From e3317bbd67b1fa1029791f3f8029aecedcdb178f Mon Sep 17 00:00:00 2001 From: David Blacka Date: Fri, 18 Sep 2009 19:34:42 -0400 Subject: [PATCH] some housecleaning --- .gitignore | 4 ++++ zones/arpa.zone => arpa.zone | 2 +- bin/digbind.sh | 6 ++++++ bin/dignsd.sh | 6 ++++++ bin/{query.sh => dnskey_query.sh} | 4 ++++ bin/do.sh | 13 ++++++++----- bin/sign.sh | 12 ++++++++++-- named.conf | 2 +- zones/root-servers.net => root-servers.net.zone | 5 ++++- zones/root.zone => root.zone | 11 ++++++++--- run/.gitignore | 2 +- 11 files changed, 53 insertions(+), 14 deletions(-) create mode 100644 .gitignore rename zones/arpa.zone => arpa.zone (98%) create mode 100755 bin/digbind.sh create mode 100755 bin/dignsd.sh rename bin/{query.sh => dnskey_query.sh} (70%) rename zones/root-servers.net => root-servers.net.zone (91%) rename zones/root.zone => root.zone (99%) diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..67f187a --- /dev/null +++ b/.gitignore @@ -0,0 +1,4 @@ +arpa.zone.signed +root-servers.net.signed +root.zone.signed +nsd.db diff --git a/zones/arpa.zone b/arpa.zone similarity index 98% rename from zones/arpa.zone rename to arpa.zone index 84c1f2b..5f39f15 100644 --- a/zones/arpa.zone +++ b/arpa.zone @@ -6,7 +6,7 @@ $ORIGIN ARPA. @ IN SOA A.ROOT-SERVERS.NET. NSTLD.VERISIGN-GRS.COM. ( - 2009091801 ;serial + 2009091802 ;serial 1800 ;refresh every 30 min 900 ;retry every 15 min 604800 ;expire after a week diff --git a/bin/digbind.sh b/bin/digbind.sh new file mode 100755 index 0000000..670ede3 --- /dev/null +++ b/bin/digbind.sh @@ -0,0 +1,6 @@ +#! /bin/bash + +basedir=$(cd `dirname $0`/..; pwd) +cd $basedir + +./bin/dig -p 4053 @127.0.0.1 +dnssec +ignore +norec $@ diff --git a/bin/dignsd.sh b/bin/dignsd.sh new file mode 100755 index 0000000..972ae1a --- /dev/null +++ b/bin/dignsd.sh @@ -0,0 +1,6 @@ +#! /bin/bash + +basedir=$(cd `dirname $0`/..; pwd) +cd $basedir + +./bin/dig -p 4153 @127.0.0.1 +dnssec +ignore +norec $@ diff --git a/bin/query.sh b/bin/dnskey_query.sh similarity index 70% rename from bin/query.sh rename to bin/dnskey_query.sh index bedcd1e..74dd340 100755 --- a/bin/query.sh +++ b/bin/dnskey_query.sh @@ -1,3 +1,7 @@ +#! /bin/bash + +basedir=$(cd `dirname $0`/..; pwd) +cd $basedir echo "BIND:" ./bin/dig -p 4053 @127.0.0.1 . ns +dnssec +ignore +norec $@ diff --git a/bin/do.sh b/bin/do.sh index 44c5e65..63e6c29 100755 --- a/bin/do.sh +++ b/bin/do.sh @@ -1,11 +1,14 @@ #! /bin/bash +basedir=$(cd `dirname $0`/..; pwd) +cd $basedir + f=$1 -echo "Modify root zone and sign.sh" -read c -./sign.sh +echo "Modify zones and sign.sh" +getkey +./bin/sign.sh echo "Restart bind and NSD" -read c -./query.sh > $f +getkey +./bin/dnskey_query.sh > $f egrep -e "(BIND|NSD|SIZE)" $f diff --git a/bin/sign.sh b/bin/sign.sh index eeca588..680b996 100755 --- a/bin/sign.sh +++ b/bin/sign.sh @@ -1,5 +1,10 @@ #/bin/bash + +basedir=$(cd `dirname $0`/..; pwd) +cd $basedir + export PATH=$PATH:/home/davidb/src/jdnssec/jdnssec-tools/bin + KSK1=keys/K.