Remove genrandom command and all usage of specific random files throughout the system test suite
This commit is contained in:
Ondřej Surý
committed by
Witold Kręcicki
Witold Kręcicki
parent
3a4f820d62
commit
2b8fab6828
@@ -16,44 +16,44 @@ zone=secure.example.
|
||||
infile=secure.example.db.in
|
||||
zonefile=secure.example.db
|
||||
|
||||
cnameandkey=`$KEYGEN -T KEY -q -r $RANDFILE -a RSASHA1 -b 1024 -n host cnameandkey.$zone`
|
||||
dnameandkey=`$KEYGEN -T KEY -q -r $RANDFILE -a RSASHA1 -b 1024 -n host dnameandkey.$zone`
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
|
||||
cnameandkey=`$KEYGEN -T KEY -q -a RSASHA1 -b 1024 -n host cnameandkey.$zone`
|
||||
dnameandkey=`$KEYGEN -T KEY -q -a RSASHA1 -b 1024 -n host dnameandkey.$zone`
|
||||
keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
|
||||
|
||||
cat $infile $cnameandkey.key $dnameandkey.key $keyname.key >$zonefile
|
||||
|
||||
$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -P -o $zone $zonefile > /dev/null 2>&1
|
||||
|
||||
zone=bogus.example.
|
||||
infile=bogus.example.db.in
|
||||
zonefile=bogus.example.db
|
||||
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -a RSAMD5 -b 1024 -n zone $zone`
|
||||
|
||||
cat $infile $keyname.key >$zonefile
|
||||
|
||||
$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -P -o $zone $zonefile > /dev/null 2>&1
|
||||
|
||||
zone=dynamic.example.
|
||||
infile=dynamic.example.db.in
|
||||
zonefile=dynamic.example.db
|
||||
|
||||
keyname1=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 1024 -n zone $zone`
|
||||
keyname2=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 1024 -n zone -f KSK $zone`
|
||||
keyname1=`$KEYGEN -q -a RSAMD5 -b 1024 -n zone $zone`
|
||||
keyname2=`$KEYGEN -q -a RSAMD5 -b 1024 -n zone -f KSK $zone`
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -P -o $zone $zonefile > /dev/null 2>&1
|
||||
|
||||
zone=keyless.example.
|
||||
infile=generic.example.db.in
|
||||
zonefile=keyless.example.db
|
||||
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -a RSAMD5 -b 1024 -n zone $zone`
|
||||
|
||||
cat $infile $keyname.key >$zonefile
|
||||
|
||||
$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -P -o $zone $zonefile > /dev/null 2>&1
|
||||
|
||||
# Change the signer field of the a.b.keyless.example SIG A
|
||||
# to point to a provably nonexistent KEY record.
|
||||
@@ -69,11 +69,11 @@ zone=secure.nsec3.example.
|
||||
infile=secure.nsec3.example.db.in
|
||||
zonefile=secure.nsec3.example.db
|
||||
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -a RSAMD5 -b 1024 -n zone $zone`
|
||||
|
||||
cat $infile $keyname.key >$zonefile
|
||||
|
||||
$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -P -o $zone $zonefile > /dev/null 2>&1
|
||||
|
||||
#
|
||||
# NSEC3/NSEC3 test zone
|
||||
@@ -82,11 +82,11 @@ zone=nsec3.nsec3.example.
|
||||
infile=nsec3.nsec3.example.db.in
|
||||
zonefile=nsec3.nsec3.example.db
|
||||
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
|
||||
cat $infile $keyname.key >$zonefile
|
||||
|
||||
$SIGNER -P -3 - -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -P -3 - -o $zone $zonefile > /dev/null 2>&1
|
||||
|
||||
#
|
||||
# OPTOUT/NSEC3 test zone
|
||||
@@ -95,11 +95,11 @@ zone=optout.nsec3.example.
