options {
dnssec-enable yes;
listen-on port $port { 127.0.0.1; };
+ minimal-responses yes;
pid-file "pdns.pid";
};
__EOF__
for zone in $(grep zone named.conf | cut -f2 -d\")
do
+
+ if [ ! -f $zone.bind ]
+ then
+ cp $zone $zone.bind
+ fi
+
if [ "$1" != "unsigned" ]
then
if [ ! "${zone: 0:16}" = "secure-delegated" ]
ksk="Ksecure-delegated.dnssec-parent.com.+008+54319"
fi
zsk=$(dnssec-keygen -r/dev/urandom -a RSASHA256 -b 1024 -n ZONE $zone)
- fi
- if [ ! -f $zone.bind ]
- then
- cp $zone $zone.bind
+ echo "\$include $ksk.key ; KSK" >> $zone.bind
+ echo "\$include $zsk.key ; ZSK" >> $zone.bind
fi
- echo "\$include $ksk.key ; KSK" >> $zone.bind
- echo "\$include $zsk.key ; ZSK" >> $zone.bind
-
case $1 in
nsec)
dnssec-signzone -o $zone -f $zone.signed $zone.bind
fi
;;
unsigned)
- cp ${zonefile} ${zone}.signed
+ cp ${zone}.bind ${zone}.signed
;;
*)
echo 'tonsd called with wrong param'
exit 1
esac
+
echo "" >> bind.conf
echo "zone \"${zone}\" {" >> bind.conf
echo " type master;" >> bind.conf
if [ -s "./failed_tests" ]
then
- set +x
for t in `cat failed_tests`
do
echo -e "\n\n$t"