$KEYGEN -a RSASHA1 -3 -q $zone > /dev/null
keyfile_to_static_keys $ksk > private.conf
cp private.conf ../ns4/private.conf
-$SIGNER -S -3 beef -A -o $zone -f $zonefile $infile > /dev/null 2>&1
+$SIGNER -S -3 beef -A -o $zone -f $zonefile $infile > /dev/null
# Extract saved keys for the revoke-to-duplicate-key test
zone=bar
cp $infile $zonefile
$KEYGEN -q -a RSASHA1 -fk $zone > kg.out 2>&1 || dumpit kg.out
$KEYGEN -q -a RSASHA1 $zone > kg.out 2>&1 || dumpit kg.out
-$SIGNER -PS -s now-1y -e now-6mo -o $zone -f $zonefile $infile > s.out 2>&1 || dumpit s.out
+$SIGNER -PS -s now-1y -e now-6mo -o $zone -f $zonefile $infile > s.out || dumpit s.out
#
# NSEC3->NSEC transition test zone.
setup nsec3-to-nsec.example
$KEYGEN -q -a RSASHA512 -b 2048 -fk $zone > kg.out 2>&1 || dumpit kg.out
$KEYGEN -q -a RSASHA512 -b 1024 $zone > kg.out 2>&1 || dumpit kg.out
-$SIGNER -S -3 beef -A -o $zone -f $zonefile $infile > s.out 2>&1 || dumpit s.out
+$SIGNER -S -3 beef -A -o $zone -f $zonefile $infile > s.out || dumpit s.out
#
# secure-to-insecure transition test zone; used to test removal of
setup secure-to-insecure.example
$KEYGEN -a RSASHA1 -q -fk $zone > kg.out 2>&1 || dumpit kg.out
$KEYGEN -a RSASHA1 -q $zone > kg.out 2>&1 || dumpit kg.out
-$SIGNER -S -o $zone -f $zonefile $infile > s.out 2>&1 || dumpit s.out
+$SIGNER -S -o $zone -f $zonefile $infile > s.out || dumpit s.out
#
# another secure-to-insecure transition test zone; used to test
echo $ksk > ../del1.key
zsk=`$KEYGEN -q -a RSASHA1 -3 $zone 2> kg.out` || dumpit kg.out
echo $zsk > ../del2.key
-$SIGNER -S -3 beef -o $zone -f $zonefile $infile > s.out 2>&1 || dumpit s.out
+$SIGNER -S -3 beef -o $zone -f $zonefile $infile > s.out || dumpit s.out
#
# Introducing a pre-published key test.
infile="secure-to-insecure2.example.db.in"
$KEYGEN -a RSASHA1 -3 -q -fk $zone > kg.out 2>&1 || dumpit kg.out
$KEYGEN -a RSASHA1 -3 -q $zone > kg.out 2>&1 || dumpit kg.out
-$SIGNER -S -3 beef -o $zone -f $zonefile $infile > s.out 2>&1 || dumpit s.out
+$SIGNER -S -3 beef -o $zone -f $zonefile $infile > s.out || dumpit s.out
#
# Key TTL tests.
setup nozsk.example
$KEYGEN -q -a RSASHA1 -3 -fk $zone > kg.out 2>&1 || dumpit kg.out
zsk=`$KEYGEN -q -a RSASHA1 -3 $zone`
-$SIGNER -S -P -s now-1mo -e now-1mi -o $zone -f $zonefile ${zonefile}.in > s.out 2>&1 || dumpit s.out
+$SIGNER -S -P -s now-1mo -e now-1mi -o $zone -f $zonefile ${zonefile}.in > s.out || dumpit s.out
echo $zsk > ../missingzsk.key
rm -f ${zsk}.private
setup inaczsk.example
$KEYGEN -q -a RSASHA1 -3 -fk $zone > kg.out 2>&1 || dumpit kg.out
zsk=`$KEYGEN -q -a RSASHA1 -3 $zone`
-$SIGNER -S -P -s now-1mo -e now-1mi -o $zone -f $zonefile ${zonefile}.in > s.out 2>&1 || dumpit s.out
+$SIGNER -S -P -s now-1mo -e now-1mi -o $zone -f $zonefile ${zonefile}.in > s.out || dumpit s.out
echo $zsk > ../inactivezsk.key
$SETTIME -I now $zsk > st.out 2>&1 || dumpit st.out
sign() {
cat >db.$1
- $SIGNER >/dev/null 2>&1 \
+ $SIGNER >/dev/null \
-S -O full -o $Z -f sig.$1 db.$1
}
ksk=`$KEYGEN -q -a RSASHA256 -b 2048 -fk $zone`
zsk=`$KEYGEN -q -a RSASHA256 -b 1024 $zone`
-$SIGNER -S -o $zone example.db > /dev/null 2>&1
+$SIGNER -S -o $zone example.db > /dev/null
keyname1=$("$KEYGEN" -f KSK -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
cat "$infile" "$keyname1.key" > "$zonefile"
- "$SIGNER" -z -P -3 - -o "$zone" -O full -f ${zonefile}.signed "$zonefile" > /dev/null 2>&1
+ "$SIGNER" -z -P -3 - -o "$zone" -O full -f ${zonefile}.signed "$zonefile" > /dev/null
# Zone to test trust anchor that matches disabled algorithm.
zone=disabled.${tld}
keyname2=$("$KEYGEN" -f KSK -q -a "$DISABLED_ALGORITHM" -b "$DISABLED_BITS" -n zone "$zone")
cat "$infile" "$keyname2.key" > "$zonefile"
- "$SIGNER" -z -P -3 - -o "$zone" -O full -f ${zonefile}.signed "$zonefile" > /dev/null 2>&1
+ "$SIGNER" -z -P -3 - -o "$zone" -O full -f ${zonefile}.signed "$zonefile" > /dev/null
# Zone to test trust anchor that has disabled algorithm for other domain.
zone=enabled.${tld}
keyname3=$("$KEYGEN" -f KSK -q -a "$DISABLED_ALGORITHM" -b "$DISABLED_BITS" -n zone "$zone")
cat "$infile" "$keyname3.key" > "$zonefile"
- "$SIGNER" -z -P -3 - -o "$zone" -O full -f ${zonefile}.signed "$zonefile" > /dev/null 2>&1
+ "$SIGNER" -z -P -3 - -o "$zone" -O full -f ${zonefile}.signed "$zonefile" > /dev/null
# Zone to test trust anchor with unsupported algorithm.
zone=unsupported.${tld}
keyname4=$("$KEYGEN" -f KSK -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
cat "$infile" "$keyname4.key" > "$zonefile"
- "$SIGNER" -z -P -3 - -o "$zone" -O full -f ${zonefile}.tmp "$zonefile" > /dev/null 2>&1
+ "$SIGNER" -z -P -3 - -o "$zone" -O full -f ${zonefile}.tmp "$zonefile" > /dev/null
awk '$4 == "DNSKEY" { $7 = 255 } $4 == "RRSIG" { $6 = 255 } { print }' ${zonefile}.tmp > ${zonefile}.signed
# Make trusted-keys and managed keys conf sections for ns8.
keyname5=$("$KEYGEN" -f KSK -f REVOKE -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
cat "$infile" "$keyname5.key" > "$zonefile"
- "$SIGNER" -z -P -3 - -o "$zone" -O full -f ${zonefile}.signed "$zonefile" > /dev/null 2>&1
+ "$SIGNER" -z -P -3 - -o "$zone" -O full -f ${zonefile}.signed "$zonefile" > /dev/null
case $tld in
"managed")
cat "$infile" "$cnameandkey.key" "$dnameandkey.key" "$keyname.key" > "$zonefile"
-"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null 2>&1
+"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null
zone=bogus.example.
infile=bogus.example.db.in
cat "$infile" "$keyname.key" > "$zonefile"
-"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null 2>&1
+"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null
zone=dynamic.example.
infile=dynamic.example.db.in
cat "$infile" "$keyname1.key" "$keyname2.key" > "$zonefile"
-"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null 2>&1
+"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null
zone=keyless.example.
