# Converts a nsd 2 "nsd.zones" file to a nsd 3 "nsd.conf" file. # Change at will nsd_zones_name = "./nsd.zones" key_dir = "/local/nsd/etc/keys" # Directory holding the TSIG keys import re import os.path zone_line_re = re.compile("^zone\s+([a-z0-9\.-]+)\s+secondary/[a-z0-9\.-]+\s+masters\s+([0-9a-f:\. ]+)\s*$", re.IGNORECASE) comment_re = re.compile("^\s*;") nsd_zones = open(nsd_zones_name) keys = {} for line in nsd_zones.xreadlines(): match = zone_line_re.search(line) if match: zone = match.group(1) master_group = match.group(2) masters = re.split("\s+", master_group) print """zone: name: "%s" zonefile: "%s" # This is to allow "nsdc update" to work. allow-notify: 127.0.0.1 NOKEY # This is a slave zone. Masters are listed below.""" % (zone, zone) for master in masters: if re.search("^\s*$", master): continue key_filename = "%s/%s.tsiginfo" % (key_dir, master) if os.path.exists(key_filename): key_content = open(key_filename) peer_ip = key_content.readline() peer_ip = peer_ip[:-1] key_name = key_content.readline() key_name = key_name[:-1] algorithm = key_content.readline() algorithm = int(algorithm[:-1]) if algorithm == 157: algorithm_name = "hmac-md5" else: raise Exception("Unsupported TSIG algorithm %i" % algorithm) secret = key_content.readline() secret = secret[:-1] key_content.close() key = key_name keys[key_name] = { 'algorithm': algorithm_name, 'secret': secret} else: key = "NOKEY" print """ allow-notify: %s %s request-xfr: %s %s""" % (master, key, master, key) print "" else: if comment_re.search(line): pass else: raise Exception("Invalid line \"%s\"" % line) nsd_zones.close() for key in keys.keys(): print """key: name: "%s" algorithm: %s secret: "%s" """ % (key, keys[key]['algorithm'], keys[key]['secret']) print "" ## Local Variables: ## ## mode:python ## ## End: ##