Unlike primary and secondary zones, file names of reverse zones
and their configurations are different from full domain names.
So far, we ignored this difference when handling keys.
From this point on, key files are named after the configuration files
and key-gen is able to synthesize the full domain name by interpreting
the configuration. In bin/genzone, we extract the domain name from
$ORIGIN in the raw zone file.
- NSCVER macro
- Update or delete nsc.lsm
- NSCVER macro
- Update or delete nsc.lsm
+- do we still need root.cache?
-- in reverse zones, file name != zone name => need to pass zone name to genzone
-- signing reverse zones
$M4 -DVERS=ver/$Z m4/nsc.m4 "$@" >zone/$Z.new
NEWVER="$(sed -e "s/^;;; VERSION: //; t; d" zone/$Z.new)"
if [ -f khash/$Z ] ; then
$M4 -DVERS=ver/$Z m4/nsc.m4 "$@" >zone/$Z.new
NEWVER="$(sed -e "s/^;;; VERSION: //; t; d" zone/$Z.new)"
if [ -f khash/$Z ] ; then
- if ! dnssec-signzone -a -d tmp -K keys/$Z $SIGNZONE_OPTIONS -f zone/$Z.signed -o $Z -S -3 - zone/$Z.new &>zone/$Z.tmp ; then
+ ORIGIN=$(grep '\$ORIGIN' zone/$Z.new | cut -d' ' -f2)
+ if [ -z "$ORIGIN" ] ; then
+ echo >&2 "FATAL: Cannot establish zone origin for $Z"
+ exit 1
+ fi
+ if ! dnssec-signzone -a -d tmp -K keys/$Z $SIGNZONE_OPTIONS -f zone/$Z.signed -o $ORIGIN -S -3 - zone/$Z.new &>zone/$Z.tmp ; then
- echo >&2 "FATAL: Signing failed"
+ echo >&2 "FATAL: Cannot sign $Z"
exit 1
fi
rm -f zone/$Z.tmp
exit 1
fi
rm -f zone/$Z.tmp
. bin/shell-env
if [ -z "$1" ] ; then
. bin/shell-env
if [ -z "$1" ] ; then
- echo >&2 "Usage: $0 <zone> [<extra-keygen-params>]"
+ echo >&2 "Usage: $0 <config> [<extra-keygen-params>]"
-mkdir -p keys/$D
-dnssec-keygen $KEYGEN_OPTIONS -K keys/$D "$@" $D
-bin/key-update $D
+if [ ! -f $CFDIR/$C ] ; then
+ echo >&2 "$CFDIR/$C: No such configuration file"
+ exit 1
+fi
+
+Z=$($M4 m4/mkname.m4 $CFDIR/$C)
+echo "Zone name: $Z"
+
+mkdir -p keys/$C
+dnssec-keygen $KEYGEN_OPTIONS -K keys/$C "$@" $Z
+bin/key-update $C
; Here are reverse delegations for two networks. NSC automatically creates
; the PTR records from A records in all mentioned zones. See cf/{0,1}.0.10.
; Here are reverse delegations for two networks. NSC automatically creates
; the PTR records from A records in all mentioned zones. See cf/{0,1}.0.10.
REVERSE(10.0.0, example.com, a.example.com)
REVERSE(10.1.0, example.com, a.example.com, ip6.example.com)
REVERSE(10.0.0, example.com, a.example.com)
REVERSE(10.1.0, example.com, a.example.com, ip6.example.com)
; You can even have reverse zones for larger networks
; You can even have reverse zones for larger networks
--- /dev/null
+dnl ###
+dnl ### NSC -- Zone Name Generator
+dnl ### (c) 2019 Martin Mares <mj@ucw.cz>
+dnl ###
+dnl ### Usage: m4 mkname.m4 domain-source-files >zone-name
+dnl ###
+include(m4/dnslib.m4)
+
+define(`SOA', `ifdef(`CURRENT_DOMAIN',,`define(`CURRENT_DOMAIN',$1)divert(0)$1
+divert(-1)')')