infile=generic.example.db.in
cat "$infile" "$keyname.key" > "$zonefile"
-"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null 2>&1
+"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null
# Change the signer field of the a.b.keyless.example SIG A
# to point to a provably nonexistent KEY record.
cat "$infile" "$keyname.key" > "$zonefile"
-"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null 2>&1
+"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null
#
# NSEC3/NSEC3 test zone
cat "$infile" "$keyname.key" > "$zonefile"
-"$SIGNER" -P -3 - -o "$zone" "$zonefile" > /dev/null 2>&1
+"$SIGNER" -P -3 - -o "$zone" "$zonefile" > /dev/null
#
# OPTOUT/NSEC3 test zone
cat "$infile" "$keyname.key" > "$zonefile"
-"$SIGNER" -P -3 - -A -o "$zone" "$zonefile" > /dev/null 2>&1
+"$SIGNER" -P -3 - -A -o "$zone" "$zonefile" > /dev/null
#
# A nsec3 zone (non-optout).
cat "$infile" "$keyname.key" > "$zonefile"
-"$SIGNER" -P -g -3 - -o "$zone" "$zonefile" > /dev/null 2>&1
+"$SIGNER" -P -g -3 - -o "$zone" "$zonefile" > /dev/null
#
# OPTOUT/NSEC test zone
cat "$infile" "$keyname.key" > "$zonefile"
-"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null 2>&1
+"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null
#
# OPTOUT/NSEC3 test zone
cat "$infile" "$keyname.key" > "$zonefile"
-"$SIGNER" -P -3 - -o "$zone" "$zonefile" > /dev/null 2>&1
+"$SIGNER" -P -3 - -o "$zone" "$zonefile" > /dev/null
#
# OPTOUT/OPTOUT test zone
cat "$infile" "$keyname.key" > "$zonefile"
-"$SIGNER" -P -3 - -A -o "$zone" "$zonefile" > /dev/null 2>&1
+"$SIGNER" -P -3 - -A -o "$zone" "$zonefile" > /dev/null
#
# A optout nsec3 zone.
cat "$infile" "$keyname.key" > "$zonefile"
-"$SIGNER" -P -g -3 - -A -o "$zone" "$zonefile" > /dev/null 2>&1
+"$SIGNER" -P -g -3 - -A -o "$zone" "$zonefile" > /dev/null
#
# A nsec3 zone (non-optout) with unknown nsec3 hash algorithm (-U).
cat "$infile" "$keyname.key" > "$zonefile"
-"$SIGNER" -P -3 - -U -o "$zone" "$zonefile" > /dev/null 2>&1
+"$SIGNER" -P -3 - -U -o "$zone" "$zonefile" > /dev/null
#
# A optout nsec3 zone with a unknown nsec3 hash algorithm (-U).
cat "$infile" "$keyname.key" > "$zonefile"
-"$SIGNER" -P -3 - -U -A -o "$zone" "$zonefile" > /dev/null 2>&1
+"$SIGNER" -P -3 - -U -A -o "$zone" "$zonefile" > /dev/null
#
# A zone that is signed with an unknown DNSKEY algorithm.
cat "$infile" "$keyname.key" > "$zonefile"
-"$SIGNER" -P -3 - -o "$zone" -O full -f ${zonefile}.tmp "$zonefile" > /dev/null 2>&1
+"$SIGNER" -P -3 - -o "$zone" -O full -f ${zonefile}.tmp "$zonefile" > /dev/null
awk '$4 == "DNSKEY" { $7 = 100 } $4 == "RRSIG" { $6 = 100 } { print }' ${zonefile}.tmp > ${zonefile}.signed
cat "$infile" "$keyname.key" > "$zonefile"
-"$SIGNER" -P -3 - -o "$zone" -O full -f ${zonefile}.tmp "$zonefile" > /dev/null 2>&1
+"$SIGNER" -P -3 - -o "$zone" -O full -f ${zonefile}.tmp "$zonefile" > /dev/null
awk '$4 == "DNSKEY" { $7 = 255 } $4 == "RRSIG" { $6 = 255 } { print }' ${zonefile}.tmp > ${zonefile}.signed
cat "$infile" "$ksk.key" "$zsk.key" unsupported-algorithm.key > "$zonefile"
-"$SIGNER" -P -3 - -o "$zone" -f ${zonefile}.signed "$zonefile" > /dev/null 2>&1
+"$SIGNER" -P -3 - -o "$zone" -f ${zonefile}.signed "$zonefile" > /dev/null
#
# A zone with a unknown DNSKEY algorithm + unknown NSEC3 hash algorithm (-U).
cat "$infile" "$keyname.key" > "$zonefile"
-"$SIGNER" -P -3 - -o "$zone" -U -O full -f ${zonefile}.tmp "$zonefile" > /dev/null 2>&1
+"$SIGNER" -P -3 - -o "$zone" -U -O full -f ${zonefile}.tmp "$zonefile" > /dev/null
awk '$4 == "DNSKEY" { $7 = 100; print } $4 == "RRSIG" { $6 = 100; print } { print }' ${zonefile}.tmp > ${zonefile}.signed
cat "$infile" "$keyname.key" > "$zonefile"
-"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null 2>&1
+"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null
mv "$zonefile".signed "$zonefile"
-"$SIGNER" -P -u3 - -o "$zone" "$zonefile" > /dev/null 2>&1
+"$SIGNER" -P -u3 - -o "$zone" "$zonefile" > /dev/null
mv "$zonefile".signed "$zonefile"
-"$SIGNER" -P -u3 AAAA -o "$zone" "$zonefile" > /dev/null 2>&1
+"$SIGNER" -P -u3 AAAA -o "$zone" "$zonefile" > /dev/null
mv "$zonefile".signed "$zonefile"
-"$SIGNER" -P -u3 BBBB -o "$zone" "$zonefile" > /dev/null 2>&1
+"$SIGNER" -P -u3 BBBB -o "$zone" "$zonefile" > /dev/null
mv "$zonefile".signed "$zonefile"
-"$SIGNER" -P -u3 CCCC -o "$zone" "$zonefile" > /dev/null 2>&1
+"$SIGNER" -P -u3 CCCC -o "$zone" "$zonefile" > /dev/null
mv "$zonefile".signed "$zonefile"
-"$SIGNER" -P -u3 DDDD -o "$zone" "$zonefile" > /dev/null 2>&1
+"$SIGNER" -P -u3 DDDD -o "$zone" "$zonefile" > /dev/null
#
# A RSASHA256 zone.
cat "$infile" "$keyname.key" > "$zonefile"
-"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null 2>&1
+"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null
#
# A RSASHA512 zone.
cat "$infile" "$keyname.key" > "$zonefile"
-"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null 2>&1
+"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null
#
# A zone with the DNSKEY set only signed by the KSK
kskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone")
zskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
cat "$infile" "$kskname.key" "$zskname.key" > "$zonefile"
-"$SIGNER" -x -o "$zone" "$zonefile" > /dev/null 2>&1
+"$SIGNER" -x -o "$zone" "$zonefile" > /dev/null
#
# A zone with the expired signatures
kskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -fk "$zone")
zskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
cat "$infile" "$kskname.key" "$zskname.key" > "$zonefile"
-"$SIGNER" -P -o "$zone" -s -1d -e +1h "$zonefile" > /dev/null 2>&1
+"$SIGNER" -P -o "$zone" -s -1d -e +1h "$zonefile" > /dev/null
rm -f "$kskname.*" "$zskname.*"
#
kskname=$("$KEYGEN" -q -3 -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -fk "$zone")
zskname=$("$KEYGEN" -q -3 -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
cat "$infile" "$kskname.key" "$zskname.key" > "$zonefile"
-"$SIGNER" -P -3 - -o "$zone" "$zonefile" > /dev/null 2>&1
+"$SIGNER" -P -3 - -o "$zone" "$zonefile" > /dev/null
#
# A NSEC signed zone that will have auto-dnssec enabled and
kskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -fk "$zone")
zskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
cat "$infile" "$kskname.key" "$zskname.key" > "$zonefile"
-"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null 2>&1
+"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null
#
# A NSEC3 signed zone that will have auto-dnssec enabled and
kskname=$("$KEYGEN" -q -3 -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -fk "$zone")
zskname=$("$KEYGEN" -q -3 -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
cat "$infile" "$kskname.key" "$zskname.key" > "$zonefile"
