# # script to demonstrate sigining a sample zone with the generated keybundles # if [ -z "$DOMAIN" ]; then echo "You must \"export DOMAIN=yourdomain\" first"; exit 1; fi export PKCS11_LIBRARY_PATH="/opt/dccom/lib/opensc-pkcs11.so" read -s -p "HSM PIN: " PKCS11_LIBRARY_PIN echo "" export PKCS11_LIBRARY_PIN killall named signem-sc 2>/dev/null rm -rf /tmp/namedb pwd=`pwd` cd /tmp mkdir namedb cd namedb mkdir log data master slave keys kc if [ "$TEST" ]; then ttl=337; else ttl=3600; fi cd slave dn="$DOMAIN" echo "\$TTL $ttl" > $dn.zone echo "@ IN SOA ns1.$dn. your@email.address. (" >> $dn.zone echo " 2012091100 ; Serial" >> $dn.zone echo " 10m ; Refresh" >> $dn.zone echo " 5m ; Retry" >> $dn.zone echo " 2w ; Expire" >> $dn.zone echo " $ttl ) ; Negative" >> $dn.zone echo " IN NS ns1.$dn. ; master" >> $dn.zone echo " IN NS ns2.$dn. ; slave" >> $dn.zone echo "ns1 IN A 10.10.35.1" >> $dn.zone echo "ns2 IN A 10.10.35.2" >> $dn.zone echo "www IN A 10.10.35.3 ; your own IP" >> $dn.zone cd .. cp -p slave/$dn.zone master/ echo "options {" > named.conf echo " directory \"/tmp/namedb\";" >> named.conf echo " dump-file \"data/cache_dump.db\";" >> named.conf echo " statistics-file \"data/named_stats.txt\";" >> named.conf echo " memstatistics-file \"data/named_mem_stats.txt\";" >> named.conf echo " listen-on port 53 { any; };" >> named.conf echo " allow-query { any; };" >> named.conf echo " recursion no;" >> named.conf echo "};" >> named.conf echo "zone $dn {" >> named.conf echo " type master;" >> named.conf echo " file \"master/$dn.zone\";" >> named.conf echo "};" >> named.conf rndc-confgen -a -r /dev/urandom if [ $? -ne 0 ]; then exit 1; fi chmod +r /etc/rndc.key cp -p $pwd/[0-9]*.$dn.keybundle.tar.gz kc/ inckbs-sc $dn kc if [ $? -ne 0 ]; then exit 1; fi signemd-sc $dn sleep 9 named -c named.conf if [ $? -ne 0 ]; then exit 1; fi sleep 5 dig +dnssec -t dnskey $dn @127.0.0.1 echo "See /tmp/namedb/signemd-sc.out for live signer process output." # # end #