From 7da500d9cfdcd459efcfa8e6e9ffcfb51620b417 Mon Sep 17 00:00:00 2001
From: Matthieu Pignolet <m@mpgn.dev>
Date: Fri, 9 May 2025 20:43:56 +0400
Subject: first commit

---
 .gitignore          |  4 ++++
 0-dump-root-zone.sh | 19 +++++++++++++++++++
 1-make-anchor.sh    |  5 +++++
 2-sign-zone.sh      | 13 +++++++++++++
 clean.sh            |  5 +++++
 5 files changed, 46 insertions(+)
 create mode 100644 .gitignore
 create mode 100755 0-dump-root-zone.sh
 create mode 100755 1-make-anchor.sh
 create mode 100755 2-sign-zone.sh
 create mode 100755 clean.sh

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..91dcbcb
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,4 @@
+*.private
+*.key
+*.dns
+dsset-*
\ No newline at end of file
diff --git a/0-dump-root-zone.sh b/0-dump-root-zone.sh
new file mode 100755
index 0000000..b3e8c17
--- /dev/null
+++ b/0-dump-root-zone.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+
+set -e
+
+0>root-zone.dns
+cat > root-zone.dns <<-EOF
+\$TTL 2d ; Default TTL for zone
+\$ORIGIN .
+
+@   IN  SOA dumb.  pufferfish.mpgn.dev. (
+    0   ; serial number
+    12h ; refresh
+    15m ; update retry
+    3w  ; expiry
+    2h  ; minimum
+    )
+EOF
+
+dig -t axfr . @iad.xfr.dns.icann.org | grep -E 'DS|NS|A|AAAA' |sed '/RRSIG/d'|sed '/^\./d' >> root-zone.dns
diff --git a/1-make-anchor.sh b/1-make-anchor.sh
new file mode 100755
index 0000000..9140283
--- /dev/null
+++ b/1-make-anchor.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+dnssec-keygen -a ECDSA384 -b 2048 -n ZONE .
+dnssec-keygen -f KSK -a ECDSA384 -b 4096 -n ZONE .
+
diff --git a/2-sign-zone.sh b/2-sign-zone.sh
new file mode 100755
index 0000000..487d64e
--- /dev/null
+++ b/2-sign-zone.sh
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+set -e
+
+cp root-zone.dns _tmp_root-zone.dns
+for key in `ls K.*.key`
+do
+   echo "\$INCLUDE $key" >> _tmp_root-zone.dns
+done
+
+dnssec-signzone -A -3 $(head -c 1000 /dev/random | sha1sum | cut -b 1-16) -N INCREMENT -o . -t _tmp_root-zone.dns
+rm _tmp_root-zone.dns
+mv _tmp_root-zone.dns.signed root.signed.dns
diff --git a/clean.sh b/clean.sh
new file mode 100755
index 0000000..18867eb
--- /dev/null
+++ b/clean.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+rm *.{signed,private,key}
+rm dsset-*
+rm _tmp*
-- 
cgit v1.2.3