Skip to content

Commit

Permalink
add secure-all-zones command to pdnssec
Browse files Browse the repository at this point in the history
  • Loading branch information
@mind04
mind04 committed May 13, 2014
1 parent 5633a4a commit fa37777
Show file tree
Hide file tree
Showing 2 changed files with 34 additions and 1 deletion.
10 changes: 9 additions & 1 deletion pdns/docs/pdns.xml
View file
Expand Up @@ -13104,6 +13104,14 @@ $ pdnssec rectify-zone powerdnssec.org
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry>
<term>secure-all-zones</term>
<listitem>
<para>
Add keymaterial to all zones. You should manually run 'rectify-all-zones' afterwards.
</para>
</listitem>
</varlistentry>
<varlistentry> <varlistentry>
<term>set-nsec3 ZONE 'parameters' [narrow]</term> <term>set-nsec3 ZONE 'parameters' [narrow]</term>
<listitem> <listitem>
Expand Down Expand Up @@ -16217,7 +16225,7 @@ To enable a Lua script for a particular slave zone, determine the domain_id for
<varlistentry><term>disable-axfr-rectify=...</term> <varlistentry><term>disable-axfr-rectify=...</term>
<listitem><para> <listitem><para>
Disable the rectify step during an outgoing AXFR. Only required for regression testing. Disable the rectify step during an outgoing AXFR. Only required for regression testing.
Default is no."/>. Default is no.
</para></listitem></varlistentry> </para></listitem></varlistentry>
<varlistentry><term>disable-tcp=...</term> <varlistentry><term>disable-tcp=...</term>
<listitem><para> <listitem><para>
Expand Down
25 changes: 25 additions & 0 deletions pdns/pdnssec.cc
View file
Expand Up @@ -1126,6 +1126,7 @@ try
cerr<<"rectify-zone ZONE [ZONE ..] Fix up DNSSEC fields (order, auth)"<<endl; cerr<<"rectify-zone ZONE [ZONE ..] Fix up DNSSEC fields (order, auth)"<<endl;
cerr<<"rectify-all-zones Rectify all zones."<<endl; cerr<<"rectify-all-zones Rectify all zones."<<endl;
cerr<<"remove-zone-key ZONE KEY-ID Remove key with KEY-ID from ZONE"<<endl; cerr<<"remove-zone-key ZONE KEY-ID Remove key with KEY-ID from ZONE"<<endl;
cerr<<"secure-all-zones Secure all zones without keys."<<endl;
cerr<<"secure-zone ZONE [ZONE ..] Add KSK and two ZSKs"<<endl; cerr<<"secure-zone ZONE [ZONE ..] Add KSK and two ZSKs"<<endl;
cerr<<"set-nsec3 ZONE ['params' [narrow]] Enable NSEC3 with PARAMs. Optionally narrow"<<endl; cerr<<"set-nsec3 ZONE ['params' [narrow]] Enable NSEC3 with PARAMs. Optionally narrow"<<endl;
cerr<<"set-presigned ZONE Use presigned RRSIGs from storage"<<endl; cerr<<"set-presigned ZONE Use presigned RRSIGs from storage"<<endl;
Expand Down Expand Up @@ -1399,6 +1400,30 @@ try
} }
return 0; return 0;
} }
else if (cmds[0] == "secure-all-zones") {
UeberBackend B("default");

unsigned int zoneErrors=0;
vector<DomainInfo> domainInfo;
B.getAllDomains(&domainInfo);

dk.startTransaction();
BOOST_FOREACH(DomainInfo di, domainInfo) {
if(!dk.isSecuredZone(di.zone)) {
cout<<"Securing "<<di.zone<<": ";
if (!secureZone(dk, di.zone))
zoneErrors++;
}
}
dk.commitTransaction();

cout<<"Secured: "<<domainInfo.size()<<" zones. Errors: "<<zoneErrors<<endl;

if (zoneErrors) {
return 1;
}
return 0;
}
else if(cmds[0]=="set-nsec3") { else if(cmds[0]=="set-nsec3") {
if(cmds.size() < 2) { if(cmds.size() < 2) {
cerr<<"Syntax: pdnssec set-nsec3 ZONE 'params' [narrow]"<<endl; cerr<<"Syntax: pdnssec set-nsec3 ZONE 'params' [narrow]"<<endl;
Expand Down

0 comments on commit fa37777

Please sign in to comment.