dnssec system test: Remove RSAMD5 usage and make script shellcheck compliant
This commit is contained in:
Ondřej Surý
@@ -9,8 +9,8 @@
|
||||
# See the COPYRIGHT file distributed with this work for additional
|
||||
# information regarding copyright ownership.
|
||||
|
||||
SYSTEMTESTTOP=../..
|
||||
. $SYSTEMTESTTOP/conf.sh
|
||||
# shellcheck source=conf.sh
|
||||
. "$SYSTEMTESTTOP/conf.sh"
|
||||
|
||||
zone=example.
|
||||
infile=example.db.in
|
||||
@@ -27,21 +27,23 @@ for subdomain in secure badds bogus dynamic keyless nsec3 optout \
|
||||
dnskey-unknown dnskey-nsec3-unknown managed-future revkey \
|
||||
dname-at-apex-nsec3
|
||||
do
|
||||
cp ../ns3/dsset-$subdomain.example$TP .
|
||||
cp "../ns3/dsset-$subdomain.example$TP" .
|
||||
done
|
||||
|
||||
keyname1=`$KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone`
|
||||
keyname2=`$KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone`
|
||||
keyname1=$("$KEYGEN" -q -a "$ALTERNATIVE_ALGORITHM" -b "$ALTERNATIVE_BITS" -n zone -f KSK "$zone")
|
||||
keyname2=$("$KEYGEN" -q -a "$ALTERNATIVE_ALGORITHM" -b "$ALTERNATIVE_BITS" -n zone "$zone")
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
cat "$infile" "$keyname1.key" "$keyname2.key" > "$zonefile"
|
||||
|
||||
$SIGNER -P -g -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null
|
||||
"$SIGNER" -P -g -o "$zone" -k "$keyname1" "$zonefile" "$keyname2" > /dev/null
|
||||
|
||||
#
|
||||
# lower/uppercase the signature bits with the exception of the last characters
|
||||
# changing the last 4 characters will lead to a bad base64 encoding.
|
||||
#
|
||||
$CHECKZONE -D -q -i local $zone $zonefile.signed |
|
||||
|
||||
zonefiletmp=$(mktemp "$zonefile.XXXXXX") || exit 1
|
||||
"$CHECKZONE" -D -q -i local "$zone" "$zonefile.signed" |
|
||||
awk '
|
||||
tolower($1) == "bad-cname.example." && $4 == "RRSIG" && $5 == "CNAME" {
|
||||
for (i = 1; i <= NF; i++ ) {
|
||||
@@ -81,7 +83,7 @@ tolower($1) == "bad-dname.example." && $4 == "RRSIG" && $5 == "DNAME" {
|
||||
next;
|
||||
}
|
||||
|
||||
{ print; }' > $zonefile.signed++ && mv $zonefile.signed++ $zonefile.signed
|
||||
{ print; }' > "$zonefiletmp" && mv "$zonefiletmp" "$zonefile.signed"
|
||||
|
||||
#
|
||||
# signed in-addr.arpa w/ a delegation for 10.in-addr.arpa which is unsigned.
|
||||
@@ -90,11 +92,11 @@ zone=in-addr.arpa.
|
||||
infile=in-addr.arpa.db.in
|
||||
zonefile=in-addr.arpa.db
|
||||
|
||||
keyname1=`$KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone`
|
||||
keyname2=`$KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone`
|
||||
keyname1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
|
||||
keyname2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
$SIGNER -P -g -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null
|
||||
cat "$infile" "$keyname1.key" "$keyname2.key" > "$zonefile"
|
||||
"$SIGNER" -P -g -o "$zone" -k "$keyname1" "$zonefile" "$keyname2" > /dev/null
|
||||
|
||||
# Sign the privately secure file
|
||||
|
||||
@@ -102,25 +104,24 @@ privzone=private.secure.example.
|
||||
privinfile=private.secure.example.db.in
|
||||
privzonefile=private.secure.example.db
|
||||
|
||||
privkeyname=`$KEYGEN -q -a ${DEFAULT_ALGORITHM} -b ${DEFAULT_BITS} -n zone $privzone`
|
||||
privkeyname=$("$KEYGEN" -q -a "${DEFAULT_ALGORITHM}" -b "${DEFAULT_BITS}" -n zone "$privzone")
|
||||
|
||||
cat $privinfile $privkeyname.key >$privzonefile
|
||||
cat "$privinfile" "$privkeyname.key" > "$privzonefile"
|
||||
|
||||
$SIGNER -P -g -o $privzone -l dlv $privzonefile > /dev/null
|
||||
"$SIGNER" -P -g -o "$privzone" -l dlv "$privzonefile" > /dev/null
|
||||
|
||||
# Sign the DLV secure zone.
|
||||
|
||||
|
||||
dlvzone=dlv.
