Commit a7d2c63a authored by ale's avatar ale

Add --dry-run support to the DNSSEC signer

Fixes issue #1.
parent 9fc7301f
Pipeline #4175 failed with stages
in 4 seconds
......@@ -65,7 +65,7 @@ def main():
if opts.key_dir and opts.ds_dir and opts.nsec3_salt:
# Enable DNSSEC support.
pproc = zone.DNSSECSigner(
opts.key_dir, opts.ds_dir, opts.nsec3_salt, opts.dnssec_refresh)
opts.key_dir, opts.ds_dir, opts.nsec3_salt, opts.dnssec_refresh, opts.dry_run)
# Render the zone data to 'output_dir'.
zw = zone.ZoneWriter(opts.output_dir,
......@@ -325,11 +325,12 @@ class DNSSECSigner(object):
random_dev = '/dev/urandom'
def __init__(self, key_dir, ds_dir, nsec3_salt, refresh):
def __init__(self, key_dir, ds_dir, nsec3_salt, refresh, dry_run=False):
self.key_dir = key_dir
self.ds_dir = ds_dir
self.nsec3_salt = nsec3_salt
self.refresh = refresh
self.dry_run = dry_run
def has_keys(self, zone_name):
# One day we'll figure out what the magic numbers are...
......@@ -379,7 +380,7 @@ class DNSSECSigner(object):
if not zone_attrs.get('DNSSEC'):
return filename
outfile = filename + '.signed'
if zone_changed or self.refresh:
if (zone_changed or self.refresh) and not self.dry_run:
if not self.has_keys(zone_name):
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment