2 # Called from cron to re-sign all zones that are too old
5 require './bind8-lib.pl';
7 if ($ARGV[0] eq "--debug") {
10 if (!$config{'dnssec_period'}) {
11 print STDERR "Maximum age not set\n" if ($debug);
15 @zones = &list_zone_names();
19 next if ($z->{'type'} ne 'master');
20 print STDERR "Considering zone $z->{'name'}\n" if ($debug);
21 @keys = &get_dnssec_key($z);
22 print STDERR " Key count ",scalar(@keys),"\n" if ($debug);
24 ($zonekey) = grep { !$_->{'ksk'} } @keys;
26 print STDERR " Zone key in ",$zonekey->{'privatefile'},"\n"
30 @st = stat($zonekey->{'privatefile'});
32 print STDERR " Private key file $zonekey->{'privatefile'} ",
33 "missing\n" if ($debug);
36 $old = (time() - $st[9]) / (24*60*60);
37 print STDERR " Age in days $old\n" if ($debug);
38 if ($old > $config{'dnssec_period'}) {
40 $err = &resign_dnssec_key($z);
42 print STDERR " Re-signing failed : $err\n";
46 print STDERR " Re-signed OK\n";