full -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
$SIGNER -O full -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||||
@ -47,16 +47,16 @@ echo_i "signed $zone"
|
|||||||
|
|
||||||
# Signed zone below unsigned TLD with DLV entry in DLV zone that is signed
|
# Signed zone below unsigned TLD with DLV entry in DLV zone that is signed
|
||||||
# with a disabled algorithm.
|
# with a disabled algorithm.
|
||||||
zone=child3.utld.
|
zone=child3.utld
|
||||||
infile=child.db.in
|
infile=child.db.in
|
||||||
zonefile=child3.utld.db
|
zonefile=child3.utld.db
|
||||||
outfile=child3.signed
|
outfile=child3.signed
|
||||||
disableddlvsets="$disableddlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
|
disableddlvsets="$disableddlvsets dlvset-${zone}${TP}"
|
||||||
|
|
||||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||||
|
|
||||||
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
|
dsfilename=../ns6/dsset-grand.${zone}${TP}
|
||||||
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
|
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
|
||||||
|
|
||||||
$SIGNER -O full -l $disableddlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
$SIGNER -O full -l $disableddlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||||
@ -66,11 +66,11 @@ echo_i "signed $zone"
|
|||||||
# Signed zone below unsigned TLD with DLV entry. This one is slightly
|
# Signed zone below unsigned TLD with DLV entry. This one is slightly
|
||||||
# different because its children (the grandchildren) don't have a DS record in
|
# different because its children (the grandchildren) don't have a DS record in
|
||||||
# this zone. The grandchild zones are served by ns6.
|
# this zone. The grandchild zones are served by ns6.
|
||||||
zone=child4.utld.
|
zone=child4.utld
|
||||||
infile=child.db.in
|
infile=child.db.in
|
||||||
zonefile=child4.utld.db
|
zonefile=child4.utld.db
|
||||||
outfile=child4.signed
|
outfile=child4.signed
|
||||||
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
|
dlvsets="$dlvsets dlvset-${zone}${TP}"
|
||||||
|
|
||||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||||
@ -83,23 +83,23 @@ echo_i "signed $zone"
|
|||||||
|
|
||||||
# Signed zone below unsigned TLD with DLV entry in DLV zone that is signed
|
# Signed zone below unsigned TLD with DLV entry in DLV zone that is signed
|
||||||
# with an unsupported algorithm.
|
# with an unsupported algorithm.
|
||||||
zone=child5.utld.
|
zone=child5.utld
|
||||||
infile=child.db.in
|
infile=child.db.in
|
||||||
zonefile=child5.utld.db
|
zonefile=child5.utld.db
|
||||||
outfile=child5.signed
|
outfile=child5.signed
|
||||||
unsupporteddlvsets="$unsupporteddlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
|
unsupporteddlvsets="$unsupporteddlvsets dlvset-${zone}${TP}"
|
||||||
|
|
||||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||||
|
|
||||||
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
|
dsfilename=../ns6/dsset-grand.${zone}${TP}
|
||||||
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
|
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
|
||||||
|
|
||||||
$SIGNER -O full -l $unsupporteddlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
$SIGNER -O full -l $unsupporteddlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||||
echo_i "signed $zone"
|
echo_i "signed $zone"
|
||||||
|
|
||||||
# Signed zone below unsigned TLD without DLV entry.
|
# Signed zone below unsigned TLD without DLV entry.
|
||||||
zone=child7.utld.
|
zone=child7.utld
|
||||||
infile=child.db.in
|
infile=child.db.in
|
||||||
zonefile=child7.utld.db
|
zonefile=child7.utld.db
|
||||||
outfile=child7.signed
|
outfile=child7.signed
|
||||||
@ -107,7 +107,7 @@ outfile=child7.signed
|
|||||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||||
|
|
||||||
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
|
dsfilename=../ns6/dsset-grand.${zone}${TP}
|
||||||
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
|
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
|
||||||
|
|
||||||
$SIGNER -O full -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
$SIGNER -O full -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||||
@ -116,7 +116,7 @@ echo_i "signed $zone"
|
|||||||
|
|
||||||
# Signed zone below unsigned TLD without DLV entry and no DS records for the
|
# Signed zone below unsigned TLD without DLV entry and no DS records for the
|
||||||
# grandchildren.
|
# grandchildren.
|
||||||
zone=child8.utld.