|
||||
dlvinfile=dlv.db.in
|
||||
dlvzonefile=dlv.db
|
||||
dlvsetfile=dlvset-`echo $privzone |sed -e "s/\.$//g"`$TP
|
||||
dlvsetfile="dlvset-$(echo "$privzone" |sed -e "s/\\.$//g")$TP"
|
||||
|
||||
dlvkeyname=`$KEYGEN -q -a ${DEFAULT_ALGORITHM} -b ${DEFAULT_BITS} -n zone $dlvzone`
|
||||
dlvkeyname=$("$KEYGEN" -q -a "${DEFAULT_ALGORITHM}" -b "${DEFAULT_BITS}" -n zone "$dlvzone")
|
||||
|
||||
cat $dlvinfile $dlvkeyname.key $dlvsetfile > $dlvzonefile
|
||||
cat "$dlvinfile" "$dlvkeyname.key" "$dlvsetfile" > "$dlvzonefile"
|
||||
|
||||
$SIGNER -P -g -o $dlvzone $dlvzonefile > /dev/null
|
||||
"$SIGNER" -P -g -o "$dlvzone" "$dlvzonefile" > /dev/null
|
||||
|
||||
# Sign the badparam secure file
|
||||
|
||||
@@ -128,14 +129,14 @@ zone=badparam.
|
||||
infile=badparam.db.in
|
||||
zonefile=badparam.db
|
||||
|
||||
keyname1=`$KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone -f KSK $zone`
|
||||
keyname2=`$KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone`
|
||||
keyname1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
|
||||
keyname2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
cat "$infile" "$keyname1.key" "$keyname2.key" > "$zonefile"
|
||||
|
||||
$SIGNER -P -3 - -H 1 -g -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null
|
||||
"$SIGNER" -P -3 - -H 1 -g -o "$zone" -k "$keyname1" "$zonefile" "$keyname2" > /dev/null
|
||||
|
||||
sed 's/IN NSEC3 1 0 1 /IN NSEC3 1 0 10 /' $zonefile.signed > $zonefile.bad
|
||||
sed -e 's/IN NSEC3 1 0 1 /IN NSEC3 1 0 10 /' "$zonefile.signed" > "$zonefile.bad"
|
||||
|
||||
# Sign the single-nsec3 secure zone with optout
|
||||
|
||||
@@ -143,12 +144,12 @@ zone=single-nsec3.
|
||||
infile=single-nsec3.db.in
|
||||
zonefile=single-nsec3.db
|
||||
|
||||
keyname1=`$KEYGEN -q -a RSASHA256 -b 1024 -n zone -f KSK $zone`
|
||||
keyname2=`$KEYGEN -q -a RSASHA256 -b 1024 -n zone $zone`
|
||||
keyname1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
|
||||
keyname2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
|
||||
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
cat "$infile" "$keyname1.key" "$keyname2.key" > "$zonefile"
|
||||
|
||||
$SIGNER -P -3 - -A -H 1 -g -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null
|
||||
"$SIGNER" -P -3 - -A -H 1 -g -o "$zone" -k "$keyname1" "$zonefile" "$keyname2" > /dev/null
|
||||
|
||||
#
|
||||
# algroll has just has the old DNSKEY records removed and is waiting
|
||||
@@ -159,14 +160,14 @@ zone=algroll.
