how to revert signed db zone file to unsgined plain text (remove dnssec keys)
Jelle de Jong
jelledejong at powercraft.nl
Sun Aug 9 10:03:22 UTC 2020
On 2020-08-09 04:51, Evan Hunt wrote:
> On Sat, Aug 08, 2020 at 09:17:09PM +0200, Jelle de Jong wrote:
>> This will sound counter intuitive but I want to convert a
>> db.powercraft.nl.signed file to db.powercraft.nl (unsigned without keys). I
>> do have the keys used, but not the original file that got singed.
>>
>> I know I can convert the raw format to text but the zone file is rather big
>> and i want to get rid of all the sign keys.
>>
>> named-compilezone -f raw -F text -o powercraft.nl.text powercraft.nl
>> /var/cache/bind/db.powercraft.nl.signed
>>
>> named-checkzone -D -f raw powercraft.nl
>> /var/cache/bind/db.powercraft.nl.signed
>
> You can just regex out all the DNSSEC-related types. Something like
> this ought to work:
>
> $ named-compilezone -f raw -F text -s full -o - powercraft.nl | \
> awk '$4 ~ /(DNSKEY|DS|RRSIG|NSEC|NSEC3|NSEC3PARAM)/ {next} {print}'
Thank you for your reply, there are still a lot of ;
resign=20200802123322 lines, but it does clean up a lot better, sorted
on record type it would become useful, ideas?
Is there no clean named command to do this output?
Kind regards,
Jelle de Jong
More information about the bind-users
mailing list