Parameterize the random device for dnssec-keygen
`dnssec-keygen` uses `/dev/random` by default, but this is slow in some scenarios where `/dev/urandom` is both faster and provides sufficient utility. Allow override via the `bind::random_device` hiera key.
This commit is contained in:
+3
-2
@@ -4,7 +4,8 @@ CACHEDIR="$1"
|
||||
NAME="$2"
|
||||
DOMAIN="$3"
|
||||
KEY_DIRECTORY="${4:-${CACHEDIR}/${NAME}}"
|
||||
RANDOM_DEVICE="$5"
|
||||
PATH=/bin:/sbin:/usr/bin:/usr/sbin
|
||||
dnssec-keygen -K "${KEY_DIRECTORY}" "${DOMAIN}"
|
||||
dnssec-keygen -f KSK -K "${KEY_DIRECTORY}" "${DOMAIN}"
|
||||
dnssec-keygen -r "${RANDOM_DEVICE}" -K "${KEY_DIRECTORY}" "${DOMAIN}"
|
||||
dnssec-keygen -r "${RANDOM_DEVICE}" -f KSK -K "${KEY_DIRECTORY}" "${DOMAIN}"
|
||||
dnssec-signzone -S -d "${CACHEDIR}" -K "${KEY_DIRECTORY}" -o "${DOMAIN}" "${CACHEDIR}/${NAME}/${DOMAIN}"
|
||||
|
||||
Reference in New Issue
Block a user