Improve dnssec-sign.sh by adding all keys from sub-zones inside the main

zone as DS records. And improve serial update script.

1 files changed, 17 insertions, 12 deletions

diff --git a/bin/dnssec-sign.sh b/bin/dnssec-sign.sh
index 1b30ab1..5d8153d 100755
--- a/bin/dnssec-sign.sh
+++ b/bin/dnssec-sign.sh
@@ -6,6 +6,8 @@ function prep {
     ###
     # User variables, you may edit these variables
     ###
+    SOURCEDIR="/home/casper/park-admin/playbooks-ansible/roles/dnsserver/files"
+
     if [ ! -z "$WORKDIR" ]
     then
         echo -e "$OK working directory is $WORKDIR"
@@ -147,18 +149,19 @@ function sign {
         echo -e "$OK new serial is: $NEWSERIAL"
         VERSION=$(ls |grep 20 |tail -n 1)
 
+        # mise à jour du serial
+        echo -e "$INFO updating serial..."
+        sed -i 's/'$SERIAL'/'$NEWSERIAL'/' $TMPZONEFILE
+        cp -f $TMPZONEFILE $SOURCEDIR/$ZONEFILE
+
+        # modification de la zone DNS
         for key in `ls $VERSION/K${i}*.key`
         do
             echo -e "$INFO adding DNSKEY records..."
             echo "\$INCLUDE $key" >> $TMPZONEFILE
         done
 
-        # mise à jour du serial
-        echo -e "$INFO updating serial..."
-        for j in $TMPZONEFILE
-        do
-            sed -i 's/'$SERIAL'/'$NEWSERIAL'/' $j
-        done
+
         popd >/dev/null
 
     done
@@ -206,13 +209,15 @@ function sign {
         do
 
             pushd ../$j/ >/dev/null
-            VERSION=$(ls |grep 20 |tail -n 1)
-            popd >/dev/null
-            DSSET=$(ls ../$j/$VERSION/dsset-*)
-
-            echo -e "$INFO adding DS records..."
-            echo "\$INCLUDE $DSSET" >> $TMPZONEFILE
+            VERSION=$(ls |grep 20)
+            for m in $VERSION
+            do
+                DSSET=$(ls $m/dsset-*)
 
+                echo -e "$INFO adding DS records..."
+                echo "\$INCLUDE ../$j/$DSSET" >> ../$i/$TMPZONEFILE
+            done
+            popd >/dev/null
         done
         popd >/dev/null