Something to help in learning/debugging DNSSEC
Edward Lewis
lewis at tislabs.com
Wed Oct 13 13:33:42 UTC 1999
This is a perl script I have used to reduce the volume of data returned
from dig when querying a signed zone. A simple lookup can fetch almost 2K
bytes. The script below looks for KEY and SIG records in the output and
strips off the crypto gunk. For KEYS it shows everything else, for SIG it
only leaves the type covered.
Piping the output of dig through the script makes it much easier to see
what is returned.
#!/usr/bin/perl -w
while ($line = <STDIN>)
{
if ($line =~ /(^.*IN\sSIG\s*\S*)/)
{
print "$1\n";
while ($line && !($line =~ /\)/))
{
$line = <STDIN>;
next;
}
}
else
{
if ($line =~ /(^.*IN\sKEY\s*\S*\s*\S*\s*\S*)/)
{
print "$1\n";
while ($line && !($line =~ /\)/))
{
$line = <STDIN>;
next;
}
}
else
{
print $line;
}
}
}
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis NAI Labs
Phone: +1 443-259-2352 Email: lewis at tislabs.com
"Trying is the first step to failure." - Homer Simpson
"No! Try not. Do... or do not. There is no try." - Yoda
Opinions expressed are property of my evil twin, not my employer.
More information about the bind-workers
mailing list