fprintf(stderr, " -k: generate a TYPE=KEY key\n");
fprintf(stderr, " -L ttl: default key TTL\n");
fprintf(stderr, " -M <min>:<max>: allowed Key ID range\n");
- fprintf(stderr, " -n nametype: ZONE | HOST | ENTITY | USER | "
- "OTHER\n");
fprintf(stderr, " (DNSKEY generation defaults to ZONE\n");
fprintf(stderr, " -p protocol: default: 3 [dnssec]\n");
fprintf(stderr, " -y: permit keys that might collide\n");
int
main(int argc, char **argv) {
char *algname = NULL, *freeit = NULL;
- char *nametype = NULL;
const char *directory = NULL;
const char *predecessor = NULL;
dst_key_t *prevkey = NULL;
bool oldstyle = false;
isc_mem_t *mctx = NULL;
int ch;
- int protocol = -1, signatory = 0;
+ int protocol = -1;
isc_result_t ret;
isc_textregion_t r;
char filename[255];
break;
}
case 'n':
- nametype = isc_commandline_argument;
+ fatal("The -n option has been deprecated.");
break;
case 'p':
protocol = strtol(isc_commandline_argument, &endp, 10);
if (algname != NULL) {
fatal("-S and -a cannot be used together");
}
- if (nametype != NULL) {
- fatal("-S and -n cannot be used together");
- }
if (setpub || unsetpub) {
fatal("-S and -P cannot be used together");
}
setpub = setact = true;
}
- if (nametype == NULL) {
- if ((options & DST_TYPE_KEY) != 0) { /* KEY */
- fatal("no nametype specified");
- }
- flags |= DNS_KEYOWNER_ZONE; /* DNSKEY */
- } else if (strcasecmp(nametype, "zone") == 0) {
- flags |= DNS_KEYOWNER_ZONE;
- } else if ((options & DST_TYPE_KEY) != 0) { /* KEY */
- if (strcasecmp(nametype, "host") == 0 ||
- strcasecmp(nametype, "entity") == 0)
- {
- flags |= DNS_KEYOWNER_ENTITY;
- } else if (strcasecmp(nametype, "user") == 0) {
- /* no owner flags */
- } else {
- fatal("invalid KEY nametype %s", nametype);
- }
- } else if (strcasecmp(nametype, "other") != 0) { /* DNSKEY */
- fatal("invalid DNSKEY nametype %s", nametype);
- }
-
rdclass = strtoclass(classname);
if (directory == NULL) {
directory = ".";
}
- if ((options & DST_TYPE_KEY) != 0) { /* KEY */
- flags |= signatory;
- } else if ((flags & DNS_KEYOWNER_ZONE) != 0) { /* DNSKEY */
+ if ((options & DST_TYPE_KEY) == 0) {
+ flags |= DNS_KEYOWNER_ZONE; /* DNSKEY: name type ZONE */
flags |= kskflag;
flags |= revflag;
+ } else {
+ flags |= DNS_KEYOWNER_ENTITY; /* KEY: name type HOST */
}
if (protocol == -1) {
Synopsis
~~~~~~~~
-:program:`dnssec-keyfromlabel` {**-l** label} [**-3**] [**-a** algorithm] [**-A** date/offset] [**-c** class] [**-D** date/offset] [**-D** sync date/offset] [**-f** flag] [**-G**] [**-I** date/offset] [**-i** interval] [**-k**] [**-K** directory] [**-L** ttl] [**-M** tag_min:tag_max] [**-n** nametype] [**-P** date/offset] [**-P** sync date/offset] [**-p** protocol] [**-R** date/offset] [**-S** key] [**-v** level] [**-V**] [**-y**] {name}
+:program:`dnssec-keyfromlabel` {**-l** label} [**-3**] [**-a** algorithm] [**-A** date/offset] [**-c** class] [**-D** date/offset] [**-D** sync date/offset] [**-f** flag] [**-G**] [**-I** date/offset] [**-i** interval] [**-k**] [**-K** directory] [**-L** ttl] [**-M** tag_min:tag_max] [**-P** date/offset] [**-P** sync date/offset] [**-p** protocol] [**-R** date/offset] [**-S** key] [**-v** level] [**-V**] [**-y**] {name}
Description
~~~~~~~~~~~
When BIND 9 is built with OpenSSL-based PKCS#11 support, the label is
an arbitrary string that identifies a particular key.
-.. option:: -n nametype
-
- This option specifies the owner type of the key. The value of ``nametype`` must
- either be ZONE (for a DNSSEC zone key (KEY/DNSKEY)), HOST or ENTITY
- (for a key associated with a host (KEY)), USER (for a key associated
- with a user (KEY)), or OTHER (DNSKEY). These values are
- case-insensitive.
-
.. option:: -C
This option enables compatibility mode, which generates an old-style key, without any metadata.
const char *directory;
dns_keystore_t *keystore;
char *algname;
- char *nametype;
int protocol;
int size;
uint16_t tag_min;
fprintf(stderr, " ED448:\tignored\n");
fprintf(stderr, " (key size defaults are set according to\n"
" algorithm and usage (ZSK or KSK)\n");
- fprintf(stderr, " -n <nametype>: ZONE | HOST | ENTITY | "
- "USER | OTHER\n");
- fprintf(stderr, " (DNSKEY generation defaults to ZONE)\n");
fprintf(stderr, " -c <class>: (default: IN)\n");
fprintf(stderr, " -d <digest bits> (0 => max, default)\n");
fprintf(stderr, " -f <keyflag>: ZSK | KSK | REVOKE\n");
if (ctx->size >= 0) {
fatal("-S and -b cannot be used together");
}
- if (ctx->nametype != NULL) {
- fatal("-S and -n cannot be used together");
- }
if (ctx->setpub || ctx->unsetpub) {
fatal("-S and -P cannot be used together");
}
break;
}
- if (ctx->nametype == NULL) {
- if ((ctx->options & DST_TYPE_KEY) != 0) { /* KEY */
- fatal("no nametype specified");
- }
- flags |= DNS_KEYOWNER_ZONE; /* DNSKEY */
- } else if (strcasecmp(ctx->nametype, "zone") == 0) {
- flags |= DNS_KEYOWNER_ZONE;
- } else if ((ctx->options & DST_TYPE_KEY) != 0) { /* KEY */
- if (strcasecmp(ctx->nametype, "host") == 0 ||
- strcasecmp(ctx->nametype, "entity") == 0)
- {
- flags |= DNS_KEYOWNER_ENTITY;
- } else if (strcasecmp(ctx->nametype, "user") == 0) {
- /* no owner flags */
- } else {
- fatal("invalid KEY nametype %s", ctx->nametype);
- }
- } else if (strcasecmp(ctx->nametype, "other") != 0) { /* DNSKEY */
- fatal("invalid DNSKEY nametype %s", ctx->nametype);
+ if ((ctx->options & DST_TYPE_KEY) == 0) {
+ flags |= DNS_KEYOWNER_ZONE; /* DNSKEY: name type ZONE */
+ } else {
+ flags |= DNS_KEYOWNER_ENTITY; /* KEY: name type HOST */
}
if (ctx->directory == NULL) {
ctx.configfile = isc_commandline_argument;
break;
case 'n':
- ctx.nametype = isc_commandline_argument;
+ fatal("The -n option has been deprecated.");
break;
case 'M': {
unsigned long ul;
}
if (ctx.policy != NULL) {
- if (ctx.nametype != NULL) {
- fatal("-k and -n cannot be used together");
- }
if (ctx.predecessor != NULL) {
fatal("-k and -S cannot be used together");
}
if (ctx.wantrev) {
fatal("-k and -fR cannot be used together");
}
- if (ctx.options & DST_TYPE_KEY) {
+ if ((ctx.options & DST_TYPE_KEY) != 0) {
fatal("-k and -T KEY cannot be used together");
}
if (ctx.use_nsec3) {
Synopsis
~~~~~~~~
-:program:`dnssec-keygen` [**-3**] [**-A** date/offset] [**-a** algorithm] [**-b** keysize] [**-C**] [**-c** class] [**-D** date/offset] [**-d** bits] [**-D** sync date/offset] [**-f** flag] [**-F**] [**-G**] [**-h**] [**-I** date/offset] [**-i** interval] [**-K** directory] [**-k** policy] [**-L** ttl] [**-l** file] [**-M** tag_min:tag_max] [**-n** nametype] [**-P** date/offset] [**-P** sync date/offset] [**-p** protocol] [**-q**] [**-R** date/offset] [**-S** key] [**-s** strength] [**-T** rrtype] [**-V**] [**-v** level] {name}
+:program:`dnssec-keygen` [**-3**] [**-A** date/offset] [**-a** algorithm] [**-b** keysize] [**-C**] [**-c** class] [**-D** date/offset] [**-d** bits] [**-D** sync date/offset] [**-f** flag] [**-F**] [**-G**] [**-h**] [**-I** date/offset] [**-i** interval] [**-K** directory] [**-k** policy] [**-L** ttl] [**-l** file] [**-M** tag_min:tag_max] [**-P** date/offset] [**-P** sync date/offset] [**-p** protocol] [**-q**] [**-R** date/offset] [**-S** key] [**-s** strength] [**-T** rrtype] [**-V**] [**-v** level] {name}
Description
~~~~~~~~~~~
key tag values to be produced. This option is ignored when ``-k policy``
is specified.
