+++ /dev/null
-#!/bin/sh
-# Copyright (C) 2015 Internet Systems Consortium, Inc. ("ISC")
-#
-# Permission to use, copy, modify, and/or distribute this software for any
-# purpose with or without fee is hereby granted, provided that the above
-# copyright notice and this permission notice appear in all copies.
-#
-# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
-# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
-# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-# PERFORMANCE OF THIS SOFTWARE.
-#
-# Original script contributed by Jeffry A. Spain <spainj@countryday.net>
-
-HELP="
-Generates a set of <count> successive DNSSEC keys for <zone>
-Key timings are based on a pre-publication rollover strategy
-
- <life> (lifetime) is the key active lifetime in days [default 180]
- <intro> (introduction time) is the number of days from publication
- to activation of a key [default 30]
- <ret> (retirement time) is the number of days from inactivation
- to deletion of a key [default 30]
-
-Options:
- -a <alg> Cryptographic algorithm. See man dnssec-keygen for defaults.
- -b <bits> Number of bits in the key. See man dnssec-keygen for defaults.
- -k if present, generate Key Signing Keys (KSKs). Otherwise,
- generate Zone Signing Keys (ZSKs).
- -3 If present and if -a is not specified, use an NSEC3-
- capable algorithm. See man dnssec-keygen for defaults.
- -i <date> Inception date of the set of keys, in 'mm/dd/yyyy' format.
- The first two keys will be published by this date, and the
- first one will be activated. Default is today.
- -f <index> Index of first key generated. Defaults to 0.
- -K <dir> Key repository: write keys to this directory. Defaults to CWD.
- -d Dry run. No actual keys generated if present."
-
-USAGE="Usage:
-`basename $0` [-a <alg>] [-b <bits>] [-k] [-3] [-i <date>]
- [-f <index>] [-d] <zone> <count> [<life>] [<intro>] [<ret>]"
-
-ALGFLAG=''
-BITSFLAG=''
-KSKFLAG=''
-NSEC3FLAG=''
-KEYREPO=''
-DRYRUN=false
-OPTKSK=false
-K=0
-INCEP=`date +%m/%d/%Y`
-
-# Parse command line options
-while getopts ":a:b:df:hkK:3i:" thisOpt
-do
- case $thisOpt in
- a)
- ALGFLAG=" -a $OPTARG"
- ;;
- b)
- BITSFLAG=" -b $OPTARG"
- ;;
- d)
- DRYRUN=true
- ;;
- f)
- OPTKSK=true
- K=$OPTARG
- ;;
- h)
- echo "$USAGE"
- echo "$HELP"
- exit 0
- ;;
- k)
- KSKFLAG=" -f KSK"
- ;;
- K)
- KEYREPO=$OPTARG
- ;;
- 3)
- NSEC3FLAG=" -3"
- ;;
- i)
- INCEP=$OPTARG
- ;;
- *)
- echo 'Unrecognized option.'
- echo "$USAGE"
- exit 1
- ;;
- esac
-done
-shift `expr $OPTIND - 1`
-
-# Check that required arguments are present
-if [ $# -gt 5 -o $# -lt 2 ]; then
- echo "$USAGE"
- exit 1
-fi
-
-# Remaining arguments:
-# DNS zone name
-ZONE=$1
-shift
-
-# Number of keys to be generated
-COUNT=$1
-shift
-
-# Key active lifetime
-LIFE=${1:-180}
-[ $# -ne 0 ] && shift
-
-# Key introduction time (publication to activation)
-INTRO=${1:-30}
-[ $# -ne 0 ] && shift
-
-# Key retirement time (inactivation to deletion)
-RET=${1:-30}
-
-# Today's date in dnssec-keygen format (YYYYMMDD)
-TODAY=`date +%Y%m%d`
-
-# Key repository defaults to CWD
-if [ -z "$KEYREPO" ]; then
- KEYREPO="."
-fi
-
-if $DRYRUN; then
- echo 'Dry Run (no key files generated)'
-elif [ ! -d "$KEYREPO" ]; then
- # Create the key repository if it does not currently exist
- mkdir -p "$KEYREPO"
-fi
-
-# Iterate through the key set. K is the index, zero-based.
