DNSSEC: Elementary support in domain lists and Makefiles

diff --git a/README b/README
index 032e9dab4996e0d29ac6607d690bcf2704ba317d..b1987b38b3dddd1a073b761b3a59d13ee246bb7c 100644 (file)
--- a/README
+++ b/README
@@ -1,7 +1,7 @@
 
             Domain Name Server Configuration Utilities -- NSC 4.0
 
-                   (c) 1997--2011 Martin Mares <mj@ucw.cz>
+                   (c) 1997--2019 Martin Mares <mj@ucw.cz>
 
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
@@ -216,7 +216,7 @@ H(host)
 
 ADDR(addr...)
                Specify addresses for the current host. In the normal mode, it
-               creates A records, in the reverse mode, PTR records.
+               creates A/AAAA records, in the reverse mode, PTR records.
 
 H(host, addr...)
                A shortcut for H(host) ADDR(addr...) -- in many cases everything
@@ -443,7 +443,17 @@ CAVEAT: The backward-compatible IPv6 address syntax with ":v.w.x.y" at the end
 is not supported. All other syntaxes and quirks hopefully are.
 
 
-8. Interaction with M4
+8. DNSSEC support
+~~~~~~~~~~~~~~~~~
+FIXME: Write real docs!
+
+bin/key-gen example.com
+bin/key-gen -f KSK example.com
+bin/key-update
+keys/resign-stamp
+
+
+9. Interaction with M4
 ~~~~~~~~~~~~~~~~~~~~~~
 All config files are fully-fledged M4 scripts, so you can use any M4 features
 you need, the most helpful one being definition of your own macros by

diff --git a/TODO b/TODO
index 8cddb5fe294811dc7762a728106e06b956dd26d1..b4dd3f962997e1d7c787f7d0cd29c29c08df4303 100644 (file)
--- a/TODO
+++ b/TODO
@@ -1 +1,5 @@
 freebsd: don't use `-f' in hostname
+
+DNSSEC:
+- DS records and dependencies on them
+- NSCVER macro

diff --git a/cf.dist/domains b/cf.dist/domains
index b8974700087ca933c3e285a46892cd2e074a1041..7d3dcd7e207eed2544541fe296d36d2442018360 100644 (file)
--- a/cf.dist/domains
+++ b/cf.dist/domains
@@ -31,7 +31,9 @@ BLACKHOLE(REV(192.168))
 
 ; A pretty normal example domain (we act as a primary nameserver for it)
 
+DNSSEC(`
 PRIMARY(example.com)
+')
 
 ; It also has a couple of sub-domains and one of them resides on another server
 

diff --git a/m4/dnslib.m4 b/m4/dnslib.m4
index b09d4d1df669b7deba93e8172eb3b06250cbf4e8..5499baa232d61a8c242034bac75bcf38e8199957 100644 (file)
--- a/m4/dnslib.m4
+++ b/m4/dnslib.m4
@@ -70,6 +70,11 @@ define(nsc_iterate, `define(`nsc_iter', defn(`$1'))nsc_itera(shift($@))')
 
 define(REV, `nsc_if_v6($1,`nsc_revblock6($1).ip6.arpa',`nsc_revaddr($1).in-addr.arpa')')
 
+# DNSSEC wrapper
+
+define(`USE_DNSSEC')
+define(`DNSSEC', `define(`USE_DNSSEC',1)$1define(`USE_DNSSEC')')
+
 # A for loop macro from m4 doc
 
 define(`nsc_forloop',

diff --git a/m4/mkmf.m4 b/m4/mkmf.m4
index fcf21a45ae40150d492986730ef0ca4c8cd9978e..8bca9298f4e4b1fea26041161bded8f2f02550c4 100644 (file)
--- a/m4/mkmf.m4
+++ b/m4/mkmf.m4
@@ -1,6 +1,6 @@
 dnl ###
 dnl ### NSC -- Makefile Builder
-dnl ### (c) 1997--2011 Martin Mares <mj@ucw.cz>
+dnl ### (c) 1997--2019 Martin Mares <mj@ucw.cz>
 dnl ###
 include(m4/dnslib.m4)
 
@@ -10,7 +10,8 @@ define(`PRIMARIES', `')
 
 define(`nsc_prepend_cf_one', ` 'CFDIR/`nsc_file_name($1)')
 define(`nsc_prepend_cf_multi', `nsc_iterate(`nsc_prepend_cf_one', $@)')
-define(`PRIMARY', `divert(0)ZONEDIR/nsc_file_name($1):nsc_prepend_cf_multi($@) $(DDEPS)
+define(`nsc_key_dep', `ifelse(USE_DNSSEC,,,` 'KEYDIR/$1.hash)')
+define(`PRIMARY', `divert(0)ZONEDIR/nsc_file_name($1):nsc_prepend_cf_multi($@)nsc_key_dep($1) $(DDEPS)
        @bin/genzone nsc_file_name($1)`'nsc_prepend_cf_multi($@)
 
 divert(-1)