1#!/bin/sh 2# 3# Copyright (C) Internet Systems Consortium, Inc. ("ISC") 4# 5# This Source Code Form is subject to the terms of the Mozilla Public 6# License, v. 2.0. If a copy of the MPL was not distributed with this 7# file, you can obtain one at https://mozilla.org/MPL/2.0/. 8# 9# See the COPYRIGHT file distributed with this work for additional 10# information regarding copyright ownership. 11 12. ../../conf.sh 13 14SYSTESTDIR=wildcard 15 16dssets= 17 18# RFC 4592 example zone. 19cp example.db.in example.db 20 21zone=nsec 22infile=nsec.db.in 23zonefile=nsec.db 24outfile=nsec.db.signed 25dssets="$dssets dsset-${zone}${TP}" 26 27keyname1=`$KEYGEN -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null` 28keyname2=`$KEYGEN -f KSK -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null` 29 30cat $infile $keyname1.key $keyname2.key > $zonefile 31 32$SIGNER -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err 33echo_i "signed $zone" 34 35zone=private.nsec 36infile=private.nsec.db.in 37zonefile=private.nsec.db 38outfile=private.nsec.db.signed 39 40keyname1=`$KEYGEN -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null` 41keyname2=`$KEYGEN -f KSK -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null` 42 43cat $infile $keyname1.key $keyname2.key > $zonefile 44 45$SIGNER -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err 46echo_i "signed $zone" 47 48keyfile_to_static_ds $keyname2 > private.nsec.conf 49 50zone=nsec3 51infile=nsec3.db.in 52zonefile=nsec3.db 53outfile=nsec3.db.signed 54dssets="$dssets dsset-${zone}${TP}" 55 56keyname1=`$KEYGEN -a NSEC3RSASHA1 -b 1024 -n zone $zone 2> /dev/null` 57keyname2=`$KEYGEN -f KSK -a NSEC3RSASHA1 -b 1024 -n zone $zone 2> /dev/null` 58 59cat $infile $keyname1.key $keyname2.key > $zonefile 60 61$SIGNER -3 - -H 10 -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err 62echo_i "signed $zone" 63 64zone=private.nsec3 65infile=private.nsec3.db.in 66zonefile=private.nsec3.db 67outfile=private.nsec3.db.signed 68 69keyname1=`$KEYGEN -a NSEC3RSASHA1 -b 1024 -n zone $zone 2> /dev/null` 70keyname2=`$KEYGEN -f KSK -a NSEC3RSASHA1 -b 1024 -n zone $zone 2> /dev/null` 71 72cat $infile $keyname1.key $keyname2.key > $zonefile 73 74$SIGNER -3 - -H 10 -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err 75echo_i "signed $zone" 76 77keyfile_to_static_ds $keyname2 > private.nsec3.conf 78 79zone=. 80infile=root.db.in 81zonefile=root.db 82outfile=root.db.signed 83 84keyname1=`$KEYGEN -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null` 85keyname2=`$KEYGEN -f KSK -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null` 86 87cat $infile $keyname1.key $keyname2.key $dssets >$zonefile 88 89$SIGNER -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err 90echo_i "signed $zone" 91 92keyfile_to_static_ds $keyname2 > trusted.conf 93