summaryrefslogtreecommitdiff
path: root/contrib/zkt
diff options
context:
space:
mode:
authorLaMont Jones <lamont@debian.org>2009-03-20 18:40:55 -0600
committerLaMont Jones <lamont@debian.org>2009-03-20 18:40:55 -0600
commit84e6ec609bc40abd57388eeb39ccf4727c210498 (patch)
treed292ee4a33d8c639a7aa4f4e5ce068377e6702a5 /contrib/zkt
parent45b41449108ec791ffc94fc779231e1af17be0d2 (diff)
downloadbind9-84e6ec609bc40abd57388eeb39ccf4727c210498.tar.gz
9.6.1b1
Diffstat (limited to 'contrib/zkt')
-rw-r--r--contrib/zkt/CHANGELOG49
-rw-r--r--contrib/zkt/Makefile.in37
-rw-r--r--contrib/zkt/README17
-rw-r--r--contrib/zkt/README.logging17
-rw-r--r--contrib/zkt/config_zkt.h12
-rwxr-xr-xcontrib/zkt/configure38
-rw-r--r--contrib/zkt/dki.c31
-rw-r--r--contrib/zkt/dki.h3
-rw-r--r--contrib/zkt/dnssec-signer.c83
-rw-r--r--contrib/zkt/dnssec-zkt.c12
-rw-r--r--contrib/zkt/examples/dnskey.db24
-rw-r--r--contrib/zkt/examples/flat/dnssec.conf8
-rw-r--r--contrib/zkt/examples/flat/dyn.example.net./zone.db136
-rw-r--r--contrib/zkt/examples/flat/dyn.example.net./zone.db.dsigned136
-rw-r--r--contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+003+42138.key (renamed from contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+003+42138.key)0
-rw-r--r--contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+003+42138.private (renamed from contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+003+42138.private)0
-rw-r--r--contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+005+01355.depreciated (renamed from contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+005+01355.private)0
-rw-r--r--contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+005+01355.key (renamed from contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+005+01355.key)0
-rw-r--r--contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+005+10643.key3
-rw-r--r--contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+005+10643.private10
-rw-r--r--contrib/zkt/examples/flat/dyn.example.net/dnskey.db (renamed from contrib/zkt/examples/flat/dyn.example.net./dnskey.db)16
-rw-r--r--contrib/zkt/examples/flat/dyn.example.net/dnssec.conf (renamed from contrib/zkt/examples/flat/dyn.example.net./dnssec.conf)0
-rw-r--r--contrib/zkt/examples/flat/dyn.example.net/dsset-dyn.example.net. (renamed from contrib/zkt/examples/flat/dyn.example.net./dsset-dyn.example.net.)0
-rw-r--r--contrib/zkt/examples/flat/dyn.example.net/keyset-dyn.example.net. (renamed from contrib/zkt/examples/flat/dyn.example.net./keyset-dyn.example.net.)0
-rw-r--r--contrib/zkt/examples/flat/dyn.example.net/zone.db115
-rw-r--r--contrib/zkt/examples/flat/dyn.example.net/zone.db.dsigned221
-rw-r--r--contrib/zkt/examples/flat/dyn.example.net/zone.org (renamed from contrib/zkt/examples/flat/dyn.example.net./zone.org)0
-rw-r--r--contrib/zkt/examples/flat/example.net./Kexample.net.+005+41300.key3
-rw-r--r--contrib/zkt/examples/flat/example.net./Kexample.net.+005+41300.private10
-rw-r--r--contrib/zkt/examples/flat/example.net./dnskey.db33
-rw-r--r--contrib/zkt/examples/flat/example.net./dsset-example.net.4
-rw-r--r--contrib/zkt/examples/flat/example.net./zone.db.signed166
-rw-r--r--contrib/zkt/examples/flat/example.net/Kexample.net.+005+01764.key (renamed from contrib/zkt/examples/flat/example.net./Kexample.net.+005+01764.key)0
-rw-r--r--contrib/zkt/examples/flat/example.net/Kexample.net.+005+01764.private (renamed from contrib/zkt/examples/flat/example.net./Kexample.net.+005+01764.published)0
-rw-r--r--contrib/zkt/examples/flat/example.net/Kexample.net.+005+04157.key3
-rw-r--r--contrib/zkt/examples/flat/example.net/Kexample.net.+005+04157.private10
-rw-r--r--contrib/zkt/examples/flat/example.net/Kexample.net.+005+07308.key3
-rw-r--r--contrib/zkt/examples/flat/example.net/Kexample.net.+005+07308.published10
-rw-r--r--contrib/zkt/examples/flat/example.net/dnskey.db33
-rw-r--r--contrib/zkt/examples/flat/example.net/dsset-example.net.4
-rw-r--r--contrib/zkt/examples/flat/example.net/kexample.net.+005+14829.key (renamed from contrib/zkt/examples/flat/example.net./kexample.net.+005+14829.key)0
-rw-r--r--contrib/zkt/examples/flat/example.net/kexample.net.+005+14829.private (renamed from contrib/zkt/examples/flat/example.net./kexample.net.+005+14829.private)0
-rw-r--r--contrib/zkt/examples/flat/example.net/kexample.net.+005+41151.key (renamed from contrib/zkt/examples/flat/example.net./Kexample.net.+005+41151.key)3
-rw-r--r--contrib/zkt/examples/flat/example.net/kexample.net.+005+41151.private (renamed from contrib/zkt/examples/flat/example.net./Kexample.net.+005+41151.private)0
-rw-r--r--contrib/zkt/examples/flat/example.net/keyset-example.net. (renamed from contrib/zkt/examples/flat/example.net./keyset-example.net.)16
-rw-r--r--contrib/zkt/examples/flat/example.net/zone.db (renamed from contrib/zkt/examples/flat/example.net./zone.db)8
-rw-r--r--contrib/zkt/examples/flat/example.net/zone.db.signed166
-rw-r--r--contrib/zkt/examples/flat/keysets/dlvset-sub.example.net.4
-rw-r--r--contrib/zkt/examples/flat/keysets/dsset-example.net.4
-rw-r--r--contrib/zkt/examples/flat/keysets/dsset-sub.example.net.4
-rw-r--r--contrib/zkt/examples/flat/keysets/keyset-example.net.16
-rw-r--r--contrib/zkt/examples/flat/keysets/keyset-sub.example.net.14
-rw-r--r--contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+04254.key3
-rw-r--r--contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+04254.private10
-rw-r--r--contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+56744.key3
-rw-r--r--contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+56744.published10
-rw-r--r--contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+005+54876.key1
-rw-r--r--contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+005+54876.private10
-rw-r--r--contrib/zkt/examples/flat/sub.example.net./dlvset-sub.example.net.2
-rw-r--r--contrib/zkt/examples/flat/sub.example.net./dnskey.db29
-rw-r--r--contrib/zkt/examples/flat/sub.example.net./zone.db.signed103
-rw-r--r--contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+006+04710.key3
-rw-r--r--contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+006+04710.published7
-rw-r--r--contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+006+05823.key3
-rw-r--r--contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+006+05823.private7
-rw-r--r--contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+006+22440.depreciated7
-rw-r--r--contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+006+22440.key3
-rw-r--r--contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+18846.key3
-rw-r--r--contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+18846.private10
-rw-r--r--contrib/zkt/examples/flat/sub.example.net/dlvset-sub.example.net.2
-rw-r--r--contrib/zkt/examples/flat/sub.example.net/dnskey.db47
-rw-r--r--contrib/zkt/examples/flat/sub.example.net/dnssec.conf (renamed from contrib/zkt/examples/flat/sub.example.net./dnssec.conf)5
-rw-r--r--contrib/zkt/examples/flat/sub.example.net/dsset-sub.example.net.2
-rw-r--r--contrib/zkt/examples/flat/sub.example.net/keyset-sub.example.net.8
-rw-r--r--contrib/zkt/examples/flat/sub.example.net/maxhexsalt1
-rw-r--r--contrib/zkt/examples/flat/sub.example.net/maxhexsalt+11
-rw-r--r--contrib/zkt/examples/flat/sub.example.net/zone.db (renamed from contrib/zkt/examples/flat/sub.example.net./zone.db)4
-rw-r--r--contrib/zkt/examples/flat/sub.example.net/zone.db.signed116
-rw-r--r--contrib/zkt/examples/flat/zkt.log2640
-rw-r--r--contrib/zkt/examples/flat/zone.conf4
-rw-r--r--contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+11867.key3
-rw-r--r--contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+11867.published10
-rw-r--r--contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+35672.key3
-rw-r--r--contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+35672.private10
-rw-r--r--contrib/zkt/examples/hierarchical/de./example.de./dnskey.db48
-rw-r--r--contrib/zkt/examples/hierarchical/de./example.de./dsset-example.de.6
-rw-r--r--contrib/zkt/examples/hierarchical/de./example.de./keyset-example.de.28
-rw-r--r--contrib/zkt/examples/hierarchical/de./example.de./keyset-sub.example.de.8
-rw-r--r--contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+19793.key3
-rw-r--r--contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+19793.private10
-rw-r--r--contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+51977.depreciated10
-rw-r--r--contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+51977.key3
-rw-r--r--contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+55699.key3
-rw-r--r--contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+55699.published10
-rw-r--r--contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./dlvset-sub.example.de.2
-rw-r--r--contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./dnskey.db35
-rw-r--r--contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./dsset-sub.example.de.2
-rw-r--r--contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./keyset-sub.example.de.8
-rw-r--r--contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./zone.db.signed108
-rw-r--r--contrib/zkt/examples/hierarchical/de./example.de./zone.db.signed147
-rw-r--r--contrib/zkt/examples/hierarchical/de./keyset-example.de.28
-rw-r--r--contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+11327.key3
-rw-r--r--contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+11327.private10
-rw-r--r--contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+37983.key3
-rw-r--r--contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+37983.published10
-rw-r--r--contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+47280.key3
-rw-r--r--contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+47280.private10
-rw-r--r--contrib/zkt/examples/hierarchical/de/example.de/dnskey.db33
-rw-r--r--contrib/zkt/examples/hierarchical/de/example.de/dsset-example.de.4
-rw-r--r--contrib/zkt/examples/hierarchical/de/example.de/kexample.de.+005+17439.key (renamed from contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+17439.key)0
-rw-r--r--contrib/zkt/examples/hierarchical/de/example.de/kexample.de.+005+17439.private (renamed from contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+17439.private)0
-rw-r--r--contrib/zkt/examples/hierarchical/de/example.de/kexample.de.+005+41145.key (renamed from contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+41145.key)3
-rw-r--r--contrib/zkt/examples/hierarchical/de/example.de/kexample.de.+005+41145.private (renamed from contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+41145.private)0
-rw-r--r--contrib/zkt/examples/hierarchical/de/example.de/kexample.de.+005+59244.key (renamed from contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+59244.key)3
-rw-r--r--contrib/zkt/examples/hierarchical/de/example.de/kexample.de.+005+59244.private (renamed from contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+59244.published)0
-rw-r--r--contrib/zkt/examples/hierarchical/de/example.de/keyset-example.de.19
-rw-r--r--contrib/zkt/examples/hierarchical/de/example.de/keyset-sub.example.de.7
-rw-r--r--contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+001+04031.key3
-rw-r--r--contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+001+04031.published10
-rw-r--r--contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+001+39146.key3
-rw-r--r--contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+001+39146.private10
-rw-r--r--contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+001+59924.depreciated10
-rw-r--r--contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+001+59924.key3
-rw-r--r--contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+31785.key3
-rw-r--r--contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+31785.private10
-rw-r--r--contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+40956.key3
-rw-r--r--contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+40956.private10
-rw-r--r--contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+56595.key3
-rw-r--r--contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+56595.private10
-rw-r--r--contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/dlvset-sub.example.de.6
-rw-r--r--contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/dnskey.db51
-rw-r--r--contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/dnssec.conf (renamed from contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./dnssec.conf)0
-rw-r--r--contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/dsset-sub.example.de.6
-rw-r--r--contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/keyset-sub.example.de.22
-rw-r--r--contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/ksub.example.de.+005+06903.key3
-rw-r--r--contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/ksub.example.de.+005+06903.private10
-rw-r--r--contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/ksub.example.de.+005+40998.key (renamed from contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+005+40998.key)0
-rw-r--r--contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/ksub.example.de.+005+40998.private (renamed from contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+005+40998.private)0
-rw-r--r--contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/parent-sub.example.de.7
-rw-r--r--contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/zone.db (renamed from contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./zone.db)2
-rw-r--r--contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/zone.db.signed136
-rw-r--r--contrib/zkt/examples/hierarchical/de/example.de/zone.db (renamed from contrib/zkt/examples/hierarchical/de./example.de./zone.db)9
-rw-r--r--contrib/zkt/examples/hierarchical/de/example.de/zone.db.signed124
-rw-r--r--contrib/zkt/examples/hierarchical/de/example.de/zone.soa10
-rw-r--r--contrib/zkt/examples/hierarchical/de/keyset-example.de.19
-rw-r--r--contrib/zkt/examples/hierarchical/zone.conf4
-rw-r--r--contrib/zkt/examples/views/extern/example.net./zone.db.signed109
-rw-r--r--contrib/zkt/examples/views/extern/example.net/Kexample.net.+005+10367.key (renamed from contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+10367.key)0
-rw-r--r--contrib/zkt/examples/views/extern/example.net/Kexample.net.+005+10367.private (renamed from contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+10367.published)0
-rw-r--r--contrib/zkt/examples/views/extern/example.net/Kexample.net.+005+14714.key3
-rw-r--r--contrib/zkt/examples/views/extern/example.net/Kexample.net.+005+14714.published10
-rw-r--r--contrib/zkt/examples/views/extern/example.net/Kexample.net.+005+23553.key (renamed from contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+23553.key)0
-rw-r--r--contrib/zkt/examples/views/extern/example.net/Kexample.net.+005+23553.private (renamed from contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+23553.private)0
-rw-r--r--contrib/zkt/examples/views/extern/example.net/Kexample.net.+005+35744.depreciated (renamed from contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+35744.private)0
-rw-r--r--contrib/zkt/examples/views/extern/example.net/Kexample.net.+005+35744.key (renamed from contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+35744.key)0
-rw-r--r--contrib/zkt/examples/views/extern/example.net/dnskey.db (renamed from contrib/zkt/examples/views/extern/example.net./dnskey.db)14
-rw-r--r--contrib/zkt/examples/views/extern/example.net/dsset-example.net. (renamed from contrib/zkt/examples/views/extern/example.net./dsset-example.net.)0
-rw-r--r--contrib/zkt/examples/views/extern/example.net/keyset-example.net. (renamed from contrib/zkt/examples/views/extern/example.net./keyset-example.net.)0
-rw-r--r--contrib/zkt/examples/views/extern/example.net/zone.db (renamed from contrib/zkt/examples/views/extern/example.net./zone.db)0
-rw-r--r--contrib/zkt/examples/views/extern/example.net/zone.db.signed114
-rw-r--r--contrib/zkt/examples/views/extern/zkt-ext.log23
-rw-r--r--contrib/zkt/examples/views/intern/example.net./zone.db.signed109
-rw-r--r--contrib/zkt/examples/views/intern/example.net/Kexample.net.+005+00126.key (renamed from contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+00126.key)0
-rw-r--r--contrib/zkt/examples/views/intern/example.net/Kexample.net.+005+00126.private (renamed from contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+00126.private)0
-rw-r--r--contrib/zkt/examples/views/intern/example.net/Kexample.net.+005+05972.depreciated (renamed from contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+05972.private)0
-rw-r--r--contrib/zkt/examples/views/intern/example.net/Kexample.net.+005+05972.key (renamed from contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+05972.key)0
-rw-r--r--contrib/zkt/examples/views/intern/example.net/Kexample.net.+005+23375.key (renamed from contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+23375.key)0
-rw-r--r--contrib/zkt/examples/views/intern/example.net/Kexample.net.+005+23375.private (renamed from contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+23375.published)0
-rw-r--r--contrib/zkt/examples/views/intern/example.net/Kexample.net.+005+55745.key3
-rw-r--r--contrib/zkt/examples/views/intern/example.net/Kexample.net.+005+55745.published10
-rw-r--r--contrib/zkt/examples/views/intern/example.net/dnskey.db (renamed from contrib/zkt/examples/views/intern/example.net./dnskey.db)20
-rw-r--r--contrib/zkt/examples/views/intern/example.net/dsset-example.net. (renamed from contrib/zkt/examples/views/intern/example.net./dsset-example.net.)0
-rw-r--r--contrib/zkt/examples/views/intern/example.net/keyset-example.net. (renamed from contrib/zkt/examples/views/intern/example.net./keyset-example.net.)0
-rw-r--r--contrib/zkt/examples/views/intern/example.net/zone.db (renamed from contrib/zkt/examples/views/intern/example.net./zone.db)0
-rw-r--r--contrib/zkt/examples/views/intern/example.net/zone.db.signed114
-rw-r--r--contrib/zkt/examples/views/intern/zkt-int.log23
-rw-r--r--contrib/zkt/examples/views/named.conf4
-rw-r--r--contrib/zkt/examples/zone.db45
-rw-r--r--contrib/zkt/examples/zone.db.signed146
-rw-r--r--contrib/zkt/man/dnssec-signer.8 (renamed from contrib/zkt/dnssec-signer.8)8
-rw-r--r--contrib/zkt/man/dnssec-signer.8.html430
-rw-r--r--contrib/zkt/man/dnssec-zkt.8 (renamed from contrib/zkt/dnssec-zkt.8)6
-rw-r--r--contrib/zkt/man/dnssec-zkt.8.html526
-rw-r--r--contrib/zkt/misc.c102
-rw-r--r--contrib/zkt/misc.h4
-rw-r--r--contrib/zkt/rollover.c27
-rw-r--r--contrib/zkt/rollover.h9
-rw-r--r--contrib/zkt/strlist.c2
-rw-r--r--contrib/zkt/tags32
-rw-r--r--contrib/zkt/zconf.c34
-rw-r--r--contrib/zkt/zconf.h4
-rw-r--r--contrib/zkt/zkt.c2
-rw-r--r--contrib/zkt/zone.c7
193 files changed, 3254 insertions, 4292 deletions
diff --git a/contrib/zkt/CHANGELOG b/contrib/zkt/CHANGELOG
index 40fb02eb..33db8ee3 100644
--- a/contrib/zkt/CHANGELOG
+++ b/contrib/zkt/CHANGELOG
@@ -1,4 +1,49 @@
-zkt 0.97 --
+zkt 0.98 -- 30. Dec 2008
+
+* misc Target "install-man" added to Makefile
+ man files moved to sub directory "man"
+
+* func If a BIND version greater equal 9.6.0 is used, option -d doesn't
+ initiate a resigning of a zone. It's just for key rollover.
+
+* func New pseudo algorithms for NSEC3 DNSKEYS added.
+ Support of NSEC3 hashing if a BIND version greater equal 9.6.0
+ is used. New parameter "SaltBits" added to the config file to
+ set the salt length in bits (default is 24 which means 6 hex nibbles).
+ The number of hash iterations is set to the default value of
+ dnssec-signzone which depends on key size.
+
+* misc Renaming of all example zone directories so that the directory
+ name does not end with a dot (Necessary for installing the
+ source tree in an MS-Windows environment).
+ str_tolowerdup() renamed to domain_canonicdup() and code added
+ to append a dot to the domain name if it's not already there.
+
+* misc Add 'sec' (second) qualifier to debug output in kskrollover().
+
+* bug Remove a trailing '/' at the -D argument.
+
+* misc Configure script now uses the BIND_UTIL_PATH out of config_zkt.h
+ if the BIND dnssec-signzone command is not found
+
+* bug A zone with only a standby key signing key (which means w/o an
+ active ksk) aborts the dnssec-signer command.
+ Fixed by Shane Kerr.
+
+* func Changed inc_serial() so that the SOA record parser accepts a label
+ other than '@' and an optional ttl value before the class and SOA
+ RR identifier (Both are case insensitive). Thanks to Shane Kerr
+ for the suggestion.
+
+* bug Change of global configured key liftetime during a zone signing
+ key rollover results in unnecessary additional pre-published
+ zone signing keys (Thanks to Frank Behrens for the patch)
+
+* misc Sig_Random config file parameter defaults now to false
+
+* bug The man page refers the wrong licence (GPL instead of BSD)
+
+zkt 0.97 -- 5. Aug 2008
* bug LG_* logging level wasn't mapped to syslog level in lg_mesg().
gettock() in ncparse.c did not recognize C single line comments "//"
@@ -111,7 +156,7 @@ zkt 0.95 -- 19. April 2008
commandline option -O (--option or --config-option)
* misc Function fatal() now has an exit code of 127.
- This is neccessary because values from 1 to 64 are
+ This is necessary because values from 1 to 64 are
reflecting the number of errors occured.
* func Errorlog functionality added
diff --git a/contrib/zkt/Makefile.in b/contrib/zkt/Makefile.in
index 197fd14c..2de9427c 100644
--- a/contrib/zkt/Makefile.in
+++ b/contrib/zkt/Makefile.in
@@ -4,9 +4,11 @@
#
#################################################################
-INSTALL_DIR ?= $$HOME/bin
+prefix = @prefix@
+mandir = @mandir@
+INSTALL_DIR = $$HOME/bin
-CC ?= @CC@
+CC = @CC@
PROFILE = # -pg
OPTIM = # -O3 -DNDEBUG
@@ -42,11 +44,11 @@ OBJ_SER = $(SRC_SER:.c=.o)
#MAN_SER = zkt-soaserial.8
PROG_SER= zkt-soaserial
-MAN = $(MAN_ZKT) $(MAN_SIG) #$(MAN_SER)
+MAN_ALL = $(MAN_ZKT) $(MAN_SIG) #$(MAN_SER)
OTHER = README README.logging TODO LICENSE CHANGELOG tags Makefile.in \
configure examples
-SAVE = $(HEADER) $(SRC_ALL) $(SRC_SIG) $(SRC_ZKT) $(SRC_SER) $(MAN) $(OTHER)
-MNTSAVE = $(SAVE) configure.ac config.h.in doc
+SAVE = $(HEADER) $(SRC_ALL) $(SRC_SIG) $(SRC_ZKT) $(SRC_SER) man $(OTHER)
+MNTSAVE = $(SAVE) configure.ac config.h.in doc
all: $(PROG_ZKT) $(PROG_SIG) $(PROG_SER)
@@ -76,6 +78,11 @@ install: ## install binaries in INSTALL_DIR
install: $(PROG_ZKT) $(PROG_SIG) $(PROG_SER)
cp $(PROG_ZKT) $(PROG_SIG) $(PROG_SER) $(INSTALL_DIR)
+install-man: ## install man pages in mandir
+install-man:
+ test -d $(mandir)/man8/ && cp -p man/$(MAN_ZKT) man/$(MAN_SIG) $(mandir)/man8/
+
+
tags: ## create tags file
tags: $(SRC_ALL) $(SRC_SIG) $(SRC_ZKT) $(SRC_SER)
ctags $(SRC_ALL) $(SRC_SIG) $(SRC_ZKT) $(SRC_SER)
@@ -98,16 +105,16 @@ mainttar: $(PROJECT)-maint-$(VERSION).tar.gz
configure: configure.ac
autoconf && autoheader
-man: $(MAN_ZKT).html $(MAN_ZKT).pdf $(MAN_SIG).html $(MAN_SIG).pdf
+man: man/$(MAN_ZKT).html man/$(MAN_ZKT).pdf man/$(MAN_SIG).html man/$(MAN_SIG).pdf
-$(MAN_ZKT).html: $(MAN_ZKT)
- groff -Thtml -man -mhtml $(MAN_ZKT) > $(MAN_ZKT).html
-$(MAN_ZKT).pdf: $(MAN_ZKT)
- groff -Tps -man $(MAN_ZKT) | ps2pdf - $(MAN_ZKT).pdf
-$(MAN_SIG).html: $(MAN_SIG)
- groff -Thtml -man -mhtml $(MAN_SIG) > $(MAN_SIG).html
-$(MAN_SIG).pdf: $(MAN_SIG)
- groff -Tps -man $(MAN_SIG) | ps2pdf - $(MAN_SIG).pdf
+man/$(MAN_ZKT).html: man/$(MAN_ZKT)
+ groff -Thtml -man -mhtml man/$(MAN_ZKT) > man/$(MAN_ZKT).html
+man/$(MAN_ZKT).pdf: man/$(MAN_ZKT)
+ groff -Tps -man man/$(MAN_ZKT) | ps2pdf - man/$(MAN_ZKT).pdf
+man/$(MAN_SIG).html: man/$(MAN_SIG)
+ groff -Thtml -man -mhtml man/$(MAN_SIG) > man/$(MAN_SIG).html
+man/$(MAN_SIG).pdf: man/$(MAN_SIG)
+ groff -Tps -man man/$(MAN_SIG) | ps2pdf - man/$(MAN_SIG).pdf
$(PROJECT)-$(VERSION).tar.gz: $(SAVE)
@@ -119,7 +126,7 @@ $(PROJECT)-$(VERSION).tar.gz: $(SAVE)
$(PROJECT)-maint-$(VERSION).tar.gz: $(MNTSAVE)
( \
- distfiles=`ls -d $(SAVE) | sed 's|^|$(PROJECT)-$(VERSION)/|'` ;\
+ distfiles=`ls -d $(MNTSAVE) | sed 's|^|$(PROJECT)-$(VERSION)/|'` ;\
cd .. && tar czvf $(PROJECT)-$(VERSION)/$(PROJECT)-maint-$(VERSION).tar.gz $$distfiles ;\
)
diff --git a/contrib/zkt/README b/contrib/zkt/README
index 07989323..2009a44e 100644
--- a/contrib/zkt/README
+++ b/contrib/zkt/README
@@ -1,7 +1,7 @@
#
# README dnssec zone key tool
#
-# (c) March 2005 - Aug 2008 by Holger Zuleger hznet
+# (c) March 2005 - Dec 2008 by Holger Zuleger hznet
# (c) for domaincmp Aug 2005 by Karle Boss & H. Zuleger (kaho)
# (c) for zconf.c by Jeroen Masar & Holger Zuleger
#
@@ -16,13 +16,13 @@ The complete software stands under BSD licence (see LICENCE file)
To build the software:
a) Get the current version of zkt
- $ wget http://www.hznet.de/dns/zkt/zkt-0.97.tar.gz
+ $ wget http://www.hznet.de/dns/zkt/zkt-0.98.tar.gz
b) Unpack
- $ tar xzvf zkt-0.97.tar.gz
+ $ tar xzvf zkt-0.98.tar.gz
c) Change to dir
- $ cd zkt-0.97
+ $ cd zkt-0.98
d) Run configure script
$ ./configure
@@ -31,10 +31,6 @@ e) (optional) Edit config_zkt.h
f) Compile
$ make
- For MAC users: # this should not needed anymore
- $ make macos
- For Solaris: # this should not needed anymore
- $ make solaris
g) Install
$ make install # this will copy the binarys to $HOME/bin
@@ -42,3 +38,8 @@ g) Install
h) (optional) Install and modify the default dnssec.conf file
$ ./dnssec-zkt -c "" -Z > /var/named/dnssec.conf
$ vi /var/named/dnssec.conf
+
+i) Prepare your zones for zkt
+ Have a look at the presentation I've held at the DE-CIX technical
+ meeting (http://www.hznet.de/dns/dnssec-decix050916.pdf)
+ It will give you an overview of how to configure a zone for zkt usage.
diff --git a/contrib/zkt/README.logging b/contrib/zkt/README.logging
index f0f3f908..e1307513 100644
--- a/contrib/zkt/README.logging
+++ b/contrib/zkt/README.logging
@@ -18,15 +18,14 @@ the file or directory name via the commandline option -L (--logfile)
or via the config file parameter "LogFile".
LogFile: ""|"<file>"|"<directory>" (default is "")
If a file is specified, than each run of dnssec-signer will append the
-messages to tat file. If a directory is specified, than a file with a
+messages to that file. If a directory is specified, than a file with a
name of zkt-<ISOdate&timeUTC>.log" will be created on each dnssec-signer run.
Logging into the syslog channel could be enabled via the config file
parameter "SyslogFacility".
SyslogFacility: NONE|USER|DAEMON|LOCAL0|..|LOCAL7 (default is USER)
-For both channels, the log level could be independently set to one
-of six log levels:
+For both channels, the log level could be set to one of six log levels:
LG_FATAL, LG_ERROR, LG_WARNING
LB_NOTICE, LG_INFO, LG_DEBUG
@@ -38,12 +37,12 @@ and
(default is NOTICE)
All the log parameters are settable on the commandline via the generic
-option -O "optstring" (--config-option="opt").
+option -O "optstring" (--config-option="optstring").
A verbose message output to stdout could be achieved by the commandline
option -v (or -v -v).
-If you want to log the same messages with loglevel LG_DEBUG to a file or
-to syslog, you could enable this by setting the config file option
+If you like to have this verbose messages also logged with a level of LG_DEBUG
+you should enable this by setting the config file option
"VerboseLog" to a value of 1 or 2.
Current logging messages:
@@ -72,7 +71,7 @@ Some recomended and useful logging settings
VerboseLog: 0
- Setting as in version v0.95
- LogFile: "zkt-error.log" # or a directory for seperate logfiles
+ LogFile: "zkt-error.log" # or a directory for separate logfiles
LogLevel: ERROR
SyslogFacility: NONE
VerboseLog: 0
@@ -83,14 +82,14 @@ Some recomended and useful logging settings
VerboseLog: 0
- Recommended setting for normal usage
- LogFile: "zkt.log" # or a directory for seperate logfiles
+ LogFile: "zkt.log" # or a directory for separate logfiles
LogLevel: ERROR
SyslogFacility: USER
SyslogLevel: NOTICE
VerboseLog: 0
- Recommended setting for debugging
- LogFile: "zkt.log" # or a directory for seperate logfiles
+ LogFile: "zkt.log" # or a directory for separate logfiles
LogLevel: DEBUG
SyslogFacility: USER
SyslogLevel: NOTICE
diff --git a/contrib/zkt/config_zkt.h b/contrib/zkt/config_zkt.h
index 4c048445..96c0d890 100644
--- a/contrib/zkt/config_zkt.h
+++ b/contrib/zkt/config_zkt.h
@@ -41,10 +41,6 @@
# define HAS_TIMEGM 1
#endif
-#ifndef HAS_UTYPES
-# define HAS_UTYPES 1
-#endif
-
#ifndef LOG_FNAMETMPL
# define LOG_FNAMETMPL "/zkt-%04d-%02d-%02dT%02d%02d%02dZ.log"
#endif
@@ -52,6 +48,10 @@
/* don't change anything below this */
/* the values here are determined or settable via the ./configure script */
+#ifndef HAS_UTYPES
+# define HAS_UTYPES 1
+#endif
+
#ifndef HAVE_GETOPT_LONG
# define HAVE_GETOPT_LONG 1
#endif
@@ -104,9 +104,9 @@
#ifndef ZKT_VERSION
# if defined(USE_TREE) && USE_TREE
-# define ZKT_VERSION "vT0.97 (c) Feb 2005 - Aug 2008 Holger Zuleger hznet.de"
+# define ZKT_VERSION "vT0.98 (c) Feb 2005 - Sep 2008 Holger Zuleger hznet.de"
# else
-# define ZKT_VERSION "v0.97 (c) Feb 2005 - Aug 2008 Holger Zuleger hznet.de"
+# define ZKT_VERSION "v0.98 (c) Feb 2005 - Sep 2008 Holger Zuleger hznet.de"
# endif
#endif
diff --git a/contrib/zkt/configure b/contrib/zkt/configure
index 178398f2..cc796cdc 100755
--- a/contrib/zkt/configure
+++ b/contrib/zkt/configure
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.59 for ZKT 0.97.
+# Generated by GNU Autoconf 2.59 for ZKT 0.98.
#
# Report bugs to <Holger Zuleger hznet.de>.
#
@@ -269,8 +269,8 @@ SHELL=${CONFIG_SHELL-/bin/sh}
# Identity of this package.
PACKAGE_NAME='ZKT'
PACKAGE_TARNAME='zkt'
-PACKAGE_VERSION='0.97'
-PACKAGE_STRING='ZKT 0.97'
+PACKAGE_VERSION='0.98'
+PACKAGE_STRING='ZKT 0.98'
PACKAGE_BUGREPORT='Holger Zuleger hznet.de'
ac_unique_file="dnssec-zkt.c"
@@ -780,7 +780,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures ZKT 0.97 to adapt to many kinds of systems.
+\`configure' configures ZKT 0.98 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -837,7 +837,7 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of ZKT 0.97:";;
+ short | recursive ) echo "Configuration of ZKT 0.98:";;
esac
cat <<\_ACEOF
@@ -964,7 +964,7 @@ fi
test -n "$ac_init_help" && exit 0
if $ac_init_version; then
cat <<\_ACEOF
-ZKT configure 0.97
+ZKT configure 0.98
generated by GNU Autoconf 2.59
Copyright (C) 2003 Free Software Foundation, Inc.
@@ -978,7 +978,7 @@ cat >&5 <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by ZKT $as_me 0.97, which was
+It was created by ZKT $as_me 0.98, which was
generated by GNU Autoconf 2.59. Invocation command line was
$ $0 $@
@@ -2293,26 +2293,28 @@ else
echo "${ECHO_T}no" >&6
fi
-bind_util_path=`dirname $SIGNZONE_PROG`
+bind_util_path=`dirname "$SIGNZONE_PROG"`
if test -z "$SIGNZONE_PROG" ; then
- { { echo "$as_me:$LINENO: error: *** 'BIND dnssec-signzone dnssec-keygen' missing, please install or fix your \$PATH ***" >&5
-echo "$as_me: error: *** 'BIND dnssec-signzone dnssec-keygen' missing, please install or fix your \$PATH ***" >&2;}
- { (exit 1); exit 1; }; }
- fi
+# AC_MSG_ERROR([*** 'BIND dnssec-signzone dnssec-keygen' missing, please install or fix your \$PATH ***])
+ { echo "$as_me:$LINENO: WARNING: *** 'BIND dnssec-signzone' missing, use default BIND_UTIL_PATH and BIND_VERSION setting out of config_zkt.h ***" >&5
+echo "$as_me: WARNING: *** 'BIND dnssec-signzone' missing, use default BIND_UTIL_PATH and BIND_VERSION setting out of config_zkt.h ***" >&2;}
+else
-# define BIND_UTIL_PATH in config.h.in
+ # define BIND_UTIL_PATH in config.h.in
cat >>confdefs.h <<_ACEOF
#define BIND_UTIL_PATH "$bind_util_path/"
_ACEOF
-# define BIND_VERSION in config.h.in
-bind_version=`$SIGNZONE_PROG 2>&1 | grep Version: | tr -dc 0-9`
+ # define BIND_VERSION in config.h.in
+ #bind_version=`$SIGNZONE_PROG 2>&1 | sed -n -e "/Version:/s/Version: \(\[0-9\]\[0-9\.\]*\).*/\1/p" | tr -d "."`
+ bind_version=`$SIGNZONE_PROG 2>&1 | grep "Version:" | tr -cd "0-9" | sed "s/^\(...\).*/\1/"`
cat >>confdefs.h <<_ACEOF
#define BIND_VERSION $bind_version
_ACEOF
+fi
ac_ext=c
@@ -3189,7 +3191,7 @@ _ACEOF
cat >>confdefs.h <<_ACEOF
-#define ZKT_VERSION "v$t$PACKAGE_VERSION (c) Feb 2005 - Aug 2008 Holger Zuleger hznet.de"
+#define ZKT_VERSION "v$t$PACKAGE_VERSION (c) Feb 2005 - Sep 2008 Holger Zuleger hznet.de"
_ACEOF
@@ -6090,7 +6092,7 @@ _ASBOX
} >&5
cat >&5 <<_CSEOF
-This file was extended by ZKT $as_me 0.97, which was
+This file was extended by ZKT $as_me 0.98, which was
generated by GNU Autoconf 2.59. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -6150,7 +6152,7 @@ _ACEOF
cat >>$CONFIG_STATUS <<_ACEOF
ac_cs_version="\\
-ZKT config.status 0.97
+ZKT config.status 0.98
configured by $0, generated by GNU Autoconf 2.59,
with options \\"`echo "$ac_configure_args" | sed 's/[\\""\`\$]/\\\\&/g'`\\"
diff --git a/contrib/zkt/dki.c b/contrib/zkt/dki.c
index 81498aea..c6320294 100644
--- a/contrib/zkt/dki.c
+++ b/contrib/zkt/dki.c
@@ -625,11 +625,32 @@ char *dki_algo2str (int algo)
{
switch ( algo )
{
- case DK_ALGO_RSA: return ("RSAMD5");
- case DK_ALGO_DH: return ("DH");
- case DK_ALGO_DSA: return ("DSA");
- case DK_ALGO_EC: return ("EC");
- case DK_ALGO_RSASHA1: return ("RSASHA1");
+ case DK_ALGO_RSA: return ("RSAMD5");
+ case DK_ALGO_DH: return ("DH");
+ case DK_ALGO_DSA: return ("DSA");
+ case DK_ALGO_EC: return ("EC");
+ case DK_ALGO_RSASHA1: return ("RSASHA1");
+ case DK_ALGO_NSEC3DSA: return ("NSEC3DSA");
+ case DK_ALGO_NSEC3RSASHA1: return ("NSEC3RSASHA1");
+ }
+ return ("unknown");
+}
+
+/*****************************************************************
+** dki_algo2sstr ()
+** return a short string describing the key algorithm
+*****************************************************************/
+char *dki_algo2sstr (int algo)
+{
+ switch ( algo )
+ {
+ case DK_ALGO_RSA: return ("RSAMD5");
+ case DK_ALGO_DH: return ("DH");
+ case DK_ALGO_DSA: return ("DSA");
+ case DK_ALGO_EC: return ("EC");
+ case DK_ALGO_RSASHA1: return ("RSASHA1");
+ case DK_ALGO_NSEC3DSA: return ("N3DSA");
+ case DK_ALGO_NSEC3RSASHA1: return ("N3RSA1");
}
return ("unknown");
}
diff --git a/contrib/zkt/dki.h b/contrib/zkt/dki.h
index 548ce680..e50c3a29 100644
--- a/contrib/zkt/dki.h
+++ b/contrib/zkt/dki.h
@@ -60,6 +60,8 @@
# define DK_ALGO_DSA 3 /* RFC2536 (mandatory) */
# define DK_ALGO_EC 4 /* */
# define DK_ALGO_RSASHA1 5 /* RFC3110 */
+# define DK_ALGO_NSEC3DSA 6 /* symlink to alg 3 RFC5155 */
+# define DK_ALGO_NSEC3RSASHA1 7 /* symlink to alg 5 RFC5155 */
/* protocol types */
# define DK_PROTO_DNS 3
@@ -180,6 +182,7 @@ extern const dki_t *dki_find (const dki_t *list, int ksk, int status, int first)
extern void dki_free (dki_t *dkp);
extern void dki_freelist (dki_t **listp);
extern char *dki_algo2str (int algo);
+extern char *dki_algo2sstr (int algo);
extern const char *dki_geterrstr (void);
#endif
diff --git a/contrib/zkt/dnssec-signer.c b/contrib/zkt/dnssec-signer.c
index 5b2b8f63..a971cb2f 100644
--- a/contrib/zkt/dnssec-signer.c
+++ b/contrib/zkt/dnssec-signer.c
@@ -3,7 +3,7 @@
** @(#) dnssec-signer.c (c) Jan 2005 Holger Zuleger hznet.de
**
** A wrapper around the BIND dnssec-signzone command which is able
-** to resign a zone if neccessary and doing a zone or key signing key rollover.
+** to resign a zone if necessary and doing a zone or key signing key rollover.
**
** Copyright (c) 2005 - 2008, Holger Zuleger HZnet. All rights reserved.
** This software is open source.
@@ -125,6 +125,12 @@ static int dynamic_zone = 0; /* dynamic zone ? */
static zone_t *zonelist = NULL; /* must be static global because add2zonelist use it */
static zconf_t *config;
+/** macros **/
+#define set_bind94_dynzone(dz) ((dz) = 1)
+#define set_bind96_dynzone(dz) ((dz) = 6)
+#define bind94_dynzone(dz) ( (dz) > 0 && (dz) < 6 )
+#define bind96_dynzone(dz) ( (dz) >= 6 )
+
int main (int argc, char *const argv[])
{
int c;
@@ -196,7 +202,11 @@ int main (int argc, char *const argv[])
break;
#if defined(BIND_VERSION) && BIND_VERSION >= 940
case 'd':
- dynamic_zone = 1;
+#if BIND_VERSION >= 960
+ set_bind96_dynzone (dynamic_zone);
+#else
+ set_bind94_dynzone(dynamic_zone);
+#endif
/* dynamic zone requires a name server reload... */
reloadflag = 0; /* ...but "rndc thaw" reloads the zone anyway */
break;
@@ -242,16 +252,18 @@ int main (int argc, char *const argv[])
if ( origin ) /* option -o ? */
{
+ int ret;
+
if ( (argc - optind) <= 0 ) /* no arguments left ? */
- zone_readdir (".", origin, NULL, &zonelist, config, dynamic_zone);
+ ret = zone_readdir (".", origin, NULL, &zonelist, config, dynamic_zone);
else
- zone_readdir (".", origin, argv[optind], &zonelist, config, dynamic_zone);
+ ret = zone_readdir (".", origin, argv[optind], &zonelist, config, dynamic_zone);
/* anyway, "delete" all (remaining) arguments */
optind = argc;
/* complain if nothing could read in */
- if ( zonelist == NULL )
+ if ( ret != 1 || zonelist == NULL )
{
lg_mesg (LG_FATAL, "\"%s\": couldn't read", origin);
fatal ("Couldn't read zone \"%s\"\n", origin);
@@ -271,10 +283,19 @@ int main (int argc, char *const argv[])
}
if ( dirname ) /* option -D ? */
{
- if ( !parsedir (dirname, &zonelist, config) )
- fatal ("Can't read directory tree %s\n", dirname);
+ char *dir = strdup (dirname);
+
+ p = dir + strlen (dir);
+ if ( p > dir )
+ p--;
+ if ( *p == '/' )
+ *p = '\0'; /* remove trailing path seperator */
+
+ if ( !parsedir (dir, &zonelist, config) )
+ fatal ("Can't read directory tree %s\n", dir);
if ( zonelist == NULL )
- fatal ("No signed zone found in directory tree %s\n", dirname);
+ fatal ("No signed zone found in directory tree %s\n", dir);
+ free (dir);
}
/* none of the above: read current directory tree */
@@ -452,13 +473,13 @@ static int dosigning (zone_t *zonelist, zone_t *zp)
zfile_time = file_mtime (path);
currtime = time (NULL);
- /* check rfc5011 key signing keys, create new one if neccessary */
+ /* check rfc5011 key signing keys, create new one if necessary */
dbg_msg("parsezonedir check rfc 5011 ksk ");
newkey = ksk5011status (&zp->keys, zp->dir, zp->zone, zp->conf);
if ( (newkey & 02) != 02 ) /* not a rfc 5011 zone ? */
{
verbmesg (2, zp->conf, "\t\t->not a rfc5011 zone, looking for a regular ksk rollover\n");
- /* check key signing keys, create new one if neccessary */
+ /* check key signing keys, create new one if necessary */
dbg_msg("parsezonedir check ksk ");
newkey |= kskstatus (zonelist, zp);
}
@@ -493,7 +514,7 @@ static int dosigning (zone_t *zonelist, zone_t *zp)
if ( force )
snprintf (mesg, sizeof(mesg), "Option -f");
else if ( newkey )
- snprintf (mesg, sizeof(mesg), "New zone key");
+ snprintf (mesg, sizeof(mesg), "Modfied zone key set");
else if ( newkeysetfile )
snprintf (mesg, sizeof(mesg), "Modified KSK in delegated domain");
else if ( file_mtime (path) > zfilesig_time )
@@ -503,7 +524,7 @@ static int dosigning (zone_t *zonelist, zone_t *zp)
else if ( (currtime - zfilesig_time) > zp->conf->resign - (OFFSET) )
snprintf (mesg, sizeof(mesg), "re-signing interval (%s) reached",
str_delspace (age2str (zp->conf->resign)));
- else if ( dynamic_zone )
+ else if ( bind94_dynzone (dynamic_zone) )
snprintf (mesg, sizeof(mesg), "dynamic zone");
if ( *mesg )
@@ -517,7 +538,8 @@ static int dosigning (zone_t *zonelist, zone_t *zp)
dbg_line ();
if ( !(force || newkey || newkeysetfile || zfile_time > zfilesig_time ||
file_mtime (path) > zfilesig_time ||
- (currtime - zfilesig_time) > zp->conf->resign - (OFFSET) || dynamic_zone) )
+ (currtime - zfilesig_time) > zp->conf->resign - (OFFSET) ||
+ bind94_dynzone (dynamic_zone)) )
{
verbmesg (2, zp->conf, "\tCheck if there is a parent file to copy\n");
if ( zp->conf->keysetdir && strcmp (zp->conf->keysetdir, "..") == 0 )
@@ -541,7 +563,7 @@ static int dosigning (zone_t *zonelist, zone_t *zp)
use_unixtime = ( zp->conf->serialform == Unixtime );
dbg_val1 ("Use unixtime = %d\n", use_unixtime);
#if defined(BIND_VERSION) && BIND_VERSION >= 940
- if ( !dynamic_zone && !use_unixtime ) /* increment serial no in static zone files */
+ if ( !dynamic_zone && !use_unixtime ) /* increment serial number in static zone files */
#else
if ( !dynamic_zone ) /* increment serial no in static zone files */
#endif
@@ -746,9 +768,10 @@ static int writekeyfile (const char *fname, const dki_t *list, int key_ttl)
static int sign_zone (const char *dir, const char *domain, const char *file, const zconf_t *conf)
{
- char cmd[1023+1];
+ char cmd[2047+1];
char str[1023+1];
char rparam[254+1];
+ char nsec3param[637+1];
char keysetdir[254+1];
const char *gends;
const char *pseudo;
@@ -782,6 +805,32 @@ static int sign_zone (const char *dir, const char *domain, const char *file, con
if ( conf->sig_param && conf->sig_param[0] )
param = conf->sig_param;
+ nsec3param[0] = '\0';
+#if defined(BIND_VERSION) && BIND_VERSION >= 960
+ if ( conf->z_algo == DK_ALGO_NSEC3DSA || conf->z_algo == DK_ALGO_NSEC3RSASHA1 )
+ {
+ static char hexstr[] = "0123456789ABCDEF";
+ static int seed = 0;
+ char salt[510+1]; /* salt has a maximum of 255 bytes == 510 hex nibbles */
+ int saltlen = 0; /* current length of salt in hex nibbles */
+ int i;
+ int hex;
+
+ if ( seed == 0 )
+ srandom (seed = (unsigned int)time (NULL));
+
+ saltlen = conf->saltbits / 4;
+ for ( i = 0; i < saltlen; i++ )
+ {
+ hex = random () % 16;
+ assert ( hex >= 0 && hex < 16 );
+ salt[i] = hexstr[hex];
+ }
+ salt[i] = '\0';
+ snprintf (nsec3param, sizeof (nsec3param), "-3 %s ", salt);
+ }
+#endif
+
dbg_line();
rparam[0] = '\0';
if ( conf->sig_random && conf->sig_random[0] )
@@ -802,8 +851,8 @@ static int sign_zone (const char *dir, const char *domain, const char *file, con
dir, SIGNCMD, param, gends, pseudo, rparam, keysetdir, domain, conf->sigvalidity, str, file, file);
else
#endif
- snprintf (cmd, sizeof (cmd), "cd %s; %s %s %s%s%s%s-o %s -e +%d %s %s K*.private",
- dir, SIGNCMD, param, gends, pseudo, rparam, keysetdir, domain, conf->sigvalidity, str, file);
+ snprintf (cmd, sizeof (cmd), "cd %s; %s %s %s%s%s%s%s-o %s -e +%d %s %s K*.private",
+ dir, SIGNCMD, param, nsec3param, gends, pseudo, rparam, keysetdir, domain, conf->sigvalidity, str, file);
verbmesg (2, conf, "\t Run cmd \"%s\"\n", cmd);
*str = '\0';
if ( noexec == 0 )
diff --git a/contrib/zkt/dnssec-zkt.c b/contrib/zkt/dnssec-zkt.c
index 803cbc39..07ba6934 100644
--- a/contrib/zkt/dnssec-zkt.c
+++ b/contrib/zkt/dnssec-zkt.c
@@ -195,7 +195,7 @@ int main (int argc, char *argv[])
action = c;
if ( !optarg )
usage ("ksk rollover requires an domain argument", config);
- kskdomain = str_tolowerdup (optarg);
+ kskdomain = domain_canonicdup (optarg);
break;
case 'T':
trustedkeyflag = 1;
@@ -218,15 +218,7 @@ int main (int argc, char *argv[])
case 19:
case 20:
if ( (keyname = parsetag (optarg, &searchtag)) != NULL )
- {
- int len = strlen (keyname);
- if ( len > 0 && keyname[len-1] != '.' )
- {
- snprintf (str, sizeof(str), "%s.", keyname);
- keyname = str;
- }
- }
- keyname = str_tolowerdup (keyname);
+ keyname = domain_canonicdup (keyname);
action = c;
break;
case 'a': /* age */
diff --git a/contrib/zkt/examples/dnskey.db b/contrib/zkt/examples/dnskey.db
deleted file mode 100644
index 2822e6a9..00000000
--- a/contrib/zkt/examples/dnskey.db
+++ /dev/null
@@ -1,24 +0,0 @@
-;
-; !!! Don't edit this file by hand.
-; !!! It will be generated by dnssec-signer.
-;
-; Last generation time Jun 24 2008 09:58:34
-;
-
-; *** List of Key Signing Keys ***
-; example.net. tag=31674 algo=RSASHA1 generated Jun 24 2008 09:58:34
-example.net. 14400 IN DNSKEY 257 3 5 (
- BQEAAAABC23icFZAD3DFBLoEw7DWKl8Hig7azmEbpXHYyAV98l+QQaTA
- b98Ob3YbrVJ9IU8E0KBFb5iYpHobxowPsI8FjUH2oL/7PfhtN1E3NlL6
- Uhbo8Umf6H0UULEsUTlTT8dnX+ikjAr8bN71YJP7BXlszezsFHuMEspN
- dOPyMr93230+R2KTEzC2H4CQzSRIr5xXSIq8kkrJ3miGjTyj5awvXfJ+
- eQ==
- ) ; key id = 31674
-
-; *** List of Zone Signing Keys ***
-; example.net. tag=33755 algo=RSASHA1 generated Jun 24 2008 09:58:34
-example.net. 14400 IN DNSKEY 256 3 5 (
- BQEAAAABzN8pvZb5GSy8AozXt4L8HK/x59TQjh9IaZS+mIyyuHDX2iaF
- UigOqHixIJtDLD1r/MfelgJ/Mh6+vCu+XmMQuw==
- ) ; key id = 33755
-
diff --git a/contrib/zkt/examples/flat/dnssec.conf b/contrib/zkt/examples/flat/dnssec.conf
index 2bd9c581..19961845 100644
--- a/contrib/zkt/examples/flat/dnssec.conf
+++ b/contrib/zkt/examples/flat/dnssec.conf
@@ -1,5 +1,5 @@
#
-# @(#) dnssec.conf vT0.96 (c) Feb 2005 - May 2008 Holger Zuleger hznet.de
+# @(#) dnssec.conf vT0.98 (c) Feb 2005 - Sep 2008 Holger Zuleger hznet.de
#
# dnssec-zkt options
@@ -26,16 +26,18 @@ ZSK_lifetime: 2w # (1209600 seconds)
ZSK_algo: RSASHA1 # (Algorithm ID 5)
ZSK_bits: 512
ZSK_randfile: "/dev/urandom"
+SaltBits: 24
# dnssec-signer options
LogFile: "zkt.log"
-LogLevel: debug
+LogLevel: DEBUG
SyslogFacility: USER
-SyslogLevel: notice
+SyslogLevel: NOTICE
VerboseLog: 2
Keyfile: "dnskey.db"
Zonefile: "zone.db"
KeySetDir: "../keysets"
DLV_Domain: ""
Sig_Pseudorand: True
+Sig_Parameter: ""
Distribute_Cmd: "./dist.sh"
diff --git a/contrib/zkt/examples/flat/dyn.example.net./zone.db b/contrib/zkt/examples/flat/dyn.example.net./zone.db
deleted file mode 100644
index ee557b84..00000000
--- a/contrib/zkt/examples/flat/dyn.example.net./zone.db
+++ /dev/null
@@ -1,136 +0,0 @@
-; File written on Thu Jun 12 18:28:34 2008
-; dnssec_signzone version 9.5.0
-dyn.example.net. 7200 IN SOA ns1.example.net. hostmaster.example.net. (
- 7 ; serial
- 43200 ; refresh (12 hours)
- 1800 ; retry (30 minutes)
- 1209600 ; expire (2 weeks)
- 7200 ; minimum (2 hours)
- )
- 7200 RRSIG SOA 5 3 7200 20080622152834 (
- 20080612152834 1355 dyn.example.net.
- h8oKA1I7aC378Cll7LdhM2XZzrtsoxOdPaas
- SMAd5Ok2zobl8i4nTpxUzmJE27U+yEeOJkf+
- SXgsy934gAaYLw== )
- 7200 NS ns1.example.net.
- 7200 NS ns2.example.net.
- 7200 RRSIG NS 5 3 7200 20080615214426 (
- 20080609214426 1355 dyn.example.net.
- xuEEg3kN7hAVIwdQ8l8lmeEzNhrtz5Ow1PQK
- Sm3KTIxXI8RLcqZgc4pMlCWq+gWwxekvxJwz
- lU0C+J4VPkA8pA== )
- 7200 NSEC localhost.dyn.example.net. NS SOA RRSIG NSEC DNSKEY
- 7200 RRSIG NSEC 5 3 7200 20080615214426 (
- 20080609214426 1355 dyn.example.net.
- XFDBfmcN874qUtNsGwD9Ir0QAzjYMw3BI40I
- HFEOkTBJouhQ8RBpR6YqgWpkLqg1khvES5DH
- +6XuqA8u/xPmbw== )
- 3600 DNSKEY 256 3 5 (
- BQEAAAAB1hmOomNafbJ3H76e8V4qmFvlFWQu
- IkM+jbh+s79ZpErpCR7wBS5TswdoTeglX9Uj
- P0D6hLmHfTcsdHQLLeMidQ==
- ) ; key id = 1355
- 3600 DNSKEY 257 3 3 (
- CNtFdVrUUJ9MPDyzGoPm+tSKUgnX4bble5+V
- NGd4RjwWpEDj8RhEAhQ7LybJzr0wtHXT2Q/K
- S55xARkUtcH2TVO/ayMupa30pM38rd8uF38s
- m+ABKLEvCbPjaLZyW+s10di8nLp1aAxKFFfA
- EfXkIhl3Wm5g9CvjrMlrxAOfNy/jtz4v+asI
- r6/d992V80G9wMKMvTMQoCr4Sp9s2JubW79i
- 4RBVWgHHJMmtyqq+SqEkPhZvsTuo2sXgIH9v
- RS3XgfkGtw/KyTUM29bhZ2eB+Ldq+bggp1gb
- BDiSsxZPjxciizI/mCzXWbq8BdfZ6LsddMjA
- olJwCtaPCD4e4infmw+YSxjGau+YGgI0Cc0u
- ItzQmNNpSoejM3IWGV+SN/YuPJIzw8wixDfO
- 6kCNiPsW45Fvq31148cAvUvwiqYPQ3fONeOT
- dQjsJWLLdLTApVEH10kjAGfa30Tm92lQhhG5
- ovWrWCMbFlw4Lbvlon+X2snWPNut0a1Pz4Wd
- clDcmNU8dxi1lFvGbcJ0E4qBoJVBIzDh4HX1
- ) ; key id = 42138
- 3600 RRSIG DNSKEY 3 3 3600 20080615214426 (
- 20080609214426 42138 dyn.example.net.
- CIIuZ4cbwEWxoPGO6KDcLRO4Z3y0i2VhXy+5
- 1X+nmHSkpcKJrUty/wY= )
- 3600 RRSIG DNSKEY 5 3 3600 20080615214426 (
- 20080609214426 1355 dyn.example.net.
- xGL6ZjA7v2RjPj7BnYjCvsgMRm/Z94j4c5K4
- 7twJsUZ0AO/mURIpdbCigDfFJuK2fy/8X4Vi
- 9K8P4EgCcj52Jw== )
-localhost.dyn.example.net. 7200 IN A 127.0.0.1
- 7200 RRSIG A 5 4 7200 20080615214426 (
- 20080609214426 1355 dyn.example.net.
- s+RvcycC8aAYgRcR5qBdVXhpRxBMTFS5Q0Pk
- FN7OAdfmJ/3nV7+ehu0eOZ2ZjO2Pm4ZFcSM1
- Sm1ttNxSTe2M8A== )
- 7200 NSEC ns1.dyn.example.net. A RRSIG NSEC
- 7200 RRSIG NSEC 5 4 7200 20080615214426 (
- 20080609214426 1355 dyn.example.net.
- ZhXlmS/WJPbIiXwLKzNFOxw7RU3owfTA8vEM
- +/SDZO/7+aVSj5IgbsUs3qLAuFrMN8BFEAWt
- AqArf+M3STbO9g== )
-ns1.dyn.example.net. 7200 IN A 1.0.0.5
- 7200 RRSIG A 5 4 7200 20080615214426 (
- 20080609214426 1355 dyn.example.net.
- gPY1vUcxdWRJ1YbFMg/8rgoPZwta6rFrxQZl
- KbyBNctNmlbXxeynP6j3qjwq9dydzbNt+sjO
- TdWtXSZIlU2JKQ== )
- 7200 AAAA 2001:db8::53
- 7200 RRSIG AAAA 5 4 7200 20080615214426 (
- 20080609214426 1355 dyn.example.net.
- Y/PZmvaKPq4CqDvdG7eA2sxlnCPeNKHkZOB4
- eDvK1x+q/WfTs3BDd3+g4zlG5nMC+NRSlXeO
- Q4Pxd2rI9ud1hA== )
- 7200 NSEC ns2.dyn.example.net. A AAAA RRSIG NSEC
- 7200 RRSIG NSEC 5 4 7200 20080615214426 (
- 20080609214426 1355 dyn.example.net.
- pLgxecgjqGdhVmCcUl59FljWsnC4bjkslUdt
- 0etzeGD1SNGUqhFcW10EgZE4Y9pXwvLvw68R
- sj80tqtN0NHi/Q== )
-ns2.dyn.example.net. 7200 IN A 1.2.0.6
- 7200 RRSIG A 5 4 7200 20080615214426 (
- 20080609214426 1355 dyn.example.net.
- pHtJzfj0HU/AkLE70xT0UG8M/Gvvsia61TnC
- UrxR/61uQk1X4Vy2+oPA14Yb2QJ7ZHG5D1cn
- LrVtjyQbfimbOA== )
- 7200 NSEC x.dyn.example.net. A RRSIG NSEC
- 7200 RRSIG NSEC 5 4 7200 20080615214426 (
- 20080609214426 1355 dyn.example.net.
- vjPL9Mb6oUyg9y8m+BpVpTRpac9+WJxu8FHd
- Xv4xk67NN+L+Zpukm0D8LSOrk4hZk0X5JkLD
- Pz/gpH280yQJFA== )
-x.dyn.example.net. 7200 IN A 1.2.3.4
- 7200 RRSIG A 5 4 7200 20080615214426 (
- 20080609214426 1355 dyn.example.net.
- tFyv0gmTKt8/IXdH9VA1H1ymBQ8EIviN2xbC
- P8vzWZbay3Az2GPObYmaHKb1dm+Sq1dQUJsb
- jn6fdB+T2Zs9Pw== )
- 7200 NSEC y.dyn.example.net. A RRSIG NSEC
- 7200 RRSIG NSEC 5 4 7200 20080615214426 (
- 20080609214426 1355 dyn.example.net.
- bWhiuA+4V86k/bfw7XQ7qDHwxTwbTyN+2gu5
- MeYQA/WeHdb+3QUOYr6aERRJlbD4q431d4f7
- 0sIwBMHOsDjTSA== )
-y.dyn.example.net. 7200 IN A 1.2.3.5
- 7200 RRSIG A 5 4 7200 20080615214426 (
- 20080609214426 1355 dyn.example.net.
- KQbZCcMcXWwGUyHyubt0VRhrpgiOel/0rQpF
- 18PyCNIAUIdRra1+Tj12ZaCBT2x5fu+/rtki
- qA5CzWo8HIPwmA== )
- 7200 NSEC z.dyn.example.net. A RRSIG NSEC
- 7200 RRSIG NSEC 5 4 7200 20080615214426 (
- 20080609214426 1355 dyn.example.net.
- e/zPTQ1WxvSJymZ/QSyPYFRYpc8gScTbwfXY
- mSyhQGyn1FjfLodAvyicNYbKF/oxR7IaXKLn
- lO6C9gQ+Iu9wyw== )
-z.dyn.example.net. 7200 IN A 1.2.3.6
- 7200 RRSIG A 5 4 7200 20080615214426 (
- 20080609214426 1355 dyn.example.net.
- hv9KA2BS+b97KSebN4h/nrP8cU4FUASHdsZj
- E2GMTf1aV3gpUyPf8LizKhLbUo/LF0bO3CpJ
- rWBT4VggwE8blQ== )
- 7200 NSEC dyn.example.net. A RRSIG NSEC
- 7200 RRSIG NSEC 5 4 7200 20080615214426 (
- 20080609214426 1355 dyn.example.net.
- r8f5dzQcdnn8gvr0jiExt/n4IUCVKID9Nahx
- XMDPLrA7ZH7omol+hKz6wlumYmjphlP2mHUU
- TNZYnWKCkD3hAQ== )
diff --git a/contrib/zkt/examples/flat/dyn.example.net./zone.db.dsigned b/contrib/zkt/examples/flat/dyn.example.net./zone.db.dsigned
deleted file mode 100644
index 9e4c5c8b..00000000
--- a/contrib/zkt/examples/flat/dyn.example.net./zone.db.dsigned
+++ /dev/null
@@ -1,136 +0,0 @@
-; File written on Thu Jun 12 18:28:39 2008
-; dnssec_signzone version 9.5.0
-dyn.example.net. 7200 IN SOA ns1.example.net. hostmaster.example.net. (
- 8 ; serial
- 43200 ; refresh (12 hours)
- 1800 ; retry (30 minutes)
- 1209600 ; expire (2 weeks)
- 7200 ; minimum (2 hours)
- )
- 7200 RRSIG SOA 5 3 7200 20080622152838 (
- 20080612152838 1355 dyn.example.net.
- GXyAKsmJ3D+pFic86kQxw+ASoAeGwuGj2rY+
- fby0HR5ud3i/Iq857ZlluDbQbg1EKZuar0l5
- e7HwrB59bxKAuw== )
- 7200 NS ns1.example.net.
- 7200 NS ns2.example.net.
- 7200 RRSIG NS 5 3 7200 20080615214426 (
- 20080609214426 1355 dyn.example.net.
- xuEEg3kN7hAVIwdQ8l8lmeEzNhrtz5Ow1PQK
- Sm3KTIxXI8RLcqZgc4pMlCWq+gWwxekvxJwz
- lU0C+J4VPkA8pA== )
- 7200 NSEC localhost.dyn.example.net. NS SOA RRSIG NSEC DNSKEY
- 7200 RRSIG NSEC 5 3 7200 20080615214426 (
- 20080609214426 1355 dyn.example.net.
- XFDBfmcN874qUtNsGwD9Ir0QAzjYMw3BI40I
- HFEOkTBJouhQ8RBpR6YqgWpkLqg1khvES5DH
- +6XuqA8u/xPmbw== )
- 3600 DNSKEY 256 3 5 (
- BQEAAAAB1hmOomNafbJ3H76e8V4qmFvlFWQu
- IkM+jbh+s79ZpErpCR7wBS5TswdoTeglX9Uj
- P0D6hLmHfTcsdHQLLeMidQ==
- ) ; key id = 1355
- 3600 DNSKEY 257 3 3 (
- CNtFdVrUUJ9MPDyzGoPm+tSKUgnX4bble5+V
- NGd4RjwWpEDj8RhEAhQ7LybJzr0wtHXT2Q/K
- S55xARkUtcH2TVO/ayMupa30pM38rd8uF38s
- m+ABKLEvCbPjaLZyW+s10di8nLp1aAxKFFfA
- EfXkIhl3Wm5g9CvjrMlrxAOfNy/jtz4v+asI
- r6/d992V80G9wMKMvTMQoCr4Sp9s2JubW79i
- 4RBVWgHHJMmtyqq+SqEkPhZvsTuo2sXgIH9v
- RS3XgfkGtw/KyTUM29bhZ2eB+Ldq+bggp1gb
- BDiSsxZPjxciizI/mCzXWbq8BdfZ6LsddMjA
- olJwCtaPCD4e4infmw+YSxjGau+YGgI0Cc0u
- ItzQmNNpSoejM3IWGV+SN/YuPJIzw8wixDfO
- 6kCNiPsW45Fvq31148cAvUvwiqYPQ3fONeOT
- dQjsJWLLdLTApVEH10kjAGfa30Tm92lQhhG5
- ovWrWCMbFlw4Lbvlon+X2snWPNut0a1Pz4Wd
- clDcmNU8dxi1lFvGbcJ0E4qBoJVBIzDh4HX1
- ) ; key id = 42138
- 3600 RRSIG DNSKEY 3 3 3600 20080615214426 (
- 20080609214426 42138 dyn.example.net.
- CIIuZ4cbwEWxoPGO6KDcLRO4Z3y0i2VhXy+5
- 1X+nmHSkpcKJrUty/wY= )
- 3600 RRSIG DNSKEY 5 3 3600 20080615214426 (
- 20080609214426 1355 dyn.example.net.
- xGL6ZjA7v2RjPj7BnYjCvsgMRm/Z94j4c5K4
- 7twJsUZ0AO/mURIpdbCigDfFJuK2fy/8X4Vi
- 9K8P4EgCcj52Jw== )
-localhost.dyn.example.net. 7200 IN A 127.0.0.1
- 7200 RRSIG A 5 4 7200 20080615214426 (
- 20080609214426 1355 dyn.example.net.
- s+RvcycC8aAYgRcR5qBdVXhpRxBMTFS5Q0Pk
- FN7OAdfmJ/3nV7+ehu0eOZ2ZjO2Pm4ZFcSM1
- Sm1ttNxSTe2M8A== )
- 7200 NSEC ns1.dyn.example.net. A RRSIG NSEC
- 7200 RRSIG NSEC 5 4 7200 20080615214426 (
- 20080609214426 1355 dyn.example.net.
- ZhXlmS/WJPbIiXwLKzNFOxw7RU3owfTA8vEM
- +/SDZO/7+aVSj5IgbsUs3qLAuFrMN8BFEAWt
- AqArf+M3STbO9g== )
-ns1.dyn.example.net. 7200 IN A 1.0.0.5
- 7200 RRSIG A 5 4 7200 20080615214426 (
- 20080609214426 1355 dyn.example.net.
- gPY1vUcxdWRJ1YbFMg/8rgoPZwta6rFrxQZl
- KbyBNctNmlbXxeynP6j3qjwq9dydzbNt+sjO
- TdWtXSZIlU2JKQ== )
- 7200 AAAA 2001:db8::53
- 7200 RRSIG AAAA 5 4 7200 20080615214426 (
- 20080609214426 1355 dyn.example.net.
- Y/PZmvaKPq4CqDvdG7eA2sxlnCPeNKHkZOB4
- eDvK1x+q/WfTs3BDd3+g4zlG5nMC+NRSlXeO
- Q4Pxd2rI9ud1hA== )
- 7200 NSEC ns2.dyn.example.net. A AAAA RRSIG NSEC
- 7200 RRSIG NSEC 5 4 7200 20080615214426 (
- 20080609214426 1355 dyn.example.net.
- pLgxecgjqGdhVmCcUl59FljWsnC4bjkslUdt
- 0etzeGD1SNGUqhFcW10EgZE4Y9pXwvLvw68R
- sj80tqtN0NHi/Q== )
-ns2.dyn.example.net. 7200 IN A 1.2.0.6
- 7200 RRSIG A 5 4 7200 20080615214426 (
- 20080609214426 1355 dyn.example.net.
- pHtJzfj0HU/AkLE70xT0UG8M/Gvvsia61TnC
- UrxR/61uQk1X4Vy2+oPA14Yb2QJ7ZHG5D1cn
- LrVtjyQbfimbOA== )
- 7200 NSEC x.dyn.example.net. A RRSIG NSEC
- 7200 RRSIG NSEC 5 4 7200 20080615214426 (
- 20080609214426 1355 dyn.example.net.
- vjPL9Mb6oUyg9y8m+BpVpTRpac9+WJxu8FHd
- Xv4xk67NN+L+Zpukm0D8LSOrk4hZk0X5JkLD
- Pz/gpH280yQJFA== )
-x.dyn.example.net. 7200 IN A 1.2.3.4
- 7200 RRSIG A 5 4 7200 20080615214426 (
- 20080609214426 1355 dyn.example.net.
- tFyv0gmTKt8/IXdH9VA1H1ymBQ8EIviN2xbC
- P8vzWZbay3Az2GPObYmaHKb1dm+Sq1dQUJsb
- jn6fdB+T2Zs9Pw== )
- 7200 NSEC y.dyn.example.net. A RRSIG NSEC
- 7200 RRSIG NSEC 5 4 7200 20080615214426 (
- 20080609214426 1355 dyn.example.net.
- bWhiuA+4V86k/bfw7XQ7qDHwxTwbTyN+2gu5
- MeYQA/WeHdb+3QUOYr6aERRJlbD4q431d4f7
- 0sIwBMHOsDjTSA== )
-y.dyn.example.net. 7200 IN A 1.2.3.5
- 7200 RRSIG A 5 4 7200 20080615214426 (
- 20080609214426 1355 dyn.example.net.
- KQbZCcMcXWwGUyHyubt0VRhrpgiOel/0rQpF
- 18PyCNIAUIdRra1+Tj12ZaCBT2x5fu+/rtki
- qA5CzWo8HIPwmA== )
- 7200 NSEC z.dyn.example.net. A RRSIG NSEC
- 7200 RRSIG NSEC 5 4 7200 20080615214426 (
- 20080609214426 1355 dyn.example.net.
- e/zPTQ1WxvSJymZ/QSyPYFRYpc8gScTbwfXY
- mSyhQGyn1FjfLodAvyicNYbKF/oxR7IaXKLn
- lO6C9gQ+Iu9wyw== )
-z.dyn.example.net. 7200 IN A 1.2.3.6
- 7200 RRSIG A 5 4 7200 20080615214426 (
- 20080609214426 1355 dyn.example.net.
- hv9KA2BS+b97KSebN4h/nrP8cU4FUASHdsZj
- E2GMTf1aV3gpUyPf8LizKhLbUo/LF0bO3CpJ
- rWBT4VggwE8blQ== )
- 7200 NSEC dyn.example.net. A RRSIG NSEC
- 7200 RRSIG NSEC 5 4 7200 20080615214426 (
- 20080609214426 1355 dyn.example.net.
- r8f5dzQcdnn8gvr0jiExt/n4IUCVKID9Nahx
- XMDPLrA7ZH7omol+hKz6wlumYmjphlP2mHUU
- TNZYnWKCkD3hAQ== )
diff --git a/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+003+42138.key b/contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+003+42138.key
index 6a64c44d..6a64c44d 100644
--- a/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+003+42138.key
+++ b/contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+003+42138.key
diff --git a/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+003+42138.private b/contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+003+42138.private
index 4f7ec3da..4f7ec3da 100644
--- a/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+003+42138.private
+++ b/contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+003+42138.private
diff --git a/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+005+01355.private b/contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+005+01355.depreciated
index 3692946b..3692946b 100644
--- a/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+005+01355.private
+++ b/contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+005+01355.depreciated
diff --git a/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+005+01355.key b/contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+005+01355.key
index d1293980..d1293980 100644
--- a/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+005+01355.key
+++ b/contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+005+01355.key
diff --git a/contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+005+10643.key b/contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+005+10643.key
new file mode 100644
index 00000000..7213f337
--- /dev/null
+++ b/contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+005+10643.key
@@ -0,0 +1,3 @@
+;% generationtime=20081216133142
+;% lifetime=14d
+dyn.example.net. IN DNSKEY 256 3 5 BQEAAAAB4uTFNj8nkYmnWy6LgUlNS2QCPzevMxDoizMthpHUkBf+8U6q Exelm+aQQYnoyoe5NrreKBzt3jmqUYnn19QKQw==
diff --git a/contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+005+10643.private b/contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+005+10643.private
new file mode 100644
index 00000000..e5428504
--- /dev/null
+++ b/contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+005+10643.private
@@ -0,0 +1,10 @@
+Private-key-format: v1.2
+Algorithm: 5 (RSASHA1)
+Modulus: 4uTFNj8nkYmnWy6LgUlNS2QCPzevMxDoizMthpHUkBf+8U6qExelm+aQQYnoyoe5NrreKBzt3jmqUYnn19QKQw==
+PublicExponent: AQAAAAE=
+PrivateExponent: sW8IqcOjr/1xymzxbq91KQiCxBY/8nDvDO/m4Re6aTrTXr450nw8eBZZQuOnHsSEyc4YA8Gs8AwxO1IGAyjHYQ==
+Prime1: 94n25jivIMy9SIV890Kp6CIGfeG/6g9eBFG+igw5JPM=
+Prime2: 6qYnXtPI7mxsinhBVf+/2Ncv+V48/790y+jUhJXFGXE=
+Exponent1: 4uCtm1fxo8apOydY+plF8duFa4BQq2rZkG4XCKQFpo0=
+Exponent2: DBPT/6Xc9NryN5/MaOWZhmEWha//SPrGIHrcOwRhE8E=
+Coefficient: tmkhFA718p1qDTkmOa2MqYox+Cz1LsuNCraAK0srL1U=
diff --git a/contrib/zkt/examples/flat/dyn.example.net./dnskey.db b/contrib/zkt/examples/flat/dyn.example.net/dnskey.db
index e0f978e1..e05508e7 100644
--- a/contrib/zkt/examples/flat/dyn.example.net./dnskey.db
+++ b/contrib/zkt/examples/flat/dyn.example.net/dnskey.db
@@ -2,12 +2,12 @@
; !!! Don't edit this file by hand.
; !!! It will be generated by dnssec-signer.
;
-; Last generation time Jun 12 2008 18:28:38
+; Last generation time Dec 18 2008 01:03:01
;
; *** List of Key Signing Keys ***
-; dyn.example.net. tag=42138 algo=DSA generated Jun 10 2008 00:44:26
-dyn.example.net. 14400 IN DNSKEY 257 3 3 (
+; dyn.example.net. tag=42138 algo=DSA generated Aug 05 2008 23:01:57
+dyn.example.net. 3600 IN DNSKEY 257 3 3 (
CNtFdVrUUJ9MPDyzGoPm+tSKUgnX4bble5+VNGd4RjwWpEDj8RhEAhQ7
LybJzr0wtHXT2Q/KS55xARkUtcH2TVO/ayMupa30pM38rd8uF38sm+AB
KLEvCbPjaLZyW+s10di8nLp1aAxKFFfAEfXkIhl3Wm5g9CvjrMlrxAOf
@@ -21,9 +21,15 @@ dyn.example.net. 14400 IN DNSKEY 257 3 3 (
) ; key id = 42138
; *** List of Zone Signing Keys ***
-; dyn.example.net. tag=1355 algo=RSASHA1 generated Jun 10 2008 00:44:26
-dyn.example.net. 14400 IN DNSKEY 256 3 5 (
+; dyn.example.net. tag=1355 algo=RSASHA1 generated Aug 05 2008 23:01:57
+dyn.example.net. 3600 IN DNSKEY 256 3 5 (
BQEAAAAB1hmOomNafbJ3H76e8V4qmFvlFWQuIkM+jbh+s79ZpErpCR7w
BS5TswdoTeglX9UjP0D6hLmHfTcsdHQLLeMidQ==
) ; key id = 1355
+; dyn.example.net. tag=10643 algo=RSASHA1 generated Dec 16 2008 14:31:42
+dyn.example.net. 3600 IN DNSKEY 256 3 5 (
+ BQEAAAAB4uTFNj8nkYmnWy6LgUlNS2QCPzevMxDoizMthpHUkBf+8U6q
+ Exelm+aQQYnoyoe5NrreKBzt3jmqUYnn19QKQw==
+ ) ; key id = 10643
+
diff --git a/contrib/zkt/examples/flat/dyn.example.net./dnssec.conf b/contrib/zkt/examples/flat/dyn.example.net/dnssec.conf
index 0998fda2..0998fda2 100644
--- a/contrib/zkt/examples/flat/dyn.example.net./dnssec.conf
+++ b/contrib/zkt/examples/flat/dyn.example.net/dnssec.conf
diff --git a/contrib/zkt/examples/flat/dyn.example.net./dsset-dyn.example.net. b/contrib/zkt/examples/flat/dyn.example.net/dsset-dyn.example.net.
index f94666a6..f94666a6 100644
--- a/contrib/zkt/examples/flat/dyn.example.net./dsset-dyn.example.net.
+++ b/contrib/zkt/examples/flat/dyn.example.net/dsset-dyn.example.net.
diff --git a/contrib/zkt/examples/flat/dyn.example.net./keyset-dyn.example.net. b/contrib/zkt/examples/flat/dyn.example.net/keyset-dyn.example.net.
index 002217b0..002217b0 100644
--- a/contrib/zkt/examples/flat/dyn.example.net./keyset-dyn.example.net.
+++ b/contrib/zkt/examples/flat/dyn.example.net/keyset-dyn.example.net.
diff --git a/contrib/zkt/examples/flat/dyn.example.net/zone.db b/contrib/zkt/examples/flat/dyn.example.net/zone.db
new file mode 100644
index 00000000..8ed11a4b
--- /dev/null
+++ b/contrib/zkt/examples/flat/dyn.example.net/zone.db
@@ -0,0 +1,115 @@
+; File written on Tue Dec 16 14:31:43 2008
+; dnssec_signzone version 9.6.0rc1
+dyn.example.net. 7200 IN SOA ns1.example.net. hostmaster.example.net. (
+ 9 ; serial
+ 43200 ; refresh (12 hours)
+ 1800 ; retry (30 minutes)
+ 1209600 ; expire (2 weeks)
+ 7200 ; minimum (2 hours)
+ )
+ 7200 RRSIG SOA 5 3 7200 20081222123143 (
+ 20081216123143 1355 dyn.example.net.
+ G4QPBPbeEnPfKggesblu+QPI6rlt8gOaqnJB
+ k/98pbkDxhgLmpPP9RdjD3bftSFRgOdPGN1Y
+ xE4AxSdo4AR5NA== )
+ 7200 NS ns1.example.net.
+ 7200 NS ns2.example.net.
+ 7200 RRSIG NS 5 3 7200 20081222123143 (
+ 20081216123143 1355 dyn.example.net.
