Merge remote-tracking branch 'upstream/master'

asn/AS211876.toml

@@ -1,4 +1,4 @@
-name = "FIXMIX-AS"
+name = "FIXMIX-GEN"
 owner = "David Liu"
 description = "fixmix Global Experimental Network"
 source = "Internet"

asn/AS4201270021.toml

@@ -1,4 +1,4 @@
-name = "FIXMIX-AS-NEONETWORK"
+name = "FIXMIX-NEO"
 owner = "David Liu"
 description = "fixmix NeoNetwork Network"
 

asn/AS4201270022.toml

@@ -0,0 +1,3 @@
+name = "lilydjwg"
+owner = "lilydjwg"
+desc = "lilydjwg's network"

asn/AS4242421876.toml

@@ -1,3 +1,3 @@
-name = "FIXMIX-AS-DN42"
+name = "FIXMIX-42"
 owner = "David Liu"
 description = "fixmix DN42 Network"

dns/db.10.127

@@ -1,15 +1,15 @@
 ; NeoNetwork DNS Record
-$TTL	604800
-@	IN	SOA	NeoPDP-11.neo. root.neo. (
+$TTL    3600
+@	IN	SOA	root-dns.neo. root.neo. (
             4096    ; Serial
-			604800	; Refresh
-			86400	; Retry
-			2419200	; Expire
-			604800 )	; Negative Cache TTL
+             900    ; Refresh
+             900    ; Retry
+           86400    ; Expire
+             900 )  ; Negative Cache TTL
 ;
 @              IN    NS     NeoPDP-11.neo.
 
-; 
+
 1.1            IN    PTR    NeoPDP-11.neo.
 40.1           IN    PTR    cklvax.neo.
 63.1           IN    PTR    NNPCC.neo.
@@ -58,6 +58,8 @@ $TTL	604800
 
 9              IN    NS     ns1.jerry.neo.
 9              IN    NS     ns2.jerry.neo.
+9              IN    NS     ns3.jerry.neo.
+9              IN    DS     35017 13 2 31AA09841AF1F44753F0733ECD32A19E45368AAD4136B6AC75A3DCD257EFAA5C
 
 10             IN    NS     ns-anycast.lantian.neo.
 10             IN    NS     ns1.lantian.neo.
@@ -65,6 +67,9 @@ $TTL	604800
 10             IN    NS     ns3.lantian.neo.
 10             IN    NS     ns4.lantian.neo.
 10             IN    NS     ns5.lantian.neo.
+10             IN    DS     53292 13 1 13DCA067F09A9937FC8F5B649DF3A84EDEF70294
+10             IN    DS     53292 13 2 7AC5C59806459C390DE0A078DE05F726C882D362E307F747AE358C1A3610228B
+10             IN    DS     53292 13 4 17C4FC53AE45A90840779DF75A5640E20126F732F69BFA848C878AC008484368A9B6325B31ED70F5FD77D9676545667C
 
 11             IN    NS     ns1.sun.dn42.
 
@@ -72,3 +77,10 @@ $TTL	604800
 12             IN    NS     ns2.yangfl.dn42.
 
 21             IN    NS     ns.iedon.neo.
+
+127            IN    NS     ns1.yura.dn42.
+127            IN    NS     ns2.yura.dn42.
+
+66             IN    NS     ns1.fixmix.neo.
+66             IN    NS     ns2.fixmix.neo.
+66             IN    NS     ns3.fixmix.neo.

dns/db.fd10.127

@@ -1,11 +1,11 @@
 ; NeoNetwork DNS Record
-$TTL	604800
-@	IN	SOA	NeoPDP-11.neo. root.neo. (
+$TTL	3600
+@	IN	SOA	root-dns.neo. root.neo. (
             4096    ; Serial
-			604800	; Refresh
-			86400	; Retry
-			2419200	; Expire
-			604800 )	; Negative Cache TTL
+             900    ; Refresh
+             900    ; Retry
+           86400    ; Expire
+             900 )  ; Negative Cache TTL
 ;
 @                                                      IN    NS     NeoPDP-11.neo.
 