|
||||
infile=algroll.db.in
|
||||
zonefile=algroll.db
|
||||
|
||||
keyold1=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -fk $zone`
|
||||
keyold2=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
|
||||
keynew1=`$KEYGEN -q -a RSASHA256 -b 1024 -n zone -fk $zone`
|
||||
keynew2=`$KEYGEN -q -a RSASHA256 -b 1024 -n zone $zone`
|
||||
keyold1=$("$KEYGEN" -q -a "$ALTERNATIVE_ALGORITHM" -b "$ALTERNATIVE_BITS" -n zone -f KSK "$zone")
|
||||
keyold2=$("$KEYGEN" -q -a "$ALTERNATIVE_ALGORITHM" -b "$ALTERNATIVE_BITS" -n zone "$zone")
|
||||
keynew1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
|
||||
keynew2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
|
||||
|
||||
cat $infile $keynew1.key $keynew2.key >$zonefile
|
||||
cat "$infile" "$keynew1.key" "$keynew2.key" > "$zonefile"
|
||||
|
||||
$SIGNER -P -o $zone -k $keyold1 -k $keynew1 $zonefile $keyold1 $keyold2 $keynew1 $keynew2 > /dev/null
|
||||
"$SIGNER" -P -o "$zone" -k "$keyold1" -k "$keynew1" "$zonefile" "$keyold1" "$keyold2" "$keynew1" "$keynew2" > /dev/null
|
||||
|
||||
#
|
||||
# Make a zone big enough that it takes several seconds to generate a new
|
||||
@@ -174,103 +175,104 @@ $SIGNER -P -o $zone -k $keyold1 -k $keynew1 $zonefile $keyold1 $keyold2 $keynew1
|
||||
#
|
||||
zone=nsec3chain-test
|
||||
zonefile=nsec3chain-test.db
|
||||
cat > $zonefile << 'EOF'
|
||||
$TTL 10
|
||||
cat > "$zonefile" << EOF
|
||||
\$TTL 10
|
||||
@ 10 SOA ns2 hostmaster 0 3600 1200 864000 1200
|
||||
@ 10 NS ns2
|
||||
@ 10 NS ns3
|
||||
ns2 10 A 10.53.0.2
|
||||
ns3 10 A 10.53.0.3
|
||||
EOF
|
||||
awk 'END { for (i = 0; i < 300; i++)
|
||||
print "host" i, 10, "NS", "ns.elsewhere"; }' < /dev/null >> $zonefile
|
||||
key1=`$KEYGEN -q -a RSASHA256 -b 1024 -n zone -fk $zone`
|
||||
key2=`$KEYGEN -q -a RSASHA256 -b 1024 -n zone $zone`
|
||||
cat $key1.key $key2.key >> $zonefile
|
||||
$SIGNER -P -3 - -A -H 1 -g -o $zone -k $key1 $zonefile $key2 > /dev/null
|
||||
for i in $(seq 300); do
|
||||
echo "host$i 10 IN NS ns.elsewhere"
|
||||
done >> "$zonefile"
|
||||
key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
|
||||
key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
|
||||
cat "$key1.key" "$key2.key" >> "$zonefile"
|
||||
"$SIGNER" -P -3 - -A -H 1 -g -o "$zone" -k "$key1" "$zonefile" "$key2" > /dev/null
|
||||
|
||||
zone=cds.secure
|
||||
infile=cds.secure.db.in
|
||||
zonefile=cds.secure.db
|
||||
key1=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -fk $zone`
|
||||
key2=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
|
||||
$DSFROMKEY -C $key1.key > $key1.cds
|
||||
cat $infile $key1.key $key2.key $key1.cds >$zonefile
|
||||
$SIGNER -P -g -o $zone $zonefile > /dev/null
|
||||
key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
|
||||
key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
|
||||
"$DSFROMKEY" -C "$key1.key" > "$key1.cds"
|
||||
cat "$infile" "$key1.key" "$key2.key" "$key1.cds" >$zonefile
|
||||
"$SIGNER" -P -g -o "$zone" "$zonefile" > /dev/null
|
||||
|
||||
zone=cds-x.secure
|
||||
infile=cds.secure.db.in
|
||||
zonefile=cds-x.secure.db
|
||||
key1=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -fk $zone`
|
||||
key2=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -fk $zone`
|
||||
key3=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
|
||||
$DSFROMKEY -C $key2.key > $key2.cds
|
||||
cat $infile $key1.key $key3.key $key2.cds >$zonefile
|
||||
$SIGNER -P -g -x -o $zone $zonefile > /dev/null
|
||||
key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
|
||||
key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
|
||||
key3=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
|
||||
"$DSFROMKEY" -C "$key2.key" > "$key2.cds"
|
||||
cat "$infile" "$key1.key" "$key3.key" "$key2.cds" > "$zonefile"
|
||||
"$SIGNER" -P -g -x -o "$zone" "$zonefile" > /dev/null
|
||||
|
||||
zone=cds-update.secure
|
||||
infile=cds-update.secure.db.in
|
||||
zonefile=cds-update.secure.db
|
||||
key1=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -fk $zone`
|
||||
key2=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
|
||||
cat $infile $key1.key $key2.key > $zonefile
|
||||
$SIGNER -P -g -o $zone $zonefile > /dev/null
|
||||
key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
|
||||
key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
|
||||
cat "$infile" "$key1.key" "$key2.key" > "$zonefile"
|
||||
"$SIGNER" -P -g -o "$zone" "$zonefile" > /dev/null
|
||||
|
||||
zone=cds-kskonly.secure
|
||||
infile=cds-kskonly.secure.db.in
|
||||