+ le7/8D28Oia0Ai/aSZsno5TILSCaPKNnuauM
+ MGEGfCixiCXFIOCuND54qMpUR3wNEnTkHkyl
+ OBYt6dGy5pH0dw== )
+ 7200 NSEC localhost.dyn.example.net. NS SOA RRSIG NSEC DNSKEY
+ 7200 RRSIG NSEC 5 3 7200 20081222123143 (
+ 20081216123143 1355 dyn.example.net.
+ ovWzUD/vXa15hxBDTtMKP4TcJEpG3RX+2CrZ
+ ztcRdF9uy3JXI3+dEgmB+cPaDVW1AiNIrIYF
+ 3MRaCHa4jhJISw== )
+$INCLUDE dnskey.db
+ 3600 RRSIG DNSKEY 3 3 3600 20081222123143 (
+ 20081216123143 42138 dyn.example.net.
+ CL4xO8K27EV8Aq25hhFsk7Q5uL7sGO0HnsBH
+ tr6Iomd+JCqxBGvZSBg= )
+ 3600 RRSIG DNSKEY 5 3 3600 20081222123143 (
+ 20081216123143 1355 dyn.example.net.
+ DkobINneyOshuB+T7nfnGx/O7JvEBRPT/svs
+ ysxDmzZ8CaPF04lskwrLPFcRfMhrGX2JFYjE
+ uIWUFMbDBVHilA== )
+localhost.dyn.example.net. 7200 IN A 127.0.0.1
+ 7200 RRSIG A 5 4 7200 20081222123143 (
+ 20081216123143 1355 dyn.example.net.
+ HDt+/eQ8d52VglJFPDwO3W7Gez2TUbvdz8Gk
+ SVDqIjHSTvJWN3L0vnBdHXOYUT8WLIMtQXXm
+ Y+JU8nNWxrD8yQ== )
+ 7200 NSEC ns1.dyn.example.net. A RRSIG NSEC
+ 7200 RRSIG NSEC 5 4 7200 20081222123143 (
+ 20081216123143 1355 dyn.example.net.
+ d+CMf40oITbKKIV2AE3JTmGKtxb1RJPEEm2p
+ z8RHSPFrdcC9ieJrdZIx1+Uxs5PjNbZcjdft
+ oiLcZ/pr+2QXew== )
+ns1.dyn.example.net. 7200 IN A 1.0.0.5
+ 7200 RRSIG A 5 4 7200 20081222123143 (
+ 20081216123143 1355 dyn.example.net.
+ p99aPrpCC+FU8uRCJuRCo4aibhuFelbDXR1q
+ 9WRVJBJiDV4FO6EH/tCBAUQmNT0fh+mERKNd
+ 39Qjr5mH5gFcQw== )
+ 7200 AAAA 2001:db8::53
+ 7200 RRSIG AAAA 5 4 7200 20081222123143 (
+ 20081216123143 1355 dyn.example.net.
+ ajT50HHhQUY5mD8SH1nPd+mf4HosL1lVvDVN
+ HTnpoqCjG0guDuRk/BCLTBj1MPcPDYlkdDcd
+ Rpv5xbYbYNu5qQ== )
+ 7200 NSEC ns2.dyn.example.net. A AAAA RRSIG NSEC
+ 7200 RRSIG NSEC 5 4 7200 20081222123143 (
+ 20081216123143 1355 dyn.example.net.
+ lQESBjK8+FQmGgndAMbPvQ2WMomT3sa1ozPQ
+ /7ykGFFgM3YeUyA2h0AlUWHatLNDvMy2HeaM
+ C1ozcV9M/iHR0A== )
+ns2.dyn.example.net. 7200 IN A 1.2.0.6
+ 7200 RRSIG A 5 4 7200 20081222123143 (
+ 20081216123143 1355 dyn.example.net.
+ OrkPhnVeL0kTY6hJzrBgXy1NGeiQQR+5ykSh
+ qFOOwR1C0YiBWGF3kkLE0ZAZ7XD+CPxc6Z/H
+ WL/+o/AVAtWrtg== )
+ 7200 NSEC x.dyn.example.net. A RRSIG NSEC
+ 7200 RRSIG NSEC 5 4 7200 20081222123143 (
+ 20081216123143 1355 dyn.example.net.
+ ZE+qfvafm4vmGkkpcI1Z1ND2doEwnGELDiYQ
+ SpNu3bWTHDO6B8vHql1QayGPLzDH8licFAXL
+ FdyUOVHrXZMZNw== )
+x.dyn.example.net. 7200 IN A 1.2.3.4
+ 7200 RRSIG A 5 4 7200 20081222123143 (
+ 20081216123143 1355 dyn.example.net.
+ kYuQrOUinJDCsIGlv+qAPROyDOP6vCI11Us4
+ V0c6HK18FaaNE0BeivHAMN9QkliHF9GjYVm2
+ JbklfT3DUMSuIA== )
+ 7200 NSEC y.dyn.example.net. A RRSIG NSEC
+ 7200 RRSIG NSEC 5 4 7200 20081222123143 (
+ 20081216123143 1355 dyn.example.net.
+ AR2flkOCH0YPbmTGxPj4v8Ug/L2dasQElmZW
+ +NZK4vlyxwtGFowBDtcjiD10defZNP3Wuzus
+ YjuVA5JpZpTW8A== )
+y.dyn.example.net. 7200 IN A 1.2.3.5
+ 7200 RRSIG A 5 4 7200 20081222123143 (
+ 20081216123143 1355 dyn.example.net.
+ HYDO2JtuRZWZ+XyDj7GZOlC3b2Y2rozEzzEf
+ OC/CChOsplwm1MDx+5nXPHM8wcIUUofrlq+b
+ lRLJfqwLt9erxg== )
+ 7200 NSEC z.dyn.example.net. A RRSIG NSEC
+ 7200 RRSIG NSEC 5 4 7200 20081222123143 (
+ 20081216123143 1355 dyn.example.net.
+ mtz25BnhPmwYaHG2DLth2f3XTUeAMFDnmXby
+ /kUWbflanujxvWDnB2hFs4qKGeE+WL36F/aw
+ /Ui1oFyMOcdvPg== )
+z.dyn.example.net. 7200 IN A 1.2.3.6
+ 7200 RRSIG A 5 4 7200 20081222123143 (
+ 20081216123143 1355 dyn.example.net.
+ CxCptk9vpGT/9oG9WXiLmgKrWrxvuxFkgjEu
+ gBsp7loIM6x3Pr+CDXdsvbjDW1DwsjYBPyCa
+ JL7B7wczIlxQrA== )
+ 7200 NSEC dyn.example.net. A RRSIG NSEC
+ 7200 RRSIG NSEC 5 4 7200 20081222123143 (
+ 20081216123143 1355 dyn.example.net.
+ hOjfx9YA8O7tSXycALMnI+cQw3hs4euTVNPf
+ fCiYukAFjwpQAmS8xVbtydTH7TVs5UcObyqB
+ 8gsnXboAW9x07g== )
diff --git a/contrib/zkt/examples/flat/dyn.example.net/zone.db.dsigned b/contrib/zkt/examples/flat/dyn.example.net/zone.db.dsigned
new file mode 100644
index 00000000..31b15fd8
--- /dev/null
+++ b/contrib/zkt/examples/flat/dyn.example.net/zone.db.dsigned
@@ -0,0 +1,221 @@
+; File written on Thu Dec 18 01:03:01 2008
+; dnssec_signzone version 9.6.0rc1
+dyn.example.net. 7200 IN SOA ns1.example.net. hostmaster.example.net. (
+ 10 ; serial
+ 43200 ; refresh (12 hours)
+ 1800 ; retry (30 minutes)
+ 1209600 ; expire (2 weeks)
+ 7200 ; minimum (2 hours)
+ )
+ 7200 RRSIG SOA 5 3 7200 20081223230301 (
+ 20081217230301 10643 dyn.example.net.
+ srn4ZqDvq1V4YWAn+s1UuC3pk9DFhyxo7w6h
+ 6LnIeqAvnt6naBfgu0IHKt62fCMlq2LaW3n5
+ LYdW5XD0aMU2pA== )
+ 7200 NS ns1.example.net.
+ 7200 NS ns2.example.net.
+ 7200 RRSIG NS 5 3 7200 20081222123143 (
+ 20081216123143 1355 dyn.example.net.
+ le7/8D28Oia0Ai/aSZsno5TILSCaPKNnuauM
+ MGEGfCixiCXFIOCuND54qMpUR3wNEnTkHkyl
+ OBYt6dGy5pH0dw== )
+ 7200 RRSIG NS 5 3 7200 20081223230301 (
+ 20081217230301 10643 dyn.example.net.
+ IAaofnTCtf2xoxW+NxUyosdLTj2+ueDnv8tz
+ hgGwtzUeHn+AXZgwB3pe5AgMO+Y8WNg7AZJ7
+ TlJkTe3CnL6/Uw== )
+ 7200 NSEC localhost.dyn.example.net. NS SOA RRSIG NSEC DNSKEY
+ 7200 RRSIG NSEC 5 3 7200 20081222123143 (
+ 20081216123143 1355 dyn.example.net.
+ ovWzUD/vXa15hxBDTtMKP4TcJEpG3RX+2CrZ
+ ztcRdF9uy3JXI3+dEgmB+cPaDVW1AiNIrIYF
+ 3MRaCHa4jhJISw== )
+ 7200 RRSIG NSEC 5 3 7200 20081223230301 (
+ 20081217230301 10643 dyn.example.net.
+ S0ngwduIYE7H5DZ9A8OfeY9h0Sb6mdBQpN2+
+ TzK3hsS6d92m7IoTkLMv8V1iGMY9cUasauwl
+ bzMUUgXpBSzFqA== )
+ 3600 DNSKEY 256 3 5 (
+ BQEAAAAB1hmOomNafbJ3H76e8V4qmFvlFWQu
+ IkM+jbh+s79ZpErpCR7wBS5TswdoTeglX9Uj
+ P0D6hLmHfTcsdHQLLeMidQ==
+ ) ; key id = 1355
+ 3600 DNSKEY 256 3 5 (
+ BQEAAAAB4uTFNj8nkYmnWy6LgUlNS2QCPzev
+ MxDoizMthpHUkBf+8U6qExelm+aQQYnoyoe5
+ NrreKBzt3jmqUYnn19QKQw==
+ ) ; key id = 10643
+ 3600 DNSKEY 257 3 3 (
+ CNtFdVrUUJ9MPDyzGoPm+tSKUgnX4bble5+V
+ NGd4RjwWpEDj8RhEAhQ7LybJzr0wtHXT2Q/K
+ S55xARkUtcH2TVO/ayMupa30pM38rd8uF38s
+ m+ABKLEvCbPjaLZyW+s10di8nLp1aAxKFFfA
+ EfXkIhl3Wm5g9CvjrMlrxAOfNy/jtz4v+asI
+ r6/d992V80G9wMKMvTMQoCr4Sp9s2JubW79i
+ 4RBVWgHHJMmtyqq+SqEkPhZvsTuo2sXgIH9v
+ RS3XgfkGtw/KyTUM29bhZ2eB+Ldq+bggp1gb
+ BDiSsxZPjxciizI/mCzXWbq8BdfZ6LsddMjA
+ olJwCtaPCD4e4infmw+YSxjGau+YGgI0Cc0u
+ ItzQmNNpSoejM3IWGV+SN/YuPJIzw8wixDfO
+ 6kCNiPsW45Fvq31148cAvUvwiqYPQ3fONeOT
+ dQjsJWLLdLTApVEH10kjAGfa30Tm92lQhhG5
+ ovWrWCMbFlw4Lbvlon+X2snWPNut0a1Pz4Wd
+ clDcmNU8dxi1lFvGbcJ0E4qBoJVBIzDh4HX1
+ ) ; key id = 42138
+ 3600 RRSIG DNSKEY 3 3 3600 20081222123143 (
+ 20081216123143 42138 dyn.example.net.
+ CL4xO8K27EV8Aq25hhFsk7Q5uL7sGO0HnsBH
+ tr6Iomd+JCqxBGvZSBg= )
+ 3600 RRSIG DNSKEY 5 3 3600 20081222123143 (
+ 20081216123143 1355 dyn.example.net.
+ DkobINneyOshuB+T7nfnGx/O7JvEBRPT/svs
+ ysxDmzZ8CaPF04lskwrLPFcRfMhrGX2JFYjE
+ uIWUFMbDBVHilA== )
+ 3600 RRSIG DNSKEY 5 3 3600 20081223230301 (
+ 20081217230301 10643 dyn.example.net.
+ 0W2AHhTCCVK1UAhfGkZTkrLuPfRNBgQHysKw
+ dHimxjMq/IlVwamPkmrW0NmYdt15C+E9SZja
+ HYu8RuXqyqxQzQ== )
+localhost.dyn.example.net. 7200 IN A 127.0.0.1
+ 7200 RRSIG A 5 4 7200 20081222123143 (
+ 20081216123143 1355 dyn.example.net.
+ HDt+/eQ8d52VglJFPDwO3W7Gez2TUbvdz8Gk
+ SVDqIjHSTvJWN3L0vnBdHXOYUT8WLIMtQXXm
+ Y+JU8nNWxrD8yQ== )
+ 7200 RRSIG A 5 4 7200 20081223230301 (
+ 20081217230301 10643 dyn.example.net.
+ vTo/zPTFUEK92lpo3XTuSai3VsUO5FuYuS0T
+ L3w3iIQHOdOSHunPy2brF6BzsznZXLuYvDvr
+ cZuxxYJpYRrecg== )
+ 7200 NSEC ns1.dyn.example.net. A RRSIG NSEC
+ 7200 RRSIG NSEC 5 4 7200 20081222123143 (
+ 20081216123143 1355 dyn.example.net.
+ d+CMf40oITbKKIV2AE3JTmGKtxb1RJPEEm2p
+ z8RHSPFrdcC9ieJrdZIx1+Uxs5PjNbZcjdft
+ oiLcZ/pr+2QXew== )
+ 7200 RRSIG NSEC 5 4 7200 20081223230301 (
+ 20081217230301 10643 dyn.example.net.
+ G/Tw47gQNzuCEJTLHbCOcrBoEEP28QrwzLdw
+ 7Y+WXP7XFMsLDkdLGrsL6CGLDL/L9WBGU75x
+ QKKBPFshzJUeUQ== )
+ns1.dyn.example.net. 7200 IN A 1.0.0.5
+ 7200 RRSIG A 5 4 7200 20081222123143 (
+ 20081216123143 1355 dyn.example.net.
+ p99aPrpCC+FU8uRCJuRCo4aibhuFelbDXR1q
+ 9WRVJBJiDV4FO6EH/tCBAUQmNT0fh+mERKNd
+ 39Qjr5mH5gFcQw== )
+ 7200 RRSIG A 5 4 7200 20081223230301 (
+ 20081217230301 10643 dyn.example.net.
+ QPGkC3aXCaNaGauAaEs5AWlBoftcP/HbrVGe
+ JlzZN2LbwwbTNDtvotnW7PeWJaaj6vRInkOt
+ TjSz43Sfn4FJvg== )
+ 7200 AAAA 2001:db8::53
+ 7200 RRSIG AAAA 5 4 7200 20081222123143 (
+ 20081216123143 1355 dyn.example.net.
+ ajT50HHhQUY5mD8SH1nPd+mf4HosL1lVvDVN
+ HTnpoqCjG0guDuRk/BCLTBj1MPcPDYlkdDcd
+ Rpv5xbYbYNu5qQ== )
+ 7200 RRSIG AAAA 5 4 7200 20081223230301 (
+ 20081217230301 10643 dyn.example.net.
+ BXvwGdoLeAuj709j3KGvK7RvgQ4MbJmew8De
+ ZbTBaoVt4Z79Tf0m67Vj+VqHRgTDjyIvnSNZ
+ Bawk6lWw5dvroA== )
+ 7200 NSEC ns2.dyn.example.net. A AAAA RRSIG NSEC
+ 7200 RRSIG NSEC 5 4 7200 20081222123143 (
+ 20081216123143 1355 dyn.example.net.
+ lQESBjK8+FQmGgndAMbPvQ2WMomT3sa1ozPQ
+ /7ykGFFgM3YeUyA2h0AlUWHatLNDvMy2HeaM
+ C1ozcV9M/iHR0A== )
+ 7200 RRSIG NSEC 5 4 7200 20081223230301 (
+ 20081217230301 10643 dyn.example.net.
+ fYIG2W8qnQYoahLfwJqLf4Tigl93xfqXZO20
+ qn/wPBW4jy+JnJ/ShptEZCeuyTTsVBw4ZnJI
+ 7o15ZBW1UlZy9g== )
+ns2.dyn.example.net. 7200 IN A 1.2.0.6
+ 7200 RRSIG A 5 4 7200 20081222123143 (
+ 20081216123143 1355 dyn.example.net.
+ OrkPhnVeL0kTY6hJzrBgXy1NGeiQQR+5ykSh
+ qFOOwR1C0YiBWGF3kkLE0ZAZ7XD+CPxc6Z/H
+ WL/+o/AVAtWrtg== )
+ 7200 RRSIG A 5 4 7200 20081223230301 (
+ 20081217230301 10643 dyn.example.net.
+ gDre5yf6WCDCute4lg1ktW9+mM4qPn5D5Oy6
+ hsu3+9NRjOdAdQhV9HMzdOODooIOvLGKINOY
+ 6PFS66OvTcfNpA== )
+ 7200 NSEC x.dyn.example.net. A RRSIG NSEC
+ 7200 RRSIG NSEC 5 4 7200 20081222123143 (
+ 20081216123143 1355 dyn.example.net.
+ ZE+qfvafm4vmGkkpcI1Z1ND2doEwnGELDiYQ
+ SpNu3bWTHDO6B8vHql1QayGPLzDH8licFAXL
+ FdyUOVHrXZMZNw== )
+ 7200 RRSIG NSEC 5 4 7200 20081223230301 (
+ 20081217230301 10643 dyn.example.net.
+ FZGn3y2M+YWoH6gk06gTUMZ49PIq+yDr708Y
+ fxPcEsRljuYU2GrmETQKJTDY1HjYomTBGoKm
+ StupQrHzOOasAA== )
+x.dyn.example.net. 7200 IN A 1.2.3.4
+ 7200 RRSIG A 5 4 7200 20081222123143 (
+ 20081216123143 1355 dyn.example.net.
+ kYuQrOUinJDCsIGlv+qAPROyDOP6vCI11Us4
+ V0c6HK18FaaNE0BeivHAMN9QkliHF9GjYVm2
+ JbklfT3DUMSuIA== )
+ 7200 RRSIG A 5 4 7200 20081223230301 (
+ 20081217230301 10643 dyn.example.net.
+ pYCB8HDdv9WxX1GxNWdafGZGSKrveweoOixc
+ uddF++dPA1m+ro/6Qw28Cj5Coth7IKu+TyM0
+ JPWTJgOUck73zw== )
+ 7200 NSEC y.dyn.example.net. A RRSIG NSEC
+ 7200 RRSIG NSEC 5 4 7200 20081222123143 (
+ 20081216123143 1355 dyn.example.net.
+ AR2flkOCH0YPbmTGxPj4v8Ug/L2dasQElmZW
+ +NZK4vlyxwtGFowBDtcjiD10defZNP3Wuzus
+ YjuVA5JpZpTW8A== )
+ 7200 RRSIG NSEC 5 4 7200 20081223230301 (
+ 20081217230301 10643 dyn.example.net.
+ Ant5JHyVUh8+mMG5+WGgimDGiItGVRWhb3B5
+ C4KYb7DM8+qJ98W0KPIxFT9Sj9bsKyyOzvf3
+ Bik/f7DSdcr6sg== )
+y.dyn.example.net. 7200 IN A 1.2.3.5
+ 7200 RRSIG A 5 4 7200 20081222123143 (
+ 20081216123143 1355 dyn.example.net.
+ HYDO2JtuRZWZ+XyDj7GZOlC3b2Y2rozEzzEf
+ OC/CChOsplwm1MDx+5nXPHM8wcIUUofrlq+b
+ lRLJfqwLt9erxg== )
+ 7200 RRSIG A 5 4 7200 20081223230301 (
+ 20081217230301 10643 dyn.example.net.
+ 1zS6xszu0hrKaJOLS6YOuFthmDCRp3PQIAjh
+ u6uPX6Kjpb8Svhdo7yFp7ukJU5OX6BEKiSon
+ qHajnJvPg72T6w== )
+ 7200 NSEC z.dyn.example.net. A RRSIG NSEC
+ 7200 RRSIG NSEC 5 4 7200 20081222123143 (
+ 20081216123143 1355 dyn.example.net.
+ mtz25BnhPmwYaHG2DLth2f3XTUeAMFDnmXby
+ /kUWbflanujxvWDnB2hFs4qKGeE+WL36F/aw
+ /Ui1oFyMOcdvPg== )
+ 7200 RRSIG NSEC 5 4 7200 20081223230301 (
+ 20081217230301 10643 dyn.example.net.
+ 3fCQpAl+OjtWt9ZIpTrYVLhpZoaLqAJ8hy2v
+ ZTu9MtmmS3W/cdp6qdSi+bUZuiptGoxTBAjh
+ aC7QpOrobV9C/w== )
+z.dyn.example.net. 7200 IN A 1.2.3.6
+ 7200 RRSIG A 5 4 7200 20081222123143 (
+ 20081216123143 1355 dyn.example.net.
+ CxCptk9vpGT/9oG9WXiLmgKrWrxvuxFkgjEu
+ gBsp7loIM6x3Pr+CDXdsvbjDW1DwsjYBPyCa
+ JL7B7wczIlxQrA== )
+ 7200 RRSIG A 5 4 7200 20081223230301 (
+ 20081217230301 10643 dyn.example.net.
+ MAJ85Q1cFh7yqewaQyJ3YxS3KwTK/rxW+leY
+ HLwxfcijXkUrxVaRtO/gTcFdo4aTJjeDrPhV
+ ESwQbI+NNVkVRw== )
+ 7200 NSEC dyn.example.net. A RRSIG NSEC
+ 7200 RRSIG NSEC 5 4 7200 20081222123143 (
+ 20081216123143 1355 dyn.example.net.
+ hOjfx9YA8O7tSXycALMnI+cQw3hs4euTVNPf
+ fCiYukAFjwpQAmS8xVbtydTH7TVs5UcObyqB
+ 8gsnXboAW9x07g== )
+ 7200 RRSIG NSEC 5 4 7200 20081223230301 (
+ 20081217230301 10643 dyn.example.net.
+ hRnT7XWT+KFHsxZ8rNiqWJ2/5WyLQRxht/QQ
+ NXaYz2OeSGfgsRmdHc6UfjeVLyeXYn7Tkikr
+ Pg7pX/nmF4eldQ== )
diff --git a/contrib/zkt/examples/flat/dyn.example.net./zone.org b/contrib/zkt/examples/flat/dyn.example.net/zone.org
index c536fc87..c536fc87 100644
--- a/contrib/zkt/examples/flat/dyn.example.net./zone.org
+++ b/contrib/zkt/examples/flat/dyn.example.net/zone.org
diff --git a/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41300.key b/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41300.key
deleted file mode 100644
index 235a5df1..00000000
--- a/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41300.key
+++ /dev/null
@@ -1,3 +0,0 @@
-;% generationtime=20080721221039
-;% lifetime=14d
-example.net. IN DNSKEY 256 3 5 BQEAAAABz+XkYpKYKuMPi7jA8Y/qfzDuGKdGVadO1kBAK6UnrK+WbxP3 LjoOtWm13QuS8fHsuZipXs2ouT2S9dhdEArKfw==
diff --git a/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41300.private b/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41300.private
deleted file mode 100644
index b5041c0f..00000000
--- a/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41300.private
+++ /dev/null
@@ -1,10 +0,0 @@
-Private-key-format: v1.2
-Algorithm: 5 (RSASHA1)
-Modulus: z+XkYpKYKuMPi7jA8Y/qfzDuGKdGVadO1kBAK6UnrK+WbxP3LjoOtWm13QuS8fHsuZipXs2ouT2S9dhdEArKfw==
-PublicExponent: AQAAAAE=
-PrivateExponent: MF8+pDySZKCy1bZvgH9me1xf6cMd7V7FYgIWqRTSGuGpRWdtnIoltaBWjj2UlCshJYiwT0Y5g3obAsorqBC3wQ==
-Prime1: 6M83fhmfDJmatbG+texk1m/E7Aj8yOTLommXQYC/18M=
-Prime2: 5JtrNfEt434OYY/aIFo+LpKQ4YHmni1IODDoP9sHkpU=
-Exponent1: nCZRKBmE9YucwPIw6E1yLiAJ87fqm9IGNLez0kmtV+0=
-Exponent2: 4rEtpIoEBRymA2/iJbg+UmyCd1MKp5Mx4WhFTv1KOS0=
-Coefficient: v0eWAC3cl0XllkeNGaq5thp02OnHsxVU8Xwtss3dCMw=
diff --git a/contrib/zkt/examples/flat/example.net./dnskey.db b/contrib/zkt/examples/flat/example.net./dnskey.db
deleted file mode 100644
index 6bd2ba05..00000000
--- a/contrib/zkt/examples/flat/example.net./dnskey.db
+++ /dev/null
@@ -1,33 +0,0 @@
-;
-; !!! Don't edit this file by hand.
-; !!! It will be generated by dnssec-signer.
-;
-; Last generation time Jul 31 2008 00:25:53
-;
-
-; *** List of Key Signing Keys ***
-; example.net. tag=1764 algo=RSASHA1 generated Jun 19 2008 00:32:22
-example.net. 3600 IN DNSKEY 257 3 5 (
- BQEAAAABDUi2uSUlDjESbnrnY5wd8+pXxhYVY4wCi2UVjhcehvIb2bF8
- VJH2Q9/0ubQR1vQ2VJhsGUj3A7bdTfbMETPxKkZaDpc9lCYrm0z5HDrs
- lyx4bSb4JX/iCyhgYZXrTVb9WyLXjUtmDUktDjZgsyVshFHVJShBUSj+
- YpnfQkndGViDAbJRycXDYEF1hCNmTK3KsR1JS9dXMKI3WidH+B9rLlBU
- 8w==
- ) ; key id = 1764
-
-; example.net. tag=41151 algo=RSASHA1 generated Jun 19 2008 00:32:22
-example.net. 3600 IN DNSKEY 257 3 5 (
- BQEAAAABDAnSCbSyScZdP2M6OQTbTGvZRD5avmDYgAwXv0EsnNautYn7
- kzDGwY3oVTXWDTdII+syK0pt0unjUn2ActoXtyFzIk61VRKDroANM9/W
- O0PO/y50vNIGMJUL1TiMR6jCp23eSxQ39/1A+BeiU+fMjoJK0/Yc7hbM
- HWwD8myU0IEX8R2iVUTXNPNbmUV2M836Eu5SRLIVTc7P4vjKT1YYVnoQ
- qw==
- ) ; key id = 41151
-
-; *** List of Zone Signing Keys ***
-; example.net. tag=41300 algo=RSASHA1 generated Jul 24 2008 00:13:57
-example.net. 3600 IN DNSKEY 256 3 5 (
- BQEAAAABz+XkYpKYKuMPi7jA8Y/qfzDuGKdGVadO1kBAK6UnrK+WbxP3
- LjoOtWm13QuS8fHsuZipXs2ouT2S9dhdEArKfw==
- ) ; key id = 41300
-
diff --git a/contrib/zkt/examples/flat/example.net./dsset-example.net. b/contrib/zkt/examples/flat/example.net./dsset-example.net.
deleted file mode 100644
index d4a01ed9..00000000
--- a/contrib/zkt/examples/flat/example.net./dsset-example.net.
+++ /dev/null
@@ -1,4 +0,0 @@
-example.net. IN DS 1764 5 1 A6F060DDE8DE45CA7FD1C21E2F39C477F214795F
-example.net. IN DS 1764 5 2 B7109245C60ACEDD1630E145477FDF574D5BD9CABE530AAC6D7192DB 7FBFAA3F
-example.net. IN DS 41151 5 1 BBB692EA07571E412F9385A618C1CAD9BFC1469A
-example.net. IN DS 41151 5 2 4D22B44C3DC09BD9EEADFFB917EFCE8E45F22E89FF0C096CD14F4405 CA1CAE3F
diff --git a/contrib/zkt/examples/flat/example.net./zone.db.signed b/contrib/zkt/examples/flat/example.net./zone.db.signed
deleted file mode 100644
index b10d122b..00000000
--- a/contrib/zkt/examples/flat/example.net./zone.db.signed
+++ /dev/null
@@ -1,166 +0,0 @@
-; File written on Thu Jul 31 00:25:53 2008
-; dnssec_signzone version 9.5.1b1
-example.net. 7200 IN SOA ns1.example.net. hostmaster.example.net. (
- 306 ; serial
- 43200 ; refresh (12 hours)
- 1800 ; retry (30 minutes)
- 1209600 ; expire (2 weeks)
- 7200 ; minimum (2 hours)
- )
- 7200 RRSIG SOA 5 2 7200 20080805212553 (
- 20080730212553 41300 example.net.
- eRpET793mGv1lKjHoaL/woHNxqFx8mFg1LlT
- x3ISMuUH7BJCHI4urjNMIJCOKwTeDsstlmvt
- llflqikDp8uLmQ== )
- 7200 NS ns1.example.net.
- 7200 NS ns2.example.net.
- 7200 RRSIG NS 5 2 7200 20080805212553 (
- 20080730212553 41300 example.net.
- t7lt/MCYy2plJXQXeZFapUjzkhtYi0NIa4/i
- sJInZYv78nT2981zrlYCX5UKswGy6VAchtgu
- WDdVL5V3nirNiA== )
- 7200 NSEC a.example.net. NS SOA RRSIG NSEC DNSKEY
- 7200 RRSIG NSEC 5 2 7200 20080805212553 (
- 20080730212553 41300 example.net.
- TNq3FKjB7brjHQDD1vReNNddof1UmsAOdioU
- vL1alQJa1zXVpL9Yl2NUbtuV3kKVpxxLAZM4
- 8fjJ1uPzW3KVJQ== )
- 3600 DNSKEY 256 3 5 (
- BQEAAAABz+XkYpKYKuMPi7jA8Y/qfzDuGKdG
- VadO1kBAK6UnrK+WbxP3LjoOtWm13QuS8fHs
- uZipXs2ouT2S9dhdEArKfw==
- ) ; key id = 41300
- 3600 DNSKEY 257 3 5 (
- BQEAAAABDAnSCbSyScZdP2M6OQTbTGvZRD5a
- vmDYgAwXv0EsnNautYn7kzDGwY3oVTXWDTdI
- I+syK0pt0unjUn2ActoXtyFzIk61VRKDroAN
- M9/WO0PO/y50vNIGMJUL1TiMR6jCp23eSxQ3
- 9/1A+BeiU+fMjoJK0/Yc7hbMHWwD8myU0IEX
- 8R2iVUTXNPNbmUV2M836Eu5SRLIVTc7P4vjK
- T1YYVnoQqw==
- ) ; key id = 41151
- 3600 DNSKEY 257 3 5 (
- BQEAAAABDUi2uSUlDjESbnrnY5wd8+pXxhYV
- Y4wCi2UVjhcehvIb2bF8VJH2Q9/0ubQR1vQ2
- VJhsGUj3A7bdTfbMETPxKkZaDpc9lCYrm0z5
- HDrslyx4bSb4JX/iCyhgYZXrTVb9WyLXjUtm
- DUktDjZgsyVshFHVJShBUSj+YpnfQkndGViD
- AbJRycXDYEF1hCNmTK3KsR1JS9dXMKI3WidH
- +B9rLlBU8w==
- ) ; key id = 1764
- 3600 RRSIG DNSKEY 5 2 3600 20080805212553 (
- 20080730212553 41151 example.net.
- AoLzL97D0rw8R5leKTNH7XuKyLPUdmX2nmfb
- Q9RV9mV1mcM7cV37C8nNp1xNqY91frjCiUtd
- PjFa95U2B1ZVU6j2CgWzPLRidRTU/aKJy2MZ
- dwkAx4P6MGXemCwi5xGY1JLP3WTtdW1ERBjE
- tgOT8mOOA8pDk+1S2zUAGbT4WGLx09hf16n+
- b9YR+mNVyEyJ8qJGvWm6U8niyhHOZWFj6QkL
- Tw== )
- 3600 RRSIG DNSKEY 5 2 3600 20080805212553 (
- 20080730212553 41300 example.net.
- up151hyvd84qGvWxziVwgzuLHvZ9os27gqSU
- hMeplk+Q2coXShZ219zSQKfZHRYRQF0Hujwi
- FSHnJW5dlBhMow== )
-a.example.net. 7200 IN A 1.2.3.1
- 7200 RRSIG A 5 3 7200 20080805212553 (
- 20080730212553 41300 example.net.
- EOJulnvULgDyx+WXIPkkoAcBot3lKKIHplAM
- aa2K3QIXak75/IxCh+K/yUpqgsbeU0wHJakd
- vo0cFjkPvCCrHA== )
- 7200 NSEC b.example.net. A RRSIG NSEC
- 7200 RRSIG NSEC 5 3 7200 20080805212553 (
- 20080730212553 41300 example.net.
- Vb+ZkjqQ+TzXmhsVEE1490F6O3Mww5z0GiO/
- 1CtMb+qfUNS0RavmHVnm5rBYs3WyQmG04vQr
- 2MS4wJguPpznEg== )
-b.example.net. 7200 IN MX 10 a.example.net.
- 7200 RRSIG MX 5 3 7200 20080805212553 (
- 20080730212553 41300 example.net.
- RG6GDR1HAKQeG6TaWbIlp97FYZSp8Xf7ySxi
- Q+OJaPw209RmlNFySWt/HQ6XiwPQ3OJUU9KJ
- V1VbEaZnFVXu2Q== )
- 7200 NSEC d.example.net. MX RRSIG NSEC
- 7200 RRSIG NSEC 5 3 7200 20080805212553 (
- 20080730212553 41300 example.net.
- MxxrqKlQWoN1PgC6g/VkzTQYRFZpeJfjtm9L
- jbnNPVNUJoRFA2knURkrTB4nmQc6k9bms9Na
- G1yt/jdFB699yg== )
-d.example.net. 7200 IN A 1.2.3.3
- 7200 RRSIG A 5 3 7200 20080805212553 (
- 20080730212553 41300 example.net.
- LHAxOSR8B+5D4nPxGn3zr4w8E+sSffCRbiqS
- 8Giafiugn+FKRRO+QrCBytSF/YBmwfuz7uQF
- Xqk7op11oye7fA== )
- 7200 AAAA 2001:db8::3
- 7200 RRSIG AAAA 5 3 7200 20080805212553 (
- 20080730212553 41300 example.net.
- VkBfSCLQGwOsCdzJTCgNenXpIHQ1OfOHhqib
- 2UHf/kPtCRxONFQUcKfTC10XSbnOJ7oWcyVC
- sJOAIxxNQOefZg== )
- 7200 NSEC localhost.example.net. A AAAA RRSIG NSEC
- 7200 RRSIG NSEC 5 3 7200 20080805212553 (
- 20080730212553 41300 example.net.
- e9HXw+0oV/wa8dobs1lstE68JgCzdlmnGUAh
- /0878kn5nyoLBaFEW3u6LU1E1YY277Ox2jZD
- X51lgVvrlOsMaw== )
-localhost.example.net. 7200 IN A 127.0.0.1
- 7200 RRSIG A 5 3 7200 20080805212553 (
- 20080730212553 41300 example.net.
- cx0NJFy0/RjCjhlU1X3S0na2q9hMyHmvFLhv
- zLk+LqSaK1rHW4GNCCsGlNxQIb9uJjQJuUq1
- U9ZdHxUEqeRRtQ== )
- 7200 NSEC ns1.example.net. A RRSIG NSEC
- 7200 RRSIG NSEC 5 3 7200 20080805212553 (
- 20080730212553 41300 example.net.
- nDPwYL/05NLxkY4iuyzH8ASiBq8FcY0uNQAg
- F+bjdtm1xt1uyqTROl5JQ1P3SUb/EuoxCMII
- hS9tIVb0spHDuQ== )
-ns1.example.net. 7200 IN A 1.0.0.5
- 7200 RRSIG A 5 3 7200 20080805212553 (
- 20080730212553 41300 example.net.
- swMfIxbBfSCr4ACCa3dJ8d0gtoHD7Z0L0sTp
- TFEZ9miQFFN9zxKHGRpk6fBjkiMI3bSAMbtM
- bBUOTYWJIMT50g== )
- 7200 AAAA 2001:db8::53
- 7200 RRSIG AAAA 5 3 7200 20080805212553 (
- 20080730212553 41300 example.net.
- w+weJuOzg5fQ15RGdNQ/7Gf4DxkcKq4Drx0l
- CZ16TKV3/fR8ROCzIP9HulPsNJtEFK+J+CbM
- 5P5ZMXieZrh+xQ== )
- 7200 NSEC ns2.example.net. A AAAA RRSIG NSEC
- 7200 RRSIG NSEC 5 3 7200 20080805212553 (
- 20080730212553 41300 example.net.
- xe9q0umSSgBNQ5H0yLSQ9tONsw2hORQpxMGT
- rrfxEcPm86SLMM40dithZQeajNucRlmuadKX
- HREpYT/DVVBT0A== )
-ns2.example.net. 7200 IN A 1.2.0.6
- 7200 RRSIG A 5 3 7200 20080805212553 (
- 20080730212553 41300 example.net.
- gOU5QjhdfwBBNHi5uQOs53GoxU7eiSt9I/yk
- 06EzlFU2gJ+1cmhYKqrSZM7XC7/c5I61AZDS
- 2LaOiuqMIPm8Hw== )
- 7200 NSEC sub.example.net. A RRSIG NSEC
- 7200 RRSIG NSEC 5 3 7200 20080805212553 (
- 20080730212553 41300 example.net.
- dT90BIfl/AJ6gVSbrU0TiOacE5ZffS4N4B5+
- HQzwNup6HfL7ZwBEO/vhKJjSgwd+Oetfc76+
- /l+dJFZ8FtdZTA== )
-sub.example.net. 7200 IN NS ns1.example.net.
- 7200 DS 54876 5 1 (
- CAB6127E303A8A8D7D5A29AE05DB60F4C506
- 0B10 )
- 7200 DS 54876 5 2 (
- 7C8CAF1844479F3600213173BB5D1E2A4414
- 3D63B6E0B3E10D8C5310ADF84D30 )
- 7200 RRSIG DS 5 3 7200 20080805212553 (
- 20080730212553 41300 example.net.
- DjNb5DNaKyPMWJgfiLxXbw/BhuxxKd58tHv+
- TQqrp6STx8jZRWNsigEh4QTyx8lyYcAPaYEt
- X6JnkVWr89s82A== )
- 7200 NSEC example.net. NS DS RRSIG NSEC
- 7200 RRSIG NSEC 5 3 7200 20080805212553 (
- 20080730212553 41300 example.net.
- kDm+cYjtem6aZSTTsLdSQZnJJVfASXdIsrom
- fViO1QIHNSZodbtWT9cqMvhMhmQ1rO5GVRGg
- KaG0bEo8TpOAUw== )
diff --git a/contrib/zkt/examples/flat/example.net./Kexample.net.+005+01764.key b/contrib/zkt/examples/flat/example.net/Kexample.net.+005+01764.key
index bd273d37..bd273d37 100644
--- a/contrib/zkt/examples/flat/example.net./Kexample.net.+005+01764.key
+++ b/contrib/zkt/examples/flat/example.net/Kexample.net.+005+01764.key
diff --git a/contrib/zkt/examples/flat/example.net./Kexample.net.+005+01764.published b/contrib/zkt/examples/flat/example.net/Kexample.net.+005+01764.private
index 42b8b806..42b8b806 100644
--- a/contrib/zkt/examples/flat/example.net./Kexample.net.+005+01764.published
+++ b/contrib/zkt/examples/flat/example.net/Kexample.net.+005+01764.private
diff --git a/contrib/zkt/examples/flat/example.net/Kexample.net.+005+04157.key b/contrib/zkt/examples/flat/example.net/Kexample.net.+005+04157.key
new file mode 100644
index 00000000..5dc79b5d
--- /dev/null
+++ b/contrib/zkt/examples/flat/example.net/Kexample.net.+005+04157.key
@@ -0,0 +1,3 @@
+;% generationtime=20081116175850
+;% lifetime=90d
+example.net. IN DNSKEY 256 3 5 BQEAAAAByh7oI/YjOdxlfjCWa2Qowuujjst1y5L0ayZ23+17ira2IBRS ouCHAmIYYR+JqGMjc0IQF7PAryhN2olWcINK/w==
diff --git a/contrib/zkt/examples/flat/example.net/Kexample.net.+005+04157.private b/contrib/zkt/examples/flat/example.net/Kexample.net.+005+04157.private
new file mode 100644
index 00000000..e9a79372
--- /dev/null
+++ b/contrib/zkt/examples/flat/example.net/Kexample.net.+005+04157.private
@@ -0,0 +1,10 @@
+Private-key-format: v1.2
+Algorithm: 5 (RSASHA1)
+Modulus: yh7oI/YjOdxlfjCWa2Qowuujjst1y5L0ayZ23+17ira2IBRSouCHAmIYYR+JqGMjc0IQF7PAryhN2olWcINK/w==
+PublicExponent: AQAAAAE=
+PrivateExponent: XHrB+Ib/yjBFNUQoB66abHOazbj5hDkaprg0ygOwDdrxLSpwrYHQAn5H6JPlGhcTZHN5X1nF4M7GlGlbRah0oQ==
+Prime1: 7T9UFlW1S4Dnditz/D0PmPdJ+fiozB+wz8xxRuOT4zE=
+Prime2: 2hjLgVBakXblbcuQ08UYHkP00pMp+45mK+L5M35OpS8=
+Exponent1: CPzNNspgw6XVf63vdcnEP55k7wMVttStCJw8+r3T5FE=
+Exponent2: t8JDeQOEiO2L0dbIkuANjXOBiCauM6fnRHanvKcwmrs=
+Coefficient: ObUC9ojBjcCKuGvPqXfWD20iXRpkzVsHjrJqcLXRqw4=
diff --git a/contrib/zkt/examples/flat/example.net/Kexample.net.+005+07308.key b/contrib/zkt/examples/flat/example.net/Kexample.net.+005+07308.key
new file mode 100644
index 00000000..5307c8a5
--- /dev/null
+++ b/contrib/zkt/examples/flat/example.net/Kexample.net.+005+07308.key
@@ -0,0 +1,3 @@
+;% generationtime=20081116175850
+;% lifetime=365d
+example.net. IN DNSKEY 257 3 5 BQEAAAABDG+2bUQuvTgeYA99bx5wXDsiaQnhJc5oFj+sQLmCvj6hGFfQ oUkI67jTMkIzQlflQ3UHBfAnQMeFAhhQLrG+/cMXldZN3360Q+YlSbGJ w2vVXcBr463AUAlENzSDS35D1x8zOgZOg34rL+1uFn0HBSI0xusYRAlU t9A3vJsLWcRyA1e/wVthbnx1DGbuy+fM5g1inAAbgmGwyaX5JT9+p0yB /Q==
diff --git a/contrib/zkt/examples/flat/example.net/Kexample.net.+005+07308.published b/contrib/zkt/examples/flat/example.net/Kexample.net.+005+07308.published
new file mode 100644
index 00000000..91dcde1e
--- /dev/null
+++ b/contrib/zkt/examples/flat/example.net/Kexample.net.+005+07308.published
@@ -0,0 +1,10 @@
+Private-key-format: v1.2
+Algorithm: 5 (RSASHA1)
+Modulus: DG+2bUQuvTgeYA99bx5wXDsiaQnhJc5oFj+sQLmCvj6hGFfQoUkI67jTMkIzQlflQ3UHBfAnQMeFAhhQLrG+/cMXldZN3360Q+YlSbGJw2vVXcBr463AUAlENzSDS35D1x8zOgZOg34rL+1uFn0HBSI0xusYRAlUt9A3vJsLWcRyA1e/wVthbnx1DGbuy+fM5g1inAAbgmGwyaX5JT9+p0yB/Q==
+PublicExponent: AQAAAAE=
+PrivateExponent: CfS81MH9GT1CGQtK94PvSgggeQnSullWOmqQsKGndfJVpv4AJj/XCaEhgboIVshezJmUdHf3RWSOkSYfHAID89fTFAYvL4ZVSmkha1EivkY+tOeohM9zBzs5CfE9fmAlMCmxEQsYggZtjuddncKCNC4IYSkV6ez21S//3vnGvUtic+2ywaXF03MwhjKkOed6g8ukZJnj7B9Z5wu3rdiyOe85IQ==
+Prime1: A7Wh1oSpETxNT/ptPVHSGIemIyNvALXSI5UcoWAADQbith5663r1GgXHk2YGbyg1HgyrCZFoME3ZoIOUQ6yfN6tlixhpWmQdLW+pz3lULlTFBQ==
+Prime2: A1pCUhsSF9J8i5Smp2KEO3Dw5LngamhRksJzKC4yfGMvjwJ/RHJByyVcUEtRhgLvd2C2uW89Z4nz8HM/HQI+u9uwIFM20SIFEzZceR62ghNamQ==
+Exponent1: Azf7LwilgmHe2xJwMfQIJP5OnNsaZ1zm7Gk2i4lyA8+3hHNWetR1QRKl5E3AnzIzwOM5VEm2nO2XZeyHKPVOol6DM390oFXvp0c2G+ROabyQnQ==
+Exponent2: ATQ6mNC7MpC5NlGdQ+XmlTkiNuCRuFf/jZeSiJkZWvTjwZXQUhRCFMiM7fYwx/b/cqnqZ7I/9VwzslorFu0T37GQaeugFNkrsDdRRvDOA7+qoQ==
+Coefficient: AkhsG+b3Bel4MQ9fF/CnsPxv0cdoTphpLZPUGPlG451hqWFzMANEcTsiDya2UHoa5FAK825+47hVdihTdZkJwMNMsoI2Xnr07AEurDapOvChrg==
diff --git a/contrib/zkt/examples/flat/example.net/dnskey.db b/contrib/zkt/examples/flat/example.net/dnskey.db
new file mode 100644
index 00000000..d1828cc6
--- /dev/null
+++ b/contrib/zkt/examples/flat/example.net/dnskey.db
@@ -0,0 +1,33 @@
+;
+; !!! Don't edit this file by hand.
+; !!! It will be generated by dnssec-signer.
+;
+; Last generation time Dec 28 2008 23:08:02
+;
+
+; *** List of Key Signing Keys ***
+; example.net. tag=1764 algo=RSASHA1 generated Nov 16 2008 18:58:50
+example.net. 3600 IN DNSKEY 257 3 5 (
+ BQEAAAABDUi2uSUlDjESbnrnY5wd8+pXxhYVY4wCi2UVjhcehvIb2bF8
+ VJH2Q9/0ubQR1vQ2VJhsGUj3A7bdTfbMETPxKkZaDpc9lCYrm0z5HDrs
+ lyx4bSb4JX/iCyhgYZXrTVb9WyLXjUtmDUktDjZgsyVshFHVJShBUSj+
+ YpnfQkndGViDAbJRycXDYEF1hCNmTK3KsR1JS9dXMKI3WidH+B9rLlBU
+ 8w==
+ ) ; key id = 1764
+
+; example.net. tag=7308 algo=RSASHA1 generated Nov 16 2008 18:58:50
+example.net. 3600 IN DNSKEY 257 3 5 (
+ BQEAAAABDG+2bUQuvTgeYA99bx5wXDsiaQnhJc5oFj+sQLmCvj6hGFfQ
+ oUkI67jTMkIzQlflQ3UHBfAnQMeFAhhQLrG+/cMXldZN3360Q+YlSbGJ
+ w2vVXcBr463AUAlENzSDS35D1x8zOgZOg34rL+1uFn0HBSI0xusYRAlU
+ t9A3vJsLWcRyA1e/wVthbnx1DGbuy+fM5g1inAAbgmGwyaX5JT9+p0yB
+ /Q==
+ ) ; key id = 7308
+
+; *** List of Zone Signing Keys ***
+; example.net. tag=4157 algo=RSASHA1 generated Dec 09 2008 14:08:16
+example.net. 3600 IN DNSKEY 256 3 5 (
+ BQEAAAAByh7oI/YjOdxlfjCWa2Qowuujjst1y5L0ayZ23+17ira2IBRS
+ ouCHAmIYYR+JqGMjc0IQF7PAryhN2olWcINK/w==
+ ) ; key id = 4157
+
diff --git a/contrib/zkt/examples/flat/example.net/dsset-example.net. b/contrib/zkt/examples/flat/example.net/dsset-example.net.
new file mode 100644
index 00000000..f07c9b9c
--- /dev/null
+++ b/contrib/zkt/examples/flat/example.net/dsset-example.net.
@@ -0,0 +1,4 @@
+example.net. IN DS 1764 5 1 A6F060DDE8DE45CA7FD1C21E2F39C477F214795F
+example.net. IN DS 1764 5 2 B7109245C60ACEDD1630E145477FDF574D5BD9CABE530AAC6D7192DB 7FBFAA3F
+example.net. IN DS 7308 5 1 16CD09D37EC1FEC2952BE41A5C5E2485C1B0C445
+example.net. IN DS 7308 5 2 FD31B2F54526FAA8131A3311452729467FA7AD5D7D14CA6584B4C41B 0B384D8E
diff --git a/contrib/zkt/examples/flat/example.net./kexample.net.+005+14829.key b/contrib/zkt/examples/flat/example.net/kexample.net.+005+14829.key
index fdf427b8..fdf427b8 100644
--- a/contrib/zkt/examples/flat/example.net./kexample.net.+005+14829.key
+++ b/contrib/zkt/examples/flat/example.net/kexample.net.+005+14829.key
diff --git a/contrib/zkt/examples/flat/example.net./kexample.net.+005+14829.private b/contrib/zkt/examples/flat/example.net/kexample.net.+005+14829.private
index 10185613..10185613 100644
--- a/contrib/zkt/examples/flat/example.net./kexample.net.+005+14829.private
+++ b/contrib/zkt/examples/flat/example.net/kexample.net.+005+14829.private
diff --git a/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41151.key b/contrib/zkt/examples/flat/example.net/kexample.net.+005+41151.key
index d72baa94..368d3537 100644
--- a/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41151.key
+++ b/contrib/zkt/examples/flat/example.net/kexample.net.+005+41151.key
@@ -1,3 +1,4 @@
;% generationtime=20080420205422
;% lifetime=60d
-example.net. IN DNSKEY 257 3 5 BQEAAAABDAnSCbSyScZdP2M6OQTbTGvZRD5avmDYgAwXv0EsnNautYn7 kzDGwY3oVTXWDTdII+syK0pt0unjUn2ActoXtyFzIk61VRKDroANM9/W O0PO/y50vNIGMJUL1TiMR6jCp23eSxQ39/1A+BeiU+fMjoJK0/Yc7hbM HWwD8myU0IEX8R2iVUTXNPNbmUV2M836Eu5SRLIVTc7P4vjKT1YYVnoQ qw==
+;% expirationtime=20081116175850
+example.net. IN DNSKEY 385 3 5 BQEAAAABDAnSCbSyScZdP2M6OQTbTGvZRD5avmDYgAwXv0EsnNautYn7 kzDGwY3oVTXWDTdII+syK0pt0unjUn2ActoXtyFzIk61VRKDroANM9/W O0PO/y50vNIGMJUL1TiMR6jCp23eSxQ39/1A+BeiU+fMjoJK0/Yc7hbM HWwD8myU0IEX8R2iVUTXNPNbmUV2M836Eu5SRLIVTc7P4vjKT1YYVnoQ qw==
diff --git a/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41151.private b/contrib/zkt/examples/flat/example.net/kexample.net.+005+41151.private
index 554cd127..554cd127 100644
--- a/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41151.private
+++ b/contrib/zkt/examples/flat/example.net/kexample.net.+005+41151.private
diff --git a/contrib/zkt/examples/flat/example.net./keyset-example.net. b/contrib/zkt/examples/flat/example.net/keyset-example.net.
index c8325785..47311feb 100644
--- a/contrib/zkt/examples/flat/example.net./keyset-example.net.
+++ b/contrib/zkt/examples/flat/example.net/keyset-example.net.
@@ -1,13 +1,13 @@
$ORIGIN .
example.net 7200 IN DNSKEY 257 3 5 (
- BQEAAAABDAnSCbSyScZdP2M6OQTbTGvZRD5a
- vmDYgAwXv0EsnNautYn7kzDGwY3oVTXWDTdI
- I+syK0pt0unjUn2ActoXtyFzIk61VRKDroAN
- M9/WO0PO/y50vNIGMJUL1TiMR6jCp23eSxQ3
- 9/1A+BeiU+fMjoJK0/Yc7hbMHWwD8myU0IEX
- 8R2iVUTXNPNbmUV2M836Eu5SRLIVTc7P4vjK
- T1YYVnoQqw==
- ) ; key id = 41151
+ BQEAAAABDG+2bUQuvTgeYA99bx5wXDsiaQnh
+ Jc5oFj+sQLmCvj6hGFfQoUkI67jTMkIzQlfl
+ Q3UHBfAnQMeFAhhQLrG+/cMXldZN3360Q+Yl
+ SbGJw2vVXcBr463AUAlENzSDS35D1x8zOgZO
+ g34rL+1uFn0HBSI0xusYRAlUt9A3vJsLWcRy
+ A1e/wVthbnx1DGbuy+fM5g1inAAbgmGwyaX5
+ JT9+p0yB/Q==
+ ) ; key id = 7308
7200 IN DNSKEY 257 3 5 (
BQEAAAABDUi2uSUlDjESbnrnY5wd8+pXxhYV
Y4wCi2UVjhcehvIb2bF8VJH2Q9/0ubQR1vQ2
diff --git a/contrib/zkt/examples/flat/example.net./zone.db b/contrib/zkt/examples/flat/example.net/zone.db
index 42ad0671..98fdfd67 100644
--- a/contrib/zkt/examples/flat/example.net./zone.db
+++ b/contrib/zkt/examples/flat/example.net/zone.db
@@ -6,12 +6,12 @@
$TTL 7200
-; Be sure that the serial number below is left
+; Ensure that the serial number below is left
; justified in a field of at least 10 chars!!
; 0123456789;
-; It's also possible to use the date form e.g. 2005040101
+; It's also possible to use the date format e.g. 2005040101
@ IN SOA ns1.example.net. hostmaster.example.net. (
- 306 ; Serial
+ 333 ; Serial
43200 ; Refresh
1800 ; Retry
2W ; Expire
@@ -38,6 +38,6 @@ d IN A 1.2.3.3
; with option -g or use the dnssec-signer tool) ;-)
sub IN NS ns1.example.net.
-; this file will have all the zone keys
+; this file will contain all the zone keys
$INCLUDE dnskey.db
diff --git a/contrib/zkt/examples/flat/example.net/zone.db.signed b/contrib/zkt/examples/flat/example.net/zone.db.signed
new file mode 100644
index 00000000..8795d222
--- /dev/null
+++ b/contrib/zkt/examples/flat/example.net/zone.db.signed
@@ -0,0 +1,166 @@
+; File written on Sun Dec 28 23:08:02 2008
+; dnssec_signzone version 9.6.0
+example.net. 7200 IN SOA ns1.example.net. hostmaster.example.net. (
+ 333 ; serial
+ 43200 ; refresh (12 hours)
+ 1800 ; retry (30 minutes)
+ 1209600 ; expire (2 weeks)
+ 7200 ; minimum (2 hours)
+ )
+ 7200 RRSIG SOA 5 2 7200 20090103210802 (
+ 20081228210802 4157 example.net.
+ UqDcRU7Et3DQF9VF+1AmHFXLa9L2x6LYA1ZS
+ shG02/N9gH+2uNnxxBvuGDkSzTl5C52csvbw
+ LZnWW56sPCShiw== )
+ 7200 NS ns1.example.net.
+ 7200 NS ns2.example.net.
+ 7200 RRSIG NS 5 2 7200 20090103210802 (
+ 20081228210802 4157 example.net.
+ i4OCvNnG2BWy6gYbUnwv1xi6MRQjbDl6ts8o
+ 28CxUNmBX/r3RWlewQiyO8acGC2UJUdWz7So
+ gbHJqojIAjjpbA== )
+ 7200 NSEC a.example.net. NS SOA RRSIG NSEC DNSKEY
+ 7200 RRSIG NSEC 5 2 7200 20090103210802 (
+ 20081228210802 4157 example.net.
+ g963zm5F91sPNl955WRBExCcKJehXmTjyw0K
+ ISKE7Dq77Z8zKkTpgf1QWhVe3UOLRRbXwRnC
+ aQh+jaXNE3vIag== )
+ 3600 DNSKEY 256 3 5 (
+ BQEAAAAByh7oI/YjOdxlfjCWa2Qowuujjst1
+ y5L0ayZ23+17ira2IBRSouCHAmIYYR+JqGMj
+ c0IQF7PAryhN2olWcINK/w==
+ ) ; key id = 4157
+ 3600 DNSKEY 257 3 5 (
+ BQEAAAABDG+2bUQuvTgeYA99bx5wXDsiaQnh
+ Jc5oFj+sQLmCvj6hGFfQoUkI67jTMkIzQlfl
+ Q3UHBfAnQMeFAhhQLrG+/cMXldZN3360Q+Yl
+ SbGJw2vVXcBr463AUAlENzSDS35D1x8zOgZO
+ g34rL+1uFn0HBSI0xusYRAlUt9A3vJsLWcRy
+ A1e/wVthbnx1DGbuy+fM5g1inAAbgmGwyaX5
+ JT9+p0yB/Q==
+ ) ; key id = 7308
+ 3600 DNSKEY 257 3 5 (
+ BQEAAAABDUi2uSUlDjESbnrnY5wd8+pXxhYV
+ Y4wCi2UVjhcehvIb2bF8VJH2Q9/0ubQR1vQ2
+ VJhsGUj3A7bdTfbMETPxKkZaDpc9lCYrm0z5
+ HDrslyx4bSb4JX/iCyhgYZXrTVb9WyLXjUtm
+ DUktDjZgsyVshFHVJShBUSj+YpnfQkndGViD
+ AbJRycXDYEF1hCNmTK3KsR1JS9dXMKI3WidH
+ +B9rLlBU8w==
+ ) ; key id = 1764
+ 3600 RRSIG DNSKEY 5 2 3600 20090103210802 (
+ 20081228210802 1764 example.net.
+ DMU1/sQwNC9bxNCo+SGM1JpHAkWGCRoSEswb
+ 2EV/YDWwF19IM2J/sz+9JB6h7esETapCg4qY
+ 5SCBrgbMEvQNRL0t16K7ciAHYNKLTbMG0uaP
+ yEOVQ0/ZofoDEsYJYScyO3hC58F2Vl/YSBFo
+ hfkYvtrjrrDQqU9Uh8U1rcROIXNJF/FyDSuj
+ Ca2fzHlCvnJRfF/Djg7DOjXIlWBThc4kI12v
+ xw== )
+ 3600 RRSIG DNSKEY 5 2 3600 20090103210802 (
+ 20081228210802 4157 example.net.
+ gH+J4h1fRmX5QS/wocZKerd9RqgrFR/0m1HE
+ O+GYS4Q4X19TnGQW4Bq6w/QRI/5OiJH3YR2R
+ 9MW3EmYMKX9Tuw== )
+a.example.net. 7200 IN A 1.2.3.1
+ 7200 RRSIG A 5 3 7200 20090103210802 (
+ 20081228210802 4157 example.net.
+ nh9TDSy8L61ccYJiLAL632N4FIvUpDCvsdcf
+ 0HhGA8b++YADE5gX346coX1L0Oy+DB9eHIAZ
+ PCfli582EhPwKA== )
+ 7200 NSEC b.example.net. A RRSIG NSEC
+ 7200 RRSIG NSEC 5 3 7200 20090103210802 (
+ 20081228210802 4157 example.net.
+ LCe66yRV1gez4AbSq7/SaPznvzuUPRnf+vh2
+ Fuv3IlCszc0Bdo/fAyUQcc9LRo8hrvfYFDjI
+ TFe3Mm0U0A5Lew== )
+b.example.net. 7200 IN MX 10 a.example.net.
+ 7200 RRSIG MX 5 3 7200 20090103210802 (
+ 20081228210802 4157 example.net.
+ oQuNvNDrqblLnEl5arNz+3YlBC9j33tp7OzF
+ MptYqb32rDNB/YivuxeiBWNt7ykFmdXh1P94
+ DZ8Qq2J8lIW1DA== )
+ 7200 NSEC d.example.net. MX RRSIG NSEC
+ 7200 RRSIG NSEC 5 3 7200 20090103210802 (
+ 20081228210802 4157 example.net.
+ GF6J2HjZ4xrkdT2a6Zjukl5sUSwejQkzzx2+
+ pLRQ/RXtfkcMrO5xpsOZ8AqeZjySUMEGjS2U
+ RUlbzM0y/70x4g== )
+d.example.net. 7200 IN A 1.2.3.3
+ 7200 RRSIG A 5 3 7200 20090103210802 (
+ 20081228210802 4157 example.net.
+ T9LBUwsAKM+3yh1wizaGqWvqfLOqfuTzZhpm
+ tmpDPZXzSjJ8pj4KO3f8eA7ygo52bY8hNzTh
+ 2hwGBAQlb1ACpA== )
+ 7200 AAAA 2001:db8::3
+ 7200 RRSIG AAAA 5 3 7200 20090103210802 (
+ 20081228210802 4157 example.net.
+ gpBuR+r14AbjVJLx48k8plwo52RG6taN03XU
+ 8uUgfOSpJSprjpvhEzKt1h87aGtmZScoS/WH
+ 3D3f2Xz4e+r6QA== )
+ 7200 NSEC localhost.example.net. A AAAA RRSIG NSEC
+ 7200 RRSIG NSEC 5 3 7200 20090103210802 (
+ 20081228210802 4157 example.net.
+ fSM90YN/6UVuUPbVTuhSj2Zzxdn+3TkVIXq6
+ CjpGxAxDGa5Uh3x6ExZUg3n7N7TWcuyN2fZV
+ va8VlkEJeAHd/g== )
+localhost.example.net. 7200 IN A 127.0.0.1
+ 7200 RRSIG A 5 3 7200 20090103210802 (
+ 20081228210802 4157 example.net.
+ I0tSvJaBTdG0RTfOTkzDyW2iSKdX555aN5Ux
+ a4l5gJhiY4tpN1NNofQK8xbdZvJi+F0JBsb4
+ qctstfW97RAnZw== )
+ 7200 NSEC ns1.example.net. A RRSIG NSEC
+ 7200 RRSIG NSEC 5 3 7200 20090103210802 (
+ 20081228210802 4157 example.net.
+ pORPHi5yJId4IynH/UcNM1kL9kyJqO65+iku
+ G5z9A2CS+aJy39Am6Nbr11GN6SAVcOmSjjeA
+ SOAdxGlWWpwAvA== )
+ns1.example.net. 7200 IN A 1.0.0.5
+ 7200 RRSIG A 5 3 7200 20090103210802 (
+ 20081228210802 4157 example.net.
+ mPktHGQ4Cvn6JwysjndL8/dZhtht6bGq1OZI
+ qR4SSqIc14Yfbbee819fwuw/JGaaTFyItDU2
+ AIU8Ix2FrNLcQA== )
+ 7200 AAAA 2001:db8::53
+ 7200 RRSIG AAAA 5 3 7200 20090103210802 (
+ 20081228210802 4157 example.net.
+ I+i9d3dewJTTmK1J5gbMlsjodEDjV57fHDbv
+ 3haEPH6WHn/9W3P9eTDRIVEIvSVCEObAJyem
+ ItOMKZOxlRTF5Q== )
+ 7200 NSEC ns2.example.net. A AAAA RRSIG NSEC
+ 7200 RRSIG NSEC 5 3 7200 20090103210802 (
+ 20081228210802 4157 example.net.
+ KF6bVYTEEuOgaYTrD1BhY6dyYtp1k7uPQAbe
+ +8aDk4OJwtL681t91XIT/TRXvKwiSVH4M7Un
+ ZOFI4o33/oIJag== )
+ns2.example.net. 7200 IN A 1.2.0.6
+ 7200 RRSIG A 5 3 7200 20090103210802 (
+ 20081228210802 4157 example.net.
+ pLL55Ja/b/pGnWdYP2tAOtx84xyKiEdD/oPC
+ 7prF8HCXLJgbFdnJ3JkZ1umAPbsRrEkFIFII
+ wGwfrjMkM9c8zw== )
+ 7200 NSEC sub.example.net. A RRSIG NSEC
+ 7200 RRSIG NSEC 5 3 7200 20090103210802 (
+ 20081228210802 4157 example.net.
+ b5AfO/ekdK8rQBAiyGcjCSFHOLCYfdVJP7DD
+ FsNKBjkJj+jLz3P1lJClTrgc4gv7EmRlZncd
+ YOzblBcjylZqAw== )
+sub.example.net. 7200 IN NS ns1.example.net.
+ 7200 DS 18846 7 1 (
+ 71103B8D50793E190E48D99E95B48D9F20C4
+ 04C6 )
+ 7200 DS 18846 7 2 (
+ 42A13BAC66BEB451B6BF17A51FC2C141B765
+ D3E9B952C689BA4B572DC1AF2FCC )
+ 7200 RRSIG DS 5 3 7200 20090103210802 (
+ 20081228210802 4157 example.net.
+ HeLgZtRjTPXR8HDw0uHiavKTmJTJU2ryunVf
+ JR8vASP8QT2D4hD0BvCUzQdIB23+oB9eY2dx
+ f9WtEwKY89dcTQ== )
+ 7200 NSEC example.net. NS DS RRSIG NSEC
+ 7200 RRSIG NSEC 5 3 7200 20090103210802 (
+ 20081228210802 4157 example.net.
+ XViJS+mWV3mddMCV25zV9i3ZpRlBsQIr/Guq
+ wJYzIiBP3F5cY+GbzOyjLdRnuy9pIeCUmEIN
+ 0XsanfbJHcTm8w== )
diff --git a/contrib/zkt/examples/flat/keysets/dlvset-sub.example.net. b/contrib/zkt/examples/flat/keysets/dlvset-sub.example.net.
index 8e00719d..8537da02 100644
--- a/contrib/zkt/examples/flat/keysets/dlvset-sub.example.net.
+++ b/contrib/zkt/examples/flat/keysets/dlvset-sub.example.net.
@@ -1,2 +1,2 @@
-sub.example.net.dlv.trusted-keys.de. IN DLV 54876 5 1 CAB6127E303A8A8D7D5A29AE05DB60F4C5060B10
-sub.example.net.dlv.trusted-keys.de. IN DLV 54876 5 2 7C8CAF1844479F3600213173BB5D1E2A44143D63B6E0B3E10D8C5310 ADF84D30
+sub.example.net.dlv.trusted-keys.de. IN DLV 18846 7 1 71103B8D50793E190E48D99E95B48D9F20C404C6
+sub.example.net.dlv.trusted-keys.de. IN DLV 18846 7 2 42A13BAC66BEB451B6BF17A51FC2C141B765D3E9B952C689BA4B572D C1AF2FCC
diff --git a/contrib/zkt/examples/flat/keysets/dsset-example.net. b/contrib/zkt/examples/flat/keysets/dsset-example.net.
index d4a01ed9..f07c9b9c 100644
--- a/contrib/zkt/examples/flat/keysets/dsset-example.net.
+++ b/contrib/zkt/examples/flat/keysets/dsset-example.net.
@@ -1,4 +1,4 @@
example.net. IN DS 1764 5 1 A6F060DDE8DE45CA7FD1C21E2F39C477F214795F
example.net. IN DS 1764 5 2 B7109245C60ACEDD1630E145477FDF574D5BD9CABE530AAC6D7192DB 7FBFAA3F
-example.net. IN DS 41151 5 1 BBB692EA07571E412F9385A618C1CAD9BFC1469A
-example.net. IN DS 41151 5 2 4D22B44C3DC09BD9EEADFFB917EFCE8E45F22E89FF0C096CD14F4405 CA1CAE3F
+example.net. IN DS 7308 5 1 16CD09D37EC1FEC2952BE41A5C5E2485C1B0C445
+example.net. IN DS 7308 5 2 FD31B2F54526FAA8131A3311452729467FA7AD5D7D14CA6584B4C41B 0B384D8E
diff --git a/contrib/zkt/examples/flat/keysets/dsset-sub.example.net. b/contrib/zkt/examples/flat/keysets/dsset-sub.example.net.
index 9bed62a1..f35581d0 100644
--- a/contrib/zkt/examples/flat/keysets/dsset-sub.example.net.
+++ b/contrib/zkt/examples/flat/keysets/dsset-sub.example.net.
@@ -1,2 +1,2 @@
-sub.example.net. IN DS 54876 5 1 CAB6127E303A8A8D7D5A29AE05DB60F4C5060B10
-sub.example.net. IN DS 54876 5 2 7C8CAF1844479F3600213173BB5D1E2A44143D63B6E0B3E10D8C5310 ADF84D30
+sub.example.net. IN DS 18846 7 1 71103B8D50793E190E48D99E95B48D9F20C404C6
+sub.example.net. IN DS 18846 7 2 42A13BAC66BEB451B6BF17A51FC2C141B765D3E9B952C689BA4B572D C1AF2FCC
diff --git a/contrib/zkt/examples/flat/keysets/keyset-example.net. b/contrib/zkt/examples/flat/keysets/keyset-example.net.
index c8325785..47311feb 100644
--- a/contrib/zkt/examples/flat/keysets/keyset-example.net.
+++ b/contrib/zkt/examples/flat/keysets/keyset-example.net.
@@ -1,13 +1,13 @@
$ORIGIN .
example.net 7200 IN DNSKEY 257 3 5 (
- BQEAAAABDAnSCbSyScZdP2M6OQTbTGvZRD5a
- vmDYgAwXv0EsnNautYn7kzDGwY3oVTXWDTdI
- I+syK0pt0unjUn2ActoXtyFzIk61VRKDroAN
- M9/WO0PO/y50vNIGMJUL1TiMR6jCp23eSxQ3
- 9/1A+BeiU+fMjoJK0/Yc7hbMHWwD8myU0IEX
- 8R2iVUTXNPNbmUV2M836Eu5SRLIVTc7P4vjK
- T1YYVnoQqw==
- ) ; key id = 41151
+ BQEAAAABDG+2bUQuvTgeYA99bx5wXDsiaQnh
+ Jc5oFj+sQLmCvj6hGFfQoUkI67jTMkIzQlfl
+ Q3UHBfAnQMeFAhhQLrG+/cMXldZN3360Q+Yl
+ SbGJw2vVXcBr463AUAlENzSDS35D1x8zOgZO
+ g34rL+1uFn0HBSI0xusYRAlUt9A3vJsLWcRy
+ A1e/wVthbnx1DGbuy+fM5g1inAAbgmGwyaX5
+ JT9+p0yB/Q==
+ ) ; key id = 7308
7200 IN DNSKEY 257 3 5 (
BQEAAAABDUi2uSUlDjESbnrnY5wd8+pXxhYV
Y4wCi2UVjhcehvIb2bF8VJH2Q9/0ubQR1vQ2
diff --git a/contrib/zkt/examples/flat/keysets/keyset-sub.example.net. b/contrib/zkt/examples/flat/keysets/keyset-sub.example.net.
index 77aacd6d..5c58fad5 100644
--- a/contrib/zkt/examples/flat/keysets/keyset-sub.example.net.
+++ b/contrib/zkt/examples/flat/keysets/keyset-sub.example.net.
@@ -1,8 +1,8 @@
$ORIGIN .
-sub.example.net 7200 IN DNSKEY 257 3 5 (
- AQOjGNN0/hLA20+W2qo0sktVActYKf1Opnx+
- bmkWSrsmJHMBHlT8hL507pGTmDoyH0Ae9+3M
- ZSTBL1S+HhA12B0htiTp8IbtN/gZOBbwD36c
- BpPe72uDQoUy/TdSn1HLtoqUSMTB+saqCTZW
- CfIEqcbHRn0T6PhgqLyCvLzbZ/avYw==
- ) ; key id = 54876
+sub.example.net 7200 IN DNSKEY 257 3 7 (
+ AwEAAeOdfq7cwfhl3aL8BlURGngPA+3I2E3G
+ 3XPRE7Yaw/Nco7aXorHKJgRFMoM30q7jDBau
+ dLeXC//fOQAw2P5vCwyuHmIFo4flXn51sMeF
+ pWdP7E8fmi4k/YoCESu+vBvf+rZWDMVosj8V
+ VEIbKTcJE16Nsd1ls1FIGfiqfu8SrJ0f
+ ) ; key id = 18846
diff --git a/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+04254.key b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+04254.key
deleted file mode 100644
index a255a7bf..00000000
--- a/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+04254.key
+++ /dev/null
@@ -1,3 +0,0 @@
-;% generationtime=20080725213107
-;% lifetime=3d
-sub.example.net. IN DNSKEY 256 3 1 BQEAAAAB4Z/siqZTvCFKzaOrB8+HHTlR9is+/+/Sem6gxhZt/vpWkNMy aSpAT8LjR7nNHr9vNYsJ2KCQtY2dUFjT5BCeqQ==
diff --git a/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+04254.private b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+04254.private
deleted file mode 100644
index e636e051..00000000
--- a/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+04254.private
+++ /dev/null
@@ -1,10 +0,0 @@
-Private-key-format: v1.2
-Algorithm: 1 (RSA)
-Modulus: 4Z/siqZTvCFKzaOrB8+HHTlR9is+/+/Sem6gxhZt/vpWkNMyaSpAT8LjR7nNHr9vNYsJ2KCQtY2dUFjT5BCeqQ==
-PublicExponent: AQAAAAE=
-PrivateExponent: fcaPYDDCumWIaPKV7FY0JB/PofSCo8amWw5u+eXFxh149WE5PeXYOOS2+x41keA5Z1PhYme4Ma5rcCMRN7n+sQ==
-Prime1: /RbDZdmt2zlsChJiLR+Brweas6L1jnzUsJFm78HlSnM=
-Prime2: 5DhKYbovzYbkIFhp1b9lt22+ymAU8LOGvFXdfb1y33M=
-Exponent1: yw61YMxuJGzEAgxVmlAm6oEH0WaaJ5T1PvZGut1xCU0=
-Exponent2: wYNtwOUtI0UQWQF1ZCBiVsquBIkPvI5eR2GQypHaK08=
-Coefficient: NqkVvrZjnJ/jVWDEykJ2XYuslJOIJPi1+7+sTUyBhPU=
diff --git a/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+56744.key b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+56744.key
deleted file mode 100644
index 4e7c3e55..00000000
--- a/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+56744.key
+++ /dev/null
@@ -1,3 +0,0 @@
-;% generationtime=20080730222553
-;% lifetime=3d
-sub.example.net. IN DNSKEY 256 3 1 BQEAAAABxZS/DJA1BUdYVj5cOmMMnA5W/SHlkb4sEZkca3uIqV4gTzgv guftN+M1ZgwyPwarn7DQR1Eb92uW3ALxwN2o6w==
diff --git a/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+56744.published b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+56744.published
deleted file mode 100644
index 2a3ae651..00000000
--- a/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+56744.published
+++ /dev/null
@@ -1,10 +0,0 @@
-Private-key-format: v1.2
-Algorithm: 1 (RSA)
-Modulus: xZS/DJA1BUdYVj5cOmMMnA5W/SHlkb4sEZkca3uIqV4gTzgvguftN+M1ZgwyPwarn7DQR1Eb92uW3ALxwN2o6w==
-PublicExponent: AQAAAAE=
-PrivateExponent: aSglUr7DxsGNZMOhyoyN6W0xGps+JGfI3ErXbewlvflVSFSHrA19x0OafvR6eFzqmzKKGIyZBJkYT5NHqKIG6Q==
-Prime1: 4yqINEZm3xDdHGyv31umolirJtS4X2teORhzWDE/r6U=
-Prime2: 3qjiidKP41FSrOsXXgkj3XBi+OAH0cpVBZxCuP+ykU8=
-Exponent1: p8nyeR3ldgpw7A6tebr6okucM6324S5LPOWlC8ygxp0=
-Exponent2: a1qTrKaBO6pN7UI/mHimSYLoevjQBWeX8jB0tmG0NIc=
-Coefficient: NB2eeh6Z+a9qMf1w5UY2z9ME+ZyYtvRbYZSkedB4Q4Y=
diff --git a/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+005+54876.key b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+005+54876.key
deleted file mode 100644
index 21098f83..00000000
--- a/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+005+54876.key
+++ /dev/null
@@ -1 +0,0 @@
-sub.example.net. IN DNSKEY 257 3 5 AQOjGNN0/hLA20+W2qo0sktVActYKf1Opnx+bmkWSrsmJHMBHlT8hL50 7pGTmDoyH0Ae9+3MZSTBL1S+HhA12B0htiTp8IbtN/gZOBbwD36cBpPe 72uDQoUy/TdSn1HLtoqUSMTB+saqCTZWCfIEqcbHRn0T6PhgqLyCvLzb Z/avYw==
diff --git a/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+005+54876.private b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+005+54876.private
deleted file mode 100644
index ad5b3630..00000000
--- a/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+005+54876.private
+++ /dev/null
@@ -1,10 +0,0 @@
-Private-key-format: v1.2
-Algorithm: 5 (RSASHA1)
-Modulus: oxjTdP4SwNtPltqqNLJLVQHLWCn9TqZ8fm5pFkq7JiRzAR5U/IS+dO6Rk5g6Mh9AHvftzGUkwS9Uvh4QNdgdIbYk6fCG7Tf4GTgW8A9+nAaT3u9rg0KFMv03Up9Ry7aKlEjEwfrGqgk2VgnyBKnGx0Z9E+j4YKi8gry822f2r2M=
-PublicExponent: Aw==
-PrivateExponent: bLs3o1QMgJI1DzxxeHbc41aHkBv+NG79qZ7wuYcnbsL3VhQ4qFh++J8Lt7rRdr+AFKVJMu4YgMo4fr61eTq+FWije4t8PrILH6qzNdwCqOLsQYyKRUODTPsE+2BU6TZVBsBOBPlpJP9hTBj1DCoUTE6y8Evkkmf4C4Y6U7frF/s=
-Prime1: 1t2pJC/eQzdhrLR4qHlaaT6vPmBC+7eNPg8zjdZDA03TKMd/V4kw6XtB6QYQZRi/CXg7JjoLr3dpUgyMY0l8tw==
-Prime2: wlIHexyw6bAIC1WmnQFESPLNXjvYYYiyRqCmAPwq4b02/4g7LR/BoKkh+3xiBY+VxvhwUOd5XVEIIVjRcMyOtQ==
-Exponent1: jz5wwsqULM+WcyL7GvuRm38ffurXUnpeKV93s+QsrN6MxdpU5QYgm6eBRgQK7hB/W6V8xCaydPpGNrMIQjD9zw==
-Exponent2: gYwE/L3LRnVasjkZvgDYMKHePtKQQQXMLxXEAKgcln4kqlrSHhUrwHDBUlLsA7UOhKWgNe+mPjYFa5CLoIhfIw==
-Coefficient: DWng17udd0Q2STNt5gshQ6PjNQxEQmQMnCwltkosf8rJhl/rQuYULz0elnWhADcMBDYw7Y6Kb7xjpL4FdR0YnA==
diff --git a/contrib/zkt/examples/flat/sub.example.net./dlvset-sub.example.net. b/contrib/zkt/examples/flat/sub.example.net./dlvset-sub.example.net.
deleted file mode 100644
index 8e00719d..00000000
--- a/contrib/zkt/examples/flat/sub.example.net./dlvset-sub.example.net.
