directadmin’s dnssec made easier

Directadmin offers support for DNSSEC. In order to config this you have to edit the zone file, twice. You first to to dns management, search for the domain and click the generate keys button. Then you have to go back and clik the sign button.

You can use the script /usr/local/directadmin/scripts/dnssec.sh but you have to run that twice, first to generate, second to sign. And then you still have to search for the keys in the ksk and vsk files. This script makes that less cumbersome.

#!/bin/bash

SCRIPTPATH=/usr/local/directadmin/scripts
ZONEPATH=/var/named

if [ -z "$1" ]
then
        echo "Usage: "$0" domain"
        exit
fi

DOMAIN=$1
$SCRIPTPATH/dnssec.sh keygen $DOMAIN
$SCRIPTPATH/dnssec.sh sign $DOMAIN

SEC256=`cat $ZONEPATH/$DOMAIN.zsk.key`
SEC257=`cat $ZONEPATH/$DOMAIN.ksk.key`


echo 'Flag 256 (ZSK)'
echo 'Algorithm (RSA/SHA-256)'
echo 'Key: ' $SEC256

echo 'Flag 257 (KSK)'
echo 'Algorithm (RSA/SHA-256)'
echo 'Key: ' $SEC257

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

fifteen − 12 =