diff options
| author | Matthieu Saulnier <fantom@fedoraproject.org> | 2023-02-06 20:12:24 +0100 |
|---|---|---|
| committer | Matthieu Saulnier <fantom@fedoraproject.org> | 2023-02-06 20:12:24 +0100 |
| commit | a038de8d26e8eb0a58b3525767cae446b97589e1 (patch) | |
| tree | 17e5fb2f440b30cb69e7971d04b12ca963cceddc | |
| parent | 04660d93833dea0543603653a5901f5068784808 (diff) | |
| download | playbooks-ansible-a038de8d26e8eb0a58b3525767cae446b97589e1.tar.gz playbooks-ansible-a038de8d26e8eb0a58b3525767cae446b97589e1.tar.xz playbooks-ansible-a038de8d26e8eb0a58b3525767cae446b97589e1.zip | |
Remove NSEC3 parameters of DNSSEC signatures
| -rwxr-xr-x | bin/dnssec-sign.sh | 6 |
1 files changed, 2 insertions, 4 deletions
diff --git a/bin/dnssec-sign.sh b/bin/dnssec-sign.sh index 79767b6..4690166 100755 --- a/bin/dnssec-sign.sh +++ b/bin/dnssec-sign.sh @@ -21,8 +21,6 @@ function prep { else TARGETDIR="/home/casper/park-admin/playbooks-ansible/roles/dnsserver/files/signatures" # you may edit this fi - - PEPPERANDSALT=$(head -c 1000 /dev/random |sha1sum |cut -b 1-16) ### # Stop editing, it is ready ### @@ -177,7 +175,7 @@ function sign { VERSION=$(ls |grep 20 |tail -n 1) echo -e "$INFO making signature of DNS records..." - if ( dnssec-signzone -d $VERSION -K $VERSION -3 $PEPPERANDSALT -A -N INCREMENT -e +2851200 -o $i -t $TMPZONEFILE ) + if ( dnssec-signzone -d $VERSION -K $VERSION -N INCREMENT -e +2851200 -o $i -t $TMPZONEFILE ) then echo -e "$OK signature done for $i" else @@ -234,7 +232,7 @@ function sign { VERSION=$(ls |grep 20 |tail -n 1) echo -e "$INFO making signature of DNS records..." - if ( dnssec-signzone -d $VERSION -K $VERSION -3 $PEPPERANDSALT -A -N INCREMENT -e +2851200 -o $i -t $TMPZONEFILE ) + if ( dnssec-signzone -d $VERSION -K $VERSION -N INCREMENT -e +2851200 -o $i -t $TMPZONEFILE ) then echo -e "$OK signature done for $i" else |