+008+06820 KSK2=keys/K.+008+36326 KSK3=keys/K.+005+57497 @@ -15,5 +20,8 @@ ARPAKSK1=keys/Karpa.+005+52246 ARPAZSK1=keys/Karpa.+005+64611 jdnssec-signzone -k $KSK1 -f root.zone.signed root.zone $ZSK1 -jdnssec-signzone -k $RSKSK1 -f root-servers.net.signed root-servers.net $RSZSK1 -jdnssec-signzone -k $ARPAKSK1 -f arpa.zone.signed arpa.zone $ARPAZSK1 \ No newline at end of file + +jdnssec-signzone -k $ARPAKSK1 -f arpa.zone.signed arpa.zone $ARPAZSK1 + +jdnssec-signzone -k $RSKSK1 -f root-servers.net.signed \ + root-servers.net.zone $RSZSK1 diff --git a/named.conf b/named.conf index 4de38d5..4a682e6 100644 --- a/named.conf +++ b/named.conf @@ -19,6 +19,6 @@ zone "arpa." { zone "root-servers.net." { type master; - file "root-servers.net"; + file "root-servers.net.zone"; #file "root-servers.net.signed"; }; diff --git a/zones/root-servers.net b/root-servers.net.zone similarity index 91% rename from zones/root-servers.net rename to root-servers.net.zone index 2bc2ec0..976cabb 100644 --- a/zones/root-servers.net +++ b/root-servers.net.zone @@ -1,8 +1,11 @@ -root-servers.net. 3600000 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2008121200 14400 7200 1209600 3600000 +root-servers.net. 3600000 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2009091800 14400 7200 1209600 3600000 root-servers.net. 3600000 IN NS k.root-servers.net. root-servers.net. 3600000 IN NS f.root-servers.net. root-servers.net. 3600000 IN NS j.root-servers.net. root-servers.net. 3600000 IN NS a.root-servers.net. +$TTL 86400 +$INCLUDE keys/rs-ksk1 +$INCLUDE keys/rs-zsk1 $TTL 3600000 A.ROOT-SERVERS.NET. A 198.41.0.4 A.ROOT-SERVERS.NET. AAAA 2001:503:BA3E:0:0:0:2:30 diff --git a/zones/root.zone b/root.zone similarity index 99% rename from zones/root.zone rename to root.zone index 219987f..5d6eb26 100644 --- a/zones/root.zone +++ b/root.zone @@ -5,7 +5,7 @@ ; with Verisign Inc. . IN SOA A.ROOT-SERVERS.NET. NSTLD.VERISIGN-GRS.COM. ( - 2009091801 ;serial + 2009091806 ;serial 1800 ;refresh every 30 min 900 ;retry every 15 min 604800 ;expire after a week @@ -46,16 +46,21 @@ I.ROOT-SERVERS.NET. A 192.36.148.17 E.ROOT-SERVERS.NET. A 192.203.230.10 D.ROOT-SERVERS.NET. A 128.8.10.90 $TTL 86400 +;; DS records (from the iTAR) +$INCLUDE keys/anchors.mf +;; Keys +;; 2048-bit RSA KSKs $INCLUDE keys/ksk1 ;$INCLUDE keys/ksk2 +;; 1024-bit ZSKs $INCLUDE keys/zsk1 ;$INCLUDE keys/zsk2 +;; 1280-bit ZSKs ;$INCLUDE keys/zsk3 ;$INCLUDE keys/zsk4 +;; 2048-bit ZSKs ;$INCLUDE keys/zsk5 ;$INCLUDE keys/zsk6 -;; -$INCLUDE anchors.mf $TTL 172800 ZM. NS HIPPO.RU.AC.ZA. ZM. NS NS1.ZAMNET.ZM. diff --git a/run/.gitignore b/run/.gitignore index 58f1108..01acb08 100644 --- a/run/.gitignore +++ b/run/.gitignore @@ -1,3 +1,3 @@ named.pid nsd.pid - +nsd.log -- 2.36.6