From: Martin Mares <mj@ucw.cz>
Date: Tue, 29 Jan 2019 22:00:36 +0000 (+0100)
Subject: DNSSEC: Elementary support in domain lists and Makefiles
X-Git-Tag: v5.1~14^2~12
X-Git-Url: http://mj.ucw.cz/gitweb/?a=commitdiff_plain;h=e1865af4bbc397337b7144cfaf22f86cdf4e09d4;p=nsc-5.git

DNSSEC: Elementary support in domain lists and Makefiles
---

diff --git a/README b/README
index 032e9da..b1987b3 100644
--- a/README
+++ b/README
@@ -1,7 +1,7 @@
 
 	     Domain Name Server Configuration Utilities -- NSC 4.0
 
-		    (c) 1997--2011 Martin Mares <mj@ucw.cz>
+		    (c) 1997--2019 Martin Mares <mj@ucw.cz>
 
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
@@ -216,7 +216,7 @@ H(host)
 
 ADDR(addr...)
 		Specify addresses for the current host. In the normal mode, it
-		creates A records, in the reverse mode, PTR records.
+		creates A/AAAA records, in the reverse mode, PTR records.
 
 H(host, addr...)
 		A shortcut for H(host) ADDR(addr...) -- in many cases everything
@@ -443,7 +443,17 @@ CAVEAT: The backward-compatible IPv6 address syntax with ":v.w.x.y" at the end
 is not supported. All other syntaxes and quirks hopefully are.
 
 
-8. Interaction with M4
+8. DNSSEC support
+~~~~~~~~~~~~~~~~~
+FIXME: Write real docs!
+
+bin/key-gen example.com
+bin/key-gen -f KSK example.com
+bin/key-update
+keys/resign-stamp
+
+
+9. Interaction with M4
 ~~~~~~~~~~~~~~~~~~~~~~
 All config files are fully-fledged M4 scripts, so you can use any M4 features
 you need, the most helpful one being definition of your own macros by
diff --git a/TODO b/TODO
index 8cddb5f..b4dd3f9 100644
--- a/TODO
+++ b/TODO
@@ -1 +1,5 @@
 freebsd: don't use `-f' in hostname
+
+DNSSEC:
+- DS records and dependencies on them
+- NSCVER macro
diff --git a/cf.dist/domains b/cf.dist/domains
index b897470..7d3dcd7 100644
--- a/cf.dist/domains
+++ b/cf.dist/domains
@@ -31,7 +31,9 @@ BLACKHOLE(REV(192.168))
 
 ; A pretty normal example domain (we act as a primary nameserver for it)
 
+DNSSEC(`
 PRIMARY(example.com)
+')
 
 ; It also has a couple of sub-domains and one of them resides on another server
 
diff --git a/m4/dnslib.m4 b/m4/dnslib.m4
index b09d4d1..5499baa 100644
--- a/m4/dnslib.m4
+++ b/m4/dnslib.m4
@@ -70,6 +70,11 @@ define(nsc_iterate, `define(`nsc_iter', defn(`$1'))nsc_itera(shift($@))')
 
 define(REV, `nsc_if_v6($1,`nsc_revblock6($1).ip6.arpa',`nsc_revaddr($1).in-addr.arpa')')
 
+# DNSSEC wrapper
+
+define(`USE_DNSSEC')
+define(`DNSSEC', `define(`USE_DNSSEC',1)$1define(`USE_DNSSEC')')
+
 # A for loop macro from m4 doc
 
 define(`nsc_forloop',
diff --git a/m4/mkmf.m4 b/m4/mkmf.m4
index fcf21a4..8bca929 100644
--- a/m4/mkmf.m4
+++ b/m4/mkmf.m4
@@ -1,6 +1,6 @@
 dnl ###
 dnl ### NSC -- Makefile Builder
-dnl ### (c) 1997--2011 Martin Mares <mj@ucw.cz>
+dnl ### (c) 1997--2019 Martin Mares <mj@ucw.cz>
 dnl ###
 include(m4/dnslib.m4)
 
@@ -10,7 +10,8 @@ define(`PRIMARIES', `')
 
 define(`nsc_prepend_cf_one', ` 'CFDIR/`nsc_file_name($1)')
 define(`nsc_prepend_cf_multi', `nsc_iterate(`nsc_prepend_cf_one', $@)')
-define(`PRIMARY', `divert(0)ZONEDIR/nsc_file_name($1):nsc_prepend_cf_multi($@) $(DDEPS)
+define(`nsc_key_dep', `ifelse(USE_DNSSEC,,,` 'KEYDIR/$1.hash)')
+define(`PRIMARY', `divert(0)ZONEDIR/nsc_file_name($1):nsc_prepend_cf_multi($@)nsc_key_dep($1) $(DDEPS)
 	@bin/genzone nsc_file_name($1)`'nsc_prepend_cf_multi($@)
 
 divert(-1)