✨: DNSSEC signing and auto-signing

2024-07-05 11:53:53 +02:00
parent cedd523536
commit eac088a11e
8 changed files with 82 additions and 9 deletions
--- a/roles/nsd/templates/resignall.sh.j2
+++ b/roles/nsd/templates/resignall.sh.j2
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+for i in {{ nsd_default_etc_path }}keys/*/*.ds
+do
+	# Get the different names
+	FILENAME=${i##*/}
+	KEYNAME=${FILENAME/.ds/}
+	DIRPATH=${i/${FILENAME}/}
+	_ZONEFILEPATH=${DIRPATH/keys/zones}
+	ZONEFILEPATH=${_ZONEFILEPATH%/*}.zone
+	_ZONENAME=${_ZONEFILEPATH%/*}
+	ZONENAME=${_ZONENAME##*/}
+
+	cd $DIRPATH
+	sudo -u nsd /usr/bin/ldns-signzone -o ${ZONENAME} -u ${ZONEFILEPATH} ${KEYNAME}
+	/usr/sbin/nsd-control reload ${ZONENAME}
+done