diff options
author | LaMont Jones <lamont@debian.org> | 2009-03-20 18:40:55 -0600 |
---|---|---|
committer | LaMont Jones <lamont@debian.org> | 2009-03-20 18:40:55 -0600 |
commit | 84e6ec609bc40abd57388eeb39ccf4727c210498 (patch) | |
tree | d292ee4a33d8c639a7aa4f4e5ce068377e6702a5 /contrib/zkt | |
parent | 45b41449108ec791ffc94fc779231e1af17be0d2 (diff) | |
download | bind9-84e6ec609bc40abd57388eeb39ccf4727c210498.tar.gz |
9.6.1b1
Diffstat (limited to 'contrib/zkt')
193 files changed, 3254 insertions, 4292 deletions
diff --git a/contrib/zkt/CHANGELOG b/contrib/zkt/CHANGELOG index 40fb02eb..33db8ee3 100644 --- a/contrib/zkt/CHANGELOG +++ b/contrib/zkt/CHANGELOG @@ -1,4 +1,49 @@ -zkt 0.97 -- +zkt 0.98 -- 30. Dec 2008 + +* misc Target "install-man" added to Makefile + man files moved to sub directory "man" + +* func If a BIND version greater equal 9.6.0 is used, option -d doesn't + initiate a resigning of a zone. It's just for key rollover. + +* func New pseudo algorithms for NSEC3 DNSKEYS added. + Support of NSEC3 hashing if a BIND version greater equal 9.6.0 + is used. New parameter "SaltBits" added to the config file to + set the salt length in bits (default is 24 which means 6 hex nibbles). + The number of hash iterations is set to the default value of + dnssec-signzone which depends on key size. + +* misc Renaming of all example zone directories so that the directory + name does not end with a dot (Necessary for installing the + source tree in an MS-Windows environment). + str_tolowerdup() renamed to domain_canonicdup() and code added + to append a dot to the domain name if it's not already there. + +* misc Add 'sec' (second) qualifier to debug output in kskrollover(). + +* bug Remove a trailing '/' at the -D argument. + +* misc Configure script now uses the BIND_UTIL_PATH out of config_zkt.h + if the BIND dnssec-signzone command is not found + +* bug A zone with only a standby key signing key (which means w/o an + active ksk) aborts the dnssec-signer command. + Fixed by Shane Kerr. + +* func Changed inc_serial() so that the SOA record parser accepts a label + other than '@' and an optional ttl value before the class and SOA + RR identifier (Both are case insensitive). Thanks to Shane Kerr + for the suggestion. + +* bug Change of global configured key liftetime during a zone signing + key rollover results in unnecessary additional pre-published + zone signing keys (Thanks to Frank Behrens for the patch) + +* misc Sig_Random config file parameter defaults now to false + +* bug The man page refers the wrong licence (GPL instead of BSD) + +zkt 0.97 -- 5. Aug 2008 * bug LG_* logging level wasn't mapped to syslog level in lg_mesg(). gettock() in ncparse.c did not recognize C single line comments "//" @@ -111,7 +156,7 @@ zkt 0.95 -- 19. April 2008 commandline option -O (--option or --config-option) * misc Function fatal() now has an exit code of 127. - This is neccessary because values from 1 to 64 are + This is necessary because values from 1 to 64 are reflecting the number of errors occured. * func Errorlog functionality added diff --git a/contrib/zkt/Makefile.in b/contrib/zkt/Makefile.in index 197fd14c..2de9427c 100644 --- a/contrib/zkt/Makefile.in +++ b/contrib/zkt/Makefile.in @@ -4,9 +4,11 @@ # ################################################################# -INSTALL_DIR ?= $$HOME/bin +prefix = @prefix@ +mandir = @mandir@ +INSTALL_DIR = $$HOME/bin -CC ?= @CC@ +CC = @CC@ PROFILE = # -pg OPTIM = # -O3 -DNDEBUG @@ -42,11 +44,11 @@ OBJ_SER = $(SRC_SER:.c=.o) #MAN_SER = zkt-soaserial.8 PROG_SER= zkt-soaserial -MAN = $(MAN_ZKT) $(MAN_SIG) #$(MAN_SER) +MAN_ALL = $(MAN_ZKT) $(MAN_SIG) #$(MAN_SER) OTHER = README README.logging TODO LICENSE CHANGELOG tags Makefile.in \ configure examples -SAVE = $(HEADER) $(SRC_ALL) $(SRC_SIG) $(SRC_ZKT) $(SRC_SER) $(MAN) $(OTHER) -MNTSAVE = $(SAVE) configure.ac config.h.in doc +SAVE = $(HEADER) $(SRC_ALL) $(SRC_SIG) $(SRC_ZKT) $(SRC_SER) man $(OTHER) +MNTSAVE = $(SAVE) configure.ac config.h.in doc all: $(PROG_ZKT) $(PROG_SIG) $(PROG_SER) @@ -76,6 +78,11 @@ install: ## install binaries in INSTALL_DIR install: $(PROG_ZKT) $(PROG_SIG) $(PROG_SER) cp $(PROG_ZKT) $(PROG_SIG) $(PROG_SER) $(INSTALL_DIR) +install-man: ## install man pages in mandir +install-man: + test -d $(mandir)/man8/ && cp -p man/$(MAN_ZKT) man/$(MAN_SIG) $(mandir)/man8/ + + tags: ## create tags file tags: $(SRC_ALL) $(SRC_SIG) $(SRC_ZKT) $(SRC_SER) ctags $(SRC_ALL) $(SRC_SIG) $(SRC_ZKT) $(SRC_SER) @@ -98,16 +105,16 @@ mainttar: $(PROJECT)-maint-$(VERSION).tar.gz configure: configure.ac autoconf && autoheader -man: $(MAN_ZKT).html $(MAN_ZKT).pdf $(MAN_SIG).html $(MAN_SIG).pdf +man: man/$(MAN_ZKT).html man/$(MAN_ZKT).pdf man/$(MAN_SIG).html man/$(MAN_SIG).pdf -$(MAN_ZKT).html: $(MAN_ZKT) - groff -Thtml -man -mhtml $(MAN_ZKT) > $(MAN_ZKT).html -$(MAN_ZKT).pdf: $(MAN_ZKT) - groff -Tps -man $(MAN_ZKT) | ps2pdf - $(MAN_ZKT).pdf -$(MAN_SIG).html: $(MAN_SIG) - groff -Thtml -man -mhtml $(MAN_SIG) > $(MAN_SIG).html -$(MAN_SIG).pdf: $(MAN_SIG) - groff -Tps -man $(MAN_SIG) | ps2pdf - $(MAN_SIG).pdf +man/$(MAN_ZKT).html: man/$(MAN_ZKT) + groff -Thtml -man -mhtml man/$(MAN_ZKT) > man/$(MAN_ZKT).html +man/$(MAN_ZKT).pdf: man/$(MAN_ZKT) + groff -Tps -man man/$(MAN_ZKT) | ps2pdf - man/$(MAN_ZKT).pdf +man/$(MAN_SIG).html: man/$(MAN_SIG) + groff -Thtml -man -mhtml man/$(MAN_SIG) > man/$(MAN_SIG).html +man/$(MAN_SIG).pdf: man/$(MAN_SIG) + groff -Tps -man man/$(MAN_SIG) | ps2pdf - man/$(MAN_SIG).pdf $(PROJECT)-$(VERSION).tar.gz: $(SAVE) @@ -119,7 +126,7 @@ $(PROJECT)-$(VERSION).tar.gz: $(SAVE) $(PROJECT)-maint-$(VERSION).tar.gz: $(MNTSAVE) ( \ - distfiles=`ls -d $(SAVE) | sed 's|^|$(PROJECT)-$(VERSION)/|'` ;\ + distfiles=`ls -d $(MNTSAVE) | sed 's|^|$(PROJECT)-$(VERSION)/|'` ;\ cd .. && tar czvf $(PROJECT)-$(VERSION)/$(PROJECT)-maint-$(VERSION).tar.gz $$distfiles ;\ ) diff --git a/contrib/zkt/README b/contrib/zkt/README index 07989323..2009a44e 100644 --- a/contrib/zkt/README +++ b/contrib/zkt/README @@ -1,7 +1,7 @@ # # README dnssec zone key tool # -# (c) March 2005 - Aug 2008 by Holger Zuleger hznet +# (c) March 2005 - Dec 2008 by Holger Zuleger hznet # (c) for domaincmp Aug 2005 by Karle Boss & H. Zuleger (kaho) # (c) for zconf.c by Jeroen Masar & Holger Zuleger # @@ -16,13 +16,13 @@ The complete software stands under BSD licence (see LICENCE file) To build the software: a) Get the current version of zkt - $ wget http://www.hznet.de/dns/zkt/zkt-0.97.tar.gz + $ wget http://www.hznet.de/dns/zkt/zkt-0.98.tar.gz b) Unpack - $ tar xzvf zkt-0.97.tar.gz + $ tar xzvf zkt-0.98.tar.gz c) Change to dir - $ cd zkt-0.97 + $ cd zkt-0.98 d) Run configure script $ ./configure @@ -31,10 +31,6 @@ e) (optional) Edit config_zkt.h f) Compile $ make - For MAC users: # this should not needed anymore - $ make macos - For Solaris: # this should not needed anymore - $ make solaris g) Install $ make install # this will copy the binarys to $HOME/bin @@ -42,3 +38,8 @@ g) Install h) (optional) Install and modify the default dnssec.conf file $ ./dnssec-zkt -c "" -Z > /var/named/dnssec.conf $ vi /var/named/dnssec.conf + +i) Prepare your zones for zkt + Have a look at the presentation I've held at the DE-CIX technical + meeting (http://www.hznet.de/dns/dnssec-decix050916.pdf) + It will give you an overview of how to configure a zone for zkt usage. diff --git a/contrib/zkt/README.logging b/contrib/zkt/README.logging index f0f3f908..e1307513 100644 --- a/contrib/zkt/README.logging +++ b/contrib/zkt/README.logging @@ -18,15 +18,14 @@ the file or directory name via the commandline option -L (--logfile) or via the config file parameter "LogFile". LogFile: ""|"<file>"|"<directory>" (default is "") If a file is specified, than each run of dnssec-signer will append the -messages to tat file. If a directory is specified, than a file with a +messages to that file. If a directory is specified, than a file with a name of zkt-<ISOdate&timeUTC>.log" will be created on each dnssec-signer run. Logging into the syslog channel could be enabled via the config file parameter "SyslogFacility". SyslogFacility: NONE|USER|DAEMON|LOCAL0|..|LOCAL7 (default is USER) -For both channels, the log level could be independently set to one -of six log levels: +For both channels, the log level could be set to one of six log levels: LG_FATAL, LG_ERROR, LG_WARNING LB_NOTICE, LG_INFO, LG_DEBUG @@ -38,12 +37,12 @@ and (default is NOTICE) All the log parameters are settable on the commandline via the generic -option -O "optstring" (--config-option="opt"). +option -O "optstring" (--config-option="optstring"). A verbose message output to stdout could be achieved by the commandline option -v (or -v -v). -If you want to log the same messages with loglevel LG_DEBUG to a file or -to syslog, you could enable this by setting the config file option +If you like to have this verbose messages also logged with a level of LG_DEBUG +you should enable this by setting the config file option "VerboseLog" to a value of 1 or 2. Current logging messages: @@ -72,7 +71,7 @@ Some recomended and useful logging settings VerboseLog: 0 - Setting as in version v0.95 - LogFile: "zkt-error.log" # or a directory for seperate logfiles + LogFile: "zkt-error.log" # or a directory for separate logfiles LogLevel: ERROR SyslogFacility: NONE VerboseLog: 0 @@ -83,14 +82,14 @@ Some recomended and useful logging settings VerboseLog: 0 - Recommended setting for normal usage - LogFile: "zkt.log" # or a directory for seperate logfiles + LogFile: "zkt.log" # or a directory for separate logfiles LogLevel: ERROR SyslogFacility: USER SyslogLevel: NOTICE VerboseLog: 0 - Recommended setting for debugging - LogFile: "zkt.log" # or a directory for seperate logfiles + LogFile: "zkt.log" # or a directory for separate logfiles LogLevel: DEBUG SyslogFacility: USER SyslogLevel: NOTICE diff --git a/contrib/zkt/config_zkt.h b/contrib/zkt/config_zkt.h index 4c048445..96c0d890 100644 --- a/contrib/zkt/config_zkt.h +++ b/contrib/zkt/config_zkt.h @@ -41,10 +41,6 @@ # define HAS_TIMEGM 1 #endif -#ifndef HAS_UTYPES -# define HAS_UTYPES 1 -#endif - #ifndef LOG_FNAMETMPL # define LOG_FNAMETMPL "/zkt-%04d-%02d-%02dT%02d%02d%02dZ.log" #endif @@ -52,6 +48,10 @@ /* don't change anything below this */ /* the values here are determined or settable via the ./configure script */ +#ifndef HAS_UTYPES +# define HAS_UTYPES 1 +#endif + #ifndef HAVE_GETOPT_LONG # define HAVE_GETOPT_LONG 1 #endif @@ -104,9 +104,9 @@ #ifndef ZKT_VERSION # if defined(USE_TREE) && USE_TREE -# define ZKT_VERSION "vT0.97 (c) Feb 2005 - Aug 2008 Holger Zuleger hznet.de" +# define ZKT_VERSION "vT0.98 (c) Feb 2005 - Sep 2008 Holger Zuleger hznet.de" # else -# define ZKT_VERSION "v0.97 (c) Feb 2005 - Aug 2008 Holger Zuleger hznet.de" +# define ZKT_VERSION "v0.98 (c) Feb 2005 - Sep 2008 Holger Zuleger hznet.de" # endif #endif diff --git a/contrib/zkt/configure b/contrib/zkt/configure index 178398f2..cc796cdc 100755 --- a/contrib/zkt/configure +++ b/contrib/zkt/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.59 for ZKT 0.97. +# Generated by GNU Autoconf 2.59 for ZKT 0.98. # # Report bugs to <Holger Zuleger hznet.de>. # @@ -269,8 +269,8 @@ SHELL=${CONFIG_SHELL-/bin/sh} # Identity of this package. PACKAGE_NAME='ZKT' PACKAGE_TARNAME='zkt' -PACKAGE_VERSION='0.97' -PACKAGE_STRING='ZKT 0.97' +PACKAGE_VERSION='0.98' +PACKAGE_STRING='ZKT 0.98' PACKAGE_BUGREPORT='Holger Zuleger hznet.de' ac_unique_file="dnssec-zkt.c" @@ -780,7 +780,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures ZKT 0.97 to adapt to many kinds of systems. +\`configure' configures ZKT 0.98 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -837,7 +837,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of ZKT 0.97:";; + short | recursive ) echo "Configuration of ZKT 0.98:";; esac cat <<\_ACEOF @@ -964,7 +964,7 @@ fi test -n "$ac_init_help" && exit 0 if $ac_init_version; then cat <<\_ACEOF -ZKT configure 0.97 +ZKT configure 0.98 generated by GNU Autoconf 2.59 Copyright (C) 2003 Free Software Foundation, Inc. @@ -978,7 +978,7 @@ cat >&5 <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by ZKT $as_me 0.97, which was +It was created by ZKT $as_me 0.98, which was generated by GNU Autoconf 2.59. Invocation command line was $ $0 $@ @@ -2293,26 +2293,28 @@ else echo "${ECHO_T}no" >&6 fi -bind_util_path=`dirname $SIGNZONE_PROG` +bind_util_path=`dirname "$SIGNZONE_PROG"` if test -z "$SIGNZONE_PROG" ; then - { { echo "$as_me:$LINENO: error: *** 'BIND dnssec-signzone dnssec-keygen' missing, please install or fix your \$PATH ***" >&5 -echo "$as_me: error: *** 'BIND dnssec-signzone dnssec-keygen' missing, please install or fix your \$PATH ***" >&2;} - { (exit 1); exit 1; }; } - fi +# AC_MSG_ERROR([*** 'BIND dnssec-signzone dnssec-keygen' missing, please install or fix your \$PATH ***]) + { echo "$as_me:$LINENO: WARNING: *** 'BIND dnssec-signzone' missing, use default BIND_UTIL_PATH and BIND_VERSION setting out of config_zkt.h ***" >&5 +echo "$as_me: WARNING: *** 'BIND dnssec-signzone' missing, use default BIND_UTIL_PATH and BIND_VERSION setting out of config_zkt.h ***" >&2;} +else -# define BIND_UTIL_PATH in config.h.in + # define BIND_UTIL_PATH in config.h.in cat >>confdefs.h <<_ACEOF #define BIND_UTIL_PATH "$bind_util_path/" _ACEOF -# define BIND_VERSION in config.h.in -bind_version=`$SIGNZONE_PROG 2>&1 | grep Version: | tr -dc 0-9` + # define BIND_VERSION in config.h.in + #bind_version=`$SIGNZONE_PROG 2>&1 | sed -n -e "/Version:/s/Version: \(\[0-9\]\[0-9\.\]*\).*/\1/p" | tr -d "."` + bind_version=`$SIGNZONE_PROG 2>&1 | grep "Version:" | tr -cd "0-9" | sed "s/^\(...\).*/\1/"` cat >>confdefs.h <<_ACEOF #define BIND_VERSION $bind_version _ACEOF +fi ac_ext=c @@ -3189,7 +3191,7 @@ _ACEOF cat >>confdefs.h <<_ACEOF -#define ZKT_VERSION "v$t$PACKAGE_VERSION (c) Feb 2005 - Aug 2008 Holger Zuleger hznet.de" +#define ZKT_VERSION "v$t$PACKAGE_VERSION (c) Feb 2005 - Sep 2008 Holger Zuleger hznet.de" _ACEOF @@ -6090,7 +6092,7 @@ _ASBOX } >&5 cat >&5 <<_CSEOF -This file was extended by ZKT $as_me 0.97, which was +This file was extended by ZKT $as_me 0.98, which was generated by GNU Autoconf 2.59. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -6150,7 +6152,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF ac_cs_version="\\ -ZKT config.status 0.97 +ZKT config.status 0.98 configured by $0, generated by GNU Autoconf 2.59, with options \\"`echo "$ac_configure_args" | sed 's/[\\""\`\$]/\\\\&/g'`\\" diff --git a/contrib/zkt/dki.c b/contrib/zkt/dki.c index 81498aea..c6320294 100644 --- a/contrib/zkt/dki.c +++ b/contrib/zkt/dki.c @@ -625,11 +625,32 @@ char *dki_algo2str (int algo) { switch ( algo ) { - case DK_ALGO_RSA: return ("RSAMD5"); - case DK_ALGO_DH: return ("DH"); - case DK_ALGO_DSA: return ("DSA"); - case DK_ALGO_EC: return ("EC"); - case DK_ALGO_RSASHA1: return ("RSASHA1"); + case DK_ALGO_RSA: return ("RSAMD5"); + case DK_ALGO_DH: return ("DH"); + case DK_ALGO_DSA: return ("DSA"); + case DK_ALGO_EC: return ("EC"); + case DK_ALGO_RSASHA1: return ("RSASHA1"); + case DK_ALGO_NSEC3DSA: return ("NSEC3DSA"); + case DK_ALGO_NSEC3RSASHA1: return ("NSEC3RSASHA1"); + } + return ("unknown"); +} + +/***************************************************************** +** dki_algo2sstr () +** return a short string describing the key algorithm +*****************************************************************/ +char *dki_algo2sstr (int algo) +{ + switch ( algo ) + { + case DK_ALGO_RSA: return ("RSAMD5"); + case DK_ALGO_DH: return ("DH"); + case DK_ALGO_DSA: return ("DSA"); + case DK_ALGO_EC: return ("EC"); + case DK_ALGO_RSASHA1: return ("RSASHA1"); + case DK_ALGO_NSEC3DSA: return ("N3DSA"); + case DK_ALGO_NSEC3RSASHA1: return ("N3RSA1"); } return ("unknown"); } diff --git a/contrib/zkt/dki.h b/contrib/zkt/dki.h index 548ce680..e50c3a29 100644 --- a/contrib/zkt/dki.h +++ b/contrib/zkt/dki.h @@ -60,6 +60,8 @@ # define DK_ALGO_DSA 3 /* RFC2536 (mandatory) */ # define DK_ALGO_EC 4 /* */ # define DK_ALGO_RSASHA1 5 /* RFC3110 */ +# define DK_ALGO_NSEC3DSA 6 /* symlink to alg 3 RFC5155 */ +# define DK_ALGO_NSEC3RSASHA1 7 /* symlink to alg 5 RFC5155 */ /* protocol types */ # define DK_PROTO_DNS 3 @@ -180,6 +182,7 @@ extern const dki_t *dki_find (const dki_t *list, int ksk, int status, int first) extern void dki_free (dki_t *dkp); extern void dki_freelist (dki_t **listp); extern char *dki_algo2str (int algo); +extern char *dki_algo2sstr (int algo); extern const char *dki_geterrstr (void); #endif diff --git a/contrib/zkt/dnssec-signer.c b/contrib/zkt/dnssec-signer.c index 5b2b8f63..a971cb2f 100644 --- a/contrib/zkt/dnssec-signer.c +++ b/contrib/zkt/dnssec-signer.c @@ -3,7 +3,7 @@ ** @(#) dnssec-signer.c (c) Jan 2005 Holger Zuleger hznet.de ** ** A wrapper around the BIND dnssec-signzone command which is able -** to resign a zone if neccessary and doing a zone or key signing key rollover. +** to resign a zone if necessary and doing a zone or key signing key rollover. ** ** Copyright (c) 2005 - 2008, Holger Zuleger HZnet. All rights reserved. ** This software is open source. @@ -125,6 +125,12 @@ static int dynamic_zone = 0; /* dynamic zone ? */ static zone_t *zonelist = NULL; /* must be static global because add2zonelist use it */ static zconf_t *config; +/** macros **/ +#define set_bind94_dynzone(dz) ((dz) = 1) +#define set_bind96_dynzone(dz) ((dz) = 6) +#define bind94_dynzone(dz) ( (dz) > 0 && (dz) < 6 ) +#define bind96_dynzone(dz) ( (dz) >= 6 ) + int main (int argc, char *const argv[]) { int c; @@ -196,7 +202,11 @@ int main (int argc, char *const argv[]) break; #if defined(BIND_VERSION) && BIND_VERSION >= 940 case 'd': - dynamic_zone = 1; +#if BIND_VERSION >= 960 + set_bind96_dynzone (dynamic_zone); +#else + set_bind94_dynzone(dynamic_zone); +#endif /* dynamic zone requires a name server reload... */ reloadflag = 0; /* ...but "rndc thaw" reloads the zone anyway */ break; @@ -242,16 +252,18 @@ int main (int argc, char *const argv[]) if ( origin ) /* option -o ? */ { + int ret; + if ( (argc - optind) <= 0 ) /* no arguments left ? */ - zone_readdir (".", origin, NULL, &zonelist, config, dynamic_zone); + ret = zone_readdir (".", origin, NULL, &zonelist, config, dynamic_zone); else - zone_readdir (".", origin, argv[optind], &zonelist, config, dynamic_zone); + ret = zone_readdir (".", origin, argv[optind], &zonelist, config, dynamic_zone); /* anyway, "delete" all (remaining) arguments */ optind = argc; /* complain if nothing could read in */ - if ( zonelist == NULL ) + if ( ret != 1 || zonelist == NULL ) { lg_mesg (LG_FATAL, "\"%s\": couldn't read", origin); fatal ("Couldn't read zone \"%s\"\n", origin); @@ -271,10 +283,19 @@ int main (int argc, char *const argv[]) } if ( dirname ) /* option -D ? */ { - if ( !parsedir (dirname, &zonelist, config) ) - fatal ("Can't read directory tree %s\n", dirname); + char *dir = strdup (dirname); + + p = dir + strlen (dir); + if ( p > dir ) + p--; + if ( *p == '/' ) + *p = '\0'; /* remove trailing path seperator */ + + if ( !parsedir (dir, &zonelist, config) ) + fatal ("Can't read directory tree %s\n", dir); if ( zonelist == NULL ) - fatal ("No signed zone found in directory tree %s\n", dirname); + fatal ("No signed zone found in directory tree %s\n", dir); + free (dir); } /* none of the above: read current directory tree */ @@ -452,13 +473,13 @@ static int dosigning (zone_t *zonelist, zone_t *zp) zfile_time = file_mtime (path); currtime = time (NULL); - /* check rfc5011 key signing keys, create new one if neccessary */ + /* check rfc5011 key signing keys, create new one if necessary */ dbg_msg("parsezonedir check rfc 5011 ksk "); newkey = ksk5011status (&zp->keys, zp->dir, zp->zone, zp->conf); if ( (newkey & 02) != 02 ) /* not a rfc 5011 zone ? */ { verbmesg (2, zp->conf, "\t\t->not a rfc5011 zone, looking for a regular ksk rollover\n"); - /* check key signing keys, create new one if neccessary */ + /* check key signing keys, create new one if necessary */ dbg_msg("parsezonedir check ksk "); newkey |= kskstatus (zonelist, zp); } @@ -493,7 +514,7 @@ static int dosigning (zone_t *zonelist, zone_t *zp) if ( force ) snprintf (mesg, sizeof(mesg), "Option -f"); else if ( newkey ) - snprintf (mesg, sizeof(mesg), "New zone key"); + snprintf (mesg, sizeof(mesg), "Modfied zone key set"); else if ( newkeysetfile ) snprintf (mesg, sizeof(mesg), "Modified KSK in delegated domain"); else if ( file_mtime (path) > zfilesig_time ) @@ -503,7 +524,7 @@ static int dosigning (zone_t *zonelist, zone_t *zp) else if ( (currtime - zfilesig_time) > zp->conf->resign - (OFFSET) ) snprintf (mesg, sizeof(mesg), "re-signing interval (%s) reached", str_delspace (age2str (zp->conf->resign))); - else if ( dynamic_zone ) + else if ( bind94_dynzone (dynamic_zone) ) snprintf (mesg, sizeof(mesg), "dynamic zone"); if ( *mesg ) @@ -517,7 +538,8 @@ static int dosigning (zone_t *zonelist, zone_t *zp) dbg_line (); if ( !(force || newkey || newkeysetfile || zfile_time > zfilesig_time || file_mtime (path) > zfilesig_time || - (currtime - zfilesig_time) > zp->conf->resign - (OFFSET) || dynamic_zone) ) + (currtime - zfilesig_time) > zp->conf->resign - (OFFSET) || + bind94_dynzone (dynamic_zone)) ) { verbmesg (2, zp->conf, "\tCheck if there is a parent file to copy\n"); if ( zp->conf->keysetdir && strcmp (zp->conf->keysetdir, "..") == 0 ) @@ -541,7 +563,7 @@ static int dosigning (zone_t *zonelist, zone_t *zp) use_unixtime = ( zp->conf->serialform == Unixtime ); dbg_val1 ("Use unixtime = %d\n", use_unixtime); #if defined(BIND_VERSION) && BIND_VERSION >= 940 - if ( !dynamic_zone && !use_unixtime ) /* increment serial no in static zone files */ + if ( !dynamic_zone && !use_unixtime ) /* increment serial number in static zone files */ #else if ( !dynamic_zone ) /* increment serial no in static zone files */ #endif @@ -746,9 +768,10 @@ static int writekeyfile (const char *fname, const dki_t *list, int key_ttl) static int sign_zone (const char *dir, const char *domain, const char *file, const zconf_t *conf) { - char cmd[1023+1]; + char cmd[2047+1]; char str[1023+1]; char rparam[254+1]; + char nsec3param[637+1]; char keysetdir[254+1]; const char *gends; const char *pseudo; @@ -782,6 +805,32 @@ static int sign_zone (const char *dir, const char *domain, const char *file, con if ( conf->sig_param && conf->sig_param[0] ) param = conf->sig_param; + nsec3param[0] = '\0'; +#if defined(BIND_VERSION) && BIND_VERSION >= 960 + if ( conf->z_algo == DK_ALGO_NSEC3DSA || conf->z_algo == DK_ALGO_NSEC3RSASHA1 ) + { + static char hexstr[] = "0123456789ABCDEF"; + static int seed = 0; + char salt[510+1]; /* salt has a maximum of 255 bytes == 510 hex nibbles */ + int saltlen = 0; /* current length of salt in hex nibbles */ + int i; + int hex; + + if ( seed == 0 ) + srandom (seed = (unsigned int)time (NULL)); + + saltlen = conf->saltbits / 4; + for ( i = 0; i < saltlen; i++ ) + { + hex = random () % 16; + assert ( hex >= 0 && hex < 16 ); + salt[i] = hexstr[hex]; + } + salt[i] = '\0'; + snprintf (nsec3param, sizeof (nsec3param), "-3 %s ", salt); + } +#endif + dbg_line(); rparam[0] = '\0'; if ( conf->sig_random && conf->sig_random[0] ) @@ -802,8 +851,8 @@ static int sign_zone (const char *dir, const char *domain, const char *file, con dir, SIGNCMD, param, gends, pseudo, rparam, keysetdir, domain, conf->sigvalidity, str, file, file); else #endif - snprintf (cmd, sizeof (cmd), "cd %s; %s %s %s%s%s%s-o %s -e +%d %s %s K*.private", - dir, SIGNCMD, param, gends, pseudo, rparam, keysetdir, domain, conf->sigvalidity, str, file); + snprintf (cmd, sizeof (cmd), "cd %s; %s %s %s%s%s%s%s-o %s -e +%d %s %s K*.private", + dir, SIGNCMD, param, nsec3param, gends, pseudo, rparam, keysetdir, domain, conf->sigvalidity, str, file); verbmesg (2, conf, "\t Run cmd \"%s\"\n", cmd); *str = '\0'; if ( noexec == 0 ) diff --git a/contrib/zkt/dnssec-zkt.c b/contrib/zkt/dnssec-zkt.c index 803cbc39..07ba6934 100644 --- a/contrib/zkt/dnssec-zkt.c +++ b/contrib/zkt/dnssec-zkt.c @@ -195,7 +195,7 @@ int main (int argc, char *argv[]) action = c; if ( !optarg ) usage ("ksk rollover requires an domain argument", config); - kskdomain = str_tolowerdup (optarg); + kskdomain = domain_canonicdup (optarg); break; case 'T': trustedkeyflag = 1; @@ -218,15 +218,7 @@ int main (int argc, char *argv[]) case 19: case 20: if ( (keyname = parsetag (optarg, &searchtag)) != NULL ) - { - int len = strlen (keyname); - if ( len > 0 && keyname[len-1] != '.' ) - { - snprintf (str, sizeof(str), "%s.", keyname); - keyname = str; - } - } - keyname = str_tolowerdup (keyname); + keyname = domain_canonicdup (keyname); action = c; break; case 'a': /* age */ diff --git a/contrib/zkt/examples/dnskey.db b/contrib/zkt/examples/dnskey.db deleted file mode 100644 index 2822e6a9..00000000 --- a/contrib/zkt/examples/dnskey.db +++ /dev/null @@ -1,24 +0,0 @@ -; -; !!! Don't edit this file by hand. -; !!! It will be generated by dnssec-signer. -; -; Last generation time Jun 24 2008 09:58:34 -; - -; *** List of Key Signing Keys *** -; example.net. tag=31674 algo=RSASHA1 generated Jun 24 2008 09:58:34 -example.net. 14400 IN DNSKEY 257 3 5 ( - BQEAAAABC23icFZAD3DFBLoEw7DWKl8Hig7azmEbpXHYyAV98l+QQaTA - b98Ob3YbrVJ9IU8E0KBFb5iYpHobxowPsI8FjUH2oL/7PfhtN1E3NlL6 - Uhbo8Umf6H0UULEsUTlTT8dnX+ikjAr8bN71YJP7BXlszezsFHuMEspN - dOPyMr93230+R2KTEzC2H4CQzSRIr5xXSIq8kkrJ3miGjTyj5awvXfJ+ - eQ== - ) ; key id = 31674 - -; *** List of Zone Signing Keys *** -; example.net. tag=33755 algo=RSASHA1 generated Jun 24 2008 09:58:34 -example.net. 14400 IN DNSKEY 256 3 5 ( - BQEAAAABzN8pvZb5GSy8AozXt4L8HK/x59TQjh9IaZS+mIyyuHDX2iaF - UigOqHixIJtDLD1r/MfelgJ/Mh6+vCu+XmMQuw== - ) ; key id = 33755 - diff --git a/contrib/zkt/examples/flat/dnssec.conf b/contrib/zkt/examples/flat/dnssec.conf index 2bd9c581..19961845 100644 --- a/contrib/zkt/examples/flat/dnssec.conf +++ b/contrib/zkt/examples/flat/dnssec.conf @@ -1,5 +1,5 @@ # -# @(#) dnssec.conf vT0.96 (c) Feb 2005 - May 2008 Holger Zuleger hznet.de +# @(#) dnssec.conf vT0.98 (c) Feb 2005 - Sep 2008 Holger Zuleger hznet.de # # dnssec-zkt options @@ -26,16 +26,18 @@ ZSK_lifetime: 2w # (1209600 seconds) ZSK_algo: RSASHA1 # (Algorithm ID 5) ZSK_bits: 512 ZSK_randfile: "/dev/urandom" +SaltBits: 24 # dnssec-signer options LogFile: "zkt.log" -LogLevel: debug +LogLevel: DEBUG SyslogFacility: USER -SyslogLevel: notice +SyslogLevel: NOTICE VerboseLog: 2 Keyfile: "dnskey.db" Zonefile: "zone.db" KeySetDir: "../keysets" DLV_Domain: "" Sig_Pseudorand: True +Sig_Parameter: "" Distribute_Cmd: "./dist.sh" diff --git a/contrib/zkt/examples/flat/dyn.example.net./zone.db b/contrib/zkt/examples/flat/dyn.example.net./zone.db deleted