echo_i "dlv/ns3/sign.sh"
-dlvzone="dlv.utld."
+dlvzone="dlv.utld"
dlvsets=
dssets=
-unsupporteddlvzone="unsupported-algorithm-dlv.utld."
+unsupporteddlvzone="unsupported-algorithm-dlv.utld"
unsupporteddlvsets=
unsupporteddssets=
# Signed zone below unsigned TLD with DLV entry.
-zone=child1.utld.
+zone=child1.utld
infile=child.db.in
zonefile=child1.utld.db
outfile=child1.signed
-dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
+dlvsets="$dlvsets dlvset-${zone}${TP}"
keyname1=`$KEYGEN -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
keyname2=`$KEYGEN -f KSK -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
-dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
+dsfilename=../ns6/dsset-grand.${zone}${TP}
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
$SIGNER -O full -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
# Signed zone below unsigned TLD with DLV entry in DLV zone that is signed
# with a disabled algorithm.
-zone=child3.utld.
+zone=child3.utld
infile=child.db.in
zonefile=child3.utld.db
outfile=child3.signed
keyname1=`$KEYGEN -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
keyname2=`$KEYGEN -f KSK -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
-dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
+dsfilename=../ns6/dsset-grand.${zone}${TP}
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
$SIGNER -O full -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
# Signed zone below unsigned TLD with DLV entry. This one is slightly
# different because its children (the grandchildren) don't have a DS record in
# this zone. The grandchild zones are served by ns6.
-zone=child4.utld.
+zone=child4.utld
infile=child.db.in
zonefile=child4.utld.db
outfile=child4.signed
-dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
+dlvsets="$dlvsets dlvset-${zone}${TP}"
keyname1=`$KEYGEN -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
keyname2=`$KEYGEN -f KSK -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
# Signed zone below unsigned TLD with DLV entry in DLV zone that is signed
# with an unsupported algorithm.
-zone=child5.utld.
+zone=child5.utld
infile=child.db.in
zonefile=child5.utld.db
outfile=child5.signed
-unsupporteddlvsets="$unsupporteddlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
+unsupporteddlvsets="$unsupporteddlvsets dlvset-${zone}${TP}"
keyname1=`$KEYGEN -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
keyname2=`$KEYGEN -f KSK -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
-dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
+dsfilename=../ns6/dsset-grand.${zone}${TP}
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
$SIGNER -O full -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
echo_i "signed $zone"
# Signed zone below unsigned TLD without DLV entry.
-zone=child7.utld.
+zone=child7.utld
infile=child.db.in
zonefile=child7.utld.db
outfile=child7.signed
keyname1=`$KEYGEN -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
keyname2=`$KEYGEN -f KSK -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
-dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
+dsfilename=../ns6/dsset-grand.${zone}${TP}
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
$SIGNER -O full -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
# Signed zone below unsigned TLD without DLV entry and no DS records for the
# grandchildren.
-zone=child8.utld.
+zone=child8.utld
infile=child.db.in
zonefile=child8.utld.db
outfile=child8.signed
echo_i "signed $zone"
# Signed zone below unsigned TLD with DLV entry.
-zone=child9.utld.
+zone=child9.utld
infile=child.db.in
zonefile=child9.utld.db
outfile=child9.signed
-dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
+dlvsets="$dlvsets dlvset-${zone}${TP}"
keyname1=`$KEYGEN -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
keyname2=`$KEYGEN -f KSK -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
# Unsigned zone below an unsigned TLD with DLV entry. We still need to sign
# the zone to generate the DLV set.
-zone=child10.utld.
+zone=child10.utld
infile=child.db.in
zonefile=child10.utld.db
outfile=child10.signed
-dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
+dlvsets="$dlvsets dlvset-${zone}${TP}"
keyname1=`$KEYGEN -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
keyname2=`$KEYGEN -f KSK -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
# Zone signed with an unsupported algorithm with DLV entry.
-zone=unsupported-algorithm.utld.
+zone=unsupported-algorithm.utld
infile=child.db.in
zonefile=unsupported-algorithm.utld.db
outfile=unsupported-algorithm.utld.signed
-dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
+dlvsets="$dlvsets dlvset-${zone}${TP}"
keyname1=`$KEYGEN -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
keyname2=`$KEYGEN -f KSK -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
cp ${keyname2}.key ${keyname2}.tmp
awk '$3 == "DNSKEY" { $6 = 255 } { print }' ${keyname2}.tmp > ${keyname2}.key
-cp dlvset-${zone} dlvset-${zone}tmp
-awk '$3 == "DLV" { $5 = 255 } { print }' dlvset-${zone}tmp > dlvset-${zone}
+cp dlvset-${zone}${TP} dlvset-${zone}tmp
+awk '$3 == "DLV" { $5 = 255 } { print }' dlvset-${zone}tmp > dlvset-${zone}${TP}
echo_i "signed $zone"
# Signed zone below signed TLD with DLV entry and DS set.
-zone=child1.druz.
+zone=child1.druz
infile=child.db.in
zonefile=child1.druz.db
outfile=child1.druz.signed
-dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
-dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
+dlvsets="$dlvsets dlvset-${zone}${TP}"
+dssets="$dssets dsset-${zone}${TP}"
keyname1=`$KEYGEN -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
keyname2=`$KEYGEN -f KSK -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
-dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
+dsfilename=../ns6/dsset-grand.${zone}${TP}
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
$SIGNER -O full -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
# Signed zone below signed TLD with DLV entry and DS set. The DLV zone is
# signed with a disabled algorithm.
-zone=child3.druz.
+zone=child3.druz
infile=child.db.in
zonefile=child3.druz.db
outfile=child3.druz.signed
keyname1=`$KEYGEN -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
keyname2=`$KEYGEN -f KSK -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
-dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
+dsfilename=../ns6/dsset-grand.${zone}${TP}
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
$SIGNER -O full -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
# Signed zone below signed TLD with DLV entry and DS set, but missing
# DS records for the grandchildren.
-zone=child4.druz.
+zone=child4.druz
infile=child.db.in
zonefile=child4.druz.db
outfile=child4.druz.signed
-dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
-dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
+dlvsets="$dlvsets dlvset-${zone}${TP}"
+dssets="$dssets dsset-${zone}${TP}"
keyname1=`$KEYGEN -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
keyname2=`$KEYGEN -f KSK -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
# Signed zone below signed TLD with DLV entry and DS set. The DLV zone is
# signed with an unsupported algorithm algorithm.
-zone=child5.druz.
+zone=child5.druz
infile=child.db.in
zonefile=child5.druz.db
outfile=child5.druz.signed
-unsupporteddlvsets="$unsupporteddlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
-unsupporteddssets="$unsupportedssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
+unsupporteddlvsets="$unsupporteddlvsets dlvset-${zone}${TP}"
+unsupporteddssets="$unsupportedssets dsset-${zone}${TP}"
keyname1=`$KEYGEN -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
keyname2=`$KEYGEN -f KSK -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
-dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
+dsfilename=../ns6/dsset-grand.${zone}${TP}
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
$SIGNER -O full -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
# Signed zone below signed TLD without DLV entry, but with normal DS set.
-zone=child7.druz.
+zone=child7.druz
infile=child.db.in
zonefile=child7.druz.db
outfile=child7.druz.signed
-dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
+dssets="$dssets dsset-${zone}${TP}"
keyname1=`$KEYGEN -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
keyname2=`$KEYGEN -f KSK -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
-dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
+dsfilename=../ns6/dsset-grand.${zone}${TP}
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
$SIGNER -O full -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
# Signed zone below signed TLD without DLV entry and no DS set. Also DS
# records for the grandchildren are not included in the zone.
-zone=child8.druz.
+zone=child8.druz
infile=child.db.in
zonefile=child8.druz.db
outfile=child8.druz.signed
# Signed zone below signed TLD with DLV entry but no DS set. Also DS
# records for the grandchildren are not included in the zone.
-zone=child9.druz.
+zone=child9.druz
infile=child.db.in
zonefile=child9.druz.db
outfile=child9.druz.signed
-dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
+dlvsets="$dlvsets dlvset-${zone}${TP}"
keyname1=`$KEYGEN -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
keyname2=`$KEYGEN -f KSK -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
# Unsigned zone below signed TLD with DLV entry and DS set. We still need to
# sign the zone to generate the DS sets.
-zone=child10.druz.
