#!/bin/sh
# $Id: dnssec 285 2013-05-13 17:04:43Z sanders $
#
fatal() { echo "$*"; exit 255; }
umask 022
base="/etc/bind/master"
cd $base
mode=$1
zone=$2
[ ! -z "$mode" ] || fatal "no mode specified"
[ ! -z "$zone" ] || fatal "no zone specified, use 'all' for mode 'resign'"
tld=$(echo "$zone" | sed -e 's/^.*\.//')
zone_dir=$base/$tld/$zone
dnskey_db=$zone_dir/dnskey.db
zonefile_plain=$zone_dir/zone.db
zonefile_signed=$zone_dir/zone.db.signed
if [ "$mode" = "edit" ]; then
[ -e $zonefile_plain ] || fatal "zonefile $zonefile_plain not found"
vim $zonefile_plain
/usr/bin/zkt-signer -v -v -D $base/$tld ${zone}.
elif [ "$mode" = "resign" ]; then
/usr/bin/zkt-signer -v -v
else
fatal "unknown mode '$mode'"
fi
echo "removing keyset files from parent dir"
rm -f $base/*/keyset*
echo "fixing permissions"
find $base/ -type d -exec chmod 755 {} \;
find $base/ -type f -exec chmod 640 {} \;
chown -R bind:bind $base/
if [ -e $zonefile_plain ]; then
echo "zone reload $zone"
/usr/sbin/rndc reload $zone
else
echo "server reload"
/usr/sbin/rndc reload
fi
echo "done."