#!/bin/bash
|
source {dnssec_conffile}
|
pardomain="${1::-1}"
|
|
echo "$0 $1 $2 $3 $4 results in domain: $pardomain" > /tmp/.last-call-to-dnssec-update
|
|
|
|
if [ ! -d $backuppath ]; then mkdir -p $backuppath; fi
|
#connect to database for testing
|
mysqlcheck=`mysql -u $dbuser --password=$dbpass -h $dbhost -Bse "use $dbase; show tables;" | wc -c`
|
if [ "$mysqlcheck" = 0 ];then
|
echo "$0 could not connect to database"
|
cd $curdir
|
exit 0
|
fi
|
|
mysqlcheck=`mysql -u $dbuser --password=$dbpass -h $dbhost -Bse "use $dbase; select id,serial from dns_soa where active='Y' and origin='$pardomain.';" | awk {' print $1":"$2 '}`
|
echo $mysqlcheck
|
zoneid=`echo $mysqlcheck | sed 's/:/ /g' | awk {' print $1 '}`
|
domain=$pardomain
|
serial=`echo $mysqlcheck | sed 's/:/ /g' | awk {' print $2 '}`
|
fserial=`/usr/sbin/named-checkzone $domain $bindpath/$filespre$domain | egrep -ho '[0-9]{10}'`
|
includecheck=`cat $bindpath/$filespre$domain |grep "INCLUDE" |wc -l`
|
if [ ! $includecheck = 2 ] ;then
|
echo "">> $bindpath/pri.$domain
|
for key in `ls $bindpath/K$pardomain.+*.key`; do
|
echo "Including $key..."
|
echo "\$INCLUDE $key">> $bindpath/pri.$domain
|
done
|
else
|
echo "Includes are there. Why ever..."
|
fi
|
|
/usr/sbin/dnssec-signzone -A -3 $(head -c 1000 /dev/random | sha1sum | cut -b 1-16) -N increment -o $domain -t $filespre$domain
|
mysql -u $dbuser --password=$dbpass -h $dbhost -Bse "use $dbase; update dns_soa set serial='$fserial' where origin='$domain.'; update dns_rr set serial='$fserial' WHERE zone=$zoneid"
|
|
echo "DNSSEC for $pardomain has been configured"
|
cd $curdir
|
exit 0
|
