[dnssec] Mise en place de la signature des zones DNS et de la gestion des clefs
Ignore-this: d9a61a9c8fb5916f74dc605790101ae9 darcs-hash:20120408230250-3651d-cc3405f0e5bf46be54a262e614bb8eebe49a8b85.gz
This commit is contained in:
aupetit
parent
7bcac72547
commit
b43a8c124d
5 changed files with 102 additions and 0 deletions
30
gestion/dns/generer_ZSK.sh
Executable file
30
gestion/dns/generer_ZSK.sh
Executable file
|
|
@ -0,0 +1,30 @@
|
|||
#!/bin/bash
|
||||
# Generation d'une nouvelle clef ZSK pour une zone
|
||||
|
||||
DATE=`date --utc +%s`
|
||||
|
||||
cd /etc/crans/secrets/dnssec
|
||||
|
||||
if [[ $1 == "" ]]
|
||||
then echo "Usage: $0 nom_de_la_zone"
|
||||
echo "Exemple: $0 wifi.crans.org"
|
||||
exit
|
||||
fi
|
||||
|
||||
|
||||
echo "Generation nouvelle ZSK pour $1"
|
||||
dnssec-keygen -r /dev/urandom -a RSASHA256 -b 2048 -n ZONE $1
|
||||
|
||||
## On renomme de façon utilisable
|
||||
mv K$1.+*.key K$1.$DATE.ZSK.key
|
||||
mv K$1.+*.private K$1.$DATE.ZSK.private
|
||||
|
||||
## On met a jour les liens symboliques vers la clef actuelle
|
||||
rm K$1.ZSK.key
|
||||
rm K$1.ZSK.private
|
||||
|
||||
ln -s K$1.$DATE.ZSK.key K$1.ZSK.key
|
||||
ln -s K$1.$DATE.ZSK.private K$1.ZSK.private
|
||||
|
||||
## On met à jour le fichier inclu dans la zone
|
||||
bash /usr/scripts/gestion/dns/generer_include_zone.sh $1
|
||||
Loading…
Add table
Add a link
Reference in a new issue