Add support for DNSSEC signed zones (breaking)
This adds a 'dnssec' parameter to the bind::zone define which causes the module to generate keys and sign the zone. Some caveats and breaking changes: 1) Existing non-signed zones will have to be manually moved and signed 2) Signed zones are treated as dynamic
This commit is contained in:
@@ -0,0 +1,9 @@
|
||||
#!/bin/bash
|
||||
|
||||
CACHEDIR="$1"
|
||||
NAME="$2"
|
||||
DOMAIN="$3"
|
||||
PATH=/bin:/sbin:/usr/bin:/usr/sbin
|
||||
dnssec-keygen -K "${CACHEDIR}/${NAME}" "${DOMAIN}"
|
||||
dnssec-keygen -f KSK -K "${CACHEDIR}/${NAME}" "${DOMAIN}"
|
||||
dnssec-signzone -S -d "${CACHEDIR}" -K "${CACHEDIR}/${NAME}" -o "${DOMAIN}" "${CACHEDIR}/${NAME}/${DOMAIN}"
|
||||
Reference in New Issue
Block a user