@@ -20,6 +20,8 @@ $TTL	604800
 ; DELEGATED ZONES
 3.5.0.0                                                IN    NS     ns1.jerry.neo.
 3.5.0.0                                                IN    NS     ns2.jerry.neo.
+3.5.0.0                                                IN    NS     ns3.jerry.neo.
+3.5.0.0                                                IN    DS     53626 13 2 F7F6AFCCA1CEC26E2A6EE9FAC9E11975260F00B8DC287D0B0FF428F775C62C5D
 
 0.1.0.0                                                IN    NS     ns-anycast.lantian.neo.
 0.1.0.0                                                IN    NS     ns1.lantian.neo.
@@ -27,6 +29,17 @@ $TTL	604800
 0.1.0.0                                                IN    NS     ns3.lantian.neo.
 0.1.0.0                                                IN    NS     ns4.lantian.neo.
 0.1.0.0                                                IN    NS     ns5.lantian.neo.
+0.1.0.0                                                IN    DS     11807 13 1 6B42025140C9BBDDA0460429B5641651B1553D78
+0.1.0.0                                                IN    DS     11807 13 2 BBADC27B4EBFC90CBA79F4E69E4F167B9FFAF664B071F4CC46196902054B0910
+0.1.0.0                                                IN    DS     11807 13 4 CB48D8BABA0E44B9D363D3142463014EBDE6D28E15997EA8FB5FDBD42FDCF1CF3846E63925A5910DDD6A192571AEBD93
 
 7.0.0.0                                                IN    NS     ns1.staph.neo.
+
+7.2.1.0                                                IN    NS     ns1.yura.dn42.
+7.2.1.0                                                IN    NS     ns2.yura.dn42.
+
 1.1.e.e                                                IN    NS     ns1.sun.dn42.
+
+6.6.a.a                                                IN    NS     ns1.fixmix.neo.
+6.6.a.a                                                IN    NS     ns2.fixmix.neo. 
+6.6.a.a                                                IN    NS     ns3.fixmix.neo.

dns/dnssec/10.127.keys

@@ -0,0 +1 @@
+127.10.in-addr.arpa. 600 IN DNSKEY 257 3 13 QVgt1c+OlL9X9jrnD39njabYFCi2eEYjLI5AvpXT6HWAF1BbAOfNm/56 4OeU03oDcCgQ6zNQMV0FNPvrk53K0w==

dns/dnssec/fd10.127.keys

@@ -0,0 +1 @@
+7.2.1.0.0.1.d.f.ip6.arpa. 600 IN DNSKEY 257 3 13 sI90N0KcwXtpqNDmsagKH/761EzsjSlGyYxx338qRrDlzRwXQPG6bO1m HoTdnKrWBcd1JqYM0/tgDXKep7dJgA==

dns/dnssec/neo.keys

@@ -0,0 +1 @@
+neo. 600 IN DNSKEY 257 3 13 jDd4k21xTgqOFqtvQkeqdQs/RH5+SU+vFchqnOHk5yaEL6EQDOKNuYJ2 C4ld+tVHf007GgbKX6BC68uMU8iGIg==

dns/neonetwork

@@ -1,17 +1,16 @@
 ; NeoNetwork DNS Record
-
-$TTL	604800
-@	IN	SOA	NeoPDP-11.neo. root.neo. (
+$TTL	3600
+@	IN	SOA	root-dns.neo. root.neo. (
             4096    ; Serial
-			604800	; Refresh
-			86400	; Retry
-			2419200	; Expire
-			604800 )	; Negative Cache TTL
+             900    ; Refresh
+             900    ; Retry
+           86400    ; Expire
+             900 )  ; Negative Cache TTL
 ;
 
