1#!/bin/sh -e 2 3# Copyright (C) Internet Systems Consortium, Inc. ("ISC") 4# 5# SPDX-License-Identifier: MPL-2.0 6# 7# This Source Code Form is subject to the terms of the Mozilla Public 8# License, v. 2.0. If a copy of the MPL was not distributed with this 9# file, you can obtain one at https://mozilla.org/MPL/2.0/. 10# 11# See the COPYRIGHT file distributed with this work for additional 12# information regarding copyright ownership. 13 14. ../../conf.sh 15 16# Fake an unsupported key 17unsupportedkey=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone unsupported) 18awk '$3 == "DNSKEY" { $6 = 255 } { print }' ${unsupportedkey}.key >${unsupportedkey}.tmp 19mv ${unsupportedkey}.tmp ${unsupportedkey}.key 20 21zone=bits 22rm -f K${zone}.+*+*.key 23rm -f K${zone}.+*+*.private 24keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone) 25keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone) 26$DSFROMKEY -T 1200 $keyname >>../ns1/root.db 27 28zone=noixfr 29rm -f K${zone}.+*+*.key 30rm -f K${zone}.+*+*.private 31keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone) 32keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone) 33$DSFROMKEY -T 1200 $keyname >>../ns1/root.db 34 35zone=primary 36rm -f K${zone}.+*+*.key 37rm -f K${zone}.+*+*.private 38keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone) 39keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone) 40$DSFROMKEY -T 1200 $keyname >>../ns1/root.db 41 42zone=dynamic 43rm -f K${zone}.+*+*.key 44rm -f K${zone}.+*+*.private 45keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone) 46keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone) 47$DSFROMKEY -T 1200 $keyname >>../ns1/root.db 48 49zone=updated 50rm -f K${zone}.+*+*.key 51rm -f K${zone}.+*+*.private 52keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone) 53keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone) 54$DSFROMKEY -T 1200 $keyname >>../ns1/root.db 55$SIGNER -S -O raw -L 2000042407 -o ${zone} ${zone}.db >/dev/null 56cp primary2.db.in updated.db 57 58# signatures are expired and should be regenerated on startup 59zone=expired 60rm -f K${zone}.+*+*.key 61rm -f K${zone}.+*+*.private 62keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone) 63keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone) 64$DSFROMKEY -T 1200 $keyname >>../ns1/root.db 65$SIGNER -PS -s 20100101000000 -e 20110101000000 -O raw -L 2000042407 -o ${zone} ${zone}.db >/dev/null 66 67zone=retransfer 68rm -f K${zone}.+*+*.key 69rm -f K${zone}.+*+*.private 70keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone) 71keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone) 72$DSFROMKEY -T 1200 $keyname >>../ns1/root.db 73 74zone=nsec3 75rm -f K${zone}.+*+*.key 76rm -f K${zone}.+*+*.private 77keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone) 78$DSFROMKEY -T 1200 $keyname >>../ns1/root.db 79 80zone=retransfer3 81rm -f K${zone}.+*+*.key 82rm -f K${zone}.+*+*.private 83keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone) 84keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone) 85$DSFROMKEY -T 1200 $keyname >>../ns1/root.db 86 87zone=inactiveksk 88rm -f K${zone}.+*+*.key 89rm -f K${zone}.+*+*.private 90keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone) 91keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -P now -A now+3600 -f KSK $zone) 92keyname=$($KEYGEN -q -a ${ALTERNATIVE_ALGORITHM} -n zone $zone) 93keyname=$($KEYGEN -q -a ${ALTERNATIVE_ALGORITHM} -n zone -f KSK $zone) 94$DSFROMKEY -T 1200 $keyname >>../ns1/root.db 95 96zone=inactivezsk 97rm -f K${zone}.+*+*.key 98rm -f K${zone}.+*+*.private 99keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -P now -A now+3600 $zone) 100keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone) 101keyname=$($KEYGEN -q -a ${ALTERNATIVE_ALGORITHM} -n zone $zone) 102keyname=$($KEYGEN -q -a ${ALTERNATIVE_ALGORITHM} -n zone -f KSK $zone) 103$DSFROMKEY -T 1200 $keyname >>../ns1/root.db 104 105zone=delayedkeys 106rm -f K${zone}.+*+*.key 107rm -f K${zone}.+*+*.private 108keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone) 109keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone) 110# Keys for the "delayedkeys" zone should not be initially accessible. 111mv K${zone}.+*+*.* ../ 112 113zone=removedkeys-primary 114rm -f K${zone}.+*+*.key 115rm -f K${zone}.+*+*.private 116keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone) 117keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone) 118 119zone=removedkeys-secondary 120rm -f K${zone}.+*+*.key 121rm -f K${zone}.+*+*.private 122keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone) 123keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone) 124 125for s in a c d h k l m q z; do 126 zone=test-$s 127 keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone) 128done 129 130for s in b f i o p t v; do 131 zone=test-$s 132 keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone) 133 keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone) 134done 135 136zone=externalkey 137rm -f K${zone}.+*+*.key 138rm -f K${zone}.+*+*.private 139 140for alg in ${DEFAULT_ALGORITHM} ${ALTERNATIVE_ALGORITHM}; do 141 k1=$($KEYGEN -q -a $alg -n zone -f KSK $zone) 142 k2=$($KEYGEN -q -a $alg -n zone $zone) 143 k3=$($KEYGEN -q -a $alg -n zone $zone) 144 k4=$($KEYGEN -q -a $alg -n zone -f KSK $zone) 145 $DSFROMKEY -T 1200 $k4 >>../ns1/root.db 146 147 # Convert k1 and k2 in to External Keys. 148 rm -f $k1.private 149 mv $k1.key a-file 150 $IMPORTKEY -P now -D now+3600 -f a-file $zone >/dev/null 2>&1 \ 151 || (echo_i "importkey failed: $alg") 152 rm -f $k2.private 153 mv $k2.key a-file 154 $IMPORTKEY -f a-file $zone >/dev/null 2>&1 \ 155 || (echo_i "importkey failed: $alg") 156done 157