+++ /dev/null
@@ -1,2 +0,0 @@
-sub.example.net.dlv.trusted-keys.de. IN DLV 54876 5 1 CAB6127E303A8A8D7D5A29AE05DB60F4C5060B10
-sub.example.net.dlv.trusted-keys.de. IN DLV 54876 5 2 7C8CAF1844479F3600213173BB5D1E2A44143D63B6E0B3E10D8C5310 ADF84D30
diff --git a/contrib/zkt/examples/flat/sub.example.net./dnskey.db b/contrib/zkt/examples/flat/sub.example.net./dnskey.db
deleted file mode 100644
index 396e7d3b..00000000
--- a/contrib/zkt/examples/flat/sub.example.net./dnskey.db
+++ /dev/null
@@ -1,29 +0,0 @@
-;
-; !!! Don't edit this file by hand.
-; !!! It will be generated by dnssec-signer.
-;
-; Last generation time Jul 31 2008 13:19:17
-;
-
-; *** List of Key Signing Keys ***
-; sub.example.net. tag=54876 algo=RSASHA1 generated Jun 19 2008 00:32:22
-sub.example.net. 3600 IN DNSKEY 257 3 5 (
- AQOjGNN0/hLA20+W2qo0sktVActYKf1Opnx+bmkWSrsmJHMBHlT8hL50
- 7pGTmDoyH0Ae9+3MZSTBL1S+HhA12B0htiTp8IbtN/gZOBbwD36cBpPe
- 72uDQoUy/TdSn1HLtoqUSMTB+saqCTZWCfIEqcbHRn0T6PhgqLyCvLzb
- Z/avYw==
- ) ; key id = 54876
-
-; *** List of Zone Signing Keys ***
-; sub.example.net. tag=4254 algo=RSAMD5 generated Jul 31 2008 00:25:52
-sub.example.net. 3600 IN DNSKEY 256 3 1 (
- BQEAAAAB4Z/siqZTvCFKzaOrB8+HHTlR9is+/+/Sem6gxhZt/vpWkNMy
- aSpAT8LjR7nNHr9vNYsJ2KCQtY2dUFjT5BCeqQ==
- ) ; key id = 4254
-
-; sub.example.net. tag=56744 algo=RSAMD5 generated Jul 31 2008 00:25:53
-sub.example.net. 3600 IN DNSKEY 256 3 1 (
- BQEAAAABxZS/DJA1BUdYVj5cOmMMnA5W/SHlkb4sEZkca3uIqV4gTzgv
- guftN+M1ZgwyPwarn7DQR1Eb92uW3ALxwN2o6w==
- ) ; key id = 56744
-
diff --git a/contrib/zkt/examples/flat/sub.example.net./zone.db.signed b/contrib/zkt/examples/flat/sub.example.net./zone.db.signed
deleted file mode 100644
index 0560d2b0..00000000
--- a/contrib/zkt/examples/flat/sub.example.net./zone.db.signed
+++ /dev/null
@@ -1,103 +0,0 @@
-; File written on Thu Jul 31 13:19:17 2008
-; dnssec_signzone version 9.5.1b1
-sub.example.net. 7200 IN SOA ns1.example.net. hostmaster.example.net. (
- 1217503157 ; serial
- 86400 ; refresh (1 day)
- 1800 ; retry (30 minutes)
- 1209600 ; expire (2 weeks)
- 7200 ; minimum (2 hours)
- )
- 7200 RRSIG SOA 1 3 7200 20080802101917 (
- 20080731101917 4254 sub.example.net.
- pAevIprv5lPMcSSR4l0cGzaYTY2pG3HsT6z9
- RkSwssWSyyMxRqgYCuR2gErA1THGJNPlT8Qa
- 9bvrMVOXpd0Q1g== )
- 7200 NS ns1.example.net.
- 7200 RRSIG NS 1 3 7200 20080802101917 (
- 20080731101917 4254 sub.example.net.
- zB0f/bN5fvezT404pT+ArKVIW2QHKzTC2osb
- k2sUpJiuhKtdJBx1kfBNmyaIuFaZsLtWacJn
- 1S/A2bV4S3No7Q== )
- 7200 NSEC a.sub.example.net. NS SOA RRSIG NSEC DNSKEY
- 7200 RRSIG NSEC 1 3 7200 20080802101917 (
- 20080731101917 4254 sub.example.net.
- ElgI6LCNWdDWM3OKh4vNDN9EiSns1bpnmOPK
- TmAPb/tStfHfmNOuwBleW6irtDexizZcZFl8
- feRHQBEYFpgvhA== )
- 3600 DNSKEY 256 3 1 (
- BQEAAAABxZS/DJA1BUdYVj5cOmMMnA5W/SHl
- kb4sEZkca3uIqV4gTzgvguftN+M1ZgwyPwar
- n7DQR1Eb92uW3ALxwN2o6w==
- ) ; key id = 56744
- 3600 DNSKEY 256 3 1 (
- BQEAAAAB4Z/siqZTvCFKzaOrB8+HHTlR9is+
- /+/Sem6gxhZt/vpWkNMyaSpAT8LjR7nNHr9v
- NYsJ2KCQtY2dUFjT5BCeqQ==
- ) ; key id = 4254
- 3600 DNSKEY 257 3 5 (
- AQOjGNN0/hLA20+W2qo0sktVActYKf1Opnx+
- bmkWSrsmJHMBHlT8hL507pGTmDoyH0Ae9+3M
- ZSTBL1S+HhA12B0htiTp8IbtN/gZOBbwD36c
- BpPe72uDQoUy/TdSn1HLtoqUSMTB+saqCTZW
- CfIEqcbHRn0T6PhgqLyCvLzbZ/avYw==
- ) ; key id = 54876
- 3600 RRSIG DNSKEY 1 3 3600 20080802101917 (
- 20080731101917 4254 sub.example.net.
- ASLViHuAWYqnzkZ4i6eywTuKvHyk93xsQBba
- 4VjRCKc93KzvkWUA6SgOcwGvuRuAGCGb60VT
- UW2clZMFj/Fy6g== )
- 3600 RRSIG DNSKEY 5 3 3600 20080802101917 (
- 20080731101917 54876 sub.example.net.
- B2w2YAkeV2vx159FnG+B/H36Vnx8L1WwHt3E
- 0YV1yYj2s5ZV6B6Gq34Ahm6y+zs7TsVxeYpO
- OCoYCck/D+ehpuHOzZRR7xS2Rz/xLIvfASAK
- 7NT/aIOlNPWH6I1J3ZAwhfAwF680KEFHPksv
- oFMHe/OpIq7x/a4NdMn3yIWbFtg= )
-a.sub.example.net. 7200 IN A 1.2.3.4
- 7200 RRSIG A 1 4 7200 20080802101917 (
- 20080731101917 4254 sub.example.net.
- 1bTDrFSMIV8H8HTfEFQiG7dqYGr3a8UvK5fQ
- owoh0VJuG4+DCUZU8edUSwnzMW8Yza4Ev0j+
- M4ESPnoKxli7YQ== )
- 7200 NSEC b.sub.example.net. A RRSIG NSEC
- 7200 RRSIG NSEC 1 4 7200 20080802101917 (
- 20080731101917 4254 sub.example.net.
- nmJGbJWWaChlNmTTk5TgWEYRETeSJFiCoYHv
- USKfEwLn13LfKk/lRZJarWIkDh7mxoismPOt
- 2ODgeGLhUTap7A== )
-b.sub.example.net. 7200 IN A 1.2.3.5
- 7200 RRSIG A 1 4 7200 20080802101917 (
- 20080731101917 4254 sub.example.net.
- ojTCQ+aB8WClC7ncJsVGaN5RY6lczR7/Q0uz
- bydmXQBjGUdF/GsuJvhR26mVbPzJNmF7uDNN
- S0Et3ivWZSAVOg== )
- 7200 NSEC c.sub.example.net. A RRSIG NSEC
- 7200 RRSIG NSEC 1 4 7200 20080802101917 (
- 20080731101917 4254 sub.example.net.
- a6adIifDPjibbLme8dVzcKymxSARsIs2pz7B
- jHXl0NCH9tmPBc/cBnjHxnSaes3QVDeok04k
- +SzjVQtJfxUDsA== )
-c.sub.example.net. 7200 IN A 1.2.3.6
- 7200 RRSIG A 1 4 7200 20080802101917 (
- 20080731101917 4254 sub.example.net.
- ZeYTG7C6eEXhcHaBS4oIcwWGA5NayJs9aqhb
- eWLRoZ75LxgIxhMQYU6A22PQf+zIWLADd0ID
- z5HLpC+KbfpJxw== )
- 7200 NSEC localhost.sub.example.net. A RRSIG NSEC
- 7200 RRSIG NSEC 1 4 7200 20080802101917 (
- 20080731101917 4254 sub.example.net.
- IypmujoPBPhfEJqJdst5ZBazYfrr5l8nzrIh
- a6xQYUDcw8aI96rVxn0pjeeiGBHuge2HbAAh
- 4AnYjZlHjfe+MA== )
-localhost.sub.example.net. 7200 IN A 127.0.0.1
- 7200 RRSIG A 1 4 7200 20080802101917 (
- 20080731101917 4254 sub.example.net.
- o8kEv5q2Xus/jL8w8gB/M3VSvz7eTP67u38T
- X+JO2yRn7W8gIxPo46yYfgr3qB7WXYD8jB8Y
- vw4b+pdoWMi0+g== )
- 7200 NSEC sub.example.net. A RRSIG NSEC
- 7200 RRSIG NSEC 1 4 7200 20080802101917 (
- 20080731101917 4254 sub.example.net.
- XbQQpoL8oV9kgpIKHyX2KoCmtMm2Wub1lVu9
- PP0RM4QO5bpWls0ify3KgNiAg0g6qV86UQIr
- SgFnqsd6YTxxpw== )
diff --git a/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+006+04710.key b/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+006+04710.key
new file mode 100644
index 00000000..80d1ca0c
--- /dev/null
+++ b/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+006+04710.key
@@ -0,0 +1,3 @@
+;% generationtime=20081228220628
+;% lifetime=3d
+sub.example.net. IN DNSKEY 256 3 6 AKh40WuaLB5icdjaU/WvsAlgOwi5vkFZckOUzy7Bj+uFawiZePzJ376i jMX7LHr8z1NNhNOBRhUNxd3yJUjLVzWmoPu6oilpY0T/7JM2IQO3At1z gbfUKNyiPZ6oWgPYv71zph2oeEv/imIItqFoz+s9rJLBevzRINvunS1n n4Fiq7gi21miJiG63hHEoNr5Y/kbB02t91IQ7Ts8qrKZZHDk36K83OzW KnF1OGkSIki7kfoWyUi6cJAMdnc33uPf+7inEguN4Sr2h4QXGNm42hKI v8lZ
diff --git a/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+006+04710.published b/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+006+04710.published
new file mode 100644
index 00000000..f10110da
--- /dev/null
+++ b/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+006+04710.published
@@ -0,0 +1,7 @@
+Private-key-format: v1.2
+Algorithm: 6 (?)
+Prime(p): vkFZckOUzy7Bj+uFawiZePzJ376ijMX7LHr8z1NNhNOBRhUNxd3yJUjLVzWmoPu6oilpY0T/7JM2IQO3At1zgQ==
+Subprime(q): qHjRa5osHmJx2NpT9a+wCWA7CLk=
+Base(g): t9Qo3KI9nqhaA9i/vXOmHah4S/+KYgi2oWjP6z2sksF6/NEg2+6dLWefgWKruCLbWaImIbreEcSg2vlj+RsHTQ==
+Private_value(x): J9kC0094M4urh22UyajBvYp6OUU=
+Public_value(y): rfdSEO07PKqymWRw5N+ivNzs1ipxdThpEiJIu5H6FslIunCQDHZ3N97j3/u4pxILjeEq9oeEFxjZuNoSiL/JWQ==
diff --git a/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+006+05823.key b/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+006+05823.key
new file mode 100644
index 00000000..2cb92c46
--- /dev/null
+++ b/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+006+05823.key
@@ -0,0 +1,3 @@
+;% generationtime=20081216133130
+;% lifetime=3d
+sub.example.net. IN DNSKEY 256 3 6 AM1UxbjTGN5tGzLFwt1CwRx4mlDP50c8zvi1zrCvWeR2s851pF1lyqoi 7w+KlRmWrsEyyGS+HmnxyQDaY1+TYi+gJzHVS1kVv98x1ggg8Gb1EtNp +U1bNU2DyopLKhZR5+6SN5u7R7tlQCGlmesE4yAD2kLBYAvBoSXgPhPn /UDQWz08x3IaYVvVcQccBAgue4Nh/RE3A325wgodhZ4VOghCsKojF+u0 DXLuWYY6h6KWn4yuto6NMBb5hXSDaYMTgiJYO5MS79d876LIPJyv3mls lfy1
diff --git a/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+006+05823.private b/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+006+05823.private
new file mode 100644
index 00000000..50a0c942
--- /dev/null
+++ b/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+006+05823.private
@@ -0,0 +1,7 @@
+Private-key-format: v1.2
+Algorithm: 6 (?)
+Prime(p): 50c8zvi1zrCvWeR2s851pF1lyqoi7w+KlRmWrsEyyGS+HmnxyQDaY1+TYi+gJzHVS1kVv98x1ggg8Gb1EtNp+Q==
+Subprime(q): zVTFuNMY3m0bMsXC3ULBHHiaUM8=
+Base(g): TVs1TYPKiksqFlHn7pI3m7tHu2VAIaWZ6wTjIAPaQsFgC8GhJeA+E+f9QNBbPTzHchphW9VxBxwECC57g2H9EQ==
+Private_value(x): LnevSOPwRhakaa7vYh1YBwGWIh8=
+Public_value(y): NwN9ucIKHYWeFToIQrCqIxfrtA1y7lmGOoeilp+MrraOjTAW+YV0g2mDE4IiWDuTEu/XfO+iyDycr95pbJX8tQ==
diff --git a/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+006+22440.depreciated b/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+006+22440.depreciated
new file mode 100644
index 00000000..14edffd1
--- /dev/null
+++ b/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+006+22440.depreciated
@@ -0,0 +1,7 @@
+Private-key-format: v1.2
+Algorithm: 6 (?)
+Prime(p): j+A/58oThRkOD+cmyxsyLP0qrQcozEPyY+SI5/7cj1chepu4me5ek8kaxKMxecDzP79mSCiX60J/Zl73x4qPoQ==
+Subprime(q): kuawB/eONoc0BjGmDIKOerRKBkM=
+Base(g): C/CRAij2ID/BEajrSxPOHaMWdQ06G5zfI6el3MIZtMFvNxBQypZ3VRawKbBeOncxvSMSX/ecw5MeJDKXCWfi7Q==
+Private_value(x): HZ/c+Fa0T/qv5IwEmPEF681ckVw=
+Public_value(y): bvjS4V5v38HzFvDmzxxq09i13mBupQ79O5ZLNyxoyE17kHNcKD6/ggVPSVx1jDymtgE9FLYgo1OoKh9qdNrG0w==
diff --git a/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+006+22440.key b/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+006+22440.key
new file mode 100644
index 00000000..0269761c
--- /dev/null
+++ b/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+006+22440.key
@@ -0,0 +1,3 @@
+;% generationtime=20081209130816
+;% lifetime=3d
+sub.example.net. IN DNSKEY 256 3 6 AJLmsAf3jjaHNAYxpgyCjnq0SgZDj+A/58oThRkOD+cmyxsyLP0qrQco zEPyY+SI5/7cj1chepu4me5ek8kaxKMxecDzP79mSCiX60J/Zl73x4qP oQvwkQIo9iA/wRGo60sTzh2jFnUNOhuc3yOnpdzCGbTBbzcQUMqWd1UW sCmwXjp3Mb0jEl/3nMOTHiQylwln4u1u+NLhXm/fwfMW8ObPHGrT2LXe YG6lDv07lks3LGjITXuQc1woPr+CBU9JXHWMPKa2AT0UtiCjU6gqH2p0 2sbT
diff --git a/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+18846.key b/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+18846.key
new file mode 100644
index 00000000..688d4212
--- /dev/null
+++ b/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+18846.key
@@ -0,0 +1,3 @@
+;% generationtime=20081125154049
+;% lifetime=60d
+sub.example.net. IN DNSKEY 257 3 7 AwEAAeOdfq7cwfhl3aL8BlURGngPA+3I2E3G3XPRE7Yaw/Nco7aXorHK JgRFMoM30q7jDBaudLeXC//fOQAw2P5vCwyuHmIFo4flXn51sMeFpWdP 7E8fmi4k/YoCESu+vBvf+rZWDMVosj8VVEIbKTcJE16Nsd1ls1FIGfiq fu8SrJ0f
diff --git a/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+18846.private b/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+18846.private
new file mode 100644
index 00000000..5b5edbb3
--- /dev/null
+++ b/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+18846.private
@@ -0,0 +1,10 @@
+Private-key-format: v1.2
+Algorithm: 7 (?)
+Modulus: 451+rtzB+GXdovwGVREaeA8D7cjYTcbdc9ETthrD81yjtpeiscomBEUygzfSruMMFq50t5cL/985ADDY/m8LDK4eYgWjh+VefnWwx4WlZ0/sTx+aLiT9igIRK768G9/6tlYMxWiyPxVUQhspNwkTXo2x3WWzUUgZ+Kp+7xKsnR8=
+PublicExponent: AQAB
+PrivateExponent: J0mYBDa2hFmQ2AEIVsaM+wwccX6pV0NsFgGQlW4pRGhJGcsymd16kmIfRebsxqMKAyA5pTa9K30sKYxE6CXikgpm1+TqQtH3CQJGEz81gf5/c/RgHdG4+bygPrKeW1vA7dI5jsEQ8wnhBAJa0jDIt8f0bP9G5rGYyxctmmC8mgE=
+Prime1: 8gsI7gGw1oPDMLhQHMx3NorrKgy1wMu3/anCcIEEe1OflmSNHzb0Y4hQ8Zl97EyU6ZuPAGlnI4MfykK2V35orw==
+Prime2: 8L163OyeS3aLn+Bxfxlc/6OZGat5b6C5RKFzvdJ9/7ZxM1woegJCe8DD0wwuKwNs7go+venTI4O7L1ZB0jJOkQ==
+Exponent1: aJiOLlQ6uCjOk+JCdH+DUOWthEljzcH7a7oNlZKbfjP/9fzT41ZbPBvvZsh+2zuo6l7X6ESkVntWpJA5vguZbw==
+Exponent2: a4mIh4VfFICI0Er3B/pxc3RF4JSbc0TNXZ3tUL7lL8P0fyfMoOu/fP5Xuz+2o9os34xOCJGZkkS26edTEa0NMQ==
+Coefficient: sEYTrLAosmx+x8M2BBdTYLddTSbv3xXDlqHeCNxajW4bhhbjkn3oMCWQfaq7Oke4zeUXPOAYjaf8Ve2oLD9fzg==
diff --git a/contrib/zkt/examples/flat/sub.example.net/dlvset-sub.example.net. b/contrib/zkt/examples/flat/sub.example.net/dlvset-sub.example.net.
new file mode 100644
index 00000000..8537da02
--- /dev/null
+++ b/contrib/zkt/examples/flat/sub.example.net/dlvset-sub.example.net.
@@ -0,0 +1,2 @@
+sub.example.net.dlv.trusted-keys.de. IN DLV 18846 7 1 71103B8D50793E190E48D99E95B48D9F20C404C6
+sub.example.net.dlv.trusted-keys.de. IN DLV 18846 7 2 42A13BAC66BEB451B6BF17A51FC2C141B765D3E9B952C689BA4B572D C1AF2FCC
diff --git a/contrib/zkt/examples/flat/sub.example.net/dnskey.db b/contrib/zkt/examples/flat/sub.example.net/dnskey.db
new file mode 100644
index 00000000..7d4c4acb
--- /dev/null
+++ b/contrib/zkt/examples/flat/sub.example.net/dnskey.db
@@ -0,0 +1,47 @@
+;
+; !!! Don't edit this file by hand.
+; !!! It will be generated by dnssec-signer.
+;
+; Last generation time Dec 28 2008 23:08:02
+;
+
+; *** List of Key Signing Keys ***
+; sub.example.net. tag=18846 algo=NSEC3RSASHA1 generated Nov 25 2008 16:40:49
+sub.example.net. 3600 IN DNSKEY 257 3 7 (
+ AwEAAeOdfq7cwfhl3aL8BlURGngPA+3I2E3G3XPRE7Yaw/Nco7aXorHK
+ JgRFMoM30q7jDBaudLeXC//fOQAw2P5vCwyuHmIFo4flXn51sMeFpWdP
+ 7E8fmi4k/YoCESu+vBvf+rZWDMVosj8VVEIbKTcJE16Nsd1ls1FIGfiq
+ fu8SrJ0f
+ ) ; key id = 18846
+
+; *** List of Zone Signing Keys ***
+; sub.example.net. tag=5823 algo=NSEC3DSA generated Dec 28 2008 23:06:27
+sub.example.net. 3600 IN DNSKEY 256 3 6 (
+ AM1UxbjTGN5tGzLFwt1CwRx4mlDP50c8zvi1zrCvWeR2s851pF1lyqoi
+ 7w+KlRmWrsEyyGS+HmnxyQDaY1+TYi+gJzHVS1kVv98x1ggg8Gb1EtNp
+ +U1bNU2DyopLKhZR5+6SN5u7R7tlQCGlmesE4yAD2kLBYAvBoSXgPhPn
+ /UDQWz08x3IaYVvVcQccBAgue4Nh/RE3A325wgodhZ4VOghCsKojF+u0
+ DXLuWYY6h6KWn4yuto6NMBb5hXSDaYMTgiJYO5MS79d876LIPJyv3mls
+ lfy1
+ ) ; key id = 5823
+
+; sub.example.net. tag=22440 algo=NSEC3DSA generated Dec 28 2008 23:06:27
+sub.example.net. 3600 IN DNSKEY 256 3 6 (
+ AJLmsAf3jjaHNAYxpgyCjnq0SgZDj+A/58oThRkOD+cmyxsyLP0qrQco
+ zEPyY+SI5/7cj1chepu4me5ek8kaxKMxecDzP79mSCiX60J/Zl73x4qP
+ oQvwkQIo9iA/wRGo60sTzh2jFnUNOhuc3yOnpdzCGbTBbzcQUMqWd1UW
+ sCmwXjp3Mb0jEl/3nMOTHiQylwln4u1u+NLhXm/fwfMW8ObPHGrT2LXe
+ YG6lDv07lks3LGjITXuQc1woPr+CBU9JXHWMPKa2AT0UtiCjU6gqH2p0
+ 2sbT
+ ) ; key id = 22440
+
+; sub.example.net. tag=4710 algo=NSEC3DSA generated Dec 28 2008 23:06:28
+sub.example.net. 3600 IN DNSKEY 256 3 6 (
+ AKh40WuaLB5icdjaU/WvsAlgOwi5vkFZckOUzy7Bj+uFawiZePzJ376i
+ jMX7LHr8z1NNhNOBRhUNxd3yJUjLVzWmoPu6oilpY0T/7JM2IQO3At1z
+ gbfUKNyiPZ6oWgPYv71zph2oeEv/imIItqFoz+s9rJLBevzRINvunS1n
+ n4Fiq7gi21miJiG63hHEoNr5Y/kbB02t91IQ7Ts8qrKZZHDk36K83OzW
+ KnF1OGkSIki7kfoWyUi6cJAMdnc33uPf+7inEguN4Sr2h4QXGNm42hKI
+ v8lZ
+ ) ; key id = 4710
+
diff --git a/contrib/zkt/examples/flat/sub.example.net./dnssec.conf b/contrib/zkt/examples/flat/sub.example.net/dnssec.conf
index 4a045ad7..30ae923c 100644
--- a/contrib/zkt/examples/flat/sub.example.net./dnssec.conf
+++ b/contrib/zkt/examples/flat/sub.example.net/dnssec.conf
@@ -4,11 +4,12 @@ sigvalidity 2d
max_ttl 90s
Serialformat: unixtime
-ksk_algo RSASHA1
+zsk_lifetime 3m
+ksk_algo N3RSASHA1
ksk_bits 1024
zsk_lifetime 3d
-zsk_algo RSAMD5
+zsk_algo NSEC3DSA
zsk_bits 512
dlv_domain "dlv.trusted-keys.de"
diff --git a/contrib/zkt/examples/flat/sub.example.net/dsset-sub.example.net. b/contrib/zkt/examples/flat/sub.example.net/dsset-sub.example.net.
new file mode 100644
index 00000000..f35581d0
--- /dev/null
+++ b/contrib/zkt/examples/flat/sub.example.net/dsset-sub.example.net.
@@ -0,0 +1,2 @@
+sub.example.net. IN DS 18846 7 1 71103B8D50793E190E48D99E95B48D9F20C404C6
+sub.example.net. IN DS 18846 7 2 42A13BAC66BEB451B6BF17A51FC2C141B765D3E9B952C689BA4B572D C1AF2FCC
diff --git a/contrib/zkt/examples/flat/sub.example.net/keyset-sub.example.net. b/contrib/zkt/examples/flat/sub.example.net/keyset-sub.example.net.
new file mode 100644
index 00000000..5c58fad5
--- /dev/null
+++ b/contrib/zkt/examples/flat/sub.example.net/keyset-sub.example.net.
@@ -0,0 +1,8 @@
+$ORIGIN .
+sub.example.net 7200 IN DNSKEY 257 3 7 (
+ AwEAAeOdfq7cwfhl3aL8BlURGngPA+3I2E3G
+ 3XPRE7Yaw/Nco7aXorHKJgRFMoM30q7jDBau
+ dLeXC//fOQAw2P5vCwyuHmIFo4flXn51sMeF
+ pWdP7E8fmi4k/YoCESu+vBvf+rZWDMVosj8V
+ VEIbKTcJE16Nsd1ls1FIGfiqfu8SrJ0f
+ ) ; key id = 18846
diff --git a/contrib/zkt/examples/flat/sub.example.net/maxhexsalt b/contrib/zkt/examples/flat/sub.example.net/maxhexsalt
new file mode 100644
index 00000000..94bc5aff
--- /dev/null
+++ b/contrib/zkt/examples/flat/sub.example.net/maxhexsalt
@@ -0,0 +1 @@
+1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDE \ No newline at end of file
diff --git a/contrib/zkt/examples/flat/sub.example.net/maxhexsalt+1 b/contrib/zkt/examples/flat/sub.example.net/maxhexsalt+1
new file mode 100644
index 00000000..6f1f3b5c
--- /dev/null
+++ b/contrib/zkt/examples/flat/sub.example.net/maxhexsalt+1
@@ -0,0 +1 @@
+1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDE1 \ No newline at end of file
diff --git a/contrib/zkt/examples/flat/sub.example.net./zone.db b/contrib/zkt/examples/flat/sub.example.net/zone.db
index c9ec01ee..1eb2d9e1 100644
--- a/contrib/zkt/examples/flat/sub.example.net./zone.db
+++ b/contrib/zkt/examples/flat/sub.example.net/zone.db
@@ -1,13 +1,13 @@
;-----------------------------------------------------------------
;
-; @(#) sec.example.net/zone.db
+; @(#) sub.example.net/zone.db
;
;-----------------------------------------------------------------
$TTL 7200
@ IN SOA ns1.example.net. hostmaster.example.net. (
- 0 ; Serial
+ 2 ; Serial
86400 ; Refresh (RIPE recommendation if NOTIFY is used)
1800 ; Retry
2W ; Expire
diff --git a/contrib/zkt/examples/flat/sub.example.net/zone.db.signed b/contrib/zkt/examples/flat/sub.example.net/zone.db.signed
new file mode 100644
index 00000000..79cc5e73
--- /dev/null
+++ b/contrib/zkt/examples/flat/sub.example.net/zone.db.signed
@@ -0,0 +1,116 @@
+; File written on Sun Dec 28 23:08:02 2008
+; dnssec_signzone version 9.6.0
+sub.example.net. 7200 IN SOA ns1.example.net. hostmaster.example.net. (
+ 1230502082 ; serial
+ 86400 ; refresh (1 day)
+ 1800 ; retry (30 minutes)
+ 1209600 ; expire (2 weeks)
+ 7200 ; minimum (2 hours)
+ )
+ 7200 RRSIG SOA 6 3 7200 20081230210802 (
+ 20081228210802 5823 sub.example.net.
+ AMwSbl1AvSw6nz/6SAX26uwD5BAKYAxmfBIq
+ ynkaiFplhArpE1dTqlU= )
+ 7200 NS ns1.example.net.
+ 7200 RRSIG NS 6 3 7200 20081230210802 (
+ 20081228210802 5823 sub.example.net.
+ AFIZX6ddVm4v+ae2F4zcVgp0jJHow+jKe+LC
+ YYNpRqF42vDPsri4shw= )
+ 3600 DNSKEY 256 3 6 (
+ AJLmsAf3jjaHNAYxpgyCjnq0SgZDj+A/58oT
+ hRkOD+cmyxsyLP0qrQcozEPyY+SI5/7cj1ch
+ epu4me5ek8kaxKMxecDzP79mSCiX60J/Zl73
+ x4qPoQvwkQIo9iA/wRGo60sTzh2jFnUNOhuc
+ 3yOnpdzCGbTBbzcQUMqWd1UWsCmwXjp3Mb0j
+ El/3nMOTHiQylwln4u1u+NLhXm/fwfMW8ObP
+ HGrT2LXeYG6lDv07lks3LGjITXuQc1woPr+C
+ BU9JXHWMPKa2AT0UtiCjU6gqH2p02sbT
+ ) ; key id = 22440
+ 3600 DNSKEY 256 3 6 (
+ AKh40WuaLB5icdjaU/WvsAlgOwi5vkFZckOU
+ zy7Bj+uFawiZePzJ376ijMX7LHr8z1NNhNOB
+ RhUNxd3yJUjLVzWmoPu6oilpY0T/7JM2IQO3
+ At1zgbfUKNyiPZ6oWgPYv71zph2oeEv/imII
+ tqFoz+s9rJLBevzRINvunS1nn4Fiq7gi21mi
+ JiG63hHEoNr5Y/kbB02t91IQ7Ts8qrKZZHDk
+ 36K83OzWKnF1OGkSIki7kfoWyUi6cJAMdnc3
+ 3uPf+7inEguN4Sr2h4QXGNm42hKIv8lZ
+ ) ; key id = 4710
+ 3600 DNSKEY 256 3 6 (
+ AM1UxbjTGN5tGzLFwt1CwRx4mlDP50c8zvi1
+ zrCvWeR2s851pF1lyqoi7w+KlRmWrsEyyGS+
+ HmnxyQDaY1+TYi+gJzHVS1kVv98x1ggg8Gb1
+ EtNp+U1bNU2DyopLKhZR5+6SN5u7R7tlQCGl
+ mesE4yAD2kLBYAvBoSXgPhPn/UDQWz08x3Ia
+ YVvVcQccBAgue4Nh/RE3A325wgodhZ4VOghC
+ sKojF+u0DXLuWYY6h6KWn4yuto6NMBb5hXSD
+ aYMTgiJYO5MS79d876LIPJyv3mlslfy1
+ ) ; key id = 5823
+ 3600 DNSKEY 257 3 7 (
+ AwEAAeOdfq7cwfhl3aL8BlURGngPA+3I2E3G
+ 3XPRE7Yaw/Nco7aXorHKJgRFMoM30q7jDBau
+ dLeXC//fOQAw2P5vCwyuHmIFo4flXn51sMeF
+ pWdP7E8fmi4k/YoCESu+vBvf+rZWDMVosj8V
+ VEIbKTcJE16Nsd1ls1FIGfiqfu8SrJ0f
+ ) ; key id = 18846
+ 3600 RRSIG DNSKEY 6 3 3600 20081230210802 (
+ 20081228210802 5823 sub.example.net.
+ AMh2mLe04LwOikgp7Djk5OD+VjsxHWFIrM5K
+ eZ9TwWum0+c3KRc0Ye0= )
+ 3600 RRSIG DNSKEY 7 3 3600 20081230210802 (
+ 20081228210802 18846 sub.example.net.
+ oXtpSP1gJIoDZ4HUjdlGV6wyS0VPHp9pv7hB
+ t8sOWSTxSAQ2D1u+2bHK97lE7c1TJUqNsQO7
+ YiTwCvfeypt/9QWSFg8d8TrUTaFvUyZO9yJM
+ HEeJvoV9+TmRsqT1M4vYNO6OY9zBrqQF8Jov
+ gblJkg3ftGhllMDdz8JlIe3m35U= )
+ 0 NSEC3PARAM 1 0 100 B5EA98
+ 0 RRSIG NSEC3PARAM 6 3 0 20081230210802 (
+ 20081228210802 5823 sub.example.net.
+ AEK69arso3M/F6qdvHBnEaS7PYoMPzkXeut8
+ f7tQNJi/n/57iOXxBtY= )
+a.sub.example.net. 7200 IN A 1.2.3.4
+ 7200 RRSIG A 6 4 7200 20081230210802 (
+ 20081228210802 5823 sub.example.net.
+ ACtzcM76XGO0nQg0MNi/3xIA17I/Zl7dpLie
+ L+UWpvdyC01FhiJ9nBc= )
+b.sub.example.net. 7200 IN A 1.2.3.5
+ 7200 RRSIG A 6 4 7200 20081230210802 (
+ 20081228210802 5823 sub.example.net.
+ AMvlob5onyssxa/DQ13dtCp9pL9sHw4pruqq
+ PI85Joh+QNgM26VGXRA= )
+c.sub.example.net. 7200 IN A 1.2.3.6
+ 7200 RRSIG A 6 4 7200 20081230210802 (
+ 20081228210802 5823 sub.example.net.
+ AJAcwAkedEjx4i28vF/Uu31BDly6Hmc5LI9R
+ 19PqH1vAijma5No2x5Q= )
+localhost.sub.example.net. 7200 IN A 127.0.0.1
+ 7200 RRSIG A 6 4 7200 20081230210802 (
+ 20081228210802 5823 sub.example.net.
+ ACgSEXi/TbpF35NNFs8zocciqhZtwDL5C4e/
+ 6hTGwvl3Z+IjCjf8oDc= )
+ANQ08MJB3Q48CAVL5MEKLHUA2EG2808A.sub.example.net. 7200 IN NSEC3 1 0 100 B5EA98 FLIRT946Q32FSU4Q1ISRK4UJAFMRNHEE A RRSIG
+ 7200 RRSIG NSEC3 6 4 7200 20081230210802 (
+ 20081228210802 5823 sub.example.net.
+ AGjJ1uwyqNVcHgz3aFQZhvNFpBEPXdQaEeKo
+ /1Joi1+1g5r7AqEPgbU= )
+FLIRT946Q32FSU4Q1ISRK4UJAFMRNHEE.sub.example.net. 7200 IN NSEC3 1 0 100 B5EA98 J961TISKA95UUNS1JAV5OMBDNS342B6O A RRSIG
+ 7200 RRSIG NSEC3 6 4 7200 20081230210802 (
+ 20081228210802 5823 sub.example.net.
+ AERaVeALOfnnt/33oq5dDu08p3oyfYET59xd
+ x6I2CRIOFUr7LkHm2ro= )
+J961TISKA95UUNS1JAV5OMBDNS342B6O.sub.example.net. 7200 IN NSEC3 1 0 100 B5EA98 KJVHLHHLAADEDFM1ONPEIBM68DIIPI6O A RRSIG
+ 7200 RRSIG NSEC3 6 4 7200 20081230210802 (
+ 20081228210802 5823 sub.example.net.
+ ADgp7RYKJ95X9iLaS/O0N75fzc/yjA3NhVnv
+ hDKrUluwi2qYv1/AOIk= )
+KJVHLHHLAADEDFM1ONPEIBM68DIIPI6O.sub.example.net. 7200 IN NSEC3 1 0 100 B5EA98 TE1BL0NOCKMSQ7ARERPVQTM4NBVRN6CN A RRSIG
+ 7200 RRSIG NSEC3 6 4 7200 20081230210802 (
+ 20081228210802 5823 sub.example.net.
+ AMkFnz9tj86fr4NmFDnrqDNFlkgMAhRY/fR3
+ SGzdb8LfKdbWCRwYtu0= )
+TE1BL0NOCKMSQ7ARERPVQTM4NBVRN6CN.sub.example.net. 7200 IN NSEC3 1 0 100 B5EA98 ANQ08MJB3Q48CAVL5MEKLHUA2EG2808A NS SOA RRSIG DNSKEY NSEC3PARAM
+ 7200 RRSIG NSEC3 6 4 7200 20081230210802 (
+ 20081228210802 5823 sub.example.net.
+ AHYEmiF12gwP5LOpUfqK+uHzj7cwuxlGXNT7
+ OdhDcXznJd5bkkQuoFY= )
diff --git a/contrib/zkt/examples/flat/zkt.log b/contrib/zkt/examples/flat/zkt.log
index 9276f945..40729a83 100644
--- a/contrib/zkt/examples/flat/zkt.log
+++ b/contrib/zkt/examples/flat/zkt.log
@@ -1,2501 +1,139 @@
-2008-06-10 00:36:45.086: warning: zone "sub.example.net.": lifetime of key signing key 54876 exceeded
-2008-06-10 00:37:09.073: warning: zone "sub.example.net.": lifetime of key signing key 54876 exceeded
-2008-06-10 00:37:09.074: error: zone "example.net.": couldn't increment serialno in file ./example.net./zone.db: not enough space left for serialno
-2008-06-10 00:37:24.586: warning: zone "sub.example.net.": lifetime of key signing key 54876 exceeded
-2008-06-10 00:37:24.588: error: zone "example.net.": couldn't increment serialno in file ./example.net./zone.db: not enough space left for serialno
-2008-06-10 00:38:02.499: warning: zone "sub.example.net.": lifetime of key signing key 54876 exceeded
-2008-06-10 00:38:14.016: warning: zone "sub.example.net.": lifetime of key signing key 54876 exceeded
-2008-06-10 00:38:14.018: error: zone "example.net.": couldn't increment serialno in file ./example.net./zone.db: couldn't find serialnumber in zone file
-2008-06-10 00:38:40.235: warning: zone "sub.example.net.": lifetime of key signing key 54876 exceeded
-2008-06-10 00:38:40.236: error: zone "example.net.": couldn't increment serialno in file ./example.net./zone.db: unexpected end of file
-2008-06-10 00:38:49.975: warning: zone "sub.example.net.": lifetime of key signing key 54876 exceeded
-2008-06-11 13:47:16.909: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded ()
-2008-06-11 13:51:06.959: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded -16781202()
-2008-06-11 13:54:29.680: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded (27w5d5h30m5s)
-2008-06-11 13:56:36.990: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w5d5h32m12s
-2008-06-11 22:39:48.053: notice: running as ../../dnssec-signer -v -v
-2008-06-11 22:39:48.056: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w5d14h15m24s
-2008-06-11 22:39:48.056: notice: "sub.example.net.": lifetime of zone signing key 44833 exceeded since 2h30m54s: ZSK rollover done
-2008-06-11 22:39:48.143: notice: "sub.example.net.": re-signing triggered: New zone key
-2008-06-11 22:39:48.617: notice: end of run: 0 errors occured
-2008-06-11 22:41:14.103: notice: running as ../../dnssec-signer -v -v
-2008-06-11 22:41:14.106: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w5d14h16m50s
-2008-06-11 22:41:14.106: notice: end of run: 0 errors occured
-2008-06-11 22:48:18.445: notice: running as ../../dnssec-signer -v -v
-2008-06-11 22:48:18.448: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w5d14h23m54s
-2008-06-11 22:48:18.448: notice: "sub.example.net.": re-signing triggered: New zone key
-2008-06-11 22:48:19.087: notice: end of run: 0 errors occured
-2008-06-11 22:56:53.295: notice: running as ../../dnssec-signer -v -v
-2008-06-11 22:56:53.297: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w5d14h32m29s
-2008-06-11 22:56:53.297: notice: end of run: 0 errors occured
-2008-06-11 23:01:41.451: notice: running as ../../dnssec-signer -v -v
-2008-06-11 23:01:41.454: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w5d14h37m17s
-2008-06-11 23:01:41.454: notice: end of run: 0 errors occured
-2008-06-11 23:04:25.909: notice: running as ../../dnssec-signer -c dnssec.conf -v -v
-2008-06-11 23:04:25.911: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w5d14h40m1s
-2008-06-11 23:04:25.911: notice: end of run: 0 errors occured
-2008-06-12 13:06:54.007: notice: running as ../../dnssec-signer -v -v
-2008-06-12 13:06:54.055: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d4h42m30s
-2008-06-12 13:06:54.056: notice: end of run: 0 errors occured
-2008-06-12 13:07:45.126: notice: running as ../../dnssec-signer -v -v
-2008-06-12 13:07:45.129: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-
-2008-06-12 13:07:45.129: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d4h43m21s
-2008-06-12 13:07:45.130: debug: parsing zone "example.net." in dir "./example.net."
-
-2008-06-12 13:07:45.130: notice: end of run: 0 errors occured
-2008-06-12 13:22:02.251: notice: running as ../../dnssec-signer -v -v
-2008-06-12 13:22:02.253: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-
-2008-06-12 13:22:02.253: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d4h57m38s
-2008-06-12 13:22:02.253: debug: parsing zone "example.net." in dir "./example.net."
-
-2008-06-12 13:22:02.253: notice: end of run: 0 errors occured
-2008-06-12 13:24:37.956: notice: running as ../../dnssec-signer -v -v
-2008-06-12 13:24:37.958: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-06-12 13:24:37.958: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d5h13s
-2008-06-12 13:24:37.958: debug: parsing zone "example.net." in dir "./example.net."
-2008-06-12 13:24:37.958: notice: end of run: 0 errors occured
-2008-06-12 13:25:32.993: notice: running as ../../dnssec-signer --config-option verboselog: 0; -v -v
-2008-06-12 13:25:32.997: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d5h1m8s
-2008-06-12 13:25:32.997: notice: end of run: 0 errors occured
-2008-06-12 13:26:49.861: notice: running as ../../dnssec-signer -O verboselog: 0; -v -v
-2008-06-12 13:26:49.864: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d5h2m25s
-2008-06-12 13:26:49.864: notice: end of run: 0 errors occured
-2008-06-12 16:28:01.977: notice: running as ../../dnssec-signer --config-option verboselog: 0; -v -v
-2008-06-12 16:28:01.979: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h3m37s
-2008-06-12 16:28:01.979: notice: end of run: 0 errors occured
-2008-06-12 16:28:13.626: notice: running as ../../dnssec-signer --config-option verboselog: 0; -v
-2008-06-12 16:28:13.629: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h3m49s
-2008-06-12 16:28:13.630: notice: end of run: 0 errors occured
-2008-06-12 16:28:30.318: notice: running as ../../dnssec-signer --config-option verboselog: 0; -v -v
-2008-06-12 16:28:30.320: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h4m6s
-2008-06-12 16:28:30.320: notice: end of run: 0 errors occured
-2008-06-12 16:34:06.968: notice: running as ../../dnssec-signer -v -v
-2008-06-12 16:34:06.971: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-06-12 16:34:06.971: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h9m42s
-2008-06-12 16:34:06.972: debug: parsing zone "example.net." in dir "./example.net."
-2008-06-12 16:34:06.972: notice: end of run: 0 errors occured
-2008-06-12 16:34:15.816: notice: running as ../../dnssec-signer
-2008-06-12 16:34:15.818: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-06-12 16:34:15.818: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h9m51s
-2008-06-12 16:34:15.818: debug: parsing zone "example.net." in dir "./example.net."
-2008-06-12 16:34:15.818: notice: end of run: 0 errors occured
-2008-06-12 16:35:27.777: notice: running as ../../dnssec-signer --config-option verboselog: 0; -v -v
-2008-06-12 16:35:27.780: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h11m3s
-2008-06-12 16:35:27.780: notice: end of run: 0 errors occured
-2008-06-12 16:44:56.266: notice: running as ../../dnssec-signer -v -v
-2008-06-12 16:44:56.269: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-06-12 16:44:56.269: debug: ->ksk5011status returns 0
-2008-06-12 16:44:56.269: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h20m32s
-2008-06-12 16:44:56.269: debug: Re-signing not necessary!
-2008-06-12 16:44:56.269: debug: parsing zone "example.net." in dir "./example.net."
-2008-06-12 16:44:56.269: debug: ->ksk5011status returns 2
-2008-06-12 16:44:56.269: debug: Re-signing not necessary!
-2008-06-12 16:44:56.270: notice: end of run: 0 errors occured
-2008-06-12 16:49:23.380: notice: running as ../../dnssec-signer -v -v
-2008-06-12 16:49:23.385: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-06-12 16:49:23.385: debug: ->ksk5011status returns 0
-2008-06-12 16:49:23.386: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h24m59s
-2008-06-12 16:49:23.386: debug: Re-signing not necessary!
-2008-06-12 16:49:23.386: debug: parsing zone "example.net." in dir "./example.net."
-2008-06-12 16:49:23.386: debug: ->ksk5011status returns 2
-2008-06-12 16:49:23.386: debug: Re-signing not necessary!
-2008-06-12 16:49:23.386: notice: end of run: 0 errors occured
-2008-06-12 16:49:28.284: notice: running as ../../dnssec-signer -r -v -v
-2008-06-12 16:49:28.288: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-06-12 16:49:28.288: debug: ->ksk5011status returns 0
-2008-06-12 16:49:28.288: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h25m4s
-2008-06-12 16:49:28.288: debug: Re-signing not necessary!
-2008-06-12 16:49:28.288: debug: parsing zone "example.net." in dir "./example.net."
-2008-06-12 16:49:28.288: debug: ->ksk5011status returns 2
-2008-06-12 16:49:28.288: debug: Re-signing not necessary!
-2008-06-12 16:49:28.288: notice: end of run: 0 errors occured
-2008-06-12 16:49:32.079: notice: running as ../../dnssec-signer -f -v -v
-2008-06-12 16:49:32.081: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-06-12 16:49:32.081: debug: ->ksk5011status returns 0
-2008-06-12 16:49:32.081: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h25m8s
-2008-06-12 16:49:32.082: debug: Re-signing necessary: Option -f
-2008-06-12 16:49:32.082: notice: "sub.example.net.": re-signing triggered: Option -f
-2008-06-12 16:49:32.082: debug: Writing key file "./sub.example.net./dnskey.db"
-2008-06-12 16:49:32.082: debug: Signing zone "sub.example.net."
-2008-06-12 16:49:32.082: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o sub.example.net. -e +172800 -g -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
-2008-06-12 16:49:32.222: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-06-12 16:49:32.222: debug: Signing completed after 0s.
-2008-06-12 16:49:32.222: debug:
-2008-06-12 16:49:32.222: debug: parsing zone "example.net." in dir "./example.net."
-2008-06-12 16:49:32.222: debug: ->ksk5011status returns 2
-2008-06-12 16:49:32.223: debug: Re-signing necessary: Option -f
-2008-06-12 16:49:32.223: notice: "example.net.": re-signing triggered: Option -f
-2008-06-12 16:49:32.223: debug: Writing key file "./example.net./dnskey.db"
-2008-06-12 16:49:32.223: debug: Incrementing serial number in file "./example.net./zone.db"
-2008-06-12 16:49:32.223: debug: Signing zone "example.net."
-2008-06-12 16:49:32.223: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o example.net. -e +518400 -g zone.db K*.private"
-2008-06-12 16:49:32.335: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-06-12 16:49:32.335: debug: Signing completed after 0s.
-2008-06-12 16:49:32.335: debug:
-2008-06-12 16:49:32.335: notice: end of run: 0 errors occured
-2008-06-12 17:02:15.076: notice: running as ../../dnssec-signer -f -v -v
-2008-06-12 17:02:15.078: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-06-12 17:02:15.078: debug: Check RFC5011 status
-2008-06-12 17:02:15.078: debug: ->ksk5011status returns 0
-2008-06-12 17:02:15.078: debug: Check ksk status
-2008-06-12 17:02:15.078: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h37m51s
-2008-06-12 17:02:15.078: debug: Re-signing necessary: Option -f
-2008-06-12 17:02:15.078: notice: "sub.example.net.": re-signing triggered: Option -f
-2008-06-12 17:02:15.078: debug: Writing key file "./sub.example.net./dnskey.db"
-2008-06-12 17:02:15.079: debug: Signing zone "sub.example.net."
-2008-06-12 17:02:15.079: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o sub.example.net. -e +172800 -g -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
-2008-06-12 17:02:15.254: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-06-12 17:02:15.254: debug: Signing completed after 0s.
-2008-06-12 17:02:15.254: debug:
-2008-06-12 17:02:15.254: debug: parsing zone "example.net." in dir "./example.net."
-2008-06-12 17:02:15.255: debug: Check RFC5011 status
-2008-06-12 17:02:15.255: debug: ->ksk5011status returns 2
-2008-06-12 17:02:15.255: debug: Re-signing necessary: Option -f
-2008-06-12 17:02:15.255: notice: "example.net.": re-signing triggered: Option -f
-2008-06-12 17:02:15.255: debug: Writing key file "./example.net./dnskey.db"
-2008-06-12 17:02:15.255: debug: Incrementing serial number in file "./example.net./zone.db"
-2008-06-12 17:02:15.255: debug: Signing zone "example.net."
-2008-06-12 17:02:15.255: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o example.net. -e +518400 -g zone.db K*.private"
-2008-06-12 17:02:15.368: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-06-12 17:02:15.368: debug: Signing completed after 0s.
-2008-06-12 17:02:15.368: debug:
-2008-06-12 17:02:15.368: notice: end of run: 0 errors occured
-2008-06-12 17:43:50.388: notice: running as ../../dnssec-signer -f -f
-2008-06-12 17:43:50.390: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-06-12 17:43:50.390: debug: Check RFC5011 status
-2008-06-12 17:43:50.390: debug: ->ksk5011status returns 0
-2008-06-12 17:43:50.390: debug: Check ksk status
-2008-06-12 17:43:50.390: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d9h19m26s
-2008-06-12 17:43:50.390: debug: Re-signing necessary: Option -f
-2008-06-12 17:43:50.390: notice: "sub.example.net.": re-signing triggered: Option -f
-2008-06-12 17:43:50.390: debug: Writing key file "./sub.example.net./dnskey.db"
-2008-06-12 17:43:50.390: debug: Signing zone "sub.example.net."
-2008-06-12 17:43:50.390: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o sub.example.net. -e +172800 -g -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
-2008-06-12 17:43:50.533: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-06-12 17:43:50.533: debug: Signing completed after 0s.
-2008-06-12 17:43:50.533: debug:
-2008-06-12 17:43:50.533: debug: parsing zone "example.net." in dir "./example.net."
-2008-06-12 17:43:50.533: debug: Check RFC5011 status
-2008-06-12 17:43:50.533: debug: ->ksk5011status returns 2
-2008-06-12 17:43:50.533: debug: Re-signing necessary: Option -f
-2008-06-12 17:43:50.533: notice: "example.net.": re-signing triggered: Option -f
-2008-06-12 17:43:50.533: debug: Writing key file "./example.net./dnskey.db"
-2008-06-12 17:43:50.534: debug: Incrementing serial number in file "./example.net./zone.db"
-2008-06-12 17:43:50.534: debug: Signing zone "example.net."
-2008-06-12 17:43:50.534: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o example.net. -e +518400 -g zone.db K*.private"
-2008-06-12 17:43:50.645: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-06-12 17:43:50.645: debug: Signing completed after 0s.
-2008-06-12 17:43:50.645: debug:
-2008-06-12 17:43:50.645: notice: end of run: 0 errors occured
-2008-06-12 17:49:43.188: notice: running as ../../dnssec-signer -O verboselog: 2 -v -v
-2008-06-12 17:49:43.190: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-06-12 17:49:43.190: debug: Check RFC5011 status
-2008-06-12 17:49:43.190: debug: ->ksk5011status returns 0
-2008-06-12 17:49:43.190: debug: Check ksk status
-2008-06-12 17:49:43.190: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d9h25m19s
-2008-06-12 17:49:43.190: debug: Re-signing not necessary!
-2008-06-12 17:49:43.190: debug: parsing zone "example.net." in dir "./example.net."
-2008-06-12 17:49:43.190: debug: Check RFC5011 status
-2008-06-12 17:49:43.190: debug: ->ksk5011status returns 2
-2008-06-12 17:49:43.190: debug: Re-signing not necessary!
-2008-06-12 17:49:43.190: notice: end of run: 0 errors occured
-2008-06-12 17:50:09.325: notice: running as ../../dnssec-signer -v -v
-2008-06-12 17:50:09.327: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-06-12 17:50:09.327: debug: Check RFC5011 status
-2008-06-12 17:50:09.327: debug: ->ksk5011status returns 0
-2008-06-12 17:50:09.327: debug: Check ksk status
-2008-06-12 17:50:09.327: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d9h25m45s
-2008-06-12 17:50:09.327: debug: Re-signing not necessary!
-2008-06-12 17:50:09.327: debug: parsing zone "example.net." in dir "./example.net."
-2008-06-12 17:50:09.327: debug: Check RFC5011 status
-2008-06-12 17:50:09.327: debug: ->ksk5011status returns 2
-2008-06-12 17:50:09.327: debug: Re-signing not necessary!
-2008-06-12 17:50:09.327: notice: end of run: 0 errors occured
-2008-06-12 17:52:29.309: notice: running as ../../dnssec-signer -v -v
-2008-06-12 17:52:29.311: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-06-12 17:52:29.312: debug: Check RFC5011 status
-2008-06-12 17:52:29.312: debug: ->ksk5011status returns 0
-2008-06-12 17:52:29.312: debug: Check ksk status
-2008-06-12 17:52:29.312: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d9h28m5s
-2008-06-12 17:52:29.312: debug: Re-signing not necessary!
-2008-06-12 17:52:29.312: debug: parsing zone "example.net." in dir "./example.net."
-2008-06-12 17:52:29.313: debug: Check RFC5011 status
-2008-06-12 17:52:29.313: debug: ->ksk5011status returns 2
-2008-06-12 17:52:29.313: debug: Re-signing not necessary!
-2008-06-12 17:52:29.313: notice: end of run: 0 errors occured
-2008-06-12 18:24:57.405: notice: running as ../../dnssec-signer -v -v
-2008-06-12 18:24:57.409: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-06-12 18:24:57.409: debug: Check RFC5011 status
-2008-06-12 18:24:57.409: debug: ->ksk5011status returns 0
-2008-06-12 18:24:57.409: debug: Check ksk status
-2008-06-12 18:24:57.409: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d10h33s
-2008-06-12 18:24:57.409: debug: Re-signing not necessary!
-2008-06-12 18:24:57.409: debug: parsing zone "example.net." in dir "./example.net."
-2008-06-12 18:24:57.409: debug: Check RFC5011 status
-2008-06-12 18:24:57.409: debug: ->ksk5011status returns 2
-2008-06-12 18:24:57.410: debug: Re-signing not necessary!
-2008-06-12 18:24:57.410: notice: end of run: 0 errors occured
-2008-06-16 23:12:32.309: notice:
-2008-06-16 23:12:32.309: notice: running as ../../dnssec-signer -v -v
-2008-06-16 23:12:32.654: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-06-16 23:12:32.654: debug: Check RFC5011 status
-2008-06-16 23:12:32.654: debug: ->ksk5011status returns 0
-2008-06-16 23:12:32.654: debug: Check ksk status
-2008-06-16 23:12:32.654: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 28w3d14h48m8s
-2008-06-16 23:12:32.654: debug: Lifetime(259200 +/-150 sec) of active key 44833 exceeded (433964 sec)
-2008-06-16 23:12:32.654: debug: ->depreciate it
-2008-06-16 23:12:32.654: debug: ->activate pre-publish key 55267
-2008-06-16 23:12:32.654: notice: "sub.example.net.": lifetime of zone signing key 55267 exceeded since 2d32m44s: ZSK rollover done
-2008-06-16 23:12:32.654: debug: New pre-publish key needed
-2008-06-16 23:12:32.790: debug: ->creating new pre-publish key 56149
-2008-06-16 23:12:32.791: debug: Re-signing necessary: New zone key
-2008-06-16 23:12:32.791: notice: "sub.example.net.": re-signing triggered: New zone key
-2008-06-16 23:12:32.791: debug: Writing key file "./sub.example.net./dnskey.db"
-2008-06-16 23:12:32.792: debug: Signing zone "sub.example.net."
-2008-06-16 23:12:32.792: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o sub.example.net. -e +172800 -g -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
-2008-06-16 23:12:33.022: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-06-16 23:12:33.022: debug: Signing completed after 1s.
-2008-06-16 23:12:33.022: debug:
-2008-06-16 23:12:33.023: debug: parsing zone "example.net." in dir "./example.net."
-2008-06-16 23:12:33.023: debug: Check RFC5011 status
-2008-06-16 23:12:33.023: debug: ->ksk5011status returns 2
-2008-06-16 23:12:33.023: debug: Re-signing necessary: re-signing interval (2d) reached
-2008-06-16 23:12:33.023: notice: "example.net.": re-signing triggered: re-signing interval (2d) reached
-2008-06-16 23:12:33.023: debug: Writing key file "./example.net./dnskey.db"
-2008-06-16 23:12:33.024: debug: Incrementing serial number in file "./example.net./zone.db"
-2008-06-16 23:12:33.024: debug: Signing zone "example.net."
-2008-06-16 23:12:33.024: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o example.net. -e +518400 -g zone.db K*.private"
-2008-06-16 23:12:33.169: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-06-16 23:12:33.170: debug: Signing completed after 0s.
-2008-06-16 23:12:33.170: debug:
-2008-06-16 23:12:33.170: notice: end of run: 0 errors occured
-2008-06-16 23:13:24.119: notice: ===> running as ../../dnssec-signer -v -v <===
-2008-06-16 23:13:24.121: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-06-16 23:13:24.121: debug: Check RFC5011 status
-2008-06-16 23:13:24.121: debug: ->ksk5011status returns 0
-2008-06-16 23:13:24.121: debug: Check ksk status
-2008-06-16 23:13:24.121: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 28w3d14h49m
-2008-06-16 23:13:24.121: debug: Re-signing not necessary!
-2008-06-16 23:13:24.121: debug: parsing zone "example.net." in dir "./example.net."
-2008-06-16 23:13:24.121: debug: Check RFC5011 status
-2008-06-16 23:13:24.121: debug: ->ksk5011status returns 2
-2008-06-16 23:13:24.121: debug: Re-signing not necessary!
-2008-06-16 23:13:24.121: notice: end of run: 0 errors occured
-2008-06-16 23:13:56.970: notice: =====> running as ../../dnssec-signer -v -v <=====
-2008-06-16 23:13:56.972: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-06-16 23:13:56.972: debug: Check RFC5011 status
-2008-06-16 23:13:56.972: debug: ->ksk5011status returns 0
-2008-06-16 23:13:56.972: debug: Check ksk status
-2008-06-16 23:13:56.973: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 28w3d14h49m32s
-2008-06-16 23:13:56.973: debug: Re-signing not necessary!
-2008-06-16 23:13:56.973: debug: parsing zone "example.net." in dir "./example.net."
-2008-06-16 23:13:56.973: debug: Check RFC5011 status
-2008-06-16 23:13:56.973: debug: ->ksk5011status returns 2
-2008-06-16 23:13:56.973: debug: Re-signing not necessary!
-2008-06-16 23:13:56.973: notice: end of run: 0 errors occured
-2008-06-16 23:15:16.980: notice: ------------------------------------------------------------
-2008-06-16 23:15:16.982: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-06-16 23:15:16.982: debug: Check RFC5011 status
-2008-06-16 23:15:16.982: debug: ->ksk5011status returns 0
-2008-06-16 23:15:16.982: debug: Check ksk status
-2008-06-16 23:15:16.982: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 28w3d14h50m52s
-2008-06-16 23:15:16.982: debug: Re-signing not necessary!
-2008-06-16 23:15:16.982: debug: parsing zone "example.net." in dir "./example.net."
-2008-06-16 23:15:16.982: debug: Check RFC5011 status
-2008-06-16 23:15:16.982: debug: ->ksk5011status returns 2
-2008-06-16 23:15:16.982: debug: Re-signing not necessary!
-2008-06-16 23:15:16.983: notice: end of run: 0 errors occured
-2008-06-16 23:18:48.101: notice: ------------------------------------------------------------
-2008-06-16 23:18:48.101: notice: running as ../../dnssec-signer -v -v
-2008-06-16 23:18:48.103: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-06-16 23:18:48.103: debug: Check RFC5011 status
-2008-06-16 23:18:48.103: debug: ->ksk5011status returns 0
-2008-06-16 23:18:48.103: debug: Check ksk status
-2008-06-16 23:18:48.103: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 28w3d14h54m24s
-2008-06-16 23:18:48.103: debug: Re-signing not necessary!
-2008-06-16 23:18:48.103: debug:
-2008-06-16 23:18:48.103: debug: parsing zone "example.net." in dir "./example.net."
-2008-06-16 23:18:48.104: debug: Check RFC5011 status
-2008-06-16 23:18:48.104: debug: ->ksk5011status returns 2
-2008-06-16 23:18:48.104: debug: Re-signing not necessary!
-2008-06-16 23:18:48.104: debug:
-2008-06-16 23:18:48.104: notice: end of run: 0 errors occured
-2008-06-24 14:55:16.347: notice: ------------------------------------------------------------
-2008-06-24 14:55:16.347: notice: running ../../dnssec-signer -v -v
-2008-06-24 14:55:16.349: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-06-24 14:55:16.349: debug: Check RFC5011 status
-2008-06-24 14:55:16.349: debug: ->ksk5011status returns 0
-2008-06-24 14:55:16.349: debug: Check ksk status
-2008-06-24 14:55:16.349: debug: Lifetime(390 sec) of depreciated key 44833 exceeded (483774 sec)
-2008-06-24 14:55:16.350: debug: ->remove it
-2008-06-24 14:55:16.350: debug: Lifetime(259200 +/-150 sec) of active key 55267 exceeded (483774 sec)
-2008-06-24 14:55:16.350: debug: ->depreciate it
-2008-06-24 14:55:16.350: debug: ->activate pre-publish key 56149
-2008-06-24 14:55:16.350: notice: "sub.example.net.": lifetime of zone signing key 55267 exceeded: ZSK rollover done
-2008-06-24 14:55:16.350: notice: "sub.example.net.": lifetime of zone signing key 56149 exceeded since 2d14h22m54s: ZSK rollover deferred: waiting for pre-publish key
-2008-06-24 14:55:16.350: debug: New pre-publish key needed
-2008-06-24 14:55:16.532: debug: ->creating new pre-publish key 2338
-2008-06-24 14:55:16.532: debug: Re-signing necessary: New zone key
-2008-06-24 14:55:16.533: notice: "sub.example.net.": re-signing triggered: New zone key
-2008-06-24 14:55:16.533: debug: Writing key file "./sub.example.net./dnskey.db"
-2008-06-24 14:55:16.533: debug: Signing zone "sub.example.net."
-2008-06-24 14:55:16.533: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o sub.example.net. -e +172800 -g -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
-2008-06-24 14:55:16.776: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-06-24 14:55:16.776: debug: Signing completed after 0s.
-2008-06-24 14:55:16.776: debug:
-2008-06-24 14:55:16.776: debug: parsing zone "example.net." in dir "./example.net."
-2008-06-24 14:55:16.776: debug: Check RFC5011 status
-2008-06-24 14:55:16.776: debug: ->ksk5011status returns 2
-2008-06-24 14:55:16.776: debug: Re-signing necessary: re-signing interval (2d) reached
-2008-06-24 14:55:16.776: notice: "example.net.": re-signing triggered: re-signing interval (2d) reached
-2008-06-24 14:55:16.776: debug: Writing key file "./example.net./dnskey.db"
-2008-06-24 14:55:16.777: debug: Incrementing serial number in file "./example.net./zone.db"
-2008-06-24 14:55:16.777: debug: Signing zone "example.net."
-2008-06-24 14:55:16.777: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o example.net. -e +518400 -g zone.db K*.private"
-2008-06-24 14:55:16.922: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-06-24 14:55:16.922: debug: Signing completed after 0s.
-2008-06-24 14:55:16.922: debug:
-2008-06-24 14:55:16.922: notice: end of run: 0 errors occured
-2008-06-24 14:57:56.093: notice: ------------------------------------------------------------
-2008-06-24 14:57:56.094: notice: running ../../dnssec-signer -v -v
-2008-06-24 14:57:56.096: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-06-24 14:57:56.096: debug: Check RFC5011 status
-2008-06-24 14:57:56.096: debug: ->ksk5011status returns 0
-2008-06-24 14:57:56.096: debug: Check ksk status
-2008-06-24 14:57:56.097: debug: Re-signing not necessary!
-2008-06-24 14:57:56.097: debug:
-2008-06-24 14:57:56.097: debug: parsing zone "example.net." in dir "./example.net."
-2008-06-24 14:57:56.097: debug: Check RFC5011 status
-2008-06-24 14:57:56.097: debug: ->ksk5011status returns 2
-2008-06-24 14:57:56.097: debug: Re-signing not necessary!
-2008-06-24 14:57:56.097: debug:
-2008-06-24 14:57:56.098: notice: end of run: 0 errors occured
-2008-06-24 23:26:12.632: notice: ------------------------------------------------------------
-2008-06-24 23:26:12.632: notice: running ../../dnssec-signer -v -v
-2008-06-24 23:26:12.648: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-06-24 23:26:12.648: debug: Check RFC5011 status
-2008-06-24 23:26:12.648: debug: ->ksk5011status returns 0
-2008-06-24 23:26:12.648: debug: Check ksk status
-2008-06-24 23:26:12.648: debug: Lifetime(390 sec) of depreciated key 55267 exceeded (30656 sec)
-2008-06-24 23:26:12.648: debug: ->remove it
-2008-06-24 23:26:12.648: debug: Re-signing necessary: New zone key
-2008-06-24 23:26:12.649: notice: "sub.example.net.": re-signing triggered: New zone key
-2008-06-24 23:26:12.649: debug: Writing key file "./sub.example.net./dnskey.db"
-2008-06-24 23:26:12.655: debug: Signing zone "sub.example.net."
-2008-06-24 23:26:12.655: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o sub.example.net. -e +172800 -g -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
-2008-06-24 23:26:13.030: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-06-24 23:26:13.030: debug: Signing completed after 1s.
-2008-06-24 23:26:13.030: debug:
-2008-06-24 23:26:13.030: debug: parsing zone "example.net." in dir "./example.net."
-2008-06-24 23:26:13.030: debug: Check RFC5011 status
-2008-06-24 23:26:13.030: debug: ->ksk5011status returns 2
-2008-06-24 23:26:13.030: debug: Re-signing not necessary!
-2008-06-24 23:26:13.030: debug:
-2008-06-24 23:26:13.030: notice: end of run: 0 errors occured
-2008-07-08 00:53:55.013: notice: ------------------------------------------------------------
-2008-07-08 00:53:55.013: notice: running ../../dnssec-signer -v -v
-2008-07-08 00:53:55.015: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-07-08 00:53:55.015: debug: Check RFC5011 status
-2008-07-08 00:53:55.015: debug: ->ksk5011status returns 0
-2008-07-08 00:53:55.015: debug: Check KSK status
-2008-07-08 00:53:55.015: debug: Check ZSK status
-2008-07-08 00:53:55.015: debug: Lifetime(259200 +/-150 sec) of active key 56149 exceeded (1159119 sec)
-2008-07-08 00:53:55.015: debug: ->depreciate it
-2008-07-08 00:53:55.015: debug: ->activate pre-publish key 2338
-2008-07-08 00:53:55.018: notice: "sub.example.net.": lifetime of zone signing key 56149 exceeded: ZSK rollover done
-2008-07-08 00:53:55.018: debug: New pre-publish key needed
-2008-07-08 00:53:55.547: debug: ->creating new pre-publish key 9198
-2008-07-08 00:53:55.547: info: "sub.example.net.": new pre-publish key 9198 created
-2008-07-08 00:53:55.547: debug: Re-signing necessary: New zone key
-2008-07-08 00:53:55.548: notice: "sub.example.net.": re-signing triggered: New zone key
-2008-07-08 00:53:55.548: debug: Writing key file "./sub.example.net./dnskey.db"
-2008-07-08 00:53:55.578: debug: Signing zone "sub.example.net."
-2008-07-08 00:53:55.578: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
-2008-07-08 00:53:55.708: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-08 00:53:55.708: debug: Signing completed after 0s.
-2008-07-08 00:53:55.708: debug:
-2008-07-08 00:53:55.708: debug: parsing zone "example.net." in dir "./example.net."
-2008-07-08 00:53:55.708: debug: Check RFC5011 status
-2008-07-08 00:53:55.708: debug: ->ksk5011status returns 2
-2008-07-08 00:53:55.708: debug: Check ZSK status
-2008-07-08 00:53:55.708: debug: Lifetime(1209600 +/-150 sec) of active key 14939 exceeded (1642893 sec)
-2008-07-08 00:53:55.708: debug: ->waiting for pre-publish key
-2008-07-08 00:53:55.708: notice: "example.net.": lifetime of zone signing key 14939 exceeded since 5d21m33s: ZSK rollover deferred: waiting for pre-publish key
-2008-07-08 00:53:55.708: debug: New pre-publish key needed
-2008-07-08 00:53:55.747: debug: ->creating new pre-publish key 16682
-2008-07-08 00:53:55.747: info: "example.net.": new pre-publish key 16682 created
-2008-07-08 00:53:55.747: debug: Re-signing necessary: New zone key
-2008-07-08 00:53:55.747: notice: "example.net.": re-signing triggered: New zone key
-2008-07-08 00:53:55.747: debug: Writing key file "./example.net./dnskey.db"
-2008-07-08 00:53:55.748: debug: Incrementing serial number in file "./example.net./zone.db"
-2008-07-08 00:53:55.748: debug: Signing zone "example.net."
-2008-07-08 00:53:55.748: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
-2008-07-08 00:53:55.899: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-08 00:53:55.899: debug: Signing completed after 0s.
-2008-07-08 00:53:55.899: debug:
-2008-07-08 00:53:55.899: notice: end of run: 0 errors occured
-2008-07-08 00:53:57.597: notice: ------------------------------------------------------------
-2008-07-08 00:53:57.597: notice: running ../../dnssec-signer -v -v
-2008-07-08 00:53:57.599: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-07-08 00:53:57.599: debug: Check RFC5011 status
-2008-07-08 00:53:57.599: debug: ->ksk5011status returns 0
-2008-07-08 00:53:57.599: debug: Check KSK status
-2008-07-08 00:53:57.599: debug: Check ZSK status
-2008-07-08 00:53:57.599: debug: Re-signing not necessary!
-2008-07-08 00:53:57.599: debug: Check if there is a parent file to copy
-2008-07-08 00:53:57.599: debug:
-2008-07-08 00:53:57.599: debug: parsing zone "example.net." in dir "./example.net."
-2008-07-08 00:53:57.599: debug: Check RFC5011 status
-2008-07-08 00:53:57.599: debug: ->ksk5011status returns 2
-2008-07-08 00:53:57.599: debug: Check ZSK status
-2008-07-08 00:53:57.599: debug: Lifetime(1209600 +/-150 sec) of active key 14939 exceeded (1642895 sec)
-2008-07-08 00:53:57.599: debug: ->waiting for pre-publish key
-2008-07-08 00:53:57.600: notice: "example.net.": lifetime of zone signing key 14939 exceeded since 5d21m35s: ZSK rollover deferred: waiting for pre-publish key
-2008-07-08 00:53:57.600: debug: Re-signing not necessary!
-2008-07-08 00:53:57.600: debug: Check if there is a parent file to copy
-2008-07-08 00:53:57.600: debug:
-2008-07-08 00:53:57.600: notice: end of run: 0 errors occured
-2008-07-08 20:28:20.476: notice: ------------------------------------------------------------
-2008-07-08 20:28:20.476: notice: running ../../dnssec-signer -v -v -N named.conf
-2008-07-08 20:28:20.476: debug: parsing zone "sub.example.net." in dir "././sub.example.net."
-2008-07-08 20:28:20.476: debug: Check RFC5011 status
-2008-07-08 20:28:20.476: debug: ->ksk5011status returns 0
-2008-07-08 20:28:20.476: debug: Check KSK status
-2008-07-08 20:28:20.476: debug: Check ZSK status
-2008-07-08 20:28:20.476: debug: Lifetime(390 sec) of depreciated key 56149 exceeded (70465 sec)
-2008-07-08 20:28:20.476: info: "sub.example.net.": removed old ZSK 56149
-
-2008-07-08 20:28:20.656: debug: ->remove it
-2008-07-08 20:28:20.656: debug: Re-signing necessary: New zone key
-2008-07-08 20:28:20.656: notice: "sub.example.net.": re-signing triggered: New zone key
-2008-07-08 20:28:20.656: debug: Writing key file "././sub.example.net./dnskey.db"
-2008-07-08 20:28:20.656: debug: Signing zone "sub.example.net."
-2008-07-08 20:28:20.656: debug: Run cmd "cd ././sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
-2008-07-08 20:28:20.990: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-08 20:28:20.990: debug: Signing completed after 0s.
-2008-07-08 20:28:20.990: debug:
-2008-07-08 20:28:20.990: debug: parsing zone "example.net." in dir "././example.net."
-2008-07-08 20:28:20.990: debug: Check RFC5011 status
-2008-07-08 20:28:20.990: debug: ->ksk5011status returns 2
-2008-07-08 20:28:20.990: debug: Check ZSK status
-2008-07-08 20:28:20.990: debug: Lifetime(1209600 +/-150 sec) of active key 14939 exceeded (1713358 sec)
-2008-07-08 20:28:20.990: debug: ->depreciate it
-2008-07-08 20:28:20.990: debug: ->activate pre-publish key 16682
-2008-07-08 20:28:20.990: notice: "example.net.": lifetime of zone signing key 14939 exceeded: ZSK rollover done
-2008-07-08 20:28:20.990: debug: Re-signing necessary: New zone key
-2008-07-08 20:28:20.990: notice: "example.net.": re-signing triggered: New zone key
-2008-07-08 20:28:20.990: debug: Writing key file "././example.net./dnskey.db"
-2008-07-08 20:28:20.991: debug: Incrementing serial number in file "././example.net./zone.db"
-2008-07-08 20:28:20.991: debug: Signing zone "example.net."
-2008-07-08 20:28:20.991: debug: Run cmd "cd ././example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
-2008-07-08 20:28:21.112: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-08 20:28:21.112: debug: Signing completed after 1s.
-2008-07-08 20:28:21.112: debug:
-2008-07-08 20:28:21.113: notice: end of run: 0 errors occured
-2008-07-08 20:32:23.121: notice: ------------------------------------------------------------
-2008-07-08 20:32:23.121: notice: running ../../dnssec-signer -v -v
-2008-07-08 20:32:23.123: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-07-08 20:32:23.123: debug: Check RFC5011 status
-2008-07-08 20:32:23.124: debug: ->ksk5011status returns 0
-2008-07-08 20:32:23.124: debug: Check KSK status
-2008-07-08 20:32:23.124: debug: Check ZSK status
-2008-07-08 20:32:23.124: debug: Re-signing not necessary!
-2008-07-08 20:32:23.124: debug: Check if there is a parent file to copy
-2008-07-08 20:32:23.124: debug:
-2008-07-08 20:32:23.124: debug: parsing zone "example.net." in dir "./example.net."
-2008-07-08 20:32:23.124: debug: Check RFC5011 status
-2008-07-08 20:32:23.124: debug: ->ksk5011status returns 2
-2008-07-08 20:32:23.124: debug: Check ZSK status
-2008-07-08 20:32:23.124: debug: Re-signing not necessary!
-2008-07-08 20:32:23.124: debug: Check if there is a parent file to copy
-2008-07-08 20:32:23.124: debug:
-2008-07-08 20:32:23.124: notice: end of run: 0 errors occured
-2008-07-08 20:32:30.246: notice: ------------------------------------------------------------
-2008-07-08 20:32:30.246: notice: running ../../dnssec-signer -v -v -N named.conf
-2008-07-08 20:32:30.246: debug: parsing zone "sub.example.net." in dir "././sub.example.net."
-2008-07-08 20:32:30.246: debug: Check RFC5011 status
-2008-07-08 20:32:30.246: debug: ->ksk5011status returns 0
-2008-07-08 20:32:30.246: debug: Check KSK status
-2008-07-08 20:32:30.246: debug: Check ZSK status
-2008-07-08 20:32:30.246: debug: Re-signing not necessary!
-2008-07-08 20:32:30.246: debug: Check if there is a parent file to copy
-2008-07-08 20:32:30.246: debug:
-2008-07-08 20:32:30.246: debug: parsing zone "example.net." in dir "././example.net."
-2008-07-08 20:32:30.246: debug: Check RFC5011 status
-2008-07-08 20:32:30.246: debug: ->ksk5011status returns 2
-2008-07-08 20:32:30.247: debug: Check ZSK status
-2008-07-08 20:32:30.247: debug: Re-signing not necessary!
-2008-07-08 20:32:30.247: debug: Check if there is a parent file to copy
-2008-07-08 20:32:30.247: debug:
-2008-07-08 20:32:30.247: notice: end of run: 0 errors occured
-2008-07-08 20:35:51.512: notice: ------------------------------------------------------------
-2008-07-08 20:35:51.512: notice: running ../../dnssec-signer -v -v -N named.conf
-2008-07-08 20:35:51.512: debug: parsing zone "sub.example.net." in dir "././sub.example.net."
-2008-07-08 20:35:51.512: debug: Check RFC5011 status
-2008-07-08 20:35:51.512: debug: ->ksk5011status returns 0
-2008-07-08 20:35:51.513: debug: Check KSK status
-2008-07-08 20:35:51.513: debug: Check ZSK status
-2008-07-08 20:35:51.513: debug: Re-signing not necessary!
-2008-07-08 20:35:51.513: debug: Check if there is a parent file to copy
-2008-07-08 20:35:51.513: debug:
-2008-07-08 20:35:51.513: debug: parsing zone "example.net." in dir "././example.net."
-2008-07-08 20:35:51.513: debug: Check RFC5011 status
-2008-07-08 20:35:51.513: debug: ->ksk5011status returns 2
-2008-07-08 20:35:51.513: debug: Check ZSK status
-2008-07-08 20:35:51.513: debug: Re-signing not necessary!
-2008-07-08 20:35:51.513: debug: Check if there is a parent file to copy
-2008-07-08 20:35:51.513: debug:
-2008-07-08 20:35:51.513: notice: end of run: 0 errors occured
-2008-07-08 20:37:16.569: notice: ------------------------------------------------------------
-2008-07-08 20:37:16.569: notice: running ../../dnssec-signer -v -v -N named.conf
-2008-07-08 20:37:16.569: debug: parsing zone "sub.example.net." in dir "././sub.example.net."
-2008-07-08 20:37:16.569: debug: Check RFC5011 status
-2008-07-08 20:37:16.569: debug: ->ksk5011status returns 0
-2008-07-08 20:37:16.570: debug: Check KSK status
-2008-07-08 20:37:16.570: debug: Check ZSK status
-2008-07-08 20:37:16.570: debug: Re-signing not necessary!
-2008-07-08 20:37:16.570: debug: Check if there is a parent file to copy
-2008-07-08 20:37:16.570: debug:
-2008-07-08 20:37:16.570: debug: parsing zone "example.net." in dir "././example.net."