|
||||
infile=optout.nsec3.example.db.in
|
||||
zonefile=optout.nsec3.example.db
|
||||
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
|
||||
cat $infile $keyname.key >$zonefile
|
||||
|
||||
$SIGNER -P -3 - -A -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -P -3 - -A -o $zone $zonefile > /dev/null 2>&1
|
||||
|
||||
#
|
||||
# A nsec3 zone (non-optout).
|
||||
@@ -108,11 +108,11 @@ zone=nsec3.example.
|
||||
infile=nsec3.example.db.in
|
||||
zonefile=nsec3.example.db
|
||||
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
|
||||
cat $infile $keyname.key >$zonefile
|
||||
|
||||
$SIGNER -P -g -3 - -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -P -g -3 - -o $zone $zonefile > /dev/null 2>&1
|
||||
|
||||
#
|
||||
# OPTOUT/NSEC test zone
|
||||
@@ -121,11 +121,11 @@ zone=secure.optout.example.
|
||||
infile=secure.optout.example.db.in
|
||||
zonefile=secure.optout.example.db
|
||||
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -a RSAMD5 -b 1024 -n zone $zone`
|
||||
|
||||
cat $infile $keyname.key >$zonefile
|
||||
|
||||
$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -P -o $zone $zonefile > /dev/null 2>&1
|
||||
|
||||
#
|
||||
# OPTOUT/NSEC3 test zone
|
||||
@@ -134,11 +134,11 @@ zone=nsec3.optout.example.
|
||||
infile=nsec3.optout.example.db.in
|
||||
zonefile=nsec3.optout.example.db
|
||||
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
|
||||
cat $infile $keyname.key >$zonefile
|
||||
|
||||
$SIGNER -P -3 - -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -P -3 - -o $zone $zonefile > /dev/null 2>&1
|
||||
|
||||
#
|
||||
# OPTOUT/OPTOUT test zone
|
||||
@@ -147,11 +147,11 @@ zone=optout.optout.example.
|
||||
infile=optout.optout.example.db.in
|
||||
zonefile=optout.optout.example.db
|
||||
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
|
||||
cat $infile $keyname.key >$zonefile
|
||||
|
||||
$SIGNER -P -3 - -A -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -P -3 - -A -o $zone $zonefile > /dev/null 2>&1
|
||||
|
||||
#
|
||||
# A optout nsec3 zone.
|
||||
@@ -160,11 +160,11 @@ zone=optout.example.
|
||||
infile=optout.example.db.in
|
||||
zonefile=optout.example.db
|
||||
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
|
||||
cat $infile $keyname.key >$zonefile
|
||||
|
||||
$SIGNER -P -g -3 - -A -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -P -g -3 - -A -o $zone $zonefile > /dev/null 2>&1
|
||||
|
||||
#
|
||||
# A nsec3 zone (non-optout) with unknown nsec3 hash algorithm (-U).
|
||||
@@ -173,11 +173,11 @@ zone=nsec3-unknown.example.
|
||||
infile=nsec3-unknown.example.db.in
|
||||
zonefile=nsec3-unknown.example.db
|
||||
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
|
||||
cat $infile $keyname.key >$zonefile
|
||||
|
||||
$SIGNER -P -3 - -U -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -P -3 - -U -o $zone $zonefile > /dev/null 2>&1
|
||||
|
||||
#
|
||||
# A optout nsec3 zone with a unknown nsec3 hash algorithm (-U).
|
||||
@@ -186,11 +186,11 @@ zone=optout-unknown.example.
|
||||
infile=optout-unknown.example.db.in
|
||||
zonefile=optout-unknown.example.db
|
||||
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
|
||||
cat $infile $keyname.key >$zonefile
|
||||
|
||||
$SIGNER -P -3 - -U -A -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -P -3 - -U -A -o $zone $zonefile > /dev/null 2>&1
|
||||
|
||||
#
|
||||
# A zone with a unknown DNSKEY algorithm.
|
||||
@@ -200,11 +200,11 @@ zone=dnskey-unknown.example.
