1#!/bin/sh 2# 3# Copyright (C) 2013 Internet Systems Consortium, Inc. ("ISC") 4# 5# Permission to use, copy, modify, and/or distribute this software for any 6# purpose with or without fee is hereby granted, provided that the above 7# copyright notice and this permission notice appear in all copies. 8# 9# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 10# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 11# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 12# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 13# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 14# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 15# PERFORMANCE OF THIS SOFTWARE. 16 17# Fetch a copy of a current root signing key; used for testing 18# DNSSEC validation in 'sample'. 19# 20# After running this script, "sample `cat sample.key` <args>" will 21# perform a lookup as specified in <args> and validate the result 22# using the root key. 23# 24# (This is NOT a secure method of obtaining the root key; it is 25# included here for testing purposes only.) 26dig +noall +answer dnskey . | perl -n -e ' 27local ($dn, $ttl, $class, $type, $flags, $proto, $alg, @rest) = split; 28next if ($flags != 257); 29local $key = join("", @rest); 30print "-a $alg -e -k $dn -K $key\n" 31' > sample.key 32