 ; NeoNetwork Original
-@		IN	NS	NeoPDP-11.neo.
-@		IN	A	10.127.1.1
+@                         IN    NS       root-dns.neo.
+@                         IN    TXT      "brought to you by NeoPDP-11"
 root                      IN    CNAME    neo.
 NeoPDP-11                 IN    A        10.127.255.1
 caasih                    IN    A        10.127.2.16
@@ -37,10 +36,14 @@ edwardp     IN  AAAA fd10:127:2f2f::
 ; DELEGATED ZONES
 jerry                     IN    NS       ns1.jerry
 jerry                     IN    NS       ns2.jerry
+jerry                     IN    NS       ns3.jerry
+jerry                     IN    DS       18792 13 2 2F335456EEE70FC4833886E5EEDC28E7195E90E2A337860B3E805D5EB9F3A804
 ns1.jerry                 IN    A        10.127.8.193
 ns1.jerry                 IN    AAAA     fd10:127:53::1
 ns2.jerry                 IN    A        10.127.8.216
 ns2.jerry                 IN    AAAA     fd10:127:53:100::1
+ns3.jerry                 IN    A        10.127.8.208
+ns3.jerry                 IN    AAAA     fd10:127:53:200::1
 
 kp                        IN    NS       ns1.kp
 ns1.kp                    IN    A        10.127.39.1
@@ -56,6 +59,9 @@ lantian            IN  NS    ns2.lantian
 lantian                   IN    NS       ns3.lantian
 lantian                   IN    NS       ns4.lantian
 lantian                   IN    NS       ns5.lantian
+lantian                   IN    DS       47346 13 1 BF0E344C96838564CF9DBA3889AAE6E3DA5F6835
+lantian                   IN    DS       47346 13 2 1023D2C40803BA13F2148BC67A09E50A3157EE3E7B1DC2C22041D3B981E976E3
+lantian                   IN    DS       47346 13 4 1DBFA42E78F699241042E18061218CC2DEA7A69884E634165CE99AA5C65ECF4DF7DA16B382494A5AE7D781AB9A3BB1C5
 ns-anycast.lantian        IN    A        10.127.10.254
 ns-anycast.lantian        IN    AAAA     fd10:127:10:2547::54
 ns1.lantian               IN    A        10.127.10.1
@@ -86,3 +92,27 @@ ns1.aoscnet IN	A     10.127.7.251
 ns1.aoscnet               IN    AAAA     fd10:127:7:2672::1:1
 ns2.aoscnet               IN    A        10.127.7.252
 ns2.aoscnet               IN    AAAA     fd10:127:7:2672::1:3
+
+yura                      IN    NS       ns.yura
+yura                      IN    NS       ns1.yura
+yura                      IN    NS       ns2.yura
+yura                      IN    DS       63132 15 1 0E03FCE3B54D9FC84A12CC6CF36A71158AA88933
+yura                      IN    DS       63132 15 2 75C0A884399D5ECA686EC35287CDAC2A756D94C30815A0055B88B068F3C947A7
+yura                      IN    DS       63132 15 4 C4BB952FC40FA0185499A4E613864A29FC06FC8014299F2F3702A6E6420D3C054545A11566B95211C2C678F1F6F255F3
+ns.yura                   IN    A        10.127.127.125
+ns.yura                   IN    AAAA     fd10:127:127:53::
+ns1.yura                  IN    AAAA     fd10:127:127:53a::1
+ns2.yura                  IN    AAAA     fd10:127:127:53b::1
+
+fixmix                    IN    NS       ns1.fixmix
+fixmix                    IN    NS       ns2.fixmix
+fixmix                    IN    NS       ns3.fixmix
+david                     IN    NS       ns1.fixmix
+david                     IN    NS       ns2.fixmix
+david                     IN    NS       ns3.fixmix
+ns1.fixmix                IN    A        10.127.66.59
+ns2.fixmix                IN    A        10.127.66.54
+ns3.fixmix                IN    A        10.127.66.52
+ns1.fixmix                IN    AAAA     fd10:127:aa66:11::
+ns2.fixmix                IN    AAAA     fd10:127:aa66:21::
+ns3.fixmix                IN    AAAA     fd10:127:aa66:31::

dns/rfc2317.toml

@@ -1,8 +1,11 @@
 ["10.127.8.64/26"]
-ns = ["ns1.jerry.neo.", "ns2.jerry.neo."]
+NS = ["ns1.jerry.neo.", "ns2.jerry.neo.", "ns3.jerry.neo."]
+DS = ["12536 13 2 A2AEEFCDB5F0BB6C4AC075EF1034C5635AEFE5A2DA9E7FF7D8BBE53B5E61E8E3"]
+TTL = -1
 