|
||||
infile=dnskey-unknown.example.db.in
|
||||
zonefile=dnskey-unknown.example.db
|
||||
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
|
||||
cat $infile $keyname.key >$zonefile
|
||||
|
||||
$SIGNER -P -3 - -r $RANDFILE -o $zone -O full -f ${zonefile}.tmp $zonefile > /dev/null 2>&1
|
||||
$SIGNER -P -3 - -o $zone -O full -f ${zonefile}.tmp $zonefile > /dev/null 2>&1
|
||||
|
||||
awk '$4 == "DNSKEY" { $7 = 100; print } $4 == "RRSIG" { $6 = 100; print } { print }' ${zonefile}.tmp > ${zonefile}.signed
|
||||
|
||||
@@ -219,11 +219,11 @@ zone=dnskey-nsec3-unknown.example.
|
||||
infile=dnskey-nsec3-unknown.example.db.in
|
||||
zonefile=dnskey-nsec3-unknown.example.db
|
||||
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
|
||||
cat $infile $keyname.key >$zonefile
|
||||
|
||||
$SIGNER -P -3 - -r $RANDFILE -o $zone -U -O full -f ${zonefile}.tmp $zonefile > /dev/null 2>&1
|
||||
$SIGNER -P -3 - -o $zone -U -O full -f ${zonefile}.tmp $zonefile > /dev/null 2>&1
|
||||
|
||||
awk '$4 == "DNSKEY" { $7 = 100; print } $4 == "RRSIG" { $6 = 100; print } { print }' ${zonefile}.tmp > ${zonefile}.signed
|
||||
|
||||
@@ -237,21 +237,21 @@ zone=multiple.example.
|
||||
infile=multiple.example.db.in
|
||||
zonefile=multiple.example.db
|
||||
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone $zone`
|
||||
|
||||
cat $infile $keyname.key >$zonefile
|
||||
|
||||
$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -P -o $zone $zonefile > /dev/null 2>&1
|
||||
mv $zonefile.signed $zonefile
|
||||
$SIGNER -P -u3 - -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -P -u3 - -o $zone $zonefile > /dev/null 2>&1
|
||||
mv $zonefile.signed $zonefile
|
||||
$SIGNER -P -u3 AAAA -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -P -u3 AAAA -o $zone $zonefile > /dev/null 2>&1
|
||||
mv $zonefile.signed $zonefile
|
||||
$SIGNER -P -u3 BBBB -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -P -u3 BBBB -o $zone $zonefile > /dev/null 2>&1
|
||||
mv $zonefile.signed $zonefile
|
||||
$SIGNER -P -u3 CCCC -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -P -u3 CCCC -o $zone $zonefile > /dev/null 2>&1
|
||||
mv $zonefile.signed $zonefile
|
||||
$SIGNER -P -u3 DDDD -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -P -u3 DDDD -o $zone $zonefile > /dev/null 2>&1
|
||||
|
||||
#
|
||||
# A RSASHA256 zone.
|
||||
@@ -260,11 +260,11 @@ zone=rsasha256.example.
|
||||
infile=rsasha256.example.db.in
|
||||
zonefile=rsasha256.example.db
|
||||
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -a RSASHA256 -b 1024 -n zone $zone`
|
||||
|
||||
cat $infile $keyname.key >$zonefile
|
||||
|
||||
$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -P -o $zone $zonefile > /dev/null 2>&1
|
||||
|
||||
#
|
||||
# A RSASHA512 zone.
|
||||
@@ -273,11 +273,11 @@ zone=rsasha512.example.
|
||||
infile=rsasha512.example.db.in
|
||||
zonefile=rsasha512.example.db
|
||||
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA512 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -a RSASHA512 -b 1024 -n zone $zone`
|
||||
|
||||
cat $infile $keyname.key >$zonefile
|
||||
|
||||
$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -P -o $zone $zonefile > /dev/null 2>&1
|
||||
|
||||
#
|
||||
# A zone with the DNSKEY set only signed by the KSK
|
||||
@@ -286,10 +286,10 @@ zone=kskonly.example.
