chiark / gitweb /
~mdw / dnserr / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
dnserr.in, utils.m4: IPv6 address for blackhole.
[dnserr] / Makefile
diff --git a/Makefile b/Makefile
index 81b88c1861493f34c18bc8aa9f1b42ea8a2e60ca..7a397d16e64d4e05fca18f660b28e6e6eb2f5a34 100644 (file)
--- a/Makefile
+++ b/Makefile
@@ -3,7 +3,7 @@
 BASE                    = distorted.org.uk
 ZONE                    = dnserr.$(BASE)
 
-KEYGEN                  = dnssec-keygen -aRSASHA256 -b1024 -Kkey/
+KEYGEN                  = dnssec-keygen -aRSASHA256 -b1024 -r/dev/urandom -Kkey/
 SIGNZONE                = dnssec-signzone -S -Kkey/ -dds/
 SIGVALID                = -s20000101000000 -e20300101000000
 SIGOLD                  = -s20000101000000 -e20010101000000
@@ -57,16 +57,29 @@ dnserr.zone.sigold: dnserr.zone key/$(ZONE).stamp
 
 TARGETS                        += dnserr.zone.sig
 OLDSIGMATCH             = $$1 == "expired-rrsig.$(ZONE)." && \
-                               $$4 == "RRSIG" && $$5 == "A"
+                               $$4 == "RRSIG" && ($$5 == "A" || $$5 == "AAAA")
 BADSIGMATCH             = $$1 == "invalid-rrsig.$(ZONE)." && \
-                               $$4 == "RRSIG" && $$5 == "A"
+                               $$4 == "RRSIG" && ($$5 == "A" || $$5 == "AAAA")
 CLEAN                  += t.oldsig
 dnserr.zone.sig: dnserr.zone.sigold dnserr.zone.signew
        awk '$(OLDSIGMATCH) { print; }' \
                dnserr.zone.sigold >t.oldsig
-       awk '$(OLDSIGMATCH) { system("cat t.oldsig"); next; } \
-               { gsub(/invalid-rrsigx/, "invalid-rrsig"); print; }' \
-       dnserr.zone.signew >$@.new
+       awk '$(OLDSIGMATCH) { \
+               if (!doneoldsig) { system("cat t.oldsig"); doneoldsig = 1; } \
+               next; \
+            } \
+            $(BADSIGMATCH) { \
+               s = $$13; \
+               for (i = length(s)/2; i >= 0; i--) { \
+                 c = substr(s, i, 1); \
+                 if (c != tolower(c)) { c = tolower(c); break; } \
+                 else if (c != toupper(c)) { c = toupper(c); break; } \
+               } \
+               $$13 = substr(s, 0, i) c substr(s, i + 1); \
+            } \
+            { print; }' \
+               dnserr.zone.signew >$@.new
+       rm t.oldsig
        mv $@.new $@
 
 CLEAN                  += $(TARGETS)
A DNS zone with lots of (intentional) errors.