file mode 100644 index ee557b84..00000000 --- a/contrib/zkt/examples/flat/dyn.example.net./zone.db +++ /dev/null @@ -1,136 +0,0 @@ -; File written on Thu Jun 12 18:28:34 2008 -; dnssec_signzone version 9.5.0 -dyn.example.net. 7200 IN SOA ns1.example.net. hostmaster.example.net. ( - 7 ; serial - 43200 ; refresh (12 hours) - 1800 ; retry (30 minutes) - 1209600 ; expire (2 weeks) - 7200 ; minimum (2 hours) - ) - 7200 RRSIG SOA 5 3 7200 20080622152834 ( - 20080612152834 1355 dyn.example.net. - h8oKA1I7aC378Cll7LdhM2XZzrtsoxOdPaas - SMAd5Ok2zobl8i4nTpxUzmJE27U+yEeOJkf+ - SXgsy934gAaYLw== ) - 7200 NS ns1.example.net. - 7200 NS ns2.example.net. - 7200 RRSIG NS 5 3 7200 20080615214426 ( - 20080609214426 1355 dyn.example.net. - xuEEg3kN7hAVIwdQ8l8lmeEzNhrtz5Ow1PQK - Sm3KTIxXI8RLcqZgc4pMlCWq+gWwxekvxJwz - lU0C+J4VPkA8pA== ) - 7200 NSEC localhost.dyn.example.net. NS SOA RRSIG NSEC DNSKEY - 7200 RRSIG NSEC 5 3 7200 20080615214426 ( - 20080609214426 1355 dyn.example.net. - XFDBfmcN874qUtNsGwD9Ir0QAzjYMw3BI40I - HFEOkTBJouhQ8RBpR6YqgWpkLqg1khvES5DH - +6XuqA8u/xPmbw== ) - 3600 DNSKEY 256 3 5 ( - BQEAAAAB1hmOomNafbJ3H76e8V4qmFvlFWQu - IkM+jbh+s79ZpErpCR7wBS5TswdoTeglX9Uj - P0D6hLmHfTcsdHQLLeMidQ== - ) ; key id = 1355 - 3600 DNSKEY 257 3 3 ( - CNtFdVrUUJ9MPDyzGoPm+tSKUgnX4bble5+V - NGd4RjwWpEDj8RhEAhQ7LybJzr0wtHXT2Q/K - S55xARkUtcH2TVO/ayMupa30pM38rd8uF38s - m+ABKLEvCbPjaLZyW+s10di8nLp1aAxKFFfA - EfXkIhl3Wm5g9CvjrMlrxAOfNy/jtz4v+asI - r6/d992V80G9wMKMvTMQoCr4Sp9s2JubW79i - 4RBVWgHHJMmtyqq+SqEkPhZvsTuo2sXgIH9v - RS3XgfkGtw/KyTUM29bhZ2eB+Ldq+bggp1gb - BDiSsxZPjxciizI/mCzXWbq8BdfZ6LsddMjA - olJwCtaPCD4e4infmw+YSxjGau+YGgI0Cc0u - ItzQmNNpSoejM3IWGV+SN/YuPJIzw8wixDfO - 6kCNiPsW45Fvq31148cAvUvwiqYPQ3fONeOT - dQjsJWLLdLTApVEH10kjAGfa30Tm92lQhhG5 - ovWrWCMbFlw4Lbvlon+X2snWPNut0a1Pz4Wd - clDcmNU8dxi1lFvGbcJ0E4qBoJVBIzDh4HX1 - ) ; key id = 42138 - 3600 RRSIG DNSKEY 3 3 3600 20080615214426 ( - 20080609214426 42138 dyn.example.net. - CIIuZ4cbwEWxoPGO6KDcLRO4Z3y0i2VhXy+5 - 1X+nmHSkpcKJrUty/wY= ) - 3600 RRSIG DNSKEY 5 3 3600 20080615214426 ( - 20080609214426 1355 dyn.example.net. - xGL6ZjA7v2RjPj7BnYjCvsgMRm/Z94j4c5K4 - 7twJsUZ0AO/mURIpdbCigDfFJuK2fy/8X4Vi - 9K8P4EgCcj52Jw== ) -localhost.dyn.example.net. 7200 IN A 127.0.0.1 - 7200 RRSIG A 5 4 7200 20080615214426 ( - 20080609214426 1355 dyn.example.net. - s+RvcycC8aAYgRcR5qBdVXhpRxBMTFS5Q0Pk - FN7OAdfmJ/3nV7+ehu0eOZ2ZjO2Pm4ZFcSM1 - Sm1ttNxSTe2M8A== ) - 7200 NSEC ns1.dyn.example.net. A RRSIG NSEC - 7200 RRSIG NSEC 5 4 7200 20080615214426 ( - 20080609214426 1355 dyn.example.net. - ZhXlmS/WJPbIiXwLKzNFOxw7RU3owfTA8vEM - +/SDZO/7+aVSj5IgbsUs3qLAuFrMN8BFEAWt - AqArf+M3STbO9g== ) -ns1.dyn.example.net. 7200 IN A 1.0.0.5 - 7200 RRSIG A 5 4 7200 20080615214426 ( - 20080609214426 1355 dyn.example.net. - gPY1vUcxdWRJ1YbFMg/8rgoPZwta6rFrxQZl - KbyBNctNmlbXxeynP6j3qjwq9dydzbNt+sjO - TdWtXSZIlU2JKQ== ) - 7200 AAAA 2001:db8::53 - 7200 RRSIG AAAA 5 4 7200 20080615214426 ( - 20080609214426 1355 dyn.example.net. - Y/PZmvaKPq4CqDvdG7eA2sxlnCPeNKHkZOB4 - eDvK1x+q/WfTs3BDd3+g4zlG5nMC+NRSlXeO - Q4Pxd2rI9ud1hA== ) - 7200 NSEC ns2.dyn.example.net. A AAAA RRSIG NSEC - 7200 RRSIG NSEC 5 4 7200 20080615214426 ( - 20080609214426 1355 dyn.example.net. - pLgxecgjqGdhVmCcUl59FljWsnC4bjkslUdt - 0etzeGD1SNGUqhFcW10EgZE4Y9pXwvLvw68R - sj80tqtN0NHi/Q== ) -ns2.dyn.example.net. 7200 IN A 1.2.0.6 - 7200 RRSIG A 5 4 7200 20080615214426 ( - 20080609214426 1355 dyn.example.net. - pHtJzfj0HU/AkLE70xT0UG8M/Gvvsia61TnC - UrxR/61uQk1X4Vy2+oPA14Yb2QJ7ZHG5D1cn - LrVtjyQbfimbOA== ) - 7200 NSEC x.dyn.example.net. A RRSIG NSEC - 7200 RRSIG NSEC 5 4 7200 20080615214426 ( - 20080609214426 1355 dyn.example.net. - vjPL9Mb6oUyg9y8m+BpVpTRpac9+WJxu8FHd - Xv4xk67NN+L+Zpukm0D8LSOrk4hZk0X5JkLD - Pz/gpH280yQJFA== ) -x.dyn.example.net. 7200 IN A 1.2.3.4 - 7200 RRSIG A 5 4 7200 20080615214426 ( - 20080609214426 1355 dyn.example.net. - tFyv0gmTKt8/IXdH9VA1H1ymBQ8EIviN2xbC - P8vzWZbay3Az2GPObYmaHKb1dm+Sq1dQUJsb - jn6fdB+T2Zs9Pw== ) - 7200 NSEC y.dyn.example.net. A RRSIG NSEC - 7200 RRSIG NSEC 5 4 7200 20080615214426 ( - 20080609214426 1355 dyn.example.net. - bWhiuA+4V86k/bfw7XQ7qDHwxTwbTyN+2gu5 - MeYQA/WeHdb+3QUOYr6aERRJlbD4q431d4f7 - 0sIwBMHOsDjTSA== ) -y.dyn.example.net. 7200 IN A 1.2.3.5 - 7200 RRSIG A 5 4 7200 20080615214426 ( - 20080609214426 1355 dyn.example.net. - KQbZCcMcXWwGUyHyubt0VRhrpgiOel/0rQpF - 18PyCNIAUIdRra1+Tj12ZaCBT2x5fu+/rtki - qA5CzWo8HIPwmA== ) - 7200 NSEC z.dyn.example.net. A RRSIG NSEC - 7200 RRSIG NSEC 5 4 7200 20080615214426 ( - 20080609214426 1355 dyn.example.net. - e/zPTQ1WxvSJymZ/QSyPYFRYpc8gScTbwfXY - mSyhQGyn1FjfLodAvyicNYbKF/oxR7IaXKLn - lO6C9gQ+Iu9wyw== ) -z.dyn.example.net. 7200 IN A 1.2.3.6 - 7200 RRSIG A 5 4 7200 20080615214426 ( - 20080609214426 1355 dyn.example.net. - hv9KA2BS+b97KSebN4h/nrP8cU4FUASHdsZj - E2GMTf1aV3gpUyPf8LizKhLbUo/LF0bO3CpJ - rWBT4VggwE8blQ== ) - 7200 NSEC dyn.example.net. A RRSIG NSEC - 7200 RRSIG NSEC 5 4 7200 20080615214426 ( - 20080609214426 1355 dyn.example.net. - r8f5dzQcdnn8gvr0jiExt/n4IUCVKID9Nahx - XMDPLrA7ZH7omol+hKz6wlumYmjphlP2mHUU - TNZYnWKCkD3hAQ== ) diff --git a/contrib/zkt/examples/flat/dyn.example.net./zone.db.dsigned b/contrib/zkt/examples/flat/dyn.example.net./zone.db.dsigned deleted file mode 100644 index 9e4c5c8b..00000000 --- a/contrib/zkt/examples/flat/dyn.example.net./zone.db.dsigned +++ /dev/null @@ -1,136 +0,0 @@ -; File written on Thu Jun 12 18:28:39 2008 -; dnssec_signzone version 9.5.0 -dyn.example.net. 7200 IN SOA ns1.example.net. hostmaster.example.net. ( - 8 ; serial - 43200 ; refresh (12 hours) - 1800 ; retry (30 minutes) - 1209600 ; expire (2 weeks) - 7200 ; minimum (2 hours) - ) - 7200 RRSIG SOA 5 3 7200 20080622152838 ( - 20080612152838 1355 dyn.example.net. - GXyAKsmJ3D+pFic86kQxw+ASoAeGwuGj2rY+ - fby0HR5ud3i/Iq857ZlluDbQbg1EKZuar0l5 - e7HwrB59bxKAuw== ) - 7200 NS ns1.example.net. - 7200 NS ns2.example.net. - 7200 RRSIG NS 5 3 7200 20080615214426 ( - 20080609214426 1355 dyn.example.net. - xuEEg3kN7hAVIwdQ8l8lmeEzNhrtz5Ow1PQK - Sm3KTIxXI8RLcqZgc4pMlCWq+gWwxekvxJwz - lU0C+J4VPkA8pA== ) - 7200 NSEC localhost.dyn.example.net. NS SOA RRSIG NSEC DNSKEY - 7200 RRSIG NSEC 5 3 7200 20080615214426 ( - 20080609214426 1355 dyn.example.net. - XFDBfmcN874qUtNsGwD9Ir0QAzjYMw3BI40I - HFEOkTBJouhQ8RBpR6YqgWpkLqg1khvES5DH - +6XuqA8u/xPmbw== ) - 3600 DNSKEY 256 3 5 ( - BQEAAAAB1hmOomNafbJ3H76e8V4qmFvlFWQu - IkM+jbh+s79ZpErpCR7wBS5TswdoTeglX9Uj - P0D6hLmHfTcsdHQLLeMidQ== - ) ; key id = 1355 - 3600 DNSKEY 257 3 3 ( - CNtFdVrUUJ9MPDyzGoPm+tSKUgnX4bble5+V - NGd4RjwWpEDj8RhEAhQ7LybJzr0wtHXT2Q/K - S55xARkUtcH2TVO/ayMupa30pM38rd8uF38s - m+ABKLEvCbPjaLZyW+s10di8nLp1aAxKFFfA - EfXkIhl3Wm5g9CvjrMlrxAOfNy/jtz4v+asI - r6/d992V80G9wMKMvTMQoCr4Sp9s2JubW79i - 4RBVWgHHJMmtyqq+SqEkPhZvsTuo2sXgIH9v - RS3XgfkGtw/KyTUM29bhZ2eB+Ldq+bggp1gb - BDiSsxZPjxciizI/mCzXWbq8BdfZ6LsddMjA - olJwCtaPCD4e4infmw+YSxjGau+YGgI0Cc0u - ItzQmNNpSoejM3IWGV+SN/YuPJIzw8wixDfO - 6kCNiPsW45Fvq31148cAvUvwiqYPQ3fONeOT - dQjsJWLLdLTApVEH10kjAGfa30Tm92lQhhG5 - ovWrWCMbFlw4Lbvlon+X2snWPNut0a1Pz4Wd - clDcmNU8dxi1lFvGbcJ0E4qBoJVBIzDh4HX1 - ) ; key id = 42138 - 3600 RRSIG DNSKEY 3 3 3600 20080615214426 ( - 20080609214426 42138 dyn.example.net. - CIIuZ4cbwEWxoPGO6KDcLRO4Z3y0i2VhXy+5 - 1X+nmHSkpcKJrUty/wY= ) - 3600 RRSIG DNSKEY 5 3 3600 20080615214426 ( - 20080609214426 1355 dyn.example.net. - xGL6ZjA7v2RjPj7BnYjCvsgMRm/Z94j4c5K4 - 7twJsUZ0AO/mURIpdbCigDfFJuK2fy/8X4Vi - 9K8P4EgCcj52Jw== ) -localhost.dyn.example.net. 7200 IN A 127.0.0.1 - 7200 RRSIG A 5 4 7200 20080615214426 ( - 20080609214426 1355 dyn.example.net. - s+RvcycC8aAYgRcR5qBdVXhpRxBMTFS5Q0Pk - FN7OAdfmJ/3nV7+ehu0eOZ2ZjO2Pm4ZFcSM1 - Sm1ttNxSTe2M8A== ) - 7200 NSEC ns1.dyn.example.net. A RRSIG NSEC - 7200 RRSIG NSEC 5 4 7200 20080615214426 ( - 20080609214426 1355 dyn.example.net. - ZhXlmS/WJPbIiXwLKzNFOxw7RU3owfTA8vEM - +/SDZO/7+aVSj5IgbsUs3qLAuFrMN8BFEAWt - AqArf+M3STbO9g== ) -ns1.dyn.example.net. 7200 IN A 1.0.0.5 - 7200 RRSIG A 5 4 7200 20080615214426 ( - 20080609214426 1355 dyn.example.net. - gPY1vUcxdWRJ1YbFMg/8rgoPZwta6rFrxQZl - KbyBNctNmlbXxeynP6j3qjwq9dydzbNt+sjO - TdWtXSZIlU2JKQ== ) - 7200 AAAA 2001:db8::53 - 7200 RRSIG AAAA 5 4 7200 20080615214426 ( - 20080609214426 1355 dyn.example.net. - Y/PZmvaKPq4CqDvdG7eA2sxlnCPeNKHkZOB4 - eDvK1x+q/WfTs3BDd3+g4zlG5nMC+NRSlXeO - Q4Pxd2rI9ud1hA== ) - 7200 NSEC ns2.dyn.example.net. A AAAA RRSIG NSEC - 7200 RRSIG NSEC 5 4 7200 20080615214426 ( - 20080609214426 1355 dyn.example.net. - pLgxecgjqGdhVmCcUl59FljWsnC4bjkslUdt - 0etzeGD1SNGUqhFcW10EgZE4Y9pXwvLvw68R - sj80tqtN0NHi/Q== ) -ns2.dyn.example.net. 7200 IN A 1.2.0.6 - 7200 RRSIG A 5 4 7200 20080615214426 ( - 20080609214426 1355 dyn.example.net. - pHtJzfj0HU/AkLE70xT0UG8M/Gvvsia61TnC - UrxR/61uQk1X4Vy2+oPA14Yb2QJ7ZHG5D1cn - LrVtjyQbfimbOA== ) - 7200 NSEC x.dyn.example.net. A RRSIG NSEC - 7200 RRSIG NSEC 5 4 7200 20080615214426 ( - 20080609214426 1355 