-.. option:: -n nametype
-
- This option specifies the owner type of the key. The value of ``nametype`` must
- either be ZONE (for a DNSSEC zone key (KEY/DNSKEY)), HOST or ENTITY
- (for a key associated with a host (KEY)), USER (for a key associated
- with a user (KEY)), or OTHER (DNSKEY). These values are
- case-insensitive. The default is ZONE for DNSKEY generation.
-
.. option:: -p protocol
This option sets the protocol value for the generated key, for use with
echo_i "ns1/setup.sh"
-ksk=$("$KEYGEN" -q -fk -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
-zsk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
+ksk=$("$KEYGEN" -q -fk -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
+zsk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
cat "$infile" "$ksk.key" "$zsk.key" >"$zonefile"
"$SIGNER" -g -o "$zone" "$zonefile" >/dev/null 2>&1
cp "../ns2/dsset-example." .
-ksk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone .)
+ksk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" .)
cp root.db.in root.db
set -e
-ksk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone example.)
+ksk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" example.)
cp example.db.in example.db
keyfile_to_initial_keys "$ksk" >../ns3/anchor.dnskey
keyfile_to_initial_ds "$ksk" >../ns3/anchor.ds
-ksk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone example.tld.)
+ksk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" example.tld.)
"$SIGNER" -Sz -f example.tld.db -o example.tld example.db.in >/dev/null 2>&1
grep "$DEFAULT_ALGORITHM_NUMBER [12] " "../ns2/dsset-algroll." >"dsset-algroll."
cp "../ns6/dsset-optout-tld." .
-ksk=$("$KEYGEN" -q -fk -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
-zsk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
+ksk=$("$KEYGEN" -q -fk -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
+zsk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
cat "$infile" "$ksk.key" "$zsk.key" >"$zonefile"
infile=key.db.in
zonefile=managed.db
-keyname1=$("$KEYGEN" -q -a "$ALTERNATIVE_ALGORITHM" -b "$ALTERNATIVE_BITS" -n zone -f KSK "$zone")
-keyname2=$("$KEYGEN" -q -a "$ALTERNATIVE_ALGORITHM" -b "$ALTERNATIVE_BITS" -n zone "$zone")
+keyname1=$("$KEYGEN" -q -a "$ALTERNATIVE_ALGORITHM" -b "$ALTERNATIVE_BITS" -f KSK "$zone")
+keyname2=$("$KEYGEN" -q -a "$ALTERNATIVE_ALGORITHM" -b "$ALTERNATIVE_BITS" "$zone")
cat "$infile" "$keyname1.key" "$keyname2.key" >"$zonefile"
infile=key.db.in
zonefile=trusted.db
-keyname1=$("$KEYGEN" -q -a "$ALTERNATIVE_ALGORITHM" -b "$ALTERNATIVE_BITS" -n zone -f KSK "$zone")
-keyname2=$("$KEYGEN" -q -a "$ALTERNATIVE_ALGORITHM" -b "$ALTERNATIVE_BITS" -n zone "$zone")
+keyname1=$("$KEYGEN" -q -a "$ALTERNATIVE_ALGORITHM" -b "$ALTERNATIVE_BITS" -f KSK "$zone")
+keyname2=$("$KEYGEN" -q -a "$ALTERNATIVE_ALGORITHM" -b "$ALTERNATIVE_BITS" "$zone")
cat "$infile" "$keyname1.key" "$keyname2.key" >"$zonefile"
done
# Sign the "example." zone.
-keyname1=$("$KEYGEN" -q -a "$ALTERNATIVE_ALGORITHM" -b "$ALTERNATIVE_BITS" -n zone -f KSK "$zone")
-keyname2=$("$KEYGEN" -q -a "$ALTERNATIVE_ALGORITHM" -b "$ALTERNATIVE_BITS" -n zone "$zone")
+keyname1=$("$KEYGEN" -q -a "$ALTERNATIVE_ALGORITHM" -b "$ALTERNATIVE_BITS" -f KSK "$zone")
+keyname2=$("$KEYGEN" -q -a "$ALTERNATIVE_ALGORITHM" -b "$ALTERNATIVE_BITS" "$zone")
cat "$infile" "$keyname1.key" "$keyname2.key" >"$zonefile"
infile=in-addr.arpa.db.in
zonefile=in-addr.arpa.db
-keyname1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
-keyname2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
+keyname1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone")
+keyname2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
cat "$infile" "$keyname1.key" "$keyname2.key" >"$zonefile"
"$SIGNER" -g -o "$zone" -k "$keyname1" "$zonefile" "$keyname2" >/dev/null 2>&1
infile=badparam.db.in
zonefile=badparam.db
-keyname1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
-keyname2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
+keyname1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone")
+keyname2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
cat "$infile" "$keyname1.key" "$keyname2.key" >"$zonefile"
infile=single-nsec3.db.in
zonefile=single-nsec3.db
-keyname1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
-keyname2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
+keyname1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone")
+keyname2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
cat "$infile" "$keyname1.key" "$keyname2.key" >"$zonefile"
infile=algroll.db.in
zonefile=algroll.db
-keyold1=$("$KEYGEN" -q -a "$ALTERNATIVE_ALGORITHM" -b "$ALTERNATIVE_BITS" -n zone -f KSK "$zone")
-keyold2=$("$KEYGEN" -q -a "$ALTERNATIVE_ALGORITHM" -b "$ALTERNATIVE_BITS" -n zone "$zone")
-keynew1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
-keynew2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
+keyold1=$("$KEYGEN" -q -a "$ALTERNATIVE_ALGORITHM" -b "$ALTERNATIVE_BITS" -f KSK "$zone")
+keyold2=$("$KEYGEN" -q -a "$ALTERNATIVE_ALGORITHM" -b "$ALTERNATIVE_BITS" "$zone")
+keynew1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone")
+keynew2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
cat "$infile" "$keynew1.key" "$keynew2.key" >"$zonefile"
echo "host$i 10 IN NS ns.elsewhere"
i=$((i + 1))
done >>"$zonefile"
-key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
-key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
+key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone")
+key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
cat "$key1.key" "$key2.key" >>"$zonefile"
"$SIGNER" -3 - -A -H 1 -g -o "$zone" -k "$key1" "$zonefile" "$key2" >/dev/null 2>&1
zone=cds.secure
infile=cds.secure.db.in
zonefile=cds.secure.db
-key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
-key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
+key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone")
+key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
"$DSFROMKEY" -C "$key1.key" >"$key1.cds"
cat "$infile" "$key1.key" "$key2.key" "$key1.cds" >$zonefile
"$SIGNER" -g -o "$zone" "$zonefile" >/dev/null 2>&1
zone=cds-x.secure
infile=cds.secure.db.in
zonefile=cds-x.secure.db
-key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
-key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
-key3=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
+key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone")
+key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone")
+key3=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
"$DSFROMKEY" -C "$key2.key" >"$key2.cds"
cat "$infile" "$key1.key" "$key2.key" "$key3.key" "$key2.cds" >"$zonefile"
"$SIGNER" -g -x -o "$zone" "$zonefile" >/dev/null 2>&1
zone=cds-update.secure
infile=cds-update.secure.db.in
zonefile=cds-update.secure.db
-key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
-key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
+key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone")
+key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
cat "$infile" "$key1.key" "$key2.key" >"$zonefile"
"$SIGNER" -g -o "$zone" "$zonefile" >/dev/null 2>&1
keyfile_to_key_id "$key1" >cds-update.secure.id
zone=cds-auto.secure
infile=cds-auto.secure.db.in
zonefile=cds-auto.secure.db
-key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
-key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
+key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone")
+key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
$SETTIME -P sync now "$key1" >/dev/null
cat "$infile" >"$zonefile.signed"
zone=cdnskey.secure
infile=cdnskey.secure.db.in
zonefile=cdnskey.secure.db
-key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
