Tags

Following script will check the expiry of RRSIG and if it’s expiring within 7 days; it will sign your zone again.

#!/bin/bash

declare -i expire_date
declare -i currert_date
declare -i d1
declare -i diff

expire_date="$(date +%s -d $(dig +short fakrul.com +dnssec SOA | awk '$2 == 7 { print $0}' | cut -d' ' -f5 | cut -c1-8))"
echo "Expire date: $expire_date"
#expire_date="$(dig +short fakrul.com +dnssec SOA | awk '$2 == 7 { print $0}' | cut -d' ' -f5 | cut -c1-8)"
currert_date="$(date +%s)"
echo "Current date: $currert_date"

diff=$((expire_date-currert_date))/86400
echo "Days to expire: $diff"

if [ "$diff" -gt "7" ]
then
echo "RRSIG will not expiring within one week. No need to sign the zone"
else
echo "RRSIG will expire next week. Sign DNS Zone......"
sudo ldns-signzone /etc/nsd/ZONES/fakrul.com.zone /etc/nsd/KSK/Kfakrul.com.+007+22704 /etc/nsd/ZSK/Kfakrul.com.+007+04664 -f /etc/nsd/SIGNED/fakrul.com.zone.signed
echo "Reload NSD......"
/etc/init.d/nsd reload
fi