EnglishFrenchSpanish

OnWorks favicon

maketestzonep - Online in the Cloud

Run maketestzonep in OnWorks free hosting provider over Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator

This is the command maketestzonep that can be run in the OnWorks free hosting provider using one of our multiple free online workstations such as Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator

PROGRAM:

NAME


generaterecords - generates a test dnssec zone that can be used to DNSSEC

SYNOPSIS


generaterecords -v -d mytestzone.example.com

DESCRIPTION


The generaterecords script generates a zone file, given a domain name, which is then
signed and modified to invalidate portions of the data in particular ways. Each generated
record is named appropriately to how the security data is modified (the gooda record will
contain a A record with valid DNSSEC data, but the badseca record will contain an A record
where the signature has been modified to invalidate it).

The results of this process can then be served and test secure validators, applications,
and other software can be thrown at it to see if they properly fail or succeed under the
dns security policies being deployed.

After the files are generated, consider running donuts on them to see how the data in them
has been tampered with to be invalid.

PRE-REQUISITES


zonesigner from the dnssec-tools project bind software 9.3.1 or greater

GETTING STARTED


To get started creating a new zone, you'll need to tell zonesigner to create new keys for
all of the new zones that maketestzone creates. Thus, the first run of maketestzone
should look like:

First Time:
maketestzone -k [OTHER DESIRED OPTIONS]

After that, the generated zone files can be loaded and served in a test server.

Once every 30 days (by default via zonesigner) the script will need to be rerun to
recreate the records and resign the data so the signature date stamps remain valid (or in
some cases invalid).

Every 30 days:
maketestzone [OTHER DESIRED OPTIONS]

OPTIONS


Below are thoe options that are accepted by the maketestzone tool.

Output File Naming:
-o STRING
--output-file-prefix=STRING
Output prefix to use for zone files (default = db.)

-O STRING
--output-suffix-signed-file=STRING
Output suffix to be given to zonesigner (default = .zs)

-M STRING
--output-modified-file=STRING
Output suffix for the modified zone file (default = .modified)

-D
--run-donuts
Run donuts on the results

--donuts-output-suffix=STRING
The file suffix to use for donuts output (default = .donuts)

Output Zone Information:
-d STRING
--domain=STRING
domain name to generate records for

--ns=STRING
--name-servers=STRING
-n STRING
Comma separated name=addr name-server records

--a-addr=STRING
--a-record-address=STRING
A record (IPv4) address to use in data

--aaaa-addr=STRING
--a-record-address=STRING
AAAA record (IPv6) address to use in data

Output Data Type Selection:
-p STRING
--record-prefixes=STRING
Comma separated list of record prefixes to use

-P STRING
--ns-prefixes=STRING
Comma separated list of NS record prefixes to use

-c
--no-cname-records
Don't create CNAME records

-s
--no-ns-records
Don't create sub-zone records

Task Selection:
-g
--dont-generate-zone
Do not generate the zone; use the existing and sign/modify it

-z
--dont-run-zonesigner
Do not run zonesigner to sign the records

-Z
--dont-destroy
Do not destroy the records and leave them properly signed

--bind-config=STRING
Generate a bind configuration file snippit to load the DB sets

--html-out=STRING
Generate a HTML page containing a list of record names

--apache-out=STRING
Generate a Apache config snippit for configuring apache for each zone record

--sh-test-out=STRING
Generate a test script for running dig commands

-v
--verbose
Verbose output

Zonesigner Configuration:
-a STRING
--zonesigner-arguments=STRING
Arguments to pass to zonesigner

-k
--generate-keys
Have zonesigner generate needed keys

Bind Configuration Options
--bind-db-dir=STRING
The base directory where the bind DB files will be placed

HTML Output Configuration
--html-out-add-links
Make each html record name a http link to that address

--html-out-add-db-links
Add a link to each of the generated DB files.

--html-out-add-donuts-links
Add a link to each of the generated donuts error list files.

SH Test Script Configuration Options
--sh-test-resolver=STRING
The resolver address to force

Help Options
-h Display a help summary (short flags preferred)

--help
Display a help summary (long flags preferred)

--help-full
Display all help options (both short and long)

--version
Display the script version number.

ADDING NEW OUTPUT


The following section discusses how to extend the maketestzone tool with new output
modifications.

ADDING LEGEND INFORMATION
For the legend HTML output, the %LegendInformation hash contains a keyname and description
for each modification type.

