summaryrefslogtreecommitdiffstats
path: root/bin/tests/system/synthfromdnssec/ns1/sign.sh
blob: 9f699a05faa0211637b1065be30bfbf3b51ffcb7 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76

#!/bin/sh -e

# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# SPDX-License-Identifier: MPL-2.0
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0.  If a copy of the MPL was not distributed with this
# file, you can obtain one at https://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.

# shellcheck source=conf.sh
. ../../conf.sh

zone=example
infile=example.db.in
zonefile=example.db

keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone)
cat "$infile" "$keyname.key" > "$zonefile"
echo insecure NS ns1.insecure >> "$zonefile"
echo ns1.insecure A 10.53.0.1 >> "$zonefile"

$SIGNER -P -o $zone $zonefile > /dev/null

zone=insecure.example
infile=example.db.in
zonefile=insecure.example.db

keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone)
cat "$infile" "$keyname.key" > "$zonefile"

$SIGNER -P -o $zone $zonefile > /dev/null

zone=dnamed
infile=dnamed.db.in
zonefile=dnamed.db

keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone)
cat "$infile" "$keyname.key" > "$zonefile"

$SIGNER -P -o $zone $zonefile > /dev/null

zone=minimal
infile=minimal.db.in
zonefile=minimal.db

keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone)
cat "$infile" "$keyname.key" > "$zonefile"

# do not regenerate NSEC chain as there in a minimal NSEC record present
$SIGNER -P -Z nonsecify -o $zone $zonefile > /dev/null

zone=soa-without-dnskey
infile=soa-without-dnskey.db.in
zonefile=soa-without-dnskey.db

keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone)
cat "$infile" "$keyname.key" > "$zonefile"

# do not regenerate NSEC chain as there in a minimal NSEC record present
$SIGNER -P -Z nonsecify -o $zone $zonefile > /dev/null

zone=.
infile=root.db.in
zonefile=root.db

keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -b ${DEFAULT_BITS} -n zone $zone)
cat "$infile" "$keyname.key" > "$zonefile"

$SIGNER -P -g -o $zone $zonefile > /dev/null

# Configure the resolving server with a static key.
keyfile_to_static_ds "$keyname" > trusted.conf
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-03 18:09:23 +0000