zdns -- DNS zones creator helper
-This is very simple zsh-based helper functions to create DNS zones.
+This is very simple Tcl-based helper functions to create DNS zones.
Many things are hardcoded there. Basically you just write ordinary
-zsh script, sourcing the rc.zsh, containing various helper functions.
+Tcl script, sourcing the rc.tcl, containing various helper functions.
It expects DOMAIN variable to be set.
+Initially that utility was written on zsh, but later it was replaced
+with Tcl.
+
* fqdn(domain) -- prints fully-qualified domain name, taking either
"domain.", or "@", or "subdomain" names
-* shortened(domain) -- prints $DOMAIN-relative shortened name, printing
+* shorten(domain) -- prints $DOMAIN-relative shortened name, printing
only subdomain parts or "@"
-* zone_start(serial) -- prints SOA record with two predefined (hardcoded)
+* zone(serial) -- prints SOA record with two predefined (hardcoded)
nameservers and none DMARC policy
-* add_mx(domain) -- add predefined MX records for given domain, with
+* mx(domain) -- add predefined MX records for given domain, with
predefined redirect-based SPF policy
-* add_dane(domain) -- add DANE records for given domain. You have to
- have tls/ subdirectory, containing zeasypki's state
+* dane(domain, [port=443]) -- add DANE records for given domain. You
+ have to have tls/ subdirectory, containing zeasypki's state
(http://www.git.stargrave.org/?p=zeasypki.git;a=blob;f=README)
It looks in each CA's subdirectory if keypair exists for the domain,
printing necessary CAA and TLSA records
-* add_ssh(domain) -- searches for corresponding public key in ssh/
+* ssh(domain) -- searches for corresponding public key in ssh/
subdirectory and (if it exists) prints corresponding SSHFP record
-* add_subdomain(domain, addresses) -- adds specified domain with
- provided space-separated addresses. It automatically calls add_dane
- and add_ssh helpers. Unless $NOSPF=1 is specified, it prints "-all"
- SPF policy. If $Y=1 is specified, then it adds "y.domain" address with
- predefined $Y6 address and "-all" SPF policy
-* add_pgp(keyid, uid) -- prints _openpgpkey DANE record for given
- OpenPGP key of desired UID. "uid" is optional and useful only if your
- key have got multiple UIDs and you need to add only the single
- specified one
+* subdomain(domain, addrs, [y nospf dane:PORT]) -- adds specified domain
+ with provided space-separated addresses. It automatically calls dane
+ and ssh helpers. Third argument is a list containing three optional
+ elements. Unless "nospf" is specified, it prints "-all" SPF policy. If
+ "y" is specified, it adds "y.domain" address with predefined $Y6
+ address and "-all" SPF policy
+* pgp(keyid, uid) -- prints _openpgpkey DANE record for given OpenPGP
+ key of desired UID. "uid" is optional and useful only if your key have
+ got multiple UIDs and you need to add only the single specified one
-To omit burden of sourcing rc.zsh, setting $DOMAIN and rebuilding zones
+To omit burden of sourcing rc.tcl, setting $DOMAIN and rebuilding zones
after its change, there is default.zone.do redo (http://cr.yp.to/redo.html)
-target, expecting your script in $domain.zsh file.
+target, expecting your script in $domain.tcl file.
For example the zone for nncpgo.org domain with mail-capabilities, WWW
subdomain (available via Yggdrasil network), OpenPGP DANE key,
$ mkdir -p ssh
$ print ssh-ed25519 AAAA... > ssh/www.nncpgo.org
- $ cat > nncpgo.org.zsh <<EOF
- zone_start 2012011633
- add_mx @
- Y=1 add_subdomain www "$GW4 $GW6 $VPS4 $VPS6"
- Y=1 add_subdomain openpgpkey "$GW4 $GW6"
- add_pgp releases@nncpgo.org
+ $ cat > nncpgo.org.tcl <<EOF
+ zone 2012011633
+ mx @
+ subdomain www "$GW4 $GW6 $VPS4 $VPS6" y
+ subdomain openpgpkey "$GW4 $GW6" y
+ pgp releases@nncpgo.org
EOF
$ redo nncpgo.org.zone
_443._tcp.www TLSA 3 1 1 0a77...d187
www CAA 0 issue "cagost.cypherpunks.ru"
_443._tcp.www TLSA 3 1 1 9b98...7b3a
+ www SSHFP 4 2 e72b...c53f
www TXT "v=spf1 -all"
y.www AAAA 21a:af91:8d0e:b05:9645:e4e9:12be:3c39
y.www TXT "v=spf1 -all"