-2008-07-08 20:37:16.570: debug: Check RFC5011 status
-2008-07-08 20:37:16.570: debug: ->ksk5011status returns 2
-2008-07-08 20:37:16.570: debug: Check ZSK status
-2008-07-08 20:37:16.570: debug: Re-signing not necessary!
-2008-07-08 20:37:16.570: debug: Check if there is a parent file to copy
-2008-07-08 20:37:16.570: debug:
-2008-07-08 20:37:16.570: notice: end of run: 0 errors occured
-2008-07-08 20:37:29.134: notice: ------------------------------------------------------------
-2008-07-08 20:37:29.134: notice: running ../../dnssec-signer -v -v
-2008-07-08 20:37:29.137: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-07-08 20:37:29.137: debug: Check RFC5011 status
-2008-07-08 20:37:29.137: debug: ->ksk5011status returns 0
-2008-07-08 20:37:29.137: debug: Check KSK status
-2008-07-08 20:37:29.137: debug: Check ZSK status
-2008-07-08 20:37:29.137: debug: Re-signing not necessary!
-2008-07-08 20:37:29.138: debug: Check if there is a parent file to copy
-2008-07-08 20:37:29.138: debug:
-2008-07-08 20:37:29.138: debug: parsing zone "example.net." in dir "./example.net."
-2008-07-08 20:37:29.138: debug: Check RFC5011 status
-2008-07-08 20:37:29.138: debug: ->ksk5011status returns 2
-2008-07-08 20:37:29.138: debug: Check ZSK status
-2008-07-08 20:37:29.138: debug: Re-signing not necessary!
-2008-07-08 20:37:29.139: debug: Check if there is a parent file to copy
-2008-07-08 20:37:29.139: debug:
-2008-07-08 20:37:29.139: notice: end of run: 0 errors occured
-2008-07-08 20:39:39.895: notice: ------------------------------------------------------------
-2008-07-08 20:39:39.895: notice: running ../../dnssec-signer -N named.conf -v -v
-2008-07-08 20:39:39.895: debug: parsing zone "sub.example.net." in dir "././sub.example.net."
-2008-07-08 20:39:39.895: debug: Check RFC5011 status
-2008-07-08 20:39:39.895: debug: ->ksk5011status returns 0
-2008-07-08 20:39:39.895: debug: Check KSK status
-2008-07-08 20:39:39.895: debug: Check ZSK status
-2008-07-08 20:39:39.895: debug: Re-signing not necessary!
-2008-07-08 20:39:39.895: debug: Check if there is a parent file to copy
-2008-07-08 20:39:39.895: debug:
-2008-07-08 20:39:39.895: debug: parsing zone "example.net." in dir "././example.net."
-2008-07-08 20:39:39.895: debug: Check RFC5011 status
-2008-07-08 20:39:39.895: debug: ->ksk5011status returns 2
-2008-07-08 20:39:39.895: debug: Check ZSK status
-2008-07-08 20:39:39.895: debug: Re-signing not necessary!
-2008-07-08 20:39:39.895: debug: Check if there is a parent file to copy
-2008-07-08 20:39:39.895: debug:
-2008-07-08 20:39:39.895: notice: end of run: 0 errors occured
-2008-07-08 20:42:54.377: notice: ------------------------------------------------------------
-2008-07-08 20:42:54.377: notice: running ../../dnssec-signer -v -v -D .
-2008-07-08 20:42:54.377: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-07-08 20:42:54.377: debug: Check RFC5011 status
-2008-07-08 20:42:54.377: debug: ->ksk5011status returns 0
-2008-07-08 20:42:54.377: debug: Check KSK status
-2008-07-08 20:42:54.377: debug: Check ZSK status
-2008-07-08 20:42:54.377: debug: Re-signing not necessary!
-2008-07-08 20:42:54.377: debug: Check if there is a parent file to copy
-2008-07-08 20:42:54.377: debug:
-2008-07-08 20:42:54.377: debug: parsing zone "example.net." in dir "./example.net."
-2008-07-08 20:42:54.378: debug: Check RFC5011 status
-2008-07-08 20:42:54.378: debug: ->ksk5011status returns 2
-2008-07-08 20:42:54.378: debug: Check ZSK status
-2008-07-08 20:42:54.378: debug: Re-signing not necessary!
-2008-07-08 20:42:54.378: debug: Check if there is a parent file to copy
-2008-07-08 20:42:54.378: debug:
-2008-07-08 20:42:54.378: notice: end of run: 0 errors occured
-2008-07-08 20:53:40.414: notice: ------------------------------------------------------------
-2008-07-08 20:53:40.414: notice: running ../../dnssec-signer -v -v -D .
-2008-07-08 20:53:40.417: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-07-08 20:53:40.417: debug: Check RFC5011 status
-2008-07-08 20:53:40.417: debug: ->ksk5011status returns 0
-2008-07-08 20:53:40.417: debug: Check KSK status
-2008-07-08 20:53:40.417: debug: Check ZSK status
-2008-07-08 20:53:40.417: debug: Re-signing not necessary!
-2008-07-08 20:53:40.417: debug: Check if there is a parent file to copy
-2008-07-08 20:53:40.417: debug:
-2008-07-08 20:53:40.417: debug: parsing zone "example.net." in dir "./example.net."
-2008-07-08 20:53:40.417: debug: Check RFC5011 status
-2008-07-08 20:53:40.417: debug: ->ksk5011status returns 2
-2008-07-08 20:53:40.417: debug: Check ZSK status
-2008-07-08 20:53:40.417: debug: Re-signing not necessary!
-2008-07-08 20:53:40.418: debug: Check if there is a parent file to copy
-2008-07-08 20:53:40.418: debug:
-2008-07-08 20:53:40.418: notice: end of run: 0 errors occured
-2008-07-08 20:53:49.488: notice: ------------------------------------------------------------
-2008-07-08 20:53:49.488: notice: running ../../dnssec-signer -v -v -N named.conf
-2008-07-08 20:53:49.490: debug: parsing zone "sub.example.net." in dir "././sub.example.net."
-2008-07-08 20:53:49.490: debug: Check RFC5011 status
-2008-07-08 20:53:49.490: debug: ->ksk5011status returns 0
-2008-07-08 20:53:49.491: debug: Check KSK status
-2008-07-08 20:53:49.491: debug: Check ZSK status
-2008-07-08 20:53:49.491: debug: Re-signing not necessary!
-2008-07-08 20:53:49.491: debug: Check if there is a parent file to copy
-2008-07-08 20:53:49.491: debug:
-2008-07-08 20:53:49.491: debug: parsing zone "example.net." in dir "././example.net."
-2008-07-08 20:53:49.492: debug: Check RFC5011 status
-2008-07-08 20:53:49.492: debug: ->ksk5011status returns 2
-2008-07-08 20:53:49.492: debug: Check ZSK status
-2008-07-08 20:53:49.492: debug: Re-signing not necessary!
-2008-07-08 20:53:49.492: debug: Check if there is a parent file to copy
-2008-07-08 20:53:49.492: debug:
-2008-07-08 20:53:49.492: notice: end of run: 0 errors occured
-2008-07-09 00:42:08.103: notice: ------------------------------------------------------------
-2008-07-09 00:42:08.103: notice: running ../../dnssec-signer -v -v
-2008-07-09 00:42:08.106: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-07-09 00:42:08.106: debug: Check RFC5011 status
-2008-07-09 00:42:08.106: debug: ->ksk5011status returns 0
-2008-07-09 00:42:08.106: debug: Check KSK status
-2008-07-09 00:42:08.106: debug: ksk_rollover
-2008-07-09 00:42:08.106: debug: Check ZSK status
-2008-07-09 00:42:08.106: debug: Re-signing not necessary!
-2008-07-09 00:42:08.106: debug: Check if there is a parent file to copy
-2008-07-09 00:42:08.106: debug:
-2008-07-09 00:42:08.106: debug: parsing zone "example.net." in dir "./example.net."
-2008-07-09 00:42:08.106: debug: Check RFC5011 status
-2008-07-09 00:42:08.106: debug: ->ksk5011status returns 2
-2008-07-09 00:42:08.106: debug: Check ZSK status
-2008-07-09 00:42:08.106: debug: Re-signing not necessary!
-2008-07-09 00:42:08.106: debug: Check if there is a parent file to copy
-2008-07-09 00:42:08.106: debug:
-2008-07-09 00:42:08.106: notice: end of run: 0 errors occured
-2008-07-09 00:45:19.663: notice: ------------------------------------------------------------
-2008-07-09 00:45:19.663: notice: running ../../dnssec-signer -v -v
-2008-07-09 00:45:19.665: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-07-09 00:45:19.665: debug: Check RFC5011 status
-2008-07-09 00:45:19.665: debug: ->ksk5011status returns 0
-2008-07-09 00:45:19.665: debug: Check KSK status
-2008-07-09 00:45:19.665: debug: Check ZSK status
-2008-07-09 00:45:19.665: debug: Re-signing not necessary!
-2008-07-09 00:45:19.665: debug: Check if there is a parent file to copy
-2008-07-09 00:45:19.665: debug:
-2008-07-09 00:45:19.665: debug: parsing zone "example.net." in dir "./example.net."
-2008-07-09 00:45:19.665: debug: Check RFC5011 status
-2008-07-09 00:45:19.665: debug: ->ksk5011status returns 2
-2008-07-09 00:45:19.665: debug: Check ZSK status
-2008-07-09 00:45:19.665: debug: Re-signing not necessary!
-2008-07-09 00:45:19.665: debug: Check if there is a parent file to copy
-2008-07-09 00:45:19.665: debug:
-2008-07-09 00:45:19.665: notice: end of run: 0 errors occured
-2008-07-09 23:46:12.682: notice: ------------------------------------------------------------
-2008-07-09 23:46:12.682: notice: running ../../dnssec-signer -v -v -D /home/hoz/named/dnssec-signer/zkt-0.97/examples/flat/
-2008-07-09 23:46:12.702: debug: parsing zone "sub.example.net." in dir "/home/hoz/named/dnssec-signer/zkt-0.97/examples/flat/sub.example.net."
-2008-07-09 23:46:12.702: debug: Check RFC5011 status
-2008-07-09 23:46:12.702: debug: ->ksk5011status returns 0
-2008-07-09 23:46:12.702: debug: Check KSK status
-2008-07-09 23:46:12.702: debug: Check ZSK status
-2008-07-09 23:46:12.702: debug: Re-signing necessary: re-signing interval (1d) reached
-2008-07-09 23:46:12.702: notice: "sub.example.net.": re-signing triggered: re-signing interval (1d) reached
-2008-07-09 23:46:12.702: debug: Writing key file "/home/hoz/named/dnssec-signer/zkt-0.97/examples/flat/sub.example.net./dnskey.db"
-2008-07-09 23:46:12.702: debug: Signing zone "sub.example.net."
-2008-07-09 23:46:12.702: debug: Run cmd "cd /home/hoz/named/dnssec-signer/zkt-0.97/examples/flat/sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
-2008-07-09 23:46:13.222: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-09 23:46:13.222: debug: Signing completed after 1s.
-2008-07-09 23:46:13.222: debug:
-2008-07-09 23:46:13.222: debug: parsing zone "example.net." in dir "/home/hoz/named/dnssec-signer/zkt-0.97/examples/flat/example.net."
-2008-07-09 23:46:13.222: debug: Check RFC5011 status
-2008-07-09 23:46:13.222: debug: ->ksk5011status returns 2
-2008-07-09 23:46:13.222: debug: Check ZSK status
-2008-07-09 23:46:13.222: debug: Lifetime(29100 sec) of depreciated key 14939 exceeded (98273 sec)
-2008-07-09 23:46:13.222: info: "example.net.": removed old ZSK 14939
-
-2008-07-09 23:46:13.222: debug: ->remove it
-2008-07-09 23:46:13.222: debug: Re-signing necessary: New zone key
-2008-07-09 23:46:13.222: notice: "example.net.": re-signing triggered: New zone key
-2008-07-09 23:46:13.222: debug: Writing key file "/home/hoz/named/dnssec-signer/zkt-0.97/examples/flat/example.net./dnskey.db"
-2008-07-09 23:46:13.223: debug: Incrementing serial number in file "/home/hoz/named/dnssec-signer/zkt-0.97/examples/flat/example.net./zone.db"
-2008-07-09 23:46:13.223: debug: Signing zone "example.net."
-2008-07-09 23:46:13.223: debug: Run cmd "cd /home/hoz/named/dnssec-signer/zkt-0.97/examples/flat/example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
-2008-07-09 23:46:13.374: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-09 23:46:13.374: debug: Signing completed after 0s.
-2008-07-09 23:46:13.374: debug:
-2008-07-09 23:46:13.374: notice: end of run: 0 errors occured
-2008-07-15 00:21:04.641: notice: ------------------------------------------------------------
-2008-07-15 00:21:04.641: notice: running ../../dnssec-signer -r -v -v
-2008-07-15 00:21:05.071: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-07-15 00:21:05.071: debug: Check RFC5011 status
-2008-07-15 00:21:05.071: debug: ->ksk5011status returns 0
-2008-07-15 00:21:05.071: debug: Check KSK status
-2008-07-15 00:21:05.071: debug: Check ZSK status
-2008-07-15 00:21:05.071: debug: Lifetime(259200 +/-150 sec) of active key 2338 exceeded (602830 sec)
-2008-07-15 00:21:05.071: debug: ->depreciate it
-2008-07-15 00:21:05.072: debug: ->activate published key 9198
-2008-07-15 00:21:05.072: notice: "sub.example.net.": lifetime of zone signing key 2338 exceeded: ZSK rollover done
-2008-07-15 00:21:05.072: debug: New published key needed
-2008-07-15 00:21:05.128: debug: ->creating new published key 8397
-2008-07-15 00:21:05.128: info: "sub.example.net.": new published key 8397 created
-2008-07-15 00:21:05.128: debug: Re-signing necessary: New zone key
-2008-07-15 00:21:05.128: notice: "sub.example.net.": re-signing triggered: New zone key
-2008-07-15 00:21:05.129: debug: Writing key file "./sub.example.net./dnskey.db"
-2008-07-15 00:21:05.129: debug: Signing zone "sub.example.net."
-2008-07-15 00:21:05.129: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
-2008-07-15 00:21:05.274: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-15 00:21:05.274: debug: Signing completed after 0s.
-2008-07-15 00:21:05.274: notice: "sub.example.net.": distribution triggered
-2008-07-15 00:21:05.275: debug: Distribute zone "sub.example.net."
-2008-07-15 00:21:05.275: debug: Run cmd "./dist.sh reload sub.example.net."
-2008-07-15 00:21:05.279: debug:
-2008-07-15 00:21:05.279: debug: parsing zone "example.net." in dir "./example.net."
-2008-07-15 00:21:05.279: debug: Check RFC5011 status
-2008-07-15 00:21:05.279: debug: ->ksk5011status returns 2
-2008-07-15 00:21:05.279: debug: Check ZSK status
-2008-07-15 00:21:05.279: debug: Re-signing necessary: re-signing interval (2d) reached
-2008-07-15 00:21:05.279: notice: "example.net.": re-signing triggered: re-signing interval (2d) reached
-2008-07-15 00:21:05.279: debug: Writing key file "./example.net./dnskey.db"
-2008-07-15 00:21:05.280: debug: Incrementing serial number in file "./example.net./zone.db"
-2008-07-15 00:21:05.280: debug: Signing zone "example.net."
-2008-07-15 00:21:05.280: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
-2008-07-15 00:21:05.418: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-15 00:21:05.419: debug: Signing completed after 0s.
-2008-07-15 00:21:05.419: notice: "example.net.": distribution triggered
-2008-07-15 00:21:05.419: debug: Distribute zone "example.net."
-2008-07-15 00:21:05.419: debug: Run cmd "./dist.sh reload example.net."
-2008-07-15 00:21:05.423: debug:
-2008-07-15 00:21:05.423: notice: end of run: 0 errors occured
-2008-07-15 00:21:18.128: notice: ------------------------------------------------------------
-2008-07-15 00:21:18.128: notice: running ../../dnssec-signer -r -v -v
-2008-07-15 00:21:18.130: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-07-15 00:21:18.130: debug: Check RFC5011 status
-2008-07-15 00:21:18.130: debug: ->ksk5011status returns 0
-2008-07-15 00:21:18.130: debug: Check KSK status
-2008-07-15 00:21:18.130: debug: Check ZSK status
-2008-07-15 00:21:18.130: debug: Re-signing not necessary!
-2008-07-15 00:21:18.130: debug: Check if there is a parent file to copy
-2008-07-15 00:21:18.130: debug:
-2008-07-15 00:21:18.130: debug: parsing zone "example.net." in dir "./example.net."
-2008-07-15 00:21:18.131: debug: Check RFC5011 status
-2008-07-15 00:21:18.131: debug: ->ksk5011status returns 2
-2008-07-15 00:21:18.131: debug: Check ZSK status
-2008-07-15 00:21:18.131: debug: Re-signing not necessary!
-2008-07-15 00:21:18.131: debug: Check if there is a parent file to copy
-2008-07-15 00:21:18.131: debug:
-2008-07-15 00:21:18.131: notice: end of run: 0 errors occured
-2008-07-15 00:21:26.360: notice: ------------------------------------------------------------
-2008-07-15 00:21:26.360: notice: running ../../dnssec-signer -f -r -v -v
-2008-07-15 00:21:26.362: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-07-15 00:21:26.362: debug: Check RFC5011 status
-2008-07-15 00:21:26.362: debug: ->ksk5011status returns 0
-2008-07-15 00:21:26.362: debug: Check KSK status
-2008-07-15 00:21:26.362: debug: Check ZSK status
-2008-07-15 00:21:26.362: debug: Re-signing necessary: Option -f
-2008-07-15 00:21:26.362: notice: "sub.example.net.": re-signing triggered: Option -f
-2008-07-15 00:21:26.362: debug: Writing key file "./sub.example.net./dnskey.db"
-2008-07-15 00:21:26.363: debug: Signing zone "sub.example.net."
-2008-07-15 00:21:26.363: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
-2008-07-15 00:21:26.978: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-15 00:21:26.978: debug: Signing completed after 0s.
-2008-07-15 00:21:26.978: notice: "sub.example.net.": distribution triggered
-2008-07-15 00:21:26.978: debug: Distribute zone "sub.example.net."
-2008-07-15 00:21:26.978: debug: Run cmd "./dist.sh reload sub.example.net."
-2008-07-15 00:21:26.983: debug:
-2008-07-15 00:21:26.983: debug: parsing zone "example.net." in dir "./example.net."
-2008-07-15 00:21:26.983: debug: Check RFC5011 status
-2008-07-15 00:21:26.983: debug: ->ksk5011status returns 2
-2008-07-15 00:21:26.983: debug: Check ZSK status
-2008-07-15 00:21:26.983: debug: Re-signing necessary: Option -f
-2008-07-15 00:21:26.983: notice: "example.net.": re-signing triggered: Option -f
-2008-07-15 00:21:26.983: debug: Writing key file "./example.net./dnskey.db"
-2008-07-15 00:21:26.983: debug: Incrementing serial number in file "./example.net./zone.db"
-2008-07-15 00:21:26.983: debug: Signing zone "example.net."
-2008-07-15 00:21:26.983: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
-2008-07-15 00:21:27.122: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-15 00:21:27.122: debug: Signing completed after 1s.
-2008-07-15 00:21:27.122: notice: "example.net.": distribution triggered
-2008-07-15 00:21:27.122: debug: Distribute zone "example.net."
-2008-07-15 00:21:27.122: debug: Run cmd "./dist.sh reload example.net."
-2008-07-15 00:21:27.127: debug:
-2008-07-15 00:21:27.127: notice: end of run: 0 errors occured
-2008-07-15 00:21:52.947: notice: ------------------------------------------------------------
-2008-07-15 00:21:52.947: notice: running ../../dnssec-signer -f -r -v -v
-2008-07-15 00:21:52.951: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-07-15 00:21:52.951: debug: Check RFC5011 status
-2008-07-15 00:21:52.951: debug: ->ksk5011status returns 0
-2008-07-15 00:21:52.951: debug: Check KSK status
-2008-07-15 00:21:52.951: debug: Check ZSK status
-2008-07-15 00:21:52.951: debug: Re-signing necessary: Option -f
-2008-07-15 00:21:52.951: notice: "sub.example.net.": re-signing triggered: Option -f
-2008-07-15 00:21:52.951: debug: Writing key file "./sub.example.net./dnskey.db"
-2008-07-15 00:21:52.952: debug: Signing zone "sub.example.net."
-2008-07-15 00:21:52.952: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
-2008-07-15 00:21:53.119: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-15 00:21:53.119: debug: Signing completed after 1s.
-2008-07-15 00:21:53.120: notice: "sub.example.net.": distribution triggered
-2008-07-15 00:21:53.120: debug: Distribute zone "sub.example.net."
-2008-07-15 00:21:53.120: debug: Run cmd "./dist.sh reload sub.example.net."
-2008-07-15 00:21:53.126: debug:
-2008-07-15 00:21:53.126: debug: parsing zone "example.net." in dir "./example.net."
-2008-07-15 00:21:53.126: debug: Check RFC5011 status
-2008-07-15 00:21:53.126: debug: ->ksk5011status returns 2
-2008-07-15 00:21:53.126: debug: Check ZSK status
-2008-07-15 00:21:53.126: debug: Re-signing necessary: Option -f
-2008-07-15 00:21:53.126: notice: "example.net.": re-signing triggered: Option -f
-2008-07-15 00:21:53.126: debug: Writing key file "./example.net./dnskey.db"
-2008-07-15 00:21:53.126: debug: Incrementing serial number in file "./example.net./zone.db"
-2008-07-15 00:21:53.126: debug: Signing zone "example.net."
-2008-07-15 00:21:53.126: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
-2008-07-15 00:21:53.262: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-15 00:21:53.262: debug: Signing completed after 0s.
-2008-07-15 00:21:53.262: notice: "example.net.": distribution triggered
-2008-07-15 00:21:53.262: debug: Distribute zone "example.net."
-2008-07-15 00:21:53.262: debug: Run cmd "./dist.sh reload example.net."
-2008-07-15 00:21:53.268: debug:
-2008-07-15 00:21:53.268: notice: end of run: 0 errors occured
-2008-07-15 00:23:40.781: notice: ------------------------------------------------------------
-2008-07-15 00:23:40.781: notice: running ../../dnssec-signer -f -r -v -v
-2008-07-15 00:23:40.783: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-07-15 00:23:40.783: debug: Check RFC5011 status
-2008-07-15 00:23:40.783: debug: ->ksk5011status returns 0
-2008-07-15 00:23:40.783: debug: Check KSK status
-2008-07-15 00:23:40.783: debug: Check ZSK status
-2008-07-15 00:23:40.783: debug: Re-signing necessary: Option -f
-2008-07-15 00:23:40.783: notice: "sub.example.net.": re-signing triggered: Option -f
-2008-07-15 00:23:40.783: debug: Writing key file "./sub.example.net./dnskey.db"
-2008-07-15 00:23:40.786: debug: Signing zone "sub.example.net."
-2008-07-15 00:23:40.786: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
-2008-07-15 00:23:41.281: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-15 00:23:41.281: debug: Signing completed after 1s.
-2008-07-15 00:23:41.281: notice: "sub.example.net.": distribution triggered
-2008-07-15 00:23:41.281: debug: Distribute zone "sub.example.net."
-2008-07-15 00:23:41.281: debug: Run cmd "./dist.sh reload sub.example.net."
-2008-07-15 00:23:41.287: debug:
-2008-07-15 00:23:41.287: debug: parsing zone "example.net." in dir "./example.net."
-2008-07-15 00:23:41.287: debug: Check RFC5011 status
-2008-07-15 00:23:41.287: debug: ->ksk5011status returns 2
-2008-07-15 00:23:41.287: debug: Check ZSK status
-2008-07-15 00:23:41.287: debug: Re-signing necessary: Option -f
-2008-07-15 00:23:41.287: notice: "example.net.": re-signing triggered: Option -f
-2008-07-15 00:23:41.288: debug: Writing key file "./example.net./dnskey.db"
-2008-07-15 00:23:41.288: debug: Incrementing serial number in file "./example.net./zone.db"
-2008-07-15 00:23:41.288: debug: Signing zone "example.net."
-2008-07-15 00:23:41.289: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
-2008-07-15 00:23:41.561: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-15 00:23:41.561: debug: Signing completed after 0s.
-2008-07-15 00:23:41.561: notice: "example.net.": distribution triggered
-2008-07-15 00:23:41.561: debug: Distribute zone "example.net."
-2008-07-15 00:23:41.561: debug: Run cmd "./dist.sh reload example.net."
-2008-07-15 00:23:41.566: debug:
-2008-07-15 00:23:41.567: notice: end of run: 0 errors occured
-2008-07-15 00:31:10.917: notice: ------------------------------------------------------------
-2008-07-15 00:31:10.917: notice: running ../../dnssec-signer -f -r -v -v
-2008-07-15 00:31:10.923: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-07-15 00:31:10.923: debug: Check RFC5011 status
-2008-07-15 00:31:10.923: debug: ->ksk5011status returns 0
-2008-07-15 00:31:10.923: debug: Check KSK status
-2008-07-15 00:31:10.923: debug: Check ZSK status
-2008-07-15 00:31:10.923: debug: Lifetime(390 sec) of depreciated key 2338 exceeded (605 sec)
-2008-07-15 00:31:10.923: info: "sub.example.net.": removed old ZSK 2338
-
-2008-07-15 00:31:10.924: debug: ->remove it
-2008-07-15 00:31:10.924: debug: Re-signing necessary: Option -f
-2008-07-15 00:31:10.924: notice: "sub.example.net.": re-signing triggered: Option -f
-2008-07-15 00:31:10.924: debug: Writing key file "./sub.example.net./dnskey.db"
-2008-07-15 00:31:11.347: debug: Signing zone "sub.example.net."
-2008-07-15 00:31:11.347: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
-2008-07-15 00:31:11.571: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-15 00:31:11.571: debug: Signing completed after 0s.
-2008-07-15 00:31:11.571: notice: "sub.example.net.": distribution triggered
-2008-07-15 00:31:11.571: debug: Distribute zone "sub.example.net."
-2008-07-15 00:31:11.571: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
-2008-07-15 00:31:11.579: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed :/sub.example.net."
-2008-07-15 00:31:11.579: debug:
-2008-07-15 00:31:11.580: debug: parsing zone "example.net." in dir "./example.net."
-2008-07-15 00:31:11.580: debug: Check RFC5011 status
-2008-07-15 00:31:11.580: debug: ->ksk5011status returns 2
-2008-07-15 00:31:11.580: debug: Check ZSK status
-2008-07-15 00:31:11.580: debug: Re-signing necessary: Option -f
-2008-07-15 00:31:11.580: notice: "example.net.": re-signing triggered: Option -f
-2008-07-15 00:31:11.580: debug: Writing key file "./example.net./dnskey.db"
-2008-07-15 00:31:11.581: debug: Incrementing serial number in file "./example.net./zone.db"
-2008-07-15 00:31:11.581: debug: Signing zone "example.net."
-2008-07-15 00:31:11.581: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
-2008-07-15 00:31:11.698: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-15 00:31:11.698: debug: Signing completed after 0s.
-2008-07-15 00:31:11.698: notice: "example.net.": distribution triggered
-2008-07-15 00:31:11.698: debug: Distribute zone "example.net."
-2008-07-15 00:31:11.698: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
-2008-07-15 00:31:11.704: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed :/example.net."
-2008-07-15 00:31:11.704: debug:
-2008-07-15 00:31:11.704: notice: end of run: 0 errors occured
-2008-07-15 00:32:00.676: notice: ------------------------------------------------------------
-2008-07-15 00:32:00.676: notice: running ../../dnssec-signer -f -r -v -v
-2008-07-15 00:32:00.678: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-07-15 00:32:00.678: debug: Check RFC5011 status
-2008-07-15 00:32:00.678: debug: ->ksk5011status returns 0
-2008-07-15 00:32:00.678: debug: Check KSK status
-2008-07-15 00:32:00.678: debug: Check ZSK status
-2008-07-15 00:32:00.678: debug: Re-signing necessary: Option -f
-2008-07-15 00:32:00.678: notice: "sub.example.net.": re-signing triggered: Option -f
-2008-07-15 00:32:00.678: debug: Writing key file "./sub.example.net./dnskey.db"
-2008-07-15 00:32:00.679: debug: Signing zone "sub.example.net."
-2008-07-15 00:32:00.679: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
-2008-07-15 00:32:01.282: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-15 00:32:01.282: debug: Signing completed after 1s.
-2008-07-15 00:32:01.282: notice: "sub.example.net.": distribution triggered
-2008-07-15 00:32:01.282: debug: Distribute zone "sub.example.net."
-2008-07-15 00:32:01.282: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
-2008-07-15 00:32:01.289: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/sub.example.net."
-2008-07-15 00:32:01.289: debug:
-2008-07-15 00:32:01.289: debug: parsing zone "example.net." in dir "./example.net."
-2008-07-15 00:32:01.289: debug: Check RFC5011 status
-2008-07-15 00:32:01.289: debug: ->ksk5011status returns 2
-2008-07-15 00:32:01.289: debug: Check ZSK status
-2008-07-15 00:32:01.290: debug: Re-signing necessary: Option -f
-2008-07-15 00:32:01.290: notice: "example.net.": re-signing triggered: Option -f
-2008-07-15 00:32:01.290: debug: Writing key file "./example.net./dnskey.db"
-2008-07-15 00:32:01.291: debug: Incrementing serial number in file "./example.net./zone.db"
-2008-07-15 00:32:01.291: debug: Signing zone "example.net."
-2008-07-15 00:32:01.291: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
-2008-07-15 00:32:01.405: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-15 00:32:01.405: debug: Signing completed after 0s.
-2008-07-15 00:32:01.406: notice: "example.net.": distribution triggered
-2008-07-15 00:32:01.406: debug: Distribute zone "example.net."
-2008-07-15 00:32:01.406: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
-2008-07-15 00:32:01.412: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/example.net."
-2008-07-15 00:32:01.412: debug:
-2008-07-15 00:32:01.412: notice: end of run: 0 errors occured
-2008-07-15 00:33:00.866: notice: ------------------------------------------------------------
-2008-07-15 00:33:00.867: notice: running ../../dnssec-signer -f -r -v -v
-2008-07-15 00:33:00.869: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-07-15 00:33:00.869: debug: Check RFC5011 status
-2008-07-15 00:33:00.869: debug: ->ksk5011status returns 0
-2008-07-15 00:33:00.869: debug: Check KSK status
-2008-07-15 00:33:00.869: debug: Check ZSK status
-2008-07-15 00:33:00.869: debug: Re-signing necessary: Option -f
-2008-07-15 00:33:00.870: notice: "sub.example.net.": re-signing triggered: Option -f
-2008-07-15 00:33:00.870: debug: Writing key file "./sub.example.net./dnskey.db"
-2008-07-15 00:33:00.870: debug: Signing zone "sub.example.net."
-2008-07-15 00:33:00.870: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
-2008-07-15 00:33:01.531: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-15 00:33:01.531: debug: Signing completed after 1s.
-2008-07-15 00:33:01.531: notice: "sub.example.net.": distribution triggered
-2008-07-15 00:33:01.531: debug: Distribute zone "sub.example.net."
-2008-07-15 00:33:01.531: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
-2008-07-15 00:33:01.537: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net."
-2008-07-15 00:33:01.537: debug:
-2008-07-15 00:33:01.537: debug: parsing zone "example.net." in dir "./example.net."
-2008-07-15 00:33:01.538: debug: Check RFC5011 status
-2008-07-15 00:33:01.538: debug: ->ksk5011status returns 2
-2008-07-15 00:33:01.538: debug: Check ZSK status
-2008-07-15 00:33:01.538: debug: Re-signing necessary: Option -f
-2008-07-15 00:33:01.538: notice: "example.net.": re-signing triggered: Option -f
-2008-07-15 00:33:01.538: debug: Writing key file "./example.net./dnskey.db"
-2008-07-15 00:33:01.539: debug: Incrementing serial number in file "./example.net./zone.db"
-2008-07-15 00:33:01.539: debug: Signing zone "example.net."
-2008-07-15 00:33:01.539: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
-2008-07-15 00:33:01.655: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-15 00:33:01.655: debug: Signing completed after 0s.
-2008-07-15 00:33:01.655: notice: "example.net.": distribution triggered
-2008-07-15 00:33:01.655: debug: Distribute zone "example.net."
-2008-07-15 00:33:01.656: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
-2008-07-15 00:33:01.661: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net."
-2008-07-15 00:33:01.662: debug:
-2008-07-15 00:33:01.662: notice: end of run: 0 errors occured
-2008-07-15 00:34:09.259: notice: ------------------------------------------------------------
-2008-07-15 00:34:09.259: notice: running ../../dnssec-signer -f -r -v -v
-2008-07-15 00:34:09.261: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-07-15 00:34:09.261: debug: Check RFC5011 status
-2008-07-15 00:34:09.261: debug: ->ksk5011status returns 0
-2008-07-15 00:34:09.261: debug: Check KSK status
-2008-07-15 00:34:09.261: debug: Check ZSK status
-2008-07-15 00:34:09.261: debug: Re-signing necessary: Option -f
-2008-07-15 00:34:09.261: notice: "sub.example.net.": re-signing triggered: Option -f
-2008-07-15 00:34:09.261: debug: Writing key file "./sub.example.net./dnskey.db"
-2008-07-15 00:34:09.261: debug: Signing zone "sub.example.net."
-2008-07-15 00:34:09.261: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
-2008-07-15 00:34:10.245: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-15 00:34:10.245: debug: Signing completed after 1s.
-2008-07-15 00:34:10.245: notice: "sub.example.net.": distribution triggered
-2008-07-15 00:34:10.245: debug: Distribute zone "sub.example.net."
-2008-07-15 00:34:10.245: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
-2008-07-15 00:34:10.251: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./"
-2008-07-15 00:34:10.252: debug:
-2008-07-15 00:34:10.252: debug: parsing zone "example.net." in dir "./example.net."
-2008-07-15 00:34:10.252: debug: Check RFC5011 status
-2008-07-15 00:34:10.252: debug: ->ksk5011status returns 2
-2008-07-15 00:34:10.252: debug: Check ZSK status
-2008-07-15 00:34:10.252: debug: Re-signing necessary: Option -f
-2008-07-15 00:34:10.252: notice: "example.net.": re-signing triggered: Option -f
-2008-07-15 00:34:10.252: debug: Writing key file "./example.net./dnskey.db"
-2008-07-15 00:34:10.252: debug: Incrementing serial number in file "./example.net./zone.db"
-2008-07-15 00:34:10.252: debug: Signing zone "example.net."
-2008-07-15 00:34:10.252: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
-2008-07-15 00:34:10.369: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-15 00:34:10.369: debug: Signing completed after 0s.
-2008-07-15 00:34:10.369: notice: "example.net.": distribution triggered
-2008-07-15 00:34:10.369: debug: Distribute zone "example.net."
-2008-07-15 00:34:10.369: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
-2008-07-15 00:34:10.375: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./"
-2008-07-15 00:34:10.375: debug:
-2008-07-15 00:34:10.375: notice: end of run: 0 errors occured
-2008-07-18 00:38:52.860: notice: ------------------------------------------------------------
-2008-07-18 00:38:52.860: notice: running ../../dnssec-signer -v -v
-2008-07-18 00:38:52.862: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-07-18 00:38:52.862: debug: Check RFC5011 status
-2008-07-18 00:38:52.862: debug: ->ksk5011status returns 0
-2008-07-18 00:38:52.862: debug: Check KSK status
-2008-07-18 00:38:52.862: debug: Check ZSK status
-2008-07-18 00:38:52.862: debug: Lifetime(259200 +/-150 sec) of active key 9198 exceeded (260267 sec)
-2008-07-18 00:38:52.862: debug: ->depreciate it
-2008-07-18 00:38:52.862: debug: ->activate published key 8397
-2008-07-18 00:38:52.862: notice: "sub.example.net.": lifetime of zone signing key 9198 exceeded: ZSK rollover done
-2008-07-18 00:38:52.862: debug: New published key needed
-2008-07-18 00:38:53.418: debug: ->creating new published key 31081
-2008-07-18 00:38:53.418: info: "sub.example.net.": new key 31081 generated for publishing
-2008-07-18 00:38:53.418: debug: Re-signing necessary: New zone key
-2008-07-18 00:38:53.418: notice: "sub.example.net.": re-signing triggered: New zone key
-2008-07-18 00:38:53.418: debug: Writing key file "./sub.example.net./dnskey.db"
-2008-07-18 00:38:53.419: debug: Signing zone "sub.example.net."
-2008-07-18 00:38:53.419: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
-2008-07-18 00:38:53.556: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-18 00:38:53.556: debug: Signing completed after 0s.
-2008-07-18 00:38:53.556: debug:
-2008-07-18 00:38:53.556: debug: parsing zone "example.net." in dir "./example.net."
-2008-07-18 00:38:53.557: debug: Check RFC5011 status
-2008-07-18 00:38:53.557: debug: ->ksk5011status returns 2
-2008-07-18 00:38:53.557: debug: Check ZSK status
-2008-07-18 00:38:53.557: debug: Re-signing necessary: re-signing interval (2d) reached
-2008-07-18 00:38:53.557: notice: "example.net.": re-signing triggered: re-signing interval (2d) reached
-2008-07-18 00:38:53.557: debug: Writing key file "./example.net./dnskey.db"
-2008-07-18 00:38:53.558: debug: Incrementing serial number in file "./example.net./zone.db"
-2008-07-18 00:38:53.558: debug: Signing zone "example.net."
-2008-07-18 00:38:53.559: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
-2008-07-18 00:38:53.715: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-18 00:38:53.715: debug: Signing completed after 0s.
-2008-07-18 00:38:53.715: debug:
-2008-07-18 00:38:53.716: notice: end of run: 0 errors occured
-2008-07-18 00:39:29.824: notice: ------------------------------------------------------------
-2008-07-18 00:39:29.824: notice: running ../../dnssec-signer -r -v -v
-2008-07-18 00:39:29.827: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-07-18 00:39:29.827: debug: Check RFC5011 status
-2008-07-18 00:39:29.827: debug: ->ksk5011status returns 0
-2008-07-18 00:39:29.827: debug: Check KSK status
-2008-07-18 00:39:29.827: debug: Check ZSK status
-2008-07-18 00:39:29.827: debug: Re-signing not necessary!
-2008-07-18 00:39:29.827: debug: Check if there is a parent file to copy
-2008-07-18 00:39:29.827: debug:
-2008-07-18 00:39:29.827: debug: parsing zone "example.net." in dir "./example.net."
-2008-07-18 00:39:29.827: debug: Check RFC5011 status
-2008-07-18 00:39:29.827: debug: ->ksk5011status returns 2
-2008-07-18 00:39:29.827: debug: Check ZSK status
-2008-07-18 00:39:29.827: debug: Re-signing not necessary!
-2008-07-18 00:39:29.827: debug: Check if there is a parent file to copy
-2008-07-18 00:39:29.827: debug:
-2008-07-18 00:39:29.828: notice: end of run: 0 errors occured
-2008-07-18 00:39:36.641: notice: ------------------------------------------------------------
-2008-07-18 00:39:36.641: notice: running ../../dnssec-signer -r -f -v -v
-2008-07-18 00:39:36.644: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-07-18 00:39:36.644: debug: Check RFC5011 status
-2008-07-18 00:39:36.644: debug: ->ksk5011status returns 0
-2008-07-18 00:39:36.644: debug: Check KSK status
-2008-07-18 00:39:36.644: debug: Check ZSK status
-2008-07-18 00:39:36.644: debug: Re-signing necessary: Option -f
-2008-07-18 00:39:36.644: notice: "sub.example.net.": re-signing triggered: Option -f
-2008-07-18 00:39:36.644: debug: Writing key file "./sub.example.net./dnskey.db"
-2008-07-18 00:39:36.644: debug: Signing zone "sub.example.net."
-2008-07-18 00:39:36.644: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
-2008-07-18 00:39:37.144: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-18 00:39:37.144: debug: Signing completed after 1s.
-2008-07-18 00:39:37.144: notice: "sub.example.net.": distribution triggered
-2008-07-18 00:39:37.144: debug: Distribute zone "sub.example.net."
-2008-07-18 00:39:37.144: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
-2008-07-18 00:39:37.151: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./"
-2008-07-18 00:39:37.151: debug:
-2008-07-18 00:39:37.151: debug: parsing zone "example.net." in dir "./example.net."
-2008-07-18 00:39:37.151: debug: Check RFC5011 status
-2008-07-18 00:39:37.151: debug: ->ksk5011status returns 2
-2008-07-18 00:39:37.151: debug: Check ZSK status
-2008-07-18 00:39:37.151: debug: Re-signing necessary: Option -f
-2008-07-18 00:39:37.151: notice: "example.net.": re-signing triggered: Option -f
-2008-07-18 00:39:37.151: debug: Writing key file "./example.net./dnskey.db"
-2008-07-18 00:39:37.152: debug: Incrementing serial number in file "./example.net./zone.db"
-2008-07-18 00:39:37.152: debug: Signing zone "example.net."
-2008-07-18 00:39:37.152: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
-2008-07-18 00:39:37.313: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-18 00:39:37.313: debug: Signing completed after 0s.
-2008-07-18 00:39:37.313: notice: "example.net.": distribution triggered
-2008-07-18 00:39:37.313: debug: Distribute zone "example.net."
-2008-07-18 00:39:37.313: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
-2008-07-18 00:39:37.319: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./"
-2008-07-18 00:39:37.319: debug:
-2008-07-18 00:39:37.319: notice: end of run: 0 errors occured
-2008-07-18 00:42:39.912: notice: ------------------------------------------------------------
-2008-07-18 00:42:39.912: notice: running ../../dnssec-signer -v -v
-2008-07-18 00:42:39.914: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-07-18 00:42:39.914: debug: Check RFC5011 status
-2008-07-18 00:42:39.914: debug: ->ksk5011status returns 0
-2008-07-18 00:42:39.914: debug: Check KSK status
-2008-07-18 00:42:39.914: debug: Check ZSK status
-2008-07-18 00:42:39.914: debug: Re-signing not necessary!
-2008-07-18 00:42:39.914: debug: Check if there is a parent file to copy
-2008-07-18 00:42:39.914: debug:
-2008-07-18 00:42:39.914: debug: parsing zone "example.net." in dir "./example.net."
-2008-07-18 00:42:39.914: debug: Check RFC5011 status
-2008-07-18 00:42:39.914: debug: ->ksk5011status returns 2
-2008-07-18 00:42:39.914: debug: Check ZSK status
-2008-07-18 00:42:39.914: debug: Re-signing not necessary!
-2008-07-18 00:42:39.914: debug: Check if there is a parent file to copy
-2008-07-18 00:42:39.914: debug:
-2008-07-18 00:42:39.914: notice: end of run: 0 errors occured
-2008-07-22 00:10:38.346: notice: ------------------------------------------------------------
-2008-07-22 00:10:38.346: notice: running ../../dnssec-signer -v -v
-2008-07-22 00:10:38.349: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-07-22 00:10:38.349: debug: Check RFC5011 status
-2008-07-22 00:10:38.349: debug: ->ksk5011status returns 0
-2008-07-22 00:10:38.349: debug: Check KSK status
-2008-07-22 00:10:38.349: debug: Check ZSK status
-2008-07-22 00:10:38.349: debug: Lifetime(390 sec) of depreciated key 9198 exceeded (343906 sec)
-2008-07-22 00:10:38.349: info: "sub.example.net.": removed old ZSK 9198
-
-2008-07-22 00:10:38.349: debug: ->remove it
-2008-07-22 00:10:38.349: debug: Lifetime(259200 +/-150 sec) of active key 8397 exceeded (343906 sec)
-2008-07-22 00:10:38.349: debug: ->depreciate it
-2008-07-22 00:10:38.349: debug: ->activate published key 31081
-2008-07-22 00:10:38.349: notice: "sub.example.net.": lifetime of zone signing key 8397 exceeded: ZSK rollover done
-2008-07-22 00:10:38.349: debug: New published key needed
-2008-07-22 00:10:38.870: debug: ->creating new published key 3615
-2008-07-22 00:10:38.870: info: "sub.example.net.": new key 3615 generated for publishing
-2008-07-22 00:10:38.870: debug: Re-signing necessary: New zone key
-2008-07-22 00:10:38.870: notice: "sub.example.net.": re-signing triggered: New zone key
-2008-07-22 00:10:38.870: debug: Writing key file "./sub.example.net./dnskey.db"
-2008-07-22 00:10:38.871: debug: Signing zone "sub.example.net."
-2008-07-22 00:10:38.871: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
-2008-07-22 00:10:39.208: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-22 00:10:39.208: debug: Signing completed after 1s.
-2008-07-22 00:10:39.208: debug:
-2008-07-22 00:10:39.208: debug: parsing zone "example.net." in dir "./example.net."
-2008-07-22 00:10:39.208: debug: Check RFC5011 status
-2008-07-22 00:10:39.208: debug: ->ksk5011status returns 2
-2008-07-22 00:10:39.208: debug: Check ZSK status
-2008-07-22 00:10:39.208: debug: New published key needed
-2008-07-22 00:10:39.255: debug: ->creating new published key 41300
-2008-07-22 00:10:39.255: info: "example.net.": new key 41300 generated for publishing
-2008-07-22 00:10:39.255: debug: Re-signing necessary: New zone key
-2008-07-22 00:10:39.255: notice: "example.net.": re-signing triggered: New zone key
-2008-07-22 00:10:39.255: debug: Writing key file "./example.net./dnskey.db"
-2008-07-22 00:10:39.256: debug: Incrementing serial number in file "./example.net./zone.db"
-2008-07-22 00:10:39.256: debug: Signing zone "example.net."
-2008-07-22 00:10:39.256: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
-2008-07-22 00:10:39.414: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-22 00:10:39.414: debug: Signing completed after 0s.
-2008-07-22 00:10:39.414: debug:
-2008-07-22 00:10:39.414: notice: end of run: 0 errors occured
-2008-07-22 00:16:04.680: notice: ------------------------------------------------------------
-2008-07-22 00:16:04.680: notice: running ../../dnssec-signer -v -v
-2008-07-22 00:16:04.682: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-07-22 00:16:04.682: debug: Check RFC5011 status
-2008-07-22 00:16:04.682: debug: ->ksk5011status returns 0
-2008-07-22 00:16:04.683: debug: Check KSK status
-2008-07-22 00:16:04.683: debug: Check ZSK status
-2008-07-22 00:16:04.683: debug: Re-signing not necessary!
-2008-07-22 00:16:04.683: debug: Check if there is a parent file to copy
-2008-07-22 00:16:04.683: debug:
-2008-07-22 00:16:04.683: debug: parsing zone "example.net." in dir "./example.net."
-2008-07-22 00:16:04.683: debug: Check RFC5011 status
-2008-07-22 00:16:04.683: debug: ->ksk5011status returns 2
-2008-07-22 00:16:04.684: debug: Check ZSK status
-2008-07-22 00:16:04.684: debug: Re-signing not necessary!
-2008-07-22 00:16:04.684: debug: Check if there is a parent file to copy
-2008-07-22 00:16:04.684: debug:
-2008-07-22 00:16:04.684: notice: end of run: 0 errors occured
-2008-07-22 00:16:09.309: notice: ------------------------------------------------------------
-2008-07-22 00:16:09.309: notice: running ../../dnssec-signer -r -v -v
-2008-07-22 00:16:09.311: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-07-22 00:16:09.311: debug: Check RFC5011 status
-2008-07-22 00:16:09.311: debug: ->ksk5011status returns 0
-2008-07-22 00:16:09.312: debug: Check KSK status
-2008-07-22 00:16:09.312: debug: Check ZSK status
-2008-07-22 00:16:09.312: debug: Re-signing not necessary!
-2008-07-22 00:16:09.312: debug: Check if there is a parent file to copy
-2008-07-22 00:16:09.312: debug:
-2008-07-22 00:16:09.312: debug: parsing zone "example.net." in dir "./example.net."
-2008-07-22 00:16:09.312: debug: Check RFC5011 status
-2008-07-22 00:16:09.312: debug: ->ksk5011status returns 2
-2008-07-22 00:16:09.313: debug: Check ZSK status
-2008-07-22 00:16:09.313: debug: Re-signing not necessary!
-2008-07-22 00:16:09.313: debug: Check if there is a parent file to copy
-2008-07-22 00:16:09.313: debug:
-2008-07-22 00:16:09.313: notice: end of run: 0 errors occured
-2008-07-22 00:16:13.285: notice: ------------------------------------------------------------
-2008-07-22 00:16:13.285: notice: running ../../dnssec-signer -r -f -v -v
-2008-07-22 00:16:13.287: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-07-22 00:16:13.287: debug: Check RFC5011 status
-2008-07-22 00:16:13.287: debug: ->ksk5011status returns 0
-2008-07-22 00:16:13.287: debug: Check KSK status
-2008-07-22 00:16:13.287: debug: Check ZSK status
-2008-07-22 00:16:13.287: debug: Re-signing necessary: Option -f
-2008-07-22 00:16:13.287: notice: "sub.example.net.": re-signing triggered: Option -f
-2008-07-22 00:16:13.287: debug: Writing key file "./sub.example.net./dnskey.db"
-2008-07-22 00:16:13.287: debug: Signing zone "sub.example.net."
-2008-07-22 00:16:13.287: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
-2008-07-22 00:16:13.822: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-22 00:16:13.822: debug: Signing completed after 0s.
-2008-07-22 00:16:13.822: notice: "sub.example.net.": distribution triggered
-2008-07-22 00:16:13.822: debug: Distribute zone "sub.example.net."
-2008-07-22 00:16:13.822: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
-2008-07-22 00:16:13.828: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./"
-2008-07-22 00:16:13.828: debug:
-2008-07-22 00:16:13.829: debug: parsing zone "example.net." in dir "./example.net."
-2008-07-22 00:16:13.829: debug: Check RFC5011 status
-2008-07-22 00:16:13.829: debug: ->ksk5011status returns 2
-2008-07-22 00:16:13.829: debug: Check ZSK status
-2008-07-22 00:16:13.829: debug: Re-signing necessary: Option -f
-2008-07-22 00:16:13.829: notice: "example.net.": re-signing triggered: Option -f
-2008-07-22 00:16:13.829: debug: Writing key file "./example.net./dnskey.db"
-2008-07-22 00:16:13.830: debug: Incrementing serial number in file "./example.net./zone.db"
-2008-07-22 00:16:13.830: debug: Signing zone "example.net."
-2008-07-22 00:16:13.830: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
-2008-07-22 00:16:13.976: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-22 00:16:13.976: debug: Signing completed after 0s.
-2008-07-22 00:16:13.977: notice: "example.net.": distribution triggered
-2008-07-22 00:16:13.977: debug: Distribute zone "example.net."
-2008-07-22 00:16:13.977: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
-2008-07-22 00:16:13.983: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./"
-2008-07-22 00:16:13.983: debug:
-2008-07-22 00:16:13.983: notice: end of run: 0 errors occured
-2008-07-22 00:20:56.119: notice: ------------------------------------------------------------
-2008-07-22 00:20:56.119: notice: running ../../dnssec-signer -r -f -v -v
-2008-07-22 00:20:56.121: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-07-22 00:20:56.121: debug: Check RFC5011 status
-2008-07-22 00:20:56.121: debug: ->ksk5011status returns 0
-2008-07-22 00:20:56.121: debug: Check KSK status
-2008-07-22 00:20:56.121: debug: Check ZSK status
-2008-07-22 00:20:56.121: debug: Lifetime(390 sec) of depreciated key 8397 exceeded (618 sec)
-2008-07-22 00:20:56.121: info: "sub.example.net.": removed old ZSK 8397
-
-2008-07-22 00:20:56.122: debug: ->remove it
-2008-07-22 00:20:56.122: debug: Re-signing necessary: Option -f
-2008-07-22 00:20:56.122: notice: "sub.example.net.": re-signing triggered: Option -f
-2008-07-22 00:20:56.122: debug: Writing key file "./sub.example.net./dnskey.db"
-2008-07-22 00:20:56.122: debug: Signing zone "sub.example.net."
-2008-07-22 00:20:56.122: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
-2008-07-22 00:20:56.627: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-22 00:20:56.627: debug: Signing completed after 0s.
-2008-07-22 00:20:56.627: notice: "sub.example.net.": distribution triggered
-2008-07-22 00:20:56.627: debug: Distribute zone "sub.example.net."
-2008-07-22 00:20:56.627: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
-2008-07-22 00:20:56.634: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./"
-2008-07-22 00:20:56.635: debug:
-2008-07-22 00:20:56.635: debug: parsing zone "example.net." in dir "./example.net."
-2008-07-22 00:20:56.635: debug: Check RFC5011 status
-2008-07-22 00:20:56.635: debug: ->ksk5011status returns 2
-2008-07-22 00:20:56.635: debug: Check ZSK status
-2008-07-22 00:20:56.635: debug: Re-signing necessary: Option -f
-2008-07-22 00:20:56.635: notice: "example.net.": re-signing triggered: Option -f
-2008-07-22 00:20:56.635: debug: Writing key file "./example.net./dnskey.db"
-2008-07-22 00:20:56.636: debug: Incrementing serial number in file "./example.net./zone.db"
-2008-07-22 00:20:56.636: debug: Signing zone "example.net."
-2008-07-22 00:20:56.637: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
-2008-07-22 00:20:56.760: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-22 00:20:56.760: debug: Signing completed after 0s.
-2008-07-22 00:20:56.760: notice: "example.net.": distribution triggered
-2008-07-22 00:20:56.760: debug: Distribute zone "example.net."
-2008-07-22 00:20:56.760: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
-2008-07-22 00:20:56.768: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./"
-2008-07-22 00:20:56.769: debug:
-2008-07-22 00:20:56.769: notice: end of run: 0 errors occured
-2008-07-22 00:23:51.528: notice: ------------------------------------------------------------
-2008-07-22 00:23:51.528: notice: running ../../dnssec-signer -r -f -v -v
-2008-07-22 00:23:51.530: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-07-22 00:23:51.530: debug: Check RFC5011 status
-2008-07-22 00:23:51.530: debug: ->ksk5011status returns 0
-2008-07-22 00:23:51.531: debug: Check KSK status
-2008-07-22 00:23:51.531: debug: Check ZSK status
-2008-07-22 00:23:51.531: debug: Re-signing necessary: Option -f
-2008-07-22 00:23:51.531: notice: "sub.example.net.": re-signing triggered: Option -f
-2008-07-22 00:23:51.531: debug: Writing key file "./sub.example.net./dnskey.db"
-2008-07-22 00:23:51.531: debug: Signing zone "sub.example.net."
-2008-07-22 00:23:51.532: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
-2008-07-22 00:23:52.042: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-22 00:23:52.042: debug: Signing completed after 1s.
-2008-07-22 00:23:52.042: notice: "sub.example.net.": distribution triggered
-2008-07-22 00:23:52.042: debug: Distribute zone "sub.example.net."
-2008-07-22 00:23:52.043: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
-2008-07-22 00:23:52.049: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./"
-2008-07-22 00:23:52.049: debug:
-2008-07-22 00:23:52.049: debug: parsing zone "example.net." in dir "./example.net."
-2008-07-22 00:23:52.049: debug: Check RFC5011 status
-2008-07-22 00:23:52.049: debug: ->ksk5011status returns 2
-2008-07-22 00:23:52.049: debug: Check ZSK status
-2008-07-22 00:23:52.049: debug: Re-signing necessary: Option -f
-2008-07-22 00:23:52.049: notice: "example.net.": re-signing triggered: Option -f
-2008-07-22 00:23:52.049: debug: Writing key file "./example.net./dnskey.db"
-2008-07-22 00:23:52.050: debug: Incrementing serial number in file "./example.net./zone.db"
-2008-07-22 00:23:52.050: debug: Signing zone "example.net."
-2008-07-22 00:23:52.050: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
-2008-07-22 00:23:52.176: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-22 00:23:52.176: debug: Signing completed after 0s.
-2008-07-22 00:23:52.176: notice: "example.net.": distribution triggered
-2008-07-22 00:23:52.176: debug: Distribute zone "example.net."
-2008-07-22 00:23:52.176: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
-2008-07-22 00:23:52.185: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./"
-2008-07-22 00:23:52.185: debug:
-2008-07-22 00:23:52.185: notice: end of run: 0 errors occured
-2008-07-22 00:24:09.609: notice: ------------------------------------------------------------
-2008-07-22 00:24:09.609: notice: running ../../dnssec-signer -r -f -v -v
-2008-07-22 00:24:09.614: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-07-22 00:24:09.614: debug: Check RFC5011 status
-2008-07-22 00:24:09.614: debug: ->ksk5011status returns 0
-2008-07-22 00:24:09.614: debug: Check KSK status
-2008-07-22 00:24:09.614: debug: Check ZSK status
-2008-07-22 00:24:09.614: debug: Re-signing necessary: Option -f
-2008-07-22 00:24:09.614: notice: "sub.example.net.": re-signing triggered: Option -f
-2008-07-22 00:24:09.614: debug: Writing key file "./sub.example.net./dnskey.db"
-2008-07-22 00:24:09.614: debug: Signing zone "sub.example.net."
-2008-07-22 00:24:09.614: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
-2008-07-22 00:24:10.692: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-22 00:24:10.692: debug: Signing completed after 1s.
-2008-07-22 00:24:10.692: notice: "sub.example.net.": distribution triggered
-2008-07-22 00:24:10.692: debug: Distribute zone "sub.example.net."
-2008-07-22 00:24:10.692: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
-2008-07-22 00:24:10.698: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./"
-2008-07-22 00:24:10.698: debug:
-2008-07-22 00:24:10.698: debug: parsing zone "example.net." in dir "./example.net."
-2008-07-22 00:24:10.698: debug: Check RFC5011 status
-2008-07-22 00:24:10.698: debug: ->ksk5011status returns 2
-2008-07-22 00:24:10.698: debug: Check ZSK status
-2008-07-22 00:24:10.698: debug: Re-signing necessary: Option -f
-2008-07-22 00:24:10.698: notice: "example.net.": re-signing triggered: Option -f
-2008-07-22 00:24:10.698: debug: Writing key file "./example.net./dnskey.db"
-2008-07-22 00:24:10.699: debug: Incrementing serial number in file "./example.net./zone.db"
-2008-07-22 00:24:10.699: debug: Signing zone "example.net."
-2008-07-22 00:24:10.699: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
-2008-07-22 00:24:10.883: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-22 00:24:10.883: debug: Signing completed after 0s.
-2008-07-22 00:24:10.883: notice: "example.net.": distribution triggered
-2008-07-22 00:24:10.883: debug: Distribute zone "example.net."
-2008-07-22 00:24:10.883: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
-2008-07-22 00:24:10.889: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./"
-2008-07-22 00:24:10.889: debug:
-2008-07-22 00:24:10.889: notice: end of run: 0 errors occured
-2008-07-22 00:28:44.300: notice: ------------------------------------------------------------
-2008-07-22 00:28:44.300: notice: running ../../dnssec-signer -r -f -v -v
-2008-07-22 00:28:44.302: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-07-22 00:28:44.302: debug: Check RFC5011 status
-2008-07-22 00:28:44.302: debug: ->ksk5011status returns 0
-2008-07-22 00:28:44.302: debug: Check KSK status
-2008-07-22 00:28:44.302: debug: Check ZSK status
-2008-07-22 00:28:44.302: debug: Re-signing necessary: Option -f
-2008-07-22 00:28:44.302: notice: "sub.example.net.": re-signing triggered: Option -f
-2008-07-22 00:28:44.302: debug: Writing key file "./sub.example.net./dnskey.db"
-2008-07-22 00:28:44.306: debug: Signing zone "sub.example.net."
-2008-07-22 00:28:44.306: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
-2008-07-22 00:28:44.898: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-22 00:28:44.898: debug: Signing completed after 0s.
-2008-07-22 00:28:44.898: notice: "sub.example.net.": distribution triggered
-2008-07-22 00:28:44.899: debug: Distribute zone "sub.example.net."
-2008-07-22 00:28:44.899: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
-2008-07-22 00:28:44.904: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./"
-2008-07-22 00:28:44.905: debug:
-2008-07-22 00:28:44.905: debug: parsing zone "example.net." in dir "./example.net."
-2008-07-22 00:28:44.905: debug: Check RFC5011 status
-2008-07-22 00:28:44.905: debug: ->ksk5011status returns 2
-2008-07-22 00:28:44.905: debug: Check ZSK status
-2008-07-22 00:28:44.905: debug: Re-signing necessary: Option -f
-2008-07-22 00:28:44.905: notice: "example.net.": re-signing triggered: Option -f
-2008-07-22 00:28:44.905: debug: Writing key file "./example.net./dnskey.db"
-2008-07-22 00:28:44.906: debug: Incrementing serial number in file "./example.net./zone.db"
-2008-07-22 00:28:44.906: debug: Signing zone "example.net."
-2008-07-22 00:28:44.907: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
-2008-07-22 00:28:45.039: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-22 00:28:45.039: debug: Signing completed after 1s.
-2008-07-22 00:28:45.039: notice: "example.net.": distribution triggered
-2008-07-22 00:28:45.039: debug: Distribute zone "example.net."
-2008-07-22 00:28:45.040: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
-2008-07-22 00:28:45.046: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./"
-2008-07-22 00:28:45.046: debug:
-2008-07-22 00:28:45.046: notice: end of run: 0 errors occured
-2008-07-22 00:39:15.968: notice: ------------------------------------------------------------
-2008-07-22 00:39:15.968: notice: running ../../dnssec-signer -r -v -v
-2008-07-22 00:39:16.005: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-07-22 00:39:16.006: debug: Check RFC5011 status
-2008-07-22 00:39:16.006: debug: ->ksk5011status returns 0
-2008-07-22 00:39:16.006: debug: Check KSK status
-2008-07-22 00:39:16.006: debug: Check ZSK status
-2008-07-22 00:39:16.006: debug: Re-signing not necessary!
-2008-07-22 00:39:16.006: debug: Check if there is a parent file to copy
-2008-07-22 00:39:16.006: debug:
-2008-07-22 00:39:16.006: debug: parsing zone "example.net." in dir "./example.net."
-2008-07-22 00:39:16.006: debug: Check RFC5011 status
-2008-07-22 00:39:16.006: debug: ->ksk5011status returns 2
-2008-07-22 00:39:16.007: debug: Check ZSK status
-2008-07-22 00:39:16.007: debug: Re-signing not necessary!
-2008-07-22 00:39:16.007: debug: Check if there is a parent file to copy
-2008-07-22 00:39:16.007: debug:
-2008-07-22 00:39:16.007: notice: end of run: 0 errors occured
-2008-07-22 00:39:31.578: notice: ------------------------------------------------------------
-2008-07-22 00:39:31.578: notice: running ../../dnssec-signer -r -f -v -v
-2008-07-22 00:39:31.580: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-07-22 00:39:31.580: debug: Check RFC5011 status
-2008-07-22 00:39:31.580: debug: ->ksk5011status returns 0
-2008-07-22 00:39:31.580: debug: Check KSK status
-2008-07-22 00:39:31.581: debug: Check ZSK status
-2008-07-22 00:39:31.581: debug: Re-signing necessary: Option -f
-2008-07-22 00:39:31.581: notice: "sub.example.net.": re-signing triggered: Option -f
-2008-07-22 00:39:31.581: debug: Writing key file "./sub.example.net./dnskey.db"
-2008-07-22 00:39:31.581: debug: Signing zone "sub.example.net."
-2008-07-22 00:39:31.582: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
-2008-07-22 00:39:32.216: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-22 00:39:32.216: debug: Signing completed after 1s.
-2008-07-22 00:39:32.216: notice: "sub.example.net.": distribution triggered
-2008-07-22 00:39:32.216: debug: Distribute zone "sub.example.net."
-2008-07-22 00:39:32.217: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
-2008-07-22 00:39:32.223: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./"
-2008-07-22 00:39:32.223: debug:
-2008-07-22 00:39:32.223: debug: parsing zone "example.net." in dir "./example.net."
-2008-07-22 00:39:32.223: debug: Check RFC5011 status
-2008-07-22 00:39:32.223: debug: ->ksk5011status returns 2
-2008-07-22 00:39:32.223: debug: Check ZSK status
-2008-07-22 00:39:32.223: debug: Re-signing necessary: Option -f
-2008-07-22 00:39:32.223: notice: "example.net.": re-signing triggered: Option -f
-2008-07-22 00:39:32.223: debug: Writing key file "./example.net./dnskey.db"
-2008-07-22 00:39:32.224: debug: Incrementing serial number in file "./example.net./zone.db"
-2008-07-22 00:39:32.224: debug: Signing zone "example.net."
-2008-07-22 00:39:32.225: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
-2008-07-22 00:39:32.360: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-22 00:39:32.361: debug: Signing completed after 0s.
-2008-07-22 00:39:32.361: notice: "example.net.": distribution triggered
-2008-07-22 00:39:32.361: debug: Distribute zone "example.net."
-2008-07-22 00:39:32.361: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
-2008-07-22 00:39:32.367: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./"
-2008-07-22 00:39:32.367: debug:
-2008-07-22 00:39:32.367: notice: end of run: 0 errors occured
-2008-07-22 00:41:53.710: notice: ------------------------------------------------------------
-2008-07-22 00:41:53.710: notice: running ../../dnssec-signer -r -f -v -v
-2008-07-22 00:41:53.712: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-07-22 00:41:53.712: debug: Check RFC5011 status
-2008-07-22 00:41:53.712: debug: ->ksk5011status returns 0
-2008-07-22 00:41:53.712: debug: Check KSK status
-2008-07-22 00:41:53.712: debug: Check ZSK status
-2008-07-22 00:41:53.712: debug: Re-signing necessary: Option -f
-2008-07-22 00:41:53.712: notice: "sub.example.net.": re-signing triggered: Option -f
-2008-07-22 00:41:53.712: debug: Writing key file "./sub.example.net./dnskey.db"
-2008-07-22 00:41:53.712: debug: Signing zone "sub.example.net."
-2008-07-22 00:41:53.713: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
-2008-07-22 00:41:53.866: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-22 00:41:53.866: debug: Signing completed after 0s.
-2008-07-22 00:41:53.866: notice: "sub.example.net.": distribution triggered
-2008-07-22 00:41:53.866: debug: Distribute zone "sub.example.net."
-2008-07-22 00:41:53.867: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
-2008-07-22 00:41:53.873: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./"
-2008-07-22 00:41:53.873: debug:
-2008-07-22 00:41:53.873: debug: parsing zone "example.net." in dir "./example.net."
-2008-07-22 00:41:53.873: debug: Check RFC5011 status
-2008-07-22 00:41:53.873: debug: ->ksk5011status returns 2
-2008-07-22 00:41:53.873: debug: Check ZSK status
-2008-07-22 00:41:53.873: debug: Re-signing necessary: Option -f
-2008-07-22 00:41:53.873: notice: "example.net.": re-signing triggered: Option -f
-2008-07-22 00:41:53.873: debug: Writing key file "./example.net./dnskey.db"
-2008-07-22 00:41:53.873: debug: Incrementing serial number in file "./example.net./zone.db"
-2008-07-22 00:41:53.873: debug: Signing zone "example.net."
-2008-07-22 00:41:53.873: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
-2008-07-22 00:41:53.989: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-22 00:41:53.989: debug: Signing completed after 0s.
-2008-07-22 00:41:53.989: notice: "example.net.": distribution triggered
-2008-07-22 00:41:53.989: debug: Distribute zone "example.net."
-2008-07-22 00:41:53.989: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
-2008-07-22 00:41:53.995: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./"
-2008-07-22 00:41:53.995: debug:
-2008-07-22 00:41:53.995: notice: end of run: 0 errors occured
-2008-07-22 00:45:46.509: notice: ------------------------------------------------------------
-2008-07-22 00:45:46.509: notice: running ../../dnssec-signer -r -f -v -v
-2008-07-22 00:45:46.511: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-07-22 00:45:46.512: debug: Check RFC5011 status
-2008-07-22 00:45:46.512: debug: ->ksk5011status returns 0
-2008-07-22 00:45:46.512: debug: Check KSK status
-2008-07-22 00:45:46.512: debug: Check ZSK status
-2008-07-22 00:45:46.512: debug: Re-signing necessary: Option -f
-2008-07-22 00:45:46.512: notice: "sub.example.net.": re-signing triggered: Option -f
-2008-07-22 00:45:46.512: debug: Writing key file "./sub.example.net./dnskey.db"
-2008-07-22 00:45:46.513: debug: Signing zone "sub.example.net."
-2008-07-22 00:45:46.513: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
-2008-07-22 00:45:46.734: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-22 00:45:46.734: debug: Signing completed after 0s.
-2008-07-22 00:45:46.734: notice: "sub.example.net.": distribution triggered
-2008-07-22 00:45:46.734: debug: Distribute zone "sub.example.net."
-2008-07-22 00:45:46.734: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
-2008-07-22 00:45:46.740: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./"
-2008-07-22 00:45:46.740: debug:
-2008-07-22 00:45:46.740: debug: parsing zone "example.net." in dir "./example.net."
-2008-07-22 00:45:46.740: debug: Check RFC5011 status
-2008-07-22 00:45:46.741: debug: ->ksk5011status returns 2
-2008-07-22 00:45:46.741: debug: Check ZSK status
-2008-07-22 00:45:46.741: debug: Re-signing necessary: Option -f
-2008-07-22 00:45:46.741: notice: "example.net.": re-signing triggered: Option -f
-2008-07-22 00:45:46.741: debug: Writing key file "./example.net./dnskey.db"
-2008-07-22 00:45:46.742: debug: Incrementing serial number in file "./example.net./zone.db"
-2008-07-22 00:45:46.742: debug: Signing zone "example.net."
-2008-07-22 00:45:46.742: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
-2008-07-22 00:45:47.013: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-22 00:45:47.013: debug: Signing completed after 1s.
-2008-07-22 00:45:47.013: notice: "example.net.": distribution triggered
-2008-07-22 00:45:47.013: debug: Distribute zone "example.net."
-2008-07-22 00:45:47.013: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
-2008-07-22 00:45:47.019: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./"
-2008-07-22 00:45:47.019: debug:
-2008-07-22 00:45:47.019: notice: end of run: 0 errors occured
-2008-07-22 00:48:02.761: notice: ------------------------------------------------------------
-2008-07-22 00:48:02.761: notice: running ../../dnssec-signer -r -f -v -v
-2008-07-22 00:48:02.763: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-07-22 00:48:02.763: debug: Check RFC5011 status
-2008-07-22 00:48:02.763: debug: ->ksk5011status returns 0
-2008-07-22 00:48:02.763: debug: Check KSK status
-2008-07-22 00:48:02.763: debug: Check ZSK status
-2008-07-22 00:48:02.763: debug: Re-signing necessary: Option -f
-2008-07-22 00:48:02.763: notice: "sub.example.net.": re-signing triggered: Option -f
-2008-07-22 00:48:02.763: debug: Writing key file "./sub.example.net./dnskey.db"
-2008-07-22 00:48:02.763: debug: Signing zone "sub.example.net."
-2008-07-22 00:48:02.763: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
-2008-07-22 00:48:02.907: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-22 00:48:02.907: debug: Signing completed after 0s.
-2008-07-22 00:48:02.907: notice: "sub.example.net.": distribution triggered
-2008-07-22 00:48:02.907: debug: Distribute zone "sub.example.net."
-2008-07-22 00:48:02.907: debug:
-2008-07-22 00:48:02.907: debug: parsing zone "example.net." in dir "./example.net."
-2008-07-22 00:48:02.907: debug: Check RFC5011 status
-2008-07-22 00:48:02.907: debug: ->ksk5011status returns 2
-2008-07-22 00:48:02.907: debug: Check ZSK status
-2008-07-22 00:48:02.907: debug: Re-signing necessary: Option -f
-2008-07-22 00:48:02.907: notice: "example.net.": re-signing triggered: Option -f
-2008-07-22 00:48:02.907: debug: Writing key file "./example.net./dnskey.db"
-2008-07-22 00:48:02.908: debug: Incrementing serial number in file "./example.net./zone.db"
-2008-07-22 00:48:02.908: debug: Signing zone "example.net."
-2008-07-22 00:48:02.908: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
-2008-07-22 00:48:03.029: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-22 00:48:03.029: debug: Signing completed after 1s.
-2008-07-22 00:48:03.029: notice: "example.net.": distribution triggered
-2008-07-22 00:48:03.029: debug: Distribute zone "example.net."
-2008-07-22 00:48:03.029: debug:
-2008-07-22 00:48:03.029: notice: end of run: 0 errors occured
-2008-07-22 00:48:56.098: notice: ------------------------------------------------------------
-2008-07-22 00:48:56.098: notice: running ../../dnssec-signer -r -f -v -v
-2008-07-22 00:48:56.100: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-07-22 00:48:56.101: debug: Check RFC5011 status
-2008-07-22 00:48:56.101: debug: ->ksk5011status returns 0
-2008-07-22 00:48:56.101: debug: Check KSK status
-2008-07-22 00:48:56.101: debug: Check ZSK status
-2008-07-22 00:48:56.101: debug: Re-signing necessary: Option -f
-2008-07-22 00:48:56.101: notice: "sub.example.net.": re-signing triggered: Option -f
-2008-07-22 00:48:56.101: debug: Writing key file "./sub.example.net./dnskey.db"
-2008-07-22 00:48:56.102: debug: Signing zone "sub.example.net."
-2008-07-22 00:48:56.102: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
-2008-07-22 00:48:56.244: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-22 00:48:56.244: debug: Signing completed after 0s.
-2008-07-22 00:48:56.244: notice: "sub.example.net.": distribution triggered
-2008-07-22 00:48:56.244: debug: Distribute zone "sub.example.net."
-2008-07-22 00:48:56.245: debug:
-2008-07-22 00:48:56.245: debug: parsing zone "example.net." in dir "./example.net."
-2008-07-22 00:48:56.245: debug: Check RFC5011 status
-2008-07-22 00:48:56.245: debug: ->ksk5011status returns 2
-2008-07-22 00:48:56.245: debug: Check ZSK status
-2008-07-22 00:48:56.245: debug: Re-signing necessary: Option -f
-2008-07-22 00:48:56.245: notice: "example.net.": re-signing triggered: Option -f
-2008-07-22 00:48:56.246: debug: Writing key file "./example.net./dnskey.db"
-2008-07-22 00:48:56.246: debug: Incrementing serial number in file "./example.net./zone.db"
-2008-07-22 00:48:56.246: debug: Signing zone "example.net."
-2008-07-22 00:48:56.247: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
-2008-07-22 00:48:56.367: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-22 00:48:56.367: debug: Signing completed after 0s.
-2008-07-22 00:48:56.367: notice: "example.net.": distribution triggered
-2008-07-22 00:48:56.367: debug: Distribute zone "example.net."
-2008-07-22 00:48:56.367: debug:
-2008-07-22 00:48:56.367: notice: end of run: 0 errors occured
-2008-07-22 08:07:30.993: notice: ------------------------------------------------------------
-2008-07-22 08:07:30.993: notice: running ../../dnssec-signer -r -f -v -v
-2008-07-22 08:07:30.995: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-07-22 08:07:30.995: debug: Check RFC5011 status
-2008-07-22 08:07:30.995: debug: ->ksk5011status returns 0
-2008-07-22 08:07:30.995: debug: Check KSK status
-2008-07-22 08:07:30.995: debug: Check ZSK status
-2008-07-22 08:07:30.995: debug: Re-signing necessary: Option -f
-2008-07-22 08:07:30.996: notice: "sub.example.net.": re-signing triggered: Option -f
-2008-07-22 08:07:30.996: debug: Writing key file "./sub.example.net./dnskey.db"
-2008-07-22 08:07:30.996: debug: Signing zone "sub.example.net."
-2008-07-22 08:07:30.996: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
-2008-07-22 08:07:31.454: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-22 08:07:31.454: debug: Signing completed after 1s.
-2008-07-22 08:07:31.454: notice: "sub.example.net.": distribution triggered
-2008-07-22 08:07:31.454: debug: Distribute zone "sub.example.net."
-2008-07-22 08:07:31.454: debug:
-2008-07-22 08:07:31.454: debug: parsing zone "example.net." in dir "./example.net."
-2008-07-22 08:07:31.454: debug: Check RFC5011 status
-2008-07-22 08:07:31.454: debug: ->ksk5011status returns 2
-2008-07-22 08:07:31.454: debug: Check ZSK status
-2008-07-22 08:07:31.454: debug: Re-signing necessary: Option -f
-2008-07-22 08:07:31.454: notice: "example.net.": re-signing triggered: Option -f
-2008-07-22 08:07:31.454: debug: Writing key file "./example.net./dnskey.db"
-2008-07-22 08:07:31.454: debug: Incrementing serial number in file "./example.net./zone.db"
-2008-07-22 08:07:31.454: debug: Signing zone "example.net."
-2008-07-22 08:07:31.455: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
-2008-07-22 08:07:31.588: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-22 08:07:31.589: debug: Signing completed after 0s.
-2008-07-22 08:07:31.589: notice: "example.net.": distribution triggered
-2008-07-22 08:07:31.589: debug: Distribute zone "example.net."
-2008-07-22 08:07:31.589: debug:
-2008-07-22 08:07:31.589: notice: end of run: 0 errors occured
-2008-07-22 08:08:09.237: notice: ------------------------------------------------------------
-2008-07-22 08:08:09.237: notice: running ../../dnssec-signer -r -f -v -v
-2008-07-22 08:08:09.239: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-07-22 08:08:09.239: debug: Check RFC5011 status
-2008-07-22 08:08:09.239: debug: ->ksk5011status returns 0
-2008-07-22 08:08:09.239: debug: Check KSK status
-2008-07-22 08:08:09.239: debug: Check ZSK status
-2008-07-22 08:08:09.239: debug: Re-signing necessary: Option -f
-2008-07-22 08:08:09.239: notice: "sub.example.net.": re-signing triggered: Option -f
-2008-07-22 08:08:09.239: debug: Writing key file "./sub.example.net./dnskey.db"
-2008-07-22 08:08:09.240: debug: Signing zone "sub.example.net."
-2008-07-22 08:08:09.240: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
-2008-07-22 08:08:09.506: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-22 08:08:09.507: debug: Signing completed after 0s.
-2008-07-22 08:08:09.507: notice: "sub.example.net.": distribution triggered
-2008-07-22 08:08:09.507: debug: Distribute zone "sub.example.net."
-2008-07-22 08:10:10.328: notice: ------------------------------------------------------------
-2008-07-22 08:10:10.328: notice: running ../../dnssec-signer -r -f -v -v
-2008-07-22 08:10:10.330: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-07-22 08:10:10.330: debug: Check RFC5011 status
-2008-07-22 08:10:10.330: debug: ->ksk5011status returns 0
-2008-07-22 08:10:10.330: debug: Check KSK status
-2008-07-22 08:10:10.330: debug: Check ZSK status
-2008-07-22 08:10:10.330: debug: Re-signing necessary: Option -f
-2008-07-22 08:10:10.330: notice: "sub.example.net.": re-signing triggered: Option -f
-2008-07-22 08:10:10.330: debug: Writing key file "./sub.example.net./dnskey.db"
-2008-07-22 08:10:10.331: debug: Signing zone "sub.example.net."
-2008-07-22 08:10:10.331: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
-2008-07-22 08:10:10.950: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-22 08:10:10.950: debug: Signing completed after 0s.
-2008-07-22 08:10:10.950: notice: "sub.example.net.": distribution triggered
-2008-07-22 08:10:10.950: debug: Distribute zone "sub.example.net."
