mirror of
https://github.com/maxkratz/coredns-utils.git
synced 2024-09-16 11:58:07 +00:00
Generate a DS record as well
Just generate a DS record, so we don't need to reach for ldns-key2ds for just this part. Signed-off-by: Miek Gieben <miek@miek.nl>
This commit is contained in:
parent
b119049a1e
commit
3f8fe61542
2 changed files with 12 additions and 4 deletions
|
@ -19,10 +19,11 @@ coredns-keygen ZONES...
|
|||
|
||||
For each key pair the following files are created:
|
||||
|
||||
* `K<zone>.+<algorithm>+<keytag>.key` for the DNSKEY RR, and
|
||||
* `K<zone>.+<algorithm>+<keytag>.key` for the DNSKEY RR,
|
||||
* `K<zone>.+<algorithm>+<keytag>.ds` for the DS RR, and,
|
||||
* `K<zone>.+<algorithm>+<keytag>.private` for the private one.
|
||||
|
||||
For each generate key the base name of these file is printed to standard output once.
|
||||
For each generated key the base name of these file is printed to standard output once.
|
||||
|
||||
## Examples
|
||||
|
||||
|
@ -36,5 +37,7 @@ Kexample.net.+013+00440
|
|||
|
||||
## Also See
|
||||
|
||||
dnssec-keygen(8) can also used to generate keys and supports more options. See RFC 4033, 4034, 4035
|
||||
for the whole DNSSEC specification.
|
||||
dnssec-keygen(8) can also used to generate keys and supports more options. ldns-keygen(1) and
|
||||
ldns-key2ds(1) or similar utilities.
|
||||
|
||||
See RFC 4033, 4034, 4035 for the DNSSEC specification.
|
||||
|
|
|
@ -34,6 +34,8 @@ func main() {
|
|||
log.Fatal(err)
|
||||
}
|
||||
|
||||
ds := key.ToDS(dns.SHA256)
|
||||
|
||||
base := fmt.Sprintf("K%s+%03d+%05d", key.Header().Name, key.Algorithm, key.KeyTag())
|
||||
if err := ioutil.WriteFile(base+".key", []byte(key.String()+"\n"), 0644); err != nil {
|
||||
log.Fatal(err)
|
||||
|
@ -41,6 +43,9 @@ func main() {
|
|||
if err := ioutil.WriteFile(base+".private", []byte(key.PrivateKeyString(priv)), 0600); err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
if err := ioutil.WriteFile(base+".ds", []byte(ds.String()+"\n"), 0644); err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
fmt.Println(base) // output keys generated to stdout to mimic dnssec-keygen
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue