Handle multiple KSK at the same time

dnssec_generate.py

@@ -16,19 +16,22 @@ except:
 if __name__ == '__main__':
     ds_records = {}
     for zone in zones:
-        cds = subprocess.check_output(['/usr/sbin/knotc', 'zone-read', zone, '@', 'CDS'])[:-1].decode('utf-8')
+        cdss = subprocess.check_output(['/usr/sbin/knotc', 'zone-read', zone, '@', 'CDS'])[:-1].decode('utf-8').split('\n') 
-        ds = {}
+        for cds in cdss:
-        try:
+            ds = {}
-            cds = cds.split(' ')
+            try:
-            ds['subzone'] = cds[1]
+                cds = cds.split(' ')
-            ds['id'] = cds[4]
+                ds['subzone'] = cds[1]
-            ds['algo'] = cds[5]
+                ds['id'] = cds[4]
-            ds['type'] = cds[6]
+                ds['algo'] = cds[5]
-            ds['fp'] = cds[7]
+                ds['type'] = cds[6]
-        except:
+                ds['fp'] = cds[7]
-            print('Unable to find ksk for', zone)
+            except:
-            continue
+                print('Unable to find ksk for', zone)
-        ds['ttl'] = 172800
+                continue
-        ds_records[zone] = ds
+            ds['ttl'] = 172800
+            if not zone in ds_records:
+                ds_records[zone] = []
+            ds_records[zone].append(ds)
     with open('dnssec.json', 'w') as dnssec:
         json.dump(ds_records, dnssec)

main.py

@@ -218,7 +218,8 @@ def write_dns_file(zone):
             zones_ds = json.load(ds)
         ds_records = ""
         for zone in zones_ds:
-            ds_records += template_ds.format(**zones_ds[zone]) + "\n"
+            for ds in zones_ds[zone]:
+                ds_records += template_ds.format(**ds) + "\n"
     else:
         ds_records = "\n"