-KLAST=`expr $K + $COUNT`
-while [ $K -lt $KLAST ]; do
- KEYLABEL="Key `printf \"%02d\" $K`:"
- # Epoch of the current key
- # (zero for the first key, increments of key lifetime)
- # The epoch is in days relative to the inception date of the key set
- EPOCH=`expr $LIFE \* $K`
- # Activation date in days is the same as the epoch
- ACTIVATE=$EPOCH
- # Publication date in days relative to the key epoch
- PUBLISH=`expr $EPOCH - $LIFE - $INTRO`
- # Inactivation date in days relative to the key epoch
- INACTIVE=`expr $EPOCH + $LIFE`
- # Deletion date in days relative to the key epoch
- DELETE=`expr $EPOCH + $LIFE + $RET`
-
- # ... these values should not precede the key epoch
- [ $ACTIVATE -lt 0 ] && ACTIVATE=0
- [ $PUBLISH -lt 0 ] && PUBLISH=0
- [ $INACTIVE -lt 0 ] && INACTIVE=0
- [ $DELETE -lt 0 ] && DELETE=0
-
- # Key timing dates in dnssec-keygen format (YYYYMMDD):
- # publication, activation, inactivation, deletion
- PDATE=`date -d "$INCEP +$PUBLISH day" +%Y%m%d`
- ADATE=`date -d "$INCEP +$ACTIVATE day" +%Y%m%d`
- IDATE=`date -d "$INCEP +$INACTIVE day" +%Y%m%d`
- DDATE=`date -d "$INCEP +$DELETE day" +%Y%m%d`
-
- # Construct the dnssec-keygen command including all the specified options.
- # Suppress key generation progress information, and save the key in
- # the $KEYREPO directory.
- KEYGENCMD="dnssec-keygen -q$ALGFLAG$BITSFLAG$NSEC3FLAG$KSKFLAG -P $PDATE -A $ADATE -I $IDATE -D $DDATE -K $KEYREPO $ZONE"
- echo "$KEYLABEL $KEYGENCMD"
-
- # Generate the key and retrieve its name
- if $DRYRUN; then
- KEYNAME="DryRunKey-`printf \"%02d\" $K`"
- else
- KEYNAME=`$KEYGENCMD`
- fi
-
- # Indicate the key status based on key timing dates relative to today
- if [ $TODAY -ge $DDATE ]; then
- echo "$KEYLABEL $KEYNAME is obsolete post deletion date."
- elif [ $TODAY -ge $IDATE ]; then
- echo "$KEYLABEL $KEYNAME is published and inactive prior to deletion date."
- elif [ $TODAY -ge $ADATE ]; then
- echo "$KEYLABEL $KEYNAME is published and active."
- elif [ $TODAY -ge $PDATE ]; then
- echo "$KEYLABEL $KEYNAME is published prior to activation date."
- else
- echo "$KEYLABEL $KEYNAME is pending publication."
- fi
-
- # For published KSKs, generate the required DS records,
- # saving them to the file $KEYREPO/DS-$KEYNAME
- if $OPTKSK && [ $TODAY -ge $PDATE -a $TODAY -lt $DDATE ]; then
- echo "$KEYLABEL $KEYNAME (KSK) requires the publication of DS records in the parent zone."
- if $DRYRUN; then
- echo "$KEYLABEL No DS-$KEYNAME file created."
- else
- dnssec-dsfromkey "$KEYREPO/$KEYNAME" > "$KEYREPO/DS-$KEYNAME"
- echo "$KEYLABEL See $KEYREPO/DS-$KEYNAME."
- fi
- fi
- K=`expr $K + 1`
-done
-
-exit 0
+++ /dev/null
-#!/bin/sh
-#
-# Portions Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-#
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, you can obtain one at https://mozilla.org/MPL/2.0/.
-#
-# See the COPYRIGHT file distributed with this work for additional
-# information regarding copyright ownership.
-
-# $NetBSD: named-bootconf.sh,v 1.5 1998/12/15 01:00:53 tron Exp $
-#
-# Copyright (c) 1995, 1998 The NetBSD Foundation, Inc.
