Groups | Search | Server Info | Login | Register
Groups > comp.protocols.dns.bind > #16046
| From | Jelle de Jong <jelledejong@powercraft.nl> |
|---|---|
| Newsgroups | comp.protocols.dns.bind |
| Subject | Re: how to revert signed db zone file to unsgined plain text (remove dnssec keys) |
| Date | 2020-08-09 12:03 +0200 |
| Message-ID | <mailman.798.1596967428.942.bind-users@lists.isc.org> (permalink) |
| References | <9010d1a0-fc3c-3fc3-c94e-bfcae79fab57@powercraft.nl> <20200809025114.GA46379@isc.org> <26a3b5cb-f2a8-8bdc-b190-5216fbacd6c8@powercraft.nl> |
On 2020-08-09 04:51, Evan Hunt wrote:
> On Sat, Aug 08, 2020 at 09:17:09PM +0200, Jelle de Jong wrote:
>> This will sound counter intuitive but I want to convert a
>> db.powercraft.nl.signed file to db.powercraft.nl (unsigned without keys). I
>> do have the keys used, but not the original file that got singed.
>>
>> I know I can convert the raw format to text but the zone file is rather big
>> and i want to get rid of all the sign keys.
>>
>> named-compilezone -f raw -F text -o powercraft.nl.text powercraft.nl
>> /var/cache/bind/db.powercraft.nl.signed
>>
>> named-checkzone -D -f raw powercraft.nl
>> /var/cache/bind/db.powercraft.nl.signed
>
> You can just regex out all the DNSSEC-related types. Something like
> this ought to work:
>
> $ named-compilezone -f raw -F text -s full -o - powercraft.nl | \
> awk '$4 ~ /(DNSKEY|DS|RRSIG|NSEC|NSEC3|NSEC3PARAM)/ {next} {print}'
Thank you for your reply, there are still a lot of ;
resign=20200802123322 lines, but it does clean up a lot better, sorted
on record type it would become useful, ideas?
Is there no clean named command to do this output?
Kind regards,
Jelle de Jong
Back to comp.protocols.dns.bind | Previous | Next | Find similar
Re: how to revert signed db zone file to unsgined plain text (remove dnssec keys) Jelle de Jong <jelledejong@powercraft.nl> - 2020-08-09 12:03 +0200
csiph-web