ADDING NEW SUBZONE DIFFERENCES
The %zonesigner_domain_opts hash lists additional arguments between how zonesigner is
called for various sub-domains. Thus you can create additional sub-zones with different
zonesigner optionns to test other operational parameters between parent and child. For
example:

'rollzsk-ns.' . $opts{'d'} => '-rollzsk',

Forces the rollzsk-ns test sub-zone to roll it's zsk when the zone is signed.

ADDING NEW RECORD MODIFICATIONS
Maketestzone is in early development stages but already has the beginnings of an
extnesible system allowing you to modify records at will based on regexp => subroutine
hooks.

To add a new modification, add a new keyword to the 'p' and optionally 'P' default flags
(or add it at run time), and then add a new function to the list of callbacks defined in
the %destroyFunctions hash that is based on your new keyword. When the file is getting
parsed and hits a record matching your expression, your functional will be called.
Arguments can be added to the function by passing an array reference where the first
argument is the subroutine to be called, and the remainder are additional arguments.
Output lines should be printed to the $fh file handle.

Here's an example function that deletes the RRSIG signature of the next record:

sub delete_signature {
# the first 2 arguments are always passed; the other was in the
# array refeence the subroutine was registered with.
my ($name, $type, $expr) = @_;

Verbose(" deleting signatures of $_[0]");

# print the current line
print $fh $_;

my $inrec = 0;
while (<I>) {
# new name record means we're done.
last if /^\w/;

# we're in a multi-line rrsig record
$inrec = 1 if (/$expr\s+$type/);

# print the line if we're not in the rrsig record
print $fh $_ if (!$inrec);

# when done with the last line of the rrsig record, mark this spot
$inrec = 0 if (/\)/);
}
}

This is then registered within %destroyFunctions. Here's an example of registering the
function to delete the signature on a DS record:

'^(nosig[-\w]+).*IN\s+NS\s+' => [\&delete_signature, 'DS', 'RRSIG'],

COPYRIGHT


Copyright 2004-2013 SPARTA, Inc. All rights reserved. See the COPYING file included with
the DNSSEC-Tools package for details.

Use maketestzonep online using onworks.net services


Free Servers & Workstations

Download Windows & Linux apps

  • 1
    GenX
    GenX
    GenX is a scientific program to refine
    x-ray refelcetivity, neutron
    reflectivity and surface x-ray
    diffraction data using the differential
    evolution algorithm....
    Download GenX
  • 2
    pspp4windows
    pspp4windows
    PSPP is a program for statistical
    analysis of sampled data. It is a free
    replacement for the proprietary program
    SPSS. PSPP has both text-based and
    graphical us...
    Download pspp4windows
  • 3
    Git Extensions
    Git Extensions
    Git Extensions is a standalone UI tool
    for managing Git repositories. It also
    integrates with Windows Explorer and
    Microsoft Visual Studio
    (2015/2017/2019). Th...
    Download Git Extensions
  • 4
    eSpeak: speech synthesis
    eSpeak: speech synthesis
    Text to Speech engine for English and
    many other languages. Compact size with
    clear but artificial pronunciation.
    Available as a command-line program with
    many ...
    Download eSpeak: speech synthesis
  • 5
    Sky Chart / Cartes du Ciel
    Sky Chart / Cartes du Ciel
    SkyChart is a software to draw chart of
    the night sky for the amateur astronomer
    from a bunch of stars and nebulae
    catalogs. See main web page for full
    download...
    Download Sky Chart / Cartes du Ciel
  • 6
    GSmartControl
    GSmartControl
    GSmartControl is a graphical user
    interface for smartctl. It allows you to
    inspect the hard disk and solid-state
    drive SMART data to determine its
    health, as w...
    Download GSmartControl
  • More »

Linux commands

  • 1
    abc2abc
    abc2abc
    abc2abc - a simple abc
    checker/re-formatter/transposer ...
    Run abc2abc
  • 2
    abc2ly
    abc2ly
    abc2ly - manual page for abc2ly
    (LilyPond) 2.18.2 ...
    Run abc2ly
  • 3
    coqmktop
    coqmktop
    coqmktop - The Coq Proof Assistant
    user-tactics linker ...
    Run coqmktop
  • 4
    coqtop
    coqtop
    coqtop - The Coq Proof Assistant
    toplevel system ...
    Run coqtop
  • 5
    g.copygrass
    g.copygrass
    g.copy - Copies available data files in
    the current mapset search path to the
    user�s current mapset. KEYWORDS:
    general, map management ...
    Run g.copygrass
  • 6
    g.dirsepsgrass
    g.dirsepsgrass
    g.dirseps - Internal GRASS utility for
    converting directory separator
    characters. Converts any directory
    separator characters in the input string
    to or from na...
    Run g.dirsepsgrass
  • More »

Ad