</para>
</listitem>
</varlistentry>
+ <varlistentry>
+ <term>secure-all-zones</term>
+ <listitem>
+ <para>
+ Add keymaterial to all zones. You should manually run 'rectify-all-zones' afterwards.
+ </para>
+ </listitem>
+ </varlistentry>
<varlistentry>
<term>set-nsec3 ZONE 'parameters' [narrow]</term>
<listitem>
<varlistentry><term>disable-axfr-rectify=...</term>
<listitem><para>
Disable the rectify step during an outgoing AXFR. Only required for regression testing.
- Default is no."/>.
+ Default is no.
</para></listitem></varlistentry>
<varlistentry><term>disable-tcp=...</term>
<listitem><para>
cerr<<"rectify-zone ZONE [ZONE ..] Fix up DNSSEC fields (order, auth)"<<endl;
cerr<<"rectify-all-zones Rectify all zones."<<endl;
cerr<<"remove-zone-key ZONE KEY-ID Remove key with KEY-ID from ZONE"<<endl;
+ cerr<<"secure-all-zones Secure all zones without keys."<<endl;
cerr<<"secure-zone ZONE [ZONE ..] Add KSK and two ZSKs"<<endl;
cerr<<"set-nsec3 ZONE ['params' [narrow]] Enable NSEC3 with PARAMs. Optionally narrow"<<endl;
cerr<<"set-presigned ZONE Use presigned RRSIGs from storage"<<endl;
}
return 0;
}
+ else if (cmds[0] == "secure-all-zones") {
+ UeberBackend B("default");
+
+ unsigned int zoneErrors=0;
+ vector<DomainInfo> domainInfo;
+ B.getAllDomains(&domainInfo);
+
+ dk.startTransaction();
+ BOOST_FOREACH(DomainInfo di, domainInfo) {
+ if(!dk.isSecuredZone(di.zone)) {
+ cout<<"Securing "<<di.zone<<": ";
+ if (!secureZone(dk, di.zone))
+ zoneErrors++;
+ }
+ }
+ dk.commitTransaction();
+
+ cout<<"Secured: "<<domainInfo.size()<<" zones. Errors: "<<zoneErrors<<endl;
+
+ if (zoneErrors) {
+ return 1;
+ }
+ return 0;
+ }
else if(cmds[0]=="set-nsec3") {
if(cmds.size() < 2) {
cerr<<"Syntax: pdnssec set-nsec3 ZONE 'params' [narrow]"<<endl;
projects / thirdparty / pdns.git / commitdiff
