Groups > comp.protocols.dns.bind > #16046

Re: how to revert signed db zone file to unsgined plain text (remove dnssec keys)

Path	csiph.com!3.eu.feeder.erje.net!feeder.erje.net!news.szaf.org!nntp-feed.chiark.greenend.org.uk!ewrotcd!usenet-its.stanford.edu!usenet.stanford.edu!not-for-mail
From	Jelle de Jong <jelledejong@powercraft.nl>
Newsgroups	comp.protocols.dns.bind
Subject	Re: how to revert signed db zone file to unsgined plain text (remove dnssec keys)
Date	Sun, 9 Aug 2020 12:03:22 +0200
Lines	30
Approved	bind-users@lists.isc.org
Message-ID	<mailman.798.1596967428.942.bind-users@lists.isc.org> (permalink)
References	<9010d1a0-fc3c-3fc3-c94e-bfcae79fab57@powercraft.nl> <20200809025114.GA46379@isc.org> <26a3b5cb-f2a8-8bdc-b190-5216fbacd6c8@powercraft.nl>
NNTP-Posting-Host	lists.isc.org
Mime-Version	1.0
Content-Type	text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding	7bit
X-Trace	usenet.stanford.edu 1596967472 29432 149.20.1.60 (9 Aug 2020 10:04:32 GMT)
X-Complaints-To	action@cs.stanford.edu
Cc	bind-users@lists.isc.org
Return-Path	<jelledejong@powercraft.nl>
X-Original-To	bind-users@lists.isc.org
Delivered-To	bind-users@lists.isc.org
User-Agent	Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0
In-Reply-To	<20200809025114.GA46379@isc.org>
Content-Language	en-US
X-CMAE-Envelope	MS4wfOxrJ+mU35Rc8i4NXccME4I/9nSM97fckx1mcRfAV6P8lz+sk1ZkluSB1Bwqal/2Ux+YQzxdkIgPzY/ZfVh0qj+gGEuJqy+1qRnaedMRIrHbG7IRtie4 swZDKzzbOzs6z1dUKpQBzQ5jZtJZcMLqetjVfuKoui2QTKpsSLk5RY7j++Yzffjr9LtgpB4QmDU7kA==
X-Spam-Status	No, score=0.5 required=5.0 tests=MISSING_HEADERS, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE, SPF_PASS autolearn=disabled version=3.4.2
X-Spam-Checker-Version	SpamAssassin 3.4.2 (2018-09-13) on mx.pao1.isc.org
X-BeenThere	bind-users@lists.isc.org
X-Mailman-Version	2.1.29
Precedence	list
List-Id	BIND Users Mailing List <bind-users.lists.isc.org>
List-Unsubscribe	<https://lists.isc.org/mailman/options/bind-users>, <mailto:bind-users-request@lists.isc.org?subject=unsubscribe>
List-Archive	<https://lists.isc.org/pipermail/bind-users/>
List-Post	<mailto:bind-users@lists.isc.org>
List-Help	<mailto:bind-users-request@lists.isc.org?subject=help>
List-Subscribe	<https://lists.isc.org/mailman/listinfo/bind-users>, <mailto:bind-users-request@lists.isc.org?subject=subscribe>
X-Mailman-Original-Message-ID	<26a3b5cb-f2a8-8bdc-b190-5216fbacd6c8@powercraft.nl>
X-Mailman-Original-References	<9010d1a0-fc3c-3fc3-c94e-bfcae79fab57@powercraft.nl> <20200809025114.GA46379@isc.org>
Xref	csiph.com comp.protocols.dns.bind:16046

Show key headers only | View raw

On 2020-08-09 04:51, Evan Hunt wrote:
> On Sat, Aug 08, 2020 at 09:17:09PM +0200, Jelle de Jong wrote:
>> This will sound counter intuitive but I want to convert a
>> db.powercraft.nl.signed file to db.powercraft.nl (unsigned without keys). I
>> do have the keys used, but not the original file that got singed.
>>
>> I know I can convert the raw format to text but the zone file is rather big
>> and i want to get rid of all the sign keys.
>>
>> named-compilezone -f raw -F text -o powercraft.nl.text powercraft.nl
>> /var/cache/bind/db.powercraft.nl.signed
>>
>> named-checkzone -D -f raw powercraft.nl
>> /var/cache/bind/db.powercraft.nl.signed
> 
> You can just regex out all the DNSSEC-related types. Something like
> this ought to work:
> 
> $ named-compilezone -f raw -F text -s full -o - powercraft.nl | \
>    awk '$4 ~ /(DNSKEY|DS|RRSIG|NSEC|NSEC3|NSEC3PARAM)/ {next} {print}'

Thank you for your reply, there are still a lot of ; 
resign=20200802123322 lines, but it does clean up a lot better, sorted 
on record type it would become useful, ideas?

Is there no clean named command to do this output?

Kind regards,

Jelle de Jong

Back to comp.protocols.dns.bind | Previous | Next | Find similar

Thread

Re: how to revert signed db zone file to unsgined plain text (remove dnssec keys) Jelle de Jong <jelledejong@powercraft.nl> - 2020-08-09 12:03 +0200

csiph-web