buildzones 1.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051
  1. #!/bin/bash
  2. PATH="/usr/sbin/:$PATH"
  3. cd /etc/bind/db.souris
  4. touch serial
  5. SERIAL=$(cat serial)
  6. if [ -z "$SERIAL" ]; then
  7. SERIAL='00'
  8. fi
  9. if [ "$1" = '--reset' ]; then
  10. SERIAL='00'
  11. fi
  12. DATE=$(date +%Y%m%d)
  13. echo "@ SOA lavana.sjc.xuu.dn42. xuu.sour.is. ( ${DATE}${SERIAL} 4h 15m 3w 1h )" > soa-dn42.inc
  14. echo "@ SOA lavana.sjc.sour.is. xuu.sour.is. ( ${DATE}${SERIAL} 4h 15m 3w 1h )" > soa-iana.inc
  15. echo "@ SOA x.root-servers.dn42. xuu.sour.is. ( ${DATE}${SERIAL} 4h 15m 3w 1h )" > soa-root.inc
  16. for f in private/*.key
  17. do
  18. FILE=$(basename "$f")
  19. FILE="${FILE%.*}"
  20. if [ -f "private/$FILE.private" ]&&[ -s "private/$FILE.private" ]; then continue; fi
  21. echo "$FILE"
  22. touch "private/$FILE.private"
  23. chmod 600 "private/$FILE.private"
  24. pass show "dnssec/$FILE" > "private/$FILE.private"
  25. if [ ! -s "private/$FILE.private" ]; then >&2 echo "Unable to get passwords"; exit 1; fi
  26. done
  27. sed -i "s_@ SOA.*_$(cat soa-iana.inc)_" iana-sour.is
  28. dnssec-signzone -K private -A -3 $(head -c 1000 /dev/random | sha1sum | cut -b 1-16) -N INCREMENT -o sour.is -t iana-sour.is
  29. sed -i "s_@ SOA.*_$(cat soa-iana.inc)_" iana-dn42.us
  30. dnssec-signzone -K private -A -3 $(head -c 1000 /dev/random | sha1sum | cut -b 1-16) -N INCREMENT -o dn42.us -t iana-dn42.us
  31. rndc reload
  32. SERIAL=$((10#$SERIAL))
  33. NEXT=$(expr "$SERIAL" + 1)
  34. printf "%02d" "$NEXT" > serial
  35. git commit -am update && git push