-"$SIGNER" -P -3 - -o "$zone" "$zonefile" > /dev/null 2>&1
+"$SIGNER" -P -3 - -o "$zone" "$zonefile" > /dev/null
#
# Secure below cname test zone.
zonefile=secure.below-cname.example.db
keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
cat "$infile" "$keyname.key" > "$zonefile"
-"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null 2>&1
+"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null
#
# Patched TTL test zone.
keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
cat "$infile" "$keyname.key" > "$zonefile"
-"$SIGNER" -P -f $signedfile -o "$zone" "$zonefile" > /dev/null 2>&1
+"$SIGNER" -P -f $signedfile -o "$zone" "$zonefile" > /dev/null
$CHECKZONE -D -s full "$zone" $signedfile 2> /dev/null | \
awk '{$2 = "3600"; print}' > $patchedfile
cat "$infile" "$keyname.key" > "$zonefile"
echo "\$INCLUDE \"$signedfile\"" >> "$zonefile"
: > "$signedfile"
-"$SIGNER" -P -D -o "$zone" "$zonefile" > /dev/null 2>&1
+"$SIGNER" -P -D -o "$zone" "$zonefile" > /dev/null
#
# Seperate DNSSEC records smart signing.
# shellcheck disable=SC2016
echo "\$INCLUDE \"$signedfile\"" >> "$zonefile"
: > "$signedfile"
-"$SIGNER" -P -S -D -o "$zone" "$zonefile" > /dev/null 2>&1
+"$SIGNER" -P -S -D -o "$zone" "$zonefile" > /dev/null
#
# Zone with signatures about to expire, but no private key to replace them
kskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
zskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone")
cp "$infile" "$zonefile"
-"$SIGNER" -S -e now+1mi -o "$zone" "$zonefile" > /dev/null 2>&1
+"$SIGNER" -S -e now+1mi -o "$zone" "$zonefile" > /dev/null
mv -f "${zskname}.private" "${zskname}.private.moved"
mv -f "${kskname}.private" "${kskname}.private.moved"
kskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
zskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone")
cp "$infile" "$zonefile"
-"$SIGNER" -P -S -o "$zone" -f $lower "$zonefile" > /dev/null 2>&1
+"$SIGNER" -P -S -o "$zone" -f $lower "$zonefile" > /dev/null
$CHECKZONE -D upper.example $lower 2>/dev/null | \
sed '/RRSIG/s/ upper.example. / UPPER.EXAMPLE. /' > $signedfile
kskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
zskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone")
cp "$infile" "$zonefile"
-"$SIGNER" -P -S -o "$zone" "$zonefile" > /dev/null 2>&1
+"$SIGNER" -P -S -o "$zone" "$zonefile" > /dev/null
#
# Zone with signatures about to expire, and dynamic, but configured
kskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
zskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone")
cp "$infile" "$zonefile"
-"$SIGNER" -S -e "now+1mi" -o "$zone" "$zonefile" > /dev/null 2>&1
+"$SIGNER" -S -e "now+1mi" -o "$zone" "$zonefile" > /dev/null
# preserve a normalized copy of the NS RRSIG for comparison later
$CHECKZONE -D nosign.example nosign.example.db.signed 2>/dev/null | \
awk '$4 == "RRSIG" && $5 == "NS" {$2 = ""; print}' | \
kskname=$("$KEYGEN" -I "$now+90s" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone")
zskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
cp "$infile" "$zonefile"
-"$SIGNER" -S -o "$zone" "$zonefile" > /dev/null 2>&1
+"$SIGNER" -S -o "$zone" "$zonefile" > /dev/null
#
# A zone which will change its sig-validity-interval
cat "$infile" "$keyname.key" > "$zonefile"
-"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null 2>&1
+"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null
sed -e 's/bogus/badds/g' < dsset-bogus.example$TP > dsset-badds.example$TP
#
kskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone")
zskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
cat "$infile" "$kskname.key" "$zskname.key" > "$zonefile"
-"$SIGNER" -P -s +3600 -o "$zone" "$zonefile" > /dev/null 2>&1
+"$SIGNER" -P -s +3600 -o "$zone" "$zonefile" > /dev/null
cp -f "$kskname.key" trusted-future.key
#
kskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone")
zskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
cat "$infile" "$kskname.key" "$zskname.key" > "$zonefile"
-"$SIGNER" -P -s +3600 -o "$zone" "$zonefile" > /dev/null 2>&1
+"$SIGNER" -P -s +3600 -o "$zone" "$zonefile" > /dev/null
#
# A zone with a revoked key
zsk1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -3 "$zone")
cat "$infile" "${ksk1}.key" "${ksk2}.key" "${zsk1}.key" > "$zonefile"
-"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null 2>&1
+"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null
#
# Check that NSEC3 are correctly signed and returned from below a DNAME
kskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -3fk "$zone")
zskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -3 "$zone")
cat "$infile" "${kskname}.key" "${zskname}.key" >"$zonefile"
-"$SIGNER" -P -3 - -o "$zone" "$zonefile" > /dev/null 2>&1
+"$SIGNER" -P -3 - -o "$zone" "$zonefile" > /dev/null
#
# A NSEC zone with occuded data at the delegation
$DSFROMKEY "$dnskeyname.key" > "dsset-delegation.${zone}$TP"
cat "$infile" "${kskname}.key" "${zskname}.key" "${keyname}.key" \
"${dnskeyname}.key" "dsset-delegation.${zone}$TP" >"$zonefile"
-"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null 2>&1
+"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null
(
cd signer/general || exit 1
rm -f signed.zone
-$SIGNER -f signed.zone -o example.com. test1.zone > signer.out.$n 2>&1
+$SIGNER -f signed.zone -o example.com. test1.zone > signer.out.$n
test -f signed.zone
) || ret=1
n=$((n+1))
(
cd signer/general || exit 1
rm -f signed.zone
-$SIGNER -f signed.zone -o example.com. test2.zone > signer.out.$n 2>&1
+$SIGNER -f signed.zone -o example.com. test2.zone > signer.out.$n
test -f signed.zone
) && ret=1
n=$((n+1))
(
cd signer/general || exit 1
rm -f signed.zone
-$SIGNER -f signed.zone -o example.com. test3.zone > signer.out.$n 2>&1
+$SIGNER -f signed.zone -o example.com. test3.zone > signer.out.$n
test -f signed.zone
) && ret=1
n=$((n+1))
(
cd signer/general || exit 1
rm -f signed.zone
-$SIGNER -f signed.zone -o example.com. test4.zone > signer.out.$n 2>&1
+$SIGNER -f signed.zone -o example.com. test4.zone > signer.out.$n
test -f signed.zone
) || ret=1
n=$((n+1))
(
cd signer/general || exit 1
rm -f signed.zone
-$SIGNER -f signed.zone -o example.com. test5.zone > signer.out.$n 2>&1
+$SIGNER -f signed.zone -o example.com. test5.zone > signer.out.$n
test -f signed.zone
) || ret=1
n=$((n+1))
(
cd signer/general || exit 1
rm -f signed.zone
-$SIGNER -f signed.zone -o example.com. test6.zone > signer.out.$n 2>&1
+$SIGNER -f signed.zone -o example.com. test6.zone > signer.out.$n
test -f signed.zone
) || ret=1
n=$((n+1))
(
cd signer/general || exit 1
rm -f signed.zone
-$SIGNER -f signed.zone -o example.com. test7.zone > signer.out.$n 2>&1
+$SIGNER -f signed.zone -o example.com. test7.zone > signer.out.$n
test -f signed.zone
) && ret=1
n=$((n+1))
(
cd signer/general || exit 1
rm -f signed.zone
-$SIGNER -f signed.zone -o example.com. test8.zone > signer.out.$n 2>&1
+$SIGNER -f signed.zone -o example.com. test8.zone > signer.out.$n
test -f signed.zone
) && ret=1
n=$((n+1))
(
cd signer || exit 1
cat example.db.in "$key1.key" "$key2.key" > example.db
-$SIGNER -o example -f example.db example.db > /dev/null 2>&1
+$SIGNER -o example -f example.db example.db > /dev/null
) || ret=1
n=$((n+1))
test "$ret" -eq 0 || echo_i "failed"
(
cd signer || exit 1
cat example.db.in "$key1.key" "$key2.key" > example.db
-$SIGNER -3 - -H 10 -o example -f example.db example.db > /dev/null 2>&1
+$SIGNER -3 - -H 10 -o example -f example.db example.db > /dev/null
awk '/^IQF9LQTLK/ {
printf("%s", $0);
while (!index($0, ")")) {
cd signer || exit 1
cat example.db.in "$key1.key" "$key2.key" > example3.db
echo "some.empty.nonterminal.nodes.example 60 IN NS ns.example.tld" >> example3.db
-$SIGNER -3 - -A -H 10 -o example -f example3.db example3.db > /dev/null 2>&1
+$SIGNER -3 - -A -H 10 -o example -f example3.db example3.db > /dev/null
awk '/^IQF9LQTLK/ {
printf("%s", $0);
while (!index($0, ")")) {
(
cd signer || exit 1
cat example.db.in "$key1.key" "$key2.key" > example.db
-$SIGNER -o example -f example.db.before example.db > /dev/null 2>&1
+$SIGNER -o example -f example.db.before example.db > /dev/null
sed 's/60.IN.SOA./50 IN SOA /' example.db.before > example.db.changed
-$SIGNER -o example -f example.db.after example.db.changed > /dev/null 2>&1
+$SIGNER -o example -f example.db.after example.db.changed > /dev/null
)
grep "SOA 5 1 50" signer/example.db.after > /dev/null || ret=1
n=$((n+1))
(
cd signer || exit 1
cat example.db.in "$key1.key" "$key2.key" > example.db
-$SIGNER -D -o example example.db > /dev/null 2>&1
+$SIGNER -D -o example example.db > /dev/null
# now switch out key2 for key3 and resign the zone
cat example.db.in "$key1.key" "$key3.key" > example.db
echo "\$INCLUDE \"example.db.signed\"" >> example.db
-$SIGNER -D -o example example.db > /dev/null 2>&1
+$SIGNER -D -o example example.db > /dev/null
) || ret=1
get_rsasha1_key_ids_from_sigs | grep "^$keyid2$" > /dev/null || ret=1
get_rsasha1_key_ids_from_sigs | grep "^$keyid3$" > /dev/null || ret=1
ret=0
(
cd signer || exit 1
-$SIGNER -RD -o example example.db > /dev/null 2>&1
+$SIGNER -RD -o example example.db > /dev/null
) || ret=1
get_rsasha1_key_ids_from_sigs | grep "^$keyid2$" > /dev/null && ret=1
get_rsasha1_key_ids_from_sigs | grep "^$keyid3$" > /dev/null || ret=1
(
cd signer || exit 1
cp -f example.db.in example.db
-$SIGNER -SD -o example example.db > /dev/null 2>&1
+$SIGNER -SD -o example example.db > /dev/null
echo "\$INCLUDE \"example.db.signed\"" >> example.db
# now retire key2 and resign the zone
$SETTIME -I now "$key2" > /dev/null 2>&1
-$SIGNER -SD -o example example.db > /dev/null 2>&1
+$SIGNER -SD -o example example.db > /dev/null
) || ret=1
get_rsasha1_key_ids_from_sigs | grep "^$keyid2$" > /dev/null || ret=1
get_rsasha1_key_ids_from_sigs | grep "^$keyid3$" > /dev/null || ret=1
ret=0
(
cd signer || exit 1
-$SIGNER -SDQ -o example example.db > /dev/null 2>&1
+$SIGNER -SDQ -o example example.db > /dev/null
) || ret=1
get_rsasha1_key_ids_from_sigs | grep "^$keyid2$" > /dev/null && ret=1
get_rsasha1_key_ids_from_sigs | grep "^$keyid3$" > /dev/null || ret=1
ret=0
(
cd signer || exit 1
-$SIGNER -Sxt -o example example.db > signer.out.1 2>&1
-$SIGNER -Sxt -o example -f example.db.signed example.db.signed > signer.out.2 2>&1
+$SIGNER -Sxt -o example example.db > signer.out.1
+$SIGNER -Sxt -o example -f example.db.signed example.db.signed > signer.out.2
) || ret=1
gen1=$(awk '/generated/ {print $3}' signer/signer.out.1)
retain1=$(awk '/retained/ {print $3}' signer/signer.out.1)
EOF
echo "\$INCLUDE \"example2.db.signed\"" >> example2.db
touch example2.db.signed
-$SIGNER -DS -O full -f example2.db.signed -o example example2.db > /dev/null 2>&1
+$SIGNER -DS -O full -f example2.db.signed -o example example2.db > /dev/null
) || ret=1
grep "^sub1\\.example\\..*RRSIG[ ]A[ ]" signer/example2.db.signed > /dev/null 2>&1 || ret=1
grep "^ns\\.sub2\\.example\\..*RRSIG[ ]A[ ]" signer/example2.db.signed > /dev/null 2>&1 || ret=1
ns.sub2.example. IN A 10.53.0.2
EOF
echo "\$INCLUDE \"example2.db.signed\"" >> example2.db
-$SIGNER -DS -O full -f example2.db.signed -o example example2.db > /dev/null 2>&1
+$SIGNER -DS -O full -f example2.db.signed -o example example2.db > /dev/null
) || ret=1
grep "^sub1\\.example\\..*RRSIG[ ]A[ ]" signer/example2.db.signed > /dev/null 2>&1 && ret=1
grep "^ns\\.sub2\\.example\\..*RRSIG[ ]A[ ]" signer/example2.db.signed > /dev/null 2>&1 && ret=1
EOF
echo "\$INCLUDE \"example2.db.signed\"" >> example2.db
touch example2.db.signed
-$SIGNER -DS -3 feedabee -O full -f example2.db.signed -o example example2.db > /dev/null 2>&1
+$SIGNER -DS -3 feedabee -O full -f example2.db.signed -o example example2.db > /dev/null
) || ret=1
grep "^sub1\\.example\\..*RRSIG[ ]A[ ]" signer/example2.db.signed > /dev/null 2>&1 || ret=1
grep "^ns\\.sub2\\.example\\..*RRSIG[ ]A[ ]" signer/example2.db.signed > /dev/null 2>&1 || ret=1
ns.sub2.example. IN A 10.53.0.2
EOF
echo "\$INCLUDE \"example2.db.signed\"" >> example2.db
-$SIGNER -DS -3 feedabee -O full -f example2.db.signed -o example example2.db > /dev/null 2>&1
+$SIGNER -DS -3 feedabee -O full -f example2.db.signed -o example example2.db > /dev/null
) || ret=1
grep "^sub1\\.example\\..*RRSIG[ ]A[ ]" signer/example2.db.signed > /dev/null 2>&1 && ret=1
grep "^ns\\.sub2\\.example\\..*RRSIG[ ]A[ ]" signer/example2.db.signed > /dev/null 2>&1 && ret=1
cd signer || exit 1
$SIGNER -O full -f - -Sxt -o example example.db > signer.out.3 2> /dev/null
$SIGNER -O text -f - -Sxt -o example example.db > signer.out.4 2> /dev/null
-$SIGNER -O raw -f signer.out.5 -Sxt -o example example.db > /dev/null 2>&1
-$SIGNER -O raw=0 -f signer.out.6 -Sxt -o example example.db > /dev/null 2>&1
+$SIGNER -O raw -f signer.out.5 -Sxt -o example example.db > /dev/null
+$SIGNER -O raw=0 -f signer.out.6 -Sxt -o example example.db > /dev/null
$SIGNER -O raw -f - -Sxt -o example example.db > signer.out.7 2> /dev/null
) || ret=1
awk '/IN *SOA/ {if (NF != 11) exit(1)}' signer/signer.out.3 || ret=1
ret=0
(
cd signer || exit 1
-$SIGNER -O full -f signer.out.8 -S -M 30 -o example example.db > /dev/null 2>&1
+$SIGNER -O full -f signer.out.8 -S -M 30 -o example example.db > /dev/null
) || ret=1
awk '/^;/ { next; } $2 > 30 { exit 1; }' signer/signer.out.8 || ret=1
n=$((n+1))
ret=0
(
cd signer || exit 1
-TZ=UTC $SIGNER -O full -f signer.out.9 -S -N date -o example example2.db > /dev/null 2>&1
+TZ=UTC $SIGNER -O full -f signer.out.9 -S -N date -o example example2.db > /dev/null
) || ret=1
# shellcheck disable=SC2016
now=$(TZ=UTC $PERL -e '@lt=localtime(); printf "%.4d%0.2d%0.2d00\n",$lt[5]+1900,$lt[4]+1,$lt[3];')
for file in K*.moved; do
mv "$file" "$(basename "$file" .moved)"
done
-$SIGNER -S -N increment -e now+1mi -o expiring.example expiring.example.db > /dev/null 2>&1
+$SIGNER -S -N increment -e now+1mi -o expiring.example expiring.example.db > /dev/null
) || ret=1
rndc_reload ns3 10.53.0.3 expiring.example
$KEYGEN -q -a RSASHA1 -3 -fK remove > /dev/null
$KEYGEN -q -a RSASHA1 -33 remove > /dev/null
echo > remove.db.signed
-$SIGNER -S -o remove -D -f remove.db.signed remove.db.in > signer.out.1.$n 2>&1
+$SIGNER -S -o remove -D -f remove.db.signed remove.db.in > signer.out.1.$n
)
grep "RRSIG MX" signer/remove.db.signed > /dev/null || {
ret=1 ; cp signer/remove.db.signed signer/remove.db.signed.pre$n;
# re-generate signed zone without MX and AAAA records at apex.
(
cd signer || exit 1
-$SIGNER -S -o remove -D -f remove.db.signed remove2.db.in > signer.out.2.$n 2>&1
+$SIGNER -S -o remove -D -f remove.db.signed remove2.db.in > signer.out.2.$n
)
grep "RRSIG MX" signer/remove.db.signed > /dev/null && {
ret=1 ; cp signer/remove.db.signed signer/remove.db.signed.post$n;
(
cd signer || exit 1
echo > remove.db.signed
-$SIGNER -3 - -S -o remove -D -f remove.db.signed remove.db.in > signer.out.1.$n 2>&1
+$SIGNER -3 - -S -o remove -D -f remove.db.signed remove.db.in > signer.out.1.$n
)
grep "RRSIG MX" signer/remove.db.signed > /dev/null || {
ret=1 ; cp signer/remove.db.signed signer/remove.db.signed.pre$n;
# re-generate signed zone without MX and AAAA records at apex.
(
cd signer || exit 1
-$SIGNER -3 - -S -o remove -D -f remove.db.signed remove2.db.in > signer.out.2.$n 2>&1
+$SIGNER -3 - -S -o remove -D -f remove.db.signed remove2.db.in > signer.out.2.$n
)
grep "RRSIG MX" signer/remove.db.signed > /dev/null && {
ret=1 ; cp signer/remove.db.signed signer/remove.db.signed.post$n;
rm -f K.+*+*.private
keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -f KSK $zone`
-$SIGNER -S -x -T 1200 -o ${zone} root.db > signer.out 2>&1
+$SIGNER -S -x -T 1200 -o ${zone} root.db > signer.out
[ $? = 0 ] || cat signer.out
keyfile_to_static_keys $keyname > trusted.conf
keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -f KSK $zone`
$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db
-$SIGNER -S -O raw -L 2000042407 -o ${zone} ${zone}.db > /dev/null 2>&1
+$SIGNER -S -O raw -L 2000042407 -o ${zone} ${zone}.db > /dev/null
cp master2.db.in updated.db
# signatures are expired and should be regenerated on startup
keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -f KSK $zone`
$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db
-$SIGNER -PS -s 20100101000000 -e 20110101000000 -O raw -L 2000042407 -o ${zone} ${zone}.db > /dev/null 2>&1
+$SIGNER -PS -s 20100101000000 -e 20110101000000 -O raw -L 2000042407 -o ${zone} ${zone}.db > /dev/null
zone=retransfer
rm -f K${zone}.+*+*.key
$KEYGEN -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK signed > /dev/null 2>&1
$KEYGEN -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" signed > /dev/null 2>&1
-$SIGNER -S -f signed.db.signed -o signed signed.db > /dev/null 2>&1
+$SIGNER -S -f signed.db.signed -o signed signed.db > /dev/null
$CHECKZONE -D -F map -o signed.db.map signed signed.db.signed > /dev/null 2>&1
echo_i "checking map format zone is scheduled for resigning (signzone) ($n)"
ret=0
rndccmd 10.53.0.1 freeze signed > rndc.out 2>&1 || ret=1
-(cd ns1 || exit 1; $SIGNER -S -O map -f signed.db.map -o signed signed.db > /dev/null 2>&1)
+(cd ns1 || exit 1; $SIGNER -S -O map -f signed.db.map -o signed signed.db > /dev/null)
rndc_reload ns1 10.53.0.1 signed
rndccmd 10.53.0.1 zonestatus signed > rndc.out 2>&1 || ret=1
grep 'next resign' rndc.out > /dev/null 2>&1 || ret=1
zsk=$(keyfile_to_key_id "$(cat zsk.key)")
echo_i "signing zones"
-$SIGNER -Sg -o $czone $cfile > /dev/null 2>&1
-$SIGNER -Sg -o $pzone $pfile > /dev/null 2>&1
+$SIGNER -Sg -o $czone $cfile > /dev/null
+$SIGNER -Sg -o $pzone $pfile > /dev/null
awk '$2 ~ /RRSIG/ {
type = $3;
sleep 20
echo_i "re-signing zone"
-$SIGNER -Sg -o $czone -f ${cfile}.new ${cfile}.signed > /dev/null 2>&1
+$SIGNER -Sg -o $czone -f ${cfile}.new ${cfile}.signed > /dev/null
echo_i "checking that standby KSK is now active ($n)"
ret=0
keyname2=`$KEYGEN -q -a RSASHA256 -b 2048 -f KSK -n zone $zone`
cat $infile $keyname1.key $keyname2.key > $zonefile
-$SIGNER -g -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -g -o $zone $zonefile > /dev/null
# Configure the resolving server with a static key.
keyfile_to_static_keys $keyname2 > trusted.conf
cat $infile $keyname1.key $keyname2.key > $zonefile
- $SIGNER -3 bebe -o $zone $zonefile > /dev/null 2>&1
+ $SIGNER -3 bebe -o $zone $zonefile > /dev/null
done
# remove "removed" record from example.com, causing the server to
cat $infile $key1.key $key2.key > $zonefile
-$SIGNER -P -g -O full -o $zone $zonefile > sign.ns5.signed.out 2>&1
+$SIGNER -P -g -O full -o $zone $zonefile > sign.ns5.signed.out
cp signed.db.signed ../ns6
# cat $infile $key1.key $key2.key > $zonefile
cat $infile dsset-signed. $key1.key $key2.key > $zonefile
-$SIGNER -P -g -O full -o $zone $zonefile > sign.ns5.root.out 2>&1
+$SIGNER -P -g -O full -o $zone $zonefile > sign.ns5.root.out
ksk=`$KEYGEN -q -a rsasha256 -fk $zone`
zsk=`$KEYGEN -q -a rsasha256 -b 2048 $zone`
cat $ksk.key $zsk.key >> $zonefile
-$SIGNER -P -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -P -o $zone $zonefile > /dev/null
zone=example.net
zonefile="${zone}.db"
ksk=`$KEYGEN -q -a rsasha256 -fk $zone`
zsk=`$KEYGEN -q -a rsasha256 $zone`
cat $ksk.key $zsk.key dsset-ds.example.net$TP >> $zonefile
-$SIGNER -P -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -P -o $zone $zonefile > /dev/null
# Configure a static key to be used by delv
keyfile_to_static_keys $ksk > ../ns5/trusted.conf
$SETTIME -A now+30s $cksk2 > /dev/null
echo_i "signing child zone"
-czoneout=`$SIGNER -Sg -e now+1d -X now+2d -o $czone $cfile 2>&1`
+czoneout=`$SIGNER -Sg -e now+1d -X now+2d -o $czone $cfile`
echo_i "signing parent zone"
-pzoneout=`$SIGNER -Sg -o $pzone $pfile 2>&1`
+pzoneout=`$SIGNER -Sg -o $pzone $pfile`
czactive=$(keyfile_to_key_id $czsk1)
czgenerated=$(keyfile_to_key_id $czsk2)
echo_i "rechecking dnssec-signzone output with -x"
ret=0
# use an alternate output file so -x doesn't interfere with later checks
-pzoneout=`$SIGNER -Sxg -o $pzone -f ${pfile}2.signed $pfile 2>&1`
-czoneout=`$SIGNER -Sxg -e now+1d -X now+2d -o $czone -f ${cfile}2.signed $cfile 2>&1`
+pzoneout=`$SIGNER -Sxg -o $pzone -f ${pfile}2.signed $pfile`
+czoneout=`$SIGNER -Sxg -e now+1d -X now+2d -o $czone -f ${cfile}2.signed $cfile`
echo "$pzoneout" | grep 'KSKs: 1 active, 0 stand-by, 0 revoked' > /dev/null || ret=1
echo "$pzoneout" | grep 'ZSKs: 1 active, 0 present, 0 revoked' > /dev/null || ret=1
echo "$czoneout" | grep 'KSKs: 1 active, 1 stand-by, 1 revoked' > /dev/null || ret=1
echo_i "re-signing and checking imported TTLs again"
ret=0
$SETTIME -L 15 ${czsk2} > /dev/null
-czoneout=`$SIGNER -Sg -e now+1d -X now+2d -o $czone $cfile 2>&1`
+czoneout=`$SIGNER -Sg -e now+1d -X now+2d -o $czone $cfile`
awk 'BEGIN {r = 0} $2 == "DNSKEY" && $1 != 15 {r = 1} END {exit r}' \
${cfile}.signed || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
echo_i "waiting 30 seconds for key activation"
sleep 30
echo_i "re-signing child zone"
-czoneout2=`$SIGNER -Sg -o $czone -f $cfile.new $cfile.signed 2>&1`
+czoneout2=`$SIGNER -Sg -o $czone -f $cfile.new $cfile.signed`
mv $cfile.new $cfile.signed
echo_i "checking dnssec-signzone output matches expectations"
echo_i "checking sync record deletion"
ret=0
$SETTIME -P now -A now -Dsync now ${cksk5} > /dev/null
-$SIGNER -Sg -o $czone -f $cfile.new $cfile.signed > /dev/null 2>&1
+$SIGNER -Sg -o $czone -f $cfile.new $cfile.signed > /dev/null
mv $cfile.new $cfile.signed
awk 'BEGIN { r=1 } $2 == "CDNSKEY" { r=0 } END { exit r }' $cfile.signed && ret=1
awk 'BEGIN { r=1 } $2 == "CDS" { r=0 } END { exit r }' $cfile.signed && ret=1
keyname2=`$KEYGEN -q -a RSASHA256 -b 2048 -f KSK -n zone $zone`
cat $infile $keyname1.key $keyname2.key > $zonefile
-$SIGNER -g -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -g -o $zone $zonefile > /dev/null
# Configure the resolving server with a trusted key.
keyfile_to_static_keys $keyname2 > trusted.conf
keyname2=`$KEYGEN -q -a RSASHA256 -b 2048 -f KSK -n zone $zone`
cat $infile $keyname1.key $keyname2.key > $zonefile
-$SIGNER -g -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -g -o $zone $zonefile > /dev/null
keyfile_to_static_keys $keyname2 >> trusted.conf
cp trusted.conf ../ns2/trusted.conf
cat $infile $keyname1.key $keyname2.key > $zonefile
-$SIGNER -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -o $zone $zonefile > /dev/null
keyname=$($KEYGEN -q -a RSASHA256 -b 2048 -n zone $zone)
cat "$infile" "$keyname.key" > "$zonefile"
-$SIGNER -P -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -P -o $zone $zonefile > /dev/null
zone=dnamed
infile=dnamed.db.in
keyname=$($KEYGEN -q -a RSASHA256 -b 2048 -n zone $zone)
cat "$infile" "$keyname.key" > "$zonefile"
-$SIGNER -P -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -P -o $zone $zonefile > /dev/null
zone=.
infile=root.db.in
keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -b ${DEFAULT_BITS} -n zone $zone)
cat "$infile" "$keyname.key" > "$zonefile"
