f30747d10b
This adds a 'dnssec' parameter to the bind::zone define which causes the module to generate keys and sign the zone. Some caveats and breaking changes: 1) Existing non-signed zones will have to be manually moved and signed 2) Signed zones are treated as dynamic
10 lines
301 B
Bash
10 lines
301 B
Bash
#!/bin/bash
|
|
|
|
CACHEDIR="$1"
|
|
NAME="$2"
|
|
DOMAIN="$3"
|
|
PATH=/bin:/sbin:/usr/bin:/usr/sbin
|
|
dnssec-keygen -K "${CACHEDIR}/${NAME}" "${DOMAIN}"
|
|
dnssec-keygen -f KSK -K "${CACHEDIR}/${NAME}" "${DOMAIN}"
|
|
dnssec-signzone -S -d "${CACHEDIR}" -K "${CACHEDIR}/${NAME}" -o "${DOMAIN}" "${CACHEDIR}/${NAME}/${DOMAIN}"
|