mirror of
https://github.com/NeoCloud/NeoNetwork
synced 2024-12-26 11:39:23 +08:00
refine dnskey handling for root dns anycast
This commit is contained in:
parent
91c2b91e3f
commit
b9afe3d437
5 changed files with 25 additions and 14 deletions
|
@ -1 +1,4 @@
|
||||||
127.10.in-addr.arpa. 600 IN DNSKEY 257 3 13 QVgt1c+OlL9X9jrnD39njabYFCi2eEYjLI5AvpXT6HWAF1BbAOfNm/56 4OeU03oDcCgQ6zNQMV0FNPvrk53K0w==
|
; KSK owner entity/JerryXiao
|
||||||
|
127.10.in-addr.arpa. 3600 IN DNSKEY 257 3 13 QVgt1c+OlL9X9jrnD39njabYFCi2eEYjLI5AvpXT6HWAF1BbAOfNm/56 4OeU03oDcCgQ6zNQMV0FNPvrk53K0w==
|
||||||
|
; ZSK owner entity/JerryXiao
|
||||||
|
127.10.in-addr.arpa. 3600 IN DNSKEY 256 3 13 tmr6/kCoMAtGpwQkLg3ONtQlm5FysG2l4mJcxVrqpb7BClNXVzdfvcJK 3NIu2/N/zUQrlMrW2CeJO4STSgvt+A==
|
||||||
|
|
|
@ -1 +1,4 @@
|
||||||
7.2.1.0.0.1.d.f.ip6.arpa. 600 IN DNSKEY 257 3 13 sI90N0KcwXtpqNDmsagKH/761EzsjSlGyYxx338qRrDlzRwXQPG6bO1m HoTdnKrWBcd1JqYM0/tgDXKep7dJgA==
|
; KSK owner entity/JerryXiao
|
||||||
|
7.2.1.0.0.1.d.f.ip6.arpa. 3600 IN DNSKEY 257 3 13 sI90N0KcwXtpqNDmsagKH/761EzsjSlGyYxx338qRrDlzRwXQPG6bO1m HoTdnKrWBcd1JqYM0/tgDXKep7dJgA==
|
||||||
|
; ZSK owner entity/JerryXiao
|
||||||
|
7.2.1.0.0.1.d.f.ip6.arpa. 3600 IN DNSKEY 256 3 13 fu+4con6sb7biVu866tpzq0w6IeFZWTlXSikshue3G26ftLMU0jz5tVV dqOMHP+CpXz9y0kQ6lOHmIlCzi4pAA==
|
||||||
|
|
|
@ -1 +1,4 @@
|
||||||
neo. 600 IN DNSKEY 257 3 13 jDd4k21xTgqOFqtvQkeqdQs/RH5+SU+vFchqnOHk5yaEL6EQDOKNuYJ2 C4ld+tVHf007GgbKX6BC68uMU8iGIg==
|
; KSK owner entity/JerryXiao
|
||||||
|
neo. 3600 IN DNSKEY 257 3 13 jDd4k21xTgqOFqtvQkeqdQs/RH5+SU+vFchqnOHk5yaEL6EQDOKNuYJ2 C4ld+tVHf007GgbKX6BC68uMU8iGIg==
|
||||||
|
; ZSK owner entity/JerryXiao
|
||||||
|
neo. 3600 IN DNSKEY 256 3 13 oUcsKJykGOVwz58smxaygPFhm4PZEPKIukPO+HKbEBwGFnIbcamMsXFJ Gp2Wi7T5a0Z61IT/VxWLV4D7UhcAvg==
|
||||||
|
|
|
@ -25,7 +25,7 @@ def iter_rfc2317_entry():
|
||||||
|
|
||||||
|
|
||||||
def main():
|
def main():
|
||||||
DNSKEYS = {entry['zone']: entry['records'] for entry in export_dnssec_dnskey()}
|
DNSKEYS = {entry['zone']: entry['records'] for entry in export_dnssec_dnskey(include_zsk=True)}
|
||||||
for zone, zone_file in ZONE_FILE_MAP.items():
|
for zone, zone_file in ZONE_FILE_MAP.items():
|
||||||
orignal = zone_file.read_text()
|
orignal = zone_file.read_text()
|
||||||
records = [orignal, "; AUTOGENERATED"]
|
records = [orignal, "; AUTOGENERATED"]
|
||||||
|
@ -35,8 +35,8 @@ def main():
|
||||||
