Groups | Search | Server Info | Keyboard shortcuts | Login | Register
Groups > comp.protocols.dns.bind > #16045
| From | Evan Hunt <each@isc.org> |
|---|---|
| Newsgroups | comp.protocols.dns.bind |
| Subject | Re: how to revert signed db zone file to unsgined plain text (remove dnssec keys) |
| Date | 2020-08-09 02:51 +0000 |
| Message-ID | <mailman.797.1596941434.942.bind-users@lists.isc.org> (permalink) |
| References | <9010d1a0-fc3c-3fc3-c94e-bfcae79fab57@powercraft.nl> <20200809025114.GA46379@isc.org> |
On Sat, Aug 08, 2020 at 09:17:09PM +0200, Jelle de Jong wrote:
> This will sound counter intuitive but I want to convert a
> db.powercraft.nl.signed file to db.powercraft.nl (unsigned without keys). I
> do have the keys used, but not the original file that got singed.
>
> I know I can convert the raw format to text but the zone file is rather big
> and i want to get rid of all the sign keys.
>
> named-compilezone -f raw -F text -o powercraft.nl.text powercraft.nl
> /var/cache/bind/db.powercraft.nl.signed
>
> named-checkzone -D -f raw powercraft.nl
> /var/cache/bind/db.powercraft.nl.signed
You can just regex out all the DNSSEC-related types. Something like
this ought to work:
$ named-compilezone -f raw -F text -s full -o - powercraft.nl | \
awk '$4 ~ /(DNSKEY|DS|RRSIG|NSEC|NSEC3|NSEC3PARAM)/ {next} {print}'
--
Evan Hunt -- each@isc.org
Internet Systems Consortium, Inc.
Back to comp.protocols.dns.bind | Previous | Next | Find similar
Re: how to revert signed db zone file to unsgined plain text (remove dnssec keys) Evan Hunt <each@isc.org> - 2020-08-09 02:51 +0000
csiph-web