result = named_server_flushnode(named_g_server, lex, true);
} else if (command_compare(command, NAMED_COMMAND_FREEZE)) {
result = named_server_freeze(named_g_server, true, lex, text);
+ } else if (command_compare(command, NAMED_COMMAND_SKR)) {
+ result = named_server_skr(named_g_server, lex, text);
} else if (command_compare(command, NAMED_COMMAND_LOADKEYS) ||
command_compare(command, NAMED_COMMAND_SIGN))
{
#define NAMED_COMMAND_SHOWZONE "showzone"
#define NAMED_COMMAND_SIGN "sign"
#define NAMED_COMMAND_SIGNING "signing"
+#define NAMED_COMMAND_SKR "skr"
#define NAMED_COMMAND_STATUS "status"
#define NAMED_COMMAND_STOP "stop"
#define NAMED_COMMAND_SYNC "sync"
isc_result_t
named_server_fetchlimit(named_server_t *server, isc_lex_t *lex,
isc_buffer_t **text);
+
+/*%
+ * Import SKR file for offline KSK signing.
+ */
+isc_result_t
+named_server_skr(named_server_t *server, isc_lex_t *lex, isc_buffer_t **text);
return (result);
}
+
+isc_result_t
+named_server_skr(named_server_t *server, isc_lex_t *lex, isc_buffer_t **text) {
+ isc_result_t result = ISC_R_SUCCESS;
+ dns_zone_t *zone = NULL;
+ dns_kasp_t *kasp = NULL;
+ const char *ptr;
+ char skrfile[PATH_MAX];
+
+ /* Skip the command name. */
+ ptr = next_token(lex, text);
+ if (ptr == NULL) {
+ return (ISC_R_UNEXPECTEDEND);
+ }
+
+ /* Find out what we are to do. */
+ ptr = next_token(lex, text);
+ if (ptr == NULL) {
+ return (ISC_R_UNEXPECTEDEND);
+ }
+
+ if (strcasecmp(ptr, "-import") != 0) {
+ CHECK(DNS_R_SYNTAX);
+ }
+
+ ptr = next_token(lex, NULL);
+ if (ptr == NULL) {
+ return (ISC_R_UNEXPECTEDEND);
+ }
+ (void)snprintf(skrfile, sizeof(skrfile), "%s", ptr);
+
+ CHECK(zone_from_args(server, lex, NULL, &zone, NULL, text, false));
+ if (zone == NULL) {
+ CHECK(ISC_R_UNEXPECTEDEND);
+ }
+ kasp = dns_zone_getkasp(zone);
+ if (kasp == NULL) {
+ CHECK(putstr(text, "zone does not have a dnssec-policy"));
+ CHECK(putnull(text));
+ goto cleanup;
+ }
+
+ if (!dns_kasp_offlineksk(kasp)) {
+ CHECK(putstr(text, "zone does not have offline-ksk enabled"));
+ CHECK(putnull(text));
+ goto cleanup;
+ }
+
+ CHECK(putstr(text, "import command not implemented"));
+ CHECK(putnull(text));
+
+cleanup:
+ if (zone != NULL) {
+ dns_zone_detach(&zone);
+ }
+
+ return (result);
+}
halt Stop the server without saving pending updates.\n\
halt -p Stop the server without saving pending updates reporting\n\
process id.\n\
+ skr -import file zone [class [view]]\n\
+ Import a SKR file for the specified zone, for offline KSK\n\
+ signing.\n\
loadkeys zone [class [view]]\n\
Update keys without signing immediately.\n\
managed-keys refresh [class [view]]\n\
See also :option:`rndc stop`.
+.. option:: skr -import file zone [class [view]]
+
+ This command allows you to import a SKR file for the specified zone, to
+ support offline KSK signing.
+
.. option:: loadkeys [zone [class [view]]]
This command fetches all DNSSEC keys for the given zone from the key directory. If
projects / thirdparty / bind9.git / commitdiff