-key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
+key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone")
+key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
sed 's/DNSKEY/CDNSKEY/' "$key1.key" >"$key1.cds"
cat "$infile" "$key1.key" "$key2.key" "$key1.cds" >"$zonefile"
"$SIGNER" -g -o "$zone" "$zonefile" >/dev/null 2>&1
zone=cdnskey-x.secure
infile=cdnskey.secure.db.in
zonefile=cdnskey-x.secure.db
-key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
-key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
-key3=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
+key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone")
+key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone")
+key3=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
sed 's/DNSKEY/CDNSKEY/' "$key1.key" >"$key1.cds"
cat "$infile" "$key1.key" "$key2.key" "$key3.key" "$key1.cds" >"$zonefile"
"$SIGNER" -g -x -o "$zone" "$zonefile" >/dev/null 2>&1
zone=cdnskey-update.secure
infile=cdnskey-update.secure.db.in
zonefile=cdnskey-update.secure.db
-key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
-key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
+key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone")
+key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
cat "$infile" "$key1.key" "$key2.key" >"$zonefile"
"$SIGNER" -g -o "$zone" "$zonefile" >/dev/null 2>&1
keyfile_to_key_id "$key1" >cdnskey-update.secure.id
zone=cdnskey-auto.secure
infile=cdnskey-auto.secure.db.in
zonefile=cdnskey-auto.secure.db
-key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
-key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
+key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone")
+key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
$SETTIME -P sync now "$key1" >/dev/null
cat "$infile" >"$zonefile.signed"
zone=updatecheck-kskonly.secure
infile=template.secure.db.in
zonefile=${zone}.db
-key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
-key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
+key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone")
+key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
# Save key id's for checking active key usage
keyfile_to_key_id "$key1" >$zone.ksk.id
keyfile_to_key_id "$key2" >$zone.zsk.id
zone=hours-vs-days
infile=hours-vs-days.db.in
zonefile=hours-vs-days.db
-key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
-key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
+key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone")
+key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
$SETTIME -P sync now "$key1" >/dev/null
cat "$infile" >"$zonefile.signed"
zone=too-many-iterations
infile=too-many-iterations.db.in
zonefile=too-many-iterations.db
-key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
-key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
+key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone")
+key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
cat "$infile" "$key1.key" "$key2.key" >"$zonefile"
"$SIGNER" -P -3 - -H too-many -g -o "$zone" "$zonefile" >/dev/null 2>&1
zone=lazy-ksk
infile=lazy-ksk.db.in
zonefile=lazy-ksk.db
-ksk1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
-ksk2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
-ksk3=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
-zsk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
+ksk1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone")
+ksk2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone")
+ksk3=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone")
+zsk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
cat "$infile" "$ksk1.key" "$ksk2.key" "$ksk3.key" "$zsk.key" >"$zonefile"
$DSFROMKEY "$ksk1.key" >"dsset-$zone."
$DSFROMKEY "$ksk2.key" >>"dsset-$zone."
zone=peer.peer-ns-spoof
infile=peer.peer-ns-spoof.db.in
zonefile=peer.peer-ns-spoof.db
-ksk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
-zsk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
+ksk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone")
+zsk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
cat "$infile" "$ksk.key" "$zsk.key" >"$zonefile"
"$SIGNER" -g -o "$zone" "$zonefile" >/dev/null 2>&1
"$CHECKZONE" -D -q -i local "$zone" "$zonefile.signed" \
zone=peer-ns-spoof
infile=peer-ns-spoof.db.in
zonefile=peer-ns-spoof.db
-ksk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
-zsk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
+ksk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone")
+zsk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
cat "$infile" "$ksk.key" "$zsk.key" >"$zonefile"
"$SIGNER" -g -o "$zone" "$zonefile" >/dev/null 2>&1
zone=dnskey-rrsigs-stripped
infile=dnskey-rrsigs-stripped.db.in
zonefile=dnskey-rrsigs-stripped.db
-ksk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
-zsk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
+ksk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone")
+zsk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
cat "$infile" "$ksk.key" "$zsk.key" >"$zonefile"
"$SIGNER" -g -o "$zone" "$zonefile" >/dev/null 2>&1
"$CHECKZONE" -D -q -i local "$zone" "$zonefile.signed" \
zone=child.ds-rrsigs-stripped
infile=child.ds-rrsigs-stripped.db.in
zonefile=child.ds-rrsigs-stripped.db
-ksk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
-zsk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
+ksk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone")
+zsk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
cat "$infile" "$ksk.key" "$zsk.key" >"$zonefile"
"$SIGNER" -g -o "$zone" "$zonefile" >/dev/null 2>&1
zone=ds-rrsigs-stripped
infile=ds-rrsigs-stripped.db.in
zonefile=ds-rrsigs-stripped.db
-ksk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
-zsk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
+ksk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone")
+zsk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
cat "$infile" "$ksk.key" "$zsk.key" >"$zonefile"
"$SIGNER" -g -o "$zone" "$zonefile" >/dev/null 2>&1
"$CHECKZONE" -D -q -i local "$zone" "$zonefile.signed" \
zone=inconsistent
infile=inconsistent.db.in
zonefile=inconsistent.db
-key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
-key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
+key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone")
+key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
cat "$infile" "$key1.key" "$key2.key" >"$zonefile"
"$SIGNER" -3 - -g -o "$zone" "$zonefile" >/dev/null 2>&1
zone=secure.${tld}
zonefile=${zone}.db
- keyname1=$("$KEYGEN" -f KSK -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
+ keyname1=$("$KEYGEN" -f KSK -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
cat "$infile" "$keyname1.key" >"$zonefile"
"$SIGNER" -z -P -3 - -o "$zone" -O full -f ${zonefile}.signed "$zonefile" >/dev/null
zone=disabled.${tld}
zonefile=${zone}.db
- keyname2=$("$KEYGEN" -f KSK -q -a "$DISABLED_ALGORITHM" -b "$DISABLED_BITS" -n zone "$zone")
+ keyname2=$("$KEYGEN" -f KSK -q -a "$DISABLED_ALGORITHM" -b "$DISABLED_BITS" "$zone")
cat "$infile" "$keyname2.key" >"$zonefile"
"$SIGNER" -z -P -3 - -o "$zone" -O full -f ${zonefile}.signed "$zonefile" >/dev/null
zone=enabled.${tld}
zonefile=${zone}.db
- keyname3=$("$KEYGEN" -f KSK -q -a "$DISABLED_ALGORITHM" -b "$DISABLED_BITS" -n zone "$zone")
+ keyname3=$("$KEYGEN" -f KSK -q -a "$DISABLED_ALGORITHM" -b "$DISABLED_BITS" "$zone")
cat "$infile" "$keyname3.key" >"$zonefile"
"$SIGNER" -z -P -3 - -o "$zone" -O full -f ${zonefile}.signed "$zonefile" >/dev/null
zone=unsupported.${tld}
zonefile=${zone}.db
- keyname4=$("$KEYGEN" -f KSK -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