-2008-07-22 08:11:17.247: notice: ------------------------------------------------------------
-2008-07-22 08:11:17.247: notice: running ../../dnssec-signer -r -f -v -v
-2008-07-22 08:11:17.249: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-07-22 08:11:17.250: debug: Check RFC5011 status
-2008-07-22 08:11:17.250: debug: ->ksk5011status returns 0
-2008-07-22 08:11:17.250: debug: Check KSK status
-2008-07-22 08:11:17.250: debug: Check ZSK status
-2008-07-22 08:11:17.250: debug: Re-signing necessary: Option -f
-2008-07-22 08:11:17.250: notice: "sub.example.net.": re-signing triggered: Option -f
-2008-07-22 08:11:17.250: debug: Writing key file "./sub.example.net./dnskey.db"
-2008-07-22 08:11:17.251: debug: Signing zone "sub.example.net."
-2008-07-22 08:11:17.251: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
-2008-07-22 08:11:17.883: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-22 08:11:17.883: debug: Signing completed after 0s.
-2008-07-22 08:11:17.883: notice: "sub.example.net.": distribution triggered
-2008-07-22 08:11:17.883: debug: Distribute zone "sub.example.net."
-2008-07-22 08:11:17.883: debug:
-2008-07-22 08:11:17.883: debug: parsing zone "example.net." in dir "./example.net."
-2008-07-22 08:11:17.884: debug: Check RFC5011 status
-2008-07-22 08:11:17.884: debug: ->ksk5011status returns 2
-2008-07-22 08:11:17.884: debug: Check ZSK status
-2008-07-22 08:11:17.884: debug: Re-signing necessary: Option -f
-2008-07-22 08:11:17.884: notice: "example.net.": re-signing triggered: Option -f
-2008-07-22 08:11:17.884: debug: Writing key file "./example.net./dnskey.db"
-2008-07-22 08:11:17.884: debug: Incrementing serial number in file "./example.net./zone.db"
-2008-07-22 08:11:17.884: debug: Signing zone "example.net."
-2008-07-22 08:11:17.884: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
-2008-07-22 08:11:18.005: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-22 08:11:18.005: debug: Signing completed after 1s.
-2008-07-22 08:11:18.006: notice: "example.net.": distribution triggered
-2008-07-22 08:11:18.006: debug: Distribute zone "example.net."
-2008-07-22 08:11:18.006: debug:
-2008-07-22 08:11:18.006: notice: end of run: 0 errors occured
-2008-07-24 00:13:56.493: notice: ------------------------------------------------------------
-2008-07-24 00:13:56.493: notice: running ../../dnssec-signer -v -v
-2008-07-24 00:13:56.495: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-07-24 00:13:56.495: debug: Check RFC5011 status
-2008-07-24 00:13:56.495: debug: ->ksk5011status returns 0
-2008-07-24 00:13:56.495: debug: Check KSK status
-2008-07-24 00:13:56.495: debug: Check ZSK status
-2008-07-24 00:13:56.495: debug: Re-signing necessary: re-signing interval (1d) reached
-2008-07-24 00:13:56.495: notice: "sub.example.net.": re-signing triggered: re-signing interval (1d) reached
-2008-07-24 00:13:56.495: debug: Writing key file "./sub.example.net./dnskey.db"
-2008-07-24 00:13:56.495: debug: Signing zone "sub.example.net."
-2008-07-24 00:13:56.495: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
-2008-07-24 00:13:57.439: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-24 00:13:57.439: debug: Signing completed after 1s.
-2008-07-24 00:13:57.439: debug:
-2008-07-24 00:13:57.439: debug: parsing zone "example.net." in dir "./example.net."
-2008-07-24 00:13:57.439: debug: Check RFC5011 status
-2008-07-24 00:13:57.439: debug: ->ksk5011status returns 2
-2008-07-24 00:13:57.439: debug: Check ZSK status
-2008-07-24 00:13:57.440: debug: Lifetime(1209600 +/-150 sec) of active key 16682 exceeded (1309537 sec)
-2008-07-24 00:13:57.440: debug: ->depreciate it
-2008-07-24 00:13:57.440: debug: ->activate published key 41300
-2008-07-24 00:13:57.440: notice: "example.net.": lifetime of zone signing key 16682 exceeded: ZSK rollover done
-2008-07-24 00:13:57.440: debug: Re-signing necessary: New zone key
-2008-07-24 00:13:57.440: notice: "example.net.": re-signing triggered: New zone key
-2008-07-24 00:13:57.441: debug: Writing key file "./example.net./dnskey.db"
-2008-07-24 00:13:57.441: debug: Incrementing serial number in file "./example.net./zone.db"
-2008-07-24 00:13:57.441: debug: Signing zone "example.net."
-2008-07-24 00:13:57.442: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
-2008-07-24 00:13:57.562: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-24 00:13:57.562: debug: Signing completed after 0s.
-2008-07-24 00:13:57.562: debug:
-2008-07-24 00:13:57.562: notice: end of run: 0 errors occured
-2008-07-24 00:14:08.862: notice: ------------------------------------------------------------
-2008-07-24 00:14:08.862: notice: running ../../dnssec-signer -r -v -v
-2008-07-24 00:14:08.864: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-07-24 00:14:08.864: debug: Check RFC5011 status
-2008-07-24 00:14:08.864: debug: ->ksk5011status returns 0
-2008-07-24 00:14:08.864: debug: Check KSK status
-2008-07-24 00:14:08.864: debug: Check ZSK status
-2008-07-24 00:14:08.864: debug: Re-signing not necessary!
-2008-07-24 00:14:08.864: debug: Check if there is a parent file to copy
-2008-07-24 00:14:08.864: debug:
-2008-07-24 00:14:08.864: debug: parsing zone "example.net." in dir "./example.net."
-2008-07-24 00:14:08.864: debug: Check RFC5011 status
-2008-07-24 00:14:08.864: debug: ->ksk5011status returns 2
-2008-07-24 00:14:08.864: debug: Check ZSK status
-2008-07-24 00:14:08.864: debug: Re-signing not necessary!
-2008-07-24 00:14:08.864: debug: Check if there is a parent file to copy
-2008-07-24 00:14:08.864: debug:
-2008-07-24 00:14:08.864: notice: end of run: 0 errors occured
-2008-07-24 00:14:12.963: notice: ------------------------------------------------------------
-2008-07-24 00:14:12.963: notice: running ../../dnssec-signer -r -f -v -v
-2008-07-24 00:14:12.965: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-07-24 00:14:12.965: debug: Check RFC5011 status
-2008-07-24 00:14:12.965: debug: ->ksk5011status returns 0
-2008-07-24 00:14:12.965: debug: Check KSK status
-2008-07-24 00:14:12.965: debug: Check ZSK status
-2008-07-24 00:14:12.965: debug: Re-signing necessary: Option -f
-2008-07-24 00:14:12.965: notice: "sub.example.net.": re-signing triggered: Option -f
-2008-07-24 00:14:12.966: debug: Writing key file "./sub.example.net./dnskey.db"
-2008-07-24 00:14:12.966: debug: Signing zone "sub.example.net."
-2008-07-24 00:14:12.966: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
-2008-07-24 00:14:13.488: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-24 00:14:13.488: debug: Signing completed after 1s.
-2008-07-24 00:14:13.488: error: exec of distribution command Ìö÷¿ forbidden due to strange file mode settings
-2008-07-24 00:14:13.488: debug:
-2008-07-24 00:14:13.488: debug: parsing zone "example.net." in dir "./example.net."
-2008-07-24 00:14:13.488: debug: Check RFC5011 status
-2008-07-24 00:14:13.488: debug: ->ksk5011status returns 2
-2008-07-24 00:14:13.488: debug: Check ZSK status
-2008-07-24 00:14:13.488: debug: Re-signing necessary: Option -f
-2008-07-24 00:14:13.488: notice: "example.net.": re-signing triggered: Option -f
-2008-07-24 00:14:13.488: debug: Writing key file "./example.net./dnskey.db"
-2008-07-24 00:14:13.489: debug: Incrementing serial number in file "./example.net./zone.db"
-2008-07-24 00:14:13.489: debug: Signing zone "example.net."
-2008-07-24 00:14:13.489: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
-2008-07-24 00:14:13.601: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-24 00:14:13.601: debug: Signing completed after 0s.
-2008-07-24 00:14:13.601: error: exec of distribution command Ìö÷¿ forbidden due to strange file mode settings
-2008-07-24 00:14:13.602: debug:
-2008-07-24 00:14:13.602: notice: end of run: 2 errors occured
-2008-07-24 00:15:38.304: notice: ------------------------------------------------------------
-2008-07-24 00:15:38.304: notice: running ../../dnssec-signer -f -v -v
-2008-07-24 00:15:38.306: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-07-24 00:15:38.306: debug: Check RFC5011 status
-2008-07-24 00:15:38.307: debug: ->ksk5011status returns 0
-2008-07-24 00:15:38.307: debug: Check KSK status
-2008-07-24 00:15:38.307: debug: Check ZSK status
-2008-07-24 00:15:38.307: debug: Re-signing necessary: Option -f
-2008-07-24 00:15:38.307: notice: "sub.example.net.": re-signing triggered: Option -f
-2008-07-24 00:15:38.307: debug: Writing key file "./sub.example.net./dnskey.db"
-2008-07-24 00:15:38.308: debug: Signing zone "sub.example.net."
-2008-07-24 00:15:38.308: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
-2008-07-24 00:15:39.280: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-24 00:15:39.280: debug: Signing completed after 1s.
-2008-07-24 00:15:39.281: debug:
-2008-07-24 00:15:39.281: debug: parsing zone "example.net." in dir "./example.net."
-2008-07-24 00:15:39.281: debug: Check RFC5011 status
-2008-07-24 00:15:39.281: debug: ->ksk5011status returns 2
-2008-07-24 00:15:39.281: debug: Check ZSK status
-2008-07-24 00:15:39.281: debug: Re-signing necessary: Option -f
-2008-07-24 00:15:39.281: notice: "example.net.": re-signing triggered: Option -f
-2008-07-24 00:15:39.281: debug: Writing key file "./example.net./dnskey.db"
-2008-07-24 00:15:39.282: debug: Incrementing serial number in file "./example.net./zone.db"
-2008-07-24 00:15:39.282: debug: Signing zone "example.net."
-2008-07-24 00:15:39.282: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
-2008-07-24 00:15:39.402: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-24 00:15:39.402: debug: Signing completed after 0s.
-2008-07-24 00:15:39.403: debug:
-2008-07-24 00:15:39.403: notice: end of run: 0 errors occured
-2008-07-24 00:18:59.568: notice: ------------------------------------------------------------
-2008-07-24 00:18:59.568: notice: running ../../dnssec-signer -r -f -v -v
-2008-07-24 00:18:59.570: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-07-24 00:18:59.573: debug: Check RFC5011 status
-2008-07-24 00:18:59.573: debug: ->ksk5011status returns 0
-2008-07-24 00:18:59.573: debug: Check KSK status
-2008-07-24 00:18:59.573: debug: Check ZSK status
-2008-07-24 00:18:59.573: debug: Re-signing necessary: Option -f
-2008-07-24 00:18:59.573: notice: "sub.example.net.": re-signing triggered: Option -f
-2008-07-24 00:18:59.573: debug: Writing key file "./sub.example.net./dnskey.db"
-2008-07-24 00:18:59.573: debug: Signing zone "sub.example.net."
-2008-07-24 00:18:59.573: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
-2008-07-24 00:19:00.167: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-24 00:19:00.167: debug: Signing completed after 1s.
-2008-07-24 00:19:00.168: error: exec of distribution command ./dist.sh forbidden due to strange file mode settings
-2008-07-24 00:19:00.168: debug:
-2008-07-24 00:19:00.168: debug: parsing zone "example.net." in dir "./example.net."
-2008-07-24 00:19:00.168: debug: Check RFC5011 status
-2008-07-24 00:19:00.168: debug: ->ksk5011status returns 2
-2008-07-24 00:19:00.168: debug: Check ZSK status
-2008-07-24 00:19:00.168: debug: Re-signing necessary: Option -f
-2008-07-24 00:19:00.168: notice: "example.net.": re-signing triggered: Option -f
-2008-07-24 00:19:00.168: debug: Writing key file "./example.net./dnskey.db"
-2008-07-24 00:19:00.169: debug: Incrementing serial number in file "./example.net./zone.db"
-2008-07-24 00:19:00.169: debug: Signing zone "example.net."
-2008-07-24 00:19:00.169: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
-2008-07-24 00:19:00.280: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-24 00:19:00.280: debug: Signing completed after 0s.
-2008-07-24 00:19:00.280: error: exec of distribution command ./dist.sh forbidden due to strange file mode settings
-2008-07-24 00:19:00.280: debug:
-2008-07-24 00:19:00.280: notice: end of run: 2 errors occured
-2008-07-24 00:22:24.567: notice: ------------------------------------------------------------
-2008-07-24 00:22:24.567: notice: running ../../dnssec-signer -r -f -v -v
-2008-07-24 00:22:24.569: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-07-24 00:22:24.569: debug: Check RFC5011 status
-2008-07-24 00:22:24.569: debug: ->ksk5011status returns 0
-2008-07-24 00:22:24.569: debug: Check KSK status
-2008-07-24 00:22:24.570: debug: Check ZSK status
-2008-07-24 00:22:24.570: debug: Re-signing necessary: Option -f
-2008-07-24 00:22:24.570: notice: "sub.example.net.": re-signing triggered: Option -f
-2008-07-24 00:22:24.570: debug: Writing key file "./sub.example.net./dnskey.db"
-2008-07-24 00:22:24.570: debug: Signing zone "sub.example.net."
-2008-07-24 00:22:24.571: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
-2008-07-24 00:22:25.147: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-24 00:22:25.148: debug: Signing completed after 1s.
-2008-07-24 00:22:25.148: error: exec of distribution command ./dist.sh forbidden due to strange file mode settings
-2008-07-24 00:22:25.148: debug: not running distribution command ./dist.sh because of strange file mode settings
-2008-07-24 00:22:25.148: debug:
-2008-07-24 00:22:25.148: debug: parsing zone "example.net." in dir "./example.net."
-2008-07-24 00:22:25.148: debug: Check RFC5011 status
-2008-07-24 00:22:25.148: debug: ->ksk5011status returns 2
-2008-07-24 00:22:25.148: debug: Check ZSK status
-2008-07-24 00:22:25.149: debug: Re-signing necessary: Option -f
-2008-07-24 00:22:25.149: notice: "example.net.": re-signing triggered: Option -f
-2008-07-24 00:22:25.149: debug: Writing key file "./example.net./dnskey.db"
-2008-07-24 00:22:25.150: debug: Incrementing serial number in file "./example.net./zone.db"
-2008-07-24 00:22:25.150: debug: Signing zone "example.net."
-2008-07-24 00:22:25.150: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
-2008-07-24 00:22:25.271: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-24 00:22:25.271: debug: Signing completed after 0s.
-2008-07-24 00:22:25.271: error: exec of distribution command ./dist.sh forbidden due to strange file mode settings
-2008-07-24 00:22:25.271: debug: not running distribution command ./dist.sh because of strange file mode settings
-2008-07-24 00:22:25.271: debug:
-2008-07-24 00:22:25.271: notice: end of run: 2 errors occured
-2008-07-24 00:23:08.907: notice: ------------------------------------------------------------
-2008-07-24 00:23:08.907: notice: running ../../dnssec-signer -r -f -v -v
-2008-07-24 00:23:08.909: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-07-24 00:23:08.909: debug: Check RFC5011 status
-2008-07-24 00:23:08.909: debug: ->ksk5011status returns 0
-2008-07-24 00:23:08.909: debug: Check KSK status
-2008-07-24 00:23:08.909: debug: Check ZSK status
-2008-07-24 00:23:08.909: debug: Re-signing necessary: Option -f
-2008-07-24 00:23:08.909: notice: "sub.example.net.": re-signing triggered: Option -f
-2008-07-24 00:23:08.909: debug: Writing key file "./sub.example.net./dnskey.db"
-2008-07-24 00:23:08.910: debug: Signing zone "sub.example.net."
-2008-07-24 00:23:08.910: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
-2008-07-24 00:23:09.510: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-24 00:23:09.510: debug: Signing completed after 1s.
-2008-07-24 00:23:09.511: notice: "sub.example.net.": distribution triggered
-2008-07-24 00:23:09.511: debug: Distribute zone "sub.example.net."
-2008-07-24 00:23:09.511: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
-2008-07-24 00:23:09.517: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./"
-2008-07-24 00:23:09.517: debug:
-2008-07-24 00:23:09.517: debug: parsing zone "example.net." in dir "./example.net."
-2008-07-24 00:23:09.517: debug: Check RFC5011 status
-2008-07-24 00:23:09.517: debug: ->ksk5011status returns 2
-2008-07-24 00:23:09.517: debug: Check ZSK status
-2008-07-24 00:23:09.517: debug: Re-signing necessary: Option -f
-2008-07-24 00:23:09.517: notice: "example.net.": re-signing triggered: Option -f
-2008-07-24 00:23:09.517: debug: Writing key file "./example.net./dnskey.db"
-2008-07-24 00:23:09.518: debug: Incrementing serial number in file "./example.net./zone.db"
-2008-07-24 00:23:09.518: debug: Signing zone "example.net."
-2008-07-24 00:23:09.518: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
-2008-07-24 00:23:09.633: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-24 00:23:09.633: debug: Signing completed after 0s.
-2008-07-24 00:23:09.634: notice: "example.net.": distribution triggered
-2008-07-24 00:23:09.634: debug: Distribute zone "example.net."
-2008-07-24 00:23:09.634: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
-2008-07-24 00:23:09.640: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./"
-2008-07-24 00:23:09.640: debug:
-2008-07-24 00:23:09.640: notice: end of run: 0 errors occured
-2008-07-24 00:33:30.818: notice: ------------------------------------------------------------
-2008-07-24 00:33:30.818: notice: running ../../dnssec-signer -r -f -v -v
-2008-07-24 00:33:30.820: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-07-24 00:33:30.820: debug: Check RFC5011 status
-2008-07-24 00:33:30.821: debug: ->ksk5011status returns 0
-2008-07-24 00:33:30.821: debug: Check KSK status
-2008-07-24 00:33:30.821: debug: Check ZSK status
-2008-07-24 00:33:30.821: debug: Re-signing necessary: Option -f
-2008-07-24 00:33:30.821: notice: "sub.example.net.": re-signing triggered: Option -f
-2008-07-24 00:33:30.821: debug: Writing key file "./sub.example.net./dnskey.db"
-2008-07-24 00:33:30.822: debug: Signing zone "sub.example.net."
-2008-07-24 00:33:30.822: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
-2008-07-24 00:33:31.320: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-24 00:33:31.320: debug: Signing completed after 1s.
-2008-07-24 00:33:31.320: error: exec of distribution command ./dist.sh forbidden due to running as root
-2008-07-24 00:33:31.320: debug: Not running distribution command ./dist.sh as root
-2008-07-24 00:33:31.320: debug:
-2008-07-24 00:33:31.320: debug: parsing zone "example.net." in dir "./example.net."
-2008-07-24 00:33:31.320: debug: Check RFC5011 status
-2008-07-24 00:33:31.320: debug: ->ksk5011status returns 2
-2008-07-24 00:33:31.320: debug: Check ZSK status
-2008-07-24 00:33:31.320: debug: Re-signing necessary: Option -f
-2008-07-24 00:33:31.320: notice: "example.net.": re-signing triggered: Option -f
-2008-07-24 00:33:31.320: debug: Writing key file "./example.net./dnskey.db"
-2008-07-24 00:33:31.321: debug: Incrementing serial number in file "./example.net./zone.db"
-2008-07-24 00:33:31.321: debug: Signing zone "example.net."
-2008-07-24 00:33:31.321: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
-2008-07-24 00:33:31.443: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-24 00:33:31.443: debug: Signing completed after 0s.
-2008-07-24 00:33:31.443: error: exec of distribution command ./dist.sh forbidden due to running as root
-2008-07-24 00:33:31.443: debug: Not running distribution command ./dist.sh as root
-2008-07-24 00:33:31.443: debug:
-2008-07-24 00:33:31.443: notice: end of run: 2 errors occured
-2008-07-24 23:21:55.189: notice: ------------------------------------------------------------
-2008-07-24 23:21:55.189: notice: running ../../dnssec-signer -r -v -v
-2008-07-24 23:21:55.196: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-07-24 23:21:55.196: debug: Check RFC5011 status
-2008-07-24 23:21:55.196: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2008-07-24 23:21:55.196: debug: Check KSK status
-2008-07-24 23:21:55.196: debug: Check ZSK status
-2008-07-24 23:21:55.196: debug: Re-signing not necessary!
-2008-07-24 23:21:55.196: debug: Check if there is a parent file to copy
-2008-07-24 23:21:55.196: debug:
-2008-07-24 23:21:55.196: debug: parsing zone "example.net." in dir "./example.net."
-2008-07-24 23:21:55.196: debug: Check RFC5011 status
-2008-07-24 23:21:55.196: debug: Check ZSK status
-2008-07-24 23:21:55.196: debug: Lifetime(29100 sec) of depreciated key 16682 exceeded (83278 sec)
-2008-07-24 23:21:55.196: info: "example.net.": old ZSK 16682 removed
-2008-07-24 23:21:55.196: debug: ->remove it
-2008-07-24 23:21:55.196: debug: Re-signing necessary: New zone key
-2008-07-24 23:21:55.197: notice: "example.net.": re-signing triggered: New zone key
-2008-07-24 23:21:55.197: debug: Writing key file "./example.net./dnskey.db"
-2008-07-24 23:21:55.197: debug: Incrementing serial number in file "./example.net./zone.db"
-2008-07-24 23:21:55.197: debug: Signing zone "example.net."
-2008-07-24 23:21:55.197: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
-2008-07-24 23:21:55.873: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-24 23:21:55.873: debug: Signing completed after 0s.
-2008-07-24 23:21:55.873: debug: Distribution command ./dist.sh not run as root
-2008-07-24 23:21:55.873: error: exec of distribution command ./dist.sh suppressed because of security reasons
-2008-07-24 23:21:55.873: debug:
-2008-07-24 23:21:55.874: notice: end of run: 1 error occured
-2008-07-24 23:23:06.278: notice: ------------------------------------------------------------
-2008-07-24 23:23:06.278: notice: running ../../dnssec-signer -r -v -v
-2008-07-24 23:23:06.279: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-07-24 23:23:06.280: debug: Check RFC5011 status
-2008-07-24 23:23:06.280: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2008-07-24 23:23:06.280: debug: Check KSK status
-2008-07-24 23:23:06.280: debug: Check ZSK status
-2008-07-24 23:23:06.280: debug: Re-signing not necessary!
-2008-07-24 23:23:06.280: debug: Check if there is a parent file to copy
-2008-07-24 23:23:06.280: debug:
-2008-07-24 23:23:06.280: debug: parsing zone "example.net." in dir "./example.net."
-2008-07-24 23:23:06.280: debug: Check RFC5011 status
-2008-07-24 23:23:06.280: debug: Check ZSK status
-2008-07-24 23:23:06.280: debug: Re-signing not necessary!
-2008-07-24 23:23:06.280: debug: Check if there is a parent file to copy
-2008-07-24 23:23:06.280: debug:
-2008-07-24 23:23:06.280: notice: end of run: 0 errors occured
-2008-07-24 23:25:21.930: notice: ------------------------------------------------------------
-2008-07-24 23:25:21.930: notice: running ../../dnssec-signer -r -v -v
-2008-07-24 23:25:21.932: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-07-24 23:25:21.932: debug: Check RFC5011 status
-2008-07-24 23:25:21.932: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2008-07-24 23:25:21.932: debug: Check KSK status
-2008-07-24 23:25:21.932: debug: Check ZSK status
-2008-07-24 23:25:21.932: debug: Re-signing not necessary!
-2008-07-24 23:25:21.932: debug: Check if there is a parent file to copy
-2008-07-24 23:25:21.932: debug:
-2008-07-24 23:25:21.932: debug: parsing zone "example.net." in dir "./example.net."
-2008-07-24 23:25:21.932: debug: Check RFC5011 status
-2008-07-24 23:25:21.932: debug: Check ZSK status
-2008-07-24 23:25:21.932: debug: Re-signing not necessary!
-2008-07-24 23:25:21.932: debug: Check if there is a parent file to copy
-2008-07-24 23:25:21.932: debug:
-2008-07-24 23:25:21.932: notice: end of run: 0 errors occured
-2008-07-24 23:25:39.009: notice: ------------------------------------------------------------
-2008-07-24 23:25:39.009: notice: running ../../dnssec-signer -f -r -v -v
-2008-07-24 23:25:39.011: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-07-24 23:25:39.011: debug: Check RFC5011 status
-2008-07-24 23:25:39.011: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2008-07-24 23:25:39.011: debug: Check KSK status
-2008-07-24 23:25:39.011: debug: Check ZSK status
-2008-07-24 23:25:39.011: debug: Re-signing necessary: Option -f
-2008-07-24 23:25:39.011: notice: "sub.example.net.": re-signing triggered: Option -f
-2008-07-24 23:25:39.011: debug: Writing key file "./sub.example.net./dnskey.db"
-2008-07-24 23:25:39.011: debug: Signing zone "sub.example.net."
-2008-07-24 23:25:39.012: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
-2008-07-24 23:25:39.591: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-24 23:25:39.591: debug: Signing completed after 0s.
-2008-07-24 23:25:39.591: debug: Distribution command ./dist.sh not run as root
-2008-07-24 23:25:39.591: error: exec of distribution command ./dist.sh suppressed because of security reasons
-2008-07-24 23:25:39.592: debug:
-2008-07-24 23:25:39.592: debug: parsing zone "example.net." in dir "./example.net."
-2008-07-24 23:25:39.592: debug: Check RFC5011 status
-2008-07-24 23:25:39.592: debug: Check ZSK status
-2008-07-24 23:25:39.592: debug: Re-signing necessary: Option -f
-2008-07-24 23:25:39.592: notice: "example.net.": re-signing triggered: Option -f
-2008-07-24 23:25:39.592: debug: Writing key file "./example.net./dnskey.db"
-2008-07-24 23:25:39.592: debug: Incrementing serial number in file "./example.net./zone.db"
-2008-07-24 23:25:39.592: debug: Signing zone "example.net."
-2008-07-24 23:25:39.592: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
-2008-07-24 23:25:39.703: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-24 23:25:39.703: debug: Signing completed after 0s.
-2008-07-24 23:25:39.703: debug: Distribution command ./dist.sh not run as root
-2008-07-24 23:25:39.703: error: exec of distribution command ./dist.sh suppressed because of security reasons
-2008-07-24 23:25:39.703: debug:
-2008-07-24 23:25:39.703: notice: end of run: 2 errors occured
-2008-07-24 23:28:16.436: notice: ------------------------------------------------------------
-2008-07-24 23:28:16.436: notice: running ../../dnssec-signer -r -f -v -v
-2008-07-24 23:28:16.438: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-07-24 23:28:16.438: debug: Check RFC5011 status
-2008-07-24 23:28:16.438: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2008-07-24 23:28:16.438: debug: Check KSK status
-2008-07-24 23:28:16.438: debug: Check ZSK status
-2008-07-24 23:28:16.438: debug: Re-signing necessary: Option -f
-2008-07-24 23:28:16.438: notice: "sub.example.net.": re-signing triggered: Option -f
-2008-07-24 23:28:16.438: debug: Writing key file "./sub.example.net./dnskey.db"
-2008-07-24 23:28:16.438: debug: Signing zone "sub.example.net."
-2008-07-24 23:28:16.439: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
-2008-07-24 23:28:17.008: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-24 23:28:17.008: debug: Signing completed after 1s.
-2008-07-24 23:28:17.009: notice: "sub.example.net.": distribution triggered
-2008-07-24 23:28:17.009: debug: Distribute zone "sub.example.net."
-2008-07-24 23:28:17.009: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
-2008-07-24 23:28:17.015: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./"
-2008-07-24 23:28:17.015: debug:
-2008-07-24 23:28:17.015: debug: parsing zone "example.net." in dir "./example.net."
-2008-07-24 23:28:17.015: debug: Check RFC5011 status
-2008-07-24 23:28:17.015: debug: Check ZSK status
-2008-07-24 23:28:17.015: debug: Re-signing necessary: Option -f
-2008-07-24 23:28:17.015: notice: "example.net.": re-signing triggered: Option -f
-2008-07-24 23:28:17.015: debug: Writing key file "./example.net./dnskey.db"
-2008-07-24 23:28:17.016: debug: Incrementing serial number in file "./example.net./zone.db"
-2008-07-24 23:28:17.016: debug: Signing zone "example.net."
-2008-07-24 23:28:17.016: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
-2008-07-24 23:28:17.132: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-24 23:28:17.132: debug: Signing completed after 0s.
-2008-07-24 23:28:17.132: notice: "example.net.": distribution triggered
-2008-07-24 23:28:17.132: debug: Distribute zone "example.net."
-2008-07-24 23:28:17.132: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
-2008-07-24 23:28:17.138: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./"
-2008-07-24 23:28:17.138: debug:
-2008-07-24 23:28:17.138: notice: end of run: 0 errors occured
-2008-07-24 23:31:17.354: notice: ------------------------------------------------------------
-2008-07-24 23:31:17.354: notice: running ../../dnssec-signer -r -f -v -v
-2008-07-24 23:31:17.364: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-07-24 23:31:17.364: debug: Check RFC5011 status
-2008-07-24 23:31:17.364: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2008-07-24 23:31:17.364: debug: Check KSK status
-2008-07-24 23:31:17.364: debug: Check ZSK status
-2008-07-24 23:31:17.364: debug: Re-signing necessary: Option -f
-2008-07-24 23:31:17.364: notice: "sub.example.net.": re-signing triggered: Option -f
-2008-07-24 23:31:17.364: debug: Writing key file "./sub.example.net./dnskey.db"
-2008-07-24 23:31:17.364: debug: Signing zone "sub.example.net."
-2008-07-24 23:31:17.364: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
-2008-07-24 23:31:18.032: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-24 23:31:18.032: debug: Signing completed after 1s.
-2008-07-24 23:31:18.032: notice: "sub.example.net.": distribution triggered
-2008-07-24 23:31:18.032: debug: Distribute zone "sub.example.net."
-2008-07-24 23:31:18.032: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
-2008-07-24 23:31:18.039: debug: ./dist.sh reload return: "rndc reload "
-2008-07-24 23:31:18.039: debug:
-2008-07-24 23:31:18.039: debug: parsing zone "example.net." in dir "./example.net."
-2008-07-24 23:31:18.039: debug: Check RFC5011 status
-2008-07-24 23:31:18.039: debug: Check ZSK status
-2008-07-24 23:31:18.039: debug: Re-signing necessary: Option -f
-2008-07-24 23:31:18.039: notice: "example.net.": re-signing triggered: Option -f
-2008-07-24 23:31:18.039: debug: Writing key file "./example.net./dnskey.db"
-2008-07-24 23:31:18.040: debug: Incrementing serial number in file "./example.net./zone.db"
-2008-07-24 23:31:18.040: debug: Signing zone "example.net."
-2008-07-24 23:31:18.040: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
-2008-07-24 23:31:18.155: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-24 23:31:18.155: debug: Signing completed after 0s.
-2008-07-24 23:31:18.155: notice: "example.net.": distribution triggered
-2008-07-24 23:31:18.155: debug: Distribute zone "example.net."
-2008-07-24 23:31:18.155: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
-2008-07-24 23:31:18.161: debug: ./dist.sh reload return: "rndc reload "
-2008-07-24 23:31:18.161: debug:
-2008-07-24 23:31:18.162: notice: end of run: 0 errors occured
-2008-07-24 23:31:28.467: notice: ------------------------------------------------------------
-2008-07-24 23:31:28.467: notice: running ../../dnssec-signer -r -f -v -v
-2008-07-24 23:31:28.470: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-07-24 23:31:28.470: debug: Check RFC5011 status
-2008-07-24 23:31:28.470: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2008-07-24 23:31:28.470: debug: Check KSK status
-2008-07-24 23:31:28.470: debug: Check ZSK status
-2008-07-24 23:31:28.470: debug: Re-signing necessary: Option -f
-2008-07-24 23:31:28.470: notice: "sub.example.net.": re-signing triggered: Option -f
-2008-07-24 23:31:28.470: debug: Writing key file "./sub.example.net./dnskey.db"
-2008-07-24 23:31:28.471: debug: Signing zone "sub.example.net."
-2008-07-24 23:31:28.471: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
-2008-07-24 23:31:29.058: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-24 23:31:29.059: debug: Signing completed after 1s.
-2008-07-24 23:31:29.059: notice: "sub.example.net.": distribution triggered
-2008-07-24 23:31:29.059: debug: Distribute zone "sub.example.net."
-2008-07-24 23:31:29.059: debug: Run cmd "./dist.sh distribute sub.example.net. ./sub.example.net./zone.db.signed"
-2008-07-24 23:31:29.066: debug: ./dist.sh distribute return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./"
-2008-07-24 23:31:29.066: notice: scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./: distribution triggered
-2008-07-24 23:31:29.066: debug: Distribute zone scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./
-2008-07-24 23:31:29.066: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
-2008-07-24 23:31:29.072: debug: ./dist.sh reload return: "rndc reload "
-2008-07-24 23:31:29.072: debug:
-2008-07-24 23:31:29.073: debug: parsing zone "example.net." in dir "./example.net."
-2008-07-24 23:31:29.073: debug: Check RFC5011 status
-2008-07-24 23:31:29.073: debug: Check ZSK status
-2008-07-24 23:31:29.073: debug: Re-signing necessary: Option -f
-2008-07-24 23:31:29.073: notice: "example.net.": re-signing triggered: Option -f
-2008-07-24 23:31:29.073: debug: Writing key file "./example.net./dnskey.db"
-2008-07-24 23:31:29.074: debug: Incrementing serial number in file "./example.net./zone.db"
-2008-07-24 23:31:29.074: debug: Signing zone "example.net."
-2008-07-24 23:31:29.075: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
-2008-07-24 23:31:29.204: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-24 23:31:29.204: debug: Signing completed after 0s.
-2008-07-24 23:31:29.204: notice: "example.net.": distribution triggered
-2008-07-24 23:31:29.204: debug: Distribute zone "example.net."
-2008-07-24 23:31:29.205: debug: Run cmd "./dist.sh distribute example.net. ./example.net./zone.db.signed"
-2008-07-24 23:31:29.211: debug: ./dist.sh distribute return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./"
-2008-07-24 23:31:29.211: notice: scp ./example.net./zone.db.signed localhost:/var/named/example.net./: distribution triggered
-2008-07-24 23:31:29.211: debug: Distribute zone scp ./example.net./zone.db.signed localhost:/var/named/example.net./
-2008-07-24 23:31:29.211: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
-2008-07-24 23:31:29.217: debug: ./dist.sh reload return: "rndc reload "
-2008-07-24 23:31:29.217: debug:
-2008-07-24 23:31:29.217: notice: end of run: 0 errors occured
-2008-07-24 23:35:48.844: notice: ------------------------------------------------------------
-2008-07-24 23:35:48.844: notice: running ../../dnssec-signer -r -f -v -v
-2008-07-24 23:35:48.846: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-07-24 23:35:48.846: debug: Check RFC5011 status
-2008-07-24 23:35:48.846: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2008-07-24 23:35:48.846: debug: Check KSK status
-2008-07-24 23:35:48.846: debug: Check ZSK status
-2008-07-24 23:35:48.846: debug: Re-signing necessary: Option -f
-2008-07-24 23:35:48.846: notice: "sub.example.net.": re-signing triggered: Option -f
-2008-07-24 23:35:48.846: debug: Writing key file "./sub.example.net./dnskey.db"
-2008-07-24 23:35:48.846: debug: Signing zone "sub.example.net."
-2008-07-24 23:35:48.846: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
-2008-07-24 23:35:49.455: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-24 23:35:49.455: debug: Signing completed after 1s.
-2008-07-24 23:35:49.455: notice: "sub.example.net.": distribution triggered
-2008-07-24 23:35:49.455: debug: Distribute zone "sub.example.net."
-2008-07-24 23:35:49.455: debug: Run cmd "./dist.sh distribute sub.example.net. ./sub.example.net./zone.db.signed"
-2008-07-24 23:35:49.462: notice: "sub.example.net.": distribution triggered
-2008-07-24 23:35:49.462: debug: Distribute zone "sub.example.net."
-2008-07-24 23:35:49.462: debug: ./dist.sh distribute return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./"
-2008-07-24 23:35:49.462: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
-2008-07-24 23:35:49.468: notice: "sub.example.net.": reload triggered
-2008-07-24 23:35:49.468: debug: Reload zone "sub.example.net."
-2008-07-24 23:35:49.468: debug: ./dist.sh reload return: "rndc reload "
-2008-07-24 23:35:49.468: debug:
-2008-07-24 23:35:49.468: debug: parsing zone "example.net." in dir "./example.net."
-2008-07-24 23:35:49.468: debug: Check RFC5011 status
-2008-07-24 23:35:49.469: debug: Check ZSK status
-2008-07-24 23:35:49.469: debug: Re-signing necessary: Option -f
-2008-07-24 23:35:49.469: notice: "example.net.": re-signing triggered: Option -f
-2008-07-24 23:35:49.469: debug: Writing key file "./example.net./dnskey.db"
-2008-07-24 23:35:49.470: debug: Incrementing serial number in file "./example.net./zone.db"
-2008-07-24 23:35:49.470: debug: Signing zone "example.net."
-2008-07-24 23:35:49.470: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
-2008-07-24 23:35:49.600: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-24 23:35:49.600: debug: Signing completed after 0s.
-2008-07-24 23:35:49.600: notice: "example.net.": distribution triggered
-2008-07-24 23:35:49.600: debug: Distribute zone "example.net."
-2008-07-24 23:35:49.600: debug: Run cmd "./dist.sh distribute example.net. ./example.net./zone.db.signed"
-2008-07-24 23:35:49.606: notice: "example.net.": distribution triggered
-2008-07-24 23:35:49.606: debug: Distribute zone "example.net."
-2008-07-24 23:35:49.606: debug: ./dist.sh distribute return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./"
-2008-07-24 23:35:49.606: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
-2008-07-24 23:35:49.613: notice: "example.net.": reload triggered
-2008-07-24 23:35:49.613: debug: Reload zone "example.net."
-2008-07-24 23:35:49.613: debug: ./dist.sh reload return: "rndc reload "
-2008-07-24 23:35:49.613: debug:
-2008-07-24 23:35:49.613: notice: end of run: 0 errors occured
-2008-07-24 23:37:41.081: notice: ------------------------------------------------------------
-2008-07-24 23:37:41.081: notice: running ../../dnssec-signer -r -f -v -v
-2008-07-24 23:37:41.083: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-07-24 23:37:41.083: debug: Check RFC5011 status
-2008-07-24 23:37:41.083: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2008-07-24 23:37:41.083: debug: Check KSK status
-2008-07-24 23:37:41.083: debug: Check ZSK status
-2008-07-24 23:37:41.083: debug: Re-signing necessary: Option -f
-2008-07-24 23:37:41.083: notice: "sub.example.net.": re-signing triggered: Option -f
-2008-07-24 23:37:41.083: debug: Writing key file "./sub.example.net./dnskey.db"
-2008-07-24 23:37:41.084: debug: Signing zone "sub.example.net."
-2008-07-24 23:37:41.084: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
-2008-07-24 23:37:41.688: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-24 23:37:41.688: debug: Signing completed after 0s.
-2008-07-24 23:37:41.689: notice: "sub.example.net.": distribution triggered
-2008-07-24 23:37:41.689: debug: Distribute zone "sub.example.net."
-2008-07-24 23:37:41.689: debug: Run cmd "./dist.sh distribute sub.example.net. ./sub.example.net./zone.db.signed"
-2008-07-24 23:37:41.695: debug: ./dist.sh distribute return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./"
-2008-07-24 23:37:41.695: notice: "sub.example.net.": reload triggered
-2008-07-24 23:37:41.695: debug: Reload zone "sub.example.net."
-2008-07-24 23:37:41.695: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
-2008-07-24 23:37:41.701: debug: ./dist.sh reload return: "rndc reload "
-2008-07-24 23:37:41.701: debug:
-2008-07-24 23:37:41.701: debug: parsing zone "example.net." in dir "./example.net."
-2008-07-24 23:37:41.701: debug: Check RFC5011 status
-2008-07-24 23:37:41.701: debug: Check ZSK status
-2008-07-24 23:37:41.701: debug: Re-signing necessary: Option -f
-2008-07-24 23:37:41.701: notice: "example.net.": re-signing triggered: Option -f
-2008-07-24 23:37:41.701: debug: Writing key file "./example.net./dnskey.db"
-2008-07-24 23:37:41.702: debug: Incrementing serial number in file "./example.net./zone.db"
-2008-07-24 23:37:41.702: debug: Signing zone "example.net."
-2008-07-24 23:37:41.702: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
-2008-07-24 23:37:41.823: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-24 23:37:41.824: debug: Signing completed after 0s.
-2008-07-24 23:37:41.824: notice: "example.net.": distribution triggered
-2008-07-24 23:37:41.824: debug: Distribute zone "example.net."
-2008-07-24 23:37:41.824: debug: Run cmd "./dist.sh distribute example.net. ./example.net./zone.db.signed"
-2008-07-24 23:37:41.830: debug: ./dist.sh distribute return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./"
-2008-07-24 23:37:41.831: notice: "example.net.": reload triggered
-2008-07-24 23:37:41.831: debug: Reload zone "example.net."
-2008-07-24 23:37:41.831: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
-2008-07-24 23:37:41.837: debug: ./dist.sh reload return: "rndc reload "
-2008-07-24 23:37:41.837: debug:
-2008-07-24 23:37:41.837: notice: end of run: 0 errors occured
-2008-07-24 23:37:51.742: notice: ------------------------------------------------------------
-2008-07-24 23:37:51.742: notice: running ../../dnssec-signer -r -f -v
-2008-07-24 23:37:51.744: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-07-24 23:37:51.744: debug: Check RFC5011 status
-2008-07-24 23:37:51.744: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2008-07-24 23:37:51.744: debug: Check KSK status
-2008-07-24 23:37:51.744: debug: Check ZSK status
-2008-07-24 23:37:51.744: debug: Re-signing necessary: Option -f
-2008-07-24 23:37:51.744: notice: "sub.example.net.": re-signing triggered: Option -f
-2008-07-24 23:37:51.744: debug: Writing key file "./sub.example.net./dnskey.db"
-2008-07-24 23:37:51.745: debug: Signing zone "sub.example.net."
-2008-07-24 23:37:51.745: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
-2008-07-24 23:37:52.263: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-24 23:37:52.264: debug: Signing completed after 1s.
-2008-07-24 23:37:52.264: notice: "sub.example.net.": distribution triggered
-2008-07-24 23:37:52.264: debug: Distribute zone "sub.example.net."
-2008-07-24 23:37:52.264: debug: Run cmd "./dist.sh distribute sub.example.net. ./sub.example.net./zone.db.signed"
-2008-07-24 23:37:52.270: debug: ./dist.sh distribute return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./"
-2008-07-24 23:37:52.271: notice: "sub.example.net.": reload triggered
-2008-07-24 23:37:52.271: debug: Reload zone "sub.example.net."
-2008-07-24 23:37:52.271: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
-2008-07-24 23:37:52.276: debug: ./dist.sh reload return: "rndc reload "
-2008-07-24 23:37:52.277: debug:
-2008-07-24 23:37:52.277: debug: parsing zone "example.net." in dir "./example.net."
-2008-07-24 23:37:52.277: debug: Check RFC5011 status
-2008-07-24 23:37:52.277: debug: Check ZSK status
-2008-07-24 23:37:52.277: debug: Re-signing necessary: Option -f
-2008-07-24 23:37:52.277: notice: "example.net.": re-signing triggered: Option -f
-2008-07-24 23:37:52.277: debug: Writing key file "./example.net./dnskey.db"
-2008-07-24 23:37:52.277: debug: Incrementing serial number in file "./example.net./zone.db"
-2008-07-24 23:37:52.277: debug: Signing zone "example.net."
-2008-07-24 23:37:52.277: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
-2008-07-24 23:37:52.397: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-24 23:37:52.398: debug: Signing completed after 0s.
-2008-07-24 23:37:52.398: notice: "example.net.": distribution triggered
-2008-07-24 23:37:52.398: debug: Distribute zone "example.net."
-2008-07-24 23:37:52.398: debug: Run cmd "./dist.sh distribute example.net. ./example.net./zone.db.signed"
-2008-07-24 23:37:52.404: debug: ./dist.sh distribute return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./"
-2008-07-24 23:37:52.404: notice: "example.net.": reload triggered
-2008-07-24 23:37:52.404: debug: Reload zone "example.net."
-2008-07-24 23:37:52.404: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
-2008-07-24 23:37:52.410: debug: ./dist.sh reload return: "rndc reload "
-2008-07-24 23:37:52.410: debug:
-2008-07-24 23:37:52.410: notice: end of run: 0 errors occured
-2008-07-24 23:44:51.717: notice: ------------------------------------------------------------
-2008-07-24 23:44:51.717: notice: running ../../dnssec-signer -n -r -f -v
-2008-07-24 23:44:51.719: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-07-24 23:44:51.719: debug: Check RFC5011 status
-2008-07-24 23:44:51.719: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2008-07-24 23:44:51.719: debug: Check KSK status
-2008-07-24 23:44:51.720: debug: Check ZSK status
-2008-07-24 23:44:51.720: debug: Re-signing necessary: Option -f
-2008-07-24 23:44:51.720: notice: "sub.example.net.": re-signing triggered: Option -f
-2008-07-24 23:44:51.720: debug: Writing key file "./sub.example.net./dnskey.db"
-2008-07-24 23:44:51.720: debug: Signing zone "sub.example.net."
-2008-07-24 23:44:51.720: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
-2008-07-24 23:44:51.720: debug: Cmd dnssec-signzone return: ""
-2008-07-24 23:44:51.720: debug: Signing completed after 0s.
-2008-07-24 23:44:51.721: notice: "sub.example.net.": distribution triggered
-2008-07-24 23:44:51.721: debug: Distribute zone "sub.example.net."
-2008-07-24 23:44:51.721: debug: Run cmd "./dist.sh distribute sub.example.net. ./sub.example.net./zone.db.signed"
-2008-07-24 23:44:51.721: debug: ./dist.sh distribute return: ""
-2008-07-24 23:44:51.721: notice: "sub.example.net.": reload triggered
-2008-07-24 23:44:51.721: debug: Reload zone "sub.example.net."
-2008-07-24 23:44:51.721: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
-2008-07-24 23:44:51.721: debug: ./dist.sh reload return: ""
-2008-07-24 23:44:51.721: debug:
-2008-07-24 23:44:51.721: debug: parsing zone "example.net." in dir "./example.net."
-2008-07-24 23:44:51.721: debug: Check RFC5011 status
-2008-07-24 23:44:51.721: debug: Check ZSK status
-2008-07-24 23:44:51.721: debug: Re-signing necessary: Option -f
-2008-07-24 23:44:51.722: notice: "example.net.": re-signing triggered: Option -f
-2008-07-24 23:44:51.722: debug: Writing key file "./example.net./dnskey.db"
-2008-07-24 23:44:51.722: debug: Incrementing serial number in file "./example.net./zone.db"
-2008-07-24 23:44:51.722: notice: "example.net.": distribution triggered
-2008-07-24 23:44:51.722: debug: Distribute zone "example.net."
-2008-07-24 23:44:51.722: debug: Run cmd "./dist.sh distribute example.net. ./example.net./zone.db.signed"
-2008-07-24 23:44:51.722: debug: ./dist.sh distribute return: ""
-2008-07-24 23:44:51.722: notice: "example.net.": reload triggered
-2008-07-24 23:44:51.722: debug: Reload zone "example.net."
-2008-07-24 23:44:51.722: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
-2008-07-24 23:44:51.722: debug: ./dist.sh reload return: ""
-2008-07-24 23:44:51.723: debug:
-2008-07-24 23:44:51.723: notice: end of run: 0 errors occured
-2008-07-24 23:44:57.039: notice: ------------------------------------------------------------
-2008-07-24 23:44:57.040: notice: running ../../dnssec-signer -n -r -f -v -v
-2008-07-24 23:44:57.042: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-07-24 23:44:57.042: debug: Check RFC5011 status
-2008-07-24 23:44:57.042: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2008-07-24 23:44:57.042: debug: Check KSK status
-2008-07-24 23:44:57.042: debug: Check ZSK status
-2008-07-24 23:44:57.042: debug: Re-signing necessary: Option -f
-2008-07-24 23:44:57.042: notice: "sub.example.net.": re-signing triggered: Option -f
-2008-07-24 23:44:57.042: debug: Writing key file "./sub.example.net./dnskey.db"
-2008-07-24 23:44:57.042: debug: Signing zone "sub.example.net."
-2008-07-24 23:44:57.042: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
-2008-07-24 23:44:57.042: debug: Cmd dnssec-signzone return: ""
-2008-07-24 23:44:57.042: debug: Signing completed after 0s.
-2008-07-24 23:44:57.042: notice: "sub.example.net.": distribution triggered
-2008-07-24 23:44:57.042: debug: Distribute zone "sub.example.net."
-2008-07-24 23:44:57.042: debug: Run cmd "./dist.sh distribute sub.example.net. ./sub.example.net./zone.db.signed"
-2008-07-24 23:44:57.042: debug: ./dist.sh distribute return: ""
-2008-07-24 23:44:57.043: notice: "sub.example.net.": reload triggered
-2008-07-24 23:44:57.043: debug: Reload zone "sub.example.net."
-2008-07-24 23:44:57.043: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
-2008-07-24 23:44:57.043: debug: ./dist.sh reload return: ""
-2008-07-24 23:44:57.043: debug:
-2008-07-24 23:44:57.043: debug: parsing zone "example.net." in dir "./example.net."
-2008-07-24 23:44:57.043: debug: Check RFC5011 status
-2008-07-24 23:44:57.043: debug: Check ZSK status
-2008-07-24 23:44:57.043: debug: Re-signing necessary: Option -f
-2008-07-24 23:44:57.043: notice: "example.net.": re-signing triggered: Option -f
-2008-07-24 23:44:57.043: debug: Writing key file "./example.net./dnskey.db"
-2008-07-24 23:44:57.043: debug: Incrementing serial number in file "./example.net./zone.db"
-2008-07-24 23:44:57.043: notice: "example.net.": distribution triggered
-2008-07-24 23:44:57.043: debug: Distribute zone "example.net."
-2008-07-24 23:44:57.043: debug: Run cmd "./dist.sh distribute example.net. ./example.net./zone.db.signed"
-2008-07-24 23:44:57.043: debug: ./dist.sh distribute return: ""
-2008-07-24 23:44:57.043: notice: "example.net.": reload triggered
-2008-07-24 23:44:57.043: debug: Reload zone "example.net."
-2008-07-24 23:44:57.043: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
-2008-07-24 23:44:57.043: debug: ./dist.sh reload return: ""
-2008-07-24 23:44:57.043: debug:
-2008-07-24 23:44:57.043: notice: end of run: 0 errors occured
-2008-07-25 23:31:07.235: notice: ------------------------------------------------------------
-2008-07-25 23:31:07.236: notice: running ../../dnssec-signer -v -v
-2008-07-25 23:31:07.238: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-07-25 23:31:07.238: debug: Check RFC5011 status
-2008-07-25 23:31:07.238: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2008-07-25 23:31:07.238: debug: Check KSK status
-2008-07-25 23:31:07.238: debug: Check ZSK status
-2008-07-25 23:31:07.238: debug: Lifetime(259200 +/-150 sec) of active key 31081 exceeded (343229 sec)
-2008-07-25 23:31:07.239: debug: ->depreciate it
-2008-07-25 23:31:07.239: debug: ->activate published key 3615
-2008-07-25 23:31:07.239: notice: "sub.example.net.": lifetime of zone signing key 31081 exceeded: ZSK rollover done
-2008-07-25 23:31:07.239: debug: New published key needed
-2008-07-25 23:31:07.397: debug: ->creating new published key 4254
-2008-07-25 23:31:07.397: info: "sub.example.net.": new key 4254 generated for publishing
-2008-07-25 23:31:07.397: debug: Re-signing necessary: New zone key
-2008-07-25 23:31:07.397: notice: "sub.example.net.": re-signing triggered: New zone key
-2008-07-25 23:31:07.398: debug: Writing key file "./sub.example.net./dnskey.db"
-2008-07-25 23:31:07.398: debug: Signing zone "sub.example.net."
-2008-07-25 23:31:07.398: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
-2008-07-25 23:31:07.639: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-25 23:31:07.639: debug: Signing completed after 0s.
-2008-07-25 23:31:07.639: debug:
-2008-07-25 23:31:07.639: debug: parsing zone "example.net." in dir "./example.net."
-2008-07-25 23:31:07.639: debug: Check RFC5011 status
-2008-07-25 23:31:07.639: debug: Check ZSK status
-2008-07-25 23:31:07.639: debug: Re-signing necessary: Modified keys
-2008-07-25 23:31:07.639: notice: "example.net.": re-signing triggered: Modified keys
-2008-07-25 23:31:07.639: debug: Writing key file "./example.net./dnskey.db"
-2008-07-25 23:31:07.640: debug: Incrementing serial number in file "./example.net./zone.db"
-2008-07-25 23:31:07.640: debug: Signing zone "example.net."
-2008-07-25 23:31:07.640: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
-2008-07-25 23:31:07.783: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-25 23:31:07.783: debug: Signing completed after 0s.
-2008-07-25 23:31:07.783: debug:
-2008-07-25 23:31:07.783: notice: end of run: 0 errors occured
-2008-07-25 23:32:27.052: notice: ------------------------------------------------------------
-2008-07-25 23:32:27.052: notice: running ../../dnssec-signer -v -v
-2008-07-25 23:32:27.054: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-07-25 23:32:27.054: debug: Check RFC5011 status
-2008-07-25 23:32:27.054: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2008-07-25 23:32:27.054: debug: Check KSK status
-2008-07-25 23:32:27.054: debug: Check ZSK status
-2008-07-25 23:32:27.054: debug: Re-signing not necessary!
-2008-07-25 23:32:27.054: debug: Check if there is a parent file to copy
-2008-07-25 23:32:27.054: debug:
-2008-07-25 23:32:27.054: debug: parsing zone "example.net." in dir "./example.net."
-2008-07-25 23:32:27.054: debug: Check RFC5011 status
-2008-07-25 23:32:27.054: debug: Check ZSK status
-2008-07-25 23:32:27.054: debug: Re-signing not necessary!
-2008-07-25 23:32:27.054: debug: Check if there is a parent file to copy
-2008-07-25 23:32:27.057: debug:
-2008-07-25 23:32:27.057: notice: end of run: 0 errors occured
-2008-07-31 00:25:52.601: notice: ------------------------------------------------------------
-2008-07-31 00:25:52.601: notice: running ../../dnssec-signer -v -v
-2008-07-31 00:25:52.604: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-07-31 00:25:52.604: debug: Check RFC5011 status
-2008-07-31 00:25:52.604: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2008-07-31 00:25:52.604: debug: Check KSK status
-2008-07-31 00:25:52.604: debug: Check ZSK status
-2008-07-31 00:25:52.604: debug: Lifetime(390 sec) of depreciated key 31081 exceeded (435285 sec)
-2008-07-31 00:25:52.604: info: "sub.example.net.": old ZSK 31081 removed
-2008-07-31 00:25:52.605: debug: ->remove it
-2008-07-31 00:25:52.605: debug: Lifetime(259200 +/-150 sec) of active key 3615 exceeded (435285 sec)
-2008-07-31 00:25:52.605: debug: ->depreciate it
-2008-07-31 00:25:52.605: debug: ->activate published key 4254
-2008-07-31 00:25:52.605: notice: "sub.example.net.": lifetime of zone signing key 3615 exceeded: ZSK rollover done
-2008-07-31 00:25:52.605: debug: New key for publishing needed
-2008-07-31 00:25:53.128: debug: ->creating new key 56744
-2008-07-31 00:25:53.128: info: "sub.example.net.": new key 56744 generated for publishing
-2008-07-31 00:25:53.128: debug: Re-signing necessary: New zone key
-2008-07-31 00:25:53.128: notice: "sub.example.net.": re-signing triggered: New zone key
-2008-07-31 00:25:53.128: debug: Writing key file "./sub.example.net./dnskey.db"
-2008-07-31 00:25:53.128: debug: Signing zone "sub.example.net."
-2008-07-31 00:25:53.128: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
-2008-07-31 00:25:53.332: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-31 00:25:53.332: debug: Signing completed after 0s.
-2008-07-31 00:25:53.332: debug:
-2008-07-31 00:25:53.332: debug: parsing zone "example.net." in dir "./example.net."
-2008-07-31 00:25:53.332: debug: Check RFC5011 status
-2008-07-31 00:25:53.332: debug: Check ZSK status
-2008-07-31 00:25:53.332: debug: Re-signing necessary: re-signing interval (2d) reached
-2008-07-31 00:25:53.332: notice: "example.net.": re-signing triggered: re-signing interval (2d) reached
-2008-07-31 00:25:53.332: debug: Writing key file "./example.net./dnskey.db"
-2008-07-31 00:25:53.333: debug: Incrementing serial number in file "./example.net./zone.db"
-2008-07-31 00:25:53.333: debug: Signing zone "example.net."
-2008-07-31 00:25:53.333: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
-2008-07-31 00:25:53.477: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-31 00:25:53.477: debug: Signing completed after 0s.
-2008-07-31 00:25:53.477: debug:
-2008-07-31 00:25:53.477: notice: end of run: 0 errors occured
-2008-07-31 13:19:17.447: notice: ------------------------------------------------------------
-2008-07-31 13:19:17.447: notice: running ../../dnssec-signer -v -v
-2008-07-31 13:19:17.449: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
-2008-07-31 13:19:17.449: debug: Check RFC5011 status
-2008-07-31 13:19:17.450: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
-2008-07-31 13:19:17.450: debug: Check KSK status
-2008-07-31 13:19:17.450: debug: Check ZSK status
-2008-07-31 13:19:17.450: debug: Lifetime(390 sec) of depreciated key 3615 exceeded (46405 sec)
-2008-07-31 13:19:17.450: info: "sub.example.net.": old ZSK 3615 removed
-2008-07-31 13:19:17.450: debug: ->remove it
-2008-07-31 13:19:17.450: debug: Re-signing necessary: New zone key
-2008-07-31 13:19:17.451: notice: "sub.example.net.": re-signing triggered: New zone key
-2008-07-31 13:19:17.451: debug: Writing key file "./sub.example.net./dnskey.db"
-2008-07-31 13:19:17.451: debug: Signing zone "sub.example.net."
-2008-07-31 13:19:17.451: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
-2008-07-31 13:19:17.943: debug: Cmd dnssec-signzone return: "zone.db.signed"
-2008-07-31 13:19:17.944: debug: Signing completed after 0s.
-2008-07-31 13:19:17.944: debug:
-2008-07-31 13:19:17.944: debug: parsing zone "example.net." in dir "./example.net."
-2008-07-31 13:19:17.944: debug: Check RFC5011 status
-2008-07-31 13:19:17.944: debug: Check ZSK status
-2008-07-31 13:19:17.944: debug: Re-signing not necessary!
-2008-07-31 13:19:17.944: debug: Check if there is a parent file to copy
-2008-07-31 13:19:17.944: debug:
-2008-07-31 13:19:17.945: notice: end of run: 0 errors occured
+2008-12-18 01:02:56.187: notice: ------------------------------------------------------------
+2008-12-18 01:02:56.187: notice: running ../../dnssec-signer -v -v
+2008-12-18 01:02:56.589: debug: parsing zone "sub.example.net." in dir "./sub.example.net"
+2008-12-18 01:02:56.589: debug: Check RFC5011 status
+2008-12-18 01:02:56.589: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
+2008-12-18 01:02:56.589: debug: Check KSK status
+2008-12-18 01:02:56.589: debug: Check ZSK status
+2008-12-18 01:02:56.590: debug: Lifetime(390 sec) of depreciated key 45361 exceeded (124287 sec)
+2008-12-18 01:02:56.590: info: "sub.example.net.": old ZSK 45361 removed
+2008-12-18 01:02:56.604: debug: ->remove it
+2008-12-18 01:02:56.604: debug: Re-signing necessary: Modfied zone key set
+2008-12-18 01:02:56.604: notice: "sub.example.net.": re-signing triggered: Modfied zone key set
+2008-12-18 01:02:56.604: debug: Writing key file "./sub.example.net/dnskey.db"
+2008-12-18 01:02:56.605: debug: Signing zone "sub.example.net."
+2008-12-18 01:02:56.605: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -3 BE70E4 -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-12-18 01:02:56.970: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-12-18 01:02:56.971: debug: Signing completed after 0s.
+2008-12-18 01:02:56.971: debug:
+2008-12-18 01:02:56.971: debug: parsing zone "example.net." in dir "./example.net"
+2008-12-18 01:02:56.971: debug: Check RFC5011 status
+2008-12-18 01:02:56.971: debug: Check ZSK status
+2008-12-18 01:02:56.971: debug: Re-signing necessary: Zone file edited
+2008-12-18 01:02:56.971: notice: "example.net.": re-signing triggered: Zone file edited
+2008-12-18 01:02:56.972: debug: Writing key file "./example.net/dnskey.db"
+2008-12-18 01:02:56.972: debug: Incrementing serial number in file "./example.net/zone.db"
+2008-12-18 01:02:56.973: debug: Signing zone "example.net."
+2008-12-18 01:02:56.973: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
+2008-12-18 01:02:57.106: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-12-18 01:02:57.106: debug: Signing completed after 1s.
+2008-12-18 01:02:57.106: debug:
+2008-12-18 01:02:57.106: notice: end of run: 0 errors occured
+2008-12-18 01:03:01.191: notice: ------------------------------------------------------------
+2008-12-18 01:03:01.192: notice: running ../../dnssec-signer -d -v -v
+2008-12-18 01:03:01.194: debug: parsing zone "dyn.example.net." in dir "./dyn.example.net"
+2008-12-18 01:03:01.194: debug: Check RFC5011 status
+2008-12-18 01:03:01.194: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
+2008-12-18 01:03:01.194: debug: Check KSK status
+2008-12-18 01:03:01.194: warning: "dyn.example.net.": lifetime of key signing key 42138 exceeded since 10w4d3h1m4s
+2008-12-18 01:03:01.194: debug: Check ZSK status
+2008-12-18 01:03:01.195: debug: Lifetime(1209600 +/-150 sec) of active key 1355 exceeded (11588464 sec)
+2008-12-18 01:03:01.195: debug: ->depreciate it
+2008-12-18 01:03:01.195: debug: ->activate published key 10643
+2008-12-18 01:03:01.195: notice: "dyn.example.net.": lifetime of zone signing key 1355 exceeded: ZSK rollover done
+2008-12-18 01:03:01.196: debug: Re-signing necessary: Modfied zone key set
+2008-12-18 01:03:01.196: notice: "dyn.example.net.": re-signing triggered: Modfied zone key set
+2008-12-18 01:03:01.196: debug: Writing key file "./dyn.example.net/dnskey.db"
+2008-12-18 01:03:01.196: debug: Signing zone "dyn.example.net."
+2008-12-18 01:03:01.196: notice: "dyn.example.net.": freeze dynamic zone
+2008-12-18 01:03:01.196: debug: freeze dynamic zone "dyn.example.net."
+2008-12-18 01:03:01.197: debug: Run cmd "/usr/local/sbin/rndc freeze dyn.example.net."
+2008-12-18 01:03:01.628: debug: Dynamic Zone signing: copy old signed zone file ./dyn.example.net/zone.db.dsigned to new input file ./dyn.example.net/zone.db
+2008-12-18 01:03:01.653: debug: Run cmd "cd ./dyn.example.net; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o dyn.example.net. -e +518400 -N increment -f zone.db.dsigned zone.db K*.private"
+2008-12-18 01:03:01.792: debug: Cmd dnssec-signzone return: "zone.db.dsigned"
+2008-12-18 01:03:01.792: notice: "dyn.example.net.": thaw dynamic zone
+2008-12-18 01:03:01.792: debug: thaw dynamic zone "dyn.example.net."
+2008-12-18 01:03:01.792: debug: Run cmd "/usr/local/sbin/rndc thaw dyn.example.net."
+2008-12-18 01:03:01.802: debug: Signing completed after 0s.
+2008-12-18 01:03:01.802: debug:
+2008-12-18 01:03:01.802: notice: end of run: 0 errors occured
+2008-12-28 23:06:27.762: notice: ------------------------------------------------------------
+2008-12-28 23:06:27.762: notice: running ../../dnssec-signer -v -v
+2008-12-28 23:06:27.764: debug: parsing zone "sub.example.net." in dir "./sub.example.net"
+2008-12-28 23:06:27.765: debug: Check RFC5011 status
+2008-12-28 23:06:27.765: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
+2008-12-28 23:06:27.765: debug: Check KSK status
+2008-12-28 23:06:27.765: debug: Check ZSK status
+2008-12-28 23:06:27.765: debug: Lifetime(259200 +/-150 sec) of active key 22440 exceeded (1067698 sec)
+2008-12-28 23:06:27.765: debug: ->depreciate it
+2008-12-28 23:06:27.766: debug: ->activate published key 5823
+2008-12-28 23:06:27.766: notice: "sub.example.net.": lifetime of zone signing key 22440 exceeded: ZSK rollover done
+2008-12-28 23:06:27.766: debug: New key for publishing needed
+2008-12-28 23:06:28.696: debug: ->creating new key 4710
+2008-12-28 23:06:28.696: info: "sub.example.net.": new key 4710 generated for publishing
+2008-12-28 23:06:28.696: debug: Re-signing necessary: Modfied zone key set
+2008-12-28 23:06:28.696: notice: "sub.example.net.": re-signing triggered: Modfied zone key set
+2008-12-28 23:06:28.696: debug: Writing key file "./sub.example.net/dnskey.db"
+2008-12-28 23:06:28.697: debug: Signing zone "sub.example.net."
+2008-12-28 23:06:28.697: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -3 B9D9AA -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-12-28 23:06:28.804: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-12-28 23:06:28.804: debug: Signing completed after 0s.
+2008-12-28 23:06:28.804: debug:
+2008-12-28 23:06:28.804: debug: parsing zone "example.net." in dir "./example.net"
+2008-12-28 23:06:28.804: debug: Check RFC5011 status
+2008-12-28 23:06:28.804: debug: Check ZSK status
+2008-12-28 23:06:28.804: debug: Re-signing necessary: re-signing interval (2d) reached
+2008-12-28 23:06:28.804: notice: "example.net.": re-signing triggered: re-signing interval (2d) reached
+2008-12-28 23:06:28.804: debug: Writing key file "./example.net/dnskey.db"
+2008-12-28 23:06:28.805: debug: Incrementing serial number in file "./example.net/zone.db"
+2008-12-28 23:06:28.805: debug: Signing zone "example.net."
+2008-12-28 23:06:28.805: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
+2008-12-28 23:06:28.898: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-12-28 23:06:28.898: debug: Signing completed after 0s.
+2008-12-28 23:06:28.898: debug:
+2008-12-28 23:06:28.899: notice: end of run: 0 errors occured
+2008-12-28 23:07:39.896: notice: ------------------------------------------------------------
+2008-12-28 23:07:39.896: notice: running ../../dnssec-signer -v -v -N named.conf
+2008-12-28 23:07:39.899: debug: parsing zone "sub.example.net." in dir "././sub.example.net"
+2008-12-28 23:07:39.899: debug: Check RFC5011 status
+2008-12-28 23:07:39.899: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
+2008-12-28 23:07:39.899: debug: Check KSK status
+2008-12-28 23:07:39.899: debug: Check ZSK status
+2008-12-28 23:07:39.899: debug: Re-signing not necessary!
+2008-12-28 23:07:39.899: debug: Check if there is a parent file to copy
+2008-12-28 23:07:39.899: debug:
+2008-12-28 23:07:39.899: debug: parsing zone "example.net." in dir "././example.net"
+2008-12-28 23:07:39.899: debug: Check RFC5011 status
+2008-12-28 23:07:39.899: debug: Check ZSK status
+2008-12-28 23:07:39.899: debug: Re-signing not necessary!
+2008-12-28 23:07:39.899: debug: Check if there is a parent file to copy
+2008-12-28 23:07:39.899: debug:
+2008-12-28 23:07:39.899: notice: end of run: 0 errors occured
+2008-12-28 23:08:02.141: notice: ------------------------------------------------------------
+2008-12-28 23:08:02.141: notice: running ../../dnssec-signer -f -v -v -N named.conf
+2008-12-28 23:08:02.143: debug: parsing zone "sub.example.net." in dir "././sub.example.net"
+2008-12-28 23:08:02.143: debug: Check RFC5011 status
+2008-12-28 23:08:02.143: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
+2008-12-28 23:08:02.143: debug: Check KSK status
+2008-12-28 23:08:02.143: debug: Check ZSK status
+2008-12-28 23:08:02.143: debug: Re-signing necessary: Option -f
+2008-12-28 23:08:02.143: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-12-28 23:08:02.143: debug: Writing key file "././sub.example.net/dnskey.db"
+2008-12-28 23:08:02.144: debug: Signing zone "sub.example.net."
+2008-12-28 23:08:02.144: debug: Run cmd "cd ././sub.example.net; /usr/local/sbin/dnssec-signzone -3 B5EA98 -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-12-28 23:08:02.266: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-12-28 23:08:02.266: debug: Signing completed after 0s.
+2008-12-28 23:08:02.266: debug:
+2008-12-28 23:08:02.266: debug: parsing zone "example.net." in dir "././example.net"
+2008-12-28 23:08:02.266: debug: Check RFC5011 status
+2008-12-28 23:08:02.266: debug: Check ZSK status
+2008-12-28 23:08:02.266: debug: Re-signing necessary: Option -f
+2008-12-28 23:08:02.266: notice: "example.net.": re-signing triggered: Option -f
+2008-12-28 23:08:02.266: debug: Writing key file "././example.net/dnskey.db"
+2008-12-28 23:08:02.267: debug: Incrementing serial number in file "././example.net/zone.db"
+2008-12-28 23:08:02.267: debug: Signing zone "example.net."
+2008-12-28 23:08:02.267: debug: Run cmd "cd ././example.net; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
+2008-12-28 23:08:02.534: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-12-28 23:08:02.534: debug: Signing completed after 0s.
+2008-12-28 23:08:02.534: debug:
+2008-12-28 23:08:02.534: notice: end of run: 0 errors occured
diff --git a/contrib/zkt/examples/flat/zone.conf b/contrib/zkt/examples/flat/zone.conf
index 0ccc7f61..54487af2 100644
--- a/contrib/zkt/examples/flat/zone.conf
+++ b/contrib/zkt/examples/flat/zone.conf
@@ -1,10 +1,10 @@
zone "example.NET." in {
type master;
- file "example.net./zone.db.signed";
+ file "example.net/zone.db.signed";
};
zone "sub.example.NET." in {
type master;
- file "sub.example.net./zone.db.signed";
+ file "sub.example.net/zone.db.signed";
};
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+11867.key b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+11867.key
deleted file mode 100644
index a8242089..00000000
--- a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+11867.key
+++ /dev/null
@@ -1,3 +0,0 @@
-;% generationtime=20080717083652
-;% lifetime=28d
-example.de. IN DNSKEY 256 3 5 BQEAAAAByN2rMrazHwh+sNOv8cBef3HUotAQTS9QW4Y5NjNuyYNraJBA OqV8KSaGQqIhkh0ZD0oIm2h0JowdyERZVj6ZZQ==
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+11867.published b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+11867.published
deleted file mode 100644
index 87038163..00000000
--- a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+11867.published
+++ /dev/null
@@ -1,10 +0,0 @@
-Private-key-format: v1.2
-Algorithm: 5 (RSASHA1)
-Modulus: yN2rMrazHwh+sNOv8cBef3HUotAQTS9QW4Y5NjNuyYNraJBAOqV8KSaGQqIhkh0ZD0oIm2h0JowdyERZVj6ZZQ==
-PublicExponent: AQAAAAE=
-PrivateExponent: PUJ1+zrJn3r8Z+GcNmxwyHaNeLivsjSiSoGZu2FnlJHgHV3Kq5ZL+d5jeGpbPyW6Bc5z+NpkqGPuz/DG9C6OhQ==
-Prime1: 8NWUn++L7p45k/tgcIoVKWe9Jgwtn4m8K8PkNQG1H4s=
-Prime2: 1YPE6Nw/KsuDHPkM6NAqtnMWugaG9kDq348eSTkhSM8=
-Exponent1: tF/x51phYle6xgqBLw3ixmkQJCSpCa3F51pb/zGieV0=
-Exponent2: PeU/PmlccGmtux9ZC9rEdu/xmMERXZri3QdBtCzYDLs=
-Coefficient: gMF5l8BpGn2VBO7XqZNTJWOkx1lBOytfBc4y6yh+Cn8=
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+35672.key b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+35672.key
deleted file mode 100644
index 4836d51f..00000000
--- a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+35672.key
+++ /dev/null
@@ -1,3 +0,0 @@
-;% generationtime=20080608210458
-;% lifetime=28d
-example.de. IN DNSKEY 256 3 5 BQEAAAABnRJdmY7dzRKi93pVkLToV5FK4Ffm8YnY0c6IHKcAmb5t8FLv pNijniIclCPXTpfio+HNa59a4UA8jTdJb+kT0w==
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+35672.private b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+35672.private
deleted file mode 100644
index 3b1b32ec..00000000
--- a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+35672.private
+++ /dev/null
@@ -1,10 +0,0 @@
-Private-key-format: v1.2
-Algorithm: 5 (RSASHA1)
-Modulus: nRJdmY7dzRKi93pVkLToV5FK4Ffm8YnY0c6IHKcAmb5t8FLvpNijniIclCPXTpfio+HNa59a4UA8jTdJb+kT0w==
-PublicExponent: AQAAAAE=
-PrivateExponent: I2jMbjLfEzJ4iZHvXDTRZKM2/SXOLH9dTWkzH8zfbW+jzsKObfnt7/yJYaIHv0gQOvOAfQ46RutqryjQpLPtoQ==
-Prime1: 0TgZK52tc+JlhyG5229kjntpXP0enYcMqROdLM9lSoM=
-Prime2: wDFNEVHv0GDU7L7ZLPIuRewnHg9SHgSnQ+kOWDhZEHE=
-Exponent1: aVdC0HyDAG7bvUkwx468HhrL/00lGXQYvnxoKqV3/dU=
-Exponent2: quQ/NY7YkT3jYi649bQ9hsWDkaAoBf1FrIVPcf3FSXE=
-Coefficient: Td8UjaaoC44Qt0jCQ4uULI1YUQRNdPYH3024NghryrE=
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./dnskey.db b/contrib/zkt/examples/hierarchical/de./example.de./dnskey.db
deleted file mode 100644
index bd106bd7..00000000
--- a/contrib/zkt/examples/hierarchical/de./example.de./dnskey.db
+++ /dev/null
@@ -1,48 +0,0 @@
-;
-; !!! Don't edit this file by hand.
-; !!! It will be generated by dnssec-signer.
-;
-; Last generation time Jul 29 2008 12:44:06
-;
-
-; *** List of Key Signing Keys ***
-; example.de. tag=17439 algo=RSASHA1 generated Jun 19 2008 00:32:22
-example.de. 3600 IN DNSKEY 385 3 5 (
- BQEAAAABCyg92L7v21N3lc/gR07/2iLmvt6dUn1KKauLvmkRuT040XT+
- Rd3Iq20iq6BqVPsPS+hCOTRA3xikTIn5YzmPLPutIRtjIodHhsrML4D9
- Pp1dzgEDKWLam96v+E7KC0GGH/BI6/WelqeqjS5BjI4Gjv4roaTyDCi6
- 3oXwcMFDVwrSjws4A/5AGANka41Aky+UCGse6+64YmNP/QkSXDAeBZqw
- rw==
- ) ; key id = 17567 (original key id = 17439)
-
-; example.de. tag=41145 algo=RSASHA1 generated Jul 12 2008 00:10:00
-example.de. 3600 IN DNSKEY 257 3 5 (
- BQEAAAABDrm5aXRPuZOmwT4nINnY2qXyXWLtutggFAJgBW5Ua7uzAR+7
- r/DcOE7IfjnT5FQhbYXIuKy61uOEqPu1TYvDsGb1pseKSB4J0jmXDU9N
- tu9TDp6X6ZXE11+cFdATa4TPnsAUMSxVkLZanrbyACmcNr1gjT3dz6qI
- VBVPb5OnUldndbgtlOX3wcE0aR/MIsIjz1UQl/QoxbVclZVOUNdJQGb9
- zQ==
- ) ; key id = 41145
-
-; example.de. tag=59244 algo=RSASHA1 generated Jul 12 2008 00:10:00
-example.de. 3600 IN DNSKEY 257 3 5 (
- BQEAAAABDfaBERX9p+FUi1OXYVig7zLCQFZoRYpwDDuLzBcC7k+G1+wW
- dftyA1vBm5HMpyq0OifT0Hsez4+H+0CIWHZP8oPCYfKrq+wM2EgMzDDO
- Yv+O1TQU4i3G+iONxB1RAwH/J2lA+U0zCbrdf0KLq/enNquchhPw4gCX
- 0RB9HC+TkpoPf2u7aKFcjlpw4C4uhDl1s6FpfdXe6NQWW6c+ONUcLAEt
- +w==
- ) ; key id = 59244
-
-; *** List of Zone Signing Keys ***
-; example.de. tag=35672 algo=RSASHA1 generated Jul 17 2008 10:36:52
-example.de. 3600 IN DNSKEY 256 3 5 (
- BQEAAAABnRJdmY7dzRKi93pVkLToV5FK4Ffm8YnY0c6IHKcAmb5t8FLv
- pNijniIclCPXTpfio+HNa59a4UA8jTdJb+kT0w==
- ) ; key id = 35672
-
-; example.de. tag=11867 algo=RSASHA1 generated Jul 17 2008 10:36:52
-example.de. 3600 IN DNSKEY 256 3 5 (
- BQEAAAAByN2rMrazHwh+sNOv8cBef3HUotAQTS9QW4Y5NjNuyYNraJBA
- OqV8KSaGQqIhkh0ZD0oIm2h0JowdyERZVj6ZZQ==
- ) ; key id = 11867
-
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./dsset-example.de. b/contrib/zkt/examples/hierarchical/de./example.de./dsset-example.de.
deleted file mode 100644
index a2cb04a3..00000000
--- a/contrib/zkt/examples/hierarchical/de./example.de./dsset-example.de.
+++ /dev/null
@@ -1,6 +0,0 @@
-example.de. IN DS 17567 5 1 D2AE03CF2A76AA0A28AE8593B3D96E497C6508E5
-example.de. IN DS 17567 5 2 A9F2D82927721257F7C4325B402F664BBFE58780A786BB7B7188A0DB FD5D7008
-example.de. IN DS 41145 5 1 8F18A5F2A59AEF518DBA5A0CD0F0E259DD0F8C05
-example.de. IN DS 41145 5 2 BA5A78FB98E5A38554B4D73B32F15C4794AEE9E25934B3696B999451 A534102A
-example.de. IN DS 59244 5 1 56F34A865AFA3A183D3C008490B94CB1D238BB9A
-example.de. IN DS 59244 5 2 08C1BFC17C4634BE4A03A297D65E44CC8EB375B4027534541B7E0596 5E985313
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./keyset-example.de. b/contrib/zkt/examples/hierarchical/de./example.de./keyset-example.de.
deleted file mode 100644
index 2b40c68f..00000000
--- a/contrib/zkt/examples/hierarchical/de./example.de./keyset-example.de.
