From 5cd039c9b017c580cc97e6976e1166d4dfa3d3d5 Mon Sep 17 00:00:00 2001 From: jrb0001 Date: Fri, 20 Apr 2018 20:11:16 +0200 Subject: [PATCH 1/2] Change objects based on the draft for the new dns system --- data/dns/dn42 | 13 +++---- data/inet6num/fd00::_8 | 7 +++- data/inetnum/10.0.0.0_8 | 8 ++-- data/inetnum/172.20.0.0_16 | 8 ++-- data/inetnum/172.21.0.0_16 | 8 ++-- data/inetnum/172.22.0.0_16 | 8 ++-- data/inetnum/172.23.0.0_16 | 8 ++-- data/inetnum/172.31.0.0_16 | 7 +++- fix-infrastructure-objects | 77 ++++++++++++++++++++++++++++++++++++++ 9 files changed, 117 insertions(+), 27 deletions(-) create mode 100755 fix-infrastructure-objects diff --git a/data/dns/dn42 b/data/dns/dn42 index 056f617b9..261360af8 100644 --- a/data/dns/dn42 +++ b/data/dns/dn42 @@ -1,12 +1,9 @@ domain: dn42 -nserver: lavana.sjc.xuu.dn42 172.22.141.181 -nserver: lavana.sjc.xuu.dn42 fdea:a15a:77b9:4444::181 -nserver: kapha.mtr.xuu.dn42 172.22.141.171 -nserver: kapha.mtr.xuu.dn42 fdea:a15a:77b9:4444::171 -nserver: rakta.fra.xuu.dn42 172.22.141.191 -nserver: rakta.fra.xuu.dn42 fdea:a15a:77b9:4444::191 -nserver: grmml.root.dn42 172.23.149.20 -nserver: grmml.root.dn42 fd42:23:149:cccc::53 +nserver: b.delegation-servers.dn42 +nserver: j.delegation-servers.dn42 +nserver: k.delegation-servers.dn42 +ds-rdata: 64441 10 2 6dadda00f5986bd26fe4f162669742cf7eba07d212b525acac9840ee06cb2799 +ds-rdata: 3096 10 2 b7c687a99bee60e172ea439bd2d3087b1d970916575db9c1cb591b7ee15d8cb1 org: ORG-DN42 mnt-by: DN42-MNT source: DN42 diff --git a/data/inet6num/fd00::_8 b/data/inet6num/fd00::_8 index 203ab8cd8..e57f0d4b8 100644 --- a/data/inet6num/fd00::_8 +++ b/data/inet6num/fd00::_8 @@ -3,8 +3,11 @@ cidr: fd00::/8 netname: ROOT-DN42-ULA descr: DN42 ULA Address Space remarks: Only /48 prefixes may be allocated out of this range. -nserver: lavana.sjc.xuu.dn42 -nserver: grmml.root.dn42 +nserver: b.delegation-servers.dn42 +nserver: j.delegation-servers.dn42 +nserver: k.delegation-servers.dn42 +ds-rdata: 64441 10 2 9057500a3b6e09bf45a60ed8891f2e649c6812d5d149c45a3c560fa0a6195c49 +ds-rdata: 3096 10 2 f24b1becf86305aef2517e7864dfbb3dcad80a98c7dcbad3b1a7014708c723b7 status: ALLOCATED policy: open org: ORG-DN42 diff --git a/data/inetnum/10.0.0.0_8 b/data/inetnum/10.0.0.0_8 index 118006e9f..ca47ff6a9 100644 --- a/data/inetnum/10.0.0.0_8 +++ b/data/inetnum/10.0.0.0_8 @@ -3,9 +3,11 @@ cidr: 10.0.0.0/8 netname: BLK-FREIFUNK descr: Freifunk Intercity-VPN remarks: Registry at https://github.com/freifunk/icvpn-meta -nserver: m.in-addr-servers.dn42 -nserver: x.in-addr-servers.dn42 -nserver: g.in-addr-servers.dn42 +nserver: b.delegation-servers.dn42 +nserver: j.delegation-servers.dn42 +nserver: k.delegation-servers.dn42 +ds-rdata: 64441 10 2 8a39e9df85a73f1982e43c9139e095e8548451d2048d92c2703869ef8bfebbb4 +ds-rdata: 3096 10 2 1fa3673dc2cf9ffa82b429bf25405b44931460b7263a081d586cc61f003a10a2 status: ALLOCATED policy: closed org: ORG-DN42 diff --git a/data/inetnum/172.20.0.0_16 b/data/inetnum/172.20.0.0_16 index 96df95c18..91a50d328 100644 --- a/data/inetnum/172.20.0.0_16 +++ b/data/inetnum/172.20.0.0_16 @@ -3,9 +3,11 @@ cidr: 172.20.0.0/16 netname: NET-BLK016-DN42 descr: DN42 native address space remarks: Not free for direct assignments, please use sub-allocated blocks -nserver: m.in-addr-servers.dn42 -nserver: x.in-addr-servers.dn42 -nserver: g.in-addr-servers.dn42 +nserver: b.delegation-servers.dn42 +nserver: j.delegation-servers.dn42 +nserver: k.delegation-servers.dn42 +ds-rdata: 64441 10 2 616c149633e93d963b0e8f738719630ea0a09f4aabe211b1fbb8fc9f51304027 +ds-rdata: 3096 10 2 6adf85efddf223c8747f1816b12b62feea0b9b1bdb65e7c809202f890a33740d status: ALLOCATED policy: reserved org: ORG-DN42 diff --git a/data/inetnum/172.21.0.0_16 b/data/inetnum/172.21.0.0_16 index 8679d9dda..8090fdfed 100644 --- a/data/inetnum/172.21.0.0_16 +++ b/data/inetnum/172.21.0.0_16 @@ -3,9 +3,11 @@ cidr: 172.21.0.0/16 netname: NET-BLK116-DN42 descr: DN42 native address space remarks: Not free for direct assignments, please use sub-allocated blocks -nserver: m.in-addr-servers.dn42 -nserver: x.in-addr-servers.dn42 -nserver: g.in-addr-servers.dn42 +nserver: b.delegation-servers.dn42 +nserver: j.delegation-servers.dn42 +nserver: k.delegation-servers.dn42 +ds-rdata: 64441 10 2 4cc085716ba83f18df1a7fb9f9479d10327e3d30e222c7a197109c7560ae0368 +ds-rdata: 3096 10 2 506fd7f34aaad4df1b6cfa56fe8c00e157b1c32551c981def0c5fd8f65ab14ac status: ALLOCATED policy: reserved org: ORG-DN42 diff --git a/data/inetnum/172.22.0.0_16 b/data/inetnum/172.22.0.0_16 index 4c18a4e9d..9dbdff60c 100644 --- a/data/inetnum/172.22.0.0_16 +++ b/data/inetnum/172.22.0.0_16 @@ -3,9 +3,11 @@ cidr: 172.22.0.0/16 netname: NET-BLK216-DN42 descr: DN42 native address space remarks: Not free for direct assignments, please use sub-allocated blocks -nserver: m.in-addr-servers.dn42 -nserver: x.in-addr-servers.dn42 -nserver: g.in-addr-servers.dn42 +nserver: b.delegation-servers.dn42 +nserver: j.delegation-servers.dn42 +nserver: k.delegation-servers.dn42 +ds-rdata: 64441 10 2 383a8c2714d3da76f58cee4c54566566b336b2dfa219b965f7cb706d71c54356 +ds-rdata: 3096 10 2 5437ab49f1cd947d41c585c2cc9c357323013391b0e5f94784f99175142c3260 