-$SIGNER -P -g -o $zone $zonefile > /dev/null 2>&1
+$SIGNER -P -g -o $zone $zonefile > /dev/null
# Configure the resolving server with a static key.
keyfile_to_static_keys "$keyname" > trusted.conf
# A set of nsec zones.
setup zsk-only.nsec good
$KEYGEN -a rsasha256 ${zone}> kg.out$n 2>&1 || dumpit kg.out$n
-$SIGNER -SP -o ${zone} -f ${file} unsigned.db > s.out$n 2>&1 || dumpit s.out$n
+$SIGNER -SP -o ${zone} -f ${file} unsigned.db > s.out$n || dumpit s.out$n
setup ksk-only.nsec good
$KEYGEN -a rsasha256 -fK ${zone} > kg.out$n 2>&1 || dumpit kg.out$n
-$SIGNER -SPz -o ${zone} -f ${file} unsigned.db > s.out$n 2>&1 || dumpit s.out$n
+$SIGNER -SPz -o ${zone} -f ${file} unsigned.db > s.out$n || dumpit s.out$n
setup ksk+zsk.nsec good
$KEYGEN -a rsasha256 ${zone} > kg1.out$n 2>&1 || dumpit kg1.out$n
$KEYGEN -a rsasha256 -fK ${zone} > kg2.out$n 2>&1 || dumpit kg2.out$n
-$SIGNER -SPx -o ${zone} -f ${file} unsigned.db > s.out$n 2>&1 || dumpit s.out$n
+$SIGNER -SPx -o ${zone} -f ${file} unsigned.db > s.out$n || dumpit s.out$n
setup ksk+zsk.nsec.apex-dname good
zsk=`$KEYGEN -a rsasha256 ${zone} 2> kg1.out$n` || dumpit kg1.out$n
ksk=`$KEYGEN -a rsasha256 -fK ${zone} 2> kg2.out$n` || dumpit kg2.out$n
cp unsigned.db ${file}.tmp
echo "@ DNAME data" >> ${file}.tmp
-$SIGNER -SP -o ${zone} -f ${file} ${file}.tmp > s.out$n 2>&1 || dumpit s.out$n
+$SIGNER -SP -o ${zone} -f ${file} ${file}.tmp > s.out$n || dumpit s.out$n
# A set of nsec3 zones.
setup zsk-only.nsec3 good
$KEYGEN -a rsasha256 ${zone}> kg.out$n 2>&1 || dumpit kg.out$n
-$SIGNER -3 - -SP -o ${zone} -f ${file} unsigned.db > s.out$n 2>&1 || dumpit s.out$n
+$SIGNER -3 - -SP -o ${zone} -f ${file} unsigned.db > s.out$n || dumpit s.out$n
setup ksk-only.nsec3 good
$KEYGEN -a rsasha256 -fK ${zone} > kg.out$n 2>&1 || dumpit kg.out$n
-$SIGNER -3 - -SPz -o ${zone} -f ${file} unsigned.db > s.out$n 2>&1 || dumpit s.out$n
+$SIGNER -3 - -SPz -o ${zone} -f ${file} unsigned.db > s.out$n || dumpit s.out$n
setup ksk+zsk.nsec3 good
$KEYGEN -a rsasha256 ${zone} > kg1.out$n 2>&1 || dumpit kg1.out$n
$KEYGEN -a rsasha256 -fK ${zone} > kg2.out$n 2>&1 || dumpit kg2.out$n
-$SIGNER -3 - -SPx -o ${zone} -f ${file} unsigned.db > s.out$n 2>&1 || dumpit s.out$n
+$SIGNER -3 - -SPx -o ${zone} -f ${file} unsigned.db > s.out$n || dumpit s.out$n
setup ksk+zsk.optout good
$KEYGEN -a rsasha256 ${zone} > kg1.out$n 2>&1 || dumpit kg1.out$n
$KEYGEN -a rsasha256 -fK ${zone} > kg2.out$n 2>&1 || dumpit kg2.out$n
-$SIGNER -3 - -A -SPx -o ${zone} -f ${file} unsigned.db > s.out$n 2>&1 || dumpit s.out$n
+$SIGNER -3 - -A -SPx -o ${zone} -f ${file} unsigned.db > s.out$n || dumpit s.out$n
setup ksk+zsk.nsec3.apex-dname good
zsk=`$KEYGEN -a rsasha256 ${zone} 2> kg1.out$n` || dumpit kg1.out$n
ksk=`$KEYGEN -a rsasha256 -fK ${zone} 2> kg2.out$n` || dumpit kg2.out$n
cp unsigned.db ${file}.tmp
echo "@ DNAME data" >> ${file}.tmp
-$SIGNER -3 - -SP -o ${zone} -f ${file} ${file}.tmp > s.out$n 2>&1 || dumpit s.out$n
+$SIGNER -3 - -SP -o ${zone} -f ${file} ${file}.tmp > s.out$n || dumpit s.out$n
#
# generate an NSEC record like
FOO A 127.0.0.2
aba CNAME FOO
EOF
-$SIGNER -zP -o ${zone} -f ${file}.tmp ${zone}.tmp > s.out$n 2>&1 || dumpit s.out$n
+$SIGNER -zP -o ${zone} -f ${file}.tmp ${zone}.tmp > s.out$n || dumpit s.out$n
sed 's/^FOO\./foo\./' < ${file}.tmp > ${file}
# A set of zones with only DNSKEY records.
s="-s -2678400"
setup zsk-only.nsec.expired bad
$KEYGEN -a rsasha256 ${zone}> kg.out$n 2>&1 || dumpit kg.out$n
-$SIGNER -SP ${s} -o ${zone} -f ${file} unsigned.db > s.out$n 2>&1 || dumpit s.out$n
+$SIGNER -SP ${s} -o ${zone} -f ${file} unsigned.db > s.out$n || dumpit s.out$n
setup ksk-only.nsec.expired bad
$KEYGEN -a rsasha256 -fK ${zone} > kg.out$n 2>&1 || dumpit kg.out$n
-$SIGNER -SPz ${s} -o ${zone} -f ${file} unsigned.db > s.out$n 2>&1 || dumpit s.out$n
+$SIGNER -SPz ${s} -o ${zone} -f ${file} unsigned.db > s.out$n || dumpit s.out$n
setup ksk+zsk.nsec.expired bad
$KEYGEN -a rsasha256 ${zone} > kg1.out$n 2>&1 || dumpit kg1.out$n
$KEYGEN -a rsasha256 -fK ${zone} > kg2.out$n 2>&1 || dumpit kg2.out$n
-$SIGNER -SP ${s} -o ${zone} -f ${file} unsigned.db > s.out$n 2>&1 || dumpit s.out$n
+$SIGNER -SP ${s} -o ${zone} -f ${file} unsigned.db > s.out$n || dumpit s.out$n
setup zsk-only.nsec3.expired bad
$KEYGEN -a rsasha256 ${zone}> kg.out$n 2>&1 || dumpit kg.out$n
-$SIGNER -3 - ${s} -SP -o ${zone} -f ${file} unsigned.db > s.out$n 2>&1 || dumpit s.out$n
+$SIGNER -3 - ${s} -SP -o ${zone} -f ${file} unsigned.db > s.out$n || dumpit s.out$n
setup ksk-only.nsec3.expired bad
$KEYGEN -a rsasha256 -fK ${zone} > kg.out$n 2>&1 || dumpit kg.out$n
-$SIGNER -3 - ${s} -SPz -o ${zone} -f ${file} unsigned.db > s.out$n 2>&1 || dumpit s.out$n
+$SIGNER -3 - ${s} -SPz -o ${zone} -f ${file} unsigned.db > s.out$n || dumpit s.out$n
setup ksk+zsk.nsec3.expired bad
$KEYGEN -a rsasha256 ${zone} > kg1.out$n 2>&1 || dumpit kg1.out$n
$KEYGEN -a rsasha256 -fK ${zone} > kg2.out$n 2>&1 || dumpit kg2.out$n
-$SIGNER -3 - ${s} -SPx -o ${zone} -f ${file} unsigned.db > s.out$n 2>&1 || dumpit s.out$n
+$SIGNER -3 - ${s} -SPx -o ${zone} -f ${file} unsigned.db > s.out$n || dumpit s.out$n
# ksk expired
setup ksk+zsk.nsec.ksk-expired bad
zsk=`$KEYGEN -a rsasha256 ${zone} 2> kg1.out$n` || dumpit kg1.out$n
ksk=`$KEYGEN -a rsasha256 -fK ${zone} 2> kg2.out$n` || dumpit kg2.out$n
cat unsigned.db $ksk.key $zsk.key > $file
-$SIGNER -Px -o ${zone} -f ${file} ${file} $zsk > s.out$n 2>&1 || dumpit s.out$n
-$SIGNER ${s} -P -O full -o ${zone} -f ${file} ${file} $ksk > s.out$n 2>&1 || dumpit s.out$n
+$SIGNER -Px -o ${zone} -f ${file} ${file} $zsk > s.out$n || dumpit s.out$n
+$SIGNER ${s} -P -O full -o ${zone} -f ${file} ${file} $ksk > s.out$n || dumpit s.out$n
now=`date -u +%Y%m%d%H%M%S`
exp=`awk '$4 == "RRSIG" && $5 == "DNSKEY" { print $9;}' ${file}`
[ "${exp:-40001231246060}" -lt ${now:-0} ] || dumpit $file
