aboutsummaryrefslogtreecommitdiff
path: root/external/unbound/contrib/update-anchor.sh
diff options
context:
space:
mode:
Diffstat (limited to 'external/unbound/contrib/update-anchor.sh')
-rwxr-xr-xexternal/unbound/contrib/update-anchor.sh158
1 files changed, 0 insertions, 158 deletions
diff --git a/external/unbound/contrib/update-anchor.sh b/external/unbound/contrib/update-anchor.sh
deleted file mode 100755
index 95032a082..000000000
--- a/external/unbound/contrib/update-anchor.sh
+++ /dev/null
@@ -1,158 +0,0 @@
-#!/bin/sh
-# update-anchor.sh, update a trust anchor.
-# Copyright 2008, W.C.A. Wijngaards
-# This file is BSD licensed, see doc/LICENSE.
-
-# which validating lookup to use.
-ubhost=unbound-host
-
-usage ( )
-{
- echo "usage: update-anchor [-r hs] [-b] <zone name> <trust anchor file>"
- echo " performs an update of trust anchor file"
- echo " the trust anchor file is overwritten with the latest keys"
- echo " the trust anchor file should contain only keys for one zone"
- echo " -b causes keyfile to be made in bind format."
- echo " without -b the file is made in unbound format."
- echo " "
- echo "alternate:"
- echo " update-anchor [-r hints] [-b] -d directory"
- echo " update all <zone>.anchor files in the directory."
- echo " "
- echo " name the files br.anchor se.anchor ..., and include them in"
- echo " the validating resolver config file."
- echo " put keys for the root in a file with the name root.anchor."
- echo ""
- echo "-r root.hints use different root hints. Strict option order."
- echo ""
- echo "Exit code 0 means anchors updated, 1 no changes, others are errors."
- exit 2
-}
-
-if test $# -eq 0; then
- usage
-fi
-bindformat="no"
-filearg='-f'
-roothints=""
-if test X"$1" = "X-r"; then
- shift
- roothints="$1"
- shift
-fi
-if test X"$1" = "X-b"; then
- shift
- bindformat="yes"
- filearg='-F'
-fi
-if test $# -ne 2; then
- echo "arguments wrong."
- usage
-fi
-
-do_update ( ) {
- # arguments: <zonename> <keyfile>
- zonename="$1"
- keyfile="$2"
- tmpfile="/tmp/update-anchor.$$"
- tmp2=$tmpfile.2
- tmp3=$tmpfile.3
- rh=""
- if test -n "$roothints"; then
- echo "server: root-hints: '$roothints'" > $tmp3
- rh="-C $tmp3"
- fi
- $ubhost -v $rh $filearg "$keyfile" -t DNSKEY "$zonename" >$tmpfile
- if test $? -ne 0; then
- rm -f $tmpfile
- echo "Error: Could not update zone $zonename anchor file $keyfile"
- echo "Cause: $ubhost lookup failed"
- echo " (Is the domain decommissioned? Is connectivity lost?)"
- return 2
- fi
-
- # has the lookup been DNSSEC validated?
- if grep '(secure)$' $tmpfile >/dev/null 2>&1; then
- :
- else
- rm -f $tmpfile
- echo "Error: Could not update zone $zonename anchor file $keyfile"
- echo "Cause: result of lookup was not secure"
- echo " (keys too far out of date? domain changed ownership? need root hints?)"
- return 3
- fi
-
- if test $bindformat = "yes"; then
- # are there any KSK keys on board?
- echo 'trusted-keys {' > "$tmp2"
- if grep ' has DNSKEY record 257' $tmpfile >/dev/null 2>&1; then
- # store KSK keys in anchor file
- grep '(secure)$' $tmpfile | \
- grep ' has DNSKEY record 257' | \
- sed -e 's/ (secure)$/";/' | \
- sed -e 's/ has DNSKEY record \([0-9]*\) \([0-9]*\) \([0-9]*\) /. \1 \2 \3 "/' | \
- sed -e 's/^\.\././' | sort >> "$tmp2"
- else
- # store all keys in the anchor file
- grep '(secure)$' $tmpfile | \
- sed -e 's/ (secure)$/";/' | \
- sed -e 's/ has DNSKEY record \([0-9]*\) \([0-9]*\) \([0-9]*\) /. \1 \2 \3 "/' | \
- sed -e 's/^\.\././' | sort >> "$tmp2"
- fi
- echo '};' >> "$tmp2"
- else #not bindformat
- # are there any KSK keys on board?
- if grep ' has DNSKEY record 257' $tmpfile >/dev/null 2>&1; then
- # store KSK keys in anchor file
- grep '(secure)$' $tmpfile | \
- grep ' has DNSKEY record 257' | \
- sed -e 's/ (secure)$//' | \
- sed -e 's/ has DNSKEY record /. IN DNSKEY /' | \
- sed -e 's/^\.\././' | sort > "$tmp2"
- else
- # store all keys in the anchor file
- grep '(secure)$' $tmpfile | \
- sed -e 's/ (secure)$//' | \
- sed -e 's/ has DNSKEY record /. IN DNSKEY /' | \
- sed -e 's/^\.\././' | sort > "$tmp2"
- fi
- fi # endif-bindformat
-
- # copy over if changed
- diff $tmp2 $keyfile >/dev/null 2>&1
- if test $? -eq 1; then # 0 means no change, 2 means trouble.
- cat $tmp2 > $keyfile
- no_updated=0
- echo "$zonename key file $keyfile updated."
- else
- echo "$zonename key file $keyfile unchanged."
- fi
-
- rm -f $tmpfile $tmp2 $tmp3
-}
-
-no_updated=1
-if test X"$1" = "X-d"; then
- tdir="$2"
- echo "start updating in $2"
- for x in $tdir/*.anchor; do
- if test `basename "$x"` = "root.anchor"; then
- zname="."
- else
- zname=`basename "$x" .anchor`
- fi
- do_update "$zname" "$x"
- done
- echo "done updating in $2"
-else
- # regular invocation
- if test X"$1" = "X."; then
- zname="$1"
- else
- # strip trailing dot from zone name
- zname="`echo $1 | sed -e 's/\.$//'`"
- fi
- kfile="$2"
- do_update $zname $kfile
-fi
-exit $no_updated