dnssec.sh - src

dnssec.sh (493B)

      1 #!/bin/sh
      2 domain=$1
      3 zones=/var/nsd/zones/master
      4 zone=${zones}/${domain}
      5 prv="$HOME/prv/secrets/dns"
      6 
      7 ldns-read-zone -S YYYYMMDDxx ${zone} | doas tee  ${zone}.tosign >/dev/null
      8 ksk=$(find ${prv} -name "K${domain}.+008+*.key" | sort -nr | head -1 | sed 's/\.\///;s/[0-9]\+ //;s/.key$//')
      9 zsk=$(find ${prv} -name "K${domain}.+008+*.key" | sort -n | head -1 | sed 's/\.\///;s/[0-9]\+ //;s/.key$//')
     10 doas ldns-signzone -f ${zone}.signed ${zone}.tosign $ksk $zsk
     11 ldns-verify-zone -V1 "$zone.signed"

	src sauce
	got clone ssh://anon@src.dalliard.ch/src
	log \| files \| refs