1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
|
# Copyright 2007-2012 SPARTA, Inc. All rights reserved.
# See the COPYING file included with the DNSSEC-Tools package for details.
DNSSEC-Tools
Is your domain secure?
rollerd-basic demo
This directory contains tools and data for demonstrating the
DNSSEC-Tools rollover daemon.
This demo shows the basic operation of rollerd as it controls zone
rollover for three zones. A graphical window will appear showing
the zones' rollover phases and in-use encryption keys. As rollover
proceeds, the phases and key names (as displayed in the graphical
window) will change.
To run the demo:
- Run the demo with these commands:
# make basic
# rundemo
The first command will build and sign the zones and initialize
various state.
The second command starts the demo running.
- This demo uses *very* short zone lifetimes, lifetimes that
are impractically short. The makefile has other demo targets;
consult the Makefile for other options.
- A graphical window is created that holds the whole of the demo
output. The window in which the demo was started will have a
"tail -f log.demo" of rollerd's log file.
Occasionally, the display of the log.demo contents won't start.
This can be fixed by giving a control-C in that window.
All commands should be run as root.
To stop the demo:
- Run this command:
# rollctl -halt
Stopping rollerd will also stop the blinkenlights graphical program.
Usually.
Demo Operation:
- The demo follows the rollover operation of two zones: example.com
and test.com. This is a very simple demo -- the rollover
phase and key names are what visibly change.
- The colors of the blocks in the "Rollover Phase" column change to
show the change in rollover phase:
During normal operation, the color is supposed to match the
rest of the row.
During rollover, the colors start very light in phase 1 and
progressively converge on the color of the rest of the row
as rollover phases move along
- The ZSK key names are given vertically in this order: current,
published, new. When a rollover cycle completes:
- the old "published" key becomes the new "current" key
- the old "new" key becomes the new "published" key
- a new "new" key is created
This gives the effect of the key names (very slowly) rolling up the
screen and disappearing.
- The zones have different expiration times, so don't expect each
zone to proceed at the same rate.
- The times given in the "Rollover Phase" columns are approximate
and depend on rollerd, blinkenlights, multitasking queue updates,
and timers timing out.
- When the demo is first started, example.com is in
active rollover management. test.com is not being rolled at
the start of the demo. At some point, rollover for test.com
should be started with this command:
# rollctl -rollzsk test.com
- If you want to disable a zone's rollover, use this command:
# rollctl -skipzone <zonename>
- Demo phases 2 and 4 are very short-lived. It is possible to
miss them if you blink at the wrong time. Seriously.
- If you've got all the demo files, you can run the demo by just
executing "rundemo". It's probably best, however, to start
fresh each time by running "make basic" before running "rundemo".
Possible cosmetic changes, if desired:
- If demo window is too big (or too small) adjust the size by editing
blinkenlights and changing the font size variable $fontsize.
- If you don't like the descriptions in the "Rollover Phase" column,
they may be fixed in blinkenlights in @phasedescr.
- If you don't like the rollover-phase colors of the "Rollover Phase"
column, they may be changed in blinkenlights in @phasecolors.
- There's some extra horizontal spacing added to strings for column
spacing and readability. If this is too much, then it can be
adjusted in blinkenlights in these places:
- "Zone Name" column: zonestripe(), where $zonetxt is set.
- "Rollover Phase" column: @phasedescr
- "ZSK Type" column: zonestripe(), in the code with the
"Third Column" comment.
- "ZSK Name" column: zonestripe(), in the code with the
"Add some spacing" comment.
- If you don't like the skipped-zone color, it may be changed in
blinkenlights in $skipcolor.
- If you want the zone name to be centered, then adjust the commented
lines in zonestripe() near the "First column" comment. The first
commented line may just be uncommented. The second commented line
must be switch with a similar line such that the "-anchor => 'w'"
is no longer in effect.
WARNINGS:
- This demo requires the DNSSEC-Tools scripts and modules, BIND, Perl,
and Perl/Tk.
- Occasionally, blinkenlights will not go away when you stop the demo.
Clicking in that window and giving a ctrl-Q should kill the program.
Files:
Makefile Makefile to control demo execution.
README This file.
blinkenlights Demo GUI -- shows pretty colors.
rundemo Executes demo.
save-demo.rollrec Pristine copy of demo's rollrec file.
save-example.com Pristine copy of example.com's zone file.
save-test.com Pristine copy of test.com's zone file.
|