+ keyname4=$("$KEYGEN" -f KSK -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
cat "$infile" "$keyname4.key" >"$zonefile"
"$SIGNER" -z -3 - -o "$zone" -O full -f ${zonefile}.tmp "$zonefile" >/dev/null
awk '$4 == "DNSKEY" { $7 = 255 } $4 == "RRSIG" { $6 = 255 } { print }' ${zonefile}.tmp >${zonefile}.signed
zone=revoked.${tld}
zonefile=${zone}.db
- keyname5=$("$KEYGEN" -f KSK -f REVOKE -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
+ keyname5=$("$KEYGEN" -f KSK -f REVOKE -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
cat "$infile" "$keyname5.key" >"$zonefile"
"$SIGNER" -z -P -3 - -o "$zone" -O full -f ${zonefile}.signed "$zonefile" >/dev/null
infile=secure.example.db.in
zonefile=secure.example.db
-cnameandkey=$("$KEYGEN" -T KEY -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n host "cnameandkey.$zone")
-dnameandkey=$("$KEYGEN" -T KEY -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n host "dnameandkey.$zone")
-keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
+cnameandkey=$("$KEYGEN" -T KEY -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "cnameandkey.$zone")
+dnameandkey=$("$KEYGEN" -T KEY -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "dnameandkey.$zone")
+keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
cat "$infile" "$cnameandkey.key" "$dnameandkey.key" "$keyname.key" >"$zonefile"
infile=bogus.example.db.in
zonefile=bogus.example.db
-keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
+keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
cat "$infile" "$keyname.key" >"$zonefile"
infile=dynamic.example.db.in
zonefile=dynamic.example.db
-keyname1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
-keyname2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
+keyname1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
+keyname2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone")
cat "$infile" "$keyname1.key" "$keyname2.key" >"$zonefile"
infile=generic.example.db.in
zonefile=keyless.example.db
-keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
+keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
cat "$infile" "$keyname.key" >"$zonefile"
infile=secure.nsec3.example.db.in
zonefile=secure.nsec3.example.db
-keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
+keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
cat "$infile" "$keyname.key" >"$zonefile"
infile=nsec3.nsec3.example.db.in
zonefile=nsec3.nsec3.example.db
-keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
+keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
cat "$infile" "$keyname.key" >"$zonefile"
infile=optout.nsec3.example.db.in
zonefile=optout.nsec3.example.db
-keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
+keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
cat "$infile" "$keyname.key" >"$zonefile"
infile=nsec3.example.db.in
zonefile=nsec3.example.db
-keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
+keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
cat "$infile" "$keyname.key" >"$zonefile"
infile=secure.optout.example.db.in
zonefile=secure.optout.example.db
-keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
+keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
cat "$infile" "$keyname.key" >"$zonefile"
infile=nsec3.optout.example.db.in
zonefile=nsec3.optout.example.db
-keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
+keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
cat "$infile" "$keyname.key" >"$zonefile"
infile=optout.optout.example.db.in
zonefile=optout.optout.example.db
-keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
+keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
cat "$infile" "$keyname.key" >"$zonefile"
infile=optout.example.db.in
zonefile=optout.example.db
-keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
+keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
cat "$infile" "$keyname.key" >"$zonefile"
infile=nsec3-unknown.example.db.in
zonefile=nsec3-unknown.example.db
-keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
+keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
cat "$infile" "$keyname.key" >"$zonefile"
infile=optout-unknown.example.db.in
zonefile=optout-unknown.example.db
-keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
+keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
cat "$infile" "$keyname.key" >"$zonefile"
infile=dnskey-unknown.example.db.in
zonefile=dnskey-unknown.example.db
-keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
+keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
cat "$infile" "$keyname.key" >"$zonefile"
infile=dnskey-unsupported.example.db.in
zonefile=dnskey-unsupported.example.db
-keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
+keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
cat "$infile" "$keyname.key" >"$zonefile"
infile=digest-alg-unsupported.example.db.in
zonefile=digest-alg-unsupported.example.db
-cnameandkey=$("$KEYGEN" -T KEY -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n host "cnameandkey.$zone")
-dnameandkey=$("$KEYGEN" -T KEY -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n host "dnameandkey.$zone")
-keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
-keyname2=$("$KEYGEN" -q -a ECDSAP384SHA384 -b "$DEFAULT_BITS" -n zone "$zone")
+cnameandkey=$("$KEYGEN" -T KEY -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "cnameandkey.$zone")
+dnameandkey=$("$KEYGEN" -T KEY -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "dnameandkey.$zone")
+keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
+keyname2=$("$KEYGEN" -q -a ECDSAP384SHA384 -b "$DEFAULT_BITS" "$zone")
cat "$infile" "$cnameandkey.key" "$dnameandkey.key" "$keyname.key" "$keyname2.key" >"$zonefile"
infile=ds-unsupported.example.db.in
zonefile=ds-unsupported.example.db
-cnameandkey=$("$KEYGEN" -T KEY -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n host "cnameandkey.$zone")
-dnameandkey=$("$KEYGEN" -T KEY -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n host "dnameandkey.$zone")
-keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
+cnameandkey=$("$KEYGEN" -T KEY -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "cnameandkey.$zone")
+dnameandkey=$("$KEYGEN" -T KEY -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "dnameandkey.$zone")
+keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
cat "$infile" "$cnameandkey.key" "$dnameandkey.key" "$keyname.key" >"$zonefile"
infile=dnskey-unsupported-2.example.db.in
zonefile=dnskey-unsupported-2.example.db
-ksk=$("$KEYGEN" -f KSK -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
-zsk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
+ksk=$("$KEYGEN" -f KSK -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
+zsk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
cat "$infile" "$ksk.key" "$zsk.key" unsupported-algorithm.key >"$zonefile"
infile=dnskey-nsec3-unknown.example.db.in
zonefile=dnskey-nsec3-unknown.example.db
-keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
+keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
cat "$infile" "$keyname.key" >"$zonefile"
infile=multiple.example.db.in
zonefile=multiple.example.db
-keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
+keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
cat "$infile" "$keyname.key" >"$zonefile"
infile=rsasha256.example.db.in
zonefile=rsasha256.example.db
-keyname=$("$KEYGEN" -q -a RSASHA256 -n zone "$zone")
+keyname=$("$KEYGEN" -q -a RSASHA256 "$zone")
cat "$infile" "$keyname.key" >"$zonefile"
infile=rsasha512.example.db.in
zonefile=rsasha512.example.db
-keyname=$("$KEYGEN" -q -a RSASHA512 -n zone "$zone")
+keyname=$("$KEYGEN" -q -a RSASHA512 "$zone")
cat "$infile" "$keyname.key" >"$zonefile"
zone=secure.below-cname.example.
