mirror of
https://github.com/NLnetLabs/unbound.git
synced 2024-09-21 14:47:09 +00:00
root hints update-anchor.sh
git-svn-id: file:///svn/unbound/trunk@1732 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
parent
f1bd145b60
commit
658e84f7a0
@ -8,7 +8,7 @@ ubhost=unbound-host
|
|||||||
|
|
||||||
usage ( )
|
usage ( )
|
||||||
{
|
{
|
||||||
echo "usage: update-anchor [-b] <zone name> <trust anchor file>"
|
echo "usage: update-anchor [-r hs] [-b] <zone name> <trust anchor file>"
|
||||||
echo " performs an update of trust anchor file"
|
echo " performs an update of trust anchor file"
|
||||||
echo " the trust anchor file is overwritten with the latest keys"
|
echo " the trust anchor file is overwritten with the latest keys"
|
||||||
echo " the trust anchor file should contain only keys for one zone"
|
echo " the trust anchor file should contain only keys for one zone"
|
||||||
@ -16,13 +16,15 @@ usage ( )
|
|||||||
echo " without -b the file is made in unbound format."
|
echo " without -b the file is made in unbound format."
|
||||||
echo " "
|
echo " "
|
||||||
echo "alternate:"
|
echo "alternate:"
|
||||||
echo " update-anchor [-b] -d directory"
|
echo " update-anchor [-r hints] [-b] -d directory"
|
||||||
echo " update all <zone>.anchor files in the directory."
|
echo " update all <zone>.anchor files in the directory."
|
||||||
echo " "
|
echo " "
|
||||||
echo " name the files br.anchor se.anchor ..., and include them in"
|
echo " name the files br.anchor se.anchor ..., and include them in"
|
||||||
echo " the validating resolver config file."
|
echo " the validating resolver config file."
|
||||||
echo " put keys for the root in a file with the name root.anchor."
|
echo " put keys for the root in a file with the name root.anchor."
|
||||||
echo ""
|
echo ""
|
||||||
|
echo "-r root.hints use different root hints. Strict option order."
|
||||||
|
echo ""
|
||||||
echo "Exit code 0 means anchors updated, 1 no changes, others are errors."
|
echo "Exit code 0 means anchors updated, 1 no changes, others are errors."
|
||||||
exit 2
|
exit 2
|
||||||
}
|
}
|
||||||
@ -32,6 +34,12 @@ if test $# -eq 0; then
|
|||||||
fi
|
fi
|
||||||
bindformat="no"
|
bindformat="no"
|
||||||
filearg='-f'
|
filearg='-f'
|
||||||
|
roothints=""
|
||||||
|
if test X"$1" = "X-r"; then
|
||||||
|
shift
|
||||||
|
roothints="$1"
|
||||||
|
shift
|
||||||
|
fi
|
||||||
if test X"$1" = "X-b"; then
|
if test X"$1" = "X-b"; then
|
||||||
shift
|
shift
|
||||||
bindformat="yes"
|
bindformat="yes"
|
||||||
@ -46,10 +54,15 @@ do_update ( ) {
|
|||||||
# arguments: <zonename> <keyfile>
|
# arguments: <zonename> <keyfile>
|
||||||
zonename="$1"
|
zonename="$1"
|
||||||
keyfile="$2"
|
keyfile="$2"
|
||||||
tmp2=$tmpfile.2
|
|
||||||
|
|
||||||
tmpfile="/tmp/update-anchor.$$"
|
tmpfile="/tmp/update-anchor.$$"
|
||||||
$ubhost -v $filearg "$keyfile" -t DNSKEY "$zonename" >$tmpfile
|
tmp2=$tmpfile.2
|
||||||
|
tmp3=$tmpfile.3
|
||||||
|
rh=""
|
||||||
|
if test -n "$roothints"; then
|
||||||
|
echo "server: root-hints: '$roothints'" > $tmp3
|
||||||
|
rh="-C $tmp3"
|
||||||
|
fi
|
||||||
|
$ubhost -v $rh $filearg "$keyfile" -t DNSKEY "$zonename" >$tmpfile
|
||||||
if test $? -ne 0; then
|
if test $? -ne 0; then
|
||||||
rm -f $tmpfile
|
rm -f $tmpfile
|
||||||
echo "Error: Could not update zone $zonename anchor file $keyfile"
|
echo "Error: Could not update zone $zonename anchor file $keyfile"
|
||||||
@ -65,7 +78,7 @@ do_update ( ) {
|
|||||||
rm -f $tmpfile
|
rm -f $tmpfile
|
||||||
echo "Error: Could not update zone $zonename anchor file $keyfile"
|
echo "Error: Could not update zone $zonename anchor file $keyfile"
|
||||||
echo "Cause: result of lookup was not secure"
|
echo "Cause: result of lookup was not secure"
|
||||||
echo " (keys too far out of date? domain changed ownership?)"
|
echo " (keys too far out of date? domain changed ownership? need root hints?)"
|
||||||
return 3
|
return 3
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -115,7 +128,7 @@ do_update ( ) {
|
|||||||
echo "$zonename key file $keyfile unchanged."
|
echo "$zonename key file $keyfile unchanged."
|
||||||
fi
|
fi
|
||||||
|
|
||||||
rm -f $tmpfile $tmp2
|
rm -f $tmpfile $tmp2 $tmp3
|
||||||
}
|
}
|
||||||
|
|
||||||
no_updated=1
|
no_updated=1
|
||||||
|
@ -1,5 +1,6 @@
|
|||||||
20 July 2009: Wouter
|
20 July 2009: Wouter
|
||||||
- Ignore transient sendto errors, no route to host, and host, net down.
|
- Ignore transient sendto errors, no route to host, and host, net down.
|
||||||
|
- contrib/update-anchor.sh has -r option for root-hints.
|
||||||
|
|
||||||
16 July 2009: Wouter
|
16 July 2009: Wouter
|
||||||
- fix replacement malloc code. Used in crosscompile.
|
- fix replacement malloc code. Used in crosscompile.
|
||||||
|
Loading…
Reference in New Issue
Block a user