+++ /dev/null
@@ -1,28 +0,0 @@
-$ORIGIN .
-example.de 7200 IN DNSKEY 257 3 5 (
- BQEAAAABDfaBERX9p+FUi1OXYVig7zLCQFZo
- RYpwDDuLzBcC7k+G1+wWdftyA1vBm5HMpyq0
- OifT0Hsez4+H+0CIWHZP8oPCYfKrq+wM2EgM
- zDDOYv+O1TQU4i3G+iONxB1RAwH/J2lA+U0z
- Cbrdf0KLq/enNquchhPw4gCX0RB9HC+TkpoP
- f2u7aKFcjlpw4C4uhDl1s6FpfdXe6NQWW6c+
- ONUcLAEt+w==
- ) ; key id = 59244
- 7200 IN DNSKEY 257 3 5 (
- BQEAAAABDrm5aXRPuZOmwT4nINnY2qXyXWLt
- utggFAJgBW5Ua7uzAR+7r/DcOE7IfjnT5FQh
- bYXIuKy61uOEqPu1TYvDsGb1pseKSB4J0jmX
- DU9Ntu9TDp6X6ZXE11+cFdATa4TPnsAUMSxV
- kLZanrbyACmcNr1gjT3dz6qIVBVPb5OnUldn
- dbgtlOX3wcE0aR/MIsIjz1UQl/QoxbVclZVO
- UNdJQGb9zQ==
- ) ; key id = 41145
- 7200 IN DNSKEY 385 3 5 (
- BQEAAAABCyg92L7v21N3lc/gR07/2iLmvt6d
- Un1KKauLvmkRuT040XT+Rd3Iq20iq6BqVPsP
- S+hCOTRA3xikTIn5YzmPLPutIRtjIodHhsrM
- L4D9Pp1dzgEDKWLam96v+E7KC0GGH/BI6/We
- lqeqjS5BjI4Gjv4roaTyDCi63oXwcMFDVwrS
- jws4A/5AGANka41Aky+UCGse6+64YmNP/QkS
- XDAeBZqwrw==
- ) ; key id = 17567
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./keyset-sub.example.de. b/contrib/zkt/examples/hierarchical/de./example.de./keyset-sub.example.de.
deleted file mode 100644
index 04ed33aa..00000000
--- a/contrib/zkt/examples/hierarchical/de./example.de./keyset-sub.example.de.
+++ /dev/null
@@ -1,8 +0,0 @@
-$ORIGIN .
-sub.example.de 7200 IN DNSKEY 257 3 5 (
- BQEAAAABpL4/T8z6mCbTm46Y9+KJOgCAk+dG
- HBoyg75N1f0lwYSZOLyyyOLWwDxlsfkb5Wwv
- Z1ZG6NFmg/3o5N3Zd7TEkkvHZafRMrzHFicd
- IMSvjmOWVBR0GsEb+reREu5X0sdZbqOuxT6C
- kKoTXRpRZgU9ouus6W5bSWQAfdQIegTBBKk=
- ) ; key id = 40998
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+19793.key b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+19793.key
deleted file mode 100644
index 6b6aca17..00000000
--- a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+19793.key
+++ /dev/null
@@ -1,3 +0,0 @@
-;% generationtime=20080729104405
-;% lifetime=2d
-sub.example.de. IN DNSKEY 256 3 1 BQEAAAABny2+yO3erGn/4hCJyG031zbeZa91KPPsQRfqgx3eNgyaQjfD 7NTKuAfJjbSTbHnvXF008duYET+UU9+hS01RIw==
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+19793.private b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+19793.private
deleted file mode 100644
index 23776358..00000000
--- a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+19793.private
+++ /dev/null
@@ -1,10 +0,0 @@
-Private-key-format: v1.2
-Algorithm: 1 (RSA)
-Modulus: ny2+yO3erGn/4hCJyG031zbeZa91KPPsQRfqgx3eNgyaQjfD7NTKuAfJjbSTbHnvXF008duYET+UU9+hS01RIw==
-PublicExponent: AQAAAAE=
-PrivateExponent: njIKbIVXtg54r7CRULxKaNXpW0BUus3VYh/JBkMgd+runwCUtXUccG14jHrZ/H2M6Yx46EIYxebzoi0rStisAQ==
-Prime1: zsU5EgehqDuowoV/yRkMTDa/b3unK6hUy4AnqCpumtE=
-Prime2: xRPHnd4KuW4H4SueCLf3oduoTfOp6pl6cKdJyjooQbM=
-Exponent1: WbbHa11huZfttfhiiocYX0zKzy+2hTHb8vXBJ27mIcE=
-Exponent2: JrXRbJt0aQuZ7PEcBuYpcLp0d4WZFD0htANku1j9xHc=
-Coefficient: y0cK7SB3Usly0yku3wY50DpxX0k+qPu8HztqHeGCXpg=
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+51977.depreciated b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+51977.depreciated
deleted file mode 100644
index 934f6302..00000000
--- a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+51977.depreciated
+++ /dev/null
@@ -1,10 +0,0 @@
-Private-key-format: v1.2
-Algorithm: 1 (RSA)
-Modulus: rPRVqWxFqCoVRrtQ8XYrbeogdBKBvEus359hPgFqYdGHvR1Kkyl8EhioksP/Tze5cGBHTSFCjIh+lGMPEssJCQ==
-PublicExponent: AQAAAAE=
-PrivateExponent: OGFXm5oxuztSyLrcmyhrWs14NTOKh745RZMjIUVyoem0SLRjkJWdqGlPnMsR+lmyVieKx6OhFTOZnbjRaeu2AQ==
-Prime1: 1epbg5Yr1USYkwGu9zV7AXpB74Wfu7I3WDzPabBFQ+k=
-Prime2: zvsD4Q/+PCmzXiRwsSlwZwtwpcSump1fuIve+REOCCE=
-Exponent1: kMpHQJed0XNHcNZ2hcEZ1/yG3Ex4MZbdJ9DsK2Rgosk=
-Exponent2: LEK4vqbV5lWlccULSqR0puA/1lFWmvRbS0yu7qp4OGE=
-Coefficient: gXEyODoVUSbHQP2mar5cwP3BDdi1LwDYVvdvKYEPIrw=
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+51977.key b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+51977.key
deleted file mode 100644
index 2c662a9a..00000000
--- a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+51977.key
+++ /dev/null
@@ -1,3 +0,0 @@
-;% generationtime=20080726213646
-;% lifetime=2d
-sub.example.de. IN DNSKEY 256 3 1 BQEAAAABrPRVqWxFqCoVRrtQ8XYrbeogdBKBvEus359hPgFqYdGHvR1K kyl8EhioksP/Tze5cGBHTSFCjIh+lGMPEssJCQ==
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+55699.key b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+55699.key
deleted file mode 100644
index 3a0fcec0..00000000
--- a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+55699.key
+++ /dev/null
@@ -1,3 +0,0 @@
-;% generationtime=20080731111645
-;% lifetime=2d
-sub.example.de. IN DNSKEY 256 3 1 BQEAAAABwutYROLC3W5wyq8jZEN7Fjgn2bLMoUAVJoteHeTZgfc11ekm /T+TEsR0L1Eazfc/MP+8X0OzdEl97NGOPtmT9w==
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+55699.published b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+55699.published
deleted file mode 100644
index b45db1f0..00000000
--- a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+55699.published
+++ /dev/null
@@ -1,10 +0,0 @@
-Private-key-format: v1.2
-Algorithm: 1 (RSA)
-Modulus: wutYROLC3W5wyq8jZEN7Fjgn2bLMoUAVJoteHeTZgfc11ekm/T+TEsR0L1Eazfc/MP+8X0OzdEl97NGOPtmT9w==
-PublicExponent: AQAAAAE=
-PrivateExponent: f7ufWzg6L93T6LUD9P4Enjv0YvfQoIAJwO3OLdaMTuvz7ehqy+FWuAzy4fQwBxr768pDWv/EZqpqPuDIifUCUQ==
-Prime1: 50l7b5UFq5ejhH7Y/ZTA03M0JMZiIQDrpJdWL89sn6M=
-Prime2: 178TrVx2Of4cF18K9sbgdrbQCL82IotrErwo5YAsb50=
-Exponent1: Gs/D3DZdG7gy9INcfyIBH8pOHkcITjxJQbEJotYtp48=
-Exponent2: xVkRB61kvgdvwcowk4UnL6FqBPi5p9Jk1AlNteSksMU=
-Coefficient: Z9dHWKQ4b7QgZt5kzJNs4gW4iZPvD2pdm31V0jEbPoA=
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./dlvset-sub.example.de. b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./dlvset-sub.example.de.
deleted file mode 100644
index c392b9a2..00000000
--- a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./dlvset-sub.example.de.
+++ /dev/null
@@ -1,2 +0,0 @@
-sub.example.de.dlv.trusted-keys.net. IN DLV 40998 5 1 1414E9C46F367D787EEF2EC91E1FC66DD087AEAE
-sub.example.de.dlv.trusted-keys.net. IN DLV 40998 5 2 6FE53984AB75C31A06778E9944F8CDB4790527D36BBD08CC1E90DA7A E32EEE5F
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./dnskey.db b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./dnskey.db
deleted file mode 100644
index e922c186..00000000
--- a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./dnskey.db
+++ /dev/null
@@ -1,35 +0,0 @@
-;
-; !!! Don't edit this file by hand.
-; !!! It will be generated by dnssec-signer.
-;
-; Last generation time Jul 31 2008 13:16:45
-;
-
-; *** List of Key Signing Keys ***
-; sub.example.de. tag=40998 algo=RSASHA1 generated Jul 27 2008 00:17:46
-sub.example.de. 3600 IN DNSKEY 257 3 5 (
- BQEAAAABpL4/T8z6mCbTm46Y9+KJOgCAk+dGHBoyg75N1f0lwYSZOLyy
- yOLWwDxlsfkb5WwvZ1ZG6NFmg/3o5N3Zd7TEkkvHZafRMrzHFicdIMSv
- jmOWVBR0GsEb+reREu5X0sdZbqOuxT6CkKoTXRpRZgU9ouus6W5bSWQA
- fdQIegTBBKk=
- ) ; key id = 40998
-
-; *** List of Zone Signing Keys ***
-; sub.example.de. tag=51977 algo=RSAMD5 generated Jul 29 2008 12:44:04
-sub.example.de. 3600 IN DNSKEY 256 3 1 (
- BQEAAAABrPRVqWxFqCoVRrtQ8XYrbeogdBKBvEus359hPgFqYdGHvR1K
- kyl8EhioksP/Tze5cGBHTSFCjIh+lGMPEssJCQ==
- ) ; key id = 51977
-
-; sub.example.de. tag=19793 algo=RSAMD5 generated Jul 29 2008 12:44:05
-sub.example.de. 3600 IN DNSKEY 256 3 1 (
- BQEAAAABny2+yO3erGn/4hCJyG031zbeZa91KPPsQRfqgx3eNgyaQjfD
- 7NTKuAfJjbSTbHnvXF008duYET+UU9+hS01RIw==
- ) ; key id = 19793
-
-; sub.example.de. tag=55699 algo=RSAMD5 generated Jul 31 2008 13:16:45
-sub.example.de. 3600 IN DNSKEY 256 3 1 (
- BQEAAAABwutYROLC3W5wyq8jZEN7Fjgn2bLMoUAVJoteHeTZgfc11ekm
- /T+TEsR0L1Eazfc/MP+8X0OzdEl97NGOPtmT9w==
- ) ; key id = 55699
-
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./dsset-sub.example.de. b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./dsset-sub.example.de.
deleted file mode 100644
index b8ec77b3..00000000
--- a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./dsset-sub.example.de.
+++ /dev/null
@@ -1,2 +0,0 @@
-sub.example.de. IN DS 40998 5 1 1414E9C46F367D787EEF2EC91E1FC66DD087AEAE
-sub.example.de. IN DS 40998 5 2 6FE53984AB75C31A06778E9944F8CDB4790527D36BBD08CC1E90DA7A E32EEE5F
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./keyset-sub.example.de. b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./keyset-sub.example.de.
deleted file mode 100644
index 04ed33aa..00000000
--- a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./keyset-sub.example.de.
+++ /dev/null
@@ -1,8 +0,0 @@
-$ORIGIN .
-sub.example.de 7200 IN DNSKEY 257 3 5 (
- BQEAAAABpL4/T8z6mCbTm46Y9+KJOgCAk+dG
- HBoyg75N1f0lwYSZOLyyyOLWwDxlsfkb5Wwv
- Z1ZG6NFmg/3o5N3Zd7TEkkvHZafRMrzHFicd
- IMSvjmOWVBR0GsEb+reREu5X0sdZbqOuxT6C
- kKoTXRpRZgU9ouus6W5bSWQAfdQIegTBBKk=
- ) ; key id = 40998
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./zone.db.signed b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./zone.db.signed
deleted file mode 100644
index d607de5f..00000000
--- a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./zone.db.signed
+++ /dev/null
@@ -1,108 +0,0 @@
-; File written on Thu Jul 31 13:16:45 2008
-; dnssec_signzone version 9.5.1b1
-sub.example.de. 7200 IN SOA ns1.example.de. hostmaster.example.de. (
- 2008073101 ; serial
- 86400 ; refresh (1 day)
- 1800 ; retry (30 minutes)
- 1209600 ; expire (2 weeks)
- 7200 ; minimum (2 hours)
- )
- 7200 RRSIG SOA 1 3 7200 20080802100259 (
- 20080731101645 19793 sub.example.de.
- d/lRqmf+AWENEHoKbG+ABspEFH0UEHsyue0o
- DPPUzkAw/gZcHcwoCuf4AsbUYHz1HKyHjeUz
- g2+AsH8mPZKGvg== )
- 7200 NS ns1.example.de.
- 7200 RRSIG NS 1 3 7200 20080802095409 (
- 20080731101645 19793 sub.example.de.
- VoXeajFhxMQjwVXspcxBN/lfM1R6hc1fIVdV
- HjWlw0RSeCL7fBOY54HOIWcu6jHegMrjuB9y
- KTOgEwv3r8kOiw== )
- 7200 NSEC a.sub.example.de. NS SOA RRSIG NSEC DNSKEY
- 7200 RRSIG NSEC 1 3 7200 20080802095639 (
- 20080731101645 19793 sub.example.de.
- cmhtmISCv2bbpBkgwyMuKNnlrNsJ3GViYUxT
- lhQ8ASHjNH74mIuenBIGy+w3RxyDzoMk1w6Y
- J0qpEvDF3FNvRQ== )
- 3600 DNSKEY 256 3 1 (
- BQEAAAABny2+yO3erGn/4hCJyG031zbeZa91
- KPPsQRfqgx3eNgyaQjfD7NTKuAfJjbSTbHnv
- XF008duYET+UU9+hS01RIw==
- ) ; key id = 19793
- 3600 DNSKEY 256 3 1 (
- BQEAAAABrPRVqWxFqCoVRrtQ8XYrbeogdBKB
- vEus359hPgFqYdGHvR1Kkyl8EhioksP/Tze5
- cGBHTSFCjIh+lGMPEssJCQ==
- ) ; key id = 51977
- 3600 DNSKEY 256 3 1 (
- BQEAAAABwutYROLC3W5wyq8jZEN7Fjgn2bLM
- oUAVJoteHeTZgfc11ekm/T+TEsR0L1Eazfc/
- MP+8X0OzdEl97NGOPtmT9w==
- ) ; key id = 55699
- 3600 DNSKEY 257 3 5 (
- BQEAAAABpL4/T8z6mCbTm46Y9+KJOgCAk+dG
- HBoyg75N1f0lwYSZOLyyyOLWwDxlsfkb5Wwv
- Z1ZG6NFmg/3o5N3Zd7TEkkvHZafRMrzHFicd
- IMSvjmOWVBR0GsEb+reREu5X0sdZbqOuxT6C
- kKoTXRpRZgU9ouus6W5bSWQAfdQIegTBBKk=
- ) ; key id = 40998
- 3600 RRSIG DNSKEY 1 3 3600 20080802100935 (
- 20080731101645 19793 sub.example.de.
- WU1UIuqpuCLRe/46p4u2eqEvKrfsBvKpzKmx
- TLG2AX+AOxWhRH5CqZ1zDiKUd+Xu6ekGxB/g
- ZOu0rsPqvux2PA== )
- 3600 RRSIG DNSKEY 5 3 3600 20080802100334 (
- 20080731101645 40998 sub.example.de.
- WW23Oq06HTSt5R/4Ds/nOl1n0Egsbf4bztB8
- MZQAv6khorlDzmy3B4WPG1f79yuc26Zb6/Z9
- QxNH0s68kp3X/eBR7FTEfHehsKaoRtaxldhz
- V0VjOKI2iu4mhA6n/P0bAEhfxFxxde5tymP/
- Od6//GN4UmNi9LCwWtLbGnF4Gpc= )
-a.sub.example.de. 7200 IN A 1.2.3.4
- 7200 RRSIG A 1 4 7200 20080802095159 (
- 20080731101645 19793 sub.example.de.
- LxVthdAkEiBec6khr63+rufhSwtByBNvff8e
- HEG/m+yusTBVqVoUp987aabxqaeW5v6f4GaB
- 4iK4mspVH4Md7A== )
- 7200 NSEC b.sub.example.de. A RRSIG NSEC
- 7200 RRSIG NSEC 1 4 7200 20080802100843 (
- 20080731101645 19793 sub.example.de.
- HEqR2LChtQD2AeGCBhCsCemP3kjwAGi3RIXu
- UpklHVo44Yu+JINnO/jxZ61CtlvBaZ25dpjt
- 4ldl+d6z3bs4pQ== )
-b.sub.example.de. 7200 IN A 1.2.3.5
- 7200 RRSIG A 1 4 7200 20080802095415 (
- 20080731101645 19793 sub.example.de.
- eLTaD1maS++Py3rybVftMtz0V8QnJenAH6tQ
- PIcoZElIaLt8DGfwJYPmIPJlhwNlyqJH7d2A
- SDEWBEFsFCnMkg== )
- 7200 NSEC c.sub.example.de. A RRSIG NSEC
- 7200 RRSIG NSEC 1 4 7200 20080802094836 (
- 20080731101645 19793 sub.example.de.
- nHvo1ValqHljlwCiPI51hdl0lnd5WiDIHbo7
- MMxxZrYLNAP9ECK5DCzht9UrEGgIpI/MAvsU
- 7S7eIlt0jBSehg== )
-c.sub.example.de. 7200 IN A 1.2.3.6
- 7200 RRSIG A 1 4 7200 20080802095037 (
- 20080731101645 19793 sub.example.de.
- eVluthAz6YLAJWSaroRGuf5IsjhHoLz60Ot9
- 1KTnw9zAFU16H6vuQ/TIH7ZzHOT0CgdwawF5
- V0L4MAkK76H00w== )
- 7200 NSEC localhost.sub.example.de. A RRSIG NSEC
- 7200 RRSIG NSEC 1 4 7200 20080802100135 (
- 20080731101645 19793 sub.example.de.
- KRTIiVJPkQayfB8k6sIWyZPm6fqQAZbs8BQ4
- jz/EGrHj3oFPRULUpLMKUdLFAp0kU0qRqCwl
- Ull//CFV9J272A== )
-localhost.sub.example.de. 7200 IN A 127.0.0.1
- 7200 RRSIG A 1 4 7200 20080802095833 (
- 20080731101645 19793 sub.example.de.
- fXGLRIRCvK/Q9D+dQTia3HUe1xlVBwBL1vcY
- wRWdvNQgXQnOkpGtcb9fjKXkPz34SirmyESh
- 8kYWUvV1kghBzA== )
- 7200 NSEC sub.example.de. A RRSIG NSEC
- 7200 RRSIG NSEC 1 4 7200 20080802101452 (
- 20080731101645 19793 sub.example.de.
- EqI9jcbxtroVBCVrCLWezzcxNvwm2xl/1nCt
- 6Nogs3WvBPpMExUX2tWvpJMV14vpFSW2qWQK
- UoFq9NHsH2WSDw== )
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./zone.db.signed b/contrib/zkt/examples/hierarchical/de./example.de./zone.db.signed
deleted file mode 100644
index 4b9b3dc7..00000000
--- a/contrib/zkt/examples/hierarchical/de./example.de./zone.db.signed
+++ /dev/null
@@ -1,147 +0,0 @@
-; File written on Tue Jul 29 12:44:06 2008
-; dnssec_signzone version 9.5.1b1
-example.de. 7200 IN SOA ns1.example.de. hostmaster.example.de. (
- 258 ; serial
- 43200 ; refresh (12 hours)
- 1800 ; retry (30 minutes)
- 1209600 ; expire (2 weeks)
- 7200 ; minimum (2 hours)
- )
- 7200 RRSIG SOA 5 2 7200 20080808092956 (
- 20080729094406 35672 example.de.
- UufM9vATUwvqXJjvgt9WGAytmMhd7Pz/3DK0
- 6a9uReXHcU4NcO0BhTP9chwXAQC5pI2ucRxs
- /4p/Vc/L91wUMA== )
- 7200 NS ns1.example.de.
- 7200 NS ns2.example.de.
- 7200 RRSIG NS 5 2 7200 20080808091515 (
- 20080729094406 35672 example.de.
- hpHATL81t7GASSKPPBuheQqBqXU688itETkN
- QYfy/OwcE/7g+LvS1oHEBRds6neRkXxUpDa1
- hsdbbCDo6UuHSg== )
- 7200 NSEC localhost.example.de. NS SOA RRSIG NSEC DNSKEY
- 7200 RRSIG NSEC 5 2 7200 20080808092007 (
- 20080729094406 35672 example.de.
- aN9cYobVe+qJ5Gw0GPMQI3V7vPQaF7cBuX6T
- +yWZ/TAHhKcJYqbwOQH2XQar2s+JwckEMSdI
- HFPySUOtQaNNxA== )
- 3600 DNSKEY 256 3 5 (
- BQEAAAABnRJdmY7dzRKi93pVkLToV5FK4Ffm
- 8YnY0c6IHKcAmb5t8FLvpNijniIclCPXTpfi
- o+HNa59a4UA8jTdJb+kT0w==
- ) ; key id = 35672
- 3600 DNSKEY 256 3 5 (
- BQEAAAAByN2rMrazHwh+sNOv8cBef3HUotAQ
- TS9QW4Y5NjNuyYNraJBAOqV8KSaGQqIhkh0Z
- D0oIm2h0JowdyERZVj6ZZQ==
- ) ; key id = 11867
- 3600 DNSKEY 257 3 5 (
- BQEAAAABDfaBERX9p+FUi1OXYVig7zLCQFZo
- RYpwDDuLzBcC7k+G1+wWdftyA1vBm5HMpyq0
- OifT0Hsez4+H+0CIWHZP8oPCYfKrq+wM2EgM
- zDDOYv+O1TQU4i3G+iONxB1RAwH/J2lA+U0z
- Cbrdf0KLq/enNquchhPw4gCX0RB9HC+TkpoP
- f2u7aKFcjlpw4C4uhDl1s6FpfdXe6NQWW6c+
- ONUcLAEt+w==
- ) ; key id = 59244
- 3600 DNSKEY 257 3 5 (
- BQEAAAABDrm5aXRPuZOmwT4nINnY2qXyXWLt
- utggFAJgBW5Ua7uzAR+7r/DcOE7IfjnT5FQh
- bYXIuKy61uOEqPu1TYvDsGb1pseKSB4J0jmX
- DU9Ntu9TDp6X6ZXE11+cFdATa4TPnsAUMSxV
- kLZanrbyACmcNr1gjT3dz6qIVBVPb5OnUldn
- dbgtlOX3wcE0aR/MIsIjz1UQl/QoxbVclZVO
- UNdJQGb9zQ==
- ) ; key id = 41145
- 3600 DNSKEY 385 3 5 (
- BQEAAAABCyg92L7v21N3lc/gR07/2iLmvt6d
- Un1KKauLvmkRuT040XT+Rd3Iq20iq6BqVPsP
- S+hCOTRA3xikTIn5YzmPLPutIRtjIodHhsrM
- L4D9Pp1dzgEDKWLam96v+E7KC0GGH/BI6/We
- lqeqjS5BjI4Gjv4roaTyDCi63oXwcMFDVwrS
- jws4A/5AGANka41Aky+UCGse6+64YmNP/QkS
- XDAeBZqwrw==
- ) ; key id = 17567
- 3600 RRSIG DNSKEY 5 2 3600 20080808092214 (
- 20080729094406 41145 example.de.
- BMVp5vW7MgvrhoGfqQhdwGg1mBHNw4xnI+YX
- XMYqOAMMRmFg7G6Vn+UcFmUoL1AdUKIdXPp7
- t30UREHQspELWmnLVdJ36HRmzk1eNgwLFuUM
- l+Lr+KeoufJ2QlF4TWeItozv0pgmkxaOr0Im
- fzRmWKs84rwautwY+R/b5wrCMfZt96/JPGA0
- 4JWDls1wJ7iR0LtiJxe7mvtNRZ5krPFKXBRz
- nA== )
- 3600 RRSIG DNSKEY 5 2 3600 20080808092411 (
- 20080729094406 17567 example.de.
- BmHQcJsmGmt7HZHqWPAHQuelDrWXASUy7tgc
- W4RVIed4voZiHyvxfTPR3cldIWpdP2RqxMm8
- Dj5hlYRqnVt3phSSnwpczcPkfQD4meTqK0DJ
- kpX/mBCMHedfvATKf82A9wri13/Zi97N6sTK
- 4VZZIWaUH/YDYyMwxgK70+jU0m2N8Iebm3s6
- RshTMxAZjiSH29mgow/HSHtf+cnaTUGAr83P
- ug== )
- 3600 RRSIG DNSKEY 5 2 3600 20080808093317 (
- 20080729094406 35672 example.de.
- Q5UnfDMbzApCl/wOy9IDna25UVvjKhuV/dos
- hFKPUArM4wDx9kJU5tc1Eatwh4MAXPM81kNW
- 6DbiKMXJpO7biQ== )
-localhost.example.de. 7200 IN A 127.0.0.1
- 7200 RRSIG A 5 3 7200 20080808092724 (
- 20080729094406 35672 example.de.
- JW8ScAtavvTR0fHI/ZDZTgARHSXM/QcLT+w6
- dl6kaeR/9JqxTKpKnH6mtYYdfqom4siJnZCI
- D66sltGHW/er+Q== )
- 7200 NSEC ns1.example.de. A RRSIG NSEC
- 7200 RRSIG NSEC 5 3 7200 20080808094047 (
- 20080729094406 35672 example.de.
- XsTqHahVRcPPyrdffkdyBj0BFlTx2vkmfrvY
- IIQcaNiUxrgZfyDBQ1GZbL4tDGK/ujValdz9
- s2s+6ISxxobC3A== )
-ns1.example.de. 7200 IN A 1.0.0.5
- 7200 RRSIG A 5 3 7200 20080808091743 (
- 20080729094406 35672 example.de.
- ljYOmOC9r3RlsohXrHt40sIQuF98JSkRSFHb
- xKlcToqEVSgxAKkMlwPKBQPaHtRdQhIVkxly
- OpCYxAQSguB/MA== )
- 7200 AAAA 2001:db8::53
- 7200 RRSIG AAAA 5 3 7200 20080808094144 (
- 20080729094406 35672 example.de.
- nNchBWvoPtgRNxaz9bmFwvv/KtgloYq1SGti
- 59yQFFm6ixY0p0l0d+U5nnwgI1iS5h0JGYqI
- 0mOu0mNbxtt9gQ== )
- 7200 NSEC ns2.example.de. A AAAA RRSIG NSEC
- 7200 RRSIG NSEC 5 3 7200 20080808092537 (
- 20080729094406 35672 example.de.
- MgnxPyKHMqQXnmfjh5ffr0FRvgRyl7D56phx
- xKzTquSXDECP5ORpDxvybixbvHvM8R59LjYH
- 1OZ3fi+/kWVAJg== )
-ns2.example.de. 7200 IN A 1.2.0.6
- 7200 RRSIG A 5 3 7200 20080808091624 (
- 20080729094406 35672 example.de.
- MkrwvOLYJQvoNFNeqtLOOmDnVFY0n7qdTOUL
- Ia2stlfOn7r/7f4lKQTE5UMM+SBN2iizV4qc
- SFFUxREAI5UGkQ== )
- 7200 NSEC sub.example.de. A RRSIG NSEC
- 7200 RRSIG NSEC 5 3 7200 20080808094337 (
- 20080729094406 35672 example.de.
- QE8DYRraVloZVQi2RTpYwxEY1P0u3ovHgC58
- AR1NiLtbQ0YCsPJZeIhVSXbdd8qLZzb5gsJ2
- 9AU6m1TfAa5WSw== )
-sub.example.de. 7200 IN NS ns1.example.de.
- 7200 DS 40998 5 1 (
- 1414E9C46F367D787EEF2EC91E1FC66DD087
- AEAE )
- 7200 DS 40998 5 2 (
- 6FE53984AB75C31A06778E9944F8CDB47905
- 27D36BBD08CC1E90DA7AE32EEE5F )
- 7200 RRSIG DS 5 3 7200 20080808092142 (
- 20080729094406 35672 example.de.
- cdyXeVNOD5TBuab8JFkwcf4GiS2n9F4tgct/
- ZedULbikEqO0CyJddPW3wSsNAZeP2tgXJNI8
- H6SutDh0IiR5MA== )
- 7200 NSEC example.de. NS DS RRSIG NSEC
- 7200 RRSIG NSEC 5 3 7200 20080808091754 (
- 20080729094406 35672 example.de.
- jkvn4NznbaH8S5PeWkPf/cHaq19kNav8Y78E
- 3GVQHD3ApcDAMs8gImjRrJMT1lqSB7yCu/5f
- k3CPfTs/+p/8Og== )
diff --git a/contrib/zkt/examples/hierarchical/de./keyset-example.de. b/contrib/zkt/examples/hierarchical/de./keyset-example.de.
deleted file mode 100644
index 2b40c68f..00000000
--- a/contrib/zkt/examples/hierarchical/de./keyset-example.de.
+++ /dev/null
@@ -1,28 +0,0 @@
-$ORIGIN .
-example.de 7200 IN DNSKEY 257 3 5 (
- BQEAAAABDfaBERX9p+FUi1OXYVig7zLCQFZo
- RYpwDDuLzBcC7k+G1+wWdftyA1vBm5HMpyq0
- OifT0Hsez4+H+0CIWHZP8oPCYfKrq+wM2EgM
- zDDOYv+O1TQU4i3G+iONxB1RAwH/J2lA+U0z
- Cbrdf0KLq/enNquchhPw4gCX0RB9HC+TkpoP
- f2u7aKFcjlpw4C4uhDl1s6FpfdXe6NQWW6c+
- ONUcLAEt+w==
- ) ; key id = 59244
- 7200 IN DNSKEY 257 3 5 (
- BQEAAAABDrm5aXRPuZOmwT4nINnY2qXyXWLt
- utggFAJgBW5Ua7uzAR+7r/DcOE7IfjnT5FQh
- bYXIuKy61uOEqPu1TYvDsGb1pseKSB4J0jmX
- DU9Ntu9TDp6X6ZXE11+cFdATa4TPnsAUMSxV
- kLZanrbyACmcNr1gjT3dz6qIVBVPb5OnUldn
- dbgtlOX3wcE0aR/MIsIjz1UQl/QoxbVclZVO
- UNdJQGb9zQ==
- ) ; key id = 41145
- 7200 IN DNSKEY 385 3 5 (
- BQEAAAABCyg92L7v21N3lc/gR07/2iLmvt6d
- Un1KKauLvmkRuT040XT+Rd3Iq20iq6BqVPsP
- S+hCOTRA3xikTIn5YzmPLPutIRtjIodHhsrM
- L4D9Pp1dzgEDKWLam96v+E7KC0GGH/BI6/We
- lqeqjS5BjI4Gjv4roaTyDCi63oXwcMFDVwrS
- jws4A/5AGANka41Aky+UCGse6+64YmNP/QkS
- XDAeBZqwrw==
- ) ; key id = 17567
diff --git a/contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+11327.key b/contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+11327.key
new file mode 100644
index 00000000..554986d5
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+11327.key
@@ -0,0 +1,3 @@
+;% generationtime=20080914221502
+;% lifetime=90d
+example.de. IN DNSKEY 256 3 5 BQEAAAABqbCqCu2ncgLw+0oWWiveBVK3zchYFYUD2lnvJKeq7ATwesuR Npn17Erjz09GhDn9l2J92dAy8m4uofcdFkYKnQ==
diff --git a/contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+11327.private b/contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+11327.private
new file mode 100644
index 00000000..dda12aa8
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+11327.private
@@ -0,0 +1,10 @@
+Private-key-format: v1.2
+Algorithm: 5 (RSASHA1)
+Modulus: qbCqCu2ncgLw+0oWWiveBVK3zchYFYUD2lnvJKeq7ATwesuRNpn17Erjz09GhDn9l2J92dAy8m4uofcdFkYKnQ==
+PublicExponent: AQAAAAE=
+PrivateExponent: h7mIMjyW6H7MpJIYWhTgerkh5pR9LbSJbuA/cKp9AU18blpyk4xOzIYGw0SXBqFezHpF0I6BEzSikgwyF1RDAQ==
+Prime1: 1YdJ1XTzsyvAgEjhutvSA4RSkCyPGsTZ81wxZcifWtE=
+Prime2: y3EofwE/nv2kF6/I2STrb3A8gbsBx5D4/6SiKFuHDg0=
+Exponent1: vjWx9G8qNVnlPPWD9uc/6um1vS2+yvriFV3MIMIZL/E=
+Exponent2: o/Jlw/TZ/IrlSvzNCc+xeF8qpip51onZ6fOFFjQ+QQ==
+Coefficient: K/UescJkRXWQr6FmABrKx3kalg748qkaWqvrY101OeY=
diff --git a/contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+37983.key b/contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+37983.key
new file mode 100644
index 00000000..55364ea6
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+37983.key
@@ -0,0 +1,3 @@
+;% generationtime=20081116180040
+;% lifetime=365d
+example.de. IN DNSKEY 257 3 5 BQEAAAABDOkPawC/tCqSITj6lvzcIPwcMEX+Nvz17GBu85jmigMuvZQU YZBVUmJNNBbCNStlz+Y+1pGg9HbWFvn0tpH/bm4mZPlJmk+WxQhHz7eT m5xhSaSEEzq0uf087tAbaq1yaTpTtA2R7JXIPxt6CuD9Ou5bbYOzrFnB q1VBAYrwB6t/us10+Ab7T6Jvie/W+v4jto1Xx912Z8HHTbU48Mlp1+mU jQ==
diff --git a/contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+37983.published b/contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+37983.published
new file mode 100644
index 00000000..b120c0c6
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+37983.published
@@ -0,0 +1,10 @@
+Private-key-format: v1.2
+Algorithm: 5 (RSASHA1)
+Modulus: DOkPawC/tCqSITj6lvzcIPwcMEX+Nvz17GBu85jmigMuvZQUYZBVUmJNNBbCNStlz+Y+1pGg9HbWFvn0tpH/bm4mZPlJmk+WxQhHz7eTm5xhSaSEEzq0uf087tAbaq1yaTpTtA2R7JXIPxt6CuD9Ou5bbYOzrFnBq1VBAYrwB6t/us10+Ab7T6Jvie/W+v4jto1Xx912Z8HHTbU48Mlp1+mUjQ==
+PublicExponent: AQAAAAE=
+PrivateExponent: AcxmOS9ewHH4UTWVHOSEyONodDImWb5DFyMOUzn3FCkdBEnsOAYTO8/noT3PP0uoMK0s7/BlIReEqsyCVcgQVrTbJszoKlwhHT+XO60i3wPJIWF9u8ouFDnGLkbSRpw6L72uRZy9SdSWUWHdlRayK6T3uJGrcsCLIlzaSue1vXjdUobHMVxQ+mPCFNjSgRWOvTxGcsoXPKx5MjrmAUEnLyQuoQ==
+Prime1: A50KZhIYCkyx48okZHgirDXs0cVYf2OOvLcNKF4AvBBTwoV9+oFfTd+wKy9f+G/FqVBV1s4rv/M7UCpAFJPCqaDkt+EEv5DNnX69RgvwBrHyxQ==
+Prime2: A5KoV2IkWEM9Djm8pZay/fQpM8coQxVutNDb9G4ADMwpwK5ddGifS38jPlHenUKDxSFtfOZBQbyf7ra/lSttpOqSnr/e6s6HHRn5TYfdR9IXKQ==
+Exponent1: eWP9FtwMjnnrsAhQlO7Fbko74gKGRVaygSe4Pd+TGM22dHDZCCoc//IBL+s2Dhezy1l8xiOPVbcxzxHMbqrQhPENi7HihDwiR1WfuSaoIfod
+Exponent2: AweXUxlW7qBg+v2qV5cCZl+gvTBW/1vP7llsoOqbHR69xLklXEV96TlEbKU8hoSnq8ts8qqh4/HFj1d+KRTeHWpseUm0GXdK/k7ZvYfr7KVHUQ==
+Coefficient: AwVZtbgFX0bAOj9J2p48qYAn3EaIuCvzDYoIE3E/m3NZS8UXQ5MK12AFhulRYpWOgZCIWK9fH0MTvtDFk3I5vyFTMhovDBrSWNn/+TJ47CwrBQ==
diff --git a/contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+47280.key b/contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+47280.key
new file mode 100644
index 00000000..cf983b69
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+47280.key
@@ -0,0 +1,3 @@
+;% generationtime=20080914221502
+;% lifetime=365d
+example.de. IN DNSKEY 257 3 5 BQEAAAABDV7kFHqVcWLoSAShdlXU5LKUdyU4LlsJGYMr8oIpjEzvwonR mX5pRiEjVhTwx+vx6eWluv6txXVu+F0g2ykmqUQdMfPYWmD9AJOqvc2t CKVSRePqZ+HeIZR+heBnFKr5kWQmB5XOlMdWNRA3y78s/LufVB8hD7r2 60jrVJ0W6wSMGDjN4zQce8rHCe+LNB1GfaIASkMWjdgxNNAsK9bqDM8E uw==
diff --git a/contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+47280.private b/contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+47280.private
new file mode 100644
index 00000000..fed718b5
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+47280.private
@@ -0,0 +1,10 @@
+Private-key-format: v1.2
+Algorithm: 5 (RSASHA1)
+Modulus: DV7kFHqVcWLoSAShdlXU5LKUdyU4LlsJGYMr8oIpjEzvwonRmX5pRiEjVhTwx+vx6eWluv6txXVu+F0g2ykmqUQdMfPYWmD9AJOqvc2tCKVSRePqZ+HeIZR+heBnFKr5kWQmB5XOlMdWNRA3y78s/LufVB8hD7r260jrVJ0W6wSMGDjN4zQce8rHCe+LNB1GfaIASkMWjdgxNNAsK9bqDM8Euw==
+PublicExponent: AQAAAAE=
+PrivateExponent: CxINUgbVqMf0BnMNYq3aL8ucN4fael2ljQYgDCpcTMfqVuRo+Vo6sMEr3C6Bw8MTHWo2jMxdulyS4tsiMQVVjWUArFL/sfFYLwopjOExcneji6noi8n9dzgslNpo3QAdnKwDGUwj+k7CBzCbLSZ5xpt/eaHcN4l1buQ0tcqShthdh7sNHFX1nAqjsLa7xxCiBsliA6LD/QTAAzcbED0Xw7SJWQ==
+Prime1: A+RY6jx9urFg5GeyRqrAiqqClEzyWgEM4HsJn/oQ38PE6NrPzcG9U95um79u1WwWtXe5xTifInhN40CpxQYH45NFjZEuEvROvkXk5JHV9b5UHw==
+Prime2: A2949khdV+cKgI2EHmRIu7PJUFkBgrMXacwVpGdaN41NpJYFRYW8qoPmKRrw/Fji7GZj0rrro51XT7JNDbC44dX/bGdNa/eWvslPJGfCR4Gb5Q==
+Exponent1: rVHNFnlV2HXIOzi9+2Hit8m7bNXrVXA/DJ3lGCzDL2PzpvQcrL6mMXzaYznP9XaSgyR9M8u+Tdwqq11lHsnWhNLyWKTyAlO5WP3syQD3+0Jp
+Exponent2: ArQCCQS8lPgDvu7LI3q5tanr2nmM2uMzPNud9EPSqAql8iEIgOZDLDsMDZd9QHm2Dicjc2UifTcJgQlc3OACSVYkkxjvHKO7t03KNoZkhceTTQ==
+Coefficient: GUOOUFWtz0iCPZx1ljdxpP3T4hW7Jux1zcfV6PwX+Nx+8KcawXFfNxjsC1+Sla9Txv02Kgqg9Mh3mCNGynimcbkmmOcfyozKOttAD1sheFK0
diff --git a/contrib/zkt/examples/hierarchical/de/example.de/dnskey.db b/contrib/zkt/examples/hierarchical/de/example.de/dnskey.db
new file mode 100644
index 00000000..6fb2c44a
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de/example.de/dnskey.db
@@ -0,0 +1,33 @@
+;
+; !!! Don't edit this file by hand.
+; !!! It will be generated by dnssec-signer.
+;
+; Last generation time Dec 28 2008 23:06:40
+;
+
+; *** List of Key Signing Keys ***
+; example.de. tag=47280 algo=RSASHA1 generated Nov 16 2008 19:00:40
+example.de. 3600 IN DNSKEY 257 3 5 (
+ BQEAAAABDV7kFHqVcWLoSAShdlXU5LKUdyU4LlsJGYMr8oIpjEzvwonR
+ mX5pRiEjVhTwx+vx6eWluv6txXVu+F0g2ykmqUQdMfPYWmD9AJOqvc2t
+ CKVSRePqZ+HeIZR+heBnFKr5kWQmB5XOlMdWNRA3y78s/LufVB8hD7r2
+ 60jrVJ0W6wSMGDjN4zQce8rHCe+LNB1GfaIASkMWjdgxNNAsK9bqDM8E
+ uw==
+ ) ; key id = 47280
+
+; example.de. tag=37983 algo=RSASHA1 generated Nov 16 2008 19:00:40
+example.de. 3600 IN DNSKEY 257 3 5 (
+ BQEAAAABDOkPawC/tCqSITj6lvzcIPwcMEX+Nvz17GBu85jmigMuvZQU
+ YZBVUmJNNBbCNStlz+Y+1pGg9HbWFvn0tpH/bm4mZPlJmk+WxQhHz7eT
+ m5xhSaSEEzq0uf087tAbaq1yaTpTtA2R7JXIPxt6CuD9Ou5bbYOzrFnB
+ q1VBAYrwB6t/us10+Ab7T6Jvie/W+v4jto1Xx912Z8HHTbU48Mlp1+mU
+ jQ==
+ ) ; key id = 37983
+
+; *** List of Zone Signing Keys ***
+; example.de. tag=11327 algo=RSASHA1 generated Nov 16 2008 19:00:40
+example.de. 3600 IN DNSKEY 256 3 5 (
+ BQEAAAABqbCqCu2ncgLw+0oWWiveBVK3zchYFYUD2lnvJKeq7ATwesuR
+ Npn17Erjz09GhDn9l2J92dAy8m4uofcdFkYKnQ==
+ ) ; key id = 11327
+
diff --git a/contrib/zkt/examples/hierarchical/de/example.de/dsset-example.de. b/contrib/zkt/examples/hierarchical/de/example.de/dsset-example.de.
new file mode 100644
index 00000000..86ba183b
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de/example.de/dsset-example.de.
@@ -0,0 +1,4 @@
+example.de. IN DS 37983 5 1 635B486D53D19B16BC4A87366BC2D5626978F4B9
+example.de. IN DS 37983 5 2 5B8412FE443D8F4F77AC4C89FF12289DA88998D864EC68E3E5A4EE2C B192F9DC
+example.de. IN DS 47280 5 1 149C886C8175B220A964D4293EB4FCFAC1650974
+example.de. IN DS 47280 5 2 466E738B6913F7081DE5E17FC3567771618AB1D6CB0A333270A4AC24 7DB14DD0
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+17439.key b/contrib/zkt/examples/hierarchical/de/example.de/kexample.de.+005+17439.key
index 19861178..19861178 100644
--- a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+17439.key
+++ b/contrib/zkt/examples/hierarchical/de/example.de/kexample.de.+005+17439.key
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+17439.private b/contrib/zkt/examples/hierarchical/de/example.de/kexample.de.+005+17439.private
index 62b7ca4c..62b7ca4c 100644
--- a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+17439.private
+++ b/contrib/zkt/examples/hierarchical/de/example.de/kexample.de.+005+17439.private
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+41145.key b/contrib/zkt/examples/hierarchical/de/example.de/kexample.de.+005+41145.key
index 3a636d47..868d2f14 100644
--- a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+41145.key
+++ b/contrib/zkt/examples/hierarchical/de/example.de/kexample.de.+005+41145.key
@@ -1,3 +1,4 @@
;% generationtime=20080608210458
;% lifetime=20d
-example.de. IN DNSKEY 257 3 5 BQEAAAABDrm5aXRPuZOmwT4nINnY2qXyXWLtutggFAJgBW5Ua7uzAR+7 r/DcOE7IfjnT5FQhbYXIuKy61uOEqPu1TYvDsGb1pseKSB4J0jmXDU9N tu9TDp6X6ZXE11+cFdATa4TPnsAUMSxVkLZanrbyACmcNr1gjT3dz6qI VBVPb5OnUldndbgtlOX3wcE0aR/MIsIjz1UQl/QoxbVclZVOUNdJQGb9 zQ==
+;% expirationtime=20080914221502
+example.de. IN DNSKEY 385 3 5 BQEAAAABDrm5aXRPuZOmwT4nINnY2qXyXWLtutggFAJgBW5Ua7uzAR+7 r/DcOE7IfjnT5FQhbYXIuKy61uOEqPu1TYvDsGb1pseKSB4J0jmXDU9N tu9TDp6X6ZXE11+cFdATa4TPnsAUMSxVkLZanrbyACmcNr1gjT3dz6qI VBVPb5OnUldndbgtlOX3wcE0aR/MIsIjz1UQl/QoxbVclZVOUNdJQGb9 zQ==
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+41145.private b/contrib/zkt/examples/hierarchical/de/example.de/kexample.de.+005+41145.private
index b0466be3..b0466be3 100644
--- a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+41145.private
+++ b/contrib/zkt/examples/hierarchical/de/example.de/kexample.de.+005+41145.private
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+59244.key b/contrib/zkt/examples/hierarchical/de/example.de/kexample.de.+005+59244.key
index 35d4c6ab..b1fede64 100644
--- a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+59244.key
+++ b/contrib/zkt/examples/hierarchical/de/example.de/kexample.de.+005+59244.key
@@ -1,3 +1,4 @@
;% generationtime=20080711221000
;% lifetime=20d
-example.de. IN DNSKEY 257 3 5 BQEAAAABDfaBERX9p+FUi1OXYVig7zLCQFZoRYpwDDuLzBcC7k+G1+wW dftyA1vBm5HMpyq0OifT0Hsez4+H+0CIWHZP8oPCYfKrq+wM2EgMzDDO Yv+O1TQU4i3G+iONxB1RAwH/J2lA+U0zCbrdf0KLq/enNquchhPw4gCX 0RB9HC+TkpoPf2u7aKFcjlpw4C4uhDl1s6FpfdXe6NQWW6c+ONUcLAEt +w==
+;% expirationtime=20081116180039
+example.de. IN DNSKEY 385 3 5 BQEAAAABDfaBERX9p+FUi1OXYVig7zLCQFZoRYpwDDuLzBcC7k+G1+wW dftyA1vBm5HMpyq0OifT0Hsez4+H+0CIWHZP8oPCYfKrq+wM2EgMzDDO Yv+O1TQU4i3G+iONxB1RAwH/J2lA+U0zCbrdf0KLq/enNquchhPw4gCX 0RB9HC+TkpoPf2u7aKFcjlpw4C4uhDl1s6FpfdXe6NQWW6c+ONUcLAEt +w==
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+59244.published b/contrib/zkt/examples/hierarchical/de/example.de/kexample.de.+005+59244.private
index b7f28dba..b7f28dba 100644
--- a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+59244.published
+++ b/contrib/zkt/examples/hierarchical/de/example.de/kexample.de.+005+59244.private
diff --git a/contrib/zkt/examples/hierarchical/de/example.de/keyset-example.de. b/contrib/zkt/examples/hierarchical/de/example.de/keyset-example.de.
new file mode 100644
index 00000000..27a14419
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de/example.de/keyset-example.de.
@@ -0,0 +1,19 @@
+$ORIGIN .
+example.de 7200 IN DNSKEY 257 3 5 (
+ BQEAAAABDOkPawC/tCqSITj6lvzcIPwcMEX+
+ Nvz17GBu85jmigMuvZQUYZBVUmJNNBbCNStl
+ z+Y+1pGg9HbWFvn0tpH/bm4mZPlJmk+WxQhH
+ z7eTm5xhSaSEEzq0uf087tAbaq1yaTpTtA2R
+ 7JXIPxt6CuD9Ou5bbYOzrFnBq1VBAYrwB6t/
+ us10+Ab7T6Jvie/W+v4jto1Xx912Z8HHTbU4
+ 8Mlp1+mUjQ==
+ ) ; key id = 37983
+ 7200 IN DNSKEY 257 3 5 (
+ BQEAAAABDV7kFHqVcWLoSAShdlXU5LKUdyU4
+ LlsJGYMr8oIpjEzvwonRmX5pRiEjVhTwx+vx
+ 6eWluv6txXVu+F0g2ykmqUQdMfPYWmD9AJOq
+ vc2tCKVSRePqZ+HeIZR+heBnFKr5kWQmB5XO
+ lMdWNRA3y78s/LufVB8hD7r260jrVJ0W6wSM
+ GDjN4zQce8rHCe+LNB1GfaIASkMWjdgxNNAs
+ K9bqDM8Euw==
+ ) ; key id = 47280
diff --git a/contrib/zkt/examples/hierarchical/de/example.de/keyset-sub.example.de. b/contrib/zkt/examples/hierarchical/de/example.de/keyset-sub.example.de.
new file mode 100644
index 00000000..27cb7b9e
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de/example.de/keyset-sub.example.de.
@@ -0,0 +1,7 @@
+; KSK rollover phase2 (this is the new key)
+sub.example.de. 3600 IN DNSKEY 257 3 5 (
+ BQEAAAABolXOM+J0RdjVTzlptvXKqtwxQQkc7uzNfjzrCL9VNvD4Aayd
+ pGIqeqC05rLCILe62RRgCnQOs62kcUySrxRkmuAkkfONwU5PhXBAjrbl
+ cV1T2xziS0rUBHMtgQlp3da0xOAqZVmBcCJChytISJJmtuh0qryY1Z3n
+ GLv3a4BbGFc=
+ ) ; key id = 56595
diff --git a/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+001+04031.key b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+001+04031.key
new file mode 100644
index 00000000..19151efe
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+001+04031.key
@@ -0,0 +1,3 @@
+;% generationtime=20081228220640
+;% lifetime=2d
+sub.example.de. IN DNSKEY 256 3 1 BQEAAAAB6ULnEaSHOrlAYtx8LDD0KvOoyJE10FHTeLeGsVUxBx+O/HgN cV4elmXG/wGBvDjx4vQsbPO5WDiIoXmDUg+/sQ==
diff --git a/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+001+04031.published b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+001+04031.published
new file mode 100644
index 00000000..ea99d83d
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+001+04031.published
@@ -0,0 +1,10 @@
+Private-key-format: v1.2
+Algorithm: 1 (RSA)
+Modulus: 6ULnEaSHOrlAYtx8LDD0KvOoyJE10FHTeLeGsVUxBx+O/HgNcV4elmXG/wGBvDjx4vQsbPO5WDiIoXmDUg+/sQ==
+PublicExponent: AQAAAAE=
+PrivateExponent: uXBzw9Ow7+rVGZ4XZlUjLoBxRUAdN207E+mvZ+OadkH4f7l3PNYJYVn2hTvTZb8v6vhKc/sOoenMRAMavK2oCQ==
+Prime1: 97fUb9zU6zIQ6P53ykjHwpMriBptXWkqH4LUKrtqAYs=
+Prime2: 8Q9XIHa/vuddNXGbnv1WjhQ+BLULtEHoAor6Zz/AczM=
+Exponent1: lys3DhbjPd0964qLcwyI0qZ5lMviMzFBbB/IOthfYnc=
+Exponent2: 2csu2XGtql2o+T1SXeXc6JtC8prIJ+mJuXa0FapeHBc=
+Coefficient: 0+x8jSWVmxWNuZlQNW0mZBFS5cEgll+u0t17KXdh6nI=
diff --git a/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+001+39146.key b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+001+39146.key
new file mode 100644
index 00000000..16443f99
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+001+39146.key
@@ -0,0 +1,3 @@
+;% generationtime=20081216163027
+;% lifetime=2d
+sub.example.de. IN DNSKEY 256 3 1 BQEAAAAB46KNL8HNsVPnvBw24iONL++CrObjeSZsRLJkmrYa+cWJSqmw 9b7xlpaO+uBE5pkz/9GKXXOH+o/q+dBCoZjqTQ==
diff --git a/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+001+39146.private b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+001+39146.private
new file mode 100644
index 00000000..fe9768c2
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+001+39146.private
@@ -0,0 +1,10 @@
+Private-key-format: v1.2
+Algorithm: 1 (RSA)
+Modulus: 46KNL8HNsVPnvBw24iONL++CrObjeSZsRLJkmrYa+cWJSqmw9b7xlpaO+uBE5pkz/9GKXXOH+o/q+dBCoZjqTQ==
+PublicExponent: AQAAAAE=
+PrivateExponent: pqVDVhiSmZyjz4IM3xFkks4yc4MToD2EWbPKp4j8v4RETHjec3F9YYIMpkGaYoNqkx3+yvWpYPPy4YideIu3wQ==
+Prime1: +1CFbP41B3shnGApkHvZYr3439pvg5KO60ykyewDDUU=
+Prime2: 5+EDE42uEwgwiaPs+n4hXruj+K3ewL7cTY1HS7rPpWk=
+Exponent1: tuWKUuBr0ajPkrvq1OdN0EcuggHhuizHNMl9ApAxBYU=
+Exponent2: CHyQ5qkbFlgzbbfyXvjS6aonXu0vRQXN6xEpDrTAiek=
+Coefficient: i4dbOUlePz8KFhOt0/8FImz2TAd2zZ0hryj4uAQbtUY=
diff --git a/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+001+59924.depreciated b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+001+59924.depreciated
new file mode 100644
index 00000000..08c0368d
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+001+59924.depreciated
@@ -0,0 +1,10 @@
+Private-key-format: v1.2
+Algorithm: 1 (RSA)
+Modulus: mjp7RFegQjGnrXbRQ4uk0Wdxj4+cU4MucX+3xq6Emve8Q/jBeymytqtCmRli/G0ROBlid0KE2rxJ7rDekuoUiw==
+PublicExponent: AQAAAAE=
+PrivateExponent: MPsUwCUqooIUfhCOmRxnn6ZhxzH+CpJOfJ1K0njPwjaQKm8ACnVpM7Fr3mv5b9m0TXNn3jpfQgD+mHzopnR8gQ==
+Prime1: y24Ur3BJ40hhvFGqAPXaUEJcrEZIy4aCq2TxRSfFWs8=
+Prime2: whV4QY7Syoe/CDglpRb/X1ZROUYNLo1y+uXMoSNtaYU=
+Exponent1: DQywtacomS2IXan7sOtmkcWxxe7P6jTtI5KjlN4IhD0=
+Exponent2: N/KfPaxytWiti6+d2E9B00TCwndDQq/vnJ2iYGdNp9k=
+Coefficient: Lp80HvUH/WDwsH1akU1UWbN2n4m3g/hLtihVVuzf0s0=
diff --git a/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+001+59924.key b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+001+59924.key
new file mode 100644
index 00000000..d5ded3a0
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+001+59924.key
@@ -0,0 +1,3 @@
+;% generationtime=20081120072448
+;% lifetime=2d
+sub.example.de. IN DNSKEY 256 3 1 BQEAAAABmjp7RFegQjGnrXbRQ4uk0Wdxj4+cU4MucX+3xq6Emve8Q/jB eymytqtCmRli/G0ROBlid0KE2rxJ7rDekuoUiw==
diff --git a/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+31785.key b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+31785.key
new file mode 100644
index 00000000..1ff71b83
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+31785.key
@@ -0,0 +1,3 @@
+;% generationtime=20081216163213
+;% lifetime=5d
+sub.example.de. IN DNSKEY 257 3 5 BQEAAAABvFi0FuW1hnSuYpaWPBhN7/hQo59igc30zlVBFugkWd9wjsxX T5mNmmg8pceNgOgV4+0bHBgQlAkC0I605MlTdljra6dLBsxIneJxfWEE J9LOQPPbnEPAJrEQzqtt5crVc687oyWYg9UGZBconBIAeefO2h19hVji qj6JGXl48/0=
diff --git a/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+31785.private b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+31785.private
new file mode 100644
index 00000000..2bf7a995
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+31785.private
@@ -0,0 +1,10 @@
+Private-key-format: v1.2
+Algorithm: 5 (RSASHA1)
+Modulus: vFi0FuW1hnSuYpaWPBhN7/hQo59igc30zlVBFugkWd9wjsxXT5mNmmg8pceNgOgV4+0bHBgQlAkC0I605MlTdljra6dLBsxIneJxfWEEJ9LOQPPbnEPAJrEQzqtt5crVc687oyWYg9UGZBconBIAeefO2h19hVjiqj6JGXl48/0=
+PublicExponent: AQAAAAE=
+PrivateExponent: BKxnBi6a/3ziyfbN1FifPRo0QzGrQaZsVmJK3KF5keyYTRbImsVEFuYyc2sD7YZdACRvX1MIFoxMiORhxXlU7rrawQHtGXHHFIdBCE+/GINg9NtAijz/I8LCFexsttRGUESyXQjx0QCOr2j/qGpLU2jDspoQnOuAJNABDQeXtNk=
+Prime1: 8ta4x0uQsfcfBqvGUoX4Ngtr/zWExLRDY+THy9DV7aKNw7UBvOnPjL7NQD4RTHRp52buZbh33XDB2ujA6lV/Yw==
+Prime2: xo3tGYInbtnFZe6/Itwz+uihogLj5lWpn+e1VT6aa2SdSES53MrVnu7+Swsv7KAZHGnT99pLjwaTsNvo1MeNHw==
+Exponent1: 6ALwJf4uypQi4g+zXXfnhNnkU6xHhG8MolwpE2UlfJ02GovKsgWbxNnoqdQyGeOMhSeHaj1Fzyca0TmJqx0oQQ==
+Exponent2: iA6ciyRLclAnq3HMo1uul8ssrtyRF4FhfFJ+/nhSvqYX6uvcUH3HqV4Tarq0Irf79jq+wwEUKmG6VLP6wMnwRQ==
+Coefficient: Z7PYXTT7y8EHoHTBE1ioOegzTgJ3gNnb6Pd4atgsyANeFxbUPukgr/rf4ahkipp+r6RcjBm4yJtEp0kSlJnhCw==
diff --git a/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+40956.key b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+40956.key
new file mode 100644
index 00000000..34d554cf
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+40956.key
@@ -0,0 +1,3 @@
+;% generationtime=20081002230219
+;% lifetime=5d
+sub.example.de. IN DNSKEY 257 3 5 BQEAAAAB1c44bXfWMzPJQ0k35Gz0euAPGkw48XBb+ECUiiiI5wklFOjg CyN1Yr9j1QYsvsYvyVxF4uMSbQ4p0JDyYwtxwVG3EACUK6vUsvTidHO/ zxIflx5YGrB6ENTJcztRsp40EO1wBOmBgeX+aCC07zpu3SuKxzaiwTnU ISRyLtFdi10=
diff --git a/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+40956.private b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+40956.private
new file mode 100644
index 00000000..bcb0e163
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+40956.private
@@ -0,0 +1,10 @@
+Private-key-format: v1.2
+Algorithm: 5 (RSASHA1)
+Modulus: 1c44bXfWMzPJQ0k35Gz0euAPGkw48XBb+ECUiiiI5wklFOjgCyN1Yr9j1QYsvsYvyVxF4uMSbQ4p0JDyYwtxwVG3EACUK6vUsvTidHO/zxIflx5YGrB6ENTJcztRsp40EO1wBOmBgeX+aCC07zpu3SuKxzaiwTnUISRyLtFdi10=
+PublicExponent: AQAAAAE=
+PrivateExponent: esuIKav5AkrTaOu06kDZnh1+fL3BRkH6D6IZBBZxmidd6zwEvTR9dQ8kkoDSY0WTZxZDKYOJtWha5jrDnLaqKvPizEnfxs7P4yCe9fpGy/BZ6BkvVWECKeQ9o8ZacALg8If1NagdhTmueflj39qquBogoe7TWiWxsNTJzq0os4E=
+Prime1: 74wMDEa4SeFhMLIWgOz6hwdP86ak+JLjdRsTmj1qFykYHTlG+h3y8ic79fimHaD0P1Tbk91pOgh1rBeLWTXzOQ==
+Prime2: 5H2Pik/CdxqcIBCyqBSN0hwfzwCry3t2mPVtDmc79XyGLOwiGhzWkbMeZro5hjBxpN3U4Kb5WuUGu7+paEnlRQ==
+Exponent1: 6QSyuPdI58qXPZQogATGykz9nR+n1FySUWtanLUlQcNDS2Nl1zaZy9+fzAuiekF3EZQxlSL/dTNoUP/dei4pyQ==
+Exponent2: R5IuojoV16bq6HTDRahO756zqMwaG+Kp8DGijSjzHchNywnCpzvlHK2+WXbjx/7Smno5zrB1cOYMQ0xRwOAn1Q==
+Coefficient: Bc9CyTQt6wEU/ShcJLXYGKVnBMdzM4JjB7y7sj05E4kLocYaQw2slxBFZyc7oGKEaAFKsqIC2JyurCo4Z6mDrQ==
diff --git a/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+56595.key b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+56595.key
new file mode 100644
index 00000000..1ee44bbb
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+56595.key
@@ -0,0 +1,3 @@
+;% generationtime=20081003212715
+;% lifetime=5d
+sub.example.de. IN DNSKEY 257 3 5 BQEAAAABolXOM+J0RdjVTzlptvXKqtwxQQkc7uzNfjzrCL9VNvD4Aayd pGIqeqC05rLCILe62RRgCnQOs62kcUySrxRkmuAkkfONwU5PhXBAjrbl cV1T2xziS0rUBHMtgQlp3da0xOAqZVmBcCJChytISJJmtuh0qryY1Z3n GLv3a4BbGFc=
diff --git a/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+56595.private b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+56595.private
new file mode 100644
index 00000000..4b444504
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+56595.private
@@ -0,0 +1,10 @@
+Private-key-format: v1.2
+Algorithm: 5 (RSASHA1)
+Modulus: olXOM+J0RdjVTzlptvXKqtwxQQkc7uzNfjzrCL9VNvD4AaydpGIqeqC05rLCILe62RRgCnQOs62kcUySrxRkmuAkkfONwU5PhXBAjrblcV1T2xziS0rUBHMtgQlp3da0xOAqZVmBcCJChytISJJmtuh0qryY1Z3nGLv3a4BbGFc=
+PublicExponent: AQAAAAE=
+PrivateExponent: OZyxcY+HDUm3QnD5ZKQNlUHg5m5SuiUNpDUPzsguED89tgWM12U8IgsChJd2kVlM2Ntayu3KhtUs0/bwFk7yMEyrHPkRcMCInAlB28cXKailxaad5pIvHOu+xt5/44C+j5p125Xd7N29dhRjH7afQY7eYV7FYmDcnXrPyrTkBeE=
+Prime1: 0GylzPNywg5QbH9EzgBTjb1J87G2gmKW2eSePiAFq6g4LKUh/HTeCX9TkXmszC/xaA5X96h7UoiPTyl/uq5mRw==
+Prime2: x2Pq+Edr4PVN9PaZ/RImYjQGk3gs0J5SbJ9kNKFTPw2ZsWr9wtN5n1KKUCHDqsJ0I9XbOmdI94Ze96uju5L1cQ==
+Exponent1: K1098oZ5S8EV4rjvzRrJRe+zLNhvCOeyKQLeE0pZk9G60aMxRTm1HAYyof1kcw43G8BgPU2+26kzFAFQHQIK+w==
+Exponent2: oL+7Esi69/qc5yJFk65FJld6jfvv5XHiZOLmj5K/Sagk1mYpj+vveitQzPaNb5G2cl7sN1rW8jgiYdKsyCe0QQ==
+Coefficient: MoX+4JTGDuR2nPCAjwMRBDIu6hCTn65zU2EHAFMWaf7hvvhWVEBn0YTK1/sYFzz0LxJUJxa/JJltY7ZYulk7uQ==
diff --git a/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/dlvset-sub.example.de. b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/dlvset-sub.example.de.
new file mode 100644
index 00000000..d2b84f70
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/dlvset-sub.example.de.
@@ -0,0 +1,6 @@
+sub.example.de.dlv.trusted-keys.net. IN DLV 31785 5 1 3D56DD760ECF5184EAAE810F523934239F3D5AA5
+sub.example.de.dlv.trusted-keys.net. IN DLV 31785 5 2 BAF6AFA18EED60E28AFFDB6094DCE3095A0C6B039D2DF8020580F6BD E43B76F9
+sub.example.de.dlv.trusted-keys.net. IN DLV 40956 5 1 F3BC3C3D8EF9A21CCCD983FA01D308C36824E79A
+sub.example.de.dlv.trusted-keys.net. IN DLV 40956 5 2 F276443895C23D052089011BED4BB2683067C1397D62EEF726BFF4F2 4B5981A1
+sub.example.de.dlv.trusted-keys.net. IN DLV 56595 5 1 839C43F0267473F1335354384D91BFD70145AC01
+sub.example.de.dlv.trusted-keys.net. IN DLV 56595 5 2 37F3AA854D2B7B2A9FAE3868EB37FFB08E1EDE2E14AF4D259E6C46B0 27D5C5B7
diff --git a/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/dnskey.db b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/dnskey.db
new file mode 100644
index 00000000..38c3c70e
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/dnskey.db
@@ -0,0 +1,51 @@
+;
+; !!! Don't edit this file by hand.
+; !!! It will be generated by dnssec-signer.
+;
+; Last generation time Dec 28 2008 23:06:40
+;
+
+; *** List of Key Signing Keys ***
+; sub.example.de. tag=40956 algo=RSASHA1 generated Oct 03 2008 01:02:19
+sub.example.de. 3600 IN DNSKEY 257 3 5 (
+ BQEAAAAB1c44bXfWMzPJQ0k35Gz0euAPGkw48XBb+ECUiiiI5wklFOjg
+ CyN1Yr9j1QYsvsYvyVxF4uMSbQ4p0JDyYwtxwVG3EACUK6vUsvTidHO/
+ zxIflx5YGrB6ENTJcztRsp40EO1wBOmBgeX+aCC07zpu3SuKxzaiwTnU
+ ISRyLtFdi10=
+ ) ; key id = 40956
+
+; sub.example.de. tag=56595 algo=RSASHA1 generated Oct 03 2008 23:27:15
+sub.example.de. 3600 IN DNSKEY 257 3 5 (
+ BQEAAAABolXOM+J0RdjVTzlptvXKqtwxQQkc7uzNfjzrCL9VNvD4Aayd
+ pGIqeqC05rLCILe62RRgCnQOs62kcUySrxRkmuAkkfONwU5PhXBAjrbl
+ cV1T2xziS0rUBHMtgQlp3da0xOAqZVmBcCJChytISJJmtuh0qryY1Z3n
+ GLv3a4BbGFc=
+ ) ; key id = 56595
+
+; sub.example.de. tag=31785 algo=RSASHA1 generated Dec 16 2008 17:32:13
+sub.example.de. 3600 IN DNSKEY 257 3 5 (
+ BQEAAAABvFi0FuW1hnSuYpaWPBhN7/hQo59igc30zlVBFugkWd9wjsxX
+ T5mNmmg8pceNgOgV4+0bHBgQlAkC0I605MlTdljra6dLBsxIneJxfWEE
+ J9LOQPPbnEPAJrEQzqtt5crVc687oyWYg9UGZBconBIAeefO2h19hVji
+ qj6JGXl48/0=
+ ) ; key id = 31785
+
+; *** List of Zone Signing Keys ***
+; sub.example.de. tag=59924 algo=RSAMD5 generated Dec 16 2008 17:30:27
+sub.example.de. 3600 IN DNSKEY 256 3 1 (
+ BQEAAAABmjp7RFegQjGnrXbRQ4uk0Wdxj4+cU4MucX+3xq6Emve8Q/jB
+ eymytqtCmRli/G0ROBlid0KE2rxJ7rDekuoUiw==
+ ) ; key id = 59924
+
+; sub.example.de. tag=39146 algo=RSAMD5 generated Dec 16 2008 17:30:27
+sub.example.de. 3600 IN DNSKEY 256 3 1 (
+ BQEAAAAB46KNL8HNsVPnvBw24iONL++CrObjeSZsRLJkmrYa+cWJSqmw
+ 9b7xlpaO+uBE5pkz/9GKXXOH+o/q+dBCoZjqTQ==
+ ) ; key id = 39146
+
+; sub.example.de. tag=4031 algo=RSAMD5 generated Dec 28 2008 23:06:40
+sub.example.de. 3600 IN DNSKEY 256 3 1 (
+ BQEAAAAB6ULnEaSHOrlAYtx8LDD0KvOoyJE10FHTeLeGsVUxBx+O/HgN
+ cV4elmXG/wGBvDjx4vQsbPO5WDiIoXmDUg+/sQ==
+ ) ; key id = 4031
+
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./dnssec.conf b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/dnssec.conf
index d7d33ca8..d7d33ca8 100644
--- a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./dnssec.conf
+++ b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/dnssec.conf
diff --git a/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/dsset-sub.example.de. b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/dsset-sub.example.de.
new file mode 100644
index 00000000..9e2970a9
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/dsset-sub.example.de.
@@ -0,0 +1,6 @@
+sub.example.de. IN DS 31785 5 1 3D56DD760ECF5184EAAE810F523934239F3D5AA5
+sub.example.de. IN DS 31785 5 2 BAF6AFA18EED60E28AFFDB6094DCE3095A0C6B039D2DF8020580F6BD E43B76F9
+sub.example.de. IN DS 40956 5 1 F3BC3C3D8EF9A21CCCD983FA01D308C36824E79A
+sub.example.de. IN DS 40956 5 2 F276443895C23D052089011BED4BB2683067C1397D62EEF726BFF4F2 4B5981A1
+sub.example.de. IN DS 56595 5 1 839C43F0267473F1335354384D91BFD70145AC01
+sub.example.de. IN DS 56595 5 2 37F3AA854D2B7B2A9FAE3868EB37FFB08E1EDE2E14AF4D259E6C46B0 27D5C5B7
diff --git a/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/keyset-sub.example.de. b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/keyset-sub.example.de.
new file mode 100644
index 00000000..2535a309
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/keyset-sub.example.de.
@@ -0,0 +1,22 @@
+$ORIGIN .
+sub.example.de 7200 IN DNSKEY 257 3 5 (
+ BQEAAAABolXOM+J0RdjVTzlptvXKqtwxQQkc
+ 7uzNfjzrCL9VNvD4AaydpGIqeqC05rLCILe6
+ 2RRgCnQOs62kcUySrxRkmuAkkfONwU5PhXBA
+ jrblcV1T2xziS0rUBHMtgQlp3da0xOAqZVmB
+ cCJChytISJJmtuh0qryY1Z3nGLv3a4BbGFc=
+ ) ; key id = 56595
+ 7200 IN DNSKEY 257 3 5 (
+ BQEAAAABvFi0FuW1hnSuYpaWPBhN7/hQo59i
+ gc30zlVBFugkWd9wjsxXT5mNmmg8pceNgOgV
+ 4+0bHBgQlAkC0I605MlTdljra6dLBsxIneJx
+ fWEEJ9LOQPPbnEPAJrEQzqtt5crVc687oyWY
+ g9UGZBconBIAeefO2h19hVjiqj6JGXl48/0=
+ ) ; key id = 31785
+ 7200 IN DNSKEY 257 3 5 (
+ BQEAAAAB1c44bXfWMzPJQ0k35Gz0euAPGkw4
+ 8XBb+ECUiiiI5wklFOjgCyN1Yr9j1QYsvsYv
+ yVxF4uMSbQ4p0JDyYwtxwVG3EACUK6vUsvTi
+ dHO/zxIflx5YGrB6ENTJcztRsp40EO1wBOmB
+ geX+aCC07zpu3SuKxzaiwTnUISRyLtFdi10=
+ ) ; key id = 40956
diff --git a/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/ksub.example.de.+005+06903.key b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/ksub.example.de.+005+06903.key
new file mode 100644
index 00000000..c880c4fa
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/ksub.example.de.+005+06903.key
@@ -0,0 +1,3 @@
+;% generationtime=20080818053647
+;% lifetime=5d
+sub.example.de. IN DNSKEY 257 3 5 BQEAAAABvYDREzYgpwbapQq47TOdCxf0+0vn0rFKNv0HedmV0uSQ8mkt PRHKKQNgeBDWN99JjV47XEFeYRmMYIixsEjjMTv7jBbYYlf+pMEnDfip wj1bvaQRsQ8KFLHnII0syARkZfxVllNulIYsYLA0QOH1bqUXCy3WOUO+ ykohqGTWSgs=
diff --git a/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/ksub.example.de.+005+06903.private b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/ksub.example.de.+005+06903.private
new file mode 100644
index 00000000..b9141de4
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/ksub.example.de.+005+06903.private
@@ -0,0 +1,10 @@
+Private-key-format: v1.2
+Algorithm: 5 (RSASHA1)
+Modulus: vYDREzYgpwbapQq47TOdCxf0+0vn0rFKNv0HedmV0uSQ8mktPRHKKQNgeBDWN99JjV47XEFeYRmMYIixsEjjMTv7jBbYYlf+pMEnDfipwj1bvaQRsQ8KFLHnII0syARkZfxVllNulIYsYLA0QOH1bqUXCy3WOUO+ykohqGTWSgs=
+PublicExponent: AQAAAAE=
+PrivateExponent: XMRzabB2jRdVLpnDth8Zr1okVfyBA9U0f2/qRnQT0ltPBomFgazQlrN1cyvt34vuqHsk+Nb44/HZLzl369HK9iO99sD3N+gKDXv0rB+r0QOSoku8eImkk6p0G5VLkdROSggo+GgUJmWMa0BGg4Y9XnStN0+bwyr/cJDkdPLnKqE=
+Prime1: +UoUiIMjAVNDQ4BRYUhW9PIiXCFMUOJQNQ5bIcYLBJBtkKJl1exS8MTNxTQgcRy3YNgUx7u4Fh6FEsBfVlL8kQ==
+Prime2: wpq74Cv2kvENsDlAXpYcigtNB8rtiOXGpe/eUl3Pj6aahS97KYyXivoHK+xZpoxLTz5dE28v2jRc+o7Dedma2w==
+Exponent1: toMLd17tND5W6ifexKH0olazwhokTxSyL1JrSjmSo2BqKjohREv3alaIq/+2epKuDoX1/jI6kOL5JJHvX0ngEQ==
+Exponent2: JR1w0pvriWfzXCwPel0crw+JUUpDM8bFiYDZX/zkNyuOrplqbh2REi5bCf0AUOgxie78WjxTvhyewwiByHtF/w==
+Coefficient: RADyZiLO+IXAJ4pFGsX5m0fZvixCmQdN1mmN9NnzZws43mb2KhKs+UwOsDpU1R5RddoCWgFhz58dgMS2VId8XA==
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+005+40998.key b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/ksub.example.de.+005+40998.key
index 9c7c36c8..9c7c36c8 100644
--- a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+005+40998.key
+++ b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/ksub.example.de.+005+40998.key
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+005+40998.private b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/ksub.example.de.+005+40998.private
index 3e39f5ac..3e39f5ac 100644
--- a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+005+40998.private
+++ b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/ksub.example.de.+005+40998.private
diff --git a/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/parent-sub.example.de. b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/parent-sub.example.de.
new file mode 100644
index 00000000..27cb7b9e
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/parent-sub.example.de.
@@ -0,0 +1,7 @@
+; KSK rollover phase2 (this is the new key)
+sub.example.de. 3600 IN DNSKEY 257 3 5 (
+ BQEAAAABolXOM+J0RdjVTzlptvXKqtwxQQkc7uzNfjzrCL9VNvD4Aayd
+ pGIqeqC05rLCILe62RRgCnQOs62kcUySrxRkmuAkkfONwU5PhXBAjrbl
+ cV1T2xziS0rUBHMtgQlp3da0xOAqZVmBcCJChytISJJmtuh0qryY1Z3n
+ GLv3a4BbGFc=
+ ) ; key id = 56595
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./zone.db b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/zone.db
index 05489a42..f04c19a2 100644
--- a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./zone.db
+++ b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/zone.db
@@ -7,7 +7,7 @@
$TTL 7200
@ IN SOA ns1.example.de. hostmaster.example.de. (
- 2008073101; Serial (up to 10 digits)
+ 2008122801; Serial (up to 10 digits)
86400 ; Refresh (RIPE recommendation if NOTIFY is used)
1800 ; Retry
2W ; Expire
diff --git a/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/zone.db.signed b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/zone.db.signed
new file mode 100644
index 00000000..066477c5
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/zone.db.signed
@@ -0,0 +1,136 @@
+; File written on Sun Dec 28 23:06:40 2008
+; dnssec_signzone version 9.6.0
+sub.example.de. 7200 IN SOA ns1.example.de. hostmaster.example.de. (
+ 2008122801 ; serial
+ 86400 ; refresh (1 day)
+ 1800 ; retry (30 minutes)
+ 1209600 ; expire (2 weeks)
+ 7200 ; minimum (2 hours)
+ )
+ 7200 RRSIG SOA 1 3 7200 20081230210417 (
+ 20081228210640 39146 sub.example.de.
+ XM/3402boromtkWjxtvE0SHpUW3J5ITudixH
+ Ol/DXfSIUiv5Km5ekQueBMgMIEMFkYHxRYH/
+ CRDCu4gTzYJElw== )
+ 7200 NS ns1.example.de.
+ 7200 RRSIG NS 1 3 7200 20081230210435 (
+ 20081228210640 39146 sub.example.de.
+ YGkNNi+q2byWBB2AnRrZ0fY9eOzOkcvlW98U
+ Ti/2LoJhn+LrVNSOG5Xbd7o3KfoxnyyFS+lh
+ IwcTPCxkYyTv2A== )
+ 7200 NSEC a.sub.example.de. NS SOA RRSIG NSEC DNSKEY
+ 7200 RRSIG NSEC 1 3 7200 20081230205813 (
+ 20081228210640 39146 sub.example.de.
