genzones.sh revision ad127d839d2e7aa542939a8a336691407e23397e
echo "D:${debug}: dumping ${1}" echo "I:setting up $2 zone: $1" # A unsigned zone should fail validation. # A set of zones with only DNSKEY records. # A set of zones with expired records exp=
`awk '$4 == "RRSIG" && $5 == "DNSKEY" { print $9;}' ${file}` exp=
`awk '$4 == "RRSIG" && $5 == "DNSKEY" { print $9;}' ${file}` awk '$4 == "NSEC" && /SOA/ { $6=""; print } { print }' ${
file} > ${
file}.
tmp # extra NSEC record out side of zone echo "out-of-zone. 3600 IN NSEC ${zone}. A" >> ${
file}
# extra NSEC record below bottom of one echo "ns.sub.${zone}. 3600 IN NSEC ${zone}. A AAAA" >> ${
file}
# dnssec-signzone signs any node with a NSEC record. # missing NSEC3 record at empty node awk '$4 == "NSEC3" && NF == 9 { next; } { print; }' ${
file} > ${
file}.
tmp $1 = "H9P7U7TR2U91D0V0LJS9L1GIDNP90U3H." ZONE; $9 = "H9P7U7TR2U91D0V0LJS9L1GIDNP90U3I";