dyn.example.net. - vjPL9Mb6oUyg9y8m+BpVpTRpac9+WJxu8FHd - Xv4xk67NN+L+Zpukm0D8LSOrk4hZk0X5JkLD - Pz/gpH280yQJFA== ) -x.dyn.example.net. 7200 IN A 1.2.3.4 - 7200 RRSIG A 5 4 7200 20080615214426 ( - 20080609214426 1355 dyn.example.net. - tFyv0gmTKt8/IXdH9VA1H1ymBQ8EIviN2xbC - P8vzWZbay3Az2GPObYmaHKb1dm+Sq1dQUJsb - jn6fdB+T2Zs9Pw== ) - 7200 NSEC y.dyn.example.net. A RRSIG NSEC - 7200 RRSIG NSEC 5 4 7200 20080615214426 ( - 20080609214426 1355 dyn.example.net. - bWhiuA+4V86k/bfw7XQ7qDHwxTwbTyN+2gu5 - MeYQA/WeHdb+3QUOYr6aERRJlbD4q431d4f7 - 0sIwBMHOsDjTSA== ) -y.dyn.example.net. 7200 IN A 1.2.3.5 - 7200 RRSIG A 5 4 7200 20080615214426 ( - 20080609214426 1355 dyn.example.net. - KQbZCcMcXWwGUyHyubt0VRhrpgiOel/0rQpF - 18PyCNIAUIdRra1+Tj12ZaCBT2x5fu+/rtki - qA5CzWo8HIPwmA== ) - 7200 NSEC z.dyn.example.net. A RRSIG NSEC - 7200 RRSIG NSEC 5 4 7200 20080615214426 ( - 20080609214426 1355 dyn.example.net. - e/zPTQ1WxvSJymZ/QSyPYFRYpc8gScTbwfXY - mSyhQGyn1FjfLodAvyicNYbKF/oxR7IaXKLn - lO6C9gQ+Iu9wyw== ) -z.dyn.example.net. 7200 IN A 1.2.3.6 - 7200 RRSIG A 5 4 7200 20080615214426 ( - 20080609214426 1355 dyn.example.net. - hv9KA2BS+b97KSebN4h/nrP8cU4FUASHdsZj - E2GMTf1aV3gpUyPf8LizKhLbUo/LF0bO3CpJ - rWBT4VggwE8blQ== ) - 7200 NSEC dyn.example.net. A RRSIG NSEC - 7200 RRSIG NSEC 5 4 7200 20080615214426 ( - 20080609214426 1355 dyn.example.net. - r8f5dzQcdnn8gvr0jiExt/n4IUCVKID9Nahx - XMDPLrA7ZH7omol+hKz6wlumYmjphlP2mHUU - TNZYnWKCkD3hAQ== ) diff --git a/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+003+42138.key b/contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+003+42138.key index 6a64c44d..6a64c44d 100644 --- a/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+003+42138.key +++ b/contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+003+42138.key diff --git a/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+003+42138.private b/contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+003+42138.private index 4f7ec3da..4f7ec3da 100644 --- a/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+003+42138.private +++ b/contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+003+42138.private diff --git a/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+005+01355.private b/contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+005+01355.depreciated index 3692946b..3692946b 100644 --- a/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+005+01355.private +++ b/contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+005+01355.depreciated diff --git a/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+005+01355.key b/contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+005+01355.key index d1293980..d1293980 100644 --- a/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+005+01355.key +++ b/contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+005+01355.key diff --git a/contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+005+10643.key b/contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+005+10643.key new file mode 100644 index 00000000..7213f337 --- /dev/null +++ b/contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+005+10643.key @@ -0,0 +1,3 @@ +;% generationtime=20081216133142 +;% lifetime=14d +dyn.example.net. IN DNSKEY 256 3 5 BQEAAAAB4uTFNj8nkYmnWy6LgUlNS2QCPzevMxDoizMthpHUkBf+8U6q Exelm+aQQYnoyoe5NrreKBzt3jmqUYnn19QKQw== diff --git a/contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+005+10643.private b/contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+005+10643.private new file mode 100644 index 00000000..e5428504 --- /dev/null +++ b/contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+005+10643.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: 4uTFNj8nkYmnWy6LgUlNS2QCPzevMxDoizMthpHUkBf+8U6qExelm+aQQYnoyoe5NrreKBzt3jmqUYnn19QKQw== +PublicExponent: AQAAAAE= +PrivateExponent: sW8IqcOjr/1xymzxbq91KQiCxBY/8nDvDO/m4Re6aTrTXr450nw8eBZZQuOnHsSEyc4YA8Gs8AwxO1IGAyjHYQ== +Prime1: 94n25jivIMy9SIV890Kp6CIGfeG/6g9eBFG+igw5JPM= +Prime2: 6qYnXtPI7mxsinhBVf+/2Ncv+V48/790y+jUhJXFGXE= +Exponent1: 4uCtm1fxo8apOydY+plF8duFa4BQq2rZkG4XCKQFpo0= +Exponent2: DBPT/6Xc9NryN5/MaOWZhmEWha//SPrGIHrcOwRhE8E= +Coefficient: tmkhFA718p1qDTkmOa2MqYox+Cz1LsuNCraAK0srL1U= diff --git a/contrib/zkt/examples/flat/dyn.example.net./dnskey.db b/contrib/zkt/examples/flat/dyn.example.net/dnskey.db index e0f978e1..e05508e7 100644 --- a/contrib/zkt/examples/flat/dyn.example.net./dnskey.db +++ b/contrib/zkt/examples/flat/dyn.example.net/dnskey.db @@ -2,12 +2,12 @@ ; !!! Don't edit this file by hand. ; !!! It will be generated by dnssec-signer. ; -; Last generation time Jun 12 2008 18:28:38 +; Last generation time Dec 18 2008 01:03:01 ; ; *** List of Key Signing Keys *** -; dyn.example.net. tag=42138 algo=DSA generated Jun 10 2008 00:44:26 -dyn.example.net. 14400 IN DNSKEY 257 3 3 ( +; dyn.example.net. tag=42138 algo=DSA generated Aug 05 2008 23:01:57 +dyn.example.net. 3600 IN DNSKEY 257 3 3 ( CNtFdVrUUJ9MPDyzGoPm+tSKUgnX4bble5+VNGd4RjwWpEDj8RhEAhQ7 LybJzr0wtHXT2Q/KS55xARkUtcH2TVO/ayMupa30pM38rd8uF38sm+AB KLEvCbPjaLZyW+s10di8nLp1aAxKFFfAEfXkIhl3Wm5g9CvjrMlrxAOf @@ -21,9 +21,15 @@ dyn.example.net. 14400 IN DNSKEY 257 3 3 ( ) ; key id = 42138 ; *** List of Zone Signing Keys *** -; dyn.example.net. tag=1355 algo=RSASHA1 generated Jun 10 2008 00:44:26 -dyn.example.net. 14400 IN DNSKEY 256 3 5 ( +; dyn.example.net. tag=1355 algo=RSASHA1 generated Aug 05 2008 23:01:57 +dyn.example.net. 3600 IN DNSKEY 256 3 5 ( BQEAAAAB1hmOomNafbJ3H76e8V4qmFvlFWQuIkM+jbh+s79ZpErpCR7w BS5TswdoTeglX9UjP0D6hLmHfTcsdHQLLeMidQ== ) ; key id = 1355 +; dyn.example.net. tag=10643 algo=RSASHA1 generated Dec 16 2008 14:31:42 +dyn.example.net. 3600 IN DNSKEY 256 3 5 ( + BQEAAAAB4uTFNj8nkYmnWy6LgUlNS2QCPzevMxDoizMthpHUkBf+8U6q + Exelm+aQQYnoyoe5NrreKBzt3jmqUYnn19QKQw== + ) ; key id = 10643 + diff --git a/contrib/zkt/examples/flat/dyn.example.net./dnssec.conf b/contrib/zkt/examples/flat/dyn.example.net/dnssec.conf index 0998fda2..0998fda2 100644 --- a/contrib/zkt/examples/flat/dyn.example.net./dnssec.conf +++ b/contrib/zkt/examples/flat/dyn.example.net/dnssec.conf diff --git a/contrib/zkt/examples/flat/dyn.example.net./dsset-dyn.example.net. b/contrib/zkt/examples/flat/dyn.example.net/dsset-dyn.example.net. index f94666a6..f94666a6 100644 --- a/contrib/zkt/examples/flat/dyn.example.net./dsset-dyn.example.net. +++ b/contrib/zkt/examples/flat/dyn.example.net/dsset-dyn.example.net. diff --git a/contrib/zkt/examples/flat/dyn.example.net./keyset-dyn.example.net. b/contrib/zkt/examples/flat/dyn.example.net/keyset-dyn.example.net. index 002217b0..002217b0 100644 --- a/contrib/zkt/examples/flat/dyn.example.net./keyset-dyn.example.net. +++ b/contrib/zkt/examples/flat/dyn.example.net/keyset-dyn.example.net. diff --git a/contrib/zkt/examples/flat/dyn.example.net/zone.db b/contrib/zkt/examples/flat/dyn.example.net/zone.db new file mode 100644 index 00000000..8ed11a4b --- /dev/null +++ b/contrib/zkt/examples/flat/dyn.example.net/zone.db @@ -0,0 +1,115 @@ +; File written on Tue Dec 16 14:31:43 2008 +; dnssec_signzone version 9.6.0rc1 +dyn.example.net. 7200 IN SOA ns1.example.net. hostmaster.example.net. ( + 9 ; serial + 43200 ; refresh (12 hours) + 1800 ; retry (30 minutes) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 7200 RRSIG SOA 5 3 7200 20081222123143 ( + 20081216123143 1355 dyn.example.net. + G4QPBPbeEnPfKggesblu+QPI6rlt8gOaqnJB + k/98pbkDxhgLmpPP9RdjD3bftSFRgOdPGN1Y + xE4AxSdo4AR5NA== ) + 7200 NS ns1.example.net. + 7200 NS ns2.example.net. + 7200 RRSIG NS 5 3 7200 20081222123143 ( + 20081216123143 1355 dyn.example.net. + le7/8D28Oia0Ai/aSZsno5TILSCaPKNnuauM + MGEGfCixiCXFIOCuND54qMpUR3wNEnTkHkyl + OBYt6dGy5pH0dw== ) + 7200 NSEC localhost.dyn.example.net. NS SOA RRSIG NSEC DNSKEY + 7200 RRSIG NSEC 5 3 7200 20081222123143 ( + 20081216123143 1355 dyn.example.net. + ovWzUD/vXa15hxBDTtMKP4TcJEpG3RX+2CrZ + ztcRdF9uy3JXI3+dEgmB+cPaDVW1AiNIrIYF + 3MRaCHa4jhJISw== ) +$INCLUDE dnskey.db + 3600 RRSIG DNSKEY 3 3 3600 20081222123143 ( + 20081216123143 42138 dyn.example.net. + CL4xO8K27EV8Aq25hhFsk7Q5uL7sGO0HnsBH + tr6Iomd+JCqxBGvZSBg= ) + 3600 RRSIG DNSKEY 5 3 3600 20081222123143 ( + 20081216123143 1355 dyn.example.net. + DkobINneyOshuB+T7nfnGx/O7JvEBRPT/svs + ysxDmzZ8CaPF04lskwrLPFcRfMhrGX2JFYjE + uIWUFMbDBVHilA== ) +localhost.dyn.example.net. 7200 IN A 127.0.0.1 + 7200 RRSIG A 5 4 7200 20081222123143 ( + 20081216123143 1355 dyn.example.net. + HDt+/eQ8d52VglJFPDwO3W7Gez2TUbvdz8Gk + SVDqIjHSTvJWN3L0vnBdHXOYUT8WLIMtQXXm + Y+JU8nNWxrD8yQ== ) + 7200 NSEC ns1.dyn.