From 8faeebc0a751e983494fa90c125db4771a3103bd Mon Sep 17 00:00:00 2001 From: Kees Monshouwer Date: Wed, 30 Jul 2014 14:42:41 +0200 Subject: [PATCH] remove dnssec scripts from another era --- pdns/dnssec-scripts/clone-zone | 16 ------ pdns/dnssec-scripts/gencmpquestions | 8 --- pdns/dnssec-scripts/gendiff | 7 --- ...to-compare-bind-and-pdns-dnssec-output.txt | 57 ------------------- 4 files changed, 88 deletions(-) delete mode 100755 pdns/dnssec-scripts/clone-zone delete mode 100755 pdns/dnssec-scripts/gencmpquestions delete mode 100755 pdns/dnssec-scripts/gendiff delete mode 100644 pdns/how-to-compare-bind-and-pdns-dnssec-output.txt diff --git a/pdns/dnssec-scripts/clone-zone b/pdns/dnssec-scripts/clone-zone deleted file mode 100755 index db95e0d4ed..0000000000 --- a/pdns/dnssec-scripts/clone-zone +++ /dev/null @@ -1,16 +0,0 @@ -#!/usr/bin/env bash - -TIMERANGE=$(drill -D @127.0.0.1 -p 5300 powerdnssec.org -t soa | grep RRSIG | head -1 | - awk '{printf "-e %s -i %s", $9, $10}') - -drill axfr $1 @127.0.0.1 -p 5300 > $1.zone -PLAINZONE=$1.zone -ZSKTAG=$(drill -D @127.0.0.1 -p 5300 powerdnssec.org -t soa | grep RRSIG | cut -f2 -d{ | cut -f1 -d} | awk '{print $3}') -ZSKID=$(../pdnssec show-zone powerdnssec.org | grep "tag = $ZSKTAG," | cut -f3 -d" ") -../pdnssec export-zone-key powerdnssec.org $ZSKID > key-$ZSKID.private - -ldns-signzone $2 $3 $4 $1 $TIMERANGE key-$ZSKID -echo Zone signed with key id $ZSKID now in $1.signed -cp $1.signed /tmp/$1 -sudo nsdc rebuild -sudo nsdc reload diff --git a/pdns/dnssec-scripts/gencmpquestions b/pdns/dnssec-scripts/gencmpquestions deleted file mode 100755 index 3d4dd367ac..0000000000 --- a/pdns/dnssec-scripts/gencmpquestions +++ /dev/null @@ -1,8 +0,0 @@ -#!/usr/bin/env bash -PDNSPORT=5300 -CMPPORT=53 - -awk '{print $1, $4}' $1 | egrep -v 'RRSIG|NSEC3' | sort -u | \ -while read a b; do dig $a $b @127.0.0.1 -p $PDNSPORT +dnssec +noauth | grep \ --v ^\; > output.$a-$b.pdns ; dig +dnssec $a $b @127.0.0.1 -p $CMPPORT +noauth | \ -grep -v ^\; > output.$a-$b.nsd; done diff --git a/pdns/dnssec-scripts/gendiff b/pdns/dnssec-scripts/gendiff deleted file mode 100755 index 3089c4cafa..0000000000 --- a/pdns/dnssec-scripts/gendiff +++ /dev/null @@ -1,7 +0,0 @@ -#!/usr/bin/env bash - -for a in output.*.pdns -do - echo $a - diff -uBb $a $(echo $a | sed 's/pdns/nsd/g') -done \ No newline at end of file diff --git a/pdns/how-to-compare-bind-and-pdns-dnssec-output.txt b/pdns/how-to-compare-bind-and-pdns-dnssec-output.txt deleted file mode 100644 index fd4def5f71..0000000000 --- a/pdns/how-to-compare-bind-and-pdns-dnssec-output.txt +++ /dev/null @@ -1,57 +0,0 @@ -1: Take a bare zonefile, say powerdnssec.org - -2: Load into PowerDNS - -3: pdnssec secure-zone powerdnssec.org - -4: copy the bare powerdnssec.org zonefile to subdirectory 'to-bind' - $ mkdir to-bind - $ cp powerdnssec.org to-bind - -5: determine the active ZSK tag, and copy the right keys - $ TAG=$(./pdnssec show-zone powerdnssec.org | grep "Active: 1" | awk '{print $3}') - $ cp $(find keys/ -name "*.$TAG.*") to-bind - -6: put the DNSKEY in the zone - $ cd to-bind - $ cat *.dnskey >> powerdnssec.org - -7: rename the files to ISC dnssec-signzone understands them: - $ mv *.$TAG.dnskey Kpowerdnssec.org.+005+$TAG.key - $ mv *.$TAG.isc Kpowerdnssec.org.+005+$TAG.private - -8: actually sign - $ dnssec-signzone -P powerdnssec.org - -9: icing on the cake, sign with identical timestamps - - $ STAMPS=$(dig -t ns powerdnssec.org @127.0.0.1 -p 5300 +dnssec | grep RRSIG | awk '{printf "-s %d -e %d", $10, $9}') - $ dnssec-signzone -P $STAMPS powerdnssec.org - -10: load it all up in BIND too - -$ cat << EOF > minconfig.conf -controls { /* empty */ }; - -options { - port 53; - pid-file "named.pid"; - listen-on port 5333 { 127.0.0.1; }; - listen-on-v6 { none; }; - recursion no; - minimal-responses yes; -}; - -zone "powerdnssec.org" { - type master; - file "powerdnssec.org.signed"; -}; - -EOF - - $ named -c minconfig.conf - -11: Verify -$ dig +norecurs www.powerdnssec.org @127.0.0.1 -p 5333 +dnssec +nocmd +noall +answer | grep -v DiG > bind -$ dig +norecurs www.powerdnssec.org @127.0.0.1 -p 5300 +dnssec +nocmd +noall +answer | grep -v DiG > pdns -$ diff -uBb bind pdns -- 2.47.2