records.extend(gen_reverse_pointers(route, ns, ds, ttl))
|
records.extend(gen_reverse_pointers(route, ns, ds, ttl))
|
||||||
records.append("")
|
records.append("")
|
||||||
records.extend(("", "; dnskey"))
|
records.extend(("", "; dnskey"))
|
||||||
for key_ds in DNSKEYS[zone]:
|
for dnskey in DNSKEYS[zone]:
|
||||||
records.append(f"@ IN DNSKEY {key_ds['dnskey']}")
|
records.append(f"@ IN DNSKEY {dnskey['dnskey']}")
|
||||||
records.append("")
|
records.append("")
|
||||||
zone_file.write_text("\n".join(records))
|
zone_file.write_text("\n".join(records))
|
||||||
|
|
||||||
|
|
|
@ -190,7 +190,7 @@ def prehandle_roa(asn_table: dict, args):
|
||||||
return roa4, roa6
|
return roa4, roa6
|
||||||
|
|
||||||
|
|
||||||
def export_dnssec_dnskey():
|
def export_dnssec_dnskey(include_zsk=False):
|
||||||
def ds_from_dnskey(zone, flags, protocol, algorithm, *key):
|
def ds_from_dnskey(zone, flags, protocol, algorithm, *key):
|
||||||
dnspy_dnskey = DNSKEY(
|
dnspy_dnskey = DNSKEY(
|
||||||
"IN",
|
"IN",
|
||||||
|
@ -208,7 +208,7 @@ def export_dnssec_dnskey():
|
||||||
if f.name.endswith(".keys"):
|
if f.name.endswith(".keys"):
|
||||||
zonekey = {"zone": "", "records": list()}
|
zonekey = {"zone": "", "records": list()}
|
||||||
records = f.read_text().split("\n")
|
records = f.read_text().split("\n")
|
||||||
records = [r.split() for r in records if r]
|
records = [r.split() for r in records if r and not r.startswith(';')]
|
||||||
for zone, _ttl, _in, _dnskey, *dnskey in records:
|
for zone, _ttl, _in, _dnskey, *dnskey in records:
|
||||||
int(_ttl)
|
int(_ttl)
|
||||||
assert _in == "IN" and _dnskey == "DNSKEY"
|
assert _in == "IN" and _dnskey == "DNSKEY"
|
||||||
|
@ -216,12 +216,14 @@ def export_dnssec_dnskey():
|
||||||
zonekey["zone"] = zone
|
zonekey["zone"] = zone
|
||||||
else:
|
else:
|
||||||
assert zonekey["zone"] == zone
|
assert zonekey["zone"] == zone
|
||||||
zonekey["records"].append(
|
assert dnskey[0] in ['256', '257']
|
||||||
{
|
if dnskey[0] == '257' or include_zsk:
|
||||||
"dnskey": " ".join(dnskey),
|
zonekey["records"].append(
|
||||||
"ds": ds_from_dnskey(zone, *dnskey),
|
{
|
||||||
}
|
"dnskey": " ".join(dnskey),
|
||||||
)
|
"ds": ds_from_dnskey(zone, *dnskey),
|
||||||
|
}
|
||||||
|
)
|
||||||
if zonekey["zone"]:
|
if zonekey["zone"]:
|
||||||
dnskeys.append(zonekey)
|
dnskeys.append(zonekey)
|
||||||
return dnskeys
|
return dnskeys
|
||||||
|
|
Loading…
Reference in a new issue