Change objects based on the draft for the new dns system

data/dns/dn42

@@ -1,12 +1,9 @@
 domain:             dn42
-nserver:            lavana.sjc.xuu.dn42 172.22.141.181
-nserver:            lavana.sjc.xuu.dn42 fdea:a15a:77b9:4444::181
-nserver:            kapha.mtr.xuu.dn42  172.22.141.171
-nserver:            kapha.mtr.xuu.dn42  fdea:a15a:77b9:4444::171
-nserver:            rakta.fra.xuu.dn42  172.22.141.191
-nserver:            rakta.fra.xuu.dn42  fdea:a15a:77b9:4444::191
-nserver:            grmml.root.dn42     172.23.149.20
-nserver:            grmml.root.dn42     fd42:23:149:cccc::53
+nserver:            b.delegation-servers.dn42
+nserver:            j.delegation-servers.dn42
+nserver:            k.delegation-servers.dn42
+ds-rdata:           64441 10 2 6dadda00f5986bd26fe4f162669742cf7eba07d212b525acac9840ee06cb2799
+ds-rdata:           3096 10 2 b7c687a99bee60e172ea439bd2d3087b1d970916575db9c1cb591b7ee15d8cb1
 org:                ORG-DN42
 mnt-by:             DN42-MNT
 source:             DN42

data/inet6num/fd00::_8

@@ -3,8 +3,11 @@ cidr:               fd00::/8
 netname:            ROOT-DN42-ULA
 descr:              DN42 ULA Address Space
 remarks:            Only /48 prefixes may be allocated out of this range.
-nserver:            lavana.sjc.xuu.dn42
-nserver:            grmml.root.dn42
+nserver:            b.delegation-servers.dn42
+nserver:            j.delegation-servers.dn42
+nserver:            k.delegation-servers.dn42
+ds-rdata:           64441 10 2 9057500a3b6e09bf45a60ed8891f2e649c6812d5d149c45a3c560fa0a6195c49
+ds-rdata:           3096 10 2 f24b1becf86305aef2517e7864dfbb3dcad80a98c7dcbad3b1a7014708c723b7
 status:             ALLOCATED
 policy:             open
 org:                ORG-DN42

data/inetnum/10.0.0.0_8

@@ -3,9 +3,11 @@ cidr:               10.0.0.0/8
 netname:            BLK-FREIFUNK
 descr:              Freifunk Intercity-VPN
 remarks:            Registry at https://github.com/freifunk/icvpn-meta
-nserver:            m.in-addr-servers.dn42
-nserver:            x.in-addr-servers.dn42
-nserver:            g.in-addr-servers.dn42
+nserver:            b.delegation-servers.dn42
+nserver:            j.delegation-servers.dn42
+nserver:            k.delegation-servers.dn42
+ds-rdata:           64441 10 2 8a39e9df85a73f1982e43c9139e095e8548451d2048d92c2703869ef8bfebbb4
+ds-rdata:           3096 10 2 1fa3673dc2cf9ffa82b429bf25405b44931460b7263a081d586cc61f003a10a2
 status:             ALLOCATED
 policy:             closed
 org:                ORG-DN42

data/inetnum/172.20.0.0_16

@@ -3,9 +3,11 @@ cidr:               172.20.0.0/16
 netname:            NET-BLK016-DN42
 descr:              DN42 native address space
 remarks:            Not free for direct assignments, please use sub-allocated blocks
-nserver:            m.in-addr-servers.dn42
-nserver:            x.in-addr-servers.dn42
-nserver:            g.in-addr-servers.dn42
+nserver:            b.delegation-servers.dn42
+nserver:            j.delegation-servers.dn42
+nserver:            k.delegation-servers.dn42
+ds-rdata:           64441 10 2 616c149633e93d963b0e8f738719630ea0a09f4aabe211b1fbb8fc9f51304027
+ds-rdata:           3096 10 2 6adf85efddf223c8747f1816b12b62feea0b9b1bdb65e7c809202f890a33740d
 status:             ALLOCATED
 policy:             reserved
 org:                ORG-DN42

