1#!/bin/sh -e 2 3# Copyright (C) Internet Systems Consortium, Inc. ("ISC") 4# 5# SPDX-License-Identifier: MPL-2.0 6# 7# This Source Code Form is subject to the terms of the Mozilla Public 8# License, v. 2.0. If a copy of the MPL was not distributed with this 9# file, you can obtain one at https://mozilla.org/MPL/2.0/. 10# 11# See the COPYRIGHT file distributed with this work for additional 12# information regarding copyright ownership. 13 14. ../../conf.sh 15 16# Fake an unsupported key 17unsupportedkey=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone unsupported) 18awk '$3 == "DNSKEY" { $6 = 255 } { print }' ${unsupportedkey}.key >${unsupportedkey}.tmp 19mv ${unsupportedkey}.tmp ${unsupportedkey}.key 20 21zone=bits 22rm -f K${zone}.+*+*.key 23rm -f K${zone}.+*+*.private 24keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone) 25keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone) 26$DSFROMKEY -T 1200 $keyname >>../ns1/root.db 27 28zone=noixfr 29rm -f K${zone}.+*+*.key 30rm -f K${zone}.+*+*.private 31keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone) 32keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone) 33$DSFROMKEY -T 1200 $keyname >>../ns1/root.db 34 35zone=primary 36rm -f K${zone}.+*+*.key 37rm -f K${zone}.+*+*.private 38keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone) 39keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone) 40$DSFROMKEY -T 1200 $keyname >>../ns1/root.db 41 42zone=dynamic 43rm -f K${zone}.+*+*.key 44rm -f K${zone}.+*+*.private 45keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone) 46keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone) 47$DSFROMKEY -T 1200 $keyname >>../ns1/root.db 48 49zone=updated 50rm -f K${zone}.+*+*.key 51rm -f K${zone}.+*+*.private 52zsk=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -L 3600 -n zone $zone) 53ksk=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -L 3600 -n zone -f KSK $zone) 54$SETTIME -s -g OMNIPRESENT -k RUMOURED now -z RUMOURED now "$zsk" >settime.out.updated.1 2>&1 55$SETTIME -s -g OMNIPRESENT -k RUMOURED now -r RUMOURED now -d HIDDEN now "$ksk" >settime.out.updated.2 2>&1 56$DSFROMKEY -T 1200 $ksk >>../ns1/root.db 57$SIGNER -S -x -O raw -L 2000042407 -o ${zone} ${zone}.db >/dev/null 58cp primary2.db.in updated.db 59 60# signatures are expired and should be regenerated on startup 61zone=expired 62rm -f K${zone}.+*+*.key 63rm -f K${zone}.+*+*.private 64keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone) 65keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone) 66$DSFROMKEY -T 1200 $keyname >>../ns1/root.db 67$SIGNER -PS -s 20100101000000 -e 20110101000000 -O raw -L 2000042407 -o ${zone} ${zone}.db >/dev/null 68 69zone=retransfer 70rm -f K${zone}.+*+*.key 71rm -f K${zone}.+*+*.private 72keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone) 73keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone) 74$DSFROMKEY -T 1200 $keyname >>../ns1/root.db 75 76zone=nsec3 77rm -f K${zone}.+*+*.key 78rm -f K${zone}.+*+*.private 79keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone) 80$DSFROMKEY -T 1200 $keyname >>../ns1/root.db 81 82zone=delayedkeys 83rm -f K${zone}.+*+*.key 84rm -f K${zone}.+*+*.private 85keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone) 86keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone) 87# Keys for the "delayedkeys" zone should not be initially accessible. 88mv K${zone}.+*+*.* ../ 89 90zone=removedkeys-primary 91rm -f K${zone}.+*+*.key 92rm -f K${zone}.+*+*.private 93keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone) 94keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone) 95 96zone=removedkeys-secondary 97rm -f K${zone}.+*+*.key 98rm -f K${zone}.+*+*.private 99keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone) 100keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone) 101 102for s in a c d h k l m q z; do 103 zone=test-$s 104 keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone) 105done 106 107for s in b f i o p t v; do 108 zone=test-$s 109 keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone) 110 keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone) 111done 112 113zone=externalkey 114zonefile=${zone}.db 115rm -f K${zone}.+*+*.key 116rm -f K${zone}.+*+*.private 117 118for alg in ${DEFAULT_ALGORITHM} ${ALTERNATIVE_ALGORITHM}; do 119 k1=$($KEYGEN -q -a $alg -n zone -f KSK $zone) 120 k2=$($KEYGEN -q -a $alg -n zone $zone) 121 k3=$($KEYGEN -q -a $alg -n zone $zone) 122 k4=$($KEYGEN -q -a $alg -n zone -f KSK $zone) 123 $DSFROMKEY -T 1200 $k4 >>../ns1/root.db 124 125 cat $k1.key $k2.key >>$zonefile 126 127 rm -f $k1.key 128 rm -f $k1.private 129 rm -f $k2.key 130 rm -f $k2.private 131done 132