Path: csiph.com!3.eu.feeder.erje.net!feeder.erje.net!news.szaf.org!nntp-feed.chiark.greenend.org.uk!ewrotcd!usenet-its.stanford.edu!usenet.stanford.edu!not-for-mail
From: Jelle de Jong <jelledejong@powercraft.nl>
Newsgroups: comp.protocols.dns.bind
Subject: Re: how to revert signed db zone file to unsgined plain text (remove dnssec keys)
Date: Sun, 9 Aug 2020 12:03:22 +0200
Lines: 30
Approved: bind-users@lists.isc.org
Message-ID: <mailman.798.1596967428.942.bind-users@lists.isc.org>
References: <9010d1a0-fc3c-3fc3-c94e-bfcae79fab57@powercraft.nl> <20200809025114.GA46379@isc.org> <26a3b5cb-f2a8-8bdc-b190-5216fbacd6c8@powercraft.nl>
NNTP-Posting-Host: lists.isc.org
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Trace: usenet.stanford.edu 1596967472 29432 149.20.1.60 (9 Aug 2020 10:04:32 GMT)
X-Complaints-To: action@cs.stanford.edu
Cc: bind-users@lists.isc.org
Return-Path: <jelledejong@powercraft.nl>
X-Original-To: bind-users@lists.isc.org
Delivered-To: bind-users@lists.isc.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0
In-Reply-To: <20200809025114.GA46379@isc.org>
Content-Language: en-US
X-CMAE-Envelope: MS4wfOxrJ+mU35Rc8i4NXccME4I/9nSM97fckx1mcRfAV6P8lz+sk1ZkluSB1Bwqal/2Ux+YQzxdkIgPzY/ZfVh0qj+gGEuJqy+1qRnaedMRIrHbG7IRtie4 swZDKzzbOzs6z1dUKpQBzQ5jZtJZcMLqetjVfuKoui2QTKpsSLk5RY7j++Yzffjr9LtgpB4QmDU7kA==
X-Spam-Status: No, score=0.5 required=5.0 tests=MISSING_HEADERS, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE, SPF_PASS autolearn=disabled version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on mx.pao1.isc.org
X-BeenThere: bind-users@lists.isc.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: BIND Users Mailing List <bind-users.lists.isc.org>
List-Unsubscribe: <https://lists.isc.org/mailman/options/bind-users>, <mailto:bind-users-request@lists.isc.org?subject=unsubscribe>
List-Archive: <https://lists.isc.org/pipermail/bind-users/>
List-Post: <mailto:bind-users@lists.isc.org>
List-Help: <mailto:bind-users-request@lists.isc.org?subject=help>
List-Subscribe: <https://lists.isc.org/mailman/listinfo/bind-users>, <mailto:bind-users-request@lists.isc.org?subject=subscribe>
X-Mailman-Original-Message-ID: <26a3b5cb-f2a8-8bdc-b190-5216fbacd6c8@powercraft.nl>
X-Mailman-Original-References: <9010d1a0-fc3c-3fc3-c94e-bfcae79fab57@powercraft.nl> <20200809025114.GA46379@isc.org>
Xref: csiph.com comp.protocols.dns.bind:16046

On 2020-08-09 04:51, Evan Hunt wrote:
> On Sat, Aug 08, 2020 at 09:17:09PM +0200, Jelle de Jong wrote:
>> This will sound counter intuitive but I want to convert a
>> db.powercraft.nl.signed file to db.powercraft.nl (unsigned without keys). I
>> do have the keys used, but not the original file that got singed.
>>
>> I know I can convert the raw format to text but the zone file is rather big
>> and i want to get rid of all the sign keys.
>>
>> named-compilezone -f raw -F text -o powercraft.nl.text powercraft.nl
>> /var/cache/bind/db.powercraft.nl.signed
>>
>> named-checkzone -D -f raw powercraft.nl
>> /var/cache/bind/db.powercraft.nl.signed
> 
> You can just regex out all the DNSSEC-related types. Something like
> this ought to work:
> 
> $ named-compilezone -f raw -F text -s full -o - powercraft.nl | \
>    awk '$4 ~ /(DNSKEY|DS|RRSIG|NSEC|NSEC3|NSEC3PARAM)/ {next} {print}'

Thank you for your reply, there are still a lot of ; 
resign=20200802123322 lines, but it does clean up a lot better, sorted 
on record type it would become useful, ideas?

Is there no clean named command to do this output?

Kind regards,

Jelle de Jong