plugin/sign: a plugin that signs zone (#2993)

* plugin/sign: a plugin that signs zones Sign is a plugin that signs zone data (on disk). The README.md details what exactly happens to should be accurate related to the code. Signs are signed with a CSK, resigning and first time signing is all handled by *sign* plugin. Logging with a test zone looks something like this: ~~~ txt [INFO] plugin/sign: Signing "miek.nl." because open plugin/sign/testdata/db.miek.nl.signed: no such file or directory [INFO] plugin/sign: Signed "miek.nl." with key tags "59725" in 11.670985ms, saved in "plugin/sign/testdata/db.miek.nl.signed". Next: 2019-07-20T15:49:06.560Z [INFO] plugin/file: Successfully reloaded zone "miek.nl." in "plugin/sign/testdata/db.miek.nl.signed" with serial 1563636548 [INFO] plugin/sign: Signing "miek.nl." because resign was: 10m0s ago [INFO] plugin/sign: Signed "miek.nl." with key tags "59725" in 2.055895ms, saved in "plugin/sign/testdata/db.miek.nl.signed". Next: 2019-07-20T16:09:06.560Z [INFO] plugin/file: Successfully reloaded zone "miek.nl." in "plugin/sign/testdata/db.miek.nl.signed" with serial 1563637748 ~~~ Signed-off-by: Miek Gieben <miek@miek.nl> * Adjust readme and remove timestamps Signed-off-by: Miek Gieben <miek@miek.nl> * Comment on the newline Signed-off-by: Miek Gieben <miek@miek.nl> * Update plugin/sign/README.md Co-Authored-By: Michael Grosser <development@stp-ip.net>
2025-10-27 08:14:18 -04:00 · 2019-08-29 15:41:59 +01:00
parent eec24cb013
commit b8a0b52a5e
21 changed files with 1114 additions and 1 deletions
--- a/plugin/sign/testdata/Kmiek.nl.+013+59725.key
+++ b/plugin/sign/testdata/Kmiek.nl.+013+59725.key
@@ -0,0 +1,5 @@
+; This is a key-signing key, keyid 59725, for miek.nl.
+; Created: 20190709192036 (Tue Jul  9 20:20:36 2019)
+; Publish: 20190709192036 (Tue Jul  9 20:20:36 2019)
+; Activate: 20190709192036 (Tue Jul  9 20:20:36 2019)
+miek.nl. IN DNSKEY 257 3 13 sfzRg5nDVxbeUc51su4MzjgwpOpUwnuu81SlRHqJuXe3SOYOeypR69tZ 52XLmE56TAmPHsiB8Rgk+NTpf0o1Cw==
--- a/plugin/sign/testdata/Kmiek.nl.+013+59725.private
+++ b/plugin/sign/testdata/Kmiek.nl.+013+59725.private
@@ -0,0 +1,6 @@
+Private-key-format: v1.3
+Algorithm: 13 (ECDSAP256SHA256)
+PrivateKey: rm7EdHRca//6xKpJzeoLt/mrfgQnltJ0WpQGtOG59yo=
+Created: 20190709192036
+Publish: 20190709192036
+Activate: 20190709192036
--- a/plugin/sign/testdata/db.miek.nl
+++ b/plugin/sign/testdata/db.miek.nl
@@ -0,0 +1,17 @@
+$TTL    30M
+$ORIGIN miek.nl.
+@       IN      SOA     linode.atoom.net. miek.miek.nl. ( 1282630060 4H 1H 7D 4H )
+                IN      NS      linode.atoom.net.
+                IN      MX      1  aspmx.l.google.com.
+		IN 	AAAA    2a01:7e00::f03c:91ff:fe79:234c
+		IN	DNSKEY  257 3 13 sfzRg5nDVxbeUc51su4MzjgwpOpUwnuu81SlRHqJuXe3SOYOeypR69tZ52XLmE56TAmPHsiB8Rgk+NTpf0o1Cw==
+
+a		IN 	AAAA    2a01:7e00::f03c:91ff:fe79:234c
+www     	IN 	CNAME 	a
+
+
+bla                 IN  NS      ns1.bla.com.
+ns3.blaaat.miek.nl. IN  AAAA    ::1 ; non-glue, should be signed.
+; in baliwick nameserver that requires glue, should not be signed
+bla                 IN  NS      ns2.bla.miek.nl.
+ns2.bla.miek.nl.    IN  A       127.0.0.1