-# All rights reserved.
-#
-# This code is derived from software contributed to The NetBSD Foundation
-# by Matthias Scheler.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-# 1. Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in the
-# documentation and/or other materials provided with the distribution.
-#
-# THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
-# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
-# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
-# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-# POSSIBILITY OF SUCH DAMAGE.
-
-if [ ${OPTIONFILE-X} = X ]; then
- WORKDIR=/tmp/`date +%s`.$$
- ( umask 077 ; mkdir $WORKDIR ) || {
- echo "unable to create work directory '$WORKDIR'" >&2
- exit 1
- }
- OPTIONFILE=$WORKDIR/options
- ZONEFILE=$WORKDIR/zones
- COMMENTFILE=$WORKDIR/comments
- export OPTIONFILE ZONEFILE COMMENTFILE
- touch $OPTIONFILE $ZONEFILE $COMMENTFILE
- DUMP=1
-else
- DUMP=0
-fi
-
-while read CMD ARGS; do
- class=
- CMD=`echo "${CMD}" | tr '[A-Z]' '[a-z]'`
- case $CMD in
- \; )
- echo \# $ARGS >>$COMMENTFILE
- ;;
- cache )
- set - X $ARGS
- shift
- if [ $# -eq 2 ]; then
- (echo ""
- cat $COMMENTFILE
- echo "zone \"$1\" {"
- echo " type hint;"
- echo " file \"$2\";"
- echo "};") >>$ZONEFILE
- rm -f $COMMENTFILE
- touch $COMMENTFILE
- fi
- ;;
- directory )
- set - X $ARGS
- shift
- if [ $# -eq 1 ]; then
- (cat $COMMENTFILE
- echo " directory \"$1\";") >>$OPTIONFILE
- rm -f $COMMENTFILE
- touch $COMMENTFILE
-
- DIRECTORY=$1
- export DIRECTORY
- fi
- ;;
- forwarders )
- (cat $COMMENTFILE
- echo " forwarders {"
- for ARG in $ARGS; do
- echo " $ARG;"
- done
- echo " };") >>$OPTIONFILE
- rm -f $COMMENTFILE
- touch $COMMENTFILE
- ;;
- include )
- if [ "$ARGS" != "" ]; then
- (cd ${DIRECTORY-.}; cat $ARGS) | $0
- fi
- ;;
- limit )
- ARGS=`echo "${ARGS}" | tr '[A-Z]' '[a-z]'`
- set - X $ARGS
- shift
- if [ $# -eq 2 ]; then
- cat $COMMENTFILE >>$OPTIONFILE
- case $1 in
- datasize | files | transfers-in | transfers-per-ns )
- echo " $1 $2;" >>$OPTIONFILE
- ;;
- esac
- rm -f $COMMENTFILE
- touch $COMMENTFILE
- fi
- ;;
- options )
- ARGS=`echo "${ARGS}" | tr '[A-Z]' '[a-z]'`
- cat $COMMENTFILE >>$OPTIONFILE
- for ARG in $ARGS; do
- case $ARG in
- fake-iquery )
- echo " fake-iquery yes;" >>$OPTIONFILE
- ;;
- forward-only )
- echo " forward only;" >>$OPTIONFILE
- ;;
- no-fetch-glue )
- echo " fetch-glue no;" >>$OPTIONFILE
- ;;
- no-recursion )
- echo " recursion no;" >>$OPTIONFILE
- ;;
- esac
- done
- rm -f $COMMENTFILE
- touch $COMMENTFILE
- ;;
- primary|primary/* )
- case $CMD in
- primary/chaos )
- class="chaos "
- ;;
- primary/hs )
- class="hesiod "
- ;;
- esac
- set - X $ARGS
- shift
- if [ $# -eq 2 ]; then
- (echo ""
- cat $COMMENTFILE
- echo "zone \"$1\" ${class}{"
- echo " type master;"
- echo " file \"$2\";"
- echo "};") >>$ZONEFILE
- rm -f $COMMENTFILE
- touch $COMMENTFILE
- fi
- ;;
- secondary|secondary/* )
- case $CMD in
- secondary/chaos )
- class="chaos "
- ;;
- secondary/hs )
- class="hesiod "
- ;;
- esac
- set - X $ARGS
- shift
- if [ $# -gt 2 ]; then
- ZONE=$1
- shift
- PRIMARIES=$1
- while [ $# -gt 2 ]; do
- shift
- PRIMARIES="$PRIMARIES $1"
- done
- (echo ""
- cat $COMMENTFILE
- echo "zone \"$ZONE\" ${class}{"
- echo " type slave;"
- echo " file \"$2\";"
- echo " masters {"
- for PRIMARY in $PRIMARIES; do
- echo " $PRIMARY;"
- done
- echo " };"
- echo "};") >>$ZONEFILE
- rm -f $COMMENTFILE
- touch $COMMENTFILE
- fi
- ;;
- stub|stub/* )
- case $CMD in
- stub/chaos )
- class="chaos "
- ;;
- stub/hs )
- class="hesiod "
- ;;
- esac
- set - X $ARGS
- shift
- if [ $# -gt 2 ]; then
- ZONE=$1
- shift
- PRIMARIES=$1
- while [ $# -gt 2 ]; do
- shift
- PRIMARIES="$PRIMARIES $1"
- done
- (echo ""
- cat $COMMENTFILE
- echo "zone \"$ZONE\" ${class}{"
- echo " type stub;"
- echo " file \"$2\";"
- echo " masters {"
- for PRIMARY in $PRIMARIES; do
- echo " $PRIMARY;"
- done
- echo " };"
- echo "};") >>$ZONEFILE
- rm -f $COMMENTFILE
- touch $COMMENTFILE
- fi
- ;;
- slave )
- cat $COMMENTFILE >>$OPTIONFILE
- echo " forward only;" >>$OPTIONFILE
- rm -f $COMMENTFILE
- touch $COMMENTFILE
- ;;
- sortlist )
- (cat $COMMENTFILE
- echo " topology {"
- for ARG in $ARGS; do
- case $ARG in
- *.0.0.0 )
- echo " $ARG/8;"
- ;;
- *.0.0 )
- echo " $ARG/16;"
- ;;
- *.0 )
- echo " $ARG/24;"
- ;;
- * )
- echo " $ARG;"
- ;;
- esac
- done
- echo " };") >>$OPTIONFILE
- rm -f $COMMENTFILE
- touch $COMMENTFILE
- ;;
- tcplist | xfrnets )
- (cat $COMMENTFILE
- echo " allow-transfer {"
- for ARG in $ARGS; do
- case $ARG in
- *.0.0.0 )
- echo " $ARG/8;"
- ;;
- *.0.0 )
- echo " $ARG/16;"
- ;;
- *.0 )
- echo " $ARG/24;"
- ;;
- * )
- echo " $ARG;"
- ;;
- esac
- done
- echo " };") >>$OPTIONFILE
- rm -f $COMMENTFILE
- touch $COMMENTFILE
- ;;
- esac
-done
-
-if [ $DUMP -eq 1 ]; then
- echo ""
- echo "options {"
- cat $OPTIONFILE
- echo "};"
- cat $ZONEFILE $COMMENTFILE
-
- rm -f $OPTIONFILE $ZONEFILE $COMMENTFILE
- rmdir $WORKDIR
-fi
-
-exit 0
./contrib/scripts/catzhash.py X 2020,2021
./contrib/scripts/check-secure-delegation.pl.in PERL 2010,2012,2014,2016,2018,2019,2020
./contrib/scripts/check5011.pl X 2013,2014,2017,2018,2019,2020,2021
-./contrib/scripts/dnssec-keyset.sh X 2015,2018,2019,2020,2021
-./contrib/scripts/named-bootconf.sh SH.PORTION 1999,2000,2001,2004,2006,2007,2012,2014,2016,2018,2019,2020,2021
./contrib/scripts/nanny.pl PERL 2000,2001,2004,2007,2012,2014,2016,2018,2019,2020,2021
./contrib/scripts/zone-edit.sh.in SH 2010,2012,2014,2016,2018,2019,2020
./dangerfile.py PYTHON 2020,2021
projects / thirdparty / bind9.git / commitdiff
