1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
|
#!/usr/bin/python
# This example shows how to sign a given zone file with private key
import ldns
import sys, os, time
#private key TAG which identifies the private key
#use ldns-keygen.py in order to obtain private key
keytag = 30761
# Read zone file
#-------------------------------------------------------------
zone = ldns.ldns_zone.new_frm_fp(open("zone.txt","r"), None, 0, ldns.LDNS_RR_CLASS_IN)
soa = zone.soa()
origin = soa.owner()
# Prepare keys
#-------------------------------------------------------------
#Read private key from file
keyfile = open("key-%s-%d.private" % (origin, keytag), "r");
key = ldns.ldns_key.new_frm_fp(keyfile)
#Read public key from file
pubfname = "key-%s-%d.key" % (origin, keytag)
pubkey = None
if os.path.isfile(pubfname):
pubkeyfile = open(pubfname, "r");
pubkey,_,_,_ = ldns.ldns_rr.new_frm_fp(pubkeyfile)
if not pubkey:
#Create new public key
pubkey = key.key_to_rr()
#Set key expiration
key.set_expiration(int(time.time()) + 365*60*60*24) #365 days
#Set key owner (important step)
key.set_pubkey_owner(origin)
#Insert DNSKEY RR
zone.push_rr(pubkey)
# Sign zone
#-------------------------------------------------------------
#Create keylist and push private key
keys = ldns.ldns_key_list()
keys.push_key(key)
#Add SOA
signed_zone = ldns.ldns_dnssec_zone()
signed_zone.add_rr(soa)
#Add RRs
for rr in zone.rrs().rrs():
print("RR:", str(rr), end=" ")
signed_zone.add_rr(rr)
added_rrs = ldns.ldns_rr_list()
status = signed_zone.sign(added_rrs, keys)
if (status == ldns.LDNS_STATUS_OK):
signed_zone.print_to_file(open("zone_signed.txt","w"))
|
