use modern dnssec key algorithm and provide option to use NSEC3

This commit is contained in:
Thomas Sturm
2015-10-25 15:32:44 +01:00
parent 15d61bcefc
commit 3928c7de6a
2 changed files with 12 additions and 4 deletions
+10 -3
View File
@@ -5,7 +5,14 @@ NAME="$2"
DOMAIN="$3"
KEY_DIRECTORY="${4:-${CACHEDIR}/${NAME}}"
RANDOM_DEVICE="$5"
NSEC3_SALT="$6"
PATH=/bin:/sbin:/usr/bin:/usr/sbin
dnssec-keygen -r "${RANDOM_DEVICE}" -K "${KEY_DIRECTORY}" "${DOMAIN}"
dnssec-keygen -r "${RANDOM_DEVICE}" -f KSK -K "${KEY_DIRECTORY}" "${DOMAIN}"
dnssec-signzone -S -d "${CACHEDIR}" -K "${KEY_DIRECTORY}" -o "${DOMAIN}" "${CACHEDIR}/${NAME}/${DOMAIN}"
dnssec-keygen -a RSASHA256 -b 1024 -r "${RANDOM_DEVICE}" -K "${KEY_DIRECTORY}" "${DOMAIN}"
dnssec-keygen -a RSASHA256 -b 2048 -r "${RANDOM_DEVICE}" -f KSK -K "${KEY_DIRECTORY}" "${DOMAIN}"
if [ $NSEC3_SALT != '' ]; then
dnssec-signzone -S -u -3 ${NSEC3_SALT} -d "${CACHEDIR}" -K "${KEY_DIRECTORY}" -o "${DOMAIN}" "${CACHEDIR}/${NAME}/${DOMAIN}"
else
dnssec-signzone -S -d "${CACHEDIR}" -K "${KEY_DIRECTORY}" -o "${DOMAIN}" "${CACHEDIR}/${NAME}/${DOMAIN}"
fi