Skip to content
Permalink
Browse files

solving #2

  • Loading branch information...
mdavids committed Mar 13, 2019
1 parent 06432df commit 65a5b6a3b54968ae690024aa4a9f0f0a53ee478d
Showing with 27 additions and 12 deletions.
  1. 0 -@
  2. +6 −0 create_configs.sh
  3. +7 −2 create_zones.sh
  4. +2 −2 input/templates/basic_zone.templ
  5. +7 −6 libs/workbench/dnsutil.py
  6. +5 −2 tools/generators/bad_dnssec.py
0 -@
No changes.
@@ -1,7 +1,13 @@
#!/bin/sh

# Create output dir if it does not exist:
mkdir -p output/servers

rm -rf output/servers/*

PYTHONPATH=libs
export PYTHONPATH
./tools/config_builders/config_builder.py

echo "Done."
echo "Please note: make sure you run this after create_zones.sh (if you have changed things there) and note before"
@@ -14,7 +14,12 @@ if [[ ! -f ./ext/ldns-3597/ldns-3597 ]] ; then
fi

# Create output dir if it does not exist:
mkdir -p ./output
mkdir -p output/final
mkdir -p output/keys
mkdir -p output/signed
mkdir -p output/uncompleted
mkdir -p output/unsigned
mkdir -p output/zone_db

# Do or don't? You pick...
rm -rf output/final/*
@@ -28,7 +33,7 @@ rm -rf output/zone_db/*

echo "Running static zones generator" &&\
./tools/generators/static_zones.py &&\
echo "Running bad-dnssec zones generator" &&\
echo "Running bad-dnssec zones and types zones generator" &&\
./tools/generators/bad_dnssec.py &&\
echo "Running delegations zones generator" &&\
./tools/generators/delegations.py &&\
@@ -9,5 +9,5 @@
IN AAAA 2a00:d78:0:712:94:198:159:39
IN TXT "Automatically generated by DNS workbench from basic_zone template"
IN TXT "v=spf1 -all"
IN MX 0 .
IN TXT "v=DMARC1; p=reject;"
IN MX 0 .
IN TXT "v=DMARC1; p=reject;"
@@ -95,7 +95,7 @@ def add_standard_sign_options(zd):
zd.add("signer_keys", dname_u + ".ksk")

def execute(cmd, cwd=None):
print("[DEBUG] run command: %s" % cmd)
# print("[DEBUG] run command: %s" % cmd)
cmdp = shlex.split(cmd)
p = subprocess.Popen(cmdp, stdout=subprocess.PIPE, stderr=subprocess.PIPE, cwd=cwd)
(stdout, stderr) = p.communicate()
@@ -110,18 +110,19 @@ def get_keyfile(zone):

def check_create_key(zone, keyfile):
base_keyfile = keyfile[:-8]
if not base_keyfile.startswith("nods.") and not os.path.exists(keyfile):
if not os.path.exists(keyfile):
#print(" [dnsutil] zone found that might need key-material: " + zone)
os.makedirs(os.path.dirname(keyfile), exist_ok=True)
cmd = "ldns-keygen -k -r /dev/urandom -a RSASHA256 -b 1024 %s" % zone
stdout = execute(cmd)
basename = stdout.decode("utf-8").rstrip()

#if (base_keyfile.startswith("nods.")):
# os.unlink(basename + ".ds")
#else:
os.rename(basename + ".ds", base_keyfile + ".ds")
os.rename(basename + ".key", base_keyfile + ".key")
os.rename(basename + ".private", base_keyfile + ".private")
# we fix this in bad_dnssec.py
#if os.path.basename(base_keyfile).startswith("nods."):
# print("[DEBUG] removing " + base_keyfile + ".ds" )
# os.unlink(base_keyfile + ".ds")

def get_all_db_files():
# TODO: this needs improving
@@ -109,6 +109,7 @@ def create_bad_dnssec_tree_zonelist(name, depth):

def create_zone(zone, zonefile):
zone = dnsutil.fqdn(zone)
#print(" [create_zone] zone: %s - zonefile: %s" %(zone,zonefile))
# create tempfile and write zone data to is
with open(zonefile, "w") as out:
# TODO: serial... (and other values)
@@ -119,9 +120,11 @@ def create_zone(zone, zonefile):
for delegation in bad_dnssec_tree_delegations:
delname = delegation + "." + zone
dsfile = env.KEYS_DIR + "/" + delname + "ds"
print("check for " + dsfile)
if os.path.exists(dsfile) or delname.startswith("nods."):
# print(" check for nods-delegation or " + dsfile)
if os.path.exists(dsfile):
dnsutil.add_template(out, "all_ns", delname, 3600)
if delname.startswith("nods."):
os.unlink(dsfile)
# TODO: second check necessary?
#if os.path.exists(dsfile):
# with open(dsfile, "r") as infile:

0 comments on commit 65a5b6a

Please sign in to comment.
You can’t perform that action at this time.