+ dR8j2F8b+725x9Ipuym92XPF0CfLywcU8rVd
+ kMwIEHYqvxHtAGgMS7Rg6ehc1Dyu/4AxK5Le
+ xQpUFau71SR5zA== )
+ 3600 DNSKEY 256 3 1 (
+ BQEAAAABmjp7RFegQjGnrXbRQ4uk0Wdxj4+c
+ U4MucX+3xq6Emve8Q/jBeymytqtCmRli/G0R
+ OBlid0KE2rxJ7rDekuoUiw==
+ ) ; key id = 59924
+ 3600 DNSKEY 256 3 1 (
+ BQEAAAAB46KNL8HNsVPnvBw24iONL++CrObj
+ eSZsRLJkmrYa+cWJSqmw9b7xlpaO+uBE5pkz
+ /9GKXXOH+o/q+dBCoZjqTQ==
+ ) ; key id = 39146
+ 3600 DNSKEY 256 3 1 (
+ BQEAAAAB6ULnEaSHOrlAYtx8LDD0KvOoyJE1
+ 0FHTeLeGsVUxBx+O/HgNcV4elmXG/wGBvDjx
+ 4vQsbPO5WDiIoXmDUg+/sQ==
+ ) ; key id = 4031
+ 3600 DNSKEY 257 3 5 (
+ BQEAAAABolXOM+J0RdjVTzlptvXKqtwxQQkc
+ 7uzNfjzrCL9VNvD4AaydpGIqeqC05rLCILe6
+ 2RRgCnQOs62kcUySrxRkmuAkkfONwU5PhXBA
+ jrblcV1T2xziS0rUBHMtgQlp3da0xOAqZVmB
+ cCJChytISJJmtuh0qryY1Z3nGLv3a4BbGFc=
+ ) ; key id = 56595
+ 3600 DNSKEY 257 3 5 (
+ BQEAAAABvFi0FuW1hnSuYpaWPBhN7/hQo59i
+ gc30zlVBFugkWd9wjsxXT5mNmmg8pceNgOgV
+ 4+0bHBgQlAkC0I605MlTdljra6dLBsxIneJx
+ fWEEJ9LOQPPbnEPAJrEQzqtt5crVc687oyWY
+ g9UGZBconBIAeefO2h19hVjiqj6JGXl48/0=
+ ) ; key id = 31785
+ 3600 DNSKEY 257 3 5 (
+ BQEAAAAB1c44bXfWMzPJQ0k35Gz0euAPGkw4
+ 8XBb+ECUiiiI5wklFOjgCyN1Yr9j1QYsvsYv
+ yVxF4uMSbQ4p0JDyYwtxwVG3EACUK6vUsvTi
+ dHO/zxIflx5YGrB6ENTJcztRsp40EO1wBOmB
+ geX+aCC07zpu3SuKxzaiwTnUISRyLtFdi10=
+ ) ; key id = 40956
+ 3600 RRSIG DNSKEY 1 3 3600 20081230204044 (
+ 20081228210640 39146 sub.example.de.
+ rdyBfWCdLqJSLOIg22HSMNpLQTV1GLsg2w5Q
+ thtAdJWWdN+YDJfeeD+jkJvwWoQSouleSRdM
+ MHZ69c4Fp0KlUg== )
+ 3600 RRSIG DNSKEY 5 3 3600 20081230204405 (
+ 20081228210640 56595 sub.example.de.
+ B4kvh0gQqHNBdwiABmUwMJ+Iqi2dKSsDQTKj
+ 0rtquoGkVbbB1mKqGeA0EWjts9g388evvZGz
+ hpHVeXQQds4OxRTpt+XlQejbL98RB+8xM+I9
+ clj31Dg22MYkzogVqk7VBYTfZN/frK5co5WO
+ E+aX97skAkBO8C9rZshwsISbFR0= )
+ 3600 RRSIG DNSKEY 5 3 3600 20081230205150 (
+ 20081228210640 31785 sub.example.de.
+ SiQmiuudpKBGbtKxHupnbvkksCBkYwihgyhl
+ kznLuR+GjrZKE4GuzYNAspe5CkDCSbNUHbl2
+ CbPFjU4lvGyShA3UtzSM2Cx4SAGi4JtRh7XC
+ DtXNIuZK4GBwprUD5nffYAH9Q7Pck9fhl8u8
+ YP0JapJ+GV9dx2iSKdbb1JKE8zk= )
+ 3600 RRSIG DNSKEY 5 3 3600 20081230205404 (
+ 20081228210640 40956 sub.example.de.
+ jQty/hjEoHR/lx/tNopuPFNZQ0VF4Qdi37I0
+ q2A084KeBTh4v2hgTUA0B00hVncllfgUlOYl
+ HbvgHzqhLZPrx2qvtvFlPRmj7FlwjJbXRt5T
+ 5JBAMP4IMfd0W6SDsuo1saVVZuiAQPicBbN8
+ Rc0Tgde1NEy2rlyVLkk7uKLB0pU= )
+a.sub.example.de. 7200 IN A 1.2.3.4
+ 7200 RRSIG A 1 4 7200 20081230210029 (
+ 20081228210640 39146 sub.example.de.
+ Mfh4ntlgKOlE1vleYbD8tN8VfvHEYbIZ1/bG
+ TWEu2pQNK2YLC7mLfVQWW3bcpzlmOucmWFJq
+ XXH+nnsftjxZog== )
+ 7200 NSEC b.sub.example.de. A RRSIG NSEC
+ 7200 RRSIG NSEC 1 4 7200 20081230210434 (
+ 20081228210640 39146 sub.example.de.
+ hKTSoLDwWufmjaQnW53kLzog9MfMK3eUcjHr
+ 98uOCfKY3xRFqxHn0UmUvfaHSrCaMGRuwH0H
+ 84fk3FvVO3Sg4g== )
+b.sub.example.de. 7200 IN A 1.2.3.5
+ 7200 RRSIG A 1 4 7200 20081230210628 (
+ 20081228210640 39146 sub.example.de.
+ LP1xgEzTIlc0w57Ohv9HwJ9eAeGFGeMDM3Ag
+ 9oA18G8lUWpzTX66D9sHKdpDxCo8IX8IuosE
+ AO4BjHjFytWPLQ== )
+ 7200 NSEC c.sub.example.de. A RRSIG NSEC
+ 7200 RRSIG NSEC 1 4 7200 20081230204400 (
+ 20081228210640 39146 sub.example.de.
+ 2tmWQXRQEOF5tojcBhFRMVe5pp0V1tA+Jk8M
+ svsYT1ukbaJ3QeDOaTGUA604hLEm7J+uapy+
+ LTvOcKZl65st6g== )
+c.sub.example.de. 7200 IN A 1.2.3.6
+ 7200 RRSIG A 1 4 7200 20081230205321 (
+ 20081228210640 39146 sub.example.de.
+ m5/r/M1tF0d3rEU/kmubSZdV5ZmdKWmcCWTo
+ kv+oTux07+5dS7XisCHT+ufjiFkIgI3cf9I6
+ bbtEMaChCRmwhA== )
+ 7200 NSEC localhost.sub.example.de. A RRSIG NSEC
+ 7200 RRSIG NSEC 1 4 7200 20081230204731 (
+ 20081228210640 39146 sub.example.de.
+ WZAiKmtmMVq69fGpQAxKXFj9179lZm1qd7qs
+ gyiutFjWtQTRQFI6wxHyhh1WXdagtI2AjR9V
+ eGdKUuoZ9n22yA== )
+localhost.sub.example.de. 7200 IN A 127.0.0.1
+ 7200 RRSIG A 1 4 7200 20081230205746 (
+ 20081228210640 39146 sub.example.de.
+ Vc48b7SkFZO1e4lNIti+Iw9vPSgxANdhakP/
+ oqjKgxMMr+dmk0Vn29DYBTH+bkR7nBpccP9l
+ qe0UCeieNSgqOg== )
+ 7200 NSEC sub.example.de. A RRSIG NSEC
+ 7200 RRSIG NSEC 1 4 7200 20081230203757 (
+ 20081228210640 39146 sub.example.de.
+ StI4gda9HqSmD1/1zcW/wJaFXvd8zKRHnH89
+ nrUy4C6PWJ+9Tqs4QhYm1AzAtZRwSEasS0jX
+ g0mFyc6p12gXqg== )
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./zone.db b/contrib/zkt/examples/hierarchical/de/example.de/zone.db
index c4851816..917cd79f 100644
--- a/contrib/zkt/examples/hierarchical/de./example.de./zone.db
+++ b/contrib/zkt/examples/hierarchical/de/example.de/zone.db
@@ -6,17 +6,18 @@
$TTL 7200
-; Be sure that the serial number below is left
+; Ensure that the serial number below is left
; justified in a field of at least 10 chars!!
; 0123456789;
-; It's also possible to use the date form e.g. 2005040101
+; It's also possible to use the date format e.g. 2005040101
@ IN SOA ns1.example.de. hostmaster.example.de. (
- 258 ; Serial
+ 269 ; Serial
43200 ; Refresh
1800 ; Retry
2W ; Expire
7200 ) ; Minimum
+
IN NS ns1.example.de.
IN NS ns2.example.de.
@@ -32,6 +33,6 @@ localhost IN A 127.0.0.1
; with option -g or use the dnssec-signer tool) ;-)
sub IN NS ns1.example.de.
-; this file will have all the zone keys
+; this file will contain all the zone keys
$INCLUDE dnskey.db
diff --git a/contrib/zkt/examples/hierarchical/de/example.de/zone.db.signed b/contrib/zkt/examples/hierarchical/de/example.de/zone.db.signed
new file mode 100644
index 00000000..9fdf5dfb
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de/example.de/zone.db.signed
@@ -0,0 +1,124 @@
+; File written on Sun Dec 28 23:06:40 2008
+; dnssec_signzone version 9.6.0
+example.de. 7200 IN SOA ns1.example.de. hostmaster.example.de. (
+ 269 ; serial
+ 43200 ; refresh (12 hours)
+ 1800 ; retry (30 minutes)
+ 1209600 ; expire (2 weeks)
+ 7200 ; minimum (2 hours)
+ )
+ 7200 RRSIG SOA 5 2 7200 20090107205708 (
+ 20081228210640 11327 example.de.
+ KC6gXko+4iRmpofCb+uOs5e0Jgq4CJVUgsw3
+ jjXDsra7FXWybJj9FgO5cdy2KHbV/cQJ5Li6
+ bgH2E0gZpcYrvA== )
+ 7200 NS ns1.example.de.
+ 7200 NS ns2.example.de.
+ 7200 RRSIG NS 5 2 7200 20090107205857 (
+ 20081228210640 11327 example.de.
+ P5GvCnGqZ3+rGh4fZtGmYfezyI4swQXFVdtp
+ UkhR8SBDRgC9HQU5qZw7g7cbuO/CrRUWZLuf
+ NYgJvaeyoL8Khw== )
+ 7200 NSEC localhost.example.de. NS SOA RRSIG NSEC DNSKEY
+ 7200 RRSIG NSEC 5 2 7200 20090107204400 (
+ 20081228210640 11327 example.de.
+ cdjSIAQDouZldROWir7R4/k6xcwbvOUcOmNO
+ rkGROzjrQf3IdE7vCwxLj/KavLqK5OIhSztf
+ Xx9lY5RJWhhxQA== )
+ 3600 DNSKEY 256 3 5 (
+ BQEAAAABqbCqCu2ncgLw+0oWWiveBVK3zchY
+ FYUD2lnvJKeq7ATwesuRNpn17Erjz09GhDn9
+ l2J92dAy8m4uofcdFkYKnQ==
+ ) ; key id = 11327
+ 3600 DNSKEY 257 3 5 (
+ BQEAAAABDOkPawC/tCqSITj6lvzcIPwcMEX+
+ Nvz17GBu85jmigMuvZQUYZBVUmJNNBbCNStl
+ z+Y+1pGg9HbWFvn0tpH/bm4mZPlJmk+WxQhH
+ z7eTm5xhSaSEEzq0uf087tAbaq1yaTpTtA2R
+ 7JXIPxt6CuD9Ou5bbYOzrFnBq1VBAYrwB6t/
+ us10+Ab7T6Jvie/W+v4jto1Xx912Z8HHTbU4
+ 8Mlp1+mUjQ==
+ ) ; key id = 37983
+ 3600 DNSKEY 257 3 5 (
+ BQEAAAABDV7kFHqVcWLoSAShdlXU5LKUdyU4
+ LlsJGYMr8oIpjEzvwonRmX5pRiEjVhTwx+vx
+ 6eWluv6txXVu+F0g2ykmqUQdMfPYWmD9AJOq
+ vc2tCKVSRePqZ+HeIZR+heBnFKr5kWQmB5XO
+ lMdWNRA3y78s/LufVB8hD7r260jrVJ0W6wSM
+ GDjN4zQce8rHCe+LNB1GfaIASkMWjdgxNNAs
+ K9bqDM8Euw==
+ ) ; key id = 47280
+ 3600 RRSIG DNSKEY 5 2 3600 20090107203935 (
+ 20081228210640 47280 example.de.
+ Bk6rghHHe5smNETUq9iRY6JWr4gSZirMv6Pr
+ Sv6AuRNYbHz1K0ZMhQxdjkYbz7WidOtjtolm
+ lO2LGZreuNuU8vTbBNxJYTLHUDtncncuYQZR
+ htD5hsgGVyeYgEo5X+aIz0+NjrdJrkh3aDZd
+ k6FO0ga5+kmbg9My/C1vvnLgjWUaqjP3vnFB
+ 9mO5sb30X6qv3VT2d6A4DDqzCucYAphCSuSP
+ jw== )
+ 3600 RRSIG DNSKEY 5 2 3600 20090107205931 (
+ 20081228210640 11327 example.de.
+ EW0xShpQjjJnNl94XIe3SBqW/Ml2o5J5R5pf
+ pIp2NAVwE2lrBzukxjHQ+M4PPF2EtIUW9lF4
+ AFrLMfn3ymVnCw== )
+localhost.example.de. 7200 IN A 127.0.0.1
+ 7200 RRSIG A 5 3 7200 20090107205407 (
+ 20081228210640 11327 example.de.
+ WSfYUmVVSaPb9nKWyCzczQDcjqlY+QsUSFlx
+ FN7OuARdi5JHQ6b/z3y9zrsUJOhuqM1XiF7H
+ +Y9WEsWuNjmzmw== )
+ 7200 NSEC ns1.example.de. A RRSIG NSEC
+ 7200 RRSIG NSEC 5 3 7200 20090107204235 (
+ 20081228210640 11327 example.de.
+ URFD9Qy9xizej4LokkN8xqqGE4A4Fbe7S33O
+ vlUr1mw1Kx4zlzscUtGYAuMsHZgi/Rlyppib
+ XW+Fd3NHsYhisg== )
+ns1.example.de. 7200 IN A 1.0.0.5
+ 7200 RRSIG A 5 3 7200 20090107204603 (
+ 20081228210640 11327 example.de.
+ ZO17IgiAhdKtukAJEHIQyN+RqUHWOMvsDod8
+ XAFuBfunAeul+LiSjupWQDOijQoOfa5uVMRT
+ 1wFhEqz//YgXkQ== )
+ 7200 AAAA 2001:db8::53
+ 7200 RRSIG AAAA 5 3 7200 20090107204610 (
+ 20081228210640 11327 example.de.
+ S4aYxgu/DoVFaM0xdQ7WhfMaPK5sPt4ksZXx
+ rsNKCpL1JdNP9S78H4Iy1RUJ0I9i1EAFiWOl
+ 0JhVSprPJJiOIg== )
+ 7200 NSEC ns2.example.de. A AAAA RRSIG NSEC
+ 7200 RRSIG NSEC 5 3 7200 20090107210249 (
+ 20081228210640 11327 example.de.
+ XVIz/mWN2RQ5mm20RYOytSl5Q7n9LNMenB6d
+ HpT1kaDLYSdPXd3ZlvBCNNMdNhMFmZTBxAxL
+ b0Mz8eoLdsy6Lg== )
+ns2.example.de. 7200 IN A 1.2.0.6
+ 7200 RRSIG A 5 3 7200 20090107204524 (
+ 20081228210640 11327 example.de.
+ fCtOEIQlgh4XDJTZdmh0MBBHOlXvvCR4L+bR
+ gKBOUUtzaeL+FuXo8zyrWKuOp6hXj8eOceEL
+ oZCrKrjJBbHrJA== )
+ 7200 NSEC sub.example.de. A RRSIG NSEC
+ 7200 RRSIG NSEC 5 3 7200 20090107210617 (
+ 20081228210640 11327 example.de.
+ R4s8H352jY7amgr0bNRmhW4oXD++1itgbk33
+ OMDY3cbEEmZ+NonMRDkIOb4cTjDh4in9otMs
+ Cl2vNscx9VO9QQ== )
+sub.example.de. 7200 IN NS ns1.example.de.
+ 7200 DS 56595 5 1 (
+ 839C43F0267473F1335354384D91BFD70145
+ AC01 )
+ 7200 DS 56595 5 2 (
+ 37F3AA854D2B7B2A9FAE3868EB37FFB08E1E
+ DE2E14AF4D259E6C46B027D5C5B7 )
+ 7200 RRSIG DS 5 3 7200 20090107204420 (
+ 20081228210640 11327 example.de.
+ ksOzuWcVDmEEipMetLHeNfWjhSiGizHN5qUL
+ H78iOQsu9/zGDuMlLt1ysY+B2vAASCl5jVTp
+ B5vr9CTvewcyAA== )
+ 7200 NSEC example.de. NS DS RRSIG NSEC
+ 7200 RRSIG NSEC 5 3 7200 20090107204025 (
+ 20081228210640 11327 example.de.
+ pyIEOLCMXk7H4wDJ2IwJdoUxvm7UdDlHpsVR
+ gsgyogrsRb7xjnWQJ/lwHso+cmcGwvMoD/Qz
+ IjVpouYPkbRe3w== )
diff --git a/contrib/zkt/examples/hierarchical/de/example.de/zone.soa b/contrib/zkt/examples/hierarchical/de/example.de/zone.soa
new file mode 100644
index 00000000..9b200c1b
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de/example.de/zone.soa
@@ -0,0 +1,10 @@
+; Be sure that the serial number below is left
+; justified in a field of at least 10 chars!!
+; 0123456789;
+; It's also possible to use the date form e.g. 2005040101
+@ IN SOA ns1.example.de. hostmaster.example.de. (
+ 267 ; Serial
+ 43200 ; Refresh
+ 1800 ; Retry
+ 2W ; Expire
+ 7200 ) ; Minimum
diff --git a/contrib/zkt/examples/hierarchical/de/keyset-example.de. b/contrib/zkt/examples/hierarchical/de/keyset-example.de.
new file mode 100644
index 00000000..27a14419
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de/keyset-example.de.
@@ -0,0 +1,19 @@
+$ORIGIN .
+example.de 7200 IN DNSKEY 257 3 5 (
+ BQEAAAABDOkPawC/tCqSITj6lvzcIPwcMEX+
+ Nvz17GBu85jmigMuvZQUYZBVUmJNNBbCNStl
+ z+Y+1pGg9HbWFvn0tpH/bm4mZPlJmk+WxQhH
+ z7eTm5xhSaSEEzq0uf087tAbaq1yaTpTtA2R
+ 7JXIPxt6CuD9Ou5bbYOzrFnBq1VBAYrwB6t/
+ us10+Ab7T6Jvie/W+v4jto1Xx912Z8HHTbU4
+ 8Mlp1+mUjQ==
+ ) ; key id = 37983
+ 7200 IN DNSKEY 257 3 5 (
+ BQEAAAABDV7kFHqVcWLoSAShdlXU5LKUdyU4
+ LlsJGYMr8oIpjEzvwonRmX5pRiEjVhTwx+vx
+ 6eWluv6txXVu+F0g2ykmqUQdMfPYWmD9AJOq
+ vc2tCKVSRePqZ+HeIZR+heBnFKr5kWQmB5XO
+ lMdWNRA3y78s/LufVB8hD7r260jrVJ0W6wSM
+ GDjN4zQce8rHCe+LNB1GfaIASkMWjdgxNNAs
+ K9bqDM8Euw==
+ ) ; key id = 47280
diff --git a/contrib/zkt/examples/hierarchical/zone.conf b/contrib/zkt/examples/hierarchical/zone.conf
index 6944d5aa..afd5a739 100644
--- a/contrib/zkt/examples/hierarchical/zone.conf
+++ b/contrib/zkt/examples/hierarchical/zone.conf
@@ -1,10 +1,10 @@
zone "example.de." in {
type master;
- file "de./example.de./zone.db.signed";
+ file "de/example.de/zone.db.signed";
};
zone "sub.example.de." in {
type master;
- file "de./example.de./sub.example.de./zone.db.signed";
+ file "de/example.de/sub.example.de/zone.db.signed";
};
diff --git a/contrib/zkt/examples/views/extern/example.net./zone.db.signed b/contrib/zkt/examples/views/extern/example.net./zone.db.signed
deleted file mode 100644
index c0e28017..00000000
--- a/contrib/zkt/examples/views/extern/example.net./zone.db.signed
+++ /dev/null
@@ -1,109 +0,0 @@
-; File written on Thu Jun 12 17:56:06 2008
-; dnssec_signzone version 9.5.0
-example.net. 7200 IN SOA ns1.example.net. hostmaster.example.net. (
- 1213286165 ; serial
- 43200 ; refresh (12 hours)
- 1800 ; retry (30 minutes)
- 1209600 ; expire (2 weeks)
- 7200 ; minimum (2 hours)
- )
- 7200 RRSIG SOA 5 2 7200 20080622145605 (
- 20080612145605 35744 example.net.
- iSF46kemTmJ62ipRyAzcVF0zlND4ZXdMSzAg
- wGLfXN1xlgt0IwB8ypP1OjDyUx+YwBpbMlJt
- tFsswvYaZtP11Q== )
- 7200 NS ns1.example.net.
- 7200 NS ns2.example.net.
- 7200 RRSIG NS 5 2 7200 20080622145605 (
- 20080612145605 35744 example.net.
- fmC9BXzFcy6TRXixIHk51TYTetGd69YcRguc
- VlqTalvPJTJ99nKkRS5HdP2CZPJqv9bHOmSO
- yQibjS4TA5Pr3g== )
- 7200 NSEC localhost.example.net. NS SOA RRSIG NSEC DNSKEY
- 7200 RRSIG NSEC 5 2 7200 20080622145605 (
- 20080612145605 35744 example.net.
- kimcFA1awlsIou/66y2XLByBWKc2e7Wm8vis
- Pz/i0NS4NFoe+oSKIeIjUorWOSf5AkpxxntV
- 91i/sxof6bc61w== )
- 3600 DNSKEY 256 3 5 (
- BQEAAAABsQvn4MXvSlbajLPMJdGnczsX/Zw5
- yYSeERYtaO2Wxi+kHz6wiAyKkbBYFUGtmbPJ
- 6JFt+4f9KnNPi1txiBg76Q==
- ) ; key id = 35744
- 3600 DNSKEY 256 3 5 (
- BQEAAAAB3U9DMT6BkywYADO+5p0lG4VFLLzN
- vJUMaOc++HqN2N1sKSX4ZTf2V5gtamPZ/1kM
- rg8gYImKCl6n3K37EjXYBw==
- ) ; key id = 10367
- 3600 DNSKEY 257 3 5 (
- BQEAAAABDEEycfY6uqWNTpQO8ygi9xms6NOF
- YGhCjijN109fVGJ4KDnIZtLhoFrOKru9rZn+
- pyqurlyZG4vESg0BMty6xljVDlr/TegDYFTN
- 19mQuwvlasJhZPv9pjROPqQGnqLaw3O4OKCY
- 9HgTTPdXK1hQ4Mg2rNU4SM2Tu5ki91f5AQqi
- XF8KYMics0mwVvpj5C2YTDvE9SafLrce68JM
- 6DaiC6E1sQ==
- ) ; key id = 23553
- 3600 RRSIG DNSKEY 5 2 3600 20080622145605 (
- 20080612145605 23553 example.net.
- Bfg8AMvj3OmC7E5aMCfotsdL4eJ+hPqtH30E
- +aGEJojZNgfhnSKZrolMJa5fij4oZ+Fp8U+a
- V73egxkrYI+NnddGRVium+vT6NDVknYl6hx0
- kgKmZ8oYMulF8CCmTaw6WXswIX0j/7e17Qtw
- ZjbkWZagIXWotE5t0qel3doAQ37ZUaKMMAoc
- SRgJ8s+w7OZ86f1kWyGNdhYeF8yY3AraSx7h
- fg== )
- 3600 RRSIG DNSKEY 5 2 3600 20080622145605 (
- 20080612145605 35744 example.net.
- SrsmKW7eB+zWA+8j2DvlDktthDusinJP4QKV
- ihsJN1Gq8fTcHsFX2+3EJLyGZfhKyW7Q5Z1W
- dIM4sjx78Zjh5Q== )
-localhost.example.net. 7200 IN A 127.0.0.1
- 7200 RRSIG A 5 3 7200 20080622145605 (
- 20080612145605 35744 example.net.
- DUWSV0Wj/h1U4idKUoDLB+NXgj8M9et1E8BP
- X0lhAu4CMrPhsiFU1NN+N3bhC16u7S+xxeEI
- N/c7vC223ejn8A== )
- 7200 NSEC ns1.example.net. A RRSIG NSEC
- 7200 RRSIG NSEC 5 3 7200 20080622145605 (
- 20080612145605 35744 example.net.
- qQ7FB0+O9Ve88VblRspGAm28JXurNAQ23HX9
- rkmbFLL/Z7Xp7xO2899oJZrgHl3CWLcKRBV+
- P50QYwYXET3byw== )
-ns1.example.net. 7200 IN A 1.0.0.5
- 7200 RRSIG A 5 3 7200 20080622145605 (
- 20080612145605 35744 example.net.
- qv8y5gEQg/5BpSTMoZvwW6AAzMIxT34ds4VK
- QQ9ScfVYOwtKigsaFmr8Zs97R946rl5vh/cs
- w8uw5x6/1ECflg== )
- 7200 AAAA 2001:db8::53
- 7200 RRSIG AAAA 5 3 7200 20080622145605 (
- 20080612145605 35744 example.net.
- T5MtLR9ZY0e6PKk+nU9cjRpSAWaccH2bGjzI
- aYEvKRFcLQ0QPDww8gBZNimYL+BYfCSysyXz
- LNjR7KqYQxrXmg== )
- 7200 NSEC ns2.example.net. A AAAA RRSIG NSEC
- 7200 RRSIG NSEC 5 3 7200 20080622145605 (
- 20080612145605 35744 example.net.
- IlRZWwLVtf7oalaLBCMbqH4pxgqCJ7f0wQzO
- ftS2jhMGVez+q7SgO8Vpw5f+vhNiSWe6noiN
- ogRV1rxohxDyCw== )
-ns2.example.net. 7200 IN A 1.2.0.6
- 7200 RRSIG A 5 3 7200 20080622145605 (
- 20080612145605 35744 example.net.
- NR3Nkw9U12uZcZs8ChTY+u3a0QisLV/5okqR
- Cy1Jpg8YkEzBJ0nEdxoGX6WUtnb0u5Kjxea1
- iTZYEXffLBchmw== )
- 7200 NSEC sub.example.net. A RRSIG NSEC
- 7200 RRSIG NSEC 5 3 7200 20080622145605 (
- 20080612145605 35744 example.net.
- eM1ckSfeiEg6pV8JxJEEkDeDo04i1iblO6a1
- pWydc4IGMH0vaCuGHvLlfCmSOZK7TWMFSLJN
- SqabEFO1114AyQ== )
-sub.example.net. 7200 IN NS ns1.example.net.
- 7200 NSEC example.net. NS RRSIG NSEC
- 7200 RRSIG NSEC 5 3 7200 20080622145605 (
- 20080612145605 35744 example.net.
- nwfqNjzYHKtWWsJgoiM9ZQFY9UKHMS6pkyNB
- ISgm6pTLeG9QXuwf9vTrtfvhPYAp5DRz96AT
- db/3/DXIwUnMnA== )
diff --git a/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+10367.key b/contrib/zkt/examples/views/extern/example.net/Kexample.net.+005+10367.key
index 54ba934b..54ba934b 100644
--- a/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+10367.key
+++ b/contrib/zkt/examples/views/extern/example.net/Kexample.net.+005+10367.key
diff --git a/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+10367.published b/contrib/zkt/examples/views/extern/example.net/Kexample.net.+005+10367.private
index 7240075f..7240075f 100644
--- a/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+10367.published
+++ b/contrib/zkt/examples/views/extern/example.net/Kexample.net.+005+10367.private
diff --git a/contrib/zkt/examples/views/extern/example.net/Kexample.net.+005+14714.key b/contrib/zkt/examples/views/extern/example.net/Kexample.net.+005+14714.key
new file mode 100644
index 00000000..08bebc1e
--- /dev/null
+++ b/contrib/zkt/examples/views/extern/example.net/Kexample.net.+005+14714.key
@@ -0,0 +1,3 @@
+;% generationtime=20081002230045
+;% lifetime=30d
+example.net. IN DNSKEY 256 3 5 BQEAAAABzPSR9zqdJdYnKWNwcUeyykwvSBrkAidjF2+ndxtzw5OCLZG0 QfmUumSh2Cq+g1dZw2lIKan+blLCD7vRCX6cRw==
diff --git a/contrib/zkt/examples/views/extern/example.net/Kexample.net.+005+14714.published b/contrib/zkt/examples/views/extern/example.net/Kexample.net.+005+14714.published
new file mode 100644
index 00000000..fc9402ab
--- /dev/null
+++ b/contrib/zkt/examples/views/extern/example.net/Kexample.net.+005+14714.published
@@ -0,0 +1,10 @@
+Private-key-format: v1.2
+Algorithm: 5 (RSASHA1)
+Modulus: zPSR9zqdJdYnKWNwcUeyykwvSBrkAidjF2+ndxtzw5OCLZG0QfmUumSh2Cq+g1dZw2lIKan+blLCD7vRCX6cRw==
+PublicExponent: AQAAAAE=
+PrivateExponent: UPJ5tLih3Wxu/lvoTctyw53YqaVngGRH+fSTLNchJfqXrwwKdP0LqiNMjWHv1m+OtDZJgbU8sZmXCXUVZOgCAQ==
+Prime1: /0fbhjXuq926sklBidVvZ5KPmAJPlbAeCprKhXi7GwE=
+Prime2: zYhpS9+p5PR1MisPZ5jf456zfJZg/XsuLZ288+5VH0c=
+Exponent1: rrZnAccK6f+4bRRLZEzM6V5tVopoZuSo3StxdGFIuAE=
+Exponent2: ChoiCjVQLac7g0/XOTbjeCoqrgcz9KB/z/36ZbuGRQ0=
+Coefficient: Lria2iu3j2EXiZal1YUyoUleY2jM64c4Dv5SYVzrsVU=
diff --git a/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+23553.key b/contrib/zkt/examples/views/extern/example.net/Kexample.net.+005+23553.key
index ec11dcb5..ec11dcb5 100644
--- a/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+23553.key
+++ b/contrib/zkt/examples/views/extern/example.net/Kexample.net.+005+23553.key
diff --git a/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+23553.private b/contrib/zkt/examples/views/extern/example.net/Kexample.net.+005+23553.private
index ea294474..ea294474 100644
--- a/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+23553.private
+++ b/contrib/zkt/examples/views/extern/example.net/Kexample.net.+005+23553.private
diff --git a/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+35744.private b/contrib/zkt/examples/views/extern/example.net/Kexample.net.+005+35744.depreciated
index ca789ebf..ca789ebf 100644
--- a/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+35744.private
+++ b/contrib/zkt/examples/views/extern/example.net/Kexample.net.+005+35744.depreciated
diff --git a/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+35744.key b/contrib/zkt/examples/views/extern/example.net/Kexample.net.+005+35744.key
index 1809a935..1809a935 100644
--- a/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+35744.key
+++ b/contrib/zkt/examples/views/extern/example.net/Kexample.net.+005+35744.key
diff --git a/contrib/zkt/examples/views/extern/example.net./dnskey.db b/contrib/zkt/examples/views/extern/example.net/dnskey.db
index d46eff9f..0ed196ef 100644
--- a/contrib/zkt/examples/views/extern/example.net./dnskey.db
+++ b/contrib/zkt/examples/views/extern/example.net/dnskey.db
@@ -2,11 +2,11 @@
; !!! Don't edit this file by hand.
; !!! It will be generated by dnssec-signer.
;
-; Last generation time Jun 12 2008 17:56:05
+; Last generation time Oct 03 2008 01:00:45
;
; *** List of Key Signing Keys ***
-; example.net. tag=23553 algo=RSASHA1 generated Nov 20 2007 12:49:04
+; example.net. tag=23553 algo=RSASHA1 generated Aug 05 2008 23:01:57
example.net. 3600 IN DNSKEY 257 3 5 (
BQEAAAABDEEycfY6uqWNTpQO8ygi9xms6NOFYGhCjijN109fVGJ4KDnI
ZtLhoFrOKru9rZn+pyqurlyZG4vESg0BMty6xljVDlr/TegDYFTN19mQ
@@ -16,15 +16,21 @@ example.net. 3600 IN DNSKEY 257 3 5 (
) ; key id = 23553
; *** List of Zone Signing Keys ***
-; example.net. tag=35744 algo=RSASHA1 generated Jun 10 2008 01:11:43
+; example.net. tag=35744 algo=RSASHA1 generated Aug 05 2008 23:01:57
example.net. 3600 IN DNSKEY 256 3 5 (
BQEAAAABsQvn4MXvSlbajLPMJdGnczsX/Zw5yYSeERYtaO2Wxi+kHz6w
iAyKkbBYFUGtmbPJ6JFt+4f9KnNPi1txiBg76Q==
) ; key id = 35744
-; example.net. tag=10367 algo=RSASHA1 generated Jun 10 2008 01:11:43
+; example.net. tag=10367 algo=RSASHA1 generated Aug 05 2008 23:01:57
example.net. 3600 IN DNSKEY 256 3 5 (
BQEAAAAB3U9DMT6BkywYADO+5p0lG4VFLLzNvJUMaOc++HqN2N1sKSX4
ZTf2V5gtamPZ/1kMrg8gYImKCl6n3K37EjXYBw==
) ; key id = 10367
+; example.net. tag=14714 algo=RSASHA1 generated Oct 03 2008 01:00:45
+example.net. 3600 IN DNSKEY 256 3 5 (
+ BQEAAAABzPSR9zqdJdYnKWNwcUeyykwvSBrkAidjF2+ndxtzw5OCLZG0
+ QfmUumSh2Cq+g1dZw2lIKan+blLCD7vRCX6cRw==
+ ) ; key id = 14714
+
diff --git a/contrib/zkt/examples/views/extern/example.net./dsset-example.net. b/contrib/zkt/examples/views/extern/example.net/dsset-example.net.
index cbcd3d02..cbcd3d02 100644
--- a/contrib/zkt/examples/views/extern/example.net./dsset-example.net.
+++ b/contrib/zkt/examples/views/extern/example.net/dsset-example.net.
diff --git a/contrib/zkt/examples/views/extern/example.net./keyset-example.net. b/contrib/zkt/examples/views/extern/example.net/keyset-example.net.
index b8452456..b8452456 100644
--- a/contrib/zkt/examples/views/extern/example.net./keyset-example.net.
+++ b/contrib/zkt/examples/views/extern/example.net/keyset-example.net.
diff --git a/contrib/zkt/examples/views/extern/example.net./zone.db b/contrib/zkt/examples/views/extern/example.net/zone.db
index 4c72928f..4c72928f 100644
--- a/contrib/zkt/examples/views/extern/example.net./zone.db
+++ b/contrib/zkt/examples/views/extern/example.net/zone.db
diff --git a/contrib/zkt/examples/views/extern/example.net/zone.db.signed b/contrib/zkt/examples/views/extern/example.net/zone.db.signed
new file mode 100644
index 00000000..271ac0f2
--- /dev/null
+++ b/contrib/zkt/examples/views/extern/example.net/zone.db.signed
@@ -0,0 +1,114 @@
+; File written on Fri Oct 3 01:00:46 2008
+; dnssec_signzone version 9.5.1b2
+example.net. 7200 IN SOA ns1.example.net. hostmaster.example.net. (
+ 1222988445 ; serial
+ 43200 ; refresh (12 hours)
+ 1800 ; retry (30 minutes)
+ 1209600 ; expire (2 weeks)
+ 7200 ; minimum (2 hours)
+ )
+ 7200 RRSIG SOA 5 2 7200 20081012220045 (
+ 20081002220045 10367 example.net.
+ LCFqUSzaxGi6kFs/IV6OuWgB77TzF4cYCH0S
+ UKrZ2PBlf7iR10Y1t7UsG/RGy/mBZxMMebf+
+ IzaEcsJynOXTOA== )
+ 7200 NS ns1.example.net.
+ 7200 NS ns2.example.net.
+ 7200 RRSIG NS 5 2 7200 20081012220045 (
+ 20081002220045 10367 example.net.
+ hc9aE9RI0TQr9IlIv7A6Xl3D+O7IT4B2vmAj
+ 7HA6znKCJMoA42h/EBNaSpc7lwLQmsHVpjP6
+ I1cAjynNC+KCwA== )
+ 7200 NSEC localhost.example.net. NS SOA RRSIG NSEC DNSKEY
+ 7200 RRSIG NSEC 5 2 7200 20081012220045 (
+ 20081002220045 10367 example.net.
+ mRRRKkwqB3r09e9vBGCGj4d+TiPmKAFnldyd
+ bWIoh7zT/cJm/HH8nDR1zUXXdeKp3/k8ddup
+ rXE8rdS4LHa7sg== )
+ 3600 DNSKEY 256 3 5 (
+ BQEAAAABsQvn4MXvSlbajLPMJdGnczsX/Zw5
+ yYSeERYtaO2Wxi+kHz6wiAyKkbBYFUGtmbPJ
+ 6JFt+4f9KnNPi1txiBg76Q==
+ ) ; key id = 35744
+ 3600 DNSKEY 256 3 5 (
+ BQEAAAABzPSR9zqdJdYnKWNwcUeyykwvSBrk
+ AidjF2+ndxtzw5OCLZG0QfmUumSh2Cq+g1dZ
+ w2lIKan+blLCD7vRCX6cRw==
+ ) ; key id = 14714
+ 3600 DNSKEY 256 3 5 (
+ BQEAAAAB3U9DMT6BkywYADO+5p0lG4VFLLzN
+ vJUMaOc++HqN2N1sKSX4ZTf2V5gtamPZ/1kM
+ rg8gYImKCl6n3K37EjXYBw==
+ ) ; key id = 10367
+ 3600 DNSKEY 257 3 5 (
+ BQEAAAABDEEycfY6uqWNTpQO8ygi9xms6NOF
+ YGhCjijN109fVGJ4KDnIZtLhoFrOKru9rZn+
+ pyqurlyZG4vESg0BMty6xljVDlr/TegDYFTN
+ 19mQuwvlasJhZPv9pjROPqQGnqLaw3O4OKCY
+ 9HgTTPdXK1hQ4Mg2rNU4SM2Tu5ki91f5AQqi
+ XF8KYMics0mwVvpj5C2YTDvE9SafLrce68JM
+ 6DaiC6E1sQ==
+ ) ; key id = 23553
+ 3600 RRSIG DNSKEY 5 2 3600 20081012220045 (
+ 20081002220045 10367 example.net.
+ RfMpx9krw1j7GCBGHnLU1NvvoBFOw2+HA08j
+ zhrSrOd0iKlSxyewCf0r2LVUV0EXFEzwbrqy
+ Wyt1l1ojfDX7mQ== )
+ 3600 RRSIG DNSKEY 5 2 3600 20081012220045 (
+ 20081002220045 23553 example.net.
+ AYHR7rcPmwdcr3UP8jPBNesQ3aC8RdeB8vtg
+ V01vPtvNIpp1OtMPIEx7bot9eWfmD/gVNuyS
+ xOAp77KxECFIULPvq6Pk1dyTUOWXn19JOMDU
+ CPyIxJs9gjD9AQ+UYo7UhhipOV1w5Y/g3Kvj
+ TiPEMprIF2xBUSRDSn8+qTZdvQE8QymU4ujj
+ 0gTF8egaCwgSmdeBajS3Vb6/L8M+GGP1tSOb
+ Sg== )
+localhost.example.net. 7200 IN A 127.0.0.1
+ 7200 RRSIG A 5 3 7200 20081012220045 (
+ 20081002220045 10367 example.net.
+ ngq0qDdgR3JILUgNpXzafmJd16pMcIJBlX3Q
+ URIhGFOXTgUvRmOGsZvhqEqSCQQwkPYkpsNd
+ 6NEKo5ZMZujTzA== )
+ 7200 NSEC ns1.example.net. A RRSIG NSEC
+ 7200 RRSIG NSEC 5 3 7200 20081012220045 (
+ 20081002220045 10367 example.net.
+ KoYaIavkKL8/oYzk1DQIy9SodaCd8yYC6QMD
+ Ry4PfyiaoKchq45KFlQ5SVkaPfXQmGffbJdT
+ mndSk+Txu7C2aw== )
+ns1.example.net. 7200 IN A 1.0.0.5
+ 7200 RRSIG A 5 3 7200 20081012220045 (
+ 20081002220045 10367 example.net.
+ TZnIpUO6Odm6FaN2fzXslFfPjN0BmueDUco8
+ T/sxtBpVAMbLkgSopaTEKgvV/J+pZfR1ehIh
+ GZfIki/kSWfXxg== )
+ 7200 AAAA 2001:db8::53
+ 7200 RRSIG AAAA 5 3 7200 20081012220045 (
+ 20081002220045 10367 example.net.
+ Kr+R4GvcpfWp6RGMauy1MFK9iRwIuvxFfAxd
+ ZAa/RiGOAB6BnLuGP6JHbJg25n6e+zPT7HeB
+ cHmHAn4azykZDg== )
+ 7200 NSEC ns2.example.net. A AAAA RRSIG NSEC
+ 7200 RRSIG NSEC 5 3 7200 20081012220045 (
+ 20081002220045 10367 example.net.
+ t7VkcKKR55956Kv9ASpw5vJCIFtZ1jYoBOU/
+ aaB5OFsrN8706ARrlkUw6aFBCh1sd9vzi+SU
+ vkgWg0dE7bbUpg== )
+ns2.example.net. 7200 IN A 1.2.0.6
+ 7200 RRSIG A 5 3 7200 20081012220045 (
+ 20081002220045 10367 example.net.
+ lpYgf61HD7a7hAPtZuMnMxnVsjFSwY7qyRce
+ cVzUeaxlqHTBbgXazldKYyYkBsPR1f7x7JUI
+ m39kBVe4kf9byg== )
+ 7200 NSEC sub.example.net. A RRSIG NSEC
+ 7200 RRSIG NSEC 5 3 7200 20081012220045 (
+ 20081002220045 10367 example.net.
+ fC8u/dDkso6U3eBqyQrhohlnsMOZjHvn/vOx
+ PxNCoJ3ideGp6g/WWExRdLA+SdQJqm40QJoQ
+ +72LfvnXzQ+tRg== )
+sub.example.net. 7200 IN NS ns1.example.net.
+ 7200 NSEC example.net. NS RRSIG NSEC
+ 7200 RRSIG NSEC 5 3 7200 20081012220045 (
+ 20081002220045 10367 example.net.
+ OGaRT/2gV7fgQ88YXhqbP08cH+x/otO5qOEX
+ WJ7PvCMhForeY7z66e1LZufRqU2HchNpx94o
+ cz9+z1t7ECFYhw== )
diff --git a/contrib/zkt/examples/views/extern/zkt-ext.log b/contrib/zkt/examples/views/extern/zkt-ext.log
index 04fa4fbc..d070ca23 100644
--- a/contrib/zkt/examples/views/extern/zkt-ext.log
+++ b/contrib/zkt/examples/views/extern/zkt-ext.log
@@ -26,3 +26,26 @@
2008-06-12 18:00:39.020: debug: Check ksk status
2008-06-12 18:00:39.020: debug: Re-signing not necessary!
2008-06-12 18:00:39.020: notice: end of run: 0 errors occured
+2008-10-03 01:00:45.544: notice: ------------------------------------------------------------
+2008-10-03 01:00:45.544: notice: running ../../dnssec-signer -V extern -v -v
+2008-10-03 01:00:45.545: debug: parsing zone "example.net" in dir "extern/example.net"
+2008-10-03 01:00:45.545: debug: Check RFC5011 status
+2008-10-03 01:00:45.545: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
+2008-10-03 01:00:45.545: debug: Check KSK status
+2008-10-03 01:00:45.545: debug: Check ZSK status
+2008-10-03 01:00:45.545: debug: Lifetime(2592000 +/-150 sec) of active key 35744 exceeded (5018328 sec)
+2008-10-03 01:00:45.546: debug: ->depreciate it
+2008-10-03 01:00:45.546: debug: ->activate published key 10367
+2008-10-03 01:00:45.546: notice: "example.net": lifetime of zone signing key 35744 exceeded: ZSK rollover done
+2008-10-03 01:00:45.546: debug: New key for publishing needed
+2008-10-03 01:00:45.614: debug: ->creating new key 14714
+2008-10-03 01:00:45.614: info: "example.net": new key 14714 generated for publishing
+2008-10-03 01:00:45.614: debug: Re-signing necessary: New zone key
+2008-10-03 01:00:45.614: notice: "example.net": re-signing triggered: New zone key
+2008-10-03 01:00:45.614: debug: Writing key file "extern/example.net/dnskey.db"
+2008-10-03 01:00:45.614: debug: Signing zone "example.net"
+2008-10-03 01:00:45.614: debug: Run cmd "cd extern/example.net; /usr/local/sbin/dnssec-signzone -g -p -o example.net -e +864000 -N unixtime zone.db K*.private"
+2008-10-03 01:00:46.114: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-10-03 01:00:46.114: debug: Signing completed after 1s.
+2008-10-03 01:00:46.114: debug:
+2008-10-03 01:00:46.114: notice: end of run: 0 errors occured
diff --git a/contrib/zkt/examples/views/intern/example.net./zone.db.signed b/contrib/zkt/examples/views/intern/example.net./zone.db.signed
deleted file mode 100644
index 88a42c6a..00000000
--- a/contrib/zkt/examples/views/intern/example.net./zone.db.signed
+++ /dev/null
@@ -1,109 +0,0 @@
-; File written on Thu Jun 12 18:13:43 2008
-; dnssec_signzone version 9.5.0
-example.net. 7200 IN SOA ns1.example.net. hostmaster.example.net. (
- 1213287223 ; serial
- 43200 ; refresh (12 hours)
- 1800 ; retry (30 minutes)
- 1209600 ; expire (2 weeks)
- 7200 ; minimum (2 hours)
- )
- 7200 RRSIG SOA 5 2 7200 20080613151343 (
- 20080612151343 5972 example.net.
- Pc3wGwZm0n5gMs9lSHUiRG4EIpalC+UUJPwy
- 2LwHbyFkzCdGQz2RDJeL6mRKS4Z+gmt3oNUV
- aV3H0KfNq6ITLg== )
- 7200 NS ns1.example.net.
- 7200 NS ns2.example.net.
- 7200 RRSIG NS 5 2 7200 20080613151343 (
- 20080612151343 5972 example.net.
- dUy23xqHx9shvAc20zW9uBOt8TnrI5ot31vS
- Gas9s5ksxGZuQIIdpdYvbFtufp9jLfAQG98L
- a6rQDFcnJ8xzng== )
- 7200 NSEC localhost.example.net. NS SOA RRSIG NSEC DNSKEY
- 7200 RRSIG NSEC 5 2 7200 20080613151343 (
- 20080612151343 5972 example.net.
- gWt7VDw60E1q7qS4+pkor6RR2Dfc1sshGHia
- UEJBt9F4PiHux3ICJbyWQ2USBLJMzO+uR8GH
- kt2inbyQytbPDQ== )
- 1800 DNSKEY 256 3 5 (
- BQEAAAABsMIdQ+yt52Q/OR1s+QPj7SuBydYb
- 11l0HC5kGIDp+JPQIQHxpyCWa/LaLgcvK3IA
- 1HR8YaO3QXB2LAHEz5B/CQ==
- ) ; key id = 5972
- 1800 DNSKEY 256 3 5 (
- BQEAAAABzbx90CiFrOSh0/BkiRQYRC4rHL0Q
- Qv96Qwy5/zuOa/3Zy9LcTpbE13DtEAqOfVGS
- Q79S4WgKalFJxq6lSk0xrw==
- ) ; key id = 23375
- 1800 DNSKEY 257 3 5 (
- BQEAAAABC+JLXRgWPqqGe0cta8CR95tz7Pkk
- gRDlXyxESD+XkpVDkJ3Wey/1Lh7083Ve1WmI
- uUAo3N4d7HjLgrFVZxiumGGRz/aV3s01OFFS
- 5JqIwF9BTNrNPGLPzzbBaQMHErO88HIbbg4s
- ot7e6bSrtpAEf23MhZ3qZJC9+nN+DknmsgTE
- 6EpK6ZyUrZc64/0K68EWhtk1gf95NQEzTD4Q
- grOD6IYqLw==
- ) ; key id = 126
- 1800 RRSIG DNSKEY 5 2 1800 20080613151343 (
- 20080612151343 126 example.net.
- CPj9rEcjTazkLm5yNpC4PatufPvKQdCkaIj9
- EKFgYUpPftfvhP1MzKcHnKraVq8jU995e1vU
- WZ3ac9M4KRynUoYYj4/nMFwWQu/xC9yaUjj0
- XodXMEMlSjjN5BE/2Og3xzKJ9grim7riKClH
- fixhNn6WGUXWT7TV1GKNnB7Ix/ZVCpzU4QAz
- qr28rqTYvbmoowGXPf6OgafFdRQ6rdTRTzvK
- xA== )
- 1800 RRSIG DNSKEY 5 2 1800 20080613151343 (
- 20080612151343 5972 example.net.
- dOdjm4GD0nzgoMgRYl8HiEqi4nxP/ocB7n/N
- WRKdU4Tuk7OYacr2Bd+tVa2bKLJZ9JmMQR8v
- VDkzRjT4eONxuA== )
-localhost.example.net. 7200 IN A 127.0.0.1
- 7200 RRSIG A 5 3 7200 20080613151343 (
- 20080612151343 5972 example.net.
- KRpkDBsuqC+WHv++YBsxW1rhkALl/LWyI24E
- qJJevkm0+5tCmHgHa9WovZwDDMEn/tzxOaqi
- rk8Mnbf6cYxSlw== )
- 7200 NSEC ns1.example.net. A RRSIG NSEC
- 7200 RRSIG NSEC 5 3 7200 20080613151343 (
- 20080612151343 5972 example.net.
- GdpOVVyqa1nTaGFuN4ohqxnYs5yG+vGK9gK0
- Tt4aenChFAmcuIvhX7ZcdejXM8x+imttnKCp
- Smho3kSGf9gQRQ== )
-ns1.example.net. 7200 IN A 192.168.1.53
- 7200 RRSIG A 5 3 7200 20080613151343 (
- 20080612151343 5972 example.net.
- P4vZDd3DBZIEwk9mQWoR1qjqyFTNOvsp+yOt
- z2OvdAjSnlVnYHC0lM0LY24RVTQlQPLRq75F
- joAIP/0wvXihsA== )
- 7200 AAAA fd12:63c:cdbb::53
- 7200 RRSIG AAAA 5 3 7200 20080613151343 (
- 20080612151343 5972 example.net.
- V04kA3VrzhcNfwCEXBpgKyu+eRFYGCIrXuty
- XiRCHV2DCOlr9EBKGdXzpR8kUnpRZI2BuP17
- 2a3emgs9BHJJ6A== )
- 7200 NSEC ns2.example.net. A AAAA RRSIG NSEC
- 7200 RRSIG NSEC 5 3 7200 20080613151343 (
- 20080612151343 5972 example.net.
- Y0DaMxmczQLNCtzKO/MA7Nvt4Rh3MdnEvcPJ
- 48blsqd3UWGlRcHD/yx1NFV2JxBFSNTsAkBs
- JFhw+nVeZJdHJA== )
-ns2.example.net. 7200 IN A 10.1.2.3
- 7200 RRSIG A 5 3 7200 20080613151343 (
- 20080612151343 5972 example.net.
- GsvMGEozNeTjBPOuYM3thOZsQ+pPv7/8zQlj
- FPnivBwkvkgrk+IyJxoh9xyTnVxd93mPY0Rv
- Xsp5ITBTILSM6Q== )
- 7200 NSEC sub.example.net. A RRSIG NSEC
- 7200 RRSIG NSEC 5 3 7200 20080613151343 (
- 20080612151343 5972 example.net.
- LYIa+Hhk4l6KnbT/QKS0Zqkfy8Ywpz8J9RLh
- 9VqzxFcdXrJswV4o/5fbZCT33sBqzebggBVR
- LYF/o0HVi5uzJA== )
-sub.example.net. 7200 IN NS ns1.example.net.
- 7200 NSEC example.net. NS RRSIG NSEC
- 7200 RRSIG NSEC 5 3 7200 20080613151343 (
- 20080612151343 5972 example.net.
- nkGsdegvupGxCOpr/8K6kY/0iZH1ZC8y5HwQ
- 8Z3/aD0wJxaVK9iMjZ+jbIbQHg3Es5V0UYFR
- RPdjTNk7YEC0Mg== )
diff --git a/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+00126.key b/contrib/zkt/examples/views/intern/example.net/Kexample.net.+005+00126.key
index 316e4cfe..316e4cfe 100644
--- a/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+00126.key
+++ b/contrib/zkt/examples/views/intern/example.net/Kexample.net.+005+00126.key
diff --git a/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+00126.private b/contrib/zkt/examples/views/intern/example.net/Kexample.net.+005+00126.private
index 96e1ff6e..96e1ff6e 100644
--- a/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+00126.private
+++ b/contrib/zkt/examples/views/intern/example.net/Kexample.net.+005+00126.private
diff --git a/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+05972.private b/contrib/zkt/examples/views/intern/example.net/Kexample.net.+005+05972.depreciated
index b5196416..b5196416 100644
--- a/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+05972.private
+++ b/contrib/zkt/examples/views/intern/example.net/Kexample.net.+005+05972.depreciated
diff --git a/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+05972.key b/contrib/zkt/examples/views/intern/example.net/Kexample.net.+005+05972.key
index 8be3973c..8be3973c 100644
--- a/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+05972.key
+++ b/contrib/zkt/examples/views/intern/example.net/Kexample.net.+005+05972.key
diff --git a/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+23375.key b/contrib/zkt/examples/views/intern/example.net/Kexample.net.+005+23375.key
index 160110ec..160110ec 100644
--- a/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+23375.key
+++ b/contrib/zkt/examples/views/intern/example.net/Kexample.net.+005+23375.key
diff --git a/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+23375.published b/contrib/zkt/examples/views/intern/example.net/Kexample.net.+005+23375.private
index 60e43160..60e43160 100644
--- a/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+23375.published
+++ b/contrib/zkt/examples/views/intern/example.net/Kexample.net.+005+23375.private
diff --git a/contrib/zkt/examples/views/intern/example.net/Kexample.net.+005+55745.key b/contrib/zkt/examples/views/intern/example.net/Kexample.net.+005+55745.key
new file mode 100644
index 00000000..e8977b33
--- /dev/null
+++ b/contrib/zkt/examples/views/intern/example.net/Kexample.net.+005+55745.key
@@ -0,0 +1,3 @@
+;% generationtime=20081002230038
+;% lifetime=30d
+example.net. IN DNSKEY 256 3 5 BQEAAAAB1g5OlYFp03w9hVcucAfvd/zwaAMgH3nDnWBT3BD75hEuz/Cb 6YapmxaZybxc+EE/Ts8bhXGqPEwoADjxfW1UFw==
diff --git a/contrib/zkt/examples/views/intern/example.net/Kexample.net.+005+55745.published b/contrib/zkt/examples/views/intern/example.net/Kexample.net.+005+55745.published
new file mode 100644
index 00000000..08c8f20b
--- /dev/null
+++ b/contrib/zkt/examples/views/intern/example.net/Kexample.net.+005+55745.published
@@ -0,0 +1,10 @@
+Private-key-format: v1.2
+Algorithm: 5 (RSASHA1)
+Modulus: 1g5OlYFp03w9hVcucAfvd/zwaAMgH3nDnWBT3BD75hEuz/Cb6YapmxaZybxc+EE/Ts8bhXGqPEwoADjxfW1UFw==
+PublicExponent: AQAAAAE=
+PrivateExponent: dQ8votLvyw0GPMsOp8k0mmhnjV07S4auujNLDyYZAiuHzVAXnGNz3xT2SnFW8w8DefMPcsV5xcIrRK7e0IwFQQ==
+Prime1: /cDlq0uko2XS08z5G6tedDY2VMrpPBHtZfPFv+deJNU=
+Prime2: 1/NwlY7J6WKGV/OIF6rlhn4UUitvTW7fpvUtyVEm+zs=
+Exponent1: omnudnzEz+TTOSfoandcrZGS9x4qxU7hN+WjpRI7sCU=
+Exponent2: rrt9FPIRiwGDSRtlsUaPNqgcgk4l/EQdWciqnhWu5ms=
+Coefficient: GFA1bGcsWxRZza80zKnL/V9YsfoNaI4id7pwU7FOtAE=
diff --git a/contrib/zkt/examples/views/intern/example.net./dnskey.db b/contrib/zkt/examples/views/intern/example.net/dnskey.db
index 9e2c47ff..76e992de 100644
--- a/contrib/zkt/examples/views/intern/example.net./dnskey.db
+++ b/contrib/zkt/examples/views/intern/example.net/dnskey.db
@@ -2,11 +2,11 @@
; !!! Don't edit this file by hand.
; !!! It will be generated by dnssec-signer.
;
-; Last generation time Jun 12 2008 18:13:43
+; Last generation time Oct 03 2008 01:00:38
;
; *** List of Key Signing Keys ***
-; example.net. tag=126 algo=RSASHA1 generated Nov 20 2007 12:44:27
+; example.net. tag=126 algo=RSASHA1 generated Aug 05 2008 23:01:57
example.net. 1800 IN DNSKEY 257 3 5 (
BQEAAAABC+JLXRgWPqqGe0cta8CR95tz7PkkgRDlXyxESD+XkpVDkJ3W
ey/1Lh7083Ve1WmIuUAo3N4d7HjLgrFVZxiumGGRz/aV3s01OFFS5JqI
@@ -16,15 +16,21 @@ example.net. 1800 IN DNSKEY 257 3 5 (
) ; key id = 126
; *** List of Zone Signing Keys ***
-; example.net. tag=5972 algo=RSASHA1 generated Nov 20 2007 12:44:27
+; example.net. tag=23375 algo=RSASHA1 generated Aug 05 2008 23:01:57
+example.net. 1800 IN DNSKEY 256 3 5 (
+ BQEAAAABzbx90CiFrOSh0/BkiRQYRC4rHL0QQv96Qwy5/zuOa/3Zy9Lc
+ TpbE13DtEAqOfVGSQ79S4WgKalFJxq6lSk0xrw==
+ ) ; key id = 23375
+
+; example.net. tag=5972 algo=RSASHA1 generated Aug 05 2008 23:01:57
example.net. 1800 IN DNSKEY 256 3 5 (
BQEAAAABsMIdQ+yt52Q/OR1s+QPj7SuBydYb11l0HC5kGIDp+JPQIQHx
pyCWa/LaLgcvK3IA1HR8YaO3QXB2LAHEz5B/CQ==
) ; key id = 5972
-; example.net. tag=23375 algo=RSASHA1 generated Jun 12 2008 17:45:45
+; example.net. tag=55745 algo=RSASHA1 generated Oct 03 2008 01:00:38
example.net. 1800 IN DNSKEY 256 3 5 (
- BQEAAAABzbx90CiFrOSh0/BkiRQYRC4rHL0QQv96Qwy5/zuOa/3Zy9Lc
- TpbE13DtEAqOfVGSQ79S4WgKalFJxq6lSk0xrw==
- ) ; key id = 23375
+ BQEAAAAB1g5OlYFp03w9hVcucAfvd/zwaAMgH3nDnWBT3BD75hEuz/Cb
+ 6YapmxaZybxc+EE/Ts8bhXGqPEwoADjxfW1UFw==
+ ) ; key id = 55745
diff --git a/contrib/zkt/examples/views/intern/example.net./dsset-example.net. b/contrib/zkt/examples/views/intern/example.net/dsset-example.net.
index b61c1b6f..b61c1b6f 100644
--- a/contrib/zkt/examples/views/intern/example.net./dsset-example.net.
+++ b/contrib/zkt/examples/views/intern/example.net/dsset-example.net.
diff --git a/contrib/zkt/examples/views/intern/example.net./keyset-example.net. b/contrib/zkt/examples/views/intern/example.net/keyset-example.net.
index 0aa2c7d4..0aa2c7d4 100644
--- a/contrib/zkt/examples/views/intern/example.net./keyset-example.net.
+++ b/contrib/zkt/examples/views/intern/example.net/keyset-example.net.
diff --git a/contrib/zkt/examples/views/intern/example.net./zone.db b/contrib/zkt/examples/views/intern/example.net/zone.db
index d3e90f7f..d3e90f7f 100644
--- a/contrib/zkt/examples/views/intern/example.net./zone.db
+++ b/contrib/zkt/examples/views/intern/example.net/zone.db
diff --git a/contrib/zkt/examples/views/intern/example.net/zone.db.signed b/contrib/zkt/examples/views/intern/example.net/zone.db.signed
new file mode 100644
index 00000000..14beb424
--- /dev/null
+++ b/contrib/zkt/examples/views/intern/example.net/zone.db.signed
@@ -0,0 +1,114 @@
+; File written on Fri Oct 3 01:00:38 2008
+; dnssec_signzone version 9.5.1b2
+example.net. 7200 IN SOA ns1.example.net. hostmaster.example.net. (
+ 1222988438 ; serial
+ 43200 ; refresh (12 hours)
+ 1800 ; retry (30 minutes)
+ 1209600 ; expire (2 weeks)
+ 7200 ; minimum (2 hours)
+ )
+ 7200 RRSIG SOA 5 2 7200 20081003220038 (
+ 20081002220038 23375 example.net.
+ EaJUHwT7koYW6b+W6LZ/1L3zXvs/SMSW+d94
+ PjdcgdSR4b8mhJetzWj2ZO/n5uy7CUl496Hx
+ RU+QoCF8K6HkVw== )
+ 7200 NS ns1.example.net.
+ 7200 NS ns2.example.net.
+ 7200 RRSIG NS 5 2 7200 20081003220038 (
+ 20081002220038 23375 example.net.
+ b0W8xa7AgV6IWMSYtVCuix1bEHeohx2oboqs
+ HqCrVPgd0OtYdSpxgcIJhLiUv/9ux9YihjKC
+ aKsw9D8YtpOmpg== )
+ 7200 NSEC localhost.example.net. NS SOA RRSIG NSEC DNSKEY
+ 7200 RRSIG NSEC 5 2 7200 20081003220038 (
+ 20081002220038 23375 example.net.
+ mHJnc/UsTztaTRWQCTVc7vgM8bt5mgFJTIlJ
+ 52+Rn74uzak2fDTfR4jHEHCqsinx9EA+iAcN
+ 2na44xgRs2dCNQ== )
+ 1800 DNSKEY 256 3 5 (
+ BQEAAAABsMIdQ+yt52Q/OR1s+QPj7SuBydYb
+ 11l0HC5kGIDp+JPQIQHxpyCWa/LaLgcvK3IA
+ 1HR8YaO3QXB2LAHEz5B/CQ==
+ ) ; key id = 5972
+ 1800 DNSKEY 256 3 5 (
+ BQEAAAABzbx90CiFrOSh0/BkiRQYRC4rHL0Q
+ Qv96Qwy5/zuOa/3Zy9LcTpbE13DtEAqOfVGS
+ Q79S4WgKalFJxq6lSk0xrw==
+ ) ; key id = 23375
+ 1800 DNSKEY 256 3 5 (
+ BQEAAAAB1g5OlYFp03w9hVcucAfvd/zwaAMg
+ H3nDnWBT3BD75hEuz/Cb6YapmxaZybxc+EE/
+ Ts8bhXGqPEwoADjxfW1UFw==
+ ) ; key id = 55745
+ 1800 DNSKEY 257 3 5 (
+ BQEAAAABC+JLXRgWPqqGe0cta8CR95tz7Pkk
+ gRDlXyxESD+XkpVDkJ3Wey/1Lh7083Ve1WmI
+ uUAo3N4d7HjLgrFVZxiumGGRz/aV3s01OFFS
+ 5JqIwF9BTNrNPGLPzzbBaQMHErO88HIbbg4s
+ ot7e6bSrtpAEf23MhZ3qZJC9+nN+DknmsgTE
+ 6EpK6ZyUrZc64/0K68EWhtk1gf95NQEzTD4Q
+ grOD6IYqLw==
+ ) ; key id = 126
+ 1800 RRSIG DNSKEY 5 2 1800 20081003220038 (
+ 20081002220038 126 example.net.
+ CLKVhqz7zOAEyJrQq/WAEaRsnTfNEnCwYEMj
+ KPrAgiXXF+RJy18cHN7QoXb4kc8KA/TrOU1w
+ WN8IjdESlPj9pQKqUs/uO9RLzIcv6jOlOKQP
+ oKOjjnOxAL52+WNK94TUpunlvfd53ovC8YK4
+ /nOsSjpLoqTbmL1r45vqpL/C6jqJR8bTouwy
+ rjAYEtkWRND0QZ9R6IAHfxO6onmX1GOtu5Ji
+ ew== )
+ 1800 RRSIG DNSKEY 5 2 1800 20081003220038 (
+ 20081002220038 23375 example.net.
+ WXsmdMkwYcvzrf8qevByn+BMPjTE8aEcze7q
+ uzZI+3NOcbZ4MMlAdauc6jhfc9xmgSiJu52q
+ EUX5JLL8xQ7tDg== )
+localhost.example.net. 7200 IN A 127.0.0.1
+ 7200 RRSIG A 5 3 7200 20081003220038 (
+ 20081002220038 23375 example.net.
+ FoSR7rfi2wfgEz5wj+qILnVwV7mAmL4XknQA
+ b1uGLJ8Wcnkn4sqjaISgfVwG/GVxwuBOuVne
+ SqXIFVVvKQtEUg== )
+ 7200 NSEC ns1.example.net. A RRSIG NSEC
+ 7200 RRSIG NSEC 5 3 7200 20081003220038 (
+ 20081002220038 23375 example.net.
+ iwB4+BZVreVKVnmBZdVdz/NxRy1tyYpd0JgK
+ otoiLA6dESoC29tHQL/hBx92Q7lETZI+8gSE
+ II0sRQv+1PL+JQ== )
+ns1.example.net. 7200 IN A 192.168.1.53
+ 7200 RRSIG A 5 3 7200 20081003220038 (
+ 20081002220038 23375 example.net.
+ oBiQfEsq72v6NMONwgdewLtvNyH1K/Btz1b5
+ hEYqdoX1QpaduXlQNodFPf15PdwEp4v4FwZ0
+ rOtPt7kO4EQnww== )
+ 7200 AAAA fd12:63c:cdbb::53
+ 7200 RRSIG AAAA 5 3 7200 20081003220038 (
+ 20081002220038 23375 example.net.
+ mmNK/6aWk1nr7lWhVt9m6A9vgenngt1hsOxs
+ 43jwarEb7SeYRanHMnML/g101mk7czXAiRxq
+ np4Cjs3lo1M/Bg== )
+ 7200 NSEC ns2.example.net. A AAAA RRSIG NSEC
+ 7200 RRSIG NSEC 5 3 7200 20081003220038 (
+ 20081002220038 23375 example.net.
+ jTnbufp39i9n9cZwasJ6IsRwqWIIeTU1Z/wy
+ ECBmyYQlfAuYmWTYmX4BPsQ9SwFZVIICg40I
+ /BYlDBm7ihxUyw== )
+ns2.example.net. 7200 IN A 10.1.2.3
+ 7200 RRSIG A 5 3 7200 20081003220038 (
+ 20081002220038 23375 example.net.
+ Rdu1WWzZdPJ5CjfMd9n31XY6Df4NiO2wPnxy
+ Wp6x3EyLrABDdM95fwf8DBgjarppJNtOaV5j
+ Lr5CujYtAoXksA== )
+ 7200 NSEC sub.example.net. A RRSIG NSEC
+ 7200 RRSIG NSEC 5 3 7200 20081003220038 (
+ 20081002220038 23375 example.net.
+ GcxFEovqwXtJ/tYRG4G4tNKyVY7Vg9HULhbj
+ JZfi8IlaR3bloMVMj2bHWhNQvvXTFY+N59UG
+ PNWE+krE+L4yfQ== )
+sub.example.net. 7200 IN NS ns1.example.net.
+ 7200 NSEC example.net. NS RRSIG NSEC
+ 7200 RRSIG NSEC 5 3 7200 20081003220038 (
+ 20081002220038 23375 example.net.
+ SgCqYEbpzuCcVDLi5PcyUEG8qKm+EQ0lj3mz
+ uiSDDTh6OsCKOVqW8dKs15P8v3i5LDJwM/Eu
+ OaqT7RJgB2UOkQ== )
diff --git a/contrib/zkt/examples/views/intern/zkt-int.log b/contrib/zkt/examples/views/intern/zkt-int.log
index 07291390..d6d4593c 100644
--- a/contrib/zkt/examples/views/intern/zkt-int.log
+++ b/contrib/zkt/examples/views/intern/zkt-int.log
@@ -167,3 +167,26 @@
2008-06-12 18:13:43.262: debug: Run cmd "/usr/local/sbin/rndc reload example.net. IN intern"
2008-06-12 18:13:43.273: debug:
2008-06-12 18:13:43.273: notice: end of run: 0 errors occured
+2008-10-03 01:00:38.404: notice: ------------------------------------------------------------
+2008-10-03 01:00:38.404: notice: running ../../dnssec-signer -V intern
+2008-10-03 01:00:38.405: debug: parsing zone "example.net" in dir "intern/example.net"
+2008-10-03 01:00:38.405: debug: Check RFC5011 status
+2008-10-03 01:00:38.405: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
+2008-10-03 01:00:38.405: debug: Check KSK status
+2008-10-03 01:00:38.405: debug: Check ZSK status
+2008-10-03 01:00:38.405: debug: Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (5018321 sec)
+2008-10-03 01:00:38.405: debug: ->depreciate it
+2008-10-03 01:00:38.405: debug: ->activate published key 23375
+2008-10-03 01:00:38.405: notice: "example.net": lifetime of zone signing key 5972 exceeded: ZSK rollover done
+2008-10-03 01:00:38.405: debug: New key for publishing needed
+2008-10-03 01:00:38.491: debug: ->creating new key 55745
+2008-10-03 01:00:38.492: info: "example.net": new key 55745 generated for publishing
+2008-10-03 01:00:38.492: debug: Re-signing necessary: New zone key
+2008-10-03 01:00:38.492: notice: "example.net": re-signing triggered: New zone key
+2008-10-03 01:00:38.492: debug: Writing key file "intern/example.net/dnskey.db"
+2008-10-03 01:00:38.492: debug: Signing zone "example.net"
+2008-10-03 01:00:38.492: debug: Run cmd "cd intern/example.net; /usr/local/sbin/dnssec-signzone -g -p -o example.net -e +86400 -N unixtime zone.db K*.private"
+2008-10-03 01:00:38.796: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-10-03 01:00:38.796: debug: Signing completed after 0s.
+2008-10-03 01:00:38.796: debug:
+2008-10-03 01:00:38.796: notice: end of run: 0 errors occured
diff --git a/contrib/zkt/examples/views/named.conf b/contrib/zkt/examples/views/named.conf
index 1ec3d132..c7034e2f 100644
--- a/contrib/zkt/examples/views/named.conf
+++ b/contrib/zkt/examples/views/named.conf
@@ -75,7 +75,7 @@ view "intern" {
zone "example.net" in {
type master;
- file "intern/example.net./zone.db.signed";
+ file "intern/example.net/zone.db.signed";
};
};
@@ -92,6 +92,6 @@ view "extern" {
zone "example.net" in {
type master;
- file "extern/example.net./zone.db.signed";
+ file "extern/example.net/zone.db.signed";
};
};
diff --git a/contrib/zkt/examples/zone.db b/contrib/zkt/examples/zone.db
deleted file mode 100644
index 9864cb1d..00000000
--- a/contrib/zkt/examples/zone.db
+++ /dev/null
@@ -1,45 +0,0 @@
-;-----------------------------------------------------------------
-;
-; @(#) example.net/zone.db
-;
-;-----------------------------------------------------------------
-
-$TTL 7200
-
-; Be sure that the serial number below is left
-; justified in a field of at least 10 chars!!
-; 0123456789;
-; It's also possible to use the date form e.g. 2005040101
-@ IN SOA ns1.example.net. hostmaster.example.net. (
- 263 ; Serial
- 43200 ; Refresh
- 1800 ; Retry
- 2W ; Expire
- 7200 ) ; Minimum
-
- IN NS ns1.example.net.
- IN NS ns2.example.net.
-
-ns1 IN A 1.0.0.5
- IN AAAA 2001:db8::53
-ns2 IN A 1.2.0.6
-
-localhost IN A 127.0.0.1
-
-a IN A 1.2.3.1
-b IN MX 10 a
-;c IN A 1.2.3.2
-d IN A 1.2.3.3
- IN AAAA 2001:0db8::3
-
-; Delegation to secure zone; The DS resource record will
-; be added by dnssec-signzone automatically if the
-; keyset-sub.example.net file is present (run dnssec-signzone
-; with option -g or use the dnssec-signer tool) ;-)
-sub IN NS ns1.example.net.
-sub IN DS 54876 5 1 CAB6127E303A8A8D7D5A29AE05DB60F4C5060B10
-sub IN DS 54876 5 2 7C8CAF1844479F3600213173BB5D1E2A44143D63B6E0B3E10D8C5310 ADF84D30
-
-; this file will have all the zone keys
-$INCLUDE dnskey.db
-
diff --git a/contrib/zkt/examples/zone.db.signed b/contrib/zkt/examples/zone.db.signed
deleted file mode 100644
index 1e389ea0..00000000
--- a/contrib/zkt/examples/zone.db.signed
+++ /dev/null
@@ -1,146 +0,0 @@
-; File written on Tue Jun 24 10:00:31 2008
-; dnssec_signzone version 9.5.0
-example.net. 7200 IN SOA ns1.example.net. hostmaster.example.net. (
- 263 ; serial
- 43200 ; refresh (12 hours)
- 1800 ; retry (30 minutes)
- 1209600 ; expire (2 weeks)
- 7200 ; minimum (2 hours)
- )
- 7200 RRSIG SOA 5 2 7200 20080724070030 (
- 20080624070030 33755 example.net.
- FFUGR4+nzjZbpDT/RAncV7dNvBy1xil4MO17
- DU+gotHHV1Yq+4RRqEnRhOSWydDC9ENAjH7W
- lmzr+igFHp8qiw== )
- 7200 NS ns1.example.net.
- 7200 NS ns2.example.net.
- 7200 RRSIG NS 5 2 7200 20080724070030 (
- 20080624070030 33755 example.net.
- mpT5zY57UtLMdl6iKVtvr78vINyaA3NkZ0af
- E/TtUUBJeIEjLauzxA5jJBGqLWAiLj8HKWhS
- dq1VfORhRh/Xng== )
- 7200 NSEC a.example.net. NS SOA RRSIG NSEC DNSKEY
- 7200 RRSIG NSEC 5 2 7200 20080724070030 (
- 20080624070030 33755 example.net.
- Q5yxSoL+Df3UbGe1RSFFj01SoBGLgjXvgLd5
- wKota7wnjO8CxidmrN+qcKQHjF+R+mH8GeQ7
- xL1qZxKLQqxmwA== )
- 14400 DNSKEY 256 3 5 (
- BQEAAAABzN8pvZb5GSy8AozXt4L8HK/x59TQ
- jh9IaZS+mIyyuHDX2iaFUigOqHixIJtDLD1r
- /MfelgJ/Mh6+vCu+XmMQuw==
- ) ; key id = 33755
- 14400 DNSKEY 257 3 5 (
- BQEAAAABC23icFZAD3DFBLoEw7DWKl8Hig7a
- zmEbpXHYyAV98l+QQaTAb98Ob3YbrVJ9IU8E
- 0KBFb5iYpHobxowPsI8FjUH2oL/7PfhtN1E3
- NlL6Uhbo8Umf6H0UULEsUTlTT8dnX+ikjAr8
- bN71YJP7BXlszezsFHuMEspNdOPyMr93230+
- R2KTEzC2H4CQzSRIr5xXSIq8kkrJ3miGjTyj
- 5awvXfJ+eQ==
- ) ; key id = 31674
- 14400 RRSIG DNSKEY 5 2 14400 20080724070030 (
- 20080624070030 31674 example.net.
- BGed6Vivkmx/SM7HuXMy9ex+p0fDWcXW6uTH
- SZLs9oAZMSkm8Xh2RNNI1sgZefGpsOc7AZJE
- JuIWttqKm5VL57qpEKeTxZ9oE6Vpk4ko5lMo
- yTJUoih7lTXo7a1OsNHMFZadE7Fu4Q8pjGUZ
- ZJI4zBrT7JmgyPNCkgn1JdC2qJlc6ClHEb4E
- 6pQyH3BnSOFudZDz8MdVQnqdxpShGwucnf2i
- oA== )
- 14400 RRSIG DNSKEY 5 2 14400 20080724070030 (
- 20080624070030 33755 example.net.
- f03G7Cq3CwWz7Lbe7cl61ciSsdEYv4heYnR3
- binJ3xWO7jSiRAvUAfkIYDspdlF/PCOnv8sr
- id8TL8q/qQ0MCg== )
-a.example.net. 7200 IN A 1.2.3.1
- 7200 RRSIG A 5 3 7200 20080724070030 (
- 20080624070030 33755 example.net.
- VuIrcft9jvWKORJy2SQ4UgWwRnUL4gIiaVpy
- 3i5hfjM6X38FHsy0SvGrjxQqiurwZZS4NxXG
- ljUerawxMdHWWw== )
- 7200 NSEC b.example.net. A RRSIG NSEC
- 7200 RRSIG NSEC 5 3 7200 20080724070030 (
- 20080624070030 33755 example.net.
- yc/tsRYQRaYsPp+5jPUj2NR0R3zHKvXBQ/RO
- 14b/eKL9i4NnuzS50qFZwzpcOBOJd6XITO4p
- yJNZQKtryRJuSg== )
-b.example.net. 7200 IN MX 10 a.example.net.
- 7200 RRSIG MX 5 3 7200 20080724070030 (
- 20080624070030 33755 example.net.
- xVjOhCO2zJVp1SsoMdM6ePCZUkittsqEP7rI
- 7j8r2S1j4oiIdXaxCBBVwddhS/x1eziI/a2S
- /HwVRJThIYIKnQ== )
- 7200 NSEC d.example.net. MX RRSIG NSEC
- 7200 RRSIG NSEC 5 3 7200 20080724070030 (
- 20080624070030 33755 example.net.
- jC171VBU0dqcI1NnMUUqrUIjq09sVHnFo9CH
- 0jKNwxkj+K1Zkr7CBm6htH+EkKKhqKFW8kz7
- b2r05FL1xakcnQ== )
-d.example.net. 7200 IN A 1.2.3.3
- 7200 RRSIG A 5 3 7200 20080724070030 (
- 20080624070030 33755 example.net.
