Bind 9.9.0b2 inline signing...

Chris Thompson cet1 at cam.ac.uk
Thu Nov 24 16:08:58 UTC 2011


On Nov 24 2011, Shumon Huque wrote:

>On Thu, Nov 24, 2011 at 02:29:05PM +0100, Jan-Piet Mens wrote:
>> On Thu Nov 24 2011 at 13:52:32 CET, Tony Finch wrote:
>> 
>> > I use `dig axfr dotat.at | grep -v RRSIG`
>> 
>>         ... | grep -v TYPE65534 | grep -v DNSKEY | grep -v NSEC3PARAM
>> 
>> hoping, of course, that no owner name is called 'RRSIG' et. al.  ;-)
>> 
>>         -JP
>
>How about something like:
>
>  dig axfr zone | awk '$4 !~ "^NSEC$|^NSEC3$|^RRSIG$" {print}'
>
>awk requires a tiny bit more typing, but the result is much more precise ..

If we are trying to turn Tony's ad hoc command into something publishable,
it would be better to use

  dig +nocmd +nostats +onesoa AXFR zone | awk ...

(although for +onesoa you need the dig from BIND 9.8 or later).

-- 
Chris Thompson
Email: cet1 at cam.ac.uk



More information about the bind-users mailing list