infile=secure.below-cname.example.db.in
zonefile=secure.below-cname.example.db
-keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
+keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
cat "$infile" "$keyname.key" >"$zonefile"
"$SIGNER" -P -o "$zone" "$zonefile" >/dev/null
signedfile=ttlpatch.example.db.signed
patchedfile=ttlpatch.example.db.patched
-keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
+keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
cat "$infile" "$keyname.key" >"$zonefile"
"$SIGNER" -P -f $signedfile -o "$zone" "$zonefile" >/dev/null
zonefile=split-dnssec.example.db
signedfile=split-dnssec.example.db.signed
-keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
+keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
cat "$infile" "$keyname.key" >"$zonefile"
echo "\$INCLUDE \"$signedfile\"" >>"$zonefile"
: >"$signedfile"
zonefile=split-smart.example.db
signedfile=split-smart.example.db.signed
-keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
+keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
cp "$infile" "$zonefile"
# shellcheck disable=SC2016
echo "\$INCLUDE \"$signedfile\"" >>"$zonefile"
infile=bogus.example.db.in
zonefile=badds.example.db
-keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
+keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
cat "$infile" "$keyname.key" >"$zonefile"
kskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -fk "$zone")
zskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" "$zone")
dnskeyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -fk "delegation.$zone")
-keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -n HOST -T KEY "delegation.$zone")
+keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -T KEY "delegation.$zone")
$DSFROMKEY "$dnskeyname.key" >"dsset-delegation.${zone}."
cat "$infile" "${kskname}.key" "${zskname}.key" "${keyname}.key" \
"${dnskeyname}.key" "dsset-delegation.${zone}." >"$zonefile"
zone=target.peer-ns-spoof
infile=target.peer-ns-spoof.db.in
zonefile=target.peer-ns-spoof.db
-ksk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
-zsk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
+ksk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone")
+zsk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
cat "$infile" "$ksk.key" "$zsk.key" >"$zonefile"
"$SIGNER" -g -o "$zone" "$zonefile" >/dev/null 2>&1
"$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK $zone >/dev/null
"$SIGNER" -S -o "$zone" -f "$zonefile" "$infile" >/dev/null 2>&1
-keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone ".")
+keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" ".")
keyfile_to_static_ds "$keyname" >trusted.conf
infile=optout-tld.db.in
zonefile=optout-tld.db
-keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
+keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
cat "$infile" "$keyname.key" >"$zonefile"
infile=split-rrsig.db.in
zonefile=split-rrsig.db
-k1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
-k2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
+k1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
+k2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
cat "$infile" "$k1.key" "$k2.key" >"$zonefile"
ret=0
zone=prepub
# Generate keys.
-ksk=$("$KEYGEN" -K signer -f KSK -q -a $DEFAULT_ALGORITHM -n zone "$zone")
-zsk1=$("$KEYGEN" -K signer -q -a $DEFAULT_ALGORITHM -n zone "$zone")
-zsk2=$("$KEYGEN" -K signer -q -a $DEFAULT_ALGORITHM -n zone "$zone")
+ksk=$("$KEYGEN" -K signer -f KSK -q -a $DEFAULT_ALGORITHM "$zone")
+zsk1=$("$KEYGEN" -K signer -q -a $DEFAULT_ALGORITHM "$zone")
+zsk2=$("$KEYGEN" -K signer -q -a $DEFAULT_ALGORITHM "$zone")
zskid1=$(keyfile_to_key_id "$zsk1")
zskid2=$(keyfile_to_key_id "$zsk2")
(
ret=0
zone=example
# Fake an unsupported algorithm key
-unsupportedkey=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
+unsupportedkey=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
awk '$3 == "DNSKEY" { $6 = 255 } { print }' ${unsupportedkey}.key >${unsupportedkey}.tmp
mv ${unsupportedkey}.tmp ${unsupportedkey}.key
# If dnssec-dsfromkey fails, the test script will exit immediately. Prevent
echo_i "checking that we can sign a zone with out-of-zone records ($n)"
ret=0
zone=example
-key1=$($KEYGEN -K signer -q -a $DEFAULT_ALGORITHM -n zone $zone)
-key2=$($KEYGEN -K signer -q -f KSK -a $DEFAULT_ALGORITHM -n zone $zone)
+key1=$($KEYGEN -K signer -q -a $DEFAULT_ALGORITHM $zone)
+key2=$($KEYGEN -K signer -q -f KSK -a $DEFAULT_ALGORITHM $zone)
(
cd signer || exit 1
cat example.db.in "$key1.key" "$key2.key" >example.db
echo_i "checking that we can sign a zone (NSEC3) with out-of-zone records ($n)"
ret=0
zone=example
-key1=$($KEYGEN -K signer -q -a $DEFAULT_ALGORITHM -n zone $zone)
-key2=$($KEYGEN -K signer -q -f KSK -a $DEFAULT_ALGORITHM -n zone $zone)
+key1=$($KEYGEN -K signer -q -a $DEFAULT_ALGORITHM $zone)
+key2=$($KEYGEN -K signer -q -f KSK -a $DEFAULT_ALGORITHM $zone)
(
cd signer || exit 1
cat example.db.in "$key1.key" "$key2.key" >example.db
echo_i "checking NSEC3 signing with empty nonterminals above a delegation ($n)"
ret=0
zone=example
-key1=$($KEYGEN -K signer -q -a $DEFAULT_ALGORITHM -n zone $zone)
-key2=$($KEYGEN -K signer -q -f KSK -a $DEFAULT_ALGORITHM -n zone $zone)
+key1=$($KEYGEN -K signer -q -a $DEFAULT_ALGORITHM $zone)
+key2=$($KEYGEN -K signer -q -f KSK -a $DEFAULT_ALGORITHM $zone)
(
cd signer || exit 1
cat example.db.in "$key1.key" "$key2.key" >example3.db
echo_i "checking that dnssec-signzone updates originalttl on ttl changes ($n)"
ret=0
zone=example
-key1=$($KEYGEN -K signer -q -a $DEFAULT_ALGORITHM -n zone $zone)
-key2=$($KEYGEN -K signer -q -f KSK -a $DEFAULT_ALGORITHM -n zone $zone)
+key1=$($KEYGEN -K signer -q -a $DEFAULT_ALGORITHM $zone)
+key2=$($KEYGEN -K signer -q -f KSK -a $DEFAULT_ALGORITHM $zone)
(
cd signer || exit 1
cat example.db.in "$key1.key" "$key2.key" >example.db
echo_i "checking dnssec-signzone keeps valid signatures from removed keys ($n)"
ret=0
zone=example
-key1=$($KEYGEN -K signer -q -f KSK -a $DEFAULT_ALGORITHM -n zone $zone)
-key2=$($KEYGEN -K signer -q -a $DEFAULT_ALGORITHM -n zone $zone)
+key1=$($KEYGEN -K signer -q -f KSK -a $DEFAULT_ALGORITHM $zone)
+key2=$($KEYGEN -K signer -q -a $DEFAULT_ALGORITHM $zone)
keyid2=$(keyfile_to_key_id "$key2")
-key3=$($KEYGEN -K signer -q -a $DEFAULT_ALGORITHM -n zone $zone)
+key3=$($KEYGEN -K signer -q -a $DEFAULT_ALGORITHM $zone)
keyid3=$(keyfile_to_key_id "$key3")
(
cd signer || exit 1
continue
;;
1 | 5 | 7 | 8 | 10) # RSA algorithms
- key1=$($KEYGEN -a "$alg" -b "2048" -n zone "$zone" 2>"keygen-$alg.err" || true)
+ key1=$($KEYGEN -a "$alg" -b "2048" "$zone" 2>"keygen-$alg.err" || true)
;;
15 | 16)
- key1=$($KEYGEN -a "$alg" -n zone "$zone" 2>"keygen-$alg.err" || true)
+ key1=$($KEYGEN -a "$alg" "$zone" 2>"keygen-$alg.err" || true)
;;
*)
- key1=$($KEYGEN -a "$alg" -n zone "$zone" 2>"keygen-$alg.err" || true)
+ key1=$($KEYGEN -a "$alg" "$zone" 2>"keygen-$alg.err" || true)
;;
esac
if grep "unsupported algorithm" "keygen-$alg.err" >/dev/null; then
status=$((status + ret))
