This will sound counter intuitive but I want to convert a db.powercraft.nl.signed file to db.powercraft.nl (unsigned without keys). I do have the keys used, but not the original file that got singed.
I know I can convert the raw format to text but the zone file is rather big and i want to get rid of all the sign keys.
named-compilezone -f raw -F text -o powercraft.nl.text powercraft.nl /var/cache/bind/db.powercraft.nl.signed
named-checkzone -D -f raw powercraft.nl /var/cache/bind/db.powercraft.nl.signed
On Sat, Aug 08, 2020 at 09:17:09PM +0200, Jelle de Jong wrote:
This will sound counter intuitive but I want to convert a
db.powercraft.nl.signed file to db.powercraft.nl (unsigned without keys). I >> do have the keys used, but not the original file that got singed.
I know I can convert the raw format to text but the zone file is rather big >> and i want to get rid of all the sign keys.
named-compilezone -f raw -F text -o powercraft.nl.text powercraft.nl
/var/cache/bind/db.powercraft.nl.signed
named-checkzone -D -f raw powercraft.nl
/var/cache/bind/db.powercraft.nl.signed
You can just regex out all the DNSSEC-related types. Something like
this ought to work:
$ named-compilezone -f raw -F text -s full -o - powercraft.nl | \
awk '$4 ~ /(DNSKEY|DS|RRSIG|NSEC|NSEC3|NSEC3PARAM)/ {next} {print}'
Thank you for your reply, there are still a lot of ; resign=20200802123322 lines, but it does clean up a lot better, sorted on record type it would become useful, ideas?
Is there no clean named command to do this output?
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 296 |
Nodes: | 16 (2 / 14) |
Uptime: | 39:04:40 |
Calls: | 6,648 |
Files: | 12,193 |
Messages: | 5,329,314 |