diff options
| author | Matthieu Pignolet <m@mpgn.dev> | 2025-05-09 21:03:44 +0400 |
|---|---|---|
| committer | Matthieu Pignolet <m@mpgn.dev> | 2025-05-09 21:03:44 +0400 |
| commit | c6a2a6039dc8ad381359b942ad3547f1e98991e9 (patch) | |
| tree | 7fa0f70fed8ffea85a72105bf1fea4aa368c0be8 | |
| parent | 7da500d9cfdcd459efcfa8e6e9ffcfb51620b417 (diff) | |
feat: move temp files into a "work" directory
| -rw-r--r-- | .gitignore | 7 | ||||
| -rwxr-xr-x | 0-dump-root-zone.sh | 13 | ||||
| -rwxr-xr-x | 1-make-anchor.sh | 9 | ||||
| -rwxr-xr-x | 2-sign-zone.sh | 15 | ||||
| -rwxr-xr-x | clean.sh | 4 | ||||
| -rw-r--r-- | work/.gitkeep | 0 |
6 files changed, 32 insertions, 16 deletions
@@ -1,4 +1,3 @@ -*.private -*.key -*.dns -dsset-*
\ No newline at end of file +work/ +anchor* +root.signed.dns
\ No newline at end of file diff --git a/0-dump-root-zone.sh b/0-dump-root-zone.sh index b3e8c17..8c93b7d 100755 --- a/0-dump-root-zone.sh +++ b/0-dump-root-zone.sh @@ -2,8 +2,11 @@ set -e -0>root-zone.dns -cat > root-zone.dns <<-EOF +# Empties the contents of the root dns file +0>work/db.root + +# Prints a header for the root dns file +cat > work/db.root <<-EOF \$TTL 2d ; Default TTL for zone \$ORIGIN . @@ -16,4 +19,8 @@ cat > root-zone.dns <<-EOF ) EOF -dig -t axfr . @iad.xfr.dns.icann.org | grep -E 'DS|NS|A|AAAA' |sed '/RRSIG/d'|sed '/^\./d' >> root-zone.dns +# Adds the root dns zone's content +dig -t axfr . @iad.xfr.dns.icann.org \ + |grep -E 'DS|NS|A|AAAA' \ + |sed '/RRSIG/d' \ + |sed '/^\./d' >> work/db.root diff --git a/1-make-anchor.sh b/1-make-anchor.sh index 9140283..9d04655 100755 --- a/1-make-anchor.sh +++ b/1-make-anchor.sh @@ -1,5 +1,12 @@ #!/bin/bash -dnssec-keygen -a ECDSA384 -b 2048 -n ZONE . +cd work + +# Generate a key that will be used to sign the keys +# In out scenatio this will be used as a trusted root dnssec-keygen -f KSK -a ECDSA384 -b 4096 -n ZONE . +cp *.key ../anchor.key +dnssec-dsfromkey *.key > ../anchor.ds +# Generate a key that will be used to sign records +dnssec-keygen -a ECDSA384 -b 4096 -n ZONE .
\ No newline at end of file diff --git a/2-sign-zone.sh b/2-sign-zone.sh index 487d64e..80cb7fc 100755 --- a/2-sign-zone.sh +++ b/2-sign-zone.sh @@ -2,12 +2,17 @@ set -e -cp root-zone.dns _tmp_root-zone.dns +cd work +mkdir -p tmp + +cp db.root tmp/zone.dns for key in `ls K.*.key` do - echo "\$INCLUDE $key" >> _tmp_root-zone.dns + echo "\$INCLUDE $key" >> tmp/zone.dns done -dnssec-signzone -A -3 $(head -c 1000 /dev/random | sha1sum | cut -b 1-16) -N INCREMENT -o . -t _tmp_root-zone.dns -rm _tmp_root-zone.dns -mv _tmp_root-zone.dns.signed root.signed.dns +dnssec-signzone -A -3 $(tr -dc A-Za-z0-9 </dev/urandom | head -c 13) -N INCREMENT -o . -t tmp/zone.dns + +mv tmp/zone.dns.signed ../root.signed.dns + +rm tmp/* @@ -1,5 +1,3 @@ #!/bin/bash -rm *.{signed,private,key} -rm dsset-* -rm _tmp* +rm work/*
\ No newline at end of file diff --git a/work/.gitkeep b/work/.gitkeep new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/work/.gitkeep |