Last active
December 20, 2019 08:05
-
-
Save rjsalts/982060fc05527550c37cbacaab4c40ce to your computer and use it in GitHub Desktop.
Add a new zone with rndc addzone on master an slave
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -euo pipefail | |
| IFS=$'\n\t' | |
| # primary name server ips | |
| primary=(192.0.2.2 2001:db8:1::53) | |
| # secondary name server ips | |
| secondary=(192.0.2.3 2001:db8:2::53) | |
| #salt for NSEC3 | |
| salt=$(head -c 512 /dev/urandom | sha1sum | cut -b 1-16) | |
| masters=/var/lib/bind/master | |
| keys=/var/lib/bind/key | |
| zone=${1:?"You need to specify a domain name"} | |
| zone="${zone%.}" | |
| if [ -f "$masters/$zone" ] | |
| then | |
| echo "$zone already exists, do you want to continue (y/n)?" | |
| read zonecontinue | |
| if [[ $zonecontinue != "y" ]];then | |
| echo aborted | |
| exit 1 | |
| fi | |
| else | |
| named-compilezone -F raw -o "$masters/$zone" "$zone" /dev/stdin << EOF | |
| @ 12h SOA a root 1 20m 15m 4w 20m | |
| 12h NS a | |
| 12h NS b | |
| 12h NSEC3PARAM 1 0 10 ${salt} | |
| a 12h IN A ${primary[0]} | |
| a 12h IN AAAA ${primary[1]} | |
| b 12h IN A ${secondary[0]} | |
| b 12h IN AAAA ${secondary[1]} | |
| EOF | |
| chown bind:bind "$masters/$zone" | |
| fi | |
| if [[ $(echo "${keys}"/K"${zone}"* | wc -w) -eq 1 ]]; then | |
| dnssec-keygen -f KSK "$zone" | |
| dnssec-keygen "$zone" | |
| chmod g+r K"$zone"* | |
| chrgrp bind K"$zone"* | |
| fi | |
| rndc addzone '"'"$zone"'" { | |
| type master; | |
| file "'"$masters/$zone"'"; | |
| masterfile-format raw; | |
| auto-dnssec maintain; | |
| update-policy local; | |
| };' | |
| exit 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment