On Sat, Aug 08, 2020 at 09:17:09PM +0200, Jelle de Jong wrote: > This will sound counter intuitive but I want to convert a > db.powercraft.nl.signed file to db.powercraft.nl (unsigned without keys). I > do have the keys used, but not the original file that got singed. > > I know I can convert the raw format to text but the zone file is rather big > and i want to get rid of all the sign keys. > > named-compilezone -f raw -F text -o powercraft.nl.text powercraft.nl > /var/cache/bind/db.powercraft.nl.signed > > named-checkzone -D -f raw powercraft.nl > /var/cache/bind/db.powercraft.nl.signed
You can just regex out all the DNSSEC-related types. Something like this ought to work: $ named-compilezone -f raw -F text -s full -o - powercraft.nl | \ awk '$4 ~ /(DNSKEY|DS|RRSIG|NSEC|NSEC3|NSEC3PARAM)/ {next} {print}' -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users