#!/bin/sh
# Generates dnsset-* and *.signed for all DNSSEC-enabled zones
# Mark Kamichoff <prox@prolixium.com>

PATH="/bin:/usr/bin:/sbin:/usr/sbin"
ZONES=$(cat dnssec.txt)
RAND=$(printf "%.4x" $RANDOM)
DNSSEC_SIGNZONE="/usr/sbin/dnssec-signzone"

# sign the zones
for ZONE in $ZONES; do
	$DNSSEC_SIGNZONE -r /dev/urandom \
			-N keep \
			-3 $RAND \
			-o $ZONE \
			-k $(cat ${ZONE}.KSK.txt) \
			${ZONE}.external \
			$(cat ${ZONE}.ZSK.txt)
done

# bump SOA
./update-soa.sh 

# bump named
rndc reload