|
zone=child8.utld
|
||||||
infile=child.db.in
|
infile=child.db.in
|
||||||
zonefile=child8.utld.db
|
zonefile=child8.utld.db
|
||||||
outfile=child8.signed
|
outfile=child8.signed
|
||||||
@ -130,11 +130,11 @@ $SIGNER -O full -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer
|
|||||||
echo_i "signed $zone"
|
echo_i "signed $zone"
|
||||||
|
|
||||||
# Signed zone below unsigned TLD with DLV entry.
|
# Signed zone below unsigned TLD with DLV entry.
|
||||||
zone=child9.utld.
|
zone=child9.utld
|
||||||
infile=child.db.in
|
infile=child.db.in
|
||||||
zonefile=child9.utld.db
|
zonefile=child9.utld.db
|
||||||
outfile=child9.signed
|
outfile=child9.signed
|
||||||
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
|
dlvsets="$dlvsets dlvset-${zone}${TP}"
|
||||||
|
|
||||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||||
@ -146,11 +146,11 @@ echo_i "signed $zone"
|
|||||||
|
|
||||||
# Unsigned zone below an unsigned TLD with DLV entry. We still need to sign
|
# Unsigned zone below an unsigned TLD with DLV entry. We still need to sign
|
||||||
# the zone to generate the DLV set.
|
# the zone to generate the DLV set.
|
||||||
zone=child10.utld.
|
zone=child10.utld
|
||||||
infile=child.db.in
|
infile=child.db.in
|
||||||
zonefile=child10.utld.db
|
zonefile=child10.utld.db
|
||||||
outfile=child10.signed
|
outfile=child10.signed
|
||||||
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
|
dlvsets="$dlvsets dlvset-${zone}${TP}"
|
||||||
|
|
||||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||||
@ -163,11 +163,11 @@ echo_i "signed $zone"
|
|||||||
|
|
||||||
# Zone signed with a disabled algorithm (an algorithm that is disabled in
|
# Zone signed with a disabled algorithm (an algorithm that is disabled in
|
||||||
# one of the test resolvers) with DLV entry.
|
# one of the test resolvers) with DLV entry.
|
||||||
zone=disabled-algorithm.utld.
|
zone=disabled-algorithm.utld
|
||||||
infile=child.db.in
|
infile=child.db.in
|
||||||
zonefile=disabled-algorithm.utld.db
|
zonefile=disabled-algorithm.utld.db
|
||||||
outfile=disabled-algorithm.utld.signed
|
outfile=disabled-algorithm.utld.signed
|
||||||
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
|
dlvsets="$dlvsets dlvset-${zone}${TP}"
|
||||||
|
|
||||||
keyname1=`$KEYGEN -a $DISABLED_ALGORITHM -b $DISABLED_BITS -n zone $zone 2> /dev/null`
|
keyname1=`$KEYGEN -a $DISABLED_ALGORITHM -b $DISABLED_BITS -n zone $zone 2> /dev/null`
|
||||||
keyname2=`$KEYGEN -f KSK -a $DISABLED_ALGORITHM -b $DISABLED_BITS -n zone $zone 2> /dev/null`
|
keyname2=`$KEYGEN -f KSK -a $DISABLED_ALGORITHM -b $DISABLED_BITS -n zone $zone 2> /dev/null`
|
||||||
@ -179,11 +179,11 @@ echo_i "signed $zone"
|
|||||||
|
|
||||||
|
|
||||||
# Zone signed with an unsupported algorithm with DLV entry.
|
# Zone signed with an unsupported algorithm with DLV entry.
|
||||||
zone=unsupported-algorithm.utld.
|
zone=unsupported-algorithm.utld
|
||||||
infile=child.db.in
|
infile=child.db.in
|
||||||
zonefile=unsupported-algorithm.utld.db
|
zonefile=unsupported-algorithm.utld.db
|
||||||
outfile=unsupported-algorithm.utld.signed
|
outfile=unsupported-algorithm.utld.signed
|
||||||
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
|
dlvsets="$dlvsets dlvset-${zone}${TP}"
|
||||||
|
|
||||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||||
@ -195,23 +195,23 @@ awk '$4 == "DNSKEY" { $7 = 255 } $4 == "RRSIG" { $6 = 255 } { print }' ${outfile
|
|||||||
|
|
||||||
cp ${keyname2}.key ${keyname2}.tmp
|
cp ${keyname2}.key ${keyname2}.tmp
|
||||||
awk '$3 == "DNSKEY" { $6 = 255 } { print }' ${keyname2}.tmp > ${keyname2}.key
|
awk '$3 == "DNSKEY" { $6 = 255 } { print }' ${keyname2}.tmp > ${keyname2}.key
|
||||||
cp dlvset-${zone} dlvset-${zone}tmp
|
cp dlvset-${zone}${TP} dlvset-${zone}tmp
|
||||||
awk '$3 == "DLV" { $5 = 255 } { print }' dlvset-${zone}tmp > dlvset-${zone}
|
awk '$3 == "DLV" { $5 = 255 } { print }' dlvset-${zone}tmp > dlvset-${zone}${TP}
|
||||||
|
|
||||||
echo_i "signed $zone"
|
echo_i "signed $zone"
|
||||||
|
|
||||||
# Signed zone below signed TLD with DLV entry and DS set.
|
# Signed zone below signed TLD with DLV entry and DS set.
|
||||||
zone=child1.druz.
