remove dnssec scripts from another era

diff --git a/pdns/dnssec-scripts/clone-zone b/pdns/dnssec-scripts/clone-zone
deleted file mode 100755 (executable)
index db95e0d..0000000
--- a/pdns/dnssec-scripts/clone-zone
+++ /dev/null
@@ -1,16 +0,0 @@
-#!/usr/bin/env bash
-
-TIMERANGE=$(drill -D @127.0.0.1 -p 5300 powerdnssec.org -t soa | grep RRSIG | head -1 | 
-       awk '{printf "-e %s -i %s", $9, $10}')
-
-drill axfr $1 @127.0.0.1 -p 5300 > $1.zone
-PLAINZONE=$1.zone
-ZSKTAG=$(drill -D @127.0.0.1 -p 5300 powerdnssec.org -t soa  | grep RRSIG | cut -f2 -d{ | cut -f1 -d} | awk '{print $3}')
-ZSKID=$(../pdnssec show-zone powerdnssec.org  | grep "tag = $ZSKTAG," | cut -f3 -d" ")
-../pdnssec export-zone-key powerdnssec.org $ZSKID > key-$ZSKID.private
-
-ldns-signzone $2 $3 $4 $1 $TIMERANGE key-$ZSKID
-echo Zone signed with key id $ZSKID now in $1.signed
-cp $1.signed /tmp/$1
-sudo nsdc rebuild
-sudo nsdc reload

diff --git a/pdns/dnssec-scripts/gencmpquestions b/pdns/dnssec-scripts/gencmpquestions
deleted file mode 100755 (executable)
index 3d4dd36..0000000
--- a/pdns/dnssec-scripts/gencmpquestions
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/usr/bin/env bash
-PDNSPORT=5300
-CMPPORT=53
-
-awk '{print $1, $4}' $1  | egrep -v 'RRSIG|NSEC3' | sort -u |  \
-while read a b; do dig $a $b @127.0.0.1 -p $PDNSPORT +dnssec +noauth | grep \
--v ^\; > output.$a-$b.pdns ;  dig +dnssec $a $b @127.0.0.1 -p $CMPPORT +noauth | \
-grep -v ^\; > output.$a-$b.nsd; done

diff --git a/pdns/dnssec-scripts/gendiff b/pdns/dnssec-scripts/gendiff
deleted file mode 100755 (executable)
index 3089c4c..0000000
--- a/pdns/dnssec-scripts/gendiff
+++ /dev/null
@@ -1,7 +0,0 @@
-#!/usr/bin/env bash
-
-for a in output.*.pdns
-do 
-       echo $a 
-       diff -uBb $a $(echo $a | sed 's/pdns/nsd/g')
-done
\ No newline at end of file

diff --git a/pdns/how-to-compare-bind-and-pdns-dnssec-output.txt b/pdns/how-to-compare-bind-and-pdns-dnssec-output.txt
deleted file mode 100644 (file)
index fd4def5..0000000
--- a/pdns/how-to-compare-bind-and-pdns-dnssec-output.txt
+++ /dev/null
@@ -1,57 +0,0 @@
-1: Take a bare zonefile, say powerdnssec.org
-
-2: Load into PowerDNS
-
-3: pdnssec secure-zone powerdnssec.org
-
-4: copy the bare powerdnssec.org zonefile to subdirectory 'to-bind'
- $ mkdir to-bind
- $ cp powerdnssec.org to-bind
-
-5: determine the active ZSK tag, and copy the right keys
- $ TAG=$(./pdnssec show-zone powerdnssec.org | grep "Active: 1" | awk '{print $3}')
- $ cp $(find keys/ -name "*.$TAG.*") to-bind
-
-6: put the DNSKEY in the zone
- $ cd to-bind
- $ cat *.dnskey >> powerdnssec.org
-
-7: rename the files to ISC dnssec-signzone understands them:
- $ mv *.$TAG.dnskey Kpowerdnssec.org.+005+$TAG.key
- $ mv *.$TAG.isc Kpowerdnssec.org.+005+$TAG.private
-
-8: actually sign
- $ dnssec-signzone -P powerdnssec.org
-
-9: icing on the cake, sign with identical timestamps
-
- $ STAMPS=$(dig -t ns powerdnssec.org @127.0.0.1 -p 5300 +dnssec | grep RRSIG | awk '{printf "-s %d -e %d", $10, $9}')
- $ dnssec-signzone -P $STAMPS powerdnssec.org 
-
-10: load it all up in BIND too
-
-$ cat << EOF > minconfig.conf
-controls { /* empty */ };
-
-options {
-        port 53;
-        pid-file "named.pid";
-        listen-on port 5333 { 127.0.0.1; };
-        listen-on-v6 { none; };
-        recursion no;
-        minimal-responses yes;
-};
-
-zone "powerdnssec.org" {
-        type master;
-        file "powerdnssec.org.signed";
-};
-
-EOF 
-
- $ named -c minconfig.conf
-
-11: Verify
-$ dig +norecurs www.powerdnssec.org @127.0.0.1 -p 5333 +dnssec +nocmd +noall +answer | grep -v DiG > bind
-$ dig +norecurs www.powerdnssec.org @127.0.0.1 -p 5300 +dnssec +nocmd +noall +answer | grep -v DiG > pdns
-$ diff -uBb bind pdns