# Roll the ZSK.
-zsk2=$("$KEYGEN" -q -P none -A none -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -K ns2 -n zone "$zone")
+zsk2=$("$KEYGEN" -q -P none -A none -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -K ns2 "$zone")
keyfile_to_key_id "$zsk2" >ns2/$zone.zsk.id2
ZSK_ID2=$(cat ns2/$zone.zsk.id2)
ret=0
mv ns2/$KSK.private.bak ns2/$KSK.private
# Roll the ZSK again.
-zsk3=$("$KEYGEN" -q -P none -A none -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -K ns2 -n zone "$zone")
+zsk3=$("$KEYGEN" -q -P none -A none -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -K ns2 "$zone")
ret=0
keyfile_to_key_id "$zsk3" >ns2/$zone.zsk.id3
ZSK_ID3=$(cat ns2/$zone.zsk.id3)
echo_i "check that dnssec-keygen honours key tag ranges ($n)"
ret=0
zone=settagrange
-ksk=$("$KEYGEN" -f KSK -q -a $DEFAULT_ALGORITHM -n zone -M 0:32767 "$zone")
-zsk=$("$KEYGEN" -q -a $DEFAULT_ALGORITHM -n zone -M 32768:65535 "$zone")
+ksk=$("$KEYGEN" -f KSK -q -a $DEFAULT_ALGORITHM -M 0:32767 "$zone")
+zsk=$("$KEYGEN" -q -a $DEFAULT_ALGORITHM -M 32768:65535 "$zone")
kid=$(keyfile_to_key_id "$ksk")
zid=$(keyfile_to_key_id "$zsk")
[ $kid -ge 0 -a $kid -le 32767 ] || ret=1
cp ../ns2/dsset-good. .
cp ../ns2/dsset-bad. .
-key1=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone)
-key2=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone)
+key1=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} $zone)
+key2=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -f KSK $zone)
cat $infile $key1.key $key2.key >$zonefile
infile2=bad.db.in
zonefile2=bad.db
-keyname11=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone1)
-keyname12=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone1)
-keyname21=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone2)
-keyname22=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone2)
+keyname11=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} $zone1)
+keyname12=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -f KSK $zone1)
+keyname21=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} $zone2)
+keyname22=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -f KSK $zone2)
cat $infile1 $keyname11.key $keyname12.key >$zonefile1
cat $infile2 $keyname21.key $keyname22.key >$zonefile2
cp $infile $zonefile
if [ $ECDSAP256SHA256_SUPPORTED = 1 ]; then
- zsk256=$($KEYGEN -q -a ECDSA256 -n zone "$zone")
- ksk256=$($KEYGEN -q -a ECDSA256 -n zone -f KSK "$zone")
+ zsk256=$($KEYGEN -q -a ECDSA256 "$zone")
+ ksk256=$($KEYGEN -q -a ECDSA256 -f KSK "$zone")
cat "$ksk256.key" "$zsk256.key" >>"$zonefile"
$DSFROMKEY -a sha-256 "$ksk256.key" >>dsset-256
fi
if [ $ECDSAP384SHA384_SUPPORTED = 1 ]; then
- zsk384=$($KEYGEN -q -a ECDSA384 -n zone "$zone")
- ksk384=$($KEYGEN -q -a ECDSA384 -n zone -f KSK "$zone")
+ zsk384=$($KEYGEN -q -a ECDSA384 "$zone")
+ ksk384=$($KEYGEN -q -a ECDSA384 -f KSK "$zone")
cat "$ksk384.key" "$zsk384.key" >>"$zonefile"
$DSFROMKEY -a sha-256 "$ksk384.key" >>dsset-256
fi
cp $infile $zonefile
if [ $ED25519_SUPPORTED = 1 ]; then
- zsk25519=$($KEYGEN -q -a ED25519 -n zone "$zone")
- ksk25519=$($KEYGEN -q -a ED25519 -n zone -f KSK "$zone")
+ zsk25519=$($KEYGEN -q -a ED25519 "$zone")
+ ksk25519=$($KEYGEN -q -a ED25519 -f KSK "$zone")
cat "$ksk25519.key" "$zsk25519.key" >>"$zonefile"
$DSFROMKEY -a sha-256 "$ksk25519.key" >>dsset-256
fi
if [ $ED448_SUPPORTED = 1 ]; then
- zsk448=$($KEYGEN -q -a ED448 -n zone "$zone")
- ksk448=$($KEYGEN -q -a ED448 -n zone -f KSK "$zone")
+ zsk448=$($KEYGEN -q -a ED448 "$zone")
+ ksk448=$($KEYGEN -q -a ED448 -f KSK "$zone")
cat "$ksk448.key" "$zsk448.key" >>"$zonefile"
$DSFROMKEY -a sha-256 "$ksk448.key" >>dsset-256
fi
echo_i "ns1/sign.sh"
-ksk=$("$KEYGEN" -q -fk -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
-zsk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
+ksk=$("$KEYGEN" -q -fk -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
+zsk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
cat "$infile" "$ksk.key" "$zsk.key" >"$zonefile"
# been carefully chosen to ensure that the signed referral response checked in
# the test will be around 512 bytes in size with glue records excluded. Please
# keep this in mind when updating signing algorithms used in system tests.
-keyname=$($KEYGEN -q -a RSASHA256 -b 2048 -n zone $zone)
+keyname=$($KEYGEN -q -a RSASHA256 -b 2048 $zone)
cat "$infile" "$keyname.key" >"$zonefile"
$SIGNER -P -o $zone $zonefile >/dev/null
zone=.
rm -f K.+*+*.key
rm -f K.+*+*.private
-keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone)
-keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone)
+keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} $zone)
+keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -f KSK $zone)
$SIGNER -S -x -T 1200 -o ${zone} root.db >signer.out
[ $? = 0 ] || cat signer.out
. ../../conf.sh
# Fake an unsupported key
-unsupportedkey=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone unsupported)
+unsupportedkey=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" unsupported)
awk '$3 == "DNSKEY" { $6 = 255 } { print }' ${unsupportedkey}.key >${unsupportedkey}.tmp
mv ${unsupportedkey}.tmp ${unsupportedkey}.key
zone=bits
rm -f K${zone}.+*+*.key
rm -f K${zone}.+*+*.private
-keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone)
-keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone)
+keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} $zone)
+keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -f KSK $zone)
$DSFROMKEY -T 1200 $keyname >>../ns1/root.db
zone=noixfr
rm -f K${zone}.+*+*.key
rm -f K${zone}.+*+*.private
-keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone)
-keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone)
+keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} $zone)
+keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -f KSK $zone)
$DSFROMKEY -T 1200 $keyname >>../ns1/root.db
zone=primary
rm -f K${zone}.+*+*.key
rm -f K${zone}.+*+*.private
-keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone)
-keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone)
+keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} $zone)
+keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -f KSK $zone)
$DSFROMKEY -T 1200 $keyname >>../ns1/root.db
zone=dynamic
rm -f K${zone}.+*+*.key
rm -f K${zone}.+*+*.private
-keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone)
-keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone)
+keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} $zone)
+keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -f KSK $zone)
$DSFROMKEY -T 1200 $keyname >>../ns1/root.db
zone=updated
rm -f K${zone}.+*+*.key
rm -f K${zone}.+*+*.private
-zsk=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -L 3600 -n zone $zone)
-ksk=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -L 3600 -n zone -f KSK $zone)
+zsk=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -L 3600 $zone)
+ksk=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -L 3600 -f KSK $zone)
$SETTIME -s -g OMNIPRESENT -k RUMOURED now -z RUMOURED now "$zsk" >settime.out.updated.1 2>&1
$SETTIME -s -g OMNIPRESENT -k RUMOURED now -r RUMOURED now -d HIDDEN now "$ksk" >settime.out.updated.2 2>&1
$DSFROMKEY -T 1200 $ksk >>../ns1/root.db
zone=expired
rm -f K${zone}.+*+*.key
rm -f K${zone}.+*+*.private
-keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone)
-keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone)
+keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} $zone)
+keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -f KSK $zone)
$DSFROMKEY -T 1200 $keyname >>../ns1/root.db
$SIGNER -PS -s 20100101000000 -e 20110101000000 -O raw -L 2000042407 -o ${zone} ${zone}.db >/dev/null
zone=retransfer
rm -f K${zone}.+*+*.key
rm -f K${zone}.+*+*.private
-keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone)
-keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone)
+keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} $zone)
+keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -f KSK $zone)
$DSFROMKEY -T 1200 $keyname >>../ns1/root.db
zone=nsec3
rm -f K${zone}.+*+*.key
rm -f K${zone}.+*+*.private
-keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone)
+keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -f KSK $zone)
$DSFROMKEY -T 1200 $keyname >>../ns1/root.db
zone=delayedkeys
rm -f K${zone}.+*+*.key
rm -f K${zone}.+*+*.private
-keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone)
-keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone)
+keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} $zone)
+keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -f KSK $zone)
# Keys for the "delayedkeys" zone should not be initially accessible.
mv K${zone}.+*+*.* ../
zone=removedkeys-primary
rm -f K${zone}.+*+*.key
rm -f K${zone}.+*+*.private
-keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone)
-keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone)
+keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} $zone)
+keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -f KSK $zone)
zone=removedkeys-secondary
rm -f K${zone}.+*+*.key
rm -f K${zone}.+*+*.private
-keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone)
-keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone)
+keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} $zone)
+keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -f KSK $zone)
for s in a c d h k l m q z; do
zone=test-$s
- keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone)
+ keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} $zone)
done
for s in b f i o p t v; do
zone=test-$s
- keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone)
- keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone)
+ keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} $zone)
+ keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -f KSK $zone)
done
zone=externalkey
rm -f K${zone}.+*+*.private
for alg in ${DEFAULT_ALGORITHM} ${ALTERNATIVE_ALGORITHM}; do
- k1=$($KEYGEN -q -a $alg -n zone -f KSK $zone)
- k2=$($KEYGEN -q -a $alg -n zone $zone)
- k3=$($KEYGEN -q -a $alg -n zone $zone)
- k4=$($KEYGEN -q -a $alg -n zone -f KSK $zone)
+ k1=$($KEYGEN -q -a $alg -f KSK $zone)
+ k2=$($KEYGEN -q -a $alg $zone)
+ k3=$($KEYGEN -q -a $alg $zone)
+ k4=$($KEYGEN -q -a $alg -f KSK $zone)
$DSFROMKEY -T 1200 $k4 >>../ns1/root.db
cat $k1.key $k2.key >>$zonefile
zone=nsec3-loop
rm -f K${zone}.+*+*.key
rm -f K${zone}.+*+*.private
-keyname=$($KEYGEN -q -a RSASHA256 -b 4096 -n zone $zone)
-keyname=$($KEYGEN -q -a RSASHA256 -b 2048 -n zone $zone)
-keyname=$($KEYGEN -q -a RSASHA256 -b 2048 -n zone -f KSK $zone)
+keyname=$($KEYGEN -q -a RSASHA256 -b 4096 $zone)
+keyname=$($KEYGEN -q -a RSASHA256 -b 2048 $zone)
+keyname=$($KEYGEN -q -a RSASHA256 -b 2048 -f KSK $zone)
example13.com example14.com example15.com example16.com; do
rm -f K${zone}.+*+*.key
rm -f K${zone}.+*+*.private
- keyname=$($KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone)
- keyname=$($KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone -f KSK $zone)
+ keyname=$($KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS $zone)
+ keyname=$($KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -f KSK $zone)
cp example.com.db.in ${zone}.db
$SIGNER -S -T 3600 -O raw -L 2000042407 -o ${zone} ${zone}.db >/dev/null 2>&1
done
for zone in example unsigned-serial-test; do
rm -f K${zone}.+*+*.key
rm -f K${zone}.+*+*.private
- keyname=$($KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone)
- keyname=$($KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone -f KSK $zone)
+ keyname=$($KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS $zone)
+ keyname=$($KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -f KSK $zone)
cp example.db.in ${zone}.db
done
zonefile=edns512.db
outfile=edns512.db.signed
-keyname1=$($KEYGEN -a RSASHA512 -b 4096 -n zone $zone 2>/dev/null)
-keyname2=$($KEYGEN -f KSK -a RSASHA512 -b 4096 -n zone $zone 2>/dev/null)
+keyname1=$($KEYGEN -a RSASHA512 -b 4096 $zone 2>/dev/null)
+keyname2=$($KEYGEN -f KSK -a RSASHA512 -b 4096 $zone 2>/dev/null)
cat $infile $keyname1.key $keyname2.key >$zonefile
zonefile=edns512-notcp.db
outfile=edns512-notcp.db.signed
-keyname1=$($KEYGEN -a RSASHA512 -b 4096 -n zone $zone 2>/dev/null)
-keyname2=$($KEYGEN -f KSK -a RSASHA512 -b 4096 -n zone $zone 2>/dev/null)
+keyname1=$($KEYGEN -a RSASHA512 -b 4096 $zone 2>/dev/null)
+keyname2=$($KEYGEN -f KSK -a RSASHA512 -b 4096 $zone 2>/dev/null)
cat $infile $keyname1.key $keyname2.key >$zonefile
infile=nsec3param.test.db.in
zonefile=nsec3param.test.db
-keyname1=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone)
-keyname2=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone)
+keyname1=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -f KSK $zone)
+keyname2=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} $zone)
cat $infile $keyname1.key $keyname2.key >$zonefile
infile=dnskey.test.db.in
zonefile=dnskey.test.db
-keyname1=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone)
-keyname2=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone)
+keyname1=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -f KSK $zone)
+keyname2=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} $zone)
cat $infile $keyname1.key $keyname2.key >$zonefile
ret=0
echo_i "check SIG(0) key is accepted"
-key=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -T KEY -n ENTITY xxx)
+key=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -T KEY xxx)
echo "" | $NSUPDATE -k ${key}.private >/dev/null 2>&1 || ret=1
[ $ret = 0 ] || {
echo_i "failed"
cp ../ns2/dsset-example. .
cp ../ns2/dsset-example.com. .
-keyname1=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone)
-keyname2=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -f KSK -n zone $zone)
+keyname1=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} $zone)
+keyname2=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -f KSK $zone)
cat $infile $keyname1.key $keyname2.key >$zonefile
$SIGNER -g -o $zone $zonefile >/dev/null
infile=${domain}.db.in
zonefile=${domain}.db
- keyname1=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone)
- keyname2=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -f KSK -n zone $zone)
+ keyname1=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} $zone)
+ keyname2=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -f KSK $zone)
cat $infile $keyname1.key $keyname2.key >$zonefile
infile=root.db.in
zonefile=root.db
-keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone)
+keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} $zone)
keyid=$(expr ${keyname} : 'K.+[0-9][0-9][0-9]+\(.*\)')
(cd ../ns2 && $SHELL sign.sh ${keyid:-00000})
infile=example.db.in
zonefile=example.db
-keyname1=$($KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone)
-keyname2=$($KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone)
+keyname1=$($KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS $zone)
+keyname2=$($KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS $zone)
cat $infile $keyname1.key $keyname2.key >$zonefile
echo root-key-sentinel-is-ta-$oldid A 10.53.0.1 >>$zonefile
cp ../ns2/dsset-example.in dsset-example.
-keyname=$($KEYGEN -q -a RSASHA256 -b 2048 -n zone $zone)
+keyname=$($KEYGEN -q -a RSASHA256 -b 2048 $zone)
cat $infile $keyname.key >$zonefile
cp "../ns2/dsset-example." .