|
zone=child1.druz
|
||||||
infile=child.db.in
|
infile=child.db.in
|
||||||
zonefile=child1.druz.db
|
zonefile=child1.druz.db
|
||||||
outfile=child1.druz.signed
|
outfile=child1.druz.signed
|
||||||
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
|
dlvsets="$dlvsets dlvset-${zone}${TP}"
|
||||||
dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
|
dssets="$dssets dsset-${zone}${TP}"
|
||||||
|
|
||||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||||
|
|
||||||
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
|
dsfilename=../ns6/dsset-grand.${zone}${TP}
|
||||||
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
|
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
|
||||||
|
|
||||||
$SIGNER -O full -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
$SIGNER -O full -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||||
@ -220,17 +220,17 @@ echo_i "signed $zone"
|
|||||||
|
|
||||||
# Signed zone below signed TLD with DLV entry and DS set. The DLV zone is
|
# Signed zone below signed TLD with DLV entry and DS set. The DLV zone is
|
||||||
# signed with a disabled algorithm.
|
# signed with a disabled algorithm.
|
||||||
zone=child3.druz.
|
zone=child3.druz
|
||||||
infile=child.db.in
|
infile=child.db.in
|
||||||
zonefile=child3.druz.db
|
zonefile=child3.druz.db
|
||||||
outfile=child3.druz.signed
|
outfile=child3.druz.signed
|
||||||
disableddlvsets="$disableddlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
|
disableddlvsets="$disableddlvsets dlvset-${zone}${TP}"
|
||||||
disableddssets="$disableddssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
|
disableddssets="$disableddssets dsset-${zone}${TP}"
|
||||||
|
|
||||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||||
|
|
||||||
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
|
dsfilename=../ns6/dsset-grand.${zone}${TP}
|
||||||
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
|
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
|
||||||
|
|
||||||
$SIGNER -O full -l $disableddlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
$SIGNER -O full -l $disableddlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||||
@ -239,12 +239,12 @@ echo_i "signed $zone"
|
|||||||
|
|
||||||
# Signed zone below signed TLD with DLV entry and DS set, but missing
|
# Signed zone below signed TLD with DLV entry and DS set, but missing
|
||||||
# DS records for the grandchildren.
|
# DS records for the grandchildren.
|
||||||
zone=child4.druz.
|
zone=child4.druz
|
||||||
infile=child.db.in
|
infile=child.db.in
|
||||||
zonefile=child4.druz.db
|
zonefile=child4.druz.db
|
||||||
outfile=child4.druz.signed
|
outfile=child4.druz.signed
|
||||||
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
|
dlvsets="$dlvsets dlvset-${zone}${TP}"
|
||||||
dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
|
dssets="$dssets dsset-${zone}${TP}"
|
||||||
|
|
||||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||||
@ -257,17 +257,17 @@ echo_i "signed $zone"
|
|||||||
|
|
||||||
# Signed zone below signed TLD with DLV entry and DS set. The DLV zone is
|
# Signed zone below signed TLD with DLV entry and DS set. The DLV zone is
|
||||||
# signed with an unsupported algorithm algorithm.
|
# signed with an unsupported algorithm algorithm.
|
||||||
zone=child5.druz.
|
zone=child5.druz
|
||||||
infile=child.db.in
|
infile=child.db.in
|
||||||
zonefile=child5.druz.db
|
zonefile=child5.druz.db
|
||||||
outfile=child5.druz.signed
|
outfile=child5.druz.signed
|
||||||
unsupporteddlvsets="$unsupporteddlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
|
unsupporteddlvsets="$unsupporteddlvsets dlvset-${zone}${TP}"
|
||||||
unsupporteddssets="$unsupportedssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
|
unsupporteddssets="$unsupportedssets dsset-${zone}${TP}"
|
||||||
|
|
||||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||||
|
|
||||||
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
|
dsfilename=../ns6/dsset-grand.${zone}${TP}
|
||||||
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
|
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
|
||||||
|
|
||||||
$SIGNER -O full -l $unsupporteddlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
$SIGNER -O full -l $unsupporteddlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||||
@ -275,16 +275,16 @@ echo_i "signed $zone"
|
|||||||
|
|
||||||
|
|
||||||
# Signed zone below signed TLD without DLV entry, but with normal DS set.
|
# Signed zone below signed TLD without DLV entry, but with normal DS set.
|
||||||
zone=child7.druz.