|
||||
infile=kskonly.example.db.in
|
||||
zonefile=kskonly.example.db
|
||||
|
||||
kskname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -fk $zone`
|
||||
zskname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 $zone`
|
||||
kskname=`$KEYGEN -q -a RSASHA1 -fk $zone`
|
||||
zskname=`$KEYGEN -q -a RSASHA1 $zone`
|
||||
cat $infile $kskname.key $zskname.key >$zonefile
|
||||
$SIGNER -x -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -x -o $zone $zonefile > /dev/null 2>&1
|
||||
|
||||
#
|
||||
# A zone with the expired signatures
|
||||
@@ -298,10 +298,10 @@ zone=expired.example.
|
||||
infile=expired.example.db.in
|
||||
zonefile=expired.example.db
|
||||
|
||||
kskname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -fk $zone`
|
||||
zskname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 $zone`
|
||||
kskname=`$KEYGEN -q -a RSASHA1 -fk $zone`
|
||||
zskname=`$KEYGEN -q -a RSASHA1 $zone`
|
||||
cat $infile $kskname.key $zskname.key >$zonefile
|
||||
$SIGNER -P -r $RANDFILE -o $zone -s -1d -e +1h $zonefile > /dev/null 2>&1
|
||||
$SIGNER -P -o $zone -s -1d -e +1h $zonefile > /dev/null 2>&1
|
||||
rm -f $kskname.* $zskname.*
|
||||
|
||||
#
|
||||
@@ -311,10 +311,10 @@ zone=update-nsec3.example.
|
||||
infile=update-nsec3.example.db.in
|
||||
zonefile=update-nsec3.example.db
|
||||
|
||||
kskname=`$KEYGEN -q -3 -r $RANDFILE -a RSASHA1 -fk $zone`
|
||||
zskname=`$KEYGEN -q -3 -r $RANDFILE -a RSASHA1 $zone`
|
||||
kskname=`$KEYGEN -q -3 -a RSASHA1 -fk $zone`
|
||||
zskname=`$KEYGEN -q -3 -a RSASHA1 $zone`
|
||||
cat $infile $kskname.key $zskname.key >$zonefile
|
||||
$SIGNER -P -3 - -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -P -3 - -o $zone $zonefile > /dev/null 2>&1
|
||||
|
||||
#
|
||||
# A NSEC signed zone that will have auto-dnssec enabled and
|
||||
@@ -324,12 +324,12 @@ zone=auto-nsec.example.
|
||||
infile=auto-nsec.example.db.in
|
||||
zonefile=auto-nsec.example.db
|
||||
|
||||
kskname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -fk $zone`
|
||||
zskname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 $zone`
|
||||
kskname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -fk $zone`
|
||||
zskname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 $zone`
|
||||
kskname=`$KEYGEN -q -a RSASHA1 -fk $zone`
|
||||
zskname=`$KEYGEN -q -a RSASHA1 $zone`
|
||||
kskname=`$KEYGEN -q -a RSASHA1 -fk $zone`
|
||||
zskname=`$KEYGEN -q -a RSASHA1 $zone`
|
||||
cat $infile $kskname.key $zskname.key >$zonefile
|
||||
$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -P -o $zone $zonefile > /dev/null 2>&1
|
||||
|
||||
#
|
||||
# A NSEC3 signed zone that will have auto-dnssec enabled and
|
||||
@@ -339,12 +339,12 @@ zone=auto-nsec3.example.
|
||||
infile=auto-nsec3.example.db.in
|
||||
zonefile=auto-nsec3.example.db
|
||||
|
||||
kskname=`$KEYGEN -q -3 -r $RANDFILE -a RSASHA1 -fk $zone`
|
||||
zskname=`$KEYGEN -q -3 -r $RANDFILE -a RSASHA1 $zone`
|
||||
kskname=`$KEYGEN -q -3 -r $RANDFILE -a RSASHA1 -fk $zone`
|
||||
zskname=`$KEYGEN -q -3 -r $RANDFILE -a RSASHA1 $zone`
|
||||
kskname=`$KEYGEN -q -3 -a RSASHA1 -fk $zone`
|
||||
zskname=`$KEYGEN -q -3 -a RSASHA1 $zone`
|
||||
kskname=`$KEYGEN -q -3 -a RSASHA1 -fk $zone`
|
||||
zskname=`$KEYGEN -q -3 -a RSASHA1 $zone`
|
||||
cat $infile $kskname.key $zskname.key >$zonefile
|
||||
$SIGNER -P -3 - -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -P -3 - -o $zone $zonefile > /dev/null 2>&1
|
||||
|
||||
#
|
||||
# Secure below cname test zone.
|
||||
@@ -352,9 +352,9 @@ $SIGNER -P -3 - -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
|
||||
zone=secure.below-cname.example.
