1
0
Fork 0
mirror of https://github.com/NeoCloud/NeoNetwork synced 2024-11-25 20:40:40 +08:00

refine dnskey handling for root dns anycast

This commit is contained in:
JerryXiao 2022-12-05 16:08:07 +08:00
parent 91c2b91e3f
commit b9afe3d437
Signed by: Jerry
GPG key ID: 22618F758B5BE2E5
5 changed files with 25 additions and 14 deletions

View file

@ -1 +1,4 @@
127.10.in-addr.arpa. 600 IN DNSKEY 257 3 13 QVgt1c+OlL9X9jrnD39njabYFCi2eEYjLI5AvpXT6HWAF1BbAOfNm/56 4OeU03oDcCgQ6zNQMV0FNPvrk53K0w== ; KSK owner entity/JerryXiao
127.10.in-addr.arpa. 3600 IN DNSKEY 257 3 13 QVgt1c+OlL9X9jrnD39njabYFCi2eEYjLI5AvpXT6HWAF1BbAOfNm/56 4OeU03oDcCgQ6zNQMV0FNPvrk53K0w==
; ZSK owner entity/JerryXiao
127.10.in-addr.arpa. 3600 IN DNSKEY 256 3 13 tmr6/kCoMAtGpwQkLg3ONtQlm5FysG2l4mJcxVrqpb7BClNXVzdfvcJK 3NIu2/N/zUQrlMrW2CeJO4STSgvt+A==

View file

@ -1 +1,4 @@
7.2.1.0.0.1.d.f.ip6.arpa. 600 IN DNSKEY 257 3 13 sI90N0KcwXtpqNDmsagKH/761EzsjSlGyYxx338qRrDlzRwXQPG6bO1m HoTdnKrWBcd1JqYM0/tgDXKep7dJgA== ; KSK owner entity/JerryXiao
7.2.1.0.0.1.d.f.ip6.arpa. 3600 IN DNSKEY 257 3 13 sI90N0KcwXtpqNDmsagKH/761EzsjSlGyYxx338qRrDlzRwXQPG6bO1m HoTdnKrWBcd1JqYM0/tgDXKep7dJgA==
; ZSK owner entity/JerryXiao
7.2.1.0.0.1.d.f.ip6.arpa. 3600 IN DNSKEY 256 3 13 fu+4con6sb7biVu866tpzq0w6IeFZWTlXSikshue3G26ftLMU0jz5tVV dqOMHP+CpXz9y0kQ6lOHmIlCzi4pAA==

View file

@ -1 +1,4 @@
neo. 600 IN DNSKEY 257 3 13 jDd4k21xTgqOFqtvQkeqdQs/RH5+SU+vFchqnOHk5yaEL6EQDOKNuYJ2 C4ld+tVHf007GgbKX6BC68uMU8iGIg== ; KSK owner entity/JerryXiao
neo. 3600 IN DNSKEY 257 3 13 jDd4k21xTgqOFqtvQkeqdQs/RH5+SU+vFchqnOHk5yaEL6EQDOKNuYJ2 C4ld+tVHf007GgbKX6BC68uMU8iGIg==
; ZSK owner entity/JerryXiao
neo. 3600 IN DNSKEY 256 3 13 oUcsKJykGOVwz58smxaygPFhm4PZEPKIukPO+HKbEBwGFnIbcamMsXFJ Gp2Wi7T5a0Z61IT/VxWLV4D7UhcAvg==

View file

@ -25,7 +25,7 @@ def iter_rfc2317_entry():
def main(): def main():
DNSKEYS = {entry['zone']: entry['records'] for entry in export_dnssec_dnskey()} DNSKEYS = {entry['zone']: entry['records'] for entry in export_dnssec_dnskey(include_zsk=True)}
for zone, zone_file in ZONE_FILE_MAP.items(): for zone, zone_file in ZONE_FILE_MAP.items():
orignal = zone_file.read_text() orignal = zone_file.read_text()
records = [orignal, "; AUTOGENERATED"] records = [orignal, "; AUTOGENERATED"]
@ -35,8 +35,8 @@ def main():
records.extend(gen_reverse_pointers(route, ns, ds, ttl)) records.extend(gen_reverse_pointers(route, ns, ds, ttl))
records.append("") records.append("")
records.extend(("", "; dnskey")) records.extend(("", "; dnskey"))
for key_ds in DNSKEYS[zone]: for dnskey in DNSKEYS[zone]:
records.append(f"@ IN DNSKEY {key_ds['dnskey']}") records.append(f"@ IN DNSKEY {dnskey['dnskey']}")
records.append("") records.append("")
zone_file.write_text("\n".join(records)) zone_file.write_text("\n".join(records))

View file

@ -190,7 +190,7 @@ def prehandle_roa(asn_table: dict, args):
return roa4, roa6 return roa4, roa6
def export_dnssec_dnskey(): def export_dnssec_dnskey(include_zsk=False):
def ds_from_dnskey(zone, flags, protocol, algorithm, *key): def ds_from_dnskey(zone, flags, protocol, algorithm, *key):
dnspy_dnskey = DNSKEY( dnspy_dnskey = DNSKEY(
"IN", "IN",
@ -208,7 +208,7 @@ def export_dnssec_dnskey():
if f.name.endswith(".keys"): if f.name.endswith(".keys"):
zonekey = {"zone": "", "records": list()} zonekey = {"zone": "", "records": list()}
records = f.read_text().split("\n") records = f.read_text().split("\n")
records = [r.split() for r in records if r] records = [r.split() for r in records if r and not r.startswith(';')]
for zone, _ttl, _in, _dnskey, *dnskey in records: for zone, _ttl, _in, _dnskey, *dnskey in records:
int(_ttl) int(_ttl)
assert _in == "IN" and _dnskey == "DNSKEY" assert _in == "IN" and _dnskey == "DNSKEY"
@ -216,6 +216,8 @@ def export_dnssec_dnskey():
zonekey["zone"] = zone zonekey["zone"] = zone
else: else:
assert zonekey["zone"] == zone assert zonekey["zone"] == zone
assert dnskey[0] in ['256', '257']
if dnskey[0] == '257' or include_zsk:
zonekey["records"].append( zonekey["records"].append(
{ {
"dnskey": " ".join(dnskey), "dnskey": " ".join(dnskey),