 ["10.127.8.192/26"]
-ns = ["ns1.jerry.neo.", "ns2.jerry.neo."]
+NS = ["ns1.jerry.neo.", "ns2.jerry.neo.", "ns3.jerry.neo."]
+DS = ["24982 13 2 463EAE9D8248179806321A2ED3F05377234FD13DF0C2F20428C3B148F9C31B3D"]
 
 ["10.127.8.160/27"]
-ns = ["ns1.staph.neo."]
+NS = ["ns1.staph.neo."]

entity/Yura.toml

@@ -1,18 +1,9 @@
 name = "Yura"
-babel = [
-    "zh-N",
-    "zh-hans-N",
-    "zh-hant-2",
-    "zh-yue-2",
-    "en-3",
-    "ru-0",
-    "fi-0",
-    "ar-0",
-    "jp-0"
-]
+babel = []
 
 [contact]
 email = "yurachan@etlgr.com"
+telegram = "@noc2464"
 
 [persona]
 pgp = "9E525A59D24A4041CA3C32BBF75C0CDC951918BE"

entity/liangjw.toml

@@ -9,7 +9,7 @@ babel = [
 ]
 
 [contact]
-email = "liangjw@etlgr.com"
+email = "dn42@cas7.moe"
 telegram = "liangjw"
 
 [persona]

entity/lilydjwg.toml

@@ -0,0 +1,6 @@
+name = "lilydjwg"
+
+[contact]
+email = "lilydjwg@gmail.com"
+github = "lilydjwg"
+telegram = "@lilydjwg"

route/AS211876.toml

@@ -1,9 +1,9 @@
 ["10.127.66.0/24"]
 type = "subnet"
-name = "FIXMIX-NET-NEOV4A"
-description = "fixmix NeoNetwork Network - IPv4 A"
+name = "FIXMIX-NET4-NEOA"
+description = "fixmix Technologies NeoNetwork IPv4 Block"
 
 ["fd10:127:aa66::/48"]
 type = "subnet"
-name = "FIXMIX-NET-NEOV6A"
-description = "fixmix NeoNetwork Network - IPv6 A"
+name = "FIXMIX-NET6-NEOA"
+description = "fixmix Technologies NeoNetwork IPv6 Block"

route/AS4201270016.toml

@@ -1,4 +1,9 @@
-["10.127.64.0/27"]
+["10.127.64.0/24"]
 type = "subnet"
-name = "Moecast Network"
-description = "Moecast Network Public Service"
+name = "MOECAST-EXP-NET"
+description = "Moecast Network Experimental Network"
+
+["fd10:127:64::/48"]
+type = "subnet"
+name = "MOECAST-EXP-NET-NG"
+description = "Moecast Network Experimental Network NextGen"

route/AS4201270021.toml

@@ -1,9 +1,9 @@
 ["10.127.66.0/24"]
 type = "subnet"
-name = "FIXMIX-NET-NEOV4A"
-description = "fixmix NeoNetwork Network - IPv4 A"
+name = "FIXMIX-NET4-NEOA"
+description = "fixmix Technologies NeoNetwork IPv4 Block"
 
 ["fd10:127:aa66::/48"]
 type = "subnet"
-name = "FIXMIX-NET-NEOV6A"
-description = "fixmix NeoNetwork Network - IPv6 A"
+name = "FIXMIX-NET6-NEOA"
+description = "fixmix Technologies NeoNetwork IPv6 Block"

route/AS4201270022.toml

@@ -0,0 +1,9 @@
+["10.127.8.136/29"]
+type = "subnet"
+name = "lilydjwg"
+description = "lilydjwg"
+
+["fd10:127:ba7e::/48"]
+type = "subnet"
+name = "lilydjwg"
+description = "lilydjwg"

route/AS4242421876.toml

@@ -1,9 +1,9 @@
 ["10.127.66.0/24"]
 type = "subnet"
-name = "FIXMIX-NET-NEOV4A"
-description = "fixmix NeoNetwork Network - IPv4 A"
+name = "FIXMIX-NET4-NEOA"
+description = "fixmix Technologies NeoNetwork IPv4 Block"
 
