zdns -- DNS zones creator helper
-This is very simple zsh-based helper functions to create DNS zones.
+This is very simple Tcl-based helper functions to create DNS zones.
Many things are hardcoded there. Basically you just write ordinary
-zsh script, sourcing the rc.zsh, containing various helper functions.
+Tcl script, sourcing the rc.tcl, containing various helper functions.
It expects DOMAIN variable to be set.
+Initially that utility was written on zsh, but later it was replaced
+with Tcl.
+
* fqdn(domain) -- prints fully-qualified domain name, taking either
"domain.", or "@", or "subdomain" names
-* shortened(domain) -- prints $DOMAIN-relative shortened name, printing
+* shorten(domain) -- prints $DOMAIN-relative shortened name, printing
only subdomain parts or "@"
-* zone_start(serial) -- prints SOA record with two predefined (hardcoded)
+* zone(serial) -- prints SOA record with two predefined (hardcoded)
nameservers and none DMARC policy
-* add_mx(domain) -- add predefined MX records for given domain, with
+* mx(domain) -- add predefined MX records for given domain, with
predefined redirect-based SPF policy
-* add_dane(domain) -- add DANE records for given domain. You have to
- have tls/ subdirectory, containing zeasypki's state
+* dane(domain, [port=443]) -- add DANE records for given domain. You
+ have to have tls/ subdirectory, containing zeasypki's state
(http://www.git.stargrave.org/?p=zeasypki.git;a=blob;f=README)
It looks in each CA's subdirectory if keypair exists for the domain,
printing necessary CAA and TLSA records
-* add_ssh(domain) -- searches for corresponding public key in ssh/
+* ssh(domain) -- searches for corresponding public key in ssh/
subdirectory and (if it exists) prints corresponding SSHFP record
-* add_subdomain(domain, addresses) -- adds specified domain with
- provided space-separated addresses. It automatically calls add_dane
- and add_ssh helpers. Unless $NOSPF=1 is specified, it prints "-all"
- SPF policy. If $Y=1 is specified, then it adds "y.domain" address with
- predefined $Y6 address and "-all" SPF policy
-* add_pgp(keyid, uid) -- prints _openpgpkey DANE record for given
- OpenPGP key of desired UID. "uid" is optional and useful only if your
- key have got multiple UIDs and you need to add only the single
- specified one
+* subdomain(domain, addrs, [y mailable dane:PORT]) -- adds specified domain
+ with provided space-separated addresses. It automatically calls dane
+ and ssh helpers. Third argument is a list containing three optional
+ elements. Unless "mailable" is specified, it prints "-all" SPF policy
+ and sets null MX. If "y" is specified, it adds "y.domain" address with
+ predefined $Y6 address with "-all" SPF policy and null MX
+* pgp(keyid, uid) -- prints _openpgpkey DANE record for given OpenPGP
+ key of desired UID. "uid" is optional and useful only if your key have
+ got multiple UIDs and you need to add only the single specified one
-To omit burden of sourcing rc.zsh, setting $DOMAIN and rebuilding zones
+To omit burden of sourcing rc.tcl, setting $DOMAIN and rebuilding zones
after its change, there is default.zone.do redo (http://cr.yp.to/redo.html)
-target, expecting your script in $domain.zsh file.
+target, expecting your script in $domain.tcl file.
For example the zone for nncpgo.org domain with mail-capabilities, WWW
subdomain (available via Yggdrasil network), OpenPGP DANE key,
created the following way:
$ ln -fs /path/to/zeasypki/state tls
- $ [[ -d tls/ee/ecdsa/ca.cypherpunks.ru/openpgpkey.nncpgo.org ]]
- $ [[ -d tls/ee/gost/cagost.cypherpunks.ru/openpgpkey.nncpgo.org ]]
- $ [[ -d tls/ee/ecdsa/ca.cypherpunks.ru/www.nncpgo.org ]]
- $ [[ -d tls/ee/gost/cagost.cypherpunks.ru/www.nncpgo.org ]]
+ $ [[ -d tls/ee/eddsa/ca.cypherpunks.su/openpgpkey.nncpgo.org ]]
+ $ [[ -d tls/ee/gost/cagost.cypherpunks.su/openpgpkey.nncpgo.org ]]
+ $ [[ -d tls/ee/eddsa/ca.cypherpunks.su/www.nncpgo.org ]]
+ $ [[ -d tls/ee/gost/cagost.cypherpunks.su/www.nncpgo.org ]]
$ mkdir -p ssh
- $ print ssh-ed25519 AAAA... > ssh/www.nncpgo.org
+ $ print ssh-ed25519 AAAA... >ssh/www.nncpgo.org
- $ cat > nncpgo.org.zsh <<EOF
- zone_start 2012011633
- add_mx @
- Y=1 add_subdomain www "$GW4 $GW6 $VPS4 $VPS6"
- Y=1 add_subdomain openpgpkey "$GW4 $GW6"
- add_pgp releases@nncpgo.org
+ $ cat >nncpgo.org.tcl <<EOF
+ zone 2012011633
+ mx @
+ subdomain www "$GW4 $GW6 $VPS4 $VPS6" y
+ subdomain openpgpkey "$GW4 $GW6" y
+ pgp releases@nncpgo.org
EOF
$ redo nncpgo.org.zone
www AAAA 2a03:e2c0:2663:1::1
www A 45.10.110.72
www AAAA 2a04:ac00:a:146::25
- www CAA 0 issue "ca.cypherpunks.ru"
+ www CAA 0 issue "ca.cypherpunks.su"
_443._tcp.www TLSA 3 1 1 0a77...d187
- www CAA 0 issue "cagost.cypherpunks.ru"
+ www CAA 0 issue "cagost.cypherpunks.su"
_443._tcp.www TLSA 3 1 1 9b98...7b3a
+ www SSHFP 4 2 e72b...c53f
www TXT "v=spf1 -all"
+ www MX 0 .
y.www AAAA 21a:af91:8d0e:b05:9645:e4e9:12be:3c39
y.www TXT "v=spf1 -all"
+ y.www MX 0 .
openpgpkey A 91.211.5.21
openpgpkey AAAA 2a03:e2c0:2663:1::1
- openpgpkey CAA 0 issue "ca.cypherpunks.ru"
+ openpgpkey CAA 0 issue "ca.cypherpunks.su"
_443._tcp.openpgpkey TLSA 3 1 1 ddf4...e89c
- openpgpkey CAA 0 issue "cagost.cypherpunks.ru"
+ openpgpkey CAA 0 issue "cagost.cypherpunks.su"
_443._tcp.openpgpkey TLSA 3 1 1 2075...7c3d
openpgpkey TXT "v=spf1 -all"
+ openpgpkey MX 0 .
y.openpgpkey AAAA 21a:af91:8d0e:b05:9645:e4e9:12be:3c39
y.openpgpkey TXT "v=spf1 -all"
+ y.openpgpkey MX 0 .
; NNCP releases <releases@nncpgo.org>
2019...15ac._openpgpkey TYPE61 \# 655 (...)