#!/bin/sh
# $Id: dnssec 285 2013-05-13 17:04:43Z sanders $
# 
fatal() { echo "$*"; exit 255; }

umask 022

base="/etc/bind/master"
cd $base

mode=$1
zone=$2
[ ! -z "$mode" ] || fatal "no mode specified"
[ ! -z "$zone" ] || fatal "no zone specified, use 'all' for mode 'resign'"

tld=$(echo "$zone" | sed -e 's/^.*\.//')
zone_dir=$base/$tld/$zone
dnskey_db=$zone_dir/dnskey.db
zonefile_plain=$zone_dir/zone.db
zonefile_signed=$zone_dir/zone.db.signed

if [ "$mode" = "edit" ]; then
    [ -e $zonefile_plain ] || fatal "zonefile $zonefile_plain not found"
    vim $zonefile_plain
    /usr/bin/zkt-signer -v -v -D $base/$tld ${zone}.
elif [ "$mode" = "resign" ]; then
    /usr/bin/zkt-signer -v -v
else
    fatal "unknown mode '$mode'"
fi

echo "removing keyset files from parent dir"
rm -f $base/*/keyset*

echo "fixing permissions"
find $base/ -type d -exec chmod 755 {} \;
find $base/ -type f -exec chmod 640 {} \;
chown -R bind:bind $base/

if [ -e $zonefile_plain ]; then
    echo "zone reload $zone"
    /usr/sbin/rndc reload $zone
else
    echo "server reload"
    /usr/sbin/rndc reload
fi

echo "done."