BASE = distorted.org.uk
ZONE = dnserr.$(BASE)
-KEYGEN = dnssec-keygen -aRSASHA256 -b1024 -Kkey/
+KEYGEN = dnssec-keygen -aRSASHA256 -b1024 -r/dev/urandom -Kkey/
SIGNZONE = dnssec-signzone -S -Kkey/ -dds/
SIGVALID = -s20000101000000 -e20300101000000
SIGOLD = -s20000101000000 -e20010101000000
TARGETS += dnserr.zone.sig
OLDSIGMATCH = $$1 == "expired-rrsig.$(ZONE)." && \
- $$4 == "RRSIG" && $$5 == "A"
+ $$4 == "RRSIG" && ($$5 == "A" || $$5 == "AAAA")
BADSIGMATCH = $$1 == "invalid-rrsig.$(ZONE)." && \
- $$4 == "RRSIG" && $$5 == "A"
+ $$4 == "RRSIG" && ($$5 == "A" || $$5 == "AAAA")
CLEAN += t.oldsig
dnserr.zone.sig: dnserr.zone.sigold dnserr.zone.signew
awk '$(OLDSIGMATCH) { print; }' \
dnserr.zone.sigold >t.oldsig
- awk '$(OLDSIGMATCH) { system("cat t.oldsig"); next; } \
- { gsub(/invalid-rrsigx/, "invalid-rrsig"); print; }' \
- dnserr.zone.signew >$@.new
+ awk '$(OLDSIGMATCH) { \
+ if (!doneoldsig) { system("cat t.oldsig"); doneoldsig = 1; } \
+ next; \
+ } \
+ $(BADSIGMATCH) { \
+ s = $$13; \
+ for (i = length(s)/2; i > 0; i--) { \
+ c = substr(s, i, 1); \
+ if (c != tolower(c)) { c = tolower(c); break; } \
+ else if (c != toupper(c)) { c = toupper(c); break; } \
+ } \
+ $$13 = substr(s, 1, i) c substr(s, i + 2); \
+ } \
+ { print; }' \
+ dnserr.zone.signew >$@.new
+ rm t.oldsig
mv $@.new $@
CLEAN += $(TARGETS)