 ["fd10:127:aa66::/48"]
 type = "subnet"
-name = "FIXMIX-NET-NEOV6A"
-description = "fixmix NeoNetwork Network - IPv6 A"
+name = "FIXMIX-NET6-NEOA"
+description = "fixmix Technologies NeoNetwork IPv6 Block"

route/AS4242422464.toml

@@ -1,4 +1,38 @@
 ["10.127.127.0/24"]
 type = "subnet"
 name = "Yura Moe NET"
-description = "Yura Network"
+description = "Yura Neo Network"
+
+["fd10:127:127::/48"]
+type = "subnet"
+name = "Yura Neo2"
+description = "Yura Neo Network2"
+
+["10.127.127.127/32"]
+type = "loopback"
+name = "Yura Neo Anycast"
+description = "Yura Anycast4 Services"
+supernet = "10.127.127.0/24"
+
+["fd10:127:127:53::/64"]
+type = "loopback"
+name = "Yura Neo2 Anycast"
+description = "Yura Anycast6 Services"
+supernet = "fd10:127:127::/48"
+
+["10.127.127.125/32"]
+type = "loopback"
+name = "Yura Neo Anycast"
+description = "Yura Anycast4 Authoritative DNS"
+supernet = "10.127.127.0/24"
+
+["10.127.255.54/32"]
+type = "loopback"
+name = "anycast-recur-4"
+description = "Anycast recursive DNS"
+
+["fd10:127:53:53::/64"]
+type = "loopback"
+name = "anycast-recur-6"
+description = "Anycast recursive DNS"
+supernet = "fd10:127:53::/48"

scripts/check-named-zones.sh

@@ -13,10 +13,10 @@ install() {
 install || { sudo apt update -qq; install; }
 
 check() {
-    PATH=/sbin:/usr/sbin:$PATH named-checkzone -i local $@
+    PATH=/sbin:/usr/sbin:$PATH named-checkzone -i local -l 86400 $@
 }
 
-pushd dns
+pushd generated/dns
 
 check 'neo'                      neonetwork
 check '127.10.in-addr.arpa'      db.10.127

scripts/dns-generator.py

@@ -11,15 +11,17 @@ RFC2317_FILE = Path("dns", "rfc2317.toml")
 def iter_rfc2317_entry():
     entries = toml.loads(RFC2317_FILE.read_text())
     for (route, attributes) in entries.items():
-        ns = attributes.get('ns')
-        yield(route, ns)
+        ns = attributes.get('NS')
+        ds = attributes.get('DS', list())
+        ttl = attributes.get('TTL', -1)
+        yield(route, ns, ds, ttl)
 
 def main():
     orignal = RESOLVE_FILE.read_text()
     records = [orignal, "; AUTOGENERATED"]
     records.extend(("", "; rfc2317"))
-    for route, ns in iter_rfc2317_entry():
-        records.extend(gen_reverse_pointers(route, ns))
+    for route, ns, ds, ttl in iter_rfc2317_entry():
+        records.extend(gen_reverse_pointers(route, ns, ds, ttl))
         records.append("")
 
     RESOLVE_FILE.write_text("\n".join(records))

scripts/generate-roa.sh

@@ -12,7 +12,9 @@ mkdir -p generated
 mkdir -p generated/dns
 
 scripts/dns-generator.py
+scripts/update-zone-serial.py
 cp -R dns/* generated/dns
+scripts/check-named-zones.sh
 
 scripts/roa.py -m "$MAX_LEN_4" -M "$MAX_LEN_6" -o generated/roa46_bird2.conf
 scripts/roa.py -m "$MAX_LEN_4" -M "$MAX_LEN_6" -4 -o generated/roa4_bird2.conf
@@ -21,5 +23,3 @@ scripts/roa.py -m "$MAX_LEN_4" -M "$MAX_LEN_6" -j -o generated/roa46.json
 scripts/roa.py -m "$MAX_LEN_4" -M "$MAX_LEN_6" -e -o generated/neonetwork.json
 scripts/roa.py -m "$MAX_LEN_4" -M "$MAX_LEN_6" -r -o generated/rfc8416.json
 scripts/roa.py --summary --output generated/README.md
-
-scripts/check-named-zones.sh