-keyname=$($KEYGEN -q -a "${DEFAULT_ALGORITHM}" -b "${DEFAULT_BITS}" -n zone $zone)
+keyname=$($KEYGEN -q -a "${DEFAULT_ALGORITHM}" -b "${DEFAULT_BITS}" $zone)
cat "$infile" "$keyname.key" >"$zonefile"
infile=example.db.in
zonefile=example.db
-keyname1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
-keyname2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
+keyname1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
+keyname2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
cat "$infile" "$keyname1.key" "$keyname2.key" >"$zonefile"
set -e
-keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone ".")
+keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" ".")
keyfile_to_static_ds "$keyname" >trusted.conf
cp ../ns4/dsset-sub.example. .
-keyname1=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone)
-keyname2=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -f KSK -n zone $zone)
+keyname1=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} $zone)
+keyname2=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -f KSK $zone)
cat $infile $keyname1.key $keyname2.key >$zonefile
$SIGNER -g -o $zone $zonefile >/dev/null
zone=undelegated
infile=undelegated.db.in
zonefile=undelegated.db
-keyname1=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone)
-keyname2=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -f KSK -n zone $zone)
+keyname1=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} $zone)
+keyname2=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -f KSK $zone)
cat $infile $keyname1.key $keyname2.key >$zonefile
$SIGNER -g -o $zone $zonefile >/dev/null
infile=${zone}.db.in
zonefile=${zone}.db
-keyname1=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone)
-keyname2=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -f KSK -n zone $zone)
+keyname1=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} $zone)
+keyname2=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -f KSK $zone)
cat $infile $keyname1.key $keyname2.key >$zonefile
infile=example.db.in
zonefile=example.db
-keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone)
+keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} $zone)
cat "$infile" "$keyname.key" >"$zonefile"
echo insecure NS ns1.insecure >>"$zonefile"
echo ns1.insecure A 10.53.0.1 >>"$zonefile"
infile=example.db.in
zonefile=insecure.example.db
-keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone)
+keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} $zone)
cat "$infile" "$keyname.key" >"$zonefile"
$SIGNER -P -o $zone $zonefile >/dev/null
infile=dnamed.db.in
zonefile=dnamed.db
-keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone)
+keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} $zone)
cat "$infile" "$keyname.key" >"$zonefile"
$SIGNER -P -o $zone $zonefile >/dev/null
infile=minimal.db.in
zonefile=minimal.db
-keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone)
+keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} $zone)
cat "$infile" "$keyname.key" >"$zonefile"
# do not regenerate NSEC chain as there in a minimal NSEC record present
infile=soa-without-dnskey.db.in
zonefile=soa-without-dnskey.db
-keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone)
+keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} $zone)
cat "$infile" "$keyname.key" >"$zonefile"
# do not regenerate NSEC chain as there in a minimal NSEC record present
infile=root.db.in
zonefile=root.db
-keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -b ${DEFAULT_BITS} -n zone $zone)
+keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -b ${DEFAULT_BITS} $zone)
cat "$infile" "$keyname.key" >"$zonefile"
$SIGNER -P -g -o $zone $zonefile >/dev/null
echo_i "check that dnssec-keygen won't generate TSIG keys"
ret=0
-$KEYGEN -a hmac-sha256 -b 128 -n host example.net >keygen.out3 2>&1 && ret=1
+$KEYGEN -a hmac-sha256 -b 128 example.net >keygen.out3 2>&1 && ret=1
grep "unknown algorithm" keygen.out3 >/dev/null || ret=1
echo_i "check that a 'BADTIME' response with 'QR=0' is handled as a request"
copy_setports ns1/named.conf.in ns1/named.conf
-key=$($KEYGEN -Cq -K ns1 -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n HOST -T KEY key.example.nil.)
+key=$($KEYGEN -Cq -K ns1 -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -T KEY key.example.nil.)
cat ns1/example.nil.db.in ns1/${key}.key >ns1/example.nil.db
#
# SIG(0) requires cryptographic support which may not be configured.
#
-keyname=$($KEYGEN -q -n HOST -a ${DEFAULT_ALGORITHM} -T KEY sig0.example2 2>keyname.err)
+keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -T KEY sig0.example2 2>keyname.err)
if test -n "$keyname"; then
cat ns1/example1.db $keyname.key >ns1/example2.db
echo $keyname >keyname
cat ns1/example1.db >ns1/example2-toomanykeys.db
for i in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17; do
- keyname=$($KEYGEN -q -n HOST -a ${DEFAULT_ALGORITHM} -T KEY sig0.example2-toomanykeys 2>/dev/null)
+ keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -T KEY sig0.example2-toomanykeys 2>/dev/null)
if test -n "$keyname"; then
cat $keyname.key >>ns1/example2-toomanykeys.db
echo $keyname >keyname$i
outfile=nsec.db.signed
dssets="$dssets dsset-${zone}."
-keyname1=$($KEYGEN -a ${DEFAULT_ALGORITHM} -n zone $zone 2>/dev/null)
-keyname2=$($KEYGEN -f KSK -a ${DEFAULT_ALGORITHM} -n zone $zone 2>/dev/null)
+keyname1=$($KEYGEN -a ${DEFAULT_ALGORITHM} $zone 2>/dev/null)
+keyname2=$($KEYGEN -f KSK -a ${DEFAULT_ALGORITHM} $zone 2>/dev/null)
cat $infile $keyname1.key $keyname2.key >$zonefile
zonefile=private.nsec.db
outfile=private.nsec.db.signed
-keyname1=$($KEYGEN -a ${DEFAULT_ALGORITHM} -n zone $zone 2>/dev/null)
-keyname2=$($KEYGEN -f KSK -a ${DEFAULT_ALGORITHM} -n zone $zone 2>/dev/null)
+keyname1=$($KEYGEN -a ${DEFAULT_ALGORITHM} $zone 2>/dev/null)
+keyname2=$($KEYGEN -f KSK -a ${DEFAULT_ALGORITHM} $zone 2>/dev/null)
cat $infile $keyname1.key $keyname2.key >$zonefile
outfile=nsec3.db.signed
dssets="$dssets dsset-${zone}."
-keyname1=$($KEYGEN -a ${DEFAULT_ALGORITHM} -n zone $zone 2>/dev/null)
-keyname2=$($KEYGEN -f KSK -a ${DEFAULT_ALGORITHM} -n zone $zone 2>/dev/null)
+keyname1=$($KEYGEN -a ${DEFAULT_ALGORITHM} $zone 2>/dev/null)
+keyname2=$($KEYGEN -f KSK -a ${DEFAULT_ALGORITHM} $zone 2>/dev/null)
cat $infile $keyname1.key $keyname2.key >$zonefile
zonefile=private.nsec3.db
outfile=private.nsec3.db.signed
-keyname1=$($KEYGEN -a ${DEFAULT_ALGORITHM} -n zone $zone 2>/dev/null)
-keyname2=$($KEYGEN -f KSK -a ${DEFAULT_ALGORITHM} -n zone $zone 2>/dev/null)
+keyname1=$($KEYGEN -a ${DEFAULT_ALGORITHM} $zone 2>/dev/null)
+keyname2=$($KEYGEN -f KSK -a ${DEFAULT_ALGORITHM} $zone 2>/dev/null)
cat $infile $keyname1.key $keyname2.key >$zonefile
zonefile=root.db
outfile=root.db.signed
-keyname1=$($KEYGEN -a ${DEFAULT_ALGORITHM} -n zone $zone 2>/dev/null)
-keyname2=$($KEYGEN -f KSK -a ${DEFAULT_ALGORITHM} -n zone $zone 2>/dev/null)
+keyname1=$($KEYGEN -a ${DEFAULT_ALGORITHM} $zone 2>/dev/null)
+keyname2=$($KEYGEN -f KSK -a ${DEFAULT_ALGORITHM} $zone 2>/dev/null)
cat $infile $keyname1.key $keyname2.key $dssets >$zonefile
projects / thirdparty / bind9.git / commitdiff
