#!/bin/bash
# from http://www.isc.org/files/DNSSEC_in_6_minutes.pdf
set -o errexit

zonename="$1"; shift
zonefile="$1"; shift


test -e $zonefile || { echo "no zonefile '$zonefile'"; exit 1; }
cd $(dirname $zonefile)
cp $zonefile ${zonefile}.$(date +%s)

echo "Creating the ZSK"
dnssec-keygen -a RSASHA1 -b 1024 -n ZONE $zonename

echo "Creating the KSK"
dnssec-keygen -a RSASHA1 -b 4096 -n ZONE -f KSK $zonename

(echo; cat K${zonename}*.key )  >> $zonefile

echo "Signing the zone"
dnssec-signzone -l dlv.isc.org. -N increment -o $zonename $zonefile

cat<<EOF
Change named.conf to:

	zone "$zonename" {
		file "${PWD}/${zonefile}.signed";
	};

Go register your zone at http://www.isc.org/ops/dlv/
EOF