scripts/named-formatzone.py

@@ -0,0 +1,56 @@
+#!/usr/bin/env python3
+
+# highly explosive
+
+import argparse
+from pathlib import Path
+
+if __name__ == "__main__":
+    parser = argparse.ArgumentParser('named-formatzone')
+    parser.add_argument("file")
+    args = parser.parse_args()
+    zonefile = Path(args.file)
+    zonelines = zonefile.read_text().split('\n')
+    formatted = list()
+    max_length = [0, 0, 0, 0, 0]
+    in_soa = False
+
+    def iter_lines(scan_only=True):
+        soafound = None
+        for rline in zonelines:
+            line, *comments = rline.split(';')
+            comments = ";".join(comments)
+            line = line.strip()
+            if "SOA" in line and soafound is None:
+                soafound = True
+            else:
+                if "IN" in line and soafound is True:
+                    soafound = False
+            if soafound is False and line:
+                cols = line.split()
+                if len(cols) != 5:
+                    cols.insert(1, "")
+                print(cols)
+                name, ttl, _in, rrtype, *record = cols
+                record = " ".join(record)
+                cols = (name, ttl, _in, rrtype, record)
+                assert _in == "IN"
+                if scan_only:
+                    for i, entry in enumerate(cols):
+                        max_length[i] = max(max_length[i], len(entry))
+                else:
+                    fmtlline = list()
+                    for i, entry in enumerate(cols):
+                        entry += " "*(max_length[i]-len(entry)+3)
+                        if entry:
+                            fmtlline.append(entry)
+                    fmtline = " ".join(fmtlline)
+                    formatted.append(f"{fmtline} ;{comments}" if comments else fmtline)
+                    formatted[-1] = formatted[-1].strip()
+            else:
+                if not scan_only:
+                    formatted.append(rline)
+    iter_lines()
+    iter_lines(False)
+
+    zonefile.write_text("\n".join(formatted))

scripts/requirements.txt

@@ -1,3 +1,4 @@
 netaddr==0.8.0
 tabulate==0.8.7
 toml==0.10.1
+dnspython==2.1.0

scripts/rfc2317.py

@@ -8,19 +8,22 @@ def truncate(rev: str) -> str:
     rev = rev[:-len(ZONE)]
     return rev
 
-def gen_reverse_pointers(network: str, ns: list) -> list:
+def gen_reverse_pointers(network: str, ns: list, ds: list = [], ttl: int = -1) -> list:
+    ttl = f"{ttl} " if 900 <= ttl <= 86400 else ""
     buf = list()
     net = ipaddress.IPv4Network(network, strict=True)
     assert net.prefixlen > 24
     netrev = truncate(net.reverse_pointer)
     for _ns in ns:
-        buf.append(f"{netrev:<10s} IN NS    {_ns}")
+        buf.append(f"{netrev} {ttl}IN NS {_ns}")
+    for _ds in ds:
+        buf.append(f"{netrev} {ttl}IN DS {_ds}")
 
     for addr in net:
         cnamefr = truncate(addr.reverse_pointer)
         cnameto = f"{int.from_bytes(addr.packed, byteorder='big', signed=False) & 0xff}.{netrev}"
-        buf.append(f"{cnamefr:<10s} IN CNAME {cnameto}")
+        buf.append(f"{cnamefr} {ttl}IN CNAME {cnameto}")
     return buf
 
 if __name__ == "__main__":
-    print("\n".join(gen_reverse_pointers('10.127.8.64/26', ['ns1.jerry.neo.'])))
+    print("\n".join(gen_reverse_pointers('10.127.8.64/26', ['ns1.jerry.neo.'], ['18792 13 2 2F335456EEE70FC4833886E5EEDC28E7195E90E2A337860B3E805D5EB9F3A804'], ttl=1500)))

scripts/roa.py

@@ -13,6 +13,11 @@ from pathlib import Path
 import netaddr
 import toml
 from tabulate import tabulate
+# dnssec
+from base64 import b64decode
+from dns.dnssec import make_ds
+from dns.rdtypes.ANY.DNSKEY import DNSKEY
+
 