+zone=child10.druz
infile=child.db.in
zonefile=child10.druz.db
outfile=child10.druz.signed
-dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
-dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
+dlvsets="$dlvsets dlvset-${zone}${TP}"
+dssets="$dssets dsset-${zone}${TP}"
keyname1=`$KEYGEN -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
keyname2=`$KEYGEN -f KSK -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
# DLV zones
infile=dlv.db.in
-for zone in dlv.utld. unsupported-algorithm-dlv.utld.
+for zone in dlv.utld unsupported-algorithm-dlv.utld
do
- zonefile="${zone}db"
- outfile="${zone}signed"
+ zonefile="${zone}.db"
+ outfile="${zone}.signed"
case $zone in
- "dlv.utld.")
+ "dlv.utld")
algorithm=$DEFAULT_ALGORITHM
bits=$DEFAULT_BITS
dlvfiles=$dlvsets
;;
- "unsupported-algorithm-dlv.utld.")
+ "unsupported-algorithm-dlv.utld")
algorithm=$DEFAULT_ALGORITHM
bits=$DEFAULT_BITS
dlvfiles=$unsupporteddlvsets
cat $infile $dlvfiles $keyname1.key $keyname2.key >$zonefile
case $zone in
- "dlv.utld.")
+ "dlv.utld")
$SIGNER -O full -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
keyfile_to_trusted_keys $keyname2 > ../ns5/trusted-dlv.conf
;;
- "unsupported-algorithm-dlv.utld.")
+ "unsupported-algorithm-dlv.utld")
cp ${keyname2}.key ${keyname2}.tmp
$SIGNER -O full -r $RANDFILE -o $zone -f ${outfile}.tmp $zonefile > /dev/null 2> signer.err || cat signer.err
awk '$4 == "DNSKEY" { $7 = 255 } $4 == "RRSIG" { $6 = 255 } { print }' ${outfile}.tmp > $outfile
# A zone that is signed with an unknown DNSKEY algorithm.
# Algorithm 7 is replaced by 100 in the zone and dsset.
#
-zone=dnskey-unknown.example.
+zone=dnskey-unknown.example
infile=dnskey-unknown.example.db.in
zonefile=dnskey-unknown.example.db
awk '$4 == "DNSKEY" { $7 = 100 } $4 == "RRSIG" { $6 = 100 } { print }' ${zonefile}.tmp > ${zonefile}.signed
-DSFILE=dsset-`echo ${zone} |sed -e "s/\.$//g"`$TP
+DSFILE=dsset-${zone}${TP}
$DSFROMKEY -A -f ${zonefile}.signed $zone > $DSFILE
#
# A zone that is signed with an unsupported DNSKEY algorithm (3).
# Algorithm 7 is replaced by 255 in the zone and dsset.
#
-zone=dnskey-unsupported.example.
+zone=dnskey-unsupported.example
infile=dnskey-unsupported.example.db.in
zonefile=dnskey-unsupported.example.db
awk '$4 == "DNSKEY" { $7 = 255 } $4 == "RRSIG" { $6 = 255 } { print }' ${zonefile}.tmp > ${zonefile}.signed
-DSFILE="dsset-$(echo ${zone} |sed -e "s/\\.$//g")$TP"
+DSFILE="dsset-${zone}${TP}"
$DSFROMKEY -A -f ${zonefile}.signed $zone > $DSFILE
#
# A zone with a published unsupported DNSKEY algorithm (Reserved).
# Different from above because this key is not intended for signing.
#
-zone=dnskey-unsupported-2.example.
+zone=dnskey-unsupported-2.example
infile=dnskey-unsupported-2.example.db.in
zonefile=dnskey-unsupported-2.example.db
# A zone with a unknown DNSKEY algorithm + unknown NSEC3 hash algorithm (-U).
# Algorithm 7 is replaced by 100 in the zone and dsset.
#
-zone=dnskey-nsec3-unknown.example.
+zone=dnskey-nsec3-unknown.example
infile=dnskey-nsec3-unknown.example.db.in
zonefile=dnskey-nsec3-unknown.example.db
awk '$4 == "DNSKEY" { $7 = 100; print } $4 == "RRSIG" { $6 = 100; print } { print }' ${zonefile}.tmp > ${zonefile}.signed
-DSFILE=dsset-`echo ${zone} |sed -e "s/\.$//g"`$TP
+DSFILE=dsset-${zone}${TP}
$DSFROMKEY -A -f ${zonefile}.signed $zone > $DSFILE
#
projects / thirdparty / bind9.git / commitdiff