|
zone=child7.druz
|
||||||
infile=child.db.in
|
infile=child.db.in
|
||||||
zonefile=child7.druz.db
|
zonefile=child7.druz.db
|
||||||
outfile=child7.druz.signed
|
outfile=child7.druz.signed
|
||||||
dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
|
dssets="$dssets dsset-${zone}${TP}"
|
||||||
|
|
||||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||||
|
|
||||||
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
|
dsfilename=../ns6/dsset-grand.${zone}${TP}
|
||||||
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
|
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
|
||||||
|
|
||||||
$SIGNER -O full -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
$SIGNER -O full -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||||
@ -293,7 +293,7 @@ echo_i "signed $zone"
|
|||||||
|
|
||||||
# Signed zone below signed TLD without DLV entry and no DS set. Also DS
|
# Signed zone below signed TLD without DLV entry and no DS set. Also DS
|
||||||
# records for the grandchildren are not included in the zone.
|
# records for the grandchildren are not included in the zone.
|
||||||
zone=child8.druz.
|
zone=child8.druz
|
||||||
infile=child.db.in
|
infile=child.db.in
|
||||||
zonefile=child8.druz.db
|
zonefile=child8.druz.db
|
||||||
outfile=child8.druz.signed
|
outfile=child8.druz.signed
|
||||||
@ -309,11 +309,11 @@ echo_i "signed $zone"
|
|||||||
|
|
||||||
# Signed zone below signed TLD with DLV entry but no DS set. Also DS
|
# Signed zone below signed TLD with DLV entry but no DS set. Also DS
|
||||||
# records for the grandchildren are not included in the zone.
|
# records for the grandchildren are not included in the zone.
|
||||||
zone=child9.druz.
|
zone=child9.druz
|
||||||
infile=child.db.in
|
infile=child.db.in
|
||||||
zonefile=child9.druz.db
|
zonefile=child9.druz.db
|
||||||
outfile=child9.druz.signed
|
outfile=child9.druz.signed
|
||||||
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
|
dlvsets="$dlvsets dlvset-${zone}${TP}"
|
||||||
|
|
||||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||||
@ -326,12 +326,12 @@ echo_i "signed $zone"
|
|||||||
|
|
||||||
# Unsigned zone below signed TLD with DLV entry and DS set. We still need to
|
# Unsigned zone below signed TLD with DLV entry and DS set. We still need to
|
||||||
# sign the zone to generate the DS sets.
|
# sign the zone to generate the DS sets.
|
||||||
zone=child10.druz.
|
zone=child10.druz
|
||||||
infile=child.db.in
|
infile=child.db.in
|
||||||
zonefile=child10.druz.db
|
zonefile=child10.druz.db
|
||||||
outfile=child10.druz.signed
|
outfile=child10.druz.signed
|
||||||
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
|
dlvsets="$dlvsets dlvset-${zone}${TP}"
|
||||||
dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
|
dssets="$dssets dsset-${zone}${TP}"
|
||||||
|
|
||||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||||
@ -347,23 +347,23 @@ cp $unsupporteddssets ../ns2
|
|||||||
|
|
||||||
# DLV zones
|
# DLV zones
|
||||||
infile=dlv.db.in
|
infile=dlv.db.in
|
||||||
for zone in dlv.utld. disabled-algorithm-dlv.utld. unsupported-algorithm-dlv.utld.
|
for zone in dlv.utld disabled-algorithm-dlv.utld unsupported-algorithm-dlv.utld
|
||||||
do
|
do
|
||||||
zonefile="${zone}db"
|
zonefile="${zone}.db"
|
||||||
outfile="${zone}signed"
|
outfile="${zone}.signed"
|
||||||
|
|
||||||
case $zone in
|
case $zone in
|
||||||
"dlv.utld.")
|
"dlv.utld")
|
||||||
algorithm=$DEFAULT_ALGORITHM
|
algorithm=$DEFAULT_ALGORITHM
|
||||||
bits=$DEFAULT_BITS
|
bits=$DEFAULT_BITS
|
||||||
dlvfiles=$dlvsets
|
dlvfiles=$dlvsets
|
||||||
;;
|
;;
|
||||||
"disabled-algorithm-dlv.utld.")