zsk=`$KEYGEN -a rsasha256 ${zone} 2> kg1.out$n` || dumpit kg1.out$n
ksk=`$KEYGEN -a rsasha256 -fK ${zone} 2> kg2.out$n` || dumpit kg2.out$n
cat unsigned.db $ksk.key $zsk.key > $file
-$SIGNER -3 - -Px -o ${zone} -f ${file} ${file} $zsk > s.out$n 2>&1 || dumpit s.out$n
-$SIGNER -3 - ${s} -P -O full -o ${zone} -f ${file} ${file} $ksk > s.out$n 2>&1 || dumpit s.out$n
+$SIGNER -3 - -Px -o ${zone} -f ${file} ${file} $zsk > s.out$n || dumpit s.out$n
+$SIGNER -3 - ${s} -P -O full -o ${zone} -f ${file} ${file} $ksk > s.out$n || dumpit s.out$n
now=`date -u +%Y%m%d%H%M%S`
exp=`awk '$4 == "RRSIG" && $5 == "DNSKEY" { print $9;}' ${file}`
[ "${exp:-40001231246060}" -lt ${now:-0} ] || dumpit $file
zsk=`$KEYGEN -a rsasha256 ${zone} 2> kg1.out$n` || dumpit kg1.out$n
ksk=`$KEYGEN -a rsasha256 -fK ${zone} 2> kg2.out$n` || dumpit kg2.out$n
cat unsigned.db $ksk.key $zsk.key > $file
-$SIGNER -P -O full -o ${zone} -f ${file} ${file} $ksk > s.out$n 2>&1 || dumpit s.out$n
+$SIGNER -P -O full -o ${zone} -f ${file} ${file} $ksk > s.out$n || dumpit s.out$n
awk '$4 == "NSEC" { $5 = "'$zone'."; print } { print }' ${file} > ${file}.tmp
-$SIGNER -Px -Z nonsecify -o ${zone} -f ${file} ${file}.tmp $zsk > s.out$n 2>&1 || dumpit s.out$n
+$SIGNER -Px -Z nonsecify -o ${zone} -f ${file} ${file}.tmp $zsk > s.out$n || dumpit s.out$n
# bad nsec bitmap
setup ksk+zsk.nsec.bad-bitmap bad
zsk=`$KEYGEN -a rsasha256 ${zone} 2> kg1.out$n` || dumpit kg1.out$n
ksk=`$KEYGEN -a rsasha256 -fK ${zone} 2> kg2.out$n` || dumpit kg2.out$n
cat unsigned.db $ksk.key $zsk.key > $file
-$SIGNER -P -O full -o ${zone} -f ${file} ${file} $ksk > s.out$n 2>&1 || dumpit s.out$n
+$SIGNER -P -O full -o ${zone} -f ${file} ${file} $ksk > s.out$n || dumpit s.out$n
awk '$4 == "NSEC" && /SOA/ { $6=""; print } { print }' ${file} > ${file}.tmp
-$SIGNER -Px -Z nonsecify -o ${zone} -f ${file} ${file}.tmp $zsk > s.out$n 2>&1 || dumpit s.out$n
+$SIGNER -Px -Z nonsecify -o ${zone} -f ${file} ${file}.tmp $zsk > s.out$n || dumpit s.out$n
# extra NSEC record out side of zone
setup ksk+zsk.nsec.out-of-zone-nsec bad
zsk=`$KEYGEN -a rsasha256 ${zone} 2> kg1.out$n` || dumpit kg1.out$n
ksk=`$KEYGEN -a rsasha256 -fK ${zone} 2> kg2.out$n` || dumpit kg2.out$n
cat unsigned.db $ksk.key $zsk.key > $file
-$SIGNER -P -O full -o ${zone} -f ${file} ${file} $ksk > s.out$n 2>&1 || dumpit s.out$n
+$SIGNER -P -O full -o ${zone} -f ${file} ${file} $ksk > s.out$n || dumpit s.out$n
echo "out-of-zone. 3600 IN NSEC ${zone}. A" >> ${file}
-$SIGNER -Px -Z nonsecify -O full -o ${zone} -f ${file} ${file} $zsk > s.out$n 2>&1 || dumpit s.out$n
+$SIGNER -Px -Z nonsecify -O full -o ${zone} -f ${file} ${file} $zsk > s.out$n || dumpit s.out$n
# extra NSEC record below bottom of zone
setup ksk+zsk.nsec.below-bottom-of-zone-nsec bad
zsk=`$KEYGEN -a rsasha256 ${zone} 2> kg1.out$n` || dumpit kg1.out$n
ksk=`$KEYGEN -a rsasha256 -fK ${zone} 2> kg2.out$n` || dumpit kg2.out$n
cat unsigned.db $ksk.key $zsk.key > $file
-$SIGNER -P -O full -o ${zone} -f ${file} ${file} $ksk > s.out$n 2>&1 || dumpit s.out$n
+$SIGNER -P -O full -o ${zone} -f ${file} ${file} $ksk > s.out$n || dumpit s.out$n
echo "ns.sub.${zone}. 3600 IN NSEC ${zone}. A AAAA" >> ${file}
-$SIGNER -Px -Z nonsecify -O full -o ${zone} -f ${file}.tmp ${file} $zsk > s.out$n 2>&1 || dumpit s.out$n
+$SIGNER -Px -Z nonsecify -O full -o ${zone} -f ${file}.tmp ${file} $zsk > s.out$n || dumpit s.out$n
# dnssec-signzone signs any node with a NSEC record.
awk '$1 ~ /^ns.sub/ && $4 == "RRSIG" && $5 != "NSEC" { next; } { print; }' ${file}.tmp > ${file}
zsk=`$KEYGEN -a rsasha256 ${zone} 2> kg1.out$n` || dumpit kg1.out$n
ksk=`$KEYGEN -a rsasha256 -fK ${zone} 2> kg2.out$n` || dumpit kg2.out$n
cat unsigned.db $ksk.key $zsk.key > $file
-$SIGNER -P -O full -o ${zone} -f ${file} ${file} $ksk > s.out$n 2>&1 || dumpit s.out$n
+$SIGNER -P -O full -o ${zone} -f ${file} ${file} $ksk > s.out$n || dumpit s.out$n
echo "sub.dname.${zone}. 3600 IN NSEC ${zone}. TXT" >> ${file}
-$SIGNER -Px -Z nonsecify -O full -o ${zone} -f ${file} ${file} $zsk > s.out$n 2>&1 || dumpit s.out$n
+$SIGNER -Px -Z nonsecify -O full -o ${zone} -f ${file} ${file} $zsk > s.out$n || dumpit s.out$n
# missing NSEC3 record at empty node
# extract the hash fields from the empty node's NSEC 3 record then fix up
zsk=`$KEYGEN -a rsasha256 ${zone} 2> kg1.out$n` || dumpit kg1.out$n
ksk=`$KEYGEN -a rsasha256 -fK ${zone} 2> kg2.out$n` || dumpit kg2.out$n
cat unsigned.db $ksk.key $zsk.key > $file
-$SIGNER -3 - -P -O full -o ${zone} -f ${file} ${file} $ksk > s.out$n 2>&1 || dumpit s.out$n
+$SIGNER -3 - -P -O full -o ${zone} -f ${file} ${file} $ksk > s.out$n || dumpit s.out$n
a=`awk '$4 == "NSEC3" && NF == 9 { split($1, a, "."); print a[1]; }' ${file}`
b=`awk '$4 == "NSEC3" && NF == 9 { print $9; }' ${file}`
awk '
$4 == "NSEC3" && $9 == "'$a'" { $9 = "'$b'"; print; next; }
$4 == "NSEC3" && NF == 9 { next; }
{ print; }' ${file} > ${file}.tmp
-$SIGNER -3 - -Px -Z nonsecify -O full -o ${zone} -f ${file} ${file}.tmp $zsk > s.out$n 2>&1 || dumpit s.out$n
+$SIGNER -3 - -Px -Z nonsecify -O full -o ${zone} -f ${file} ${file}.tmp $zsk > s.out$n || dumpit s.out$n
# extra NSEC3 record
setup ksk+zsk.nsec3.extra-nsec3 bad
zsk=`$KEYGEN -a rsasha256 ${zone} 2> kg1.out$n` || dumpit kg1.out$n
ksk=`$KEYGEN -a rsasha256 -fK ${zone} 2> kg2.out$n` || dumpit kg2.out$n
cat unsigned.db $ksk.key $zsk.key > $file
-$SIGNER -3 - -P -O full -o ${zone} -f ${file} ${file} $ksk > s.out$n 2>&1 || dumpit s.out$n
+$SIGNER -3 - -P -O full -o ${zone} -f ${file} ${file} $ksk > s.out$n || dumpit s.out$n
awk '
BEGIN {
ZONE="'${zone}'.";
}' ${file} > ${file}.tmp
cat ${file}.tmp >> ${file}
rm -f ${file}.tmp
-$SIGNER -3 - -Px -Z nonsecify -O full -o ${zone} -f ${file} ${file} $zsk > s.out$n 2>&1 || dumpit s.out$n
+$SIGNER -3 - -Px -Z nonsecify -O full -o ${zone} -f ${file} ${file} $zsk > s.out$n || dumpit s.out$n
projects / thirdparty / bind9.git / commitdiff
