Perl and new DNS zones

  • Get the zonename.
  • Get the sha1-hash of the wire-format of the name, for use with catalog zones:
    use Net::DNS::DomainName;
    use Digest::SHA1 qw(sha1 sha1_hex sha1_base64);;
    my $dn = new Net::DNS::DomainName($ARGV[0]);
    my $hash = sha1_hex($dn->canonical);
  • Write out a zonefile (using perl to generate an appropriate date-based serial number):
    my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time);
    my $serial = ($year + 1900) . sprintf(“%02d”, ($mon + 1)) . sprintf(“%02d”, $mday) . ‘00’;
  • Write a config snippet on to the end of my named.conf, that looks (with better indenting) like:
    zone “zonename.com” {
    type master;
    file “/etc/namedb/m/zonename.com.hosts”;
    key-directory “/etc/namedb/keys”;
    inline-signing yes;
    auto-dnssec maintain;
    };
  • cd to my DNSSEC keys directory and generate two DNSKEYs.
  • Parse the output of dnssec-keygen so I have the filenames to fix their ownership. (I’m running as root, but there’s no way in dnssec-keygen to specify a key owner).
  • Call rndc reconfig to get named to load the zone.
  • Call rndc sign zonename to get DNSSEC going.
  • Do an nsupdate -l to add the appropriate $hash.zones.catalogzonename 3600 IN PTR zonename.com. to my catalog zone.

--

--

--

Gushi/Dan Mahoney is a sysadmin/network operator in Northern Washington, working for a global non-profit, as well as individually.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Optimising Image Processing

Summer Training Program | Day 1 | Linux World | Vimal Daga

Test-Driven Development

Spring Boot Microservices — Part4 — APIGW

3 Tips for R / RStudio Beginners

district0x Dev Update - November 30th, 2021

Managing windows with vim

Install a software package from the Extras Library on an EC2 instance

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Gushi

Gushi

Gushi/Dan Mahoney is a sysadmin/network operator in Northern Washington, working for a global non-profit, as well as individually.

More from Medium

Upgrading to Yocto Honister release

Operating System:Deepin OS Becomes the First Linux Distro to Offer Face Unlock

How a single command literary saved my life

Plugging into Linux kernel upstream discussions