|
"disabled-algorithm-dlv.utld")
|
||||||
algorithm=$DISABLED_ALGORITHM
|
algorithm=$DISABLED_ALGORITHM
|
||||||
bits=$DISABLED_BITS
|
bits=$DISABLED_BITS
|
||||||
dlvfiles=$disableddlvsets
|
dlvfiles=$disableddlvsets
|
||||||
;;
|
;;
|
||||||
"unsupported-algorithm-dlv.utld.")
|
"unsupported-algorithm-dlv.utld")
|
||||||
algorithm=$DEFAULT_ALGORITHM
|
algorithm=$DEFAULT_ALGORITHM
|
||||||
bits=$DEFAULT_BITS
|
bits=$DEFAULT_BITS
|
||||||
dlvfiles=$unsupporteddlvsets
|
dlvfiles=$unsupporteddlvsets
|
||||||
@ -376,15 +376,15 @@ do
|
|||||||
cat $infile $dlvfiles $keyname1.key $keyname2.key >$zonefile
|
cat $infile $dlvfiles $keyname1.key $keyname2.key >$zonefile
|
||||||
|
|
||||||
case $zone in
|
case $zone in
|
||||||
"dlv.utld.")
|
"dlv.utld")
|
||||||
$SIGNER -O full -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
$SIGNER -O full -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||||
keyfile_to_trusted_keys $keyname2 > ../ns5/trusted-dlv.conf
|
keyfile_to_trusted_keys $keyname2 > ../ns5/trusted-dlv.conf
|
||||||
;;
|
;;
|
||||||
"disabled-algorithm-dlv.utld.")
|
"disabled-algorithm-dlv.utld")
|
||||||
$SIGNER -O full -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
$SIGNER -O full -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||||
keyfile_to_trusted_keys $keyname2 > ../ns8/trusted-dlv-disabled.conf
|
keyfile_to_trusted_keys $keyname2 > ../ns8/trusted-dlv-disabled.conf
|
||||||
;;
|
;;
|
||||||
"unsupported-algorithm-dlv.utld.")
|
"unsupported-algorithm-dlv.utld")
|
||||||
cp ${keyname2}.key ${keyname2}.tmp
|
cp ${keyname2}.key ${keyname2}.tmp
|
||||||
$SIGNER -O full -o $zone -f ${outfile}.tmp $zonefile > /dev/null 2> signer.err || cat signer.err
|
$SIGNER -O full -o $zone -f ${outfile}.tmp $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||||
awk '$4 == "DNSKEY" { $7 = 255 } $4 == "RRSIG" { $6 = 255 } { print }' ${outfile}.tmp > $outfile
|
awk '$4 == "DNSKEY" { $7 = 255 } $4 == "RRSIG" { $6 = 255 } { print }' ${outfile}.tmp > $outfile
|
||||||
|
|||||||
@ -138,7 +138,7 @@ cat "$infile" "$keyname1.key" "$keyname2.key" > "$zonefile"
|
|||||||
|
|
||||||
# Sign the privately secure file
|
# Sign the privately secure file
|
||||||
|
|
||||||
privzone=private.secure.example.
|
privzone=private.secure.example
|
||||||
privinfile=private.secure.example.db.in
|
privinfile=private.secure.example.db.in
|
||||||
privzonefile=private.secure.example.db
|
privzonefile=private.secure.example.db
|
||||||
|
|
||||||
@ -153,7 +153,7 @@ cat "$privinfile" "$privkeyname.key" > "$privzonefile"
|
|||||||
dlvzone=dlv.
|
dlvzone=dlv.
|
||||||
dlvinfile=dlv.db.in
|
dlvinfile=dlv.db.in
|
||||||
dlvzonefile=dlv.db
|
dlvzonefile=dlv.db
|
||||||
dlvsetfile="dlvset-$(echo "$privzone" |sed -e "s/\\.$//g")$TP"
|
dlvsetfile="dlvset-${privzone}${TP}"
|
||||||
|
|
||||||
dlvkeyname=$("$KEYGEN" -q -a "${DEFAULT_ALGORITHM}" -b "${DEFAULT_BITS}" -n zone "$dlvzone")
|
dlvkeyname=$("$KEYGEN" -q -a "${DEFAULT_ALGORITHM}" -b "${DEFAULT_BITS}" -n zone "$dlvzone")
|
||||||
|
|
||||||
|
|||||||
@ -261,7 +261,7 @@ cat "$infile" "$keyname.key" > "$zonefile"
|
|||||||
# A zone that is signed with an unknown DNSKEY algorithm.
|
# A zone that is signed with an unknown DNSKEY algorithm.
|
||||||
# Algorithm 7 is replaced by 100 in the zone and dsset.
|
# Algorithm 7 is replaced by 100 in the zone and dsset.
|
||||||
#
|
#
|
||||||
zone=dnskey-unknown.example.