data/inetnum/172.21.0.0_16

@@ -3,9 +3,11 @@ cidr:               172.21.0.0/16
 netname:            NET-BLK116-DN42
 descr:              DN42 native address space
 remarks:            Not free for direct assignments, please use sub-allocated blocks
-nserver:            m.in-addr-servers.dn42
-nserver:            x.in-addr-servers.dn42
-nserver:            g.in-addr-servers.dn42
+nserver:            b.delegation-servers.dn42
+nserver:            j.delegation-servers.dn42
+nserver:            k.delegation-servers.dn42
+ds-rdata:           64441 10 2 4cc085716ba83f18df1a7fb9f9479d10327e3d30e222c7a197109c7560ae0368
+ds-rdata:           3096 10 2 506fd7f34aaad4df1b6cfa56fe8c00e157b1c32551c981def0c5fd8f65ab14ac
 status:             ALLOCATED
 policy:             reserved
 org:                ORG-DN42

data/inetnum/172.22.0.0_16

@@ -3,9 +3,11 @@ cidr:               172.22.0.0/16
 netname:            NET-BLK216-DN42
 descr:              DN42 native address space
 remarks:            Not free for direct assignments, please use sub-allocated blocks
-nserver:            m.in-addr-servers.dn42
-nserver:            x.in-addr-servers.dn42
-nserver:            g.in-addr-servers.dn42
+nserver:            b.delegation-servers.dn42
+nserver:            j.delegation-servers.dn42
+nserver:            k.delegation-servers.dn42
+ds-rdata:           64441 10 2 383a8c2714d3da76f58cee4c54566566b336b2dfa219b965f7cb706d71c54356
+ds-rdata:           3096 10 2 5437ab49f1cd947d41c585c2cc9c357323013391b0e5f94784f99175142c3260
 status:             ALLOCATED
 policy:             reserved
 org:                ORG-DN42

data/inetnum/172.23.0.0_16

@@ -3,9 +3,11 @@ cidr:               172.23.0.0/16
 netname:            NET-BLK316-DN42
 descr:              DN42 native address space
 remarks:            * Default allocation /27, never more than /24
-nserver:            m.in-addr-servers.dn42
-nserver:            x.in-addr-servers.dn42
-nserver:            g.in-addr-servers.dn42
+nserver:            b.delegation-servers.dn42
+nserver:            j.delegation-servers.dn42
+nserver:            k.delegation-servers.dn42
+ds-rdata:           64441 10 2 e91c0281e705317968c76689e4f36bf2207c90bdfaad071693bb9a999d15778f
+ds-rdata:           3096 10 2 631b00ba00cf80a8300b356bcca2fde4c844f6ff707a2d98b4518c72e0643467
 status:             ALLOCATED
 policy:             open
 org:                ORG-DN42

data/inetnum/172.31.0.0_16

@@ -1,8 +1,11 @@
 inetnum:            172.31.0.0 - 172.31.255.255
 cidr:               172.31.0.0/16
 netname:            ** chaosvpn
-nserver:            ns1.chaosvpn.g.nic.dn42
-nserver:            ns2.chaosvpn.g.nic.dn42
+nserver:            b.delegation-servers.dn42
+nserver:            j.delegation-servers.dn42
+nserver:            k.delegation-servers.dn42
+ds-rdata:           64441 10 2 5f668f3083d65650ab5c4e9fccdddd0c8108e0fa4be39e161e6a58d1741c5b2d
+ds-rdata:           3096 10 2 4ab3c242fdfa6d84cbe83d5c9b0f9b431c6974dd18db32d08a2599ab1b816465
 status:             ALLOCATED
 policy:             closed
 org:                ORG-DN42