zonefile=cds-kskonly.secure.db
|
||||
key1=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -fk $zone`
|
||||
key2=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
|
||||
cat $infile $key1.key $key2.key > $zonefile
|
||||
$SIGNER -P -g -o $zone $zonefile > /dev/null
|
||||
key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
|
||||
key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
|
||||
cat "$infile" "$key1.key" "$key2.key" > "$zonefile"
|
||||
"$SIGNER" -P -g -o "$zone" "$zonefile" > /dev/null
|
||||
|
||||
zone=cds-auto.secure
|
||||
infile=cds-auto.secure.db.in
|
||||
zonefile=cds-auto.secure.db
|
||||
key1=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -fk $zone`
|
||||
key2=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
|
||||
$DSFROMKEY -C $key1.key > $key1.cds
|
||||
cat $infile $key1.cds > $zonefile.signed
|
||||
key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
|
||||
key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
|
||||
"$DSFROMKEY" -C "$key1.key" > "$key1.cds"
|
||||
cat "$infile" "$key1.cds" > "$zonefile.signed"
|
||||
|
||||
zone=cdnskey.secure
|
||||
infile=cdnskey.secure.db.in
|
||||
zonefile=cdnskey.secure.db
|
||||
key1=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -fk $zone`
|
||||
key2=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
|
||||
sed 's/DNSKEY/CDNSKEY/' $key1.key > $key1.cds
|
||||
cat $infile $key1.key $key2.key $key1.cds >$zonefile
|
||||
$SIGNER -P -g -o $zone $zonefile > /dev/null
|
||||
key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
|
||||
key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
|
||||
sed 's/DNSKEY/CDNSKEY/' "$key1.key" > "$key1.cds"
|
||||
cat "$infile" "$key1.key" "$key2.key" "$key1.cds" > "$zonefile"
|
||||
"$SIGNER" -P -g -o "$zone" "$zonefile" > /dev/null
|
||||
|
||||
zone=cdnskey-x.secure
|
||||
infile=cdnskey.secure.db.in
|
||||
zonefile=cdnskey-x.secure.db
|
||||
key1=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -fk $zone`
|
||||
key2=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -fk $zone`
|
||||
key3=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
|
||||
sed 's/DNSKEY/CDNSKEY/' $key1.key > $key1.cds
|
||||
cat $infile $key2.key $key3.key $key1.cds >$zonefile
|
||||
$SIGNER -P -g -x -o $zone $zonefile > /dev/null
|
||||
key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
|
||||
key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
|
||||
key3=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
|
||||
sed 's/DNSKEY/CDNSKEY/' "$key1.key" > "$key1.cds"
|
||||
cat "$infile" "$key2.key" "$key3.key" "$key1.cds" > "$zonefile"
|
||||
"$SIGNER" -P -g -x -o "$zone" "$zonefile" > /dev/null
|
||||
|
||||
zone=cdnskey-update.secure
|
||||
infile=cdnskey-update.secure.db.in
|
||||
zonefile=cdnskey-update.secure.db
|
||||
key1=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -fk $zone`
|
||||
key2=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
|
||||
cat $infile $key1.key $key2.key > $zonefile
|
||||
$SIGNER -P -g -o $zone $zonefile > /dev/null
|
||||
key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
|
||||
key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
|
||||
cat "$infile" "$key1.key" "$key2.key" > "$zonefile"
|
||||
"$SIGNER" -P -g -o "$zone" "$zonefile" > /dev/null
|
||||
|
||||
zone=cdnskey-kskonly.secure
|
||||
infile=cdnskey-kskonly.secure.db.in
|
||||
zonefile=cdnskey-kskonly.secure.db
|
||||
key1=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -fk $zone`
|
||||
key2=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
|
||||
cat $infile $key1.key $key2.key > $zonefile
|
||||
$SIGNER -P -g -o $zone $zonefile > /dev/null
|
||||
key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
|
||||
key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
|
||||
cat "$infile" "$key1.key" "$key2.key" > "$zonefile"
|
||||
"$SIGNER" -P -g -o "$zone" "$zonefile" > /dev/null
|
||||
|
||||
zone=cdnskey-auto.secure
|
||||
infile=cdnskey-auto.secure.db.in
|
||||
zonefile=cdnskey-auto.secure.db
|
||||
key1=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -fk $zone`
|
||||
key2=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
|
||||
sed 's/DNSKEY/CDNSKEY/' $key1.key > $key1.cds
|
||||
cat $infile $key1.cds > $zonefile.signed
|
||||
key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
|
||||
key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
|
||||
sed 's/DNSKEY/CDNSKEY/' "$key1.key" > "$key1.cds"
|
||||
cat "$infile" "$key1.cds" > "$zonefile.signed"
|
||||
|
||||
Reference in New Issue
Block a user