1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
|
#!/bin/sh
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# SPDX-License-Identifier: MPL-2.0
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, you can obtain one at https://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
. ../../conf.sh
zone=signing.test
rm -rf keys/signing.test
mkdir -p keys/signing.test
timetodnssec() {
$PERL -e 'my ($S,$M,$H,$d,$m,$y,$x) = gmtime(@ARGV[0]);
printf("%04u%02u%02u%02u%02u%02u\n", $y+1900,$m+1,$d,$H,$M,$S);' ${1}
}
KEYDIR=keys/signing.test
KSK=$($KEYGEN -a RSASHA256 -K $KEYDIR -q -f KSK $zone)
ZSK0=$($KEYGEN -a RSASHA256 -K $KEYDIR -q $zone)
ZSK1=$($KEYGEN -a RSASHA256 -K $KEYDIR -q $zone)
ZSK2=$($KEYGEN -a RSASHA256 -K $KEYDIR -q $zone)
ZSK3=$($KEYGEN -a RSASHA256 -K $KEYDIR -q $zone)
ZSK4=$($KEYGEN -a RSASHA256 -K $KEYDIR -q $zone)
ZSK5=$($KEYGEN -a RSASHA256 -K $KEYDIR -q $zone)
ZSK6=$($KEYGEN -a RSASHA256 -K $KEYDIR -q $zone)
ZSK7=$($KEYGEN -a RSASHA256 -K $KEYDIR -q $zone)
ZSK8=$($KEYGEN -a RSASHA256 -K $KEYDIR -q $zone)
ZSK9=$($KEYGEN -a RSASHA256 -K $KEYDIR -q $zone)
# clear all times on all keys
for FILEN in keys/signing.test/*.key
do
$SETTIME -P none -A none -R none -I none -D none $FILEN
done
BASE=$(date +%s)
BASET=$(timetodnssec $BASE)
# reset the publish and activation time on the KSK
$SETTIME -P $BASET -A $BASET $KEYDIR/$KSK
# reset the publish and activation time on the first ZSK
$SETTIME -P $BASET -A $BASET $KEYDIR/$ZSK0
# schedule the first roll
R1=$((BASE + 50))
R1T=$(timetodnssec $R1)
$SETTIME -I $R1T $KEYDIR/$ZSK0
$SETTIME -P $BASET -A $R1T $KEYDIR/$ZSK1
# schedule the second roll (which includes the delete of the first key)
R2=$((R1 + 50))
R2T=$(timetodnssec $R2)
DT=$R2
DTT=$(timetodnssec $DT)
$SETTIME -D $DTT $KEYDIR/$ZSK0
$SETTIME -I $R2T $KEYDIR/$ZSK1
$SETTIME -P $R1T -A $R2T $KEYDIR/$ZSK2
# schedule the third roll
R3=$((R2 + 25))
R3T=$(timetodnssec $R3)
$SETTIME -D $R3T $KEYDIR/$ZSK1
$SETTIME -I $R3T $KEYDIR/$ZSK2
$SETTIME -P $R2T -A $R3T $KEYDIR/$ZSK3
$SETTIME -P $R3T $KEYDIR/$ZSK4
echo KSK=$KSK
echo ZSK0=$ZSK0
echo ZSK1=$ZSK1
echo ZSK2=$ZSK2
echo ZSK3=$ZSK3
echo ZSK4=$ZSK4
exit
# schedule the fourth roll
# this isn't long enough for the signing to complete and would result in
# duplicate signatures, see
# https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/231#note_9597
R4=$((R3 + 10))
R4T=$(timetodnssec $R4)
$SETTIME -D $R4T $KEYDIR/$ZSK2
$SETTIME -I $R4T $KEYDIR/$ZSK3
$SETTIME -P $R3T -A $R4T $KEYDIR/$ZSK4
|