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 4 7200 20081222123143 ( + 20081216123143 1355 dyn.example.net. + d+CMf40oITbKKIV2AE3JTmGKtxb1RJPEEm2p + z8RHSPFrdcC9ieJrdZIx1+Uxs5PjNbZcjdft + oiLcZ/pr+2QXew== ) +ns1.dyn.example.net. 7200 IN A 1.0.0.5 + 7200 RRSIG A 5 4 7200 20081222123143 ( + 20081216123143 1355 dyn.example.net. + p99aPrpCC+FU8uRCJuRCo4aibhuFelbDXR1q + 9WRVJBJiDV4FO6EH/tCBAUQmNT0fh+mERKNd + 39Qjr5mH5gFcQw== ) + 7200 AAAA 2001:db8::53 + 7200 RRSIG AAAA 5 4 7200 20081222123143 ( + 20081216123143 1355 dyn.example.net. + ajT50HHhQUY5mD8SH1nPd+mf4HosL1lVvDVN + HTnpoqCjG0guDuRk/BCLTBj1MPcPDYlkdDcd + Rpv5xbYbYNu5qQ== ) + 7200 NSEC ns2.dyn.example.net. A AAAA RRSIG NSEC + 7200 RRSIG NSEC 5 4 7200 20081222123143 ( + 20081216123143 1355 dyn.example.net. + lQESBjK8+FQmGgndAMbPvQ2WMomT3sa1ozPQ + /7ykGFFgM3YeUyA2h0AlUWHatLNDvMy2HeaM + C1ozcV9M/iHR0A== ) +ns2.dyn.example.net. 7200 IN A 1.2.0.6 + 7200 RRSIG A 5 4 7200 20081222123143 ( + 20081216123143 1355 dyn.example.net. + OrkPhnVeL0kTY6hJzrBgXy1NGeiQQR+5ykSh + qFOOwR1C0YiBWGF3kkLE0ZAZ7XD+CPxc6Z/H + WL/+o/AVAtWrtg== ) + 7200 NSEC x.dyn.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 4 7200 20081222123143 ( + 20081216123143 1355 dyn.example.net. + ZE+qfvafm4vmGkkpcI1Z1ND2doEwnGELDiYQ + SpNu3bWTHDO6B8vHql1QayGPLzDH8licFAXL + FdyUOVHrXZMZNw== ) +x.dyn.example.net. 7200 IN A 1.2.3.4 + 7200 RRSIG A 5 4 7200 20081222123143 ( + 20081216123143 1355 dyn.example.net. + kYuQrOUinJDCsIGlv+qAPROyDOP6vCI11Us4 + V0c6HK18FaaNE0BeivHAMN9QkliHF9GjYVm2 + JbklfT3DUMSuIA== ) + 7200 NSEC y.dyn.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 4 7200 20081222123143 ( + 20081216123143 1355 dyn.example.net. + AR2flkOCH0YPbmTGxPj4v8Ug/L2dasQElmZW + +NZK4vlyxwtGFowBDtcjiD10defZNP3Wuzus + YjuVA5JpZpTW8A== ) +y.dyn.example.net. 7200 IN A 1.2.3.5 + 7200 RRSIG A 5 4 7200 20081222123143 ( + 20081216123143 1355 dyn.example.net. + HYDO2JtuRZWZ+XyDj7GZOlC3b2Y2rozEzzEf + OC/CChOsplwm1MDx+5nXPHM8wcIUUofrlq+b + lRLJfqwLt9erxg== ) + 7200 NSEC z.dyn.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 4 7200 20081222123143 ( + 20081216123143 1355 dyn.example.net. + mtz25BnhPmwYaHG2DLth2f3XTUeAMFDnmXby + /kUWbflanujxvWDnB2hFs4qKGeE+WL36F/aw + /Ui1oFyMOcdvPg== ) +z.dyn.example.net. 7200 IN A 1.2.3.6 + 7200 RRSIG A 5 4 7200 20081222123143 ( + 20081216123143 1355 dyn.example.net. + CxCptk9vpGT/9oG9WXiLmgKrWrxvuxFkgjEu + gBsp7loIM6x3Pr+CDXdsvbjDW1DwsjYBPyCa + JL7B7wczIlxQrA== ) + 7200 NSEC dyn.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 4 7200 20081222123143 ( + 20081216123143 1355 dyn.example.net. + hOjfx9YA8O7tSXycALMnI+cQw3hs4euTVNPf + fCiYukAFjwpQAmS8xVbtydTH7TVs5UcObyqB + 8gsnXboAW9x07g== ) diff --git a/contrib/zkt/examples/flat/dyn.example.net/zone.db.dsigned b/contrib/zkt/examples/flat/dyn.example.net/zone.db.dsigned new file mode 100644 index 00000000..31b15fd8 --- /dev/null +++ b/contrib/zkt/examples/flat/dyn.example.net/zone.db.dsigned @@ -0,0 +1,221 @@ +; File written on Thu Dec 18 01:03:01 2008 +; dnssec_signzone version 9.6.0rc1 +dyn.example.net. 7200 IN SOA ns1.example.net. hostmaster.example.net. ( + 10 ; serial + 43200 ; refresh (12 hours) + 1800 ; retry (30 minutes) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 7200 RRSIG SOA 5 3 7200 20081223230301 ( + 20081217230301 10643 dyn.example.net. + srn4ZqDvq1V4YWAn+s1UuC3pk9DFhyxo7w6h + 6LnIeqAvnt6naBfgu0IHKt62fCMlq2LaW3n5 + LYdW5XD0aMU2pA== ) + 7200 NS ns1.example.net. + 7200 NS ns2.example.net. + 7200 RRSIG NS 5 3 7200 20081222123143 ( + 20081216123143 1355 dyn.example.net. + le7/8D28Oia0Ai/aSZsno5TILSCaPKNnuauM + MGEGfCixiCXFIOCuND54qMpUR3wNEnTkHkyl + OBYt6dGy5pH0dw== ) + 7200 RRSIG NS 5 3 7200 20081223230301 ( + 20081217230301 10643 dyn.example.net. + IAaofnTCtf2xoxW+NxUyosdLTj2+ueDnv8tz + hgGwtzUeHn+AXZgwB3pe5AgMO+Y8WNg7AZJ7 + TlJkTe3CnL6/Uw== ) + 7200 NSEC localhost.dyn.example.net. NS SOA RRSIG NSEC DNSKEY + 7200 RRSIG NSEC 5 3 7200 20081222123143 ( + 20081216123143 1355 dyn.example.net. + ovWzUD/vXa15hxBDTtMKP4TcJEpG3RX+2CrZ + ztcRdF9uy3JXI3+dEgmB+cPaDVW1AiNIrIYF + 3MRaCHa4jhJISw== ) + 7200 RRSIG NSEC 5 3 7200 20081223230301 ( + 20081217230301 10643 dyn.example.net. + S0ngwduIYE7H5DZ9A8OfeY9h0Sb6mdBQpN2+ + TzK3hsS6d92m7IoTkLMv8V1iGMY9cUasauwl + bzMUUgXpBSzFqA== ) + 3600 DNSKEY 256 3 5 ( + BQEAAAAB1hmOomNafbJ3H76e8V4qmFvlFWQu + IkM+jbh+s79ZpErpCR7wBS5TswdoTeglX9Uj + P0D6hLmHfTcsdHQLLeMidQ== + ) ; key id = 1355 + 3600 DNSKEY 256 3 5 ( + BQEAAAAB4uTFNj8nkYmnWy6LgUlNS2QCPzev + MxDoizMthpHUkBf+8U6qExelm+aQQYnoyoe5 + NrreKBzt3jmqUYnn19QKQw== + ) ; key id = 10643 + 3600 DNSKEY 257 3 3 ( + CNtFdVrUUJ9MPDyzGoPm+tSKUgnX4bble5+V + NGd4RjwWpEDj8RhEAhQ7LybJzr0wtHXT2Q/K + S55xARkUtcH2TVO/ayMupa30pM38rd8uF38s + m+ABKLEvCbPjaLZyW+s10di8nLp1aAxKFFfA + EfXkIhl3Wm5g9CvjrMlrxAOfNy/jtz4v+asI + r6/d992V80G9wMKMvTMQoCr4Sp9s2JubW79i + 4RBVWgHHJMmtyqq+SqEkPhZvsTuo2sXgIH9v + RS3XgfkGtw/KyTUM29bhZ2eB+Ldq+bggp1gb + BDiSsxZPjxciizI/mCzXWbq8BdfZ6LsddMjA + olJwCtaPCD4e4infmw+YSxjGau+YGgI0Cc0u + ItzQmNNpSoejM3IWGV+SN/YuPJIzw8wixDfO + 6kCNiPsW45Fvq31148cAvUvwiqYPQ3fONeOT + dQjsJWLLdLTApVEH10kjAGfa30Tm92lQhhG5 + ovWrWCMbFlw4Lbvlon+X2snWPNut0a1Pz4Wd + clDcmNU8dxi1lFvGbcJ0E4qBoJVBIzDh4HX1 + ) ; key id = 42138 + 3600 RRSIG DNSKEY 3 3 3600 20081222123143 ( + 20081216123143 42138 dyn.example.net. + CL4xO8K27EV8Aq25hhFsk7Q5uL7sGO0HnsBH + tr6Iomd+JCqxBGvZSBg= ) + 3600 RRSIG DNSKEY 5 3 3600 20081222123143 ( + 20081216123143 1355 dyn.example.net. + DkobINneyOshuB+T7nfnGx/O7JvEBRPT/svs + ysxDmzZ8CaPF04lskwrLPFcRfMhrGX2JFYjE + uIWUFMbDBVHilA== ) + 3600 RRSIG DNSKEY 5 3 3600 20081223230301 ( + 20081217230301 10643 dyn.example.net. + 0W2AHhTCCVK1UAhfGkZTkrLuPfRNBgQHysKw + dHimxjMq/IlVwamPkmrW0NmYdt15C+E9SZja + HYu8RuXqyqxQzQ== ) +localhost.dyn.example.net. 7200 IN A 127.0.0.1 + 7200 RRSIG A 5 4 7200 20081222123143 ( + 20081216123143 1355 dyn.example.net. + HDt+/eQ8d52VglJFPDwO3W7Gez2TUbvdz8Gk + SVDqIjHSTvJWN3L0vnBdHXOYUT8WLIMtQXXm + Y+JU8nNWxrD8yQ== ) + 7200 RRSIG A 5 4 7200 20081223230301 ( + 20081217230301 10643 dyn.example.net. + vTo/zPTFUEK92lpo3XTuSai3VsUO5FuYuS0T + L3w3iIQHOdOSHunPy2brF6BzsznZXLuYvDvr + cZuxxYJpYRrecg== ) + 7200 NSEC ns1.dyn.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 4 7200 20081222123143 ( + 20081216123143 1355 dyn.example.net. + d+CMf40oITbKKIV2AE3JTmGKtxb1RJPEEm2p + z8RHSPFrdcC9ieJrdZIx1+Uxs5PjNbZcjdft + oiLcZ/pr+2QXew== ) + 7200 RRSIG NSEC 5 4 7200 20081223230301 ( + 20081217230301 10643 dyn.example.net. + G/Tw47gQNzuCEJTLHbCOcrBoEEP28QrwzLdw + 7Y+WXP7XFMsLDkdLGrsL6CGLDL/L9WBGU75x + QKKBPFshzJUeUQ== ) +ns1.dyn.example.net. 7200 IN A 1.0.0.5 + 7200 RRSIG A 5 4 7200 20081222123143 ( + 20081216123143 1355 dyn.example.net. + p99aPrpCC+FU8uRCJuRCo4aibhuFelbDXR1q + 9WRVJBJiDV4FO6EH/tCBAUQmNT0fh+mERKNd + 39Qjr5mH5gFcQw== ) + 7200 RRSIG A 5 4 7200 20081223230301 ( + 20081217230301 10643 dyn.example.net. + QPGkC3aXCaNaGauAaEs5AWlBoftcP/HbrVGe + JlzZN2LbwwbTNDtvotnW7PeWJaaj6vRInkOt + TjSz43Sfn4FJvg== ) + 7200 AAAA 2001:db8::53 + 7200 RRSIG AAAA 5 4 7200 20081222123143 ( + 20081216123143 1355 dyn.example.net. + ajT50HHhQUY5mD8SH1nPd+mf4HosL1lVvDVN + HTnpoqCjG0guDuRk/BCLTBj1MPcPDYlkdDcd + Rpv5xbYbYNu5qQ== ) + 7200 RRSIG AAAA 5 4 7200 20081223230301 ( + 20081217230301 10643 dyn.example.net. + BXvwGdoLeAuj709j3KGvK7RvgQ4MbJmew8De + ZbTBaoVt4Z79Tf0m67Vj+VqHRgTDjyIvnSNZ + Bawk6lWw5dvroA== ) + 7200 NSEC ns2.dyn.example.net. A AAAA RRSIG NSEC + 7200 RRSIG NSEC 5 4 7200 20081222123143 ( + 20081216123143 1355 dyn.example.net. + lQESBjK8+FQmGgndAMbPvQ2WMomT3sa1ozPQ + /7ykGFFgM3YeUyA2h0AlUWHatLNDvMy2HeaM + C1ozcV9M/iHR0A== ) + 7200 RRSIG NSEC 5 4 7200 20081223230301 ( + 20081217230301 10643 dyn.example.net. + fYIG2W8qnQYoahLfwJqLf4Tigl93xfqXZO20 + qn/wPBW4jy+JnJ/ShptEZCeuyTTsVBw4ZnJI + 7o15ZBW1UlZy9g== ) +ns2.dyn.example.net. 7200 IN A 1.2.0.6 + 7200 RRSIG A 5 4 7200 20081222123143 ( + 20081216123143 1355 dyn.example.net. + OrkPhnVeL0kTY6hJzrBgXy1NGeiQQR+5ykSh + qFOOwR1C0YiBWGF3kkLE0ZAZ7XD+CPxc6Z/H + WL/+o/AVAtWrtg== ) + 7200 RRSIG A 5 4 7200 20081223230301 ( + 20081217230301 10643 dyn.example.net. + gDre5yf6WCDCute4lg1ktW9+mM4qPn5D5Oy6 + hsu3+9NRjOdAdQhV9HMzdOODooIOvLGKINOY + 6PFS66OvTcfNpA== ) + 7200 NSEC x.dyn.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 4 7200 20081222123143 ( + 20081216123143 1355 dyn.example.net. + ZE+qfvafm4vmGkkpcI1Z1ND2doEwnGELDiYQ + SpNu3bWTHDO6B8vHql1QayGPLzDH8licFAXL + FdyUOVHrXZMZNw== ) + 7200 RRSIG NSEC 5 4 7200 20081223230301 ( + 20081217230301 10643 dyn.example.net. + FZGn3y2M+YWoH6gk06gTUMZ49PIq+yDr708Y + fxPcEsRljuYU2GrmETQKJTDY1HjYomTBGoKm + StupQrHzOOasAA== ) +x.dyn.example.net. 7200 IN A 1.2.3.4 + 7200 RRSIG A 5 4 7200 20081222123143 ( + 20081216123143 1355 dyn.example.net. + kYuQrOUinJDCsIGlv+qAPROyDOP6vCI11Us4 + V0c6HK18FaaNE0BeivHAMN9QkliHF9GjYVm2 + JbklfT3DUMSuIA== ) + 7200 RRSIG A 5 4 7200 20081223230301 ( + 20081217230301 10643 dyn.example.net. + pYCB8HDdv9WxX1GxNWdafGZGSKrveweoOixc + uddF++dPA1m+ro/6Qw28Cj5Coth7IKu+TyM0 + JPWTJgOUck73zw== ) + 7200 NSEC y.dyn.