5 files changed, 46 insertions, 0 deletions

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..91dcbcb
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,4 @@
+*.private
+*.key
+*.dns
+dsset-*
\ No newline at end of file
diff --git a/0-dump-root-zone.sh b/0-dump-root-zone.sh
new file mode 100755
index 0000000..b3e8c17
--- /dev/null
+++ b/0-dump-root-zone.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+
+set -e
+
+0>root-zone.dns
+cat > root-zone.dns <<-EOF
+\$TTL 2d ; Default TTL for zone
+\$ORIGIN .
+
+@   IN  SOA dumb.  pufferfish.mpgn.dev. (
+    0   ; serial number
+    12h ; refresh
+    15m ; update retry
+    3w  ; expiry
+    2h  ; minimum
+    )
+EOF
+
+dig -t axfr . @iad.xfr.dns.icann.org | grep -E 'DS|NS|A|AAAA' |sed '/RRSIG/d'|sed '/^\./d' >> root-zone.dns
diff --git a/1-make-anchor.sh b/1-make-anchor.sh
new file mode 100755
index 0000000..9140283
--- /dev/null
+++ b/1-make-anchor.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+dnssec-keygen -a ECDSA384 -b 2048 -n ZONE .
+dnssec-keygen -f KSK -a ECDSA384 -b 4096 -n ZONE .
+
diff --git a/2-sign-zone.sh b/2-sign-zone.sh
new file mode 100755
index 0000000..487d64e
--- /dev/null
+++ b/2-sign-zone.sh
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+set -e
+
+cp root-zone.dns _tmp_root-zone.dns
+for key in `ls K.*.key`
+do
+   echo "\$INCLUDE $key" >> _tmp_root-zone.dns
+done
+
+dnssec-signzone -A -3 $(head -c 1000 /dev/random | sha1sum | cut -b 1-16) -N INCREMENT -o . -t _tmp_root-zone.dns
+rm _tmp_root-zone.dns
+mv _tmp_root-zone.dns.signed root.signed.dns
diff --git a/clean.sh b/clean.sh
new file mode 100755
index 0000000..18867eb
--- /dev/null
+++ b/clean.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+rm *.{signed,private,key}
+rm dsset-*
+rm _tmp*