 NEO_NETWORK_POOL = [ip_network("10.127.0.0/16"), ip_network("fd10:127::/32")]
 
@@ -165,6 +170,31 @@ def prehandle_roa(asn_table: dict, args):
         r["prefix"] = r["prefix"].with_prefixlen
     return roa4, roa6
 
+def export_dnssec_dnskey():
+    def ds_from_dnskey(zone, flags, protocol, algorithm, *key):
+        dnspy_dnskey = DNSKEY("IN", "DNSKEY", int(flags), int(protocol), int(algorithm), b64decode(" ".join(key)))
+        return make_ds(zone, dnspy_dnskey, "SHA256").to_text()
+    dnskey_path = Path("dns") / "dnssec"
+    dnskeys = list()
+    for f in dnskey_path.iterdir():
+        if f.name.endswith(".keys"):
+            zonekey = {"zone": "", "records": list()}
+            records = f.read_text().split("\n")
+            records = [r.split() for r in records if r]
+            for zone, _ttl, _in, _dnskey, *dnskey in records:
+                int(_ttl)
+                assert _in == "IN" and _dnskey == "DNSKEY"
+                if not zonekey["zone"]:
+                    zonekey["zone"] = zone
+                else:
+                    assert zonekey["zone"] == zone
+                zonekey["records"].append({
+                    "dnskey": " ".join(dnskey),
+                    "ds": ds_from_dnskey(zone, *dnskey),
+                })
+            if zonekey["zone"]:
+                dnskeys.append(zonekey)
+    return dnskeys
 
 def make_export(roa4, roa6):
     def modify_entity(entity):
@@ -204,6 +234,7 @@ def make_export(roa4, roa6):
             }
             for owner, entity in entities.items()
         },
+        "dnssec": export_dnssec_dnskey()
     }
     return json.dumps(output, indent=2)
 

scripts/update-zone-serial.py

@@ -0,0 +1,50 @@
+#!/usr/bin/env python3
+from pathlib import Path
+import subprocess
+from time import time
+from re import match
+from os import chdir
+
+zone_files = [
+    'neonetwork',
+    'db.10.127',
+    'db.fd10.127',
+]
+
+serial_base = 1586876035
+new_serial = int(time()) - serial_base
+
+def update_serial_to(zone: Path, serial: int = 0) -> int:
+    lines = zone.read_text().split("\n")
+    processed = list()
+    assert 0 <= serial <= 2**32
+    found = False
+    old_serial = None
+    for line in lines:
+        if not found and (m := match(r"^(\s+)([0-9]+)(\s*;\s*Serial\s*)$", line)):
+            prefix, old_serial, suffix = m.groups()
+            old_serial = int(old_serial)
+            print(f"{old_serial=} {serial=}")
+            plen = max(len(prefix) - len(str(serial)) + len(str(old_serial)), 0)
+            processed.append(f"{' '*plen}{serial}{suffix}")
+            found = True
+        else:
+            processed.append(line)
+    if serial:
+        zone.write_text("\n".join(processed))
+    return old_serial
+
+for zone in zone_files:
+    gen_zone = Path("generated") / "dns" / zone
+    repo_zone = Path("dns") / zone
+    assert gen_zone.exists()
+    assert repo_zone.exists()
+    old_serial = update_serial_to(gen_zone)
+    update_serial_to(repo_zone, old_serial)
+    gen_zone.write_text(repo_zone.read_text())
+    p = subprocess.run(['git', 'diff', '--exit-code', gen_zone.name], cwd=gen_zone.parent)
+    if p.returncode == 0:
+        print(f"skip {repo_zone.name}")
+    else:
+        print(f"update serial {repo_zone.name}")
+        update_serial_to(repo_zone, new_serial)