#!/bin/bash
# from http://www.isc.org/files/DNSSEC_in_6_minutes.pdf
set -o errexit

zonename="$1"; shift
zonefile="$1"; shift

bak="${zonefile}.$(date +%s)"

test -e $zonefile || { echo "no zonefile '$zonefile'"; exit 1; }
cd $(dirname $zonefile)
cp $zonefile $bak

dnssec-signzone -l dlv.isc.org. -N increment -o $zonename $zonefile && {
	rndc reload $zonename
	rm -f $bak
}