|
zone=dnskey-unknown.example
|
||||||
infile=dnskey-unknown.example.db.in
|
infile=dnskey-unknown.example.db.in
|
||||||
zonefile=dnskey-unknown.example.db
|
zonefile=dnskey-unknown.example.db
|
||||||
|
|
||||||
@ -273,14 +273,14 @@ cat "$infile" "$keyname.key" > "$zonefile"
|
|||||||
|
|
||||||
awk '$4 == "DNSKEY" { $7 = 100 } $4 == "RRSIG" { $6 = 100 } { print }' ${zonefile}.tmp > ${zonefile}.signed
|
awk '$4 == "DNSKEY" { $7 = 100 } $4 == "RRSIG" { $6 = 100 } { print }' ${zonefile}.tmp > ${zonefile}.signed
|
||||||
|
|
||||||
DSFILE="dsset-$(echo ${zone} |sed -e "s/\\.$//g")$TP"
|
DSFILE="dsset-${zone}${TP}"
|
||||||
$DSFROMKEY -A -f ${zonefile}.signed "$zone" > "$DSFILE"
|
$DSFROMKEY -A -f ${zonefile}.signed "$zone" > "$DSFILE"
|
||||||
|
|
||||||
#
|
#
|
||||||
# A zone that is signed with an unsupported DNSKEY algorithm (3).
|
# A zone that is signed with an unsupported DNSKEY algorithm (3).
|
||||||
# Algorithm 7 is replaced by 255 in the zone and dsset.
|
# Algorithm 7 is replaced by 255 in the zone and dsset.
|
||||||
#
|
#
|
||||||
zone=dnskey-unsupported.example.
|
zone=dnskey-unsupported.example
|
||||||
infile=dnskey-unsupported.example.db.in
|
infile=dnskey-unsupported.example.db.in
|
||||||
zonefile=dnskey-unsupported.example.db
|
zonefile=dnskey-unsupported.example.db
|
||||||
|
|
||||||
@ -292,14 +292,14 @@ cat "$infile" "$keyname.key" > "$zonefile"
|
|||||||
|
|
||||||
awk '$4 == "DNSKEY" { $7 = 255 } $4 == "RRSIG" { $6 = 255 } { print }' ${zonefile}.tmp > ${zonefile}.signed
|
awk '$4 == "DNSKEY" { $7 = 255 } $4 == "RRSIG" { $6 = 255 } { print }' ${zonefile}.tmp > ${zonefile}.signed
|
||||||
|
|
||||||
DSFILE="dsset-$(echo ${zone} |sed -e "s/\\.$//g")$TP"
|
DSFILE="dsset-${zone}${TP}"
|
||||||
$DSFROMKEY -A -f ${zonefile}.signed "$zone" > "$DSFILE"
|
$DSFROMKEY -A -f ${zonefile}.signed "$zone" > "$DSFILE"
|
||||||
|
|
||||||
#
|
#
|
||||||
# A zone with a published unsupported DNSKEY algorithm (Reserved).
|
# A zone with a published unsupported DNSKEY algorithm (Reserved).
|
||||||
# Different from above because this key is not intended for signing.
|
# Different from above because this key is not intended for signing.
|
||||||
#
|
#
|
||||||
zone=dnskey-unsupported-2.example.
|
zone=dnskey-unsupported-2.example
|
||||||
infile=dnskey-unsupported-2.example.db.in
|
infile=dnskey-unsupported-2.example.db.in
|
||||||
zonefile=dnskey-unsupported-2.example.db
|
zonefile=dnskey-unsupported-2.example.db
|
||||||
|
|
||||||
@ -314,7 +314,7 @@ cat "$infile" "$ksk.key" "$zsk.key" unsupported-algorithm.key > "$zonefile"
|
|||||||
# A zone with a unknown DNSKEY algorithm + unknown NSEC3 hash algorithm (-U).
|
# A zone with a unknown DNSKEY algorithm + unknown NSEC3 hash algorithm (-U).
|
||||||
# Algorithm 7 is replaced by 100 in the zone and dsset.
|
# Algorithm 7 is replaced by 100 in the zone and dsset.
|
||||||
#
|
#
|
||||||
zone=dnskey-nsec3-unknown.example.