|
||||
infile=secure.below-cname.example.db.in
|
||||
zonefile=secure.below-cname.example.db
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
|
||||
cat $infile $keyname.key >$zonefile
|
||||
$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -P -o $zone $zonefile > /dev/null 2>&1
|
||||
|
||||
#
|
||||
# Patched TTL test zone.
|
||||
@@ -365,10 +365,10 @@ zonefile=ttlpatch.example.db
|
||||
signedfile=ttlpatch.example.db.signed
|
||||
patchedfile=ttlpatch.example.db.patched
|
||||
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
|
||||
cat $infile $keyname.key >$zonefile
|
||||
|
||||
$SIGNER -P -r $RANDFILE -f $signedfile -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -P -f $signedfile -o $zone $zonefile > /dev/null 2>&1
|
||||
$CHECKZONE -D -s full $zone $signedfile 2> /dev/null | \
|
||||
awk '{$2 = "3600"; print}' > $patchedfile
|
||||
|
||||
@@ -380,11 +380,11 @@ infile=split-dnssec.example.db.in
|
||||
zonefile=split-dnssec.example.db
|
||||
signedfile=split-dnssec.example.db.signed
|
||||
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
|
||||
cat $infile $keyname.key >$zonefile
|
||||
echo '$INCLUDE "'"$signedfile"'"' >> $zonefile
|
||||
: > $signedfile
|
||||
$SIGNER -P -r $RANDFILE -D -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -P -D -o $zone $zonefile > /dev/null 2>&1
|
||||
|
||||
#
|
||||
# Seperate DNSSEC records smart signing.
|
||||
@@ -394,11 +394,11 @@ infile=split-smart.example.db.in
|
||||
zonefile=split-smart.example.db
|
||||
signedfile=split-smart.example.db.signed
|
||||
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
|
||||
cp $infile $zonefile
|
||||
echo '$INCLUDE "'"$signedfile"'"' >> $zonefile
|
||||
: > $signedfile
|
||||
$SIGNER -P -S -r $RANDFILE -D -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -P -S -D -o $zone $zonefile > /dev/null 2>&1
|
||||
|
||||
#
|
||||
# Zone with signatures about to expire, but no private key to replace them
|
||||
@@ -407,10 +407,10 @@ zone="expiring.example."
|
||||
infile="expiring.example.db.in"
|
||||
zonefile="expiring.example.db"
|
||||
signedfile="expiring.example.db.signed"
|
||||
kskname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 $zone`
|
||||
zskname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -f KSK $zone`
|
||||
kskname=`$KEYGEN -q -a RSASHA1 $zone`
|
||||
zskname=`$KEYGEN -q -a RSASHA1 -f KSK $zone`
|
||||
cp $infile $zonefile
|
||||
$SIGNER -S -r $RANDFILE -e now+1mi -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -S -e now+1mi -o $zone $zonefile > /dev/null 2>&1
|
||||
mv -f ${zskname}.private ${zskname}.private.moved
|
||||
mv -f ${kskname}.private ${kskname}.private.moved
|
||||
|
||||
@@ -422,10 +422,10 @@ infile="upper.example.db.in"
|
||||
zonefile="upper.example.db"
|
||||
lower="upper.example.db.lower"
|
||||
signedfile="upper.example.db.signed"
|
||||
kskname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 $zone`
|
||||
zskname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -f KSK $zone`
|
||||
kskname=`$KEYGEN -q -a RSASHA1 $zone`
|
||||
zskname=`$KEYGEN -q -a RSASHA1 -f KSK $zone`
|
||||
cp $infile $zonefile
|
||||
$SIGNER -P -S -r $RANDFILE -o $zone -f $lower $zonefile > /dev/null 2>/dev/null
|
||||
$SIGNER -P -S -o $zone -f $lower $zonefile > /dev/null 2>/dev/null
|
||||
$CHECKZONE -D upper.example $lower 2>/dev/null | \
|
||||
sed '/RRSIG/s/ upper.example. / UPPER.EXAMPLE. /' > $signedfile
|
||||
|
||||
@@ -437,10 +437,10 @@ zone="LOWER.EXAMPLE."
