Changeset 1265
- Timestamp:
- 03/16/10 15:08:07 (5 months ago)
- Location:
- trunk/unxsBind/tools/dnssec
- Files:
-
- 1 added
- 1 modified
-
ReSignParentZone.sh (added)
-
SignZone.sh (modified) (3 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/unxsBind/tools/dnssec/SignZone.sh
r1252 r1265 50 50 fi 51 51 52 #This will keep signing the zone over and over with more keys. 53 #As long as the system has not generated another zone db file on us. 54 cat $cKSKKey.key $cZSKKey.key >> $2; 52 cp $2 $2.tmp; 53 if [ $? != 0 ];then 54 echo "cp $2.tmp error"; 55 exit 1; 56 fi 57 58 cat $cKSKKey.key $cZSKKey.key >> $2.tmp; 55 59 if [ $? != 0 ];then 56 60 echo "cat $cKSKKey $cZSKKey error"; … … 78 82 fi 79 83 80 /usr/sbin/dnssec-signzone -o $1 -k /usr/local/idns/keys/$cKSKKey.key $2 /usr/local/idns/keys/$cZSKKey.key;84 /usr/sbin/dnssec-signzone -o $1 -k /usr/local/idns/keys/$cKSKKey.key $2.tmp /usr/local/idns/keys/$cZSKKey.key; 81 85 if [ $? != 0 ];then 82 echo "/usr/sbin/dnssec-signzone -D /usr/local/idns/keys/ -o $1 -k /usr/local/idns/keys/$cKSKKey $2 /usr/local/idns/keys/$cZSKKey (error)"; 86 echo "/usr/sbin/dnssec-signzone -D /usr/local/idns/keys/ -o $1 -k /usr/local/idns/keys/$cKSKKey $2.tmp /usr/local/idns/keys/$cZSKKey (error)"; 87 rm -f /usr/local/idns/keys/K$1*.key; 88 rm -f /usr/local/idns/keys/K$1*.private; 83 89 exit 1; 84 90 fi 91 #unexpected error leave keys for now 85 92 if [ ! -f $2.signed ];then 86 93 echo "/usr/sbin/dnssec-signzone error2"; 94 #rm -f /usr/local/idns/keys/K$1*.key; 95 #rm -f /usr/local/idns/keys/K$1*.private; 87 96 exit 1; 88 97 fi 98 99 rm -f $2.tmp; 89 100 90 101 mv dsset-$1* /usr/local/idns/keys/; … … 101 112 102 113 103 #We can remove the keys since they are in the .signed and the zone db files.104 #We keep the private keys however for resigning with same KSK (ZSK rollover).105 rm -f /usr/local/idns/keys/K$1*.key;106 107 114 #Note we assume that the default rndc key is setup correctly here. 108 115 /usr/sbin/rndc reload > /dev/null 2>&1;
