2022-04-19 13:38:56 -07:00
|
|
|
#!/usr/local/bin/bash
|
|
|
|
|
2022-04-19 13:46:35 -07:00
|
|
|
# Copyright (c) 2018-2022, diyIT.org
|
2022-04-19 13:38:56 -07:00
|
|
|
# All rights reserved.
|
|
|
|
#
|
|
|
|
# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License")
|
|
|
|
# https://diyit.org/license/
|
|
|
|
#
|
|
|
|
#
|
|
|
|
|
|
|
|
#SIM="-s"
|
|
|
|
#SIM=""
|
|
|
|
|
|
|
|
#rpl $SIM -v -R "2001:470:480a:a1::" "2001:470:480a:8001::" ./namedb
|
|
|
|
#rpl $SIM -v -R "100.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.8" "100.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.8" ./namedb
|
|
|
|
#rpl $SIM -v -R "2021120700" "2022010100" ./namedb
|
|
|
|
#service $SIM named $SIM restart
|
|
|
|
|
|
|
|
|
|
|
|
service named stop
|
|
|
|
|
|
|
|
cd /data/namedb/master
|
|
|
|
|
|
|
|
rm /data/namedb/master/*signed*
|
|
|
|
|
|
|
|
declare -A ZONE_PEM
|
|
|
|
ZONE_PEM=(["ahlawat.com"]="" ["beyondbell.com"]="bb" ["diyit.org"]="diy" ["xflow.org"]="xflow" ["datavpc.com"]="dvpc" ["mydatavpc.com"]="mdvpc" ["rockwoodestates.org"]="rwe" ["rockwoodranch.org"]="rwr" ["scvcc-rental.com"]="scvcc")
|
|
|
|
|
|
|
|
for ZONE in "${!ZONE_PEM[@]}"
|
|
|
|
do
|
|
|
|
PEM=${ZONE_PEM[$ZONE]}
|
|
|
|
|
|
|
|
/usr/local/bin/ldns-dane -c "/mnt/certs/"$PEM"fullchain.pem" create mail.$ZONE 25 3 1 1 > /data/namedb/master/tlsa-$ZONE
|
|
|
|
/usr/local/bin/ldns-dane -c "/mnt/certs/"$PEM"fullchain.pem" create mail-backup.$ZONE 25 3 1 1 >> /data/namedb/master/tlsa-$ZONE
|
|
|
|
/usr/local/bin/ldns-dane -c "/mnt/certs/"$PEM"fullchain.pem" create $ZONE 443 3 1 1 >> /data/namedb/master/tlsa-$ZONE
|
|
|
|
/usr/local/bin/ldns-dane -c "/mnt/certs/"$PEM"fullchain.pem" create www.$ZONE 443 3 1 1 >> /data/namedb/master/tlsa-$ZONE
|
|
|
|
done
|
|
|
|
|
|
|
|
NEW_SERIAL=`date -j +%Y%m%d%H`
|
|
|
|
#NEW_SERIAL="2022022635"
|
|
|
|
echo $NEW_SERIAL
|
|
|
|
|
|
|
|
for DBFILE in `ls /data/namedb/master/*.db`
|
|
|
|
do
|
|
|
|
ZONE=`echo $DBFILE | cut -d/ -f 5 | cut -d. -f -2`
|
|
|
|
|
|
|
|
/usr/local/sbin/named-checkzone $ZONE $DBFILE
|
|
|
|
SERIAL=`/usr/local/sbin/named-checkzone $ZONE $DBFILE | egrep -ho '[0-9]{10}'`
|
|
|
|
echo $SERIAL
|
|
|
|
sed -i .orig 's/'$SERIAL'/'$(($NEW_SERIAL))'/' $DBFILE
|
|
|
|
|
|
|
|
#/usr/local/sbin/dnssec-signzone -S -K /data/namedb/master -t -o $ZONE $DBFILE
|
|
|
|
/usr/local/sbin/dnssec-signzone -3 $(head -c 1024 /dev/random | sha1sum | cut -b 1-16) -K /data/namedb/master -t -o $ZONE $DBFILE
|
|
|
|
done
|
|
|
|
|
|
|
|
chown bind:bind /data/namedb/master/*
|
|
|
|
|
|
|
|
service named start
|