make-broken-zone.sh revision 1.1.1.1
1 #!/usr/bin/env bash 2 3 # create oudated zones 4 CSK=`ldns-keygen -a ECDSAP256SHA256 -k -r /dev/urandom dnssec-failures.test` 5 echo $CSK 6 7 echo ". IN DS 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d" | \ 8 cat $CSK.ds - > bogus/trust-anchors 9 10 # differentiate for MacOS with "gdate" 11 DATE=date 12 which gdate > /dev/null 2>&1 && DATE=gdate 13 14 ONEMONTHAGO=`$DATE -d 'now - 1 month' +%Y%m%d` 15 YESTERDAY=`$DATE -d 'now - 2 days' +%Y%m%d` 16 TOMORROW=`$DATE -d 'now + 2 days' +%Y%m%d` 17 18 ldns-signzone -i $YESTERDAY -f - bogus/dnssec-failures.test $CSK | \ 19 grep -v '^missingrrsigs\.dnssec-failures\.test\..*IN.*RRSIG.*TXT' | \ 20 sed 's/Signatures invalid/Signatures INVALID/g' | \ 21 grep -v '^notyetincepted\.dnssec-failures\.test\..*IN.*TXT' | \ 22 grep -v '^notyetincepted\.dnssec-failures\.test\..*IN.*RRSIG.*TXT' | \ 23 grep -v '^expired\.dnssec-failures\.test\..*IN.*TXT' | \ 24 grep -v '^expired\.dnssec-failures\.test\..*IN.*RRSIG.*TXT' > base 25 ldns-signzone -i $ONEMONTHAGO -e $YESTERDAY -f - bogus/dnssec-failures.test $CSK | \ 26 grep -v '[ ]NSEC[ ]' | \ 27 grep '^expired\.dnssec-failures\.test\..*IN.*TXT' > expired 28 ldns-signzone -i $TOMORROW -f - bogus/dnssec-failures.test $CSK | \ 29 grep -v '[ ]NSEC[ ]' | \ 30 grep '^notyetincepted\.dnssec-failures\.test\..*IN.*TXT' > notyetincepted 31 32 cat base expired notyetincepted > bogus/dnssec-failures.test.signed 33 34 # cleanup old zone keys 35 rm -f $CSK.* 36 # create zone with DNSKEY missing 37 CSK=`ldns-keygen -a ECDSAP256SHA256 -k -r /dev/urandom dnskey-failures.test` 38 echo $CSK 39 cat $CSK.ds >> bogus/trust-anchors 40 41 ldns-signzone -f tmp.signed bogus/dnskey-failures.test $CSK 42 grep -v ' DNSKEY ' tmp.signed > bogus/dnskey-failures.test.signed 43 44 45 # cleanup old zone keys 46 rm -f $CSK.* 47 # create zone with NSEC missing 48 CSK=`ldns-keygen -a ECDSAP256SHA256 -k -r /dev/urandom nsec-failures.test` 49 echo $CSK 50 cat $CSK.ds >> bogus/trust-anchors 51 52 ldns-signzone -f tmp.signed bogus/nsec-failures.test $CSK 53 grep -v ' NSEC ' tmp.signed > bogus/nsec-failures.test.signed 54 55 56 # cleanup old zone keys 57 rm -f $CSK.* 58 # create zone with RRSIGs missing 59 CSK=`ldns-keygen -a ECDSAP256SHA256 -k -r /dev/urandom rrsig-failures.test` 60 echo $CSK 61 cat $CSK.ds >> bogus/trust-anchors 62 63 ldns-signzone -f tmp.signed bogus/rrsig-failures.test $CSK 64 grep -v ' RRSIG ' tmp.signed > bogus/rrsig-failures.test.signed 65 66 # cleanup 67 rm -f base expired notyetincepted tmp.signed $CSK.* 68
Indexes created Sat Feb 28 05:31:39 UTC 2026