status: ALLOCATED policy: reserved org: ORG-DN42 diff --git a/data/inetnum/172.23.0.0_16 b/data/inetnum/172.23.0.0_16 index fd600b6be..69cc0bfe1 100644 --- a/data/inetnum/172.23.0.0_16 +++ b/data/inetnum/172.23.0.0_16 @@ -3,9 +3,11 @@ cidr: 172.23.0.0/16 netname: NET-BLK316-DN42 descr: DN42 native address space remarks: * Default allocation /27, never more than /24 -nserver: m.in-addr-servers.dn42 -nserver: x.in-addr-servers.dn42 -nserver: g.in-addr-servers.dn42 +nserver: b.delegation-servers.dn42 +nserver: j.delegation-servers.dn42 +nserver: k.delegation-servers.dn42 +ds-rdata: 64441 10 2 e91c0281e705317968c76689e4f36bf2207c90bdfaad071693bb9a999d15778f +ds-rdata: 3096 10 2 631b00ba00cf80a8300b356bcca2fde4c844f6ff707a2d98b4518c72e0643467 status: ALLOCATED policy: open org: ORG-DN42 diff --git a/data/inetnum/172.31.0.0_16 b/data/inetnum/172.31.0.0_16 index b80c59730..150b0b522 100644 --- a/data/inetnum/172.31.0.0_16 +++ b/data/inetnum/172.31.0.0_16 @@ -1,8 +1,11 @@ inetnum: 172.31.0.0 - 172.31.255.255 cidr: 172.31.0.0/16 netname: ** chaosvpn -nserver: ns1.chaosvpn.g.nic.dn42 -nserver: ns2.chaosvpn.g.nic.dn42 +nserver: b.delegation-servers.dn42 +nserver: j.delegation-servers.dn42 +nserver: k.delegation-servers.dn42 +ds-rdata: 64441 10 2 5f668f3083d65650ab5c4e9fccdddd0c8108e0fa4be39e161e6a58d1741c5b2d +ds-rdata: 3096 10 2 4ab3c242fdfa6d84cbe83d5c9b0f9b431c6974dd18db32d08a2599ab1b816465 status: ALLOCATED policy: closed org: ORG-DN42 diff --git a/fix-infrastructure-objects b/fix-infrastructure-objects new file mode 100755 index 000000000..8fafb7847 --- /dev/null +++ b/fix-infrastructure-objects @@ -0,0 +1,77 @@ +#!/bin/bash + +set -e + +KSK_PATTERN="(3096|64441)" +DS_NSERVER="fd42:180:3de0:10:5054:ff:fe87:ea39" + +fix_dns() { + set -e + SRC="$1" + DST="$2" + TMP="$(mktemp "/tmp/${DST}.XXXXXX")" + cp "data/dns/${DST}" "${TMP}" + { + set -e + echo "domain: ${DST}" + cat "${TMP}" | grep -E '^(remarks):' || true + cat "data/dns/${SRC}" | grep '^nserver:' | tr -s " " | cut -d' ' -f2 | sort | uniq | xargs -i echo 'nserver: {}' + drill -t "${DST}" "@${DS_NSERVER}" DNSKEY -s | grep sha256 | cut -d: -f2 | sed -E 's/^ [^\t ]+\t900\tIN\tDS\t/ds-rdata: /g' | grep -E "${KSK_PATTERN}" + echo 'org: ORG-DN42' + echo 'mnt-by: DN42-MNT' + echo 'source: DN42' + } > "data/dns/${DST}" + rm "${TMP}" +} + +fix_inetnum() { + set -e + SRC="$1" + DST="$2" + CLASS="$3" + POLICY="$4" + DNS_NAME="$5" + if [ -f "data/${CLASS}/${DST}" ]; then + sed -r -i '/^(nserver|ds-rdata|status|org|policy|mnt-by|source|admin-c|tech-c):.