e25dbfc529
`dnssec-keygen` uses `/dev/random` by default, but this is slow in some scenarios where `/dev/urandom` is both faster and provides sufficient utility. Allow override via the `bind::random_device` hiera key.
12 lines
397 B
Bash
12 lines
397 B
Bash
#!/bin/bash
|
|
|
|
CACHEDIR="$1"
|
|
NAME="$2"
|
|
DOMAIN="$3"
|
|
KEY_DIRECTORY="${4:-${CACHEDIR}/${NAME}}"
|
|
RANDOM_DEVICE="$5"
|
|
PATH=/bin:/sbin:/usr/bin:/usr/sbin
|
|
dnssec-keygen -r "${RANDOM_DEVICE}" -K "${KEY_DIRECTORY}" "${DOMAIN}"
|
|
dnssec-keygen -r "${RANDOM_DEVICE}" -f KSK -K "${KEY_DIRECTORY}" "${DOMAIN}"
|
|
dnssec-signzone -S -d "${CACHEDIR}" -K "${KEY_DIRECTORY}" -o "${DOMAIN}" "${CACHEDIR}/${NAME}/${DOMAIN}"
|