[ldns-users] Signzone script for crontab use
Jeroen van der Ham
jeroen at os3.nl
Sat Aug 2 18:12:19 UTC 2014
Hi,
Using NSD and the ldns toolset to re-sign zones, I’ve found that the default settings are not very ideal for use in cron. I initially wrote a three line wrapper script to circumvent this, but I’ve rewritten it now to generalise this a bit more. I’ve implemented it in Bash and Python (there’s no validation or error checking, use at your own risk):
https://github.com/jeroenh/signzone
Couple of observations for ldns:
- It is annoying that ldns-signzone can’t just increase the serial.
- The default expiry period is hard to use with cron, so I’ve changed it to be a month and 2 days, meaning you can just use “1 1 1 * * signzone.py /usr/local/etc/nsd/example.org/example.org” (and have a couple of days in case something goes wrong)
- It is annoying the way that ldns-signzone expects the key arguments. It expects to be pointed to the basename of the key files, and then attaches “.private” to it. It would be a whole lot easier for both general and scripting use if a user could just give the “.private” file directly.
Regards,
Jeroen.
More information about the ldns-users
mailing list