*$/d' "data/${CLASS}/${DST}" + { + set -e + cat "data/dns/${SRC}" | grep '^nserver:' | tr -s " " | cut -d' ' -f2 | sort | uniq | xargs -i echo 'nserver: {}' + drill -t "${DNS_NAME}" "@${DS_NSERVER}" DNSKEY -s | grep sha256 | cut -d: -f2 | sed -E 's/^ [^\t ]+\t900\tIN\tDS\t/ds-rdata: /g' | grep -E "${KSK_PATTERN}" + echo 'status: ALLOCATED' + echo "policy: ${POLICY}" + echo 'org: ORG-DN42' + echo 'mnt-by: DN42-MNT' + echo 'source: DN42' + } >> "data/${CLASS}/${DST}" + fi +} + +fix_dns_ds_only() { + set -e + DST="$1" + TMP="$(mktemp "/tmp/${DST}.XXXXXX")" + cp "data/dns/${DST}" "${TMP}" + { + set -e + echo "domain: ${DST}" + cat "${TMP}" | grep -E '^(nserver|remarks):' || true + drill -t "${DST}" "@${DS_NSERVER}" DNSKEY -s | grep sha256 | cut -d: -f2 | sed -E 's/^ [^\t ]+\t900\tIN\tDS\t/ds-rdata: /g' | grep -E "${KSK_PATTERN}" + echo 'org: ORG-DN42' + echo 'mnt-by: DN42-MNT' + echo 'source: DN42' + } > "data/dns/${DST}" + rm "${TMP}" +} + +fix_dns 'delegation-servers.dn42' 'dn42' +fix_dns 'delegation-servers.dn42' 'registry-sync.dn42' +fix_dns_ds_only 'delegation-servers.dn42' +fix_dns_ds_only 'recursive-servers.dn42' +fix_inetnum 'delegation-servers.dn42' 'fd00::_8' 'inet6num' 'open' 'd.f.ip6.arpa' +fix_inetnum 'delegation-servers.dn42' '10.0.0.0_8' 'inetnum' 'closed' '10.in-addr.arpa' +fix_inetnum 'delegation-servers.dn42' "172.20.0.0_16" 'inetnum' 'reserved' "20.172.in-addr.arpa" +fix_inetnum 'delegation-servers.dn42' "172.21.0.0_16" 'inetnum' 'reserved' "21.172.in-addr.arpa" +fix_inetnum 'delegation-servers.dn42' "172.22.0.0_16" 'inetnum' 'reserved' "22.172.in-addr.arpa" +fix_inetnum 'delegation-servers.dn42' "172.23.0.0_16" 'inetnum' 'open' "23.172.in-addr.arpa" +fix_inetnum 'delegation-servers.dn42' "172.31.0.0_16" 'inetnum' 'closed' "31.172.in-addr.arpa" + From 0edddb2b6313eca85d71cbb7dcd41334d7ef3393 Mon Sep 17 00:00:00 2001 From: Simon Marsh Date: Sat, 9 May 2020 16:10:53 +0100 Subject: [PATCH 2/2] Fix fd00::/8 ds-rdata for burble.dn42 KSK --- data/inet6num/fd00::_8 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/inet6num/fd00::_8 b/data/inet6num/fd00::_8 index e57f0d4b8..e70c700a0 100644 --- a/data/inet6num/fd00::_8 +++ b/data/inet6num/fd00::_8 @@ -7,7 +7,7 @@ nserver: b.delegation-servers.dn42 nserver: j.delegation-servers.dn42 nserver: k.delegation-servers.dn42 ds-rdata: 64441 10 2 9057500a3b6e09bf45a60ed8891f2e649c6812d5d149c45a3c560fa0a6195c49 -ds-rdata: 3096 10 2 f24b1becf86305aef2517e7864dfbb3dcad80a98c7dcbad3b1a7014708c723b7 +ds-rdata: 3096 10 2 23fb364c82e6ed1c30b18c635f58dca58bbeb2e069bbd9d90ab9a90f66b948d2 status: ALLOCATED policy: open org: ORG-DN42