Perl and new DNS zones

  • Get the zonename.
  • Get the sha1-hash of the wire-format of the name, for use with catalog zones:
    use Net::DNS::DomainName;
    use Digest::SHA1 qw(sha1 sha1_hex sha1_base64);;
    my $dn = new Net::DNS::DomainName($ARGV[0]);
    my $hash = sha1_hex($dn->canonical);
  • Write out a zonefile (using perl to generate an appropriate date-based serial number):
    my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time);
    my $serial = ($year + 1900) . sprintf(“%02d”, ($mon + 1)) . sprintf(“%02d”, $mday) . ‘00’;
  • Write a config snippet on to the end of my named.conf, that looks (with better indenting) like:
    zone “zonename.com” {
    type master;
    file “/etc/namedb/m/zonename.com.hosts”;
    key-directory “/etc/namedb/keys”;
    inline-signing yes;
    auto-dnssec maintain;
    };
  • cd to my DNSSEC keys directory and generate two DNSKEYs.
  • Parse the output of dnssec-keygen so I have the filenames to fix their ownership. (I’m running as root, but there’s no way in dnssec-keygen to specify a key owner).
  • Call rndc reconfig to get named to load the zone.
  • Call rndc sign zonename to get DNSSEC going.
  • Do an nsupdate -l to add the appropriate $hash.zones.catalogzonename 3600 IN PTR zonename.com. to my catalog zone.

--

--

--

Gushi/Dan Mahoney is a sysadmin/network operator in Northern Washington, working for a global non-profit, as well as individually.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Serverless Demystified

ProgPoW FAQ

Linear icons in iOS. You will be happy you learned this.

The 7 Habits of Highly Effective Programmers

The Only Programming Interview Question You Need to Prepare For

Bullseye with dart in the middle

Hello xdc network community we are team of developers and marketing managers working on 1st Swap (…

5 Tips and Tricks: Scaling ML with Pachyderm

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Gushi

Gushi

Gushi/Dan Mahoney is a sysadmin/network operator in Northern Washington, working for a global non-profit, as well as individually.

More from Medium

What is an enumeration attack?

Recap: Threat Modelling and Developers

Setup Samsung ML-3312ND Printer on Debian10

Application vs Process vs Thread