- Q4C7HCpDR6fxIczzqGDnkpXUL5oxdPDYWF2H
- vmAalL++9A5hVGz8S5IfX87dZAg71c1j8ZAe
- 5oS0pvLQnweoIw== )
- 7200 AAAA 2001:db8::3
- 7200 RRSIG AAAA 5 3 7200 20080724070030 (
- 20080624070030 33755 example.net.
- ECjxqQpJCbL6A9iBk/bImgzDNevUXFjq8n2L
- 14ewG5zQSz/0l0NqcHKtCiruBjHd+DEXjTEI
- Qo8RvMm7Rn8OsA== )
- 7200 NSEC localhost.example.net. A AAAA RRSIG NSEC
- 7200 RRSIG NSEC 5 3 7200 20080724070030 (
- 20080624070030 33755 example.net.
- k+AhslVfBZgXkTaWjDVB+3nLm2ye8UOGMNhY
- QcKxJZaVYKnUZfyX1sJONN4UdFjmnkdNcRVC
- 6ouWrLbIwslqIQ== )
-localhost.example.net. 7200 IN A 127.0.0.1
- 7200 RRSIG A 5 3 7200 20080724070030 (
- 20080624070030 33755 example.net.
- wZjK9o3CElHLPSzynvzft/nQAEeBpNOj22vq
- 3TWa9HWQ0RqL55NRmzxuDtyMtPOFQpniVxgV
- jizb8X3SPJ5V1g== )
- 7200 NSEC ns1.example.net. A RRSIG NSEC
- 7200 RRSIG NSEC 5 3 7200 20080724070030 (
- 20080624070030 33755 example.net.
- e4nOW7PuqCQBYgSCBQH06V2XB7SF85jmfFIc
- dSMbsLRK+1tN/Y2+85WKVSQrXZzWRHgjQ+Hw
- iL/FWK5Zfq7ixg== )
-ns1.example.net. 7200 IN A 1.0.0.5
- 7200 RRSIG A 5 3 7200 20080724070030 (
- 20080624070030 33755 example.net.
- tTfMDk2ww2uWutlhjRMDPGo9ZPugjJqSbdyP
- 6cJcCDJUBce0UZFxjvDBZhfG7O2XUscooUjp
- JpXsJ54ksPugXA== )
- 7200 AAAA 2001:db8::53
- 7200 RRSIG AAAA 5 3 7200 20080724070030 (
- 20080624070030 33755 example.net.
- x8iMgcICSOxgx4biLForfZxgMbMVpzwMQR6n
- naFVK79GOwFFT8krAfo6K6Rg7Fyu0jSE/59H
- 3Y15F0ju6YvbAg== )
- 7200 NSEC ns2.example.net. A AAAA RRSIG NSEC
- 7200 RRSIG NSEC 5 3 7200 20080724070030 (
- 20080624070030 33755 example.net.
- EYof9XuXHXuWgRF0MzgO/Z8FGYJEfLlJKWCV
- IWh+b8XJejLO1Tt0vlJZl0orrs6yam/B8CWb
- dgq8ktbqpNHmvg== )
-ns2.example.net. 7200 IN A 1.2.0.6
- 7200 RRSIG A 5 3 7200 20080724070030 (
- 20080624070030 33755 example.net.
- Uh93B1J7mOqBcW8sXWHA6vmeGszGJGE/BtFV
- cdO4tBNoIDbIdkzBUJZphc6HfK7/gu7WFhAo
- 5v6cZr4bRDOf6A== )
- 7200 NSEC sub.example.net. A RRSIG NSEC
- 7200 RRSIG NSEC 5 3 7200 20080724070030 (
- 20080624070030 33755 example.net.
- xOkV3aTsgrP7ZyaHfKhLmjJfhboQJpDYFdqV
- y0zzZuGQr7Yr4PxWED5WJhm4fFf48agNWBmm
- rk1OaFadv6m2uw== )
-sub.example.net. 7200 IN NS ns1.example.net.
- 7200 NSEC example.net. NS RRSIG NSEC
- 7200 RRSIG NSEC 5 3 7200 20080724070030 (
- 20080624070030 33755 example.net.
- Pr8KFvU/Fr2lp9W6Wqqq47VKrnh3tL90S8Eu
- KIPsfmBE00g7eGPVswJUWShXMBZFLtfqI8z/
- UBM6VzROSTtryA== )
diff --git a/contrib/zkt/dnssec-signer.8 b/contrib/zkt/man/dnssec-signer.8
index 07c3c6c2..62ee1fcb 100644
--- a/contrib/zkt/dnssec-signer.8
+++ b/contrib/zkt/man/dnssec-signer.8
@@ -1,4 +1,4 @@
-.TH dnssec-signer 8 "June 27, 2008" "ZKT 0.96" ""
+.TH dnssec-signer 8 "December 28, 2008" "ZKT 0.98" ""
\" turn off hyphenation
.\" if n .nh
.nh
@@ -129,7 +129,7 @@ is given, then the default directory specified in the
.I dnssec.conf
file by the parameter
.I zonedir
-will be used as the top level directory.
+will be used as top level directory.
.SH OPTIONS
.TP
@@ -411,7 +411,7 @@ file (parameter
.PP
The zone name given as an argument must be ending with a dot.
.PP
-The named.conf parser is a little bit rudimental and not
+The named.conf parser is a bit rudimental and not
very well tested.
.SH AUTHOR
@@ -419,7 +419,7 @@ Holger Zuleger
.SH COPYRIGHT
Copyright (c) 2005 \- 2008 by Holger Zuleger.
-Licensed under the GPL 2. There is NO warranty; not even for MERCHANTABILITY or
+Licensed under the BSD Licence. There is NO warranty; not even for MERCHANTABILITY or
FITNESS FOR A PARTICULAR PURPOSE.
.\"--------------------------------------------------
.SH SEE ALSO
diff --git a/contrib/zkt/man/dnssec-signer.8.html b/contrib/zkt/man/dnssec-signer.8.html
new file mode 100644
index 00000000..a0c362d9
--- /dev/null
+++ b/contrib/zkt/man/dnssec-signer.8.html
@@ -0,0 +1,430 @@
+<!-- Creator : groff version 1.19.2 -->
+<!-- CreationDate: Sun Dec 28 23:15:25 2008 -->
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
+"http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<meta name="generator" content="groff -Thtml, see www.gnu.org">
+<meta http-equiv="Content-Type" content="text/html; charset=US-ASCII">
+<meta name="Content-Style" content="text/css">
+<style type="text/css">
+ p { margin-top: 0; margin-bottom: 0; }
+ pre { margin-top: 0; margin-bottom: 0; }
+ table { margin-top: 0; margin-bottom: 0; }
+</style>
+<title>dnssec-signer</title>
+
+</head>
+<body>
+
+<h1 align=center>dnssec-signer</h1>
+
+<a href="#NAME">NAME</a><br>
+<a href="#SYNOPSYS">SYNOPSYS</a><br>
+<a href="#DESCRIPTION">DESCRIPTION</a><br>
+<a href="#OPTIONS">OPTIONS</a><br>
+<a href="#SAMPLE USAGE">SAMPLE USAGE</a><br>
+<a href="#Zone setup and initial preparation">Zone setup and initial preparation</a><br>
+<a href="#ENVIRONMENT VARIABLES">ENVIRONMENT VARIABLES</a><br>
+<a href="#FILES">FILES</a><br>
+<a href="#BUGS">BUGS</a><br>
+<a href="#AUTHOR">AUTHOR</a><br>
+<a href="#COPYRIGHT">COPYRIGHT</a><br>
+<a href="#SEE ALSO">SEE ALSO</a><br>
+
+<hr>
+
+
+<a name="NAME"></a>
+<h2>NAME</h2>
+
+
+<p style="margin-left:11%; margin-top: 1em">dnssec-signer
+&mdash; Secure DNS zone signing tool</p>
+
+<a name="SYNOPSYS"></a>
+<h2>SYNOPSYS</h2>
+
+
+
+<p style="margin-left:11%; margin-top: 1em"><b>dnssec-signer</b>
+[<b>&minus;L|--logfile</b> <i>file</i>]
+[<b>&minus;V|--view</b> <i>view</i>] [<b>&minus;c</b>
+<i>file</i>] [<b>&minus;fhnr</b>] [<b>&minus;v</b>
+[<b>&minus;v</b>]] <b>&minus;N</b> <i>named.conf</i>
+[<i>zone ...</i>] <b><br>
+dnssec-signer</b> [<b>&minus;L|--logfile</b> <i>file</i>]
+[<b>&minus;V|--view</b> <i>view</i>] [<b>&minus;c</b>
+<i>file</i>] [<b>&minus;fhnr</b>] [<b>&minus;v</b>
+[<b>&minus;v</b>]] [<b>&minus;D</b> <i>directory</i>]
+[<i>zone ...</i>] <b><br>
+dnssec-signer</b> [<b>&minus;L|--logfile</b> <i>file</i>]
+[<b>&minus;V|--view</b> <i>view</i>] [<b>&minus;c</b>
+<i>file</i>] [<b>&minus;fhnr</b>] [<b>&minus;v</b>
+[<b>&minus;v</b>]] <b>&minus;o</b> <i>origin</i>
+[<i>zonefile</i>]</p>
+
+<a name="DESCRIPTION"></a>
+<h2>DESCRIPTION</h2>
+
+
+<p style="margin-left:11%; margin-top: 1em">The
+<i>dnssec-signer</i> command is a wrapper around
+<i>dnssec-signzone(8)</i> and <i>dnssec-keygen(8)</i> to
+sign a zone and manage the necessary zone keys. It&rsquo;s
+able to increment the serial number before signing the zone
+and can trigger <i>named(8)</i> to reload the signed zone
+file. The command controls several secure zones and, if
+started in regular intervals via <i>cron(8)</i>, can do all
+that stuff automatically.</p>
+
+<p style="margin-left:11%; margin-top: 1em">In the most
+useful usage scenario the command will be called with option
+<b>&minus;N</b> to read the secure zones out of the given
+<i>named.conf</i> file. If you have a configuration file
+with views, you have to use option -V viewname or --view
+viewname to specify the name of the view. Alternatively you
+could link the executable file to a second name like
+<i>dnssec-signer-viewname</i> and use that command to
+specify the name of the view. All master zone statements
+will be scanned for filenames ending with
+&quot;.signed&quot;. These zones will be checked if the
+necessary zone- and key signing keys are existent and fresh
+enough to be used in the signing process. If some out-dated
+keys where found, new keying material will be generated via
+the <i>dnssec-keygen(8)</i> command and the old ones will be
+marked as depreciated. So the command do anything needed for
+a zone key rollover as defined by [2].</p>
+
+<p style="margin-left:11%; margin-top: 1em">If the
+resigning interval is reached or any new key must be
+announced, the serial number of the zone will be incremented
+and the <i>dnssec-signzone(8)</i> command will be evoked to
+sign the zone. After that, if the option <b>&minus;r</b> is
+given, the <i>rndc(8)</i> command will be called to reload
+the zone on the nameserver.</p>
+
+<p style="margin-left:11%; margin-top: 1em">In the second
+form of the command it&rsquo;s possible to specify a
+directory tree with the option <b>&minus;D</b> <i>dir</i>.
+Every secure zone found in a subdirectory below <i>dir</i>
+will be signed. However, it&rsquo;s also possible to reduce
+the signing to those zones given as arguments. In directory
+mode the pre-requisite is, that the directory name is
+exactly (including the trailing dot) the same as the zone
+name.</p>
+
+<p style="margin-left:11%; margin-top: 1em">In the last
+form of the command, the functionality is more or less the
+same as the <i>dnssec-signzone (8)</i> command. The
+parameter specify the zone file name and the option
+<b>&minus;o</b> takes the name of the zone.</p>
+
+<p style="margin-left:11%; margin-top: 1em">If neither
+<b>&minus;N</b> nor <b>&minus;D</b> nor <b>&minus;o</b> is
+given, then the default directory specified in the
+<i>dnssec.conf</i> file by the parameter <i>zonedir</i> will
+be used as top level directory.</p>
+
+<a name="OPTIONS"></a>
+<h2>OPTIONS</h2>
+
+
+
+<p style="margin-left:11%; margin-top: 1em"><b>&minus;L</b>
+<i>file|dir</i><b>,
+&minus;&minus;logfile=</b><i>file|dir</i></p>
+
+<p style="margin-left:22%;">Specify the name of a log file
+or a directory where logfiles are created with a name like
+zkt-<i>YYYY-MM-DD</i>T<i>hhmmss</i>Z.log<i>.</i> If the
+argument is not an absolute path name and a zone directory
+is specified in the config file, this will prepend the given
+name. This option is also settable in the dnssec.conf file
+via the parameter <b>LogFile</b><i>.</i> <br>
+The default is no file logging, but error logging to syslog
+with facility <b>USER</b> at level <b>ERROR</b> is enabled
+by default. These parameters are settable via the config
+file parameter <b>SyslogFacility:</b><i>,</i>
+<b>SyslogLevel:</b><i>,</i> <b>LogFile:</b> and
+<b>Loglevel</b><i>.</i> <br>
+There is an additional parameter <b>VerboseLog:</b> which
+specifies the verbosity (0|1|2) of messages that will be
+logged with level <b>DEBUG</b> to file and syslog.</p>
+
+<p style="margin-left:11%;"><b>&minus;V</b> <i>view</i><b>,
+&minus;&minus;view=</b><i>view</i></p>
+
+<p style="margin-left:22%;">Try to read the default
+configuration out of a file named
+<i>dnssec-&lt;view&gt;.conf .</i> Instead of specifying the
+&minus;V or --view option every time, it&rsquo;s also
+possible to create a hard or softlink to the executable file
+with an additional name like <i>dnssec-zkt-&lt;view&gt;
+.</i></p>
+
+<p style="margin-left:11%;"><b>&minus;c</b> <i>file</i><b>,
+&minus;&minus;config=</b><i>file</i></p>
+
+<p style="margin-left:22%;">Read configuration values out
+of the specified file. Otherwise the default config file is
+read or build-in defaults will be used.</p>
+
+<p style="margin-left:11%;"><b>&minus;O</b>
+<i>optstr</i><b>,
+&minus;&minus;config-option=</b><i>optstr</i></p>
+
+<p style="margin-left:22%;">Set any config file option via
+the commandline. Several config file options could be
+specified at the argument string but have to be delimited by
+semicolon (or newline).</p>
+
+<p style="margin-left:11%;"><b>&minus;f</b>,
+<b>&minus;&minus;force</b></p>
+
+<p style="margin-left:22%;">Force a resigning of the zone,
+regardless if the resigning interval is reached, or any new
+keys must be announced.</p>
+
+<p style="margin-left:11%;"><b>&minus;n</b>,
+<b>&minus;&minus;noexec</b></p>
+
+<p style="margin-left:22%;">Don&rsquo;t execute the
+<i>dnssec-signzone(8)</i> command. Currently this option is
+of very limited usage.</p>
+
+<p style="margin-left:11%;"><b>&minus;r</b>,
+<b>&minus;&minus;reload</b></p>
+
+<p style="margin-left:22%;">Reload the zone via
+<i>rndc(8)</i> after successful signing. In a production
+environment it&rsquo;s recommended to use this option to be
+sure that a freshly signed zone will be immediately
+propagated. However, that&rsquo;s only feasable if the named
+runs on the signing machine, which is not recommended.
+Otherwise the signed zonefile must be copied to the
+production server before reloading the zone. If this is the
+case, the parameter <i>propagation</i> in the
+<i>dnssec.conf</i> file must be set to a reasonable
+value.</p>
+
+<p style="margin-left:11%;"><b>&minus;v</b>,
+<b>&minus;&minus;verbose</b></p>
+
+<p style="margin-left:22%;">Verbose mode (recommended). A
+second <b>&minus;v</b> will be a little more verbose.</p>
+
+<p style="margin-left:11%;"><b>&minus;h</b>,
+<b>&minus;&minus;help</b></p>
+
+<p style="margin-left:22%;">Print out the online help.</p>
+
+<a name="SAMPLE USAGE"></a>
+<h2>SAMPLE USAGE</h2>
+
+
+
+<p style="margin-left:11%; margin-top: 1em"><b>dnssec-signer
+&minus;N /var/named/named.conf &minus;r &minus;v
+&minus;v</b></p>
+
+<p style="margin-left:22%;">Sign all secure zones found in
+the named.conf file and, if necessary, trigger a reload of
+the zone. Print some explanatory remarks on stdout.</p>
+
+<p style="margin-left:11%;"><b>dnssec-signer &minus;D
+zonedir/example.net. &minus;f &minus;v &minus;v</b></p>
+
+<p style="margin-left:22%;">Force the signing of the zone
+found in the directory <i>zonedir/example.net .</i> Do not
+reload the zone.</p>
+
+<p style="margin-left:11%;"><b>dnssec-signer &minus;D
+zonedir &minus;f &minus;v &minus;v example.net.</b></p>
+
+<p style="margin-left:22%;">Same as above.</p>
+
+<p style="margin-left:11%;"><b>dnssec-signer &minus;f
+&minus;v &minus;v example.net.</b></p>
+
+<p style="margin-left:22%;">Same as above if the
+<i>dnssec.conf</i> file contains the path of the parent
+directory of the <i>example.net</i> zone.</p>
+
+<p style="margin-left:11%;"><b>dnssec-signer &minus;f
+&minus;v &minus;v &minus;o example.net. zone.db</b></p>
+
+<p style="margin-left:22%;">Same as above if we are in the
+directory containing the <i>example.net</i> files.</p>
+
+<p style="margin-left:11%;"><b>dnssec-signer
+&minus;&minus;config-option=&rsquo;ResignInterval 1d;
+Sigvalidity 28h; \</b></p>
+
+<p style="margin-left:22%;"><b>ZSK_lifetime 2d;&rsquo;
+&minus;v &minus;v &minus;o example.net. zone.db</b> <br>
+Sign the example.net zone but overwrite some config file
+values with the parameters given on the commandline.</p>
+
+<a name="Zone setup and initial preparation"></a>
+<h2>Zone setup and initial preparation</h2>
+
+
+<p style="margin-left:11%; margin-top: 1em">Create a
+separate directory for every secure zone.</p>
+
+<p style="margin-left:22%;">This is useful because there
+are many additional files needed to secure a zone. Besides
+the zone file (<i>zone.db</i>), there is a signed zone file
+(<i>zone.db.signed),</i> a minimum of four files containing
+the keying material, a file called <i>dnskey.db</i> with the
+current used keys, and the <i>dsset-</i> and
+<i>keyset-</i>files created by the <i>dnssec-signzone(8)</i>
+command. So in summary there is a minimum of nine files used
+per secure zone. For every additional key there are two
+extra files and every delegated subzone creates also two or
+three files.</p>
+
+<p style="margin-left:11%;">Name the directory just like
+the zone.</p>
+
+<p style="margin-left:22%;">That&rsquo;s only needed if you
+want to use the dnssec-signer command in directory mode
+(<b>&minus;D</b>). Then the name of the zone will be parsed
+out of the directory name.</p>
+
+<p style="margin-left:11%;">Change the name of the zone
+file to <i>zone.db</i></p>
+
+<p style="margin-left:22%;">Otherwise you have to set the
+name via the <i>dnssec.conf</i> parameter <i>zonefile</i>,
+or you have to use the option <b>&minus;o</b> to name the
+zone and specify the zone file as argument.</p>
+
+<p style="margin-left:11%;">Add the name of the signed
+zonefile to the <i>named.conf</i> file</p>
+
+<p style="margin-left:22%;">The filename is the name of the
+zone file with the extension <i>.signed</i>. Create an empty
+file with the name <i>zonefile</i><b>.signed</b> in the zone
+directory.</p>
+
+<p style="margin-left:11%;">Include the keyfile in the
+zone.</p>
+
+<p style="margin-left:22%;">The name of the keyfile is
+settable by the <i>dnssec.conf</i> parameter <i>keyfile
+.</i> The default is <i>dnskey.db .</i></p>
+
+<p style="margin-left:11%;">Control the format of the
+SOA-Record</p>
+
+<p style="margin-left:22%;">For automatic incrementation of
+the serial number, the SOA-Record must be formated, so that
+the serial number is on a single line and left justified in
+a field of at least 10 spaces! If you use a BIND Verison of
+9.4 or greater and use the unixtime format for the serial
+number (See parameter Serialformat in <i>dnssec.conf</i>)
+than this is not necessary.</p>
+
+<p style="margin-left:11%;">Try to sign the zone</p>
+
+<p style="margin-left:22%;">If the current working
+directory is the directory of the zone <i>example.net</i>,
+use the command <br>
+$ dnssec-signer &minus;D .. &minus;v &minus;v example.net
+<br>
+$ dnssec-signer &minus;o example.net. <br>
+to create the initial keying material and a signed zone
+file. Then try to load the file on the name server.</p>
+
+<a name="ENVIRONMENT VARIABLES"></a>
+<h2>ENVIRONMENT VARIABLES</h2>
+
+
+
+<p style="margin-left:11%; margin-top: 1em">ZKT_CONFFILE</p>
+
+<p style="margin-left:22%;">Specifies the name of the
+default global configuration files.</p>
+
+<a name="FILES"></a>
+<h2>FILES</h2>
+
+
+
+<p style="margin-left:11%; margin-top: 1em"><i>/var/named/dnssec.conf</i></p>
+
+<p style="margin-left:22%;">Built-in default global
+configuration file. The name of the default global config
+file is settable via the environment variable ZKT_CONFFILE.
+Use <i>dnssec-zkt(8)</i> with option <b>&minus;Z</b> to
+create an initial config file.</p>
+
+
+<p style="margin-left:11%;"><i>/var/named/dnssec-&lt;view&gt;.conf</i></p>
+
+<p style="margin-left:22%;">View specific global
+configuration file.</p>
+
+<p style="margin-left:11%;"><i>./dnssec.conf</i></p>
+
+<p style="margin-left:22%;">Local configuration file.</p>
+
+<p style="margin-left:11%;"><i>dnskey.db</i></p>
+
+<p style="margin-left:22%;">The file contains the currently
+used key and zone signing keys. It will be created by
+<i>dnsssec-signer(8)</i>. The name of the file is settable
+via the dnssec configuration file (parameter
+<i>keyfile</i>).</p>
+
+<p style="margin-left:11%;"><i>zone.db</i></p>
+
+<p style="margin-left:22%;">This is the zone file. The name
+of the file is settable via the dnssec configuration file
+(parameter <i>zonefile</i>).</p>
+
+<a name="BUGS"></a>
+<h2>BUGS</h2>
+
+
+<p style="margin-left:11%; margin-top: 1em">The zone name
+given as an argument must be ending with a dot.</p>
+
+<p style="margin-left:11%; margin-top: 1em">The named.conf
+parser is a bit rudimental and not very well tested.</p>
+
+<a name="AUTHOR"></a>
+<h2>AUTHOR</h2>
+
+
+<p style="margin-left:11%; margin-top: 1em">Holger
+Zuleger</p>
+
+<a name="COPYRIGHT"></a>
+<h2>COPYRIGHT</h2>
+
+
+<p style="margin-left:11%; margin-top: 1em">Copyright (c)
+2005 &minus; 2008 by Holger Zuleger. Licensed under the BSD
+Licence. There is NO warranty; not even for MERCHANTABILITY
+or FITNESS FOR A PARTICULAR PURPOSE.</p>
+
+<a name="SEE ALSO"></a>
+<h2>SEE ALSO</h2>
+
+
+
+<p style="margin-left:11%; margin-top: 1em">dnssec-keygen(8),
+dnssec-signzone(8), rndc(8), named.conf(5), dnssec-zkt(8)
+<br>
+RFC4033, RFC4034, RFC4035 <br>
+[1] DNSSEC HOWTO Tutorial by Olaf Kolkman, RIPE NCC <br>
+(http://www.nlnetlabs.nl/dnssec_howto/) <br>
+[2] RFC4641 &quot;DNSSEC Operational Practices&quot; by Miek
+Gieben and Olaf Kolkman <br>
+ (http://www.ietf.org/rfc/rfc4641.txt)</p>
+<hr>
+</body>
+</html>
diff --git a/contrib/zkt/dnssec-zkt.8 b/contrib/zkt/man/dnssec-zkt.8
index b53f8bb3..fa824c22 100644
--- a/contrib/zkt/dnssec-zkt.8
+++ b/contrib/zkt/man/dnssec-zkt.8
@@ -1,4 +1,4 @@
-.TH dnssec-zkt 8 "July 27, 2008" "ZKT 0.97" ""
+.TH dnssec-zkt 8 "December 28, 2008" "ZKT 0.98" ""
\" turn off hyphenation
.\" if n .nh
.nh
@@ -466,8 +466,8 @@ insist on domain names ending with a dot.
Holger Zuleger
.SH COPYRIGHT
-Copyright (c) 2005 \- 2007 by Holger Zuleger.
-Licensed under the GPL 2. There is NO warranty; not even for MERCHANTABILITY or
+Copyright (c) 2005 \- 2008 by Holger Zuleger.
+Licensed under the BSD Licences. There is NO warranty; not even for MERCHANTABILITY or
FITNESS FOR A PARTICULAR PURPOSE.
.\"--------------------------------------------------
.SH SEE ALSO
diff --git a/contrib/zkt/man/dnssec-zkt.8.html b/contrib/zkt/man/dnssec-zkt.8.html
new file mode 100644
index 00000000..9bab81f6
--- /dev/null
+++ b/contrib/zkt/man/dnssec-zkt.8.html
@@ -0,0 +1,526 @@
+<!-- Creator : groff version 1.19.2 -->
+<!-- CreationDate: Sun Dec 28 23:15:24 2008 -->
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
+"http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<meta name="generator" content="groff -Thtml, see www.gnu.org">
+<meta http-equiv="Content-Type" content="text/html; charset=US-ASCII">
+<meta name="Content-Style" content="text/css">
+<style type="text/css">
+ p { margin-top: 0; margin-bottom: 0; }
+ pre { margin-top: 0; margin-bottom: 0; }
+ table { margin-top: 0; margin-bottom: 0; }
+</style>
+<title>dnssec-zkt</title>
+
+</head>
+<body>
+
+<h1 align=center>dnssec-zkt</h1>
+
+<a href="#NAME">NAME</a><br>
+<a href="#SYNOPSYS">SYNOPSYS</a><br>
+<a href="#DESCRIPTION">DESCRIPTION</a><br>
+<a href="#GENERAL OPTIONS">GENERAL OPTIONS</a><br>
+<a href="#COMMAND OPTIONS">COMMAND OPTIONS</a><br>
+<a href="#SAMPLE USAGE">SAMPLE USAGE</a><br>
+<a href="#ENVIRONMENT VARIABLES">ENVIRONMENT VARIABLES</a><br>
+<a href="#FILES">FILES</a><br>
+<a href="#BUGS">BUGS</a><br>
+<a href="#AUTHOR">AUTHOR</a><br>
+<a href="#COPYRIGHT">COPYRIGHT</a><br>
+<a href="#SEE ALSO">SEE ALSO</a><br>
+
+<hr>
+
+
+<a name="NAME"></a>
+<h2>NAME</h2>
+
+
+<p style="margin-left:11%; margin-top: 1em">dnssec-zkt
+&mdash; Secure DNS zone key tool</p>
+
+<a name="SYNOPSYS"></a>
+<h2>SYNOPSYS</h2>
+
+
+
+<p style="margin-left:11%; margin-top: 1em"><b>dnssec-zkt</b>
+[<b>&minus;V|--view</b> <i>view</i>] [<b>&minus;c</b>
+<i>file</i>] [<b>&minus;l</b> <i>list</i>]
+[<b>&minus;adefhkLrptz</b>] [{<i>keyfile</i>|<i>dir</i>}
+<i>...</i>]</p>
+
+<p style="margin-left:11%; margin-top: 1em"><b>dnssec-zkt
+&minus;C</b>&lt;label&gt; [<b>&minus;V|--view</b>
+<i>view</i>] [<b>&minus;c</b> <i>file</i>]
+[<b>&minus;krpz</b>] [{<i>keyfile</i>|<i>dir</i>}
+<i>...</i>] <b><br>
+dnssec-zkt &minus;&minus;create=</b>&lt;label&gt;
+[<b>&minus;V|--view</b> <i>view</i>] [<b>&minus;c</b>
+<i>file</i>] [<b>&minus;krpz</b>]
+[{<i>keyfile</i>|<i>dir</i>} <i>...</i>]</p>
+
+<p style="margin-left:11%; margin-top: 1em"><b>dnssec-zkt
+&minus;</b>{<b>P</b>|<b>A</b>|<b>D</b>|<b>R</b>}<b>&lt;keytag&gt;</b>
+[<b>&minus;V|--view</b> <i>view</i>] [<b>&minus;c</b>
+<i>file</i>] [<b>&minus;r</b>] [{<i>keyfile</i>|<i>dir</i>}
+<i>...</i>] <b><br>
+dnssec-zkt &minus;&minus;published=</b>&lt;keytag&gt;
+[<b>&minus;V|--view</b> <i>view</i>] [<b>&minus;c</b>
+<i>file</i>] [<b>&minus;r</b>] [{<i>keyfile</i>|<i>dir</i>}
+<i>...</i>] <b><br>
+dnssec-zkt &minus;&minus;active=</b>&lt;keytag&gt;
+[<b>&minus;V|--view</b> <i>view</i>] [<b>&minus;c</b>
+<i>file</i>] [<b>&minus;r</b>] [{<i>keyfile</i>|<i>dir</i>}
+<i>...</i>] <b><br>
+dnssec-zkt &minus;&minus;depreciate=</b>&lt;keytag&gt;
+[<b>&minus;V|--view</b> <i>view</i>] [<b>&minus;c</b>
+<i>file</i>] [<b>&minus;r</b>] [{<i>keyfile</i>|<i>dir</i>}
+<i>...</i>] <b><br>
+dnssec-zkt &minus;&minus;rename=</b>&lt;keytag&gt;
+[<b>&minus;V|--view</b> <i>view</i>] [<b>&minus;c</b>
+<i>file</i>] [<b>&minus;r</b>] [{<i>keyfile</i>|<i>dir</i>}
+<i>...</i>]</p>
+
+<p style="margin-left:11%; margin-top: 1em"><b>dnssec-zkt
+&minus;&minus;destroy=</b>&lt;keytag&gt;
+[<b>&minus;V|--view</b> <i>view</i>] [<b>&minus;c</b>
+<i>file</i>] [<b>&minus;r</b>] [{<i>keyfile</i>|<i>dir</i>}
+<i>...</i>]</p>
+
+<p style="margin-left:11%; margin-top: 1em"><b>dnssec-zkt
+&minus;T</b> [<b>&minus;V|--view</b> <i>view</i>]
+[<b>&minus;c</b> <i>file</i>] [<b>&minus;l</b> <i>list</i>]
+[<b>&minus;hr</b>] [{<i>keyfile</i>|<i>dir</i>} <i>...</i>]
+<b><br>
+dnssec-zkt &minus;&minus;list-trustedkeys</b>
+[<b>&minus;V|--view</b> <i>view</i>] [<b>&minus;c</b>
+<i>file</i>] [<b>&minus;l</b> <i>list</i>]
+[<b>&minus;hr</b>] [{<i>keyfile</i>|<i>dir</i>}
+<i>...</i>]</p>
+
+<p style="margin-left:11%; margin-top: 1em"><b>dnssec-zkt
+&minus;K</b> [<b>&minus;V|--view</b> <i>view</i>]
+[<b>&minus;c</b> <i>file</i>] [<b>&minus;l</b> <i>list</i>]
+[<b>&minus;hkzr</b>] [{<i>keyfile</i>|<i>dir</i>}
+<i>...</i>] <b><br>
+dnssec-zkt &minus;&minus;list-dnskeys</b>
+[<b>&minus;V|--view</b> <i>view</i>] [<b>&minus;c</b>
+<i>file</i>] [<b>&minus;l</b> <i>list</i>]
+[<b>&minus;hkzr</b>] [{<i>keyfile</i>|<i>dir</i>}
+<i>...</i>]</p>
+
+<p style="margin-left:11%; margin-top: 1em"><b>dnssec-zkt
+&minus;Z</b> [<b>&minus;V|--view</b> <i>view</i>]
+[<b>&minus;c</b> <i>file</i>] <b><br>
+dnssec-zkt &minus;&minus;zone-config</b>
+[<b>&minus;V|--view</b> <i>view</i>] [<b>&minus;c</b>
+<i>file</i>]</p>
+
+<p style="margin-left:11%; margin-top: 1em"><b>dnssec-zkt
+&minus;9 | &minus;&minus;ksk-rollover <br>
+dnssec-zkt &minus;1 | &minus;&minus;ksk-roll-phase1</b>
+<i>do.ma.in.</i> [<b>&minus;V|--view</b> <i>view</i>]
+[<b>&minus;c</b> <i>file</i>] <b><br>
+dnssec-zkt &minus;2 | &minus;&minus;ksk-roll-phase2</b>
+<i>do.ma.in.</i> [<b>&minus;V|--view</b> <i>view</i>]
+[<b>&minus;c</b> <i>file</i>] <b><br>
+dnssec-zkt &minus;3 | &minus;&minus;ksk-roll-phase3</b>
+<i>do.ma.in.</i> [<b>&minus;V|--view</b> <i>view</i>]
+[<b>&minus;c</b> <i>file</i>] <b><br>
+dnssec-zkt &minus;0 | &minus;&minus;ksk-roll-stat</b>
+<i>do.ma.in.</i> [<b>&minus;V|--view</b> <i>view</i>]
+[<b>&minus;c</b> <i>file</i>]</p>
+
+<a name="DESCRIPTION"></a>
+<h2>DESCRIPTION</h2>
+
+
+<p style="margin-left:11%; margin-top: 1em">The
+<i>dnssec-zkt</i> command is a wrapper around
+<i>dnssec-keygen(8)</i> to assist in dnssec zone key
+management.</p>
+
+<p style="margin-left:11%; margin-top: 1em">In the common
+usage the command prints out information about all dnssec
+(zone) keys found in the given (or predefined default)
+directory. It&rsquo;s also possible to specify keyfiles
+(K*.key) as arguments. With option <b>&minus;r</b>
+subdirectories will be searched recursively, and all dnssec
+keys found will be listed sorted by domain name, key type
+and generation time. In that mode the use of the
+<b>&minus;p</b> option may be helpful to find the location
+of the keyfile in the directory tree.</p>
+
+<p style="margin-left:11%; margin-top: 1em">Other forms of
+the command print out keys in a format suitable for a
+trusted-key section or as a DNSKEY resource record.</p>
+
+<p style="margin-left:11%; margin-top: 1em">The command is
+also useful in dns key management. It allows key livetime
+monitoring and status change.</p>
+
+<a name="GENERAL OPTIONS"></a>
+<h2>GENERAL OPTIONS</h2>
+
+
+
+<p style="margin-left:11%; margin-top: 1em"><b>&minus;V</b>
+<i>view</i><b>, &minus;&minus;view=</b><i>view</i></p>
+
+<p style="margin-left:22%;">Try to read the default
+configuration out of a file named
+<i>dnssec-&lt;view&gt;.conf .</i> Instead of specifying the
+&minus;V or --view option every time, it&rsquo;s also
+possible to create a hard or softlink to the executable file
+to give it an additional name like
+<i>dnssec-zkt-&lt;view&gt; .</i></p>
+
+<p style="margin-left:11%;"><b>&minus;c</b> <i>file</i><b>,
+&minus;&minus;config=</b><i>file</i></p>
+
+<p style="margin-left:22%;">Read default values from the
+specified config file. Otherwise the default config file is
+read or build in defaults will be used.</p>
+
+<p style="margin-left:11%;"><b>&minus;O</b>
+<i>optstr</i><b>,
+&minus;&minus;config-option=</b><i>optstr</i></p>
+
+<p style="margin-left:22%;">Set any config file option via
+the commandline. Several config file options could be
+specified at the argument string but have to be delimited by
+semicolon (or newline).</p>
+
+<p style="margin-left:11%;"><b>&minus;l</b> <i>list</i></p>
+
+<p style="margin-left:22%;">Print out information solely
+about domains given in the comma or space separated list.
+Take care of, that every domain name has a trailing dot.</p>
+
+<p style="margin-left:11%;"><b>&minus;d</b>,
+<b>&minus;&minus;directory</b></p>
+
+<p style="margin-left:22%;">Skip directory arguments. This
+will be useful in combination with wildcard arguments to
+prevent dnsssec-zkt to list all keys found in
+subdirectories. For example &quot;dnssec-zkt -d *&quot; will
+print out a list of all keys only found in the current
+directory. Maybe it&rsquo;s easier to use &quot;dnssec-zkt
+.&quot; instead (without -r set). The option works similar
+to the &minus;d option of <i>ls(1)</i>.</p>
+
+<p style="margin-left:11%;"><b>&minus;L</b>,
+<b>&minus;&minus;left-justify</b></p>
+
+<p style="margin-left:22%;">Print out the domain name left
+justified.</p>
+
+<p style="margin-left:11%;"><b>&minus;k</b>,
+<b>&minus;&minus;ksk</b></p>
+
+<p style="margin-left:22%;">Select and print key signing
+keys only (default depends on command mode).</p>
+
+<p style="margin-left:11%;"><b>&minus;z</b>,
+<b>&minus;&minus;zsk</b></p>
+
+<p style="margin-left:22%;">Select and print zone signing
+keys only (default depends on command mode).</p>
+
+<p style="margin-left:11%;"><b>&minus;r</b>,
+<b>&minus;&minus;recursive</b></p>
+
+<p style="margin-left:22%;">Recursive mode (default is
+off). <br>
+Also settable in the dnssec.conf file (Parameter:
+Recursive).</p>
+
+<p style="margin-left:11%;"><b>&minus;p</b>,
+<b>&minus;&minus;path</b></p>
+
+<p style="margin-left:22%;">Print pathname in listing mode.
+In -C mode, don&rsquo;t create the new key in the same
+directory as (already existing) keys with the same
+label.</p>
+
+<p style="margin-left:11%;"><b>&minus;a</b>,
+<b>&minus;&minus;age</b></p>
+
+<p style="margin-left:22%;">Print age of key in weeks,
+days, hours, minutes and seconds (default is off). <br>
+Also settable in the dnssec.conf file (Parameter:
+PrintAge).</p>
+
+<p style="margin-left:11%;"><b>&minus;f</b>,
+<b>&minus;&minus;lifetime</b></p>
+
+<p style="margin-left:22%;">Print the key lifetime.</p>
+
+<p style="margin-left:11%;"><b>&minus;F</b>,
+<b>&minus;&minus;setlifetime</b></p>
+
+<p style="margin-left:22%;">Set the key lifetime of all the
+selected keys. Use option -k, -z, -l or the file and dir
+argument for key selection.</p>
+
+<p style="margin-left:11%;"><b>&minus;e</b>,
+<b>&minus;&minus;exptime</b></p>
+
+<p style="margin-left:22%;">Print the key expiration
+time.</p>
+
+<p style="margin-left:11%;"><b>&minus;t</b>,
+<b>&minus;&minus;time</b></p>
+
+<p style="margin-left:22%;">Print the key generation time
+(default is on). <br>
+Also settable in the dnssec.conf file (Parameter:
+PrintTime).</p>
+
+<table width="100%" border=0 rules="none" frame="void"
+ cellspacing="0" cellpadding="0">
+<tr valign="top" align="left">
+<td width="11%"></td>
+<td width="3%">
+
+
+
+<p style="margin-top: 1em" valign="top"><b>&minus;h</b></p> </td>
+<td width="8%"></td>
+<td width="78%">
+
+
+<p style="margin-top: 1em" valign="top">No header or
+trusted-key section header and trailer in -T mode</p></td>
+</table>
+
+<a name="COMMAND OPTIONS"></a>
+<h2>COMMAND OPTIONS</h2>
+
+
+
+<p style="margin-left:11%; margin-top: 1em"><b>&minus;H</b>,
+<b>&minus;&minus;help</b></p>
+
+<p style="margin-left:22%;">Print out the online help.</p>
+
+<p style="margin-left:11%;"><b>&minus;T</b>,
+<b>&minus;&minus;list-trustedkeys</b></p>
+
+<p style="margin-left:22%;">List all key signing keys as a
+<i>named.conf</i> trusted-key section. Use <b>&minus;h</b>
+to supress the section header/trailer.</p>
+
+<p style="margin-left:11%;"><b>&minus;K</b>,
+<b>&minus;&minus;list-dnskeys</b></p>
+
+<p style="margin-left:22%;">List the public part of all the
+keys in DNSKEY resource record format. Use <b>&minus;h</b>
+to suppress comment lines.</p>
+
+<p style="margin-left:11%;"><b>&minus;C</b> <i>zone</i><b>,
+&minus;&minus;create=</b><i>zone</i></p>
+
+<p style="margin-left:22%;">Create a new zone signing key
+for the given zone. Add option <b>&minus;k</b> to create a
+key signing key. The key algorithm and key length will be
+examined from built-in default values or from the parameter
+settings in the <i>dnssec.conf</i> file. <br>
+The keyfile will be created in the current directory if the
+<b>&minus;p</b> option is specified.</p>
+
+<p style="margin-left:11%;"><b>&minus;R</b>
+<i>keyid</i><b>, &minus;&minus;revoke=</b><i>keyid</i></p>
+
+<p style="margin-left:22%;">Revoke the key signing key with
+the given keyid. A revoked key has bit 8 in the flags filed
+set (see RFC5011). The keyid is the numeric keytag with an
+optionally added zone name separated by a colon.</p>
+
+
+<p style="margin-left:11%;"><b>&minus;&minus;rename=&quot;</b><i>keyid</i></p>
+
+<p style="margin-left:22%;">Rename the key files of the key
+with the given keyid (Look at key file names starting with
+an lower &rsquo;k&rsquo;). The keyid is the numeric keytag
+with an optionally added zone name separated by a colon.</p>
+
+
+<p style="margin-left:11%;"><b>&minus;&minus;destroy=</b><i>keyid</i></p>
+
+<p style="margin-left:22%;">Deletes the key with the given
+keyid. The keyid is the numeric keytag with an optionally
+added zone name separated by a colon. Beware that this
+deletes both private and public keyfiles, thus the key is
+unrecoverable lost.</p>
+
+<p style="margin-left:11%;"><b>&minus;P|A|D</b>
+<i>keyid,</i> <b>&minus;&minus;published=</b><i>keyid,</i>
+<b>&minus;&minus;active=</b><i>keyid,</i>
+<b>&minus;&minus;depreciated=</b><i>keyid</i></p>
+
+<p style="margin-left:22%;">Change the status of the given
+dnssec key to published (<b>&minus;P</b>), active
+(<b>&minus;A</b>) or depreciated (<b>&minus;D</b>). The
+<i>keyid</i> is the numeric keytag with an optionally added
+zone name separated by a colon. Setting the status to
+&quot;published&quot; or &quot;depreciate&quot; will change
+the filename of the private key file to
+&quot;.published&quot; or &quot;.depreciated&quot;
+respectivly. This prevents the usage of the key as a signing
+key by the use of <i>dnssec-signzone(8)</i>. The time of
+status change will be stored in the &rsquo;mtime&rsquo;
+field of the corresponding &quot;.key&quot; file. Key
+activation via option <b>&minus;A</b> will restore the
+original timestamp and file name (&quot;.private&quot;).</p>
+
+<p style="margin-left:11%;"><b>&minus;Z</b>,
+<b>&minus;&minus;zone-config</b></p>
+
+<p style="margin-left:22%;">Write all config parameters to
+stdout. The output is suitable as a template for the
+<i>dnssec.conf</i> file, so the easiest way to create a
+<i>dnssec.conf</i> file is to redirect the standard output
+of the above command. Pay attention not to overwrite an
+existing file.</p>
+
+
+<p style="margin-left:11%;"><b>&minus;&minus;ksk-roll-phase[123]</b>
+<i>do.ma.in.</i></p>
+
+<p style="margin-left:22%;">Initiate a key signing key
+rollover of the specified domain. This feature is currently
+in experimental status and is mainly for the use in an
+hierachical environment. Use --ksk-rollover for a little
+more detailed description.</p>
+
+<a name="SAMPLE USAGE"></a>
+<h2>SAMPLE USAGE</h2>
+
+
+<p style="margin-left:11%; margin-top: 1em"><b>dnssec-zkt
+&minus;r .</b></p>
+
+<p style="margin-left:22%;">Print out a list of all zone
+keys found below the current directory.</p>
+
+<p style="margin-left:11%;"><b>dnssec-zkt &minus;Z &minus;c
+&quot;&quot;</b></p>
+
+<p style="margin-left:22%;">Print out the compiled in
+default parameters.</p>
+
+<p style="margin-left:11%;"><b>dnssec-zkt &minus;C
+example.net &minus;k &minus;r ./zonedir</b></p>
+
+<p style="margin-left:22%;">Create a new key signing key
+for the zone &quot;example.net&quot;. Store the key in the
+same directory below &quot;zonedir&quot; where the other
+&quot;example.net&quot; keys live.</p>
+
+<p style="margin-left:11%;"><b>dnssec-zkt &minus;T
+./zonedir/example.net</b></p>
+
+<p style="margin-left:22%;">Print out a trusted-key section
+containing the key signing keys of
+&quot;example.net&quot;.</p>
+
+<p style="margin-left:11%;"><b>dnssec-zkt &minus;D 123245
+&minus;r .</b></p>
+
+<p style="margin-left:22%;">Depreciate the key with tag
+&quot;12345&quot; below the current directory,</p>
+
+<p style="margin-left:11%;"><b>dnssec-zkt --view
+intern</b></p>
+
+<p style="margin-left:22%;">Print out a list of all zone
+keys found below the directory where all the zones of view
+intern live. There should be a seperate dnssec config file
+<i>dnssec-intern.conf</i> with a directory option to take
+affect of this.</p>
+
+<p style="margin-left:11%;"><b>dnssec-zkt-intern</b></p>
+
+<p style="margin-left:22%;">Same as above. The binary file
+<i>dnssec-zkt</i> have linked to <i>dnssec-zkt-intern
+.</i></p>
+
+<a name="ENVIRONMENT VARIABLES"></a>
+<h2>ENVIRONMENT VARIABLES</h2>
+
+
+
+<p style="margin-left:11%; margin-top: 1em">ZKT_CONFFILE</p>
+
+<p style="margin-left:22%;">Specifies the name of the
+default global configuration files.</p>
+
+<a name="FILES"></a>
+<h2>FILES</h2>
+
+
+
+<p style="margin-left:11%; margin-top: 1em"><i>/var/named/dnssec.conf</i></p>
+
+<p style="margin-left:22%;">Built-in default global
+configuration file. The name of the default global config
+file is settable via the environment variable
+ZKT_CONFFILE.</p>
+
+
+<p style="margin-left:11%;"><i>/var/named/dnssec-&lt;view&gt;.conf</i></p>
+
+<p style="margin-left:22%;">View specific global
+configuration file.</p>
+
+<p style="margin-left:11%;"><i>./dnssec.conf</i></p>
+
+<p style="margin-left:22%;">Local configuration file (only
+used in <b>&minus;C</b> mode).</p>
+
+<a name="BUGS"></a>
+<h2>BUGS</h2>
+
+
+<p style="margin-left:11%; margin-top: 1em">Some of the
+general options will not be meaningful in all of the command
+modes. <br>
+The option <b>&minus;l</b> and the ksk rollover options
+insist on domain names ending with a dot.</p>
+
+<a name="AUTHOR"></a>
+<h2>AUTHOR</h2>
+
+
+<p style="margin-left:11%; margin-top: 1em">Holger
+Zuleger</p>
+
+<a name="COPYRIGHT"></a>
+<h2>COPYRIGHT</h2>
+
+
+<p style="margin-left:11%; margin-top: 1em">Copyright (c)
+2005 &minus; 2008 by Holger Zuleger. Licensed under the BSD
+Licences. There is NO warranty; not even for MERCHANTABILITY
+or FITNESS FOR A PARTICULAR PURPOSE.</p>
+
+<a name="SEE ALSO"></a>
+<h2>SEE ALSO</h2>
+
+
+
+<p style="margin-left:11%; margin-top: 1em">dnssec-keygen(8),
+dnssec-signzone(8), rndc(8), named.conf(5),
+dnssec-signer(8), <br>
+RFC4641 &quot;DNSSEC Operational Practices&quot; by Miek
+Gieben and Olaf Kolkman, <br>
+DNSSEC HOWTO Tutorial by Olaf Kolkman, RIPE NCC <br>
+ (http://www.nlnetlabs.nl/dnssec_howto/)</p>
+<hr>
+</body>
+</html>
diff --git a/contrib/zkt/misc.c b/contrib/zkt/misc.c
index d2465c33..c073c980 100644
--- a/contrib/zkt/misc.c
+++ b/contrib/zkt/misc.c
@@ -62,6 +62,8 @@
extern const char *progname;
static int inc_soa_serial (FILE *fp, int use_unixtime);
+static int is_soa_rr (const char *line);
+static const char *strfindstr (const char *str, const char *search);
/*****************************************************************
** getnameappendix (progname, basename)
@@ -94,7 +96,8 @@ const char *getnameappendix (const char *progname, const char *basename)
/*****************************************************************
** getdefconfname (view)
-** returns the default configuration file name
+** returns a pointer to a dynamic string containing the
+** default configuration file name
*****************************************************************/
const char *getdefconfname (const char *view)
{
@@ -105,13 +108,14 @@ const char *getdefconfname (const char *view)
if ( (file = getenv ("ZKT_CONFFILE")) == NULL )
file = CONFIG_FILE;
+ dbg_val2 ("getdefconfname (%s) file = %s\n", view ? view : "NULL", file);
if ( view == NULL || *view == '\0' || (p = strrchr (file, '.')) == NULL )
return strdup (file);
size = strlen (file) + strlen (view) + 1 + 1;
if ( (buf = malloc (size)) == NULL )
- return file;
+ return strdup (file);
dbg_val1 ("0123456789o123456789o123456789\tsize=%d\n", size);
dbg_val4 ("%.*s-%s%s\n", p - file, file, view, p);
@@ -120,6 +124,40 @@ const char *getdefconfname (const char *view)
return buf;
}
+#if 1
+/*****************************************************************
+** domain_canonicdup (s)
+** returns NULL or a pointer to a dynamic string containing the
+** canonic (all lower case letters and ending with a '.')
+** domain name
+*****************************************************************/
+char *domain_canonicdup (const char *s)
+{
+ char *new;
+ char *p;
+ int len;
+ int add_dot;
+
+ if ( s == NULL )
+ return NULL;
+
+ add_dot = 0;
+ len = strlen (s);
+ if ( len > 0 && s[len-1] != '.' )
+ add_dot = len++;
+
+ if ( (new = p = malloc (len + 1)) == NULL )
+ return NULL;
+
+ while ( *s )
+ *p++ = tolower (*s++);
+ if ( add_dot )
+ *p++ = '.';
+ *p = '\0';
+
+ return new;
+}
+#else
/*****************************************************************
** str_tolowerdup (s)
*****************************************************************/
@@ -137,6 +175,7 @@ char *str_tolowerdup (const char *s)
return new;
}
+#endif
/*****************************************************************
** str_delspace (s)
@@ -956,7 +995,7 @@ time_t stop_timer (time_t start)
**
** To match the SOA record, the SOA RR must be formatted
** like this:
-** @ IN SOA <master.fq.dn.> <hostmaster.fq.dn.> (
+** @ [ttl] IN SOA <master.fq.dn.> <hostmaster.fq.dn.> (
** <SPACEes or TABs> 1234567890; serial number
** <SPACEes or TABs> 86400 ; other values
** ...
@@ -972,7 +1011,6 @@ int inc_serial (const char *fname, int use_unixtime)
{
FILE *fp;
char buf[4095+1];
- char master[254+1];
int error;
/**
@@ -988,8 +1026,7 @@ int inc_serial (const char *fname, int use_unixtime)
return -1;
/* read until the line matches the beginning of a soa record ... */
- while ( fgets (buf, sizeof buf, fp) &&
- sscanf (buf, "@ IN SOA %255s %*s (\n", master) != 1 )
+ while ( fgets (buf, sizeof buf, fp) && !is_soa_rr (buf) )
;
if ( feof (fp) )
@@ -1006,6 +1043,54 @@ int inc_serial (const char *fname, int use_unixtime)
}
/*****************************************************************
+** check if line is the beginning of a SOA RR record, thus
+** containing the string "IN .* SOA" and ends with a '('
+** returns 1 if true
+*****************************************************************/
+static int is_soa_rr (const char *line)
+{
+ const char *p;
+
+ assert ( line != NULL );
+
+ if ( (p = strfindstr (line, "IN")) && strfindstr (p+2, "SOA") ) /* line contains "IN" and "SOA" */
+ {
+ p = line + strlen (line) - 1;
+ while ( p > line && isspace (*p) )
+ p--;
+ if ( *p == '(' ) /* last character have to be a '(' to start a multi line record */
+ return 1;
+ }
+
+ return 0;
+}
+
+/*****************************************************************
+** Find string 'search' in 'str' and ignore case in comparison.
+** returns the position of 'search' in 'str' or NULL if not found.
+*****************************************************************/
+static const char *strfindstr (const char *str, const char *search)
+{
+ const char *p;
+ int c;
+
+ assert ( str != NULL );
+ assert ( search != NULL );
+
+ c = tolower (*search);
+ p = str;
+ do {
+ while ( *p && tolower (*p) != c )
+ p++;
+ if ( strncasecmp (p, search, strlen (search)) == 0 )
+ return p;
+ p++;
+ } while ( *p );
+
+ return NULL;
+}
+
+/*****************************************************************
** return the serial number of the current day in the form
** of YYYYmmdd00
*****************************************************************/
@@ -1100,8 +1185,11 @@ main (int argc, char *argv[])
now = today_serialtime ();
printf ("now = %lu\n", now);
- if ( (err = inc_serial (argv[1]), 0) < 0 )
+ if ( (err = inc_serial (argv[1], 0)) <= 0 )
+ {
error ("can't change serial errno=%d\n", err);
+ exit (1);
+ }
snprintf (cmd, sizeof(cmd), "head -15 %s", argv[1]);
system (cmd);
diff --git a/contrib/zkt/misc.h b/contrib/zkt/misc.h
index 842a80d8..c9c55171 100644
--- a/contrib/zkt/misc.h
+++ b/contrib/zkt/misc.h
@@ -56,7 +56,11 @@ extern int copyfile (const char *fromfile, const char *tofile, const char *dnske
extern int copyzonefile (const char *fromfile, const char *tofile, const char *dnskeyfile);
extern int cmpfile (const char *file1, const char *file2);
extern char *str_delspace (char *s);
+#if 1
+extern char *domain_canonicdup (const char *s);
+#else
extern char *str_tolowerdup (const char *s);
+#endif
extern int in_strarr (const char *str, char *const arr[], int cnt);
extern const char *splitpath (char *path, size_t size, const char *filename);
extern char *pathname (char *name, size_t size, const char *path, const char *file, const char *ext);
diff --git a/contrib/zkt/rollover.c b/contrib/zkt/rollover.c
index 0c9fee07..e2b754fb 100644
--- a/contrib/zkt/rollover.c
+++ b/contrib/zkt/rollover.c
@@ -276,7 +276,7 @@ static int kskrollover (dki_t *ksk, zone_t *zonelist, zone_t *zp)
parfile_age = file_age (path);
/* TODO: Set these values to the one found in the parent dnssec.conf file */
- parent_propagation = 5 * MINSEC;
+ parent_propagation = PARENT_PROPAGATION;
parent_resign = z->resign;
parent_keyttl = z->key_ttl;
@@ -293,7 +293,7 @@ static int kskrollover (dki_t *ksk, zone_t *zonelist, zone_t *zp)
return 1;
}
else
- verbmesg (2, z, "\t\tkskrollover: we are in state 1 and waiting for propagation of the new key (parentfile %d < prop %d + keyttl %d\n", parfile_age, z->proptime, z->key_ttl);
+ verbmesg (2, z, "\t\tkskrollover: we are in state 1 and waiting for propagation of the new key (parentfile %dsec < prop %dsec + keyttl %dsec\n", parfile_age, z->proptime, z->key_ttl);
break;
case 2: /* we are currently in state two (propagation of new key to the parent) */
#if 0
@@ -318,7 +318,7 @@ static int kskrollover (dki_t *ksk, zone_t *zonelist, zone_t *zp)
#if 0
verbmesg (2, z, "\t\tkskrollover: we are in state 2 and waiting for parent propagation (parentfile %d < parentprop %d + parentresig %d + parentkeyttl %d\n", parfile_age, parent_propagation, parent_resign, parent_keyttl);
#else
- verbmesg (2, z, "\t\tkskrollover: we are in state 2 and waiting for parent propagation (parentfile %d < parentprop %d + parentkeyttl %d\n", parfile_age, parent_propagation, parent_keyttl);
+ verbmesg (2, z, "\t\tkskrollover: we are in state 2 and waiting for parent propagation (parentfile %dsec < parentprop %dsec + parentkeyttl %dsec\n", parfile_age, parent_propagation, parent_keyttl);
#endif
break;
default:
@@ -373,10 +373,10 @@ int ksk5011status (dki_t **listp, const char *dir, const char *domain, const zco
{
exptime = get_exptime (dkp, z);
if ( dki_isrevoked (dkp) )
- lg_mesg (LG_DEBUG, "Rev Exptime: %s", time2str (exptime, 's'));
+ lg_mesg (LG_DEBUG, "zone \"%s\": found revoked key with exptime of: %s", domain, time2str (exptime, 's'));
/* revoked key is older than 30 days? */
- if ( dki_isrevoked (dkp) && currtime > exptime + (DAYSEC * 30) )
+ if ( dki_isrevoked (dkp) && currtime > exptime + REMOVE_HOLD_DOWN )
{
verbmesg (1, z, "\tRemove revoked key %d which is older than 30 days\n", dkp->tag);
lg_mesg (LG_NOTICE, "zone \"%s\": removing revoked key %d", domain, dkp->tag);
@@ -387,7 +387,7 @@ int ksk5011status (dki_t **listp, const char *dir, const char *domain, const zco
else /* anywhere in the middle of the list */
prev->next = dki_remove (dkp);
- ret |= 01; /* from now on a resigning is neccessary */
+ ret |= 01; /* from now on a resigning is necessary */
}
/* remember oldest standby and active key */
@@ -396,8 +396,8 @@ int ksk5011status (dki_t **listp, const char *dir, const char *domain, const zco
if ( dki_status (dkp) == DKI_ACTIVE )
activekey = dkp;
}
-
- if ( standbykey == NULL && ret == 0 ) /* no standby key and also no revoked key found ? */
+ /* no activekey or no standby key and also no revoked key found ? */
+ if ( activekey == NULL || (standbykey == NULL && ret == 0) )
return ret; /* Seems that this is a non rfc5011 zone! */
ret |= 02; /* Zone looks like a rfc5011 zone */
@@ -410,7 +410,7 @@ int ksk5011status (dki_t **listp, const char *dir, const char *domain, const zco
#endif
/* At the time we first introduce a standby key, the lifetime of the current KSK should not be expired, */
/* otherwise we run into an (nearly) immediate key rollover! */
- if ( currtime > exptime && currtime > dki_time (standbykey) + min (DAYSEC * 30, z->key_ttl) )
+ if ( currtime > exptime && currtime > dki_time (standbykey) + min (ADD_HOLD_DOWN, z->key_ttl) )
{
lg_mesg (LG_NOTICE, "\"%s\": starting rfc5011 rollover", domain);
verbmesg (1, z, "\tLifetime of Key Signing Key %d exceeded (%s): Starting rfc5011 rollover!\n",
@@ -434,7 +434,7 @@ int ksk5011status (dki_t **listp, const char *dir, const char *domain, const zco
dki_setstatus (activekey, DKI_REVOKED);
dki_setexptime (activekey, currtime); /* now the key is expired */
- ret |= 01; /* resigning neccessary */
+ ret |= 01; /* resigning necessary */
}
return ret;
@@ -446,7 +446,7 @@ int ksk5011status (dki_t **listp, const char *dir, const char *domain, const zco
** If there is no key signing key present create a new one.
** Prints out a warning message if the lifetime of the current
** key signing key is over.
-** Returns 1 if a resigning of the zone is neccessary, otherwise
+** Returns 1 if a resigning of the zone is necessary, otherwise
** the function returns 0.
*****************************************************************/
int kskstatus (zone_t *zonelist, zone_t *zp)
@@ -486,7 +486,7 @@ int kskstatus (zone_t *zonelist, zone_t *zp)
/*****************************************************************
** zskstatus ()
** Check the zsk status of a zone.
-** Returns 1 if a resigning of the zone is neccessary, otherwise
+** Returns 1 if a resigning of the zone is necessary, otherwise
** the function returns 0.
*****************************************************************/
int zskstatus (dki_t **listp, const char *dir, const char *domain, const zconf_t *z)
@@ -576,6 +576,7 @@ int zskstatus (dki_t **listp, const char *dir, const char *domain, const zconf_t
lg_mesg (LG_NOTICE, "\"%s\": lifetime of zone signing key %d exceeded: ZSK rollover done", domain, akey->tag);
akey = nextkey;
nextkey = NULL;
+ lifetime = dki_lifetime (akey); /* set lifetime to lt of the new active key (F. Behrens) */
}
else
{
@@ -585,7 +586,7 @@ int zskstatus (dki_t **listp, const char *dir, const char *domain, const zconf_t
}
}
}
- /* Should we add a new publish key? This is neccessary if the active
+ /* Should we add a new publish key? This is necessary if the active
* key will be expired at the next re-signing interval (The published
* time will be checked just before the active key will be removed.
* See above).
diff --git a/contrib/zkt/rollover.h b/contrib/zkt/rollover.h
index 8d53293f..ef9c6094 100644
--- a/contrib/zkt/rollover.h
+++ b/contrib/zkt/rollover.h
@@ -44,7 +44,14 @@
# include "zconf.h"
#endif
-# define OFFSET ((int) (2.5 * MINSEC))
+# define OFFSET ((int) (2.5 * MINSEC))
+# define PARENT_PROPAGATION (5 * MINSEC)
+# define ADD_HOLD_DOWN (30 * DAYSEC)
+#if 0
+# define REMOVE_HOLD_DOWN (30 * DAYSEC)
+#else
+# define REMOVE_HOLD_DOWN (10 * DAYSEC) /* reduced for testiing purposes */
+#endif
extern int ksk5011status (dki_t **listp, const char *dir, const char *domain, const zconf_t *z);
extern int kskstatus (zone_t *zonelist, zone_t *zp);
diff --git a/contrib/zkt/strlist.c b/contrib/zkt/strlist.c
index 81a84bcd..c142ffea 100644
--- a/contrib/zkt/strlist.c
+++ b/contrib/zkt/strlist.c
@@ -49,7 +49,7 @@
/*****************************************************************
** prepstrlist (str, delim)
-** prepare a string with delimeters to a so called strlist.
+** prepare a string with delimiters to a so called strlist.
** 'str' is a list of substrings delimeted by 'delim'
** The # of strings is stored at the first byte of the allocated
** memory. Every substring is stored as a '\0' terminated C-String.
diff --git a/contrib/zkt/tags b/contrib/zkt/tags
index 1471aff9..4fc5a237 100644
--- a/contrib/zkt/tags
+++ b/contrib/zkt/tags
@@ -17,10 +17,10 @@ CONF_TIMEINT zconf.c /^ CONF_TIMEINT,$/;" e file:
ISCOMMENT zconf.c 68;" d file:
ISDELIM zconf.c 70;" d file:
ISTRUE zconf.c 66;" d file:
-KEYSET_FILE_PFX dnssec-signer.c 669;" d file:
+KEYSET_FILE_PFX dnssec-signer.c 691;" d file:
KeyWords ncparse.c /^static struct KeyWords {$/;" s file:
MAXFNAME log.c 97;" d file:
-STRCONFIG_DELIMITER zconf.c 505;" d file:
+STRCONFIG_DELIMITER zconf.c 513;" d file:
TAINTEDCHARS misc.c 60;" d file:
TOK_DELEGATION ncparse.c 59;" d file:
TOK_DIR ncparse.c 49;" d file:
@@ -41,6 +41,8 @@ add2zonelist dnssec-signer.c /^static int add2zonelist (const char *dir, const c
age2str misc.c /^char *age2str (time_t sec)$/;" f
ageflag dnssec-zkt.c /^int ageflag = 0;$/;" v
b domaincmp.c /^ char *b;$/;" m file:
+bind94_dynzone dnssec-signer.c 131;" d file:
+bind96_dynzone dnssec-signer.c 132;" d file:
bool2str zconf.c /^static const char *bool2str (int val)$/;" f file:
check_keydb_timestamp dnssec-signer.c /^static int check_keydb_timestamp (dki_t *keylist, time_t reftime)$/;" f file:
checkconfig zconf.c /^int checkconfig (const zconf_t *z)$/;" f
@@ -62,6 +64,7 @@ dirname dnssec-signer.c /^const char *dirname = NULL;$/;" v
dist_and_reload dnssec-signer.c /^static int dist_and_reload (const zone_t *zp)$/;" f file:
dki_add dki.c /^dki_t *dki_add (dki_t **list, dki_t *new)$/;" f
dki_age dki.c /^int dki_age (const dki_t *dkp, time_t curr)$/;" f
+dki_algo2sstr dki.c /^char *dki_algo2sstr (int algo)$/;" f
dki_algo2str dki.c /^char *dki_algo2str (int algo)$/;" f
dki_allcmp dki.c /^int dki_allcmp (const dki_t *a, const dki_t *b)$/;" f
dki_alloc dki.c /^static dki_t *dki_alloc ()$/;" f file:
@@ -110,6 +113,7 @@ dki_timecmp dki.c /^int dki_timecmp (const dki_t *a, const dki_t *b)$/;" f
dki_tsearch dki.c /^const dki_t *dki_tsearch (const dki_t *tree, int tag, const char *name)$/;" f
dki_unsetflag dki.c /^dk_flag_t dki_unsetflag (dki_t *dkp, dk_flag_t flag)$/;" f
dki_writeinfo dki.c /^static int dki_writeinfo (const dki_t *dkp, const char *path)$/;" f file:
+domain_canonicdup misc.c /^char *domain_canonicdup (const char *s)$/;" f
domaincmp domaincmp.c /^int domaincmp (const char *a, const char *b)$/;" f
dosigning dnssec-signer.c /^static int dosigning (zone_t *zonelist, zone_t *zp)$/;" f file:
dupconfig zconf.c /^zconf_t *dupconfig (const zconf_t *conf)$/;" f
@@ -160,6 +164,7 @@ is_dotfile misc.c /^int is_dotfile (const char *name)$/;" f
is_exec_ok misc.c /^int is_exec_ok (const char *prog)$/;" f
is_keyfilename misc.c /^int is_keyfilename (const char *name)$/;" f
is_parentdirsigned rollover.c /^static int is_parentdirsigned (const zone_t *zonelist, const zone_t *zp)$/;" f file:
+is_soa_rr misc.c /^static int is_soa_rr (const char *line)$/;" f file:
isinlist strlist.c /^int isinlist (const char *str, const char *list)$/;" f
ksk5011status rollover.c /^int ksk5011status (dki_t **listp, const char *dir, const char *domain, const zconf_t *z)$/;" f
ksk_roll dnssec-zkt.c /^static void ksk_roll (const char *keyname, int phase, const dki_t *list, const zconf_t *conf)$/;" f file:
@@ -204,14 +209,14 @@ logflush misc.c /^void logflush ()$/;" f
logmesg misc.c /^void logmesg (char *fmt, ...)$/;" f
long_options dnssec-signer.c /^static struct option long_options[] = {$/;" v file:
long_options dnssec-zkt.c /^static struct option long_options[] = {$/;" v file:
-lopt_usage dnssec-signer.c 302;" d file:
-lopt_usage dnssec-signer.c 305;" d file:
-lopt_usage dnssec-zkt.c 410;" d file:
-lopt_usage dnssec-zkt.c 413;" d file:
-loptstr dnssec-signer.c 303;" d file:
-loptstr dnssec-signer.c 306;" d file:
-loptstr dnssec-zkt.c 411;" d file:
-loptstr dnssec-zkt.c 414;" d file:
+lopt_usage dnssec-signer.c 323;" d file:
+lopt_usage dnssec-signer.c 326;" d file:
+lopt_usage dnssec-zkt.c 402;" d file:
+lopt_usage dnssec-zkt.c 405;" d file:
+loptstr dnssec-signer.c 324;" d file:
+loptstr dnssec-signer.c 327;" d file:
+loptstr dnssec-zkt.c 403;" d file:
+loptstr dnssec-zkt.c 406;" d file:
main dnssec-signer.c /^int main (int argc, char *const argv[])$/;" f
main dnssec-zkt.c /^int main (int argc, char *argv[])$/;" f
main domaincmp.c /^main (int argc, char *argv[])$/;" f
@@ -259,6 +264,8 @@ searchitem zkt.c /^static int searchitem;$/;" v file:
searchkw ncparse.c /^static int searchkw (const char *keyword)$/;" f file:
searchresult zkt.c /^static const dki_t *searchresult;$/;" v file:
set_all_varptr zconf.c /^static void set_all_varptr (zconf_t *cp)$/;" f file:
+set_bind94_dynzone dnssec-signer.c 129;" d file:
+set_bind96_dynzone dnssec-signer.c 130;" d file:
set_keylifetime zkt.c /^static void set_keylifetime (const dki_t **nodep, const VISIT which, int depth)$/;" f file:
set_varptr zconf.c /^static int set_varptr (char *entry, void *ptr)$/;" f file:
setconfigpar zconf.c /^int setconfigpar (zconf_t *config, char *entry, const void *pval)$/;" f
@@ -267,8 +274,8 @@ short_options dnssec-signer.c 66;" d file:
short_options dnssec-signer.c 68;" d file:
short_options dnssec-zkt.c 89;" d file:
sign_zone dnssec-signer.c /^static int sign_zone (const char *dir, const char *domain, const char *file, const zconf_t *conf)$/;" f file:
-sopt_usage dnssec-signer.c 300;" d file:
-sopt_usage dnssec-zkt.c 408;" d file:
+sopt_usage dnssec-signer.c 321;" d file:
+sopt_usage dnssec-zkt.c 400;" d file:
splitpath misc.c /^const char *splitpath (char *path, size_t size, const char *filename)$/;" f
start_timer misc.c /^time_t start_timer ()$/;" f
stop_timer misc.c /^time_t stop_timer (time_t start)$/;" f
@@ -277,6 +284,7 @@ str_chop misc.c /^char *str_chop (char *str, char c)$/;" f
str_delspace misc.c /^char *str_delspace (char *s)$/;" f
str_tolowerdup misc.c /^char *str_tolowerdup (const char *s)$/;" f
str_untaint misc.c /^char *str_untaint (char *str)$/;" f
+strfindstr misc.c /^static const char *strfindstr (const char *str, const char *search)$/;" f file:
symtbl log.c /^static lg_symtbl_t symtbl[] = {$/;" v file:
syslog_level log.c /^ int syslog_level;$/;" m file:
tag_search zkt.c /^static void tag_search (const dki_t **nodep, const VISIT which, int depth)$/;" f file:
diff --git a/contrib/zkt/zconf.c b/contrib/zkt/zconf.c
index 1dee484b..831d1815 100644
--- a/contrib/zkt/zconf.c
+++ b/contrib/zkt/zconf.c
@@ -93,6 +93,7 @@ static zconf_t def = {
RESIGN_INT,
KSK_LIFETIME, KSK_ALGO, KSK_BITS, KSK_RANDOM,
ZSK_LIFETIME, ZSK_ALGO, ZSK_BITS, ZSK_RANDOM,
+ SALTLEN,
NULL, /* viewname cmdline paramter */
LOGFILE, LOGLEVEL, SYSLOGFACILITY, SYSLOGLEVEL, VERBOSELOG, 0,
DNSKEYFILE, ZONEFILE, KEYSETDIR,
@@ -143,6 +144,7 @@ static zconf_para_t confpara[] = {
{ "ZSK_algo", 0, CONF_ALGO, &def.z_algo },
{ "ZSK_bits", 0, CONF_INT, &def.z_bits },
{ "ZSK_randfile", 0, CONF_STRING, &def.z_random },
+ { "SaltBits", 0, CONF_INT, &def.saltbits },
{ "", 0, CONF_COMMENT, NULL },
{ "", 0, CONF_COMMENT, "dnssec-signer options"},
@@ -236,6 +238,7 @@ static void set_all_varptr (zconf_t *cp)
set_varptr ("zsk_algo", &cp->z_algo);
set_varptr ("zsk_bits", &cp->z_bits);
set_varptr ("zsk_randfile", &cp->z_random);
+ set_varptr ("saltbits", &cp->saltbits);
set_varptr ("--view", &cp->view);
set_varptr ("logfile", &cp->logfile);
@@ -262,6 +265,8 @@ static void parseconfigline (char *buf, unsigned int line, zconf_t *z)
unsigned int len, found;
zconf_para_t *c;
+ assert (buf[0] != '\0');
+
p = &buf[strlen(buf)-1]; /* Chop off white space at eol */
while ( p >= buf && isspace (*p) )
*p-- = '\0';
@@ -357,6 +362,12 @@ static void parseconfigline (char *buf, unsigned int line, zconf_t *z)
*((int *)c->var) = DK_ALGO_DSA;
else if ( strcasecmp (val, "rsasha1") == 0 )
*((int *)c->var) = DK_ALGO_RSASHA1;
+ else if ( strcasecmp (val, "nsec3dsa") == 0 ||
+ strcasecmp (val, "n3dsa") == 0 )
+ *((int *)c->var) = DK_ALGO_NSEC3DSA;
+ else if ( strcasecmp (val, "nsec3rsasha1") == 0 ||
+ strcasecmp (val, "n3rsasha1") == 0 )
+ *((int *)c->var) = DK_ALGO_NSEC3RSASHA1;
else
error ("Illegal algorithm \"%s\" "
"in line %d.\n" , val, line);
@@ -475,13 +486,13 @@ zconf_t *loadconfig (const char *filename, zconf_t *z)
return NULL;
if ( filename && *filename )
- memcpy (z, &def, sizeof (*z)); /* init new struct with defaults */
+ memcpy (z, &def, sizeof (zconf_t)); /* init new struct with defaults */
}
if ( filename == NULL || *filename == '\0' ) /* no file name given... */
{
dbg_val0("loadconfig (NULL)\n");
- memcpy (z, &def, sizeof (*z)); /* ..then init with defaults */
+ memcpy (z, &def, sizeof (zconf_t)); /* ..then init with defaults */
return z;
}
@@ -493,11 +504,8 @@ zconf_t *loadconfig (const char *filename, zconf_t *z)
line = 0;
while (fgets(buf, sizeof(buf), fp))
- {
- line++;
+ parseconfigline (buf, ++line, z);
- parseconfigline (buf, line, z);
- }
fclose(fp);
return z;
}
@@ -513,13 +521,13 @@ zconf_t *loadconfig_fromstr (const char *str, zconf_t *z)
{
if ( (z = calloc (1, sizeof (zconf_t))) == NULL )
return NULL;
- memcpy (z, &def, sizeof (*z)); /* init with defaults */
+ memcpy (z, &def, sizeof (zconf_t)); /* init with defaults */
}
if ( str == NULL || *str == '\0' )
{
dbg_val0("loadconfig_fromstr (NULL)\n");
- memcpy (z, &def, sizeof (*z)); /* init with defaults */
+ memcpy (z, &def, sizeof (zconf_t)); /* init with defaults */
return z;
}
@@ -555,7 +563,7 @@ zconf_t *dupconfig (const zconf_t *conf)
if ( (z = calloc (1, sizeof (zconf_t))) == NULL )
return NULL;
- memcpy (z, conf, sizeof (*conf));
+ memcpy (z, conf, sizeof (zconf_t));
return z;
}
@@ -698,6 +706,14 @@ int checkconfig (const zconf_t *z)
if ( z == NULL )
return 1;
+ if ( z->saltbits < 4 )
+ fprintf (stderr, "Saltlength must be at least 4 bits\n");
+ if ( z->saltbits > 128 )
+ {
+ fprintf (stderr, "While the maximum is 520 bits of salt, it's not recommended to use more than 128 bits.\n");
+ fprintf (stderr, "The current value is %d bits\n", z->saltbits);
+ }
+
if ( z->sigvalidity < (1 * DAYSEC) || z->sigvalidity > (12 * WEEKSEC) )
{
fprintf (stderr, "Signature should be valid for at least 1 day and no longer than 3 month (12 weeks)\n");
diff --git a/contrib/zkt/zconf.h b/contrib/zkt/zconf.h
index de8b2ef9..08adfd9b 100644
--- a/contrib/zkt/zconf.h
+++ b/contrib/zkt/zconf.h
@@ -73,6 +73,7 @@
# define ZSK_ALGO (DK_ALGO_RSASHA1)
# define ZSK_BITS (512)
# define ZSK_RANDOM "/dev/urandom"
+# define SALTLEN 24 /* salt length in bits (resolution is 4 bits)*/
# define ZONEDIR "."
# define RECURSIVE 0
@@ -89,7 +90,7 @@
# define DNSKEYFILE "dnskey.db"
# define LOOKASIDEDOMAIN "" /* "dlv.trusted-keys.de" */
# define SIG_RANDOM NULL /* "/dev/urandom" */
-# define SIG_PSEUDO 1
+# define SIG_PSEUDO 0
# define SIG_GENDS 1
# define SIG_PARAM ""
# define DIST_CMD NULL /* default is to run "rndc reload" */
@@ -143,6 +144,7 @@ typedef struct zconf {
int z_algo;
int z_bits;
char *z_random;
+ int saltbits;
char *view;
// char *errlog;
diff --git a/contrib/zkt/zkt.c b/contrib/zkt/zkt.c
index e699842d..f8e51a97 100644
--- a/contrib/zkt/zkt.c
+++ b/contrib/zkt/zkt.c
@@ -100,7 +100,7 @@ static void printkeyinfo (const dki_t *dkp, const char *oldpath)
printf ("%05d ", dkp->tag);
printf ("%3s ", dki_isksk (dkp) ? "KSK" : "ZSK");
printf ("%-3.3s ", dki_statusstr (dkp) );
- printf ("%-7s", dki_algo2str(dkp->algo));
+ printf ("%-7s", dki_algo2sstr(dkp->algo));
if ( timeflag )
printf (" %-20s", time2str (dkp->gentime ? dkp->gentime: dkp->time, 's'));
if ( exptimeflag )
diff --git a/contrib/zkt/zone.c b/contrib/zkt/zone.c
index dec214e1..9f7df62d 100644
--- a/contrib/zkt/zone.c
+++ b/contrib/zkt/zone.c
@@ -166,7 +166,7 @@ zone_t *zone_new (zone_t **zp, const char *zone, const char *dir, const char *fi
{
char *p;
- new->zone = str_tolowerdup (zone);
+ new->zone = domain_canonicdup (zone);
new->dir = strdup (dir);
new->file = strdup (file);
/* check if file ends with ".signed" ? */
@@ -208,7 +208,10 @@ int zone_readdir (const char *dir, const char *zone, const char *zfile, zone_t *
else
zone = dir;
}
- dbg_val4 ("zone_readdir: (dir: %s, zone: %s, zfile: %s zp, cp, dyn_zone = %d)\n",
+ if ( zone == NULL ) /* zone name still null ? */
+ return 0;
+
+ dbg_val4 ("zone_readdir: (dir: \"%s\", zone: \"%s\", zfile: \"%s\", zp, cp, dyn_zone = %d)\n",
dir, zone, zfile ? zfile: "NULL", dyn_zone);
if ( dyn_zone )