|
zone=dnskey-nsec3-unknown.example
|
||||||
infile=dnskey-nsec3-unknown.example.db.in
|
infile=dnskey-nsec3-unknown.example.db.in
|
||||||
zonefile=dnskey-nsec3-unknown.example.db
|
zonefile=dnskey-nsec3-unknown.example.db
|
||||||
|
|
||||||
@ -326,7 +326,7 @@ cat "$infile" "$keyname.key" > "$zonefile"
|
|||||||
|
|
||||||
awk '$4 == "DNSKEY" { $7 = 100; print } $4 == "RRSIG" { $6 = 100; print } { print }' ${zonefile}.tmp > ${zonefile}.signed
|
awk '$4 == "DNSKEY" { $7 = 100; print } $4 == "RRSIG" { $6 = 100; print } { print }' ${zonefile}.tmp > ${zonefile}.signed
|
||||||
|
|
||||||
DSFILE="dsset-$(echo ${zone} |sed -e "s/\\.$//g")$TP"
|
DSFILE="dsset-${zone}${TP}"
|
||||||
$DSFROMKEY -A -f ${zonefile}.signed "$zone" > "$DSFILE"
|
$DSFROMKEY -A -f ${zonefile}.signed "$zone" > "$DSFILE"
|
||||||
|
|
||||||
#
|
#
|
||||||
|
|||||||
@ -12,10 +12,10 @@
|
|||||||
SYSTEMTESTTOP=../..
|
SYSTEMTESTTOP=../..
|
||||||
. $SYSTEMTESTTOP/conf.sh
|
. $SYSTEMTESTTOP/conf.sh
|
||||||
|
|
||||||
zone1=good.
|
zone1=good
|
||||||
infile1=good.db.in
|
infile1=good.db.in
|
||||||
zonefile1=good.db
|
zonefile1=good.db
|
||||||
zone2=bad.
|
zone2=bad
|
||||||
infile2=bad.db.in
|
infile2=bad.db.in
|
||||||
zonefile2=bad.db
|
zonefile2=bad.db
|
||||||
|
|
||||||
@ -30,8 +30,8 @@ cat $infile2 $keyname21.key $keyname22.key >$zonefile2
|
|||||||
$SIGNER -P -g -o $zone1 $zonefile1 > /dev/null
|
$SIGNER -P -g -o $zone1 $zonefile1 > /dev/null
|
||||||
$SIGNER -P -g -o $zone2 $zonefile2 > /dev/null
|
$SIGNER -P -g -o $zone2 $zonefile2 > /dev/null
|
||||||
|
|
||||||
DSFILENAME1=dsset-`echo $zone1 |sed -e "s/\.$//g"`$TP
|
DSFILENAME1=dsset-${zone1}${TP}
|
||||||
DSFILENAME2=dsset-`echo $zone2 |sed -e "s/\.$//g"`$TP
|
DSFILENAME2=dsset-${zone2}${TP}
|
||||||
$DSFROMKEY -a SHA-256 $keyname12 > $DSFILENAME1
|
$DSFROMKEY -a SHA-256 $keyname12 > $DSFILENAME1
|
||||||
$DSFROMKEY -a SHA-256 $keyname22 > $DSFILENAME2
|
$DSFROMKEY -a SHA-256 $keyname22 > $DSFILENAME2
|
||||||
|
|
||||||
|
|||||||
@ -82,10 +82,10 @@ signzone () {
|
|||||||
cat $1/$3 $1/$KEYNAME.key > $1/tmp
|
cat $1/$3 $1/$KEYNAME.key > $1/tmp
|
||||||
$SIGNER -P -K $1 -o $2 -f $1/$4 $1/tmp >/dev/null
|
$SIGNER -P -K $1 -o $2 -f $1/$4 $1/tmp >/dev/null
|
||||||
sed -n -e 's/\(.*\) IN DNSKEY \([0-9]\{1,\} [0-9]\{1,\} [0-9]\{1,\}\) \(.*\)/trusted-keys {"\1" \2 "\3";};/p' $1/$KEYNAME.key >>trusted.conf
|
sed -n -e 's/\(.*\) IN DNSKEY \([0-9]\{1,\} [0-9]\{1,\} [0-9]\{1,\}\) \(.*\)/trusted-keys {"\1" \2 "\3";};/p' $1/$KEYNAME.key >>trusted.conf