fix-infrastructure-objects

@@ -0,0 +1,77 @@
+#!/bin/bash
+
+set -e
+
+KSK_PATTERN="(3096|64441)"
+DS_NSERVER="fd42:180:3de0:10:5054:ff:fe87:ea39"
+
+fix_dns() {
+	set -e
+	SRC="$1"
+	DST="$2"
+	TMP="$(mktemp "/tmp/${DST}.XXXXXX")"
+	cp "data/dns/${DST}" "${TMP}"
+	{
+		set -e
+		echo "domain:             ${DST}"
+		cat "${TMP}" | grep -E '^(remarks):' || true
+		cat "data/dns/${SRC}" | grep '^nserver:' | tr -s " " | cut -d' ' -f2 | sort | uniq | xargs -i echo 'nserver:            {}'
+		drill -t "${DST}" "@${DS_NSERVER}" DNSKEY -s | grep sha256 | cut -d: -f2 | sed -E 's/^ [^\t ]+\t900\tIN\tDS\t/ds-rdata:           /g' | grep -E "${KSK_PATTERN}"
+		echo 'org:                ORG-DN42'
+		echo 'mnt-by:             DN42-MNT'
+		echo 'source:             DN42'
+	} > "data/dns/${DST}"
+	rm "${TMP}"
+}
+
+fix_inetnum() {
+	set -e
+	SRC="$1"
+	DST="$2"
+	CLASS="$3"
+	POLICY="$4"
+	DNS_NAME="$5"
+	if [ -f "data/${CLASS}/${DST}" ]; then
+		sed -r -i '/^(nserver|ds-rdata|status|org|policy|mnt-by|source|admin-c|tech-c):.*$/d' "data/${CLASS}/${DST}"
+		{
+			set -e
+			cat "data/dns/${SRC}" | grep '^nserver:' | tr -s " " | cut -d' ' -f2 | sort | uniq | xargs -i echo 'nserver:            {}'
+			drill -t "${DNS_NAME}" "@${DS_NSERVER}" DNSKEY -s | grep sha256 | cut -d: -f2 | sed -E 's/^ [^\t ]+\t900\tIN\tDS\t/ds-rdata:           /g' | grep -E "${KSK_PATTERN}"
+			echo 'status:             ALLOCATED'
+			echo "policy:             ${POLICY}"
+			echo 'org:                ORG-DN42'
+			echo 'mnt-by:             DN42-MNT'
+			echo 'source:             DN42'
+		} >> "data/${CLASS}/${DST}"
+	fi
+}
+
+fix_dns_ds_only() {
+	set -e
+	DST="$1"
+	TMP="$(mktemp "/tmp/${DST}.XXXXXX")"
+	cp "data/dns/${DST}" "${TMP}"
+	{
+		set -e
+		echo "domain:             ${DST}"
+		cat "${TMP}" | grep -E '^(nserver|remarks):' || true
+		drill -t "${DST}" "@${DS_NSERVER}" DNSKEY -s | grep sha256 | cut -d: -f2 | sed -E 's/^ [^\t ]+\t900\tIN\tDS\t/ds-rdata:           /g' | grep -E "${KSK_PATTERN}"
+		echo 'org:                ORG-DN42'
+		echo 'mnt-by:             DN42-MNT'
+		echo 'source:             DN42'
+	} > "data/dns/${DST}"
+	rm "${TMP}"
+}
+
+fix_dns 'delegation-servers.dn42' 'dn42'
+fix_dns 'delegation-servers.dn42' 'registry-sync.dn42'
+fix_dns_ds_only 'delegation-servers.dn42'
+fix_dns_ds_only 'recursive-servers.dn42'
+fix_inetnum 'delegation-servers.dn42' 'fd00::_8' 'inet6num' 'open' 'd.f.ip6.arpa'
+fix_inetnum 'delegation-servers.dn42' '10.0.0.0_8' 'inetnum' 'closed' '10.in-addr.arpa'
+fix_inetnum 'delegation-servers.dn42' "172.20.0.0_16" 'inetnum' 'reserved' "20.172.in-addr.arpa"
+fix_inetnum 'delegation-servers.dn42' "172.21.0.0_16" 'inetnum' 'reserved' "21.172.in-addr.arpa"
+fix_inetnum 'delegation-servers.dn42' "172.22.0.0_16" 'inetnum' 'reserved' "22.172.in-addr.arpa"
+fix_inetnum 'delegation-servers.dn42' "172.23.0.0_16" 'inetnum' 'open' "23.172.in-addr.arpa"
+fix_inetnum 'delegation-servers.dn42' "172.31.0.0_16" 'inetnum' 'closed' "31.172.in-addr.arpa"
+