#!/bin/bash

# Copy Template zone to correct name - very simple, SOA, 2x NS and one A record.
cp db.foo.com.base db.foo.com

# Generate a 'first time' round of keys using 'RSASHA1'
dnssec-keygen -a RSASHA1 -e -b 1024 -n ZONE -v 3 -r /dev/urandom foo.com
dnssec-keygen -a RSASHA1 -e -b 1024 -n ZONE -f KSK -v 3 -r /dev/urandom foo.com

# Old way - append Keys to zone
cat Kfoo.com.+*.key >> db.foo.com

# Sign the thing - simple NSEC
/usr/sbin/dnssec-signzone -a -o foo.com db.foo.com

# Check!
ls -l

# some days later - need to creat a new ZSK
sleep 61 

#Redo the zone - Hey! but use RSASHA256 for all DNS Keys
dnssec-keygen -a RSASHA256 -b 1024 -n ZONE -v 3 -r /dev/urandom foo.com

cp db.foo.com.base db.foo.com
cat Kfoo.com.+*.key >> db.foo.com
/usr/sbin/dnssec-signzone -a -o foo.com db.foo.com

# Check!
ls -l