|
||||
infile="lower.example.db.in"
|
||||
zonefile="lower.example.db"
|
||||
signedfile="lower.example.db.signed"
|
||||
kskname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 $zone`
|
||||
zskname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -f KSK $zone`
|
||||
kskname=`$KEYGEN -q -a RSASHA1 $zone`
|
||||
zskname=`$KEYGEN -q -a RSASHA1 -f KSK $zone`
|
||||
cp $infile $zonefile
|
||||
$SIGNER -P -S -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -P -S -o $zone $zonefile > /dev/null 2>&1
|
||||
|
||||
#
|
||||
# Zone with signatures about to expire, and dynamic, but configured
|
||||
@@ -450,10 +450,10 @@ zone="nosign.example."
|
||||
infile="nosign.example.db.in"
|
||||
zonefile="nosign.example.db"
|
||||
signedfile="nosign.example.db.signed"
|
||||
kskname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 $zone`
|
||||
zskname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -f KSK $zone`
|
||||
kskname=`$KEYGEN -q -a RSASHA1 $zone`
|
||||
zskname=`$KEYGEN -q -a RSASHA1 -f KSK $zone`
|
||||
cp $infile $zonefile
|
||||
$SIGNER -S -r $RANDFILE -e now+1mi -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -S -e now+1mi -o $zone $zonefile > /dev/null 2>&1
|
||||
# preserve a normalized copy of the NS RRSIG for comparison later
|
||||
$CHECKZONE -D nosign.example nosign.example.db.signed 2>/dev/null | \
|
||||
awk '$4 == "RRSIG" && $5 == "NS" {$2 = ""; print}' | \
|
||||
@@ -463,8 +463,8 @@ $CHECKZONE -D nosign.example nosign.example.db.signed 2>/dev/null | \
|
||||
# An inline signing zone
|
||||
#
|
||||
zone=inline.example.
|
||||
kskname=`$KEYGEN -q -3 -r $RANDFILE -a RSASHA1 -fk $zone`
|
||||
zskname=`$KEYGEN -q -3 -r $RANDFILE -a RSASHA1 $zone`
|
||||
kskname=`$KEYGEN -q -3 -a RSASHA1 -fk $zone`
|
||||
zskname=`$KEYGEN -q -3 -a RSASHA1 $zone`
|
||||
|
||||
#
|
||||
# publish a new key while deactivating another key at the same time.
|
||||
@@ -473,12 +473,12 @@ zone=publish-inactive.example
|
||||
infile=publish-inactive.example.db.in
|
||||
zonefile=publish-inactive.example.db
|
||||
now=`date -u +%Y%m%d%H%M%S`
|
||||
kskname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -f KSK $zone`
|
||||
kskname=`$KEYGEN -P $now+90s -A $now+3600s -q -r $RANDFILE -a RSASHA1 -f KSK $zone`
|
||||
kskname=`$KEYGEN -I $now+90s -q -r $RANDFILE -a RSASHA1 -f KSK $zone`
|
||||
zskname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 $zone`
|
||||
kskname=`$KEYGEN -q -a RSASHA1 -f KSK $zone`
|
||||
kskname=`$KEYGEN -P $now+90s -A $now+3600s -q -a RSASHA1 -f KSK $zone`
|
||||
kskname=`$KEYGEN -I $now+90s -q -a RSASHA1 -f KSK $zone`
|
||||
zskname=`$KEYGEN -q -a RSASHA1 $zone`
|
||||
cp $infile $zonefile
|
||||
$SIGNER -S -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -S -o $zone $zonefile > /dev/null 2>&1
|
||||
|
||||
#
|
||||
# A zone which will change its sig-validity-interval
|
||||
@@ -486,8 +486,8 @@ $SIGNER -S -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
|
||||
zone=siginterval.example
|
||||
infile=siginterval.example.db.in
|
||||
zonefile=siginterval.example.db
|
||||
kskname=`$KEYGEN -q -3 -r $RANDFILE -a RSASHA1 -fk $zone`
|
||||
zskname=`$KEYGEN -q -3 -r $RANDFILE -a RSASHA1 $zone`
|
||||
kskname=`$KEYGEN -q -3 -a RSASHA1 -fk $zone`
|
||||
zskname=`$KEYGEN -q -3 -a RSASHA1 $zone`
|
||||
cp $infile $zonefile
|
||||
|
||||
#
|
||||
@@ -498,11 +498,11 @@ zone=badds.example.
|
||||
infile=bogus.example.db.in
|
||||
zonefile=badds.example.db
|
||||
|
||||
keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 1024 -n zone $zone`
|
||||
keyname=`$KEYGEN -q -a RSAMD5 -b 1024 -n zone $zone`
|
||||
|
||||
cat $infile $keyname.key >$zonefile
|
||||
|
||||
$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -P -o $zone $zonefile > /dev/null 2>&1
|
||||
sed -e 's/bogus/badds/g' < dsset-bogus.example$TP > dsset-badds.example$TP
|
||||
|
||||
#
|
||||
@@ -511,10 +511,10 @@ sed -e 's/bogus/badds/g' < dsset-bogus.example$TP > dsset-badds.example$TP
|
||||
zone=future.example
|
||||
infile=future.example.db.in
|
||||
zonefile=future.example.db
|
||||
kskname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -f KSK $zone`
|
||||
zskname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 $zone`
|
||||
kskname=`$KEYGEN -q -a RSASHA1 -f KSK $zone`
|
||||
zskname=`$KEYGEN -q -a RSASHA1 $zone`
|
||||
cat $infile $kskname.key $zskname.key >$zonefile
|
||||
$SIGNER -P -s +3600 -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -P -s +3600 -o $zone $zonefile > /dev/null 2>&1
|
||||
cp -f $kskname.key trusted-future.key
|
||||
|
||||
#
|
||||
@@ -523,10 +523,10 @@ cp -f $kskname.key trusted-future.key
|
||||
zone=managed-future.example
|
||||
infile=managed-future.example.db.in
|
||||
zonefile=managed-future.example.db
|
||||
kskname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -f KSK $zone`
|
||||
zskname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 $zone`
|
||||
kskname=`$KEYGEN -q -a RSASHA1 -f KSK $zone`
|
||||
zskname=`$KEYGEN -q -a RSASHA1 $zone`
|
||||
cat $infile $kskname.key $zskname.key >$zonefile
|
||||
$SIGNER -P -s +3600 -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -P -s +3600 -o $zone $zonefile > /dev/null 2>&1
|
||||
|
||||
#
|
||||
# A zone with a revoked key
|
||||
@@ -535,11 +535,11 @@ zone=revkey.example.
|
||||
infile=generic.example.db.in
|
||||
zonefile=revkey.example.db
|
||||
|
||||
ksk1=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -3fk $zone`
|
||||
ksk1=`$KEYGEN -q -a RSASHA1 -3fk $zone`
|
||||
ksk1=`$REVOKE $ksk1`
|
||||
ksk2=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -3fk $zone`
|
||||
zsk1=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -3 $zone`
|
||||
ksk2=`$KEYGEN -q -a RSASHA1 -3fk $zone`
|
||||
zsk1=`$KEYGEN -q -a RSASHA1 -3 $zone`
|
||||
|
||||
cat $infile ${ksk1}.key ${ksk2}.key ${zsk1}.key >$zonefile
|
||||
|
||||
$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
|
||||
$SIGNER -P -o $zone $zonefile > /dev/null 2>&1
|
||||
|
||||
Reference in New Issue
Block a user