--- /dev/null
+arpa.zone.signed
+root-servers.net.signed
+root.zone.signed
+nsd.db
$ORIGIN ARPA.
@ IN SOA A.ROOT-SERVERS.NET. NSTLD.VERISIGN-GRS.COM. (
- 2009091801 ;serial
+ 2009091802 ;serial
1800 ;refresh every 30 min
900 ;retry every 15 min
604800 ;expire after a week
--- /dev/null
+#! /bin/bash
+
+basedir=$(cd `dirname $0`/..; pwd)
+cd $basedir
+
+./bin/dig -p 4053 @127.0.0.1 +dnssec +ignore +norec $@
--- /dev/null
+#! /bin/bash
+
+basedir=$(cd `dirname $0`/..; pwd)
+cd $basedir
+
+./bin/dig -p 4153 @127.0.0.1 +dnssec +ignore +norec $@
+#! /bin/bash
+
+basedir=$(cd `dirname $0`/..; pwd)
+cd $basedir
echo "BIND:"
./bin/dig -p 4053 @127.0.0.1 . ns +dnssec +ignore +norec $@
#! /bin/bash
+basedir=$(cd `dirname $0`/..; pwd)
+cd $basedir
+
f=$1
-echo "Modify root zone and sign.sh"
-read c
-./sign.sh
+echo "Modify zones and sign.sh"
+getkey
+./bin/sign.sh
echo "Restart bind and NSD"
-read c
-./query.sh > $f
+getkey
+./bin/dnskey_query.sh > $f
egrep -e "(BIND|NSD|SIZE)" $f
#/bin/bash
+
+basedir=$(cd `dirname $0`/..; pwd)
+cd $basedir
+
export PATH=$PATH:/home/davidb/src/jdnssec/jdnssec-tools/bin
+
KSK1=keys/K.+008+06820
KSK2=keys/K.+008+36326
KSK3=keys/K.+005+57497
ARPAZSK1=keys/Karpa.+005+64611
jdnssec-signzone -k $KSK1 -f root.zone.signed root.zone $ZSK1
-jdnssec-signzone -k $RSKSK1 -f root-servers.net.signed root-servers.net $RSZSK1
-jdnssec-signzone -k $ARPAKSK1 -f arpa.zone.signed arpa.zone $ARPAZSK1
\ No newline at end of file
+
+jdnssec-signzone -k $ARPAKSK1 -f arpa.zone.signed arpa.zone $ARPAZSK1
+
+jdnssec-signzone -k $RSKSK1 -f root-servers.net.signed \
+ root-servers.net.zone $RSZSK1
zone "root-servers.net." {
type master;
- file "root-servers.net";
+ file "root-servers.net.zone";
#file "root-servers.net.signed";
};
-root-servers.net. 3600000 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2008121200 14400 7200 1209600 3600000
+root-servers.net. 3600000 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2009091800 14400 7200 1209600 3600000
root-servers.net. 3600000 IN NS k.root-servers.net.
root-servers.net. 3600000 IN NS f.root-servers.net.
root-servers.net. 3600000 IN NS j.root-servers.net.
root-servers.net. 3600000 IN NS a.root-servers.net.
+$TTL 86400
+$INCLUDE keys/rs-ksk1
+$INCLUDE keys/rs-zsk1
$TTL 3600000
A.ROOT-SERVERS.NET. A 198.41.0.4
A.ROOT-SERVERS.NET. AAAA 2001:503:BA3E:0:0:0:2:30
; with Verisign Inc.
. IN SOA A.ROOT-SERVERS.NET. NSTLD.VERISIGN-GRS.COM. (
- 2009091801 ;serial
+ 2009091806 ;serial
1800 ;refresh every 30 min
900 ;retry every 15 min
604800 ;expire after a week
E.ROOT-SERVERS.NET. A 192.203.230.10
D.ROOT-SERVERS.NET. A 128.8.10.90
$TTL 86400
+;; DS records (from the iTAR)
+$INCLUDE keys/anchors.mf
+;; Keys
+;; 2048-bit RSA KSKs
$INCLUDE keys/ksk1
;$INCLUDE keys/ksk2
+;; 1024-bit ZSKs
$INCLUDE keys/zsk1
;$INCLUDE keys/zsk2
+;; 1280-bit ZSKs
;$INCLUDE keys/zsk3
;$INCLUDE keys/zsk4
+;; 2048-bit ZSKs
;$INCLUDE keys/zsk5
;$INCLUDE keys/zsk6
-;;
-$INCLUDE anchors.mf
$TTL 172800
ZM. NS HIPPO.RU.AC.ZA.
ZM. NS NS1.ZAMNET.ZM.
named.pid
nsd.pid
-
+nsd.log