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 4 7200 20081222123143 ( + 20081216123143 1355 dyn.example.net. + AR2flkOCH0YPbmTGxPj4v8Ug/L2dasQElmZW + +NZK4vlyxwtGFowBDtcjiD10defZNP3Wuzus + YjuVA5JpZpTW8A== ) + 7200 RRSIG NSEC 5 4 7200 20081223230301 ( + 20081217230301 10643 dyn.example.net. + Ant5JHyVUh8+mMG5+WGgimDGiItGVRWhb3B5 + C4KYb7DM8+qJ98W0KPIxFT9Sj9bsKyyOzvf3 + Bik/f7DSdcr6sg== ) +y.dyn.example.net. 7200 IN A 1.2.3.5 + 7200 RRSIG A 5 4 7200 20081222123143 ( + 20081216123143 1355 dyn.example.net. + HYDO2JtuRZWZ+XyDj7GZOlC3b2Y2rozEzzEf + OC/CChOsplwm1MDx+5nXPHM8wcIUUofrlq+b + lRLJfqwLt9erxg== ) + 7200 RRSIG A 5 4 7200 20081223230301 ( + 20081217230301 10643 dyn.example.net. + 1zS6xszu0hrKaJOLS6YOuFthmDCRp3PQIAjh + u6uPX6Kjpb8Svhdo7yFp7ukJU5OX6BEKiSon + qHajnJvPg72T6w== ) + 7200 NSEC z.dyn.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 4 7200 20081222123143 ( + 20081216123143 1355 dyn.example.net. + mtz25BnhPmwYaHG2DLth2f3XTUeAMFDnmXby + /kUWbflanujxvWDnB2hFs4qKGeE+WL36F/aw + /Ui1oFyMOcdvPg== ) + 7200 RRSIG NSEC 5 4 7200 20081223230301 ( + 20081217230301 10643 dyn.example.net. + 3fCQpAl+OjtWt9ZIpTrYVLhpZoaLqAJ8hy2v + ZTu9MtmmS3W/cdp6qdSi+bUZuiptGoxTBAjh + aC7QpOrobV9C/w== ) +z.dyn.example.net. 7200 IN A 1.2.3.6 + 7200 RRSIG A 5 4 7200 20081222123143 ( + 20081216123143 1355 dyn.example.net. + CxCptk9vpGT/9oG9WXiLmgKrWrxvuxFkgjEu + gBsp7loIM6x3Pr+CDXdsvbjDW1DwsjYBPyCa + JL7B7wczIlxQrA== ) + 7200 RRSIG A 5 4 7200 20081223230301 ( + 20081217230301 10643 dyn.example.net. + MAJ85Q1cFh7yqewaQyJ3YxS3KwTK/rxW+leY + HLwxfcijXkUrxVaRtO/gTcFdo4aTJjeDrPhV + ESwQbI+NNVkVRw== ) + 7200 NSEC dyn.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 4 7200 20081222123143 ( + 20081216123143 1355 dyn.example.net. + hOjfx9YA8O7tSXycALMnI+cQw3hs4euTVNPf + fCiYukAFjwpQAmS8xVbtydTH7TVs5UcObyqB + 8gsnXboAW9x07g== ) + 7200 RRSIG NSEC 5 4 7200 20081223230301 ( + 20081217230301 10643 dyn.example.net. + hRnT7XWT+KFHsxZ8rNiqWJ2/5WyLQRxht/QQ + NXaYz2OeSGfgsRmdHc6UfjeVLyeXYn7Tkikr + Pg7pX/nmF4eldQ== ) diff --git a/contrib/zkt/examples/flat/dyn.example.net./zone.org b/contrib/zkt/examples/flat/dyn.example.net/zone.org index c536fc87..c536fc87 100644 --- a/contrib/zkt/examples/flat/dyn.example.net./zone.org +++ b/contrib/zkt/examples/flat/dyn.example.net/zone.org diff --git a/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41300.key b/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41300.key deleted file mode 100644 index 235a5df1..00000000 --- a/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41300.key +++ /dev/null @@ -1,3 +0,0 @@ -;% generationtime=20080721221039 -;% lifetime=14d -example.net. IN DNSKEY 256 3 5 BQEAAAABz+XkYpKYKuMPi7jA8Y/qfzDuGKdGVadO1kBAK6UnrK+WbxP3 LjoOtWm13QuS8fHsuZipXs2ouT2S9dhdEArKfw== diff --git a/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41300.private b/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41300.private deleted file mode 100644 index b5041c0f..00000000 --- a/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41300.private +++ /dev/null @@ -1,10 +0,0 @@ -Private-key-format: v1.2 -Algorithm: 5 (RSASHA1) -Modulus: z+XkYpKYKuMPi7jA8Y/qfzDuGKdGVadO1kBAK6UnrK+WbxP3LjoOtWm13QuS8fHsuZipXs2ouT2S9dhdEArKfw== -PublicExponent: AQAAAAE= -PrivateExponent: MF8+pDySZKCy1bZvgH9me1xf6cMd7V7FYgIWqRTSGuGpRWdtnIoltaBWjj2UlCshJYiwT0Y5g3obAsorqBC3wQ== -Prime1: 6M83fhmfDJmatbG+texk1m/E7Aj8yOTLommXQYC/18M= -Prime2: 5JtrNfEt434OYY/aIFo+LpKQ4YHmni1IODDoP9sHkpU= -Exponent1: nCZRKBmE9YucwPIw6E1yLiAJ87fqm9IGNLez0kmtV+0= -Exponent2: 4rEtpIoEBRymA2/iJbg+UmyCd1MKp5Mx4WhFTv1KOS0= -Coefficient: v0eWAC3cl0XllkeNGaq5thp02OnHsxVU8Xwtss3dCMw= diff --git a/contrib/zkt/examples/flat/example.net./dnskey.db b/contrib/zkt/examples/flat/example.net./dnskey.db deleted file mode 100644 index 6bd2ba05..00000000 --- a/contrib/zkt/examples/flat/example.net./dnskey.db +++ /dev/null @@ -1,33 +0,0 @@ -; -; !!! Don't edit this file by hand. -; !!! It will be generated by dnssec-signer. -; -; Last generation time Jul 31 2008 00:25:53 -; - -; *** List of Key Signing Keys *** -; example.net. tag=1764 algo=RSASHA1 generated Jun 19 2008 00:32:22 -example.net. 3600 IN DNSKEY 257 3 5 ( - BQEAAAABDUi2uSUlDjESbnrnY5wd8+pXxhYVY4wCi2UVjhcehvIb2bF8 - VJH2Q9/0ubQR1vQ2VJhsGUj3A7bdTfbMETPxKkZaDpc9lCYrm0z5HDrs - lyx4bSb4JX/iCyhgYZXrTVb9WyLXjUtmDUktDjZgsyVshFHVJShBUSj+ - YpnfQkndGViDAbJRycXDYEF1hCNmTK3KsR1JS9dXMKI3WidH+B9rLlBU - 8w== - ) ; key id = 1764 - -; example.net. tag=41151 algo=RSASHA1 generated Jun 19 2008 00:32:22 -example.net. 3600 IN DNSKEY 257 3 5 ( - BQEAAAABDAnSCbSyScZdP2M6OQTbTGvZRD5avmDYgAwXv0EsnNautYn7 - kzDGwY3oVTXWDTdII+syK0pt0unjUn2ActoXtyFzIk61VRKDroANM9/W - O0PO/y50vNIGMJUL1TiMR6jCp23eSxQ39/1A+BeiU+fMjoJK0/Yc7hbM - HWwD8myU0IEX8R2iVUTXNPNbmUV2M836Eu5SRLIVTc7P4vjKT1YYVnoQ - qw== - ) ; key id = 41151 - -; *** List of Zone Signing Keys *** -; example.net. tag=41300 algo=RSASHA1 generated Jul 24 2008 00:13:57 -example.net. 3600 IN DNSKEY 256 3 5 ( - BQEAAAABz+XkYpKYKuMPi7jA8Y/qfzDuGKdGVadO1kBAK6UnrK+WbxP3 - LjoOtWm13QuS8fHsuZipXs2ouT2S9dhdEArKfw== - ) ; key id = 41300 - diff --git a/contrib/zkt/examples/flat/example.net./dsset-example.net. b/contrib/zkt/examples/flat/example.net./dsset-example.net. deleted file mode 100644 index d4a01ed9..00000000 --- a/contrib/zkt/examples/flat/example.net./dsset-example.net. +++ /dev/null @@ -1,4 +0,0 @@ -example.net. IN DS 1764 5 1 A6F060DDE8DE45CA7FD1C21E2F39C477F214795F -example.net. IN DS 1764 5 2 B7109245C60ACEDD1630E145477FDF574D5BD9CABE530AAC6D7192DB 7FBFAA3F -example.net. IN DS 41151 5 1 BBB692EA07571E412F9385A618C1CAD9BFC1469A -example.net. IN DS 41151 5 2 4D22B44C3DC09BD9EEADFFB917EFCE8E45F22E89FF0C096CD14F4405 CA1CAE3F diff --git a/contrib/zkt/examples/flat/example.net./zone.db.signed b/contrib/zkt/examples/flat/example.net./zone.db.signed deleted file mode 100644 index b10d122b..00000000 --- a/contrib/zkt/examples/flat/example.net./zone.db.signed +++ /dev/null @@ -1,166 +0,0 @@ -; File written on Thu Jul 31 00:25:53 2008 -; dnssec_signzone version 9.5.1b1 -example.net. 7200 IN SOA ns1.example.net. hostmaster.example.net. ( - 306 ; serial - 43200 ; refresh (12 hours) - 1800 ; retry (30 minutes) - 1209600 ; expire (2 weeks) - 7200 ; minimum (2 hours) - ) - 7200 RRSIG SOA 5 2 7200 20080805212553 ( - 20080730212553 41300 example.net. - eRpET793mGv1lKjHoaL/woHNxqFx8mFg1LlT - x3ISMuUH7BJCHI4urjNMIJCOKwTeDsstlmvt - llflqikDp8uLmQ== ) - 7200 NS ns1.example.net. - 7200 NS ns2.example.net. - 7200 RRSIG NS 5 2 7200 20080805212553 ( - 20080730212553 41300 example.net. - t7lt/MCYy2plJXQXeZFapUjzkhtYi0NIa4/i - sJInZYv78nT2981zrlYCX5UKswGy6VAchtgu - WDdVL5V3nirNiA== ) - 7200 NSEC a.example.net. NS SOA RRSIG NSEC DNSKEY - 7200 RRSIG NSEC 5 2 7200 20080805212553 ( - 20080730212553 41300 example.net. - TNq3FKjB7brjHQDD1vReNNddof1UmsAOdioU - vL1alQJa1zXVpL9Yl2NUbtuV3kKVpxxLAZM4 - 8fjJ1uPzW3KVJQ== ) - 3600 DNSKEY 256 3 5 ( - BQEAAAABz+XkYpKYKuMPi7jA8Y/qfzDuGKdG - VadO1kBAK6UnrK+WbxP3LjoOtWm13QuS8fHs - uZipXs2ouT2S9dhdEArKfw== - ) ; key id = 41300 - 3600 DNSKEY 257 3 5 ( - BQEAAAABDAnSCbSyScZdP2M6OQTbTGvZRD5a - vmDYgAwXv0EsnNautYn7kzDGwY3oVTXWDTdI - I+syK0pt0unjUn2ActoXtyFzIk61VRKDroAN - M9/WO0PO/y50vNIGMJUL1TiMR6jCp23eSxQ3 - 9/1A+BeiU+fMjoJK0/Yc7hbMHWwD8myU0IEX - 8R2iVUTXNPNbmUV2M836Eu5SRLIVTc7P4vjK - T1YYVnoQqw== - ) ; key id = 41151 - 3600 DNSKEY 257 3 5 ( - BQEAAAABDUi2uSUlDjESbnrnY5wd8+pXxhYV - Y4wCi2UVjhcehvIb2bF8VJH2Q9/0ubQR1vQ2 - VJhsGUj3A7bdTfbMETPxKkZaDpc9lCYrm0z5 - HDrslyx4bSb4JX/iCyhgYZXrTVb9WyLXjUtm - DUktDjZgsyVshFHVJShBUSj+YpnfQkndGViD - AbJRycXDYEF1hCNmTK3KsR1JS9dXMKI3WidH - +B9rLlBU8w== - ) ; key id = 1764 - 3600 RRSIG DNSKEY 5 2 3600 20080805212553 ( - 20080730212553 41151 example.net. - AoLzL97D0rw8R5leKTNH7XuKyLPUdmX2nmfb - Q9RV9mV1mcM7cV37C8nNp1xNqY91frjCiUtd - PjFa95U2B1ZVU6j2CgWzPLRidRTU/aKJy2MZ - dwkAx4P6MGXemCwi5xGY1JLP3WTtdW1ERBjE - tgOT8mOOA8pDk+1S2zUAGbT4WGLx09hf16n+ - b9YR+mNVyEyJ8qJGvWm6U8niyhHOZWFj6QkL - Tw== ) - 3600 RRSIG DNSKEY 5 2 3600 20080805212553 ( - 20080730212553 41300 example.net. - up151hyvd84qGvWxziVwgzuLHvZ9os27gqSU - hMeplk+Q2coXShZ219zSQKfZHRYRQF0Hujwi - FSHnJW5dlBhMow== ) -a.example.net. 7200 IN A 1.2.3.1 - 7200 RRSIG A 5 3 7200 20080805212553 ( - 20080730212553 41300 example.net. - EOJulnvULgDyx+WXIPkkoAcBot3lKKIHplAM - aa2K3QIXak75/IxCh+K/yUpqgsbeU0wHJakd - vo0cFjkPvCCrHA== ) - 7200 NSEC b.example.net. A RRSIG NSEC - 7200 RRSIG NSEC 5 3 7200 20080805212553 ( - 20080730212553 41300 example.net. - Vb+ZkjqQ+TzXmhsVEE1490F6O3Mww5z0GiO/ - 1CtMb+qfUNS0RavmHVnm5rBYs3WyQmG04vQr - 2MS4wJguPpznEg== ) -b.example.net. 7200 IN MX 10 a.example.net. - 7200 RRSIG MX 5 3 7200 20080805212553 ( - 20080730212553 41300 example.net. - RG6GDR1HAKQeG6TaWbIlp97FYZSp8Xf7ySxi - Q+OJaPw209RmlNFySWt/HQ6XiwPQ3OJUU9KJ - V1VbEaZnFVXu2Q== ) - 7200 NSEC d.example.net. MX RRSIG NSEC - 7200 RRSIG NSEC 5 3 7200 20080805212553 ( - 20080730212553 41300 example.net. - MxxrqKlQWoN1PgC6g/VkzTQYRFZpeJfjtm9L - jbnNPVNUJoRFA2knURkrTB4nmQc6k9bms9Na - G1yt/jdFB699yg== ) -d.example.net. 7200 IN A 1.2.3.3 - 7200 RRSIG A 5 3 7200 20080805212553 ( - 20080730212553 41300 