Pre-generar claves de DNSSEC usando dnssec-keygen

timing_claves_dnssec.py

# -*- coding: utf-8 -*-
"""
DNSSEC Timing para pre-generación de claves

2022-03-11
"""

import datetime
import time

## -- constantes

Tv = 30
Td = 2
Tpre = 2

A = [0]
I = [Tv]
D = [0+Tv+Td]

N = 10 ## cantidad de claves a generar

dominio = "example.com"
cmd_template = "dnssec-keygen -a RSASHA1 -b 1024 -n ZONE -r /dev/urandom -A {} -I {} -D {} {}"

## nada para tocar !

hoy = datetime.date.today()
hoy_ts = time.mktime(hoy.timetuple())

if __name__ == "__main__":
    print("# generación de tiempos para claves dnssec")
    print("#  ")
    print("#  base: {} ({})".format(hoy, hoy_ts))
    print(" ")
    print("# Activation, Inactivation, Deletion")
    # print("{}, {}, {} ".format(A[0], I[0], D[0]))
    
    for i in range(0,N):
        nextA = A[i] + Tv - Tpre 
        nextI = A[i] + 2*Tv - Tpre
        nextD = A[i] + 2*Tv - Tpre + Td
        A.append(nextA)
        I.append(nextI)
        D.append(nextD)
        # print("{}, {}, {} ".format(nextA, nextI, nextD) )
        
    # imprimir resultados
    for i in range(0,N):
        # date_time = datetime.datetime.fromtimestamp(unix_time)
        tsA = int(hoy_ts + A[i]*86400)
        tsI = int(hoy_ts + I[i]*86400)
        tsD = int(hoy_ts + D[i]*86400)
        #
        dtA = datetime.datetime.fromtimestamp(tsA)
        dtI = datetime.datetime.fromtimestamp(tsI)
        dtD = datetime.datetime.fromtimestamp(tsD)
        #
        ddA = dtA.strftime('%Y%m%d%H%M%S')
        ddI = dtI.strftime('%Y%m%d%H%M%S')
        ddD = dtD.strftime('%Y%m%d%H%M%S')
        print("# {}, {}, {}, {} ".format(i, tsA, tsI, tsD) )
        print(cmd_template.format(ddA, ddI, ddD, dominio))
    # end for