|
||||||
DSFILENAME=dsset-`echo $2 |sed -e "s/\.$//g"`$TP
|
DSFILENAME=dsset-${2}${TP}
|
||||||
rm $DSFILENAME $1/tmp
|
rm $DSFILENAME $1/tmp
|
||||||
}
|
}
|
||||||
signzone ns2 tld2s. base-tld2s.db tld2s.db
|
signzone ns2 tld2s base-tld2s.db tld2s.db
|
||||||
|
|
||||||
# Performance and a few other checks.
|
# Performance and a few other checks.
|
||||||
cat <<EOF >ns5/rpz-switch
|
cat <<EOF >ns5/rpz-switch
|
||||||
|
|||||||
@ -16,11 +16,11 @@ SYSTESTDIR=wildcard
|
|||||||
|
|
||||||
dssets=
|
dssets=
|
||||||
|
|
||||||
zone=dlv.
|
zone=dlv
|
||||||
infile=dlv.db.in
|
infile=dlv.db.in
|
||||||
zonefile=dlv.db
|
zonefile=dlv.db
|
||||||
outfile=dlv.db.signed
|
outfile=dlv.db.signed
|
||||||
dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
|
dssets="$dssets dsset-${zone}${TP}"
|
||||||
|
|
||||||
keyname1=`$KEYGEN -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
|
keyname1=`$KEYGEN -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
|
||||||
keyname2=`$KEYGEN -f KSK -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
|
keyname2=`$KEYGEN -f KSK -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
|
||||||
@ -30,11 +30,11 @@ cat $infile $keyname1.key $keyname2.key > $zonefile
|
|||||||
$SIGNER -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
$SIGNER -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||||
echo_i "signed $zone"
|
echo_i "signed $zone"
|
||||||
|
|
||||||
zone=nsec.
|
zone=nsec
|
||||||
infile=nsec.db.in
|
infile=nsec.db.in
|
||||||
zonefile=nsec.db
|
zonefile=nsec.db
|
||||||
outfile=nsec.db.signed
|
outfile=nsec.db.signed
|
||||||
dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
|
dssets="$dssets dsset-${zone}${TP}"
|
||||||
|
|
||||||
keyname1=`$KEYGEN -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
|
keyname1=`$KEYGEN -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
|
||||||
keyname2=`$KEYGEN -f KSK -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
|
keyname2=`$KEYGEN -f KSK -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
|
||||||
@ -44,7 +44,7 @@ cat $infile $keyname1.key $keyname2.key > $zonefile
|
|||||||
$SIGNER -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
$SIGNER -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||||
echo_i "signed $zone"
|
echo_i "signed $zone"
|
||||||
|
|
||||||
zone=private.nsec.
|
zone=private.nsec
|
||||||
infile=private.nsec.db.in
|
infile=private.nsec.db.in
|
||||||
zonefile=private.nsec.db
|
zonefile=private.nsec.db
|
||||||
outfile=private.nsec.db.signed
|
outfile=private.nsec.db.signed
|
||||||
@ -59,11 +59,11 @@ echo_i "signed $zone"
|
|||||||
|
|
||||||
keyfile_to_trusted_keys $keyname2 > private.nsec.conf
|
keyfile_to_trusted_keys $keyname2 > private.nsec.conf
|
||||||
|
|
||||||
zone=nsec3.
|
zone=nsec3
|
||||||
infile=nsec3.db.in
|
infile=nsec3.db.in
|
||||||
zonefile=nsec3.db
|
zonefile=nsec3.db
|
||||||
outfile=nsec3.db.signed
|
outfile=nsec3.db.signed
|
||||||
dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
|
dssets="$dssets dsset-${zone}${TP}"
|
||||||
|
|
||||||
keyname1=`$KEYGEN -a NSEC3RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
|
keyname1=`$KEYGEN -a NSEC3RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
|
||||||
keyname2=`$KEYGEN -f KSK -a NSEC3RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
|
keyname2=`$KEYGEN -f KSK -a NSEC3RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
|
||||||
@ -73,7 +73,7 @@ cat $infile $keyname1.key $keyname2.key > $zonefile
|
|||||||
$SIGNER -3 - -H 10 -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
$SIGNER -3 - -H 10 -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||||
echo_i "signed $zone"
|
echo_i "signed $zone"
|
||||||
|
|
||||||
zone=private.nsec3.
|
zone=private.nsec3
|
||||||
infile=private.nsec3.db.in
|
infile=private.nsec3.db.in
|
||||||
zonefile=private.nsec3.db
|
zonefile=private.nsec3.db
|
||||||
outfile=private.nsec3.db.signed
|
outfile=private.nsec3.db.signed
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user