Something to help in learning/debugging DNSSEC

Edward Lewis lewis at tislabs.com
Wed Oct 13 13:33:42 UTC 1999


This is a perl script I have used to reduce the volume of data returned
from dig when querying a signed zone.  A simple lookup can fetch almost 2K
bytes.  The script below looks for KEY and SIG records in the output and
strips off the crypto gunk.  For KEYS it shows everything else, for SIG it
only leaves the type covered.

Piping the output of dig through the script makes it much easier to see
what is returned.

#!/usr/bin/perl -w
while ($line = <STDIN>)
{
    if ($line =~ /(^.*IN\sSIG\s*\S*)/)
    {
        print "$1\n";
        while ($line && !($line =~ /\)/))
        {
            $line = <STDIN>;
            next;
        }
    }
    else
    {
        if ($line =~ /(^.*IN\sKEY\s*\S*\s*\S*\s*\S*)/)
        {
            print "$1\n";
            while ($line && !($line =~ /\)/))
            {
                $line = <STDIN>;
                next;
            }
        }
        else
        {
            print $line;
        }
    }
}

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis                                                NAI Labs
Phone: +1 443-259-2352                      Email: lewis at tislabs.com

"Trying is the first step to failure." - Homer Simpson
"No! Try not. Do... or do not. There is no try." - Yoda

Opinions expressed are property of my evil twin, not my employer.




More information about the bind-workers mailing list