Permalink
Browse files

add secure-all-zones command to pdnssec

  • Loading branch information...
1 parent 5633a4a commit fa37777331785de83f8e926e41ff678f9a4d8494 @mind04 mind04 committed with mind04 May 21, 2013
Showing with 34 additions and 1 deletion.
  1. +9 −1 pdns/docs/pdns.xml
  2. +25 −0 pdns/pdnssec.cc
View
@@ -13105,6 +13105,14 @@ $ pdnssec rectify-zone powerdnssec.org
</listitem>
</varlistentry>
<varlistentry>
+ <term>secure-all-zones</term>
+ <listitem>
+ <para>
+ Add keymaterial to all zones. You should manually run 'rectify-all-zones' afterwards.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
<term>set-nsec3 ZONE 'parameters' [narrow]</term>
<listitem>
<para>
@@ -16217,7 +16225,7 @@ To enable a Lua script for a particular slave zone, determine the domain_id for
<varlistentry><term>disable-axfr-rectify=...</term>
<listitem><para>
Disable the rectify step during an outgoing AXFR. Only required for regression testing.
- Default is no."/>.
+ Default is no.
</para></listitem></varlistentry>
<varlistentry><term>disable-tcp=...</term>
<listitem><para>
View
@@ -1126,6 +1126,7 @@ try
cerr<<"rectify-zone ZONE [ZONE ..] Fix up DNSSEC fields (order, auth)"<<endl;
cerr<<"rectify-all-zones Rectify all zones."<<endl;
cerr<<"remove-zone-key ZONE KEY-ID Remove key with KEY-ID from ZONE"<<endl;
+ cerr<<"secure-all-zones Secure all zones without keys."<<endl;
cerr<<"secure-zone ZONE [ZONE ..] Add KSK and two ZSKs"<<endl;
cerr<<"set-nsec3 ZONE ['params' [narrow]] Enable NSEC3 with PARAMs. Optionally narrow"<<endl;
cerr<<"set-presigned ZONE Use presigned RRSIGs from storage"<<endl;
@@ -1399,6 +1400,30 @@ try
}
return 0;
}
+ else if (cmds[0] == "secure-all-zones") {
+ UeberBackend B("default");
+
+ unsigned int zoneErrors=0;
+ vector<DomainInfo> domainInfo;
+ B.getAllDomains(&domainInfo);
+
+ dk.startTransaction();
+ BOOST_FOREACH(DomainInfo di, domainInfo) {
+ if(!dk.isSecuredZone(di.zone)) {
+ cout<<"Securing "<<di.zone<<": ";
+ if (!secureZone(dk, di.zone))
+ zoneErrors++;
+ }
+ }
+ dk.commitTransaction();
+
+ cout<<"Secured: "<<domainInfo.size()<<" zones. Errors: "<<zoneErrors<<endl;
+
+ if (zoneErrors) {
+ return 1;
+ }
+ return 0;
+ }
else if(cmds[0]=="set-nsec3") {
if(cmds.size() < 2) {
cerr<<"Syntax: pdnssec set-nsec3 ZONE 'params' [narrow]"<<endl;

0 comments on commit fa37777

Please sign in to comment.