mirror of
https://github.com/NeoCloud/NeoNetwork
synced 2024-12-23 13:39:23 +08:00
refine dnskey handling for root dns anycast
This commit is contained in:
parent
91c2b91e3f
commit
b9afe3d437
5 changed files with 25 additions and 14 deletions
|
@ -1 +1,4 @@
|
|||
127.10.in-addr.arpa. 600 IN DNSKEY 257 3 13 QVgt1c+OlL9X9jrnD39njabYFCi2eEYjLI5AvpXT6HWAF1BbAOfNm/56 4OeU03oDcCgQ6zNQMV0FNPvrk53K0w==
|
||||
; KSK owner entity/JerryXiao
|
||||
127.10.in-addr.arpa. 3600 IN DNSKEY 257 3 13 QVgt1c+OlL9X9jrnD39njabYFCi2eEYjLI5AvpXT6HWAF1BbAOfNm/56 4OeU03oDcCgQ6zNQMV0FNPvrk53K0w==
|
||||
; ZSK owner entity/JerryXiao
|
||||
127.10.in-addr.arpa. 3600 IN DNSKEY 256 3 13 tmr6/kCoMAtGpwQkLg3ONtQlm5FysG2l4mJcxVrqpb7BClNXVzdfvcJK 3NIu2/N/zUQrlMrW2CeJO4STSgvt+A==
|
||||
|
|
|
@ -1 +1,4 @@
|
|||
7.2.1.0.0.1.d.f.ip6.arpa. 600 IN DNSKEY 257 3 13 sI90N0KcwXtpqNDmsagKH/761EzsjSlGyYxx338qRrDlzRwXQPG6bO1m HoTdnKrWBcd1JqYM0/tgDXKep7dJgA==
|
||||
; KSK owner entity/JerryXiao
|
||||
7.2.1.0.0.1.d.f.ip6.arpa. 3600 IN DNSKEY 257 3 13 sI90N0KcwXtpqNDmsagKH/761EzsjSlGyYxx338qRrDlzRwXQPG6bO1m HoTdnKrWBcd1JqYM0/tgDXKep7dJgA==
|
||||
; ZSK owner entity/JerryXiao
|
||||
7.2.1.0.0.1.d.f.ip6.arpa. 3600 IN DNSKEY 256 3 13 fu+4con6sb7biVu866tpzq0w6IeFZWTlXSikshue3G26ftLMU0jz5tVV dqOMHP+CpXz9y0kQ6lOHmIlCzi4pAA==
|
||||
|
|
|
@ -1 +1,4 @@
|
|||
neo. 600 IN DNSKEY 257 3 13 jDd4k21xTgqOFqtvQkeqdQs/RH5+SU+vFchqnOHk5yaEL6EQDOKNuYJ2 C4ld+tVHf007GgbKX6BC68uMU8iGIg==
|
||||
; KSK owner entity/JerryXiao
|
||||
neo. 3600 IN DNSKEY 257 3 13 jDd4k21xTgqOFqtvQkeqdQs/RH5+SU+vFchqnOHk5yaEL6EQDOKNuYJ2 C4ld+tVHf007GgbKX6BC68uMU8iGIg==
|
||||
; ZSK owner entity/JerryXiao
|
||||
neo. 3600 IN DNSKEY 256 3 13 oUcsKJykGOVwz58smxaygPFhm4PZEPKIukPO+HKbEBwGFnIbcamMsXFJ Gp2Wi7T5a0Z61IT/VxWLV4D7UhcAvg==
|
||||
|
|
|
@ -25,7 +25,7 @@ def iter_rfc2317_entry():
|
|||
|
||||
|
||||
def main():
|
||||
DNSKEYS = {entry['zone']: entry['records'] for entry in export_dnssec_dnskey()}
|
||||
DNSKEYS = {entry['zone']: entry['records'] for entry in export_dnssec_dnskey(include_zsk=True)}
|
||||
for zone, zone_file in ZONE_FILE_MAP.items():
|
||||
orignal = zone_file.read_text()
|
||||
records = [orignal, "; AUTOGENERATED"]
|
||||
|
@ -35,8 +35,8 @@ def main():
|
|||
records.extend(gen_reverse_pointers(route, ns, ds, ttl))
|
||||
records.append("")
|
||||
records.extend(("", "; dnskey"))
|
||||
for key_ds in DNSKEYS[zone]:
|
||||
records.append(f"@ IN DNSKEY {key_ds['dnskey']}")
|
||||
for dnskey in DNSKEYS[zone]:
|
||||
records.append(f"@ IN DNSKEY {dnskey['dnskey']}")
|
||||
records.append("")
|
||||
zone_file.write_text("\n".join(records))
|
||||
|
||||
|
|
|
@ -190,7 +190,7 @@ def prehandle_roa(asn_table: dict, args):
|
|||
return roa4, roa6
|
||||
|
||||
|
||||
def export_dnssec_dnskey():
|
||||
def export_dnssec_dnskey(include_zsk=False):
|
||||
def ds_from_dnskey(zone, flags, protocol, algorithm, *key):
|
||||
dnspy_dnskey = DNSKEY(
|
||||
"IN",
|
||||
|
@ -208,7 +208,7 @@ def export_dnssec_dnskey():
|
|||
if f.name.endswith(".keys"):
|
||||
zonekey = {"zone": "", "records": list()}
|
||||
records = f.read_text().split("\n")
|
||||
records = [r.split() for r in records if r]
|
||||
records = [r.split() for r in records if r and not r.startswith(';')]
|
||||
for zone, _ttl, _in, _dnskey, *dnskey in records:
|
||||
int(_ttl)
|
||||
assert _in == "IN" and _dnskey == "DNSKEY"
|
||||
|
@ -216,12 +216,14 @@ def export_dnssec_dnskey():
|
|||
zonekey["zone"] = zone
|
||||
else:
|
||||
assert zonekey["zone"] == zone
|
||||
zonekey["records"].append(
|
||||
{
|
||||
"dnskey": " ".join(dnskey),
|
||||
"ds": ds_from_dnskey(zone, *dnskey),
|
||||
}
|
||||
)
|
||||
assert dnskey[0] in ['256', '257']
|
||||
if dnskey[0] == '257' or include_zsk:
|
||||
zonekey["records"].append(
|
||||
{
|
||||
"dnskey": " ".join(dnskey),
|
||||
"ds": ds_from_dnskey(zone, *dnskey),
|
||||
}
|
||||
)
|
||||
if zonekey["zone"]:
|
||||
dnskeys.append(zonekey)
|
||||
return dnskeys
|
||||
|
|
Loading…
Reference in a new issue