example.net. - LHAxOSR8B+5D4nPxGn3zr4w8E+sSffCRbiqS - 8Giafiugn+FKRRO+QrCBytSF/YBmwfuz7uQF - Xqk7op11oye7fA== ) - 7200 AAAA 2001:db8::3 - 7200 RRSIG AAAA 5 3 7200 20080805212553 ( - 20080730212553 41300 example.net. - VkBfSCLQGwOsCdzJTCgNenXpIHQ1OfOHhqib - 2UHf/kPtCRxONFQUcKfTC10XSbnOJ7oWcyVC - sJOAIxxNQOefZg== ) - 7200 NSEC localhost.example.net. A AAAA RRSIG NSEC - 7200 RRSIG NSEC 5 3 7200 20080805212553 ( - 20080730212553 41300 example.net. - e9HXw+0oV/wa8dobs1lstE68JgCzdlmnGUAh - /0878kn5nyoLBaFEW3u6LU1E1YY277Ox2jZD - X51lgVvrlOsMaw== ) -localhost.example.net. 7200 IN A 127.0.0.1 - 7200 RRSIG A 5 3 7200 20080805212553 ( - 20080730212553 41300 example.net. - cx0NJFy0/RjCjhlU1X3S0na2q9hMyHmvFLhv - zLk+LqSaK1rHW4GNCCsGlNxQIb9uJjQJuUq1 - U9ZdHxUEqeRRtQ== ) - 7200 NSEC ns1.example.net. A RRSIG NSEC - 7200 RRSIG NSEC 5 3 7200 20080805212553 ( - 20080730212553 41300 example.net. - nDPwYL/05NLxkY4iuyzH8ASiBq8FcY0uNQAg - F+bjdtm1xt1uyqTROl5JQ1P3SUb/EuoxCMII - hS9tIVb0spHDuQ== ) -ns1.example.net. 7200 IN A 1.0.0.5 - 7200 RRSIG A 5 3 7200 20080805212553 ( - 20080730212553 41300 example.net. - swMfIxbBfSCr4ACCa3dJ8d0gtoHD7Z0L0sTp - TFEZ9miQFFN9zxKHGRpk6fBjkiMI3bSAMbtM - bBUOTYWJIMT50g== ) - 7200 AAAA 2001:db8::53 - 7200 RRSIG AAAA 5 3 7200 20080805212553 ( - 20080730212553 41300 example.net. - w+weJuOzg5fQ15RGdNQ/7Gf4DxkcKq4Drx0l - CZ16TKV3/fR8ROCzIP9HulPsNJtEFK+J+CbM - 5P5ZMXieZrh+xQ== ) - 7200 NSEC ns2.example.net. A AAAA RRSIG NSEC - 7200 RRSIG NSEC 5 3 7200 20080805212553 ( - 20080730212553 41300 example.net. - xe9q0umSSgBNQ5H0yLSQ9tONsw2hORQpxMGT - rrfxEcPm86SLMM40dithZQeajNucRlmuadKX - HREpYT/DVVBT0A== ) -ns2.example.net. 7200 IN A 1.2.0.6 - 7200 RRSIG A 5 3 7200 20080805212553 ( - 20080730212553 41300 example.net. - gOU5QjhdfwBBNHi5uQOs53GoxU7eiSt9I/yk - 06EzlFU2gJ+1cmhYKqrSZM7XC7/c5I61AZDS - 2LaOiuqMIPm8Hw== ) - 7200 NSEC sub.example.net. A RRSIG NSEC - 7200 RRSIG NSEC 5 3 7200 20080805212553 ( - 20080730212553 41300 example.net. - dT90BIfl/AJ6gVSbrU0TiOacE5ZffS4N4B5+ - HQzwNup6HfL7ZwBEO/vhKJjSgwd+Oetfc76+ - /l+dJFZ8FtdZTA== ) -sub.example.net. 7200 IN NS ns1.example.net. - 7200 DS 54876 5 1 ( - CAB6127E303A8A8D7D5A29AE05DB60F4C506 - 0B10 ) - 7200 DS 54876 5 2 ( - 7C8CAF1844479F3600213173BB5D1E2A4414 - 3D63B6E0B3E10D8C5310ADF84D30 ) - 7200 RRSIG DS 5 3 7200 20080805212553 ( - 20080730212553 41300 example.net. - DjNb5DNaKyPMWJgfiLxXbw/BhuxxKd58tHv+ - TQqrp6STx8jZRWNsigEh4QTyx8lyYcAPaYEt - X6JnkVWr89s82A== ) - 7200 NSEC example.net. NS DS RRSIG NSEC - 7200 RRSIG NSEC 5 3 7200 20080805212553 ( - 20080730212553 41300 example.net. - kDm+cYjtem6aZSTTsLdSQZnJJVfASXdIsrom - fViO1QIHNSZodbtWT9cqMvhMhmQ1rO5GVRGg - KaG0bEo8TpOAUw== ) diff --git a/contrib/zkt/examples/flat/example.net./Kexample.net.+005+01764.key b/contrib/zkt/examples/flat/example.net/Kexample.net.+005+01764.key index bd273d37..bd273d37 100644 --- a/contrib/zkt/examples/flat/example.net./Kexample.net.+005+01764.key +++ b/contrib/zkt/examples/flat/example.net/Kexample.net.+005+01764.key diff --git a/contrib/zkt/examples/flat/example.net./Kexample.net.+005+01764.published b/contrib/zkt/examples/flat/example.net/Kexample.net.+005+01764.private index 42b8b806..42b8b806 100644 --- a/contrib/zkt/examples/flat/example.net./Kexample.net.+005+01764.published +++ b/contrib/zkt/examples/flat/example.net/Kexample.net.+005+01764.private diff --git a/contrib/zkt/examples/flat/example.net/Kexample.net.+005+04157.key b/contrib/zkt/examples/flat/example.net/Kexample.net.+005+04157.key new file mode 100644 index 00000000..5dc79b5d --- /dev/null +++ b/contrib/zkt/examples/flat/example.net/Kexample.net.+005+04157.key @@ -0,0 +1,3 @@ +;% generationtime=20081116175850 +;% lifetime=90d +example.net. IN DNSKEY 256 3 5 BQEAAAAByh7oI/YjOdxlfjCWa2Qowuujjst1y5L0ayZ23+17ira2IBRS ouCHAmIYYR+JqGMjc0IQF7PAryhN2olWcINK/w== diff --git a/contrib/zkt/examples/flat/example.net/Kexample.net.+005+04157.private b/contrib/zkt/examples/flat/example.net/Kexample.net.+005+04157.private new file mode 100644 index 00000000..e9a79372 --- /dev/null +++ b/contrib/zkt/examples/flat/example.net/Kexample.net.+005+04157.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: yh7oI/YjOdxlfjCWa2Qowuujjst1y5L0ayZ23+17ira2IBRSouCHAmIYYR+JqGMjc0IQF7PAryhN2olWcINK/w== +PublicExponent: AQAAAAE= +PrivateExponent: XHrB+Ib/yjBFNUQoB66abHOazbj5hDkaprg0ygOwDdrxLSpwrYHQAn5H6JPlGhcTZHN5X1nF4M7GlGlbRah0oQ== +Prime1: 7T9UFlW1S4Dnditz/D0PmPdJ+fiozB+wz8xxRuOT4zE= +Prime2: 2hjLgVBakXblbcuQ08UYHkP00pMp+45mK+L5M35OpS8= +Exponent1: CPzNNspgw6XVf63vdcnEP55k7wMVttStCJw8+r3T5FE= +Exponent2: t8JDeQOEiO2L0dbIkuANjXOBiCauM6fnRHanvKcwmrs= +Coefficient: ObUC9ojBjcCKuGvPqXfWD20iXRpkzVsHjrJqcLXRqw4= diff --git a/contrib/zkt/examples/flat/example.net/Kexample.net.+005+07308.key b/contrib/zkt/examples/flat/example.net/Kexample.net.+005+07308.key new file mode 100644 index 00000000..5307c8a5 --- /dev/null +++ b/contrib/zkt/examples/flat/example.net/Kexample.net.+005+07308.key @@ -0,0 +1,3 @@ +;% generationtime=20081116175850 +;% lifetime=365d +example.net. IN DNSKEY 257 3 5 BQEAAAABDG+2bUQuvTgeYA99bx5wXDsiaQnhJc5oFj+sQLmCvj6hGFfQ oUkI67jTMkIzQlflQ3UHBfAnQMeFAhhQLrG+/cMXldZN3360Q+YlSbGJ w2vVXcBr463AUAlENzSDS35D1x8zOgZOg34rL+1uFn0HBSI0xusYRAlU t9A3vJsLWcRyA1e/wVthbnx1DGbuy+fM5g1inAAbgmGwyaX5JT9+p0yB /Q== diff --git a/contrib/zkt/examples/flat/example.net/Kexample.net.+005+07308.published b/contrib/zkt/examples/flat/example.net/Kexample.net.+005+07308.published new file mode 100644 index 00000000..91dcde1e --- /dev/null +++ b/contrib/zkt/examples/flat/example.net/Kexample.net.+005+07308.published @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: DG+2bUQuvTgeYA99bx5wXDsiaQnhJc5oFj+sQLmCvj6hGFfQoUkI67jTMkIzQlflQ3UHBfAnQMeFAhhQLrG+/cMXldZN3360Q+YlSbGJw2vVXcBr463AUAlENzSDS35D1x8zOgZOg34rL+1uFn0HBSI0xusYRAlUt9A3vJsLWcRyA1e/wVthbnx1DGbuy+fM5g1inAAbgmGwyaX5JT9+p0yB/Q== +PublicExponent: AQAAAAE= +PrivateExponent: CfS81MH9GT1CGQtK94PvSgggeQnSullWOmqQsKGndfJVpv4AJj/XCaEhgboIVshezJmUdHf3RWSOkSYfHAID89fTFAYvL4ZVSmkha1EivkY+tOeohM9zBzs5CfE9fmAlMCmxEQsYggZtjuddncKCNC4IYSkV6ez21S//3vnGvUtic+2ywaXF03MwhjKkOed6g8ukZJnj7B9Z5wu3rdiyOe85IQ== +Prime1: A7Wh1oSpETxNT/ptPVHSGIemIyNvALXSI5UcoWAADQbith5663r1GgXHk2YGbyg1HgyrCZFoME3ZoIOUQ6yfN6tlixhpWmQdLW+pz3lULlTFBQ== +Prime2: A1pCUhsSF9J8i5Smp2KEO3Dw5LngamhRksJzKC4yfGMvjwJ/RHJByyVcUEtRhgLvd2C2uW89Z4nz8HM/HQI+u9uwIFM20SIFEzZceR62ghNamQ== +Exponent1: Azf7LwilgmHe2xJwMfQIJP5OnNsaZ1zm7Gk2i4lyA8+3hHNWetR1QRKl5E3AnzIzwOM5VEm2nO2XZeyHKPVOol6DM390oFXvp0c2G+ROabyQnQ== +Exponent2: ATQ6mNC7MpC5NlGdQ+XmlTkiNuCRuFf/jZeSiJkZWvTjwZXQUhRCFMiM7fYwx/b/cqnqZ7I/9VwzslorFu0T37GQaeugFNkrsDdRRvDOA7+qoQ== +Coefficient: AkhsG+b3Bel4MQ9fF/CnsPxv0cdoTphpLZPUGPlG451hqWFzMANEcTsiDya2UHoa5FAK825+47hVdihTdZkJwMNMsoI2Xnr07AEurDapOvChrg== diff --git a/contrib/zkt/examples/flat/example.net/dnskey.db b/contrib/zkt/examples/flat/example.net/dnskey.db new file mode 100644 index 00000000..d1828cc6 --- /dev/null +++ b/contrib/zkt/examples/flat/example.net/dnskey.db @@ -0,0 +1,33 @@ +; +; !!! Don't edit this file by hand. +; !!! It will be generated by dnssec-signer. +; +; Last generation time Dec 28 2008 23:08:02 +; + +; *** List of Key Signing Keys *** +; example.net. tag=1764 algo=RSASHA1 generated Nov 16 2008 18:58:50 +example.net. 3600 IN DNSKEY 257 3 5 ( + BQEAAAABDUi2uSUlDjESbnrnY5wd8+pXxhYVY4wCi2UVjhcehvIb2bF8 + VJH2Q9/0ubQR1vQ2VJhsGUj3A7bdTfbMETPxKkZaDpc9lCYrm0z5HDrs + lyx4bSb4JX/iCyhgYZXrTVb9WyLXjUtmDUktDjZgsyVshFHVJShBUSj+ + YpnfQkndGViDAbJRycXDYEF1hCNmTK3KsR1JS9dXMKI3WidH+B9rLlBU + 8w== + ) ; key id = 1764 + +; example.net. tag=7308 algo=RSASHA1 generated Nov 16 2008 18:58:50 +example.net. 3600 IN DNSKEY 257 3 5 ( + BQEAAAABDG+2bUQuvTgeYA99bx5wXDsiaQnhJc5oFj+sQLmCvj6hGFfQ + oUkI67jTMkIzQlflQ3UHBfAnQMeFAhhQLrG+/cMXldZN3360Q+YlSbGJ + w2vVXcBr463AUAlENzSDS35D1x8zOgZOg34rL+1uFn0HBSI0xusYRAlU + t9A3vJsLWcRyA1e/wVthbnx1DGbuy+fM5g1inAAbgmGwyaX5JT9+p0yB + /Q== + ) ; key id = 7308 + +; *** List of Zone Signing Keys *** +; example.net. tag=4157 algo=RSASHA1 generated Dec 09 2008 14:08:16 +example.net. 3600 IN DNSKEY 256 3 5 ( + BQEAAAAByh7oI/YjOdxlfjCWa2Qowuujjst1y5L0ayZ23+17ira2IBRS + ouCHAmIYYR+JqGMjc0IQF7PAryhN2olWcINK/w== + ) ; key id = 4157 + diff --git a/contrib/zkt/examples/flat/example.net/dsset-example.net. b/contrib/zkt/examples/flat/example.net/dsset-example.net. new file mode 100644 index 00000000..f07c9b9c --- /dev/null +++ b/contrib/zkt/examples/flat/example.net/dsset-example.net. @@ -0,0 +1,4 @@ +example.net. IN DS 1764 5 1 A6F060DDE8DE45CA7FD1C21E2F39C477F214795F +example.net. IN DS 1764 5 2 B7109245C60ACEDD1630E145477FDF574D5BD9CABE530AAC6D7192DB 7FBFAA3F +example.net. IN DS 7308 5 1 16CD09D37EC1FEC2952BE41A5C5E2485C1B0C445 +example.net. IN DS 7308 5 2 FD31B2F54526FAA8131A3311452729467FA7AD5D7D14CA6584B4C41B 0B384D8E diff --git a/contrib/zkt/examples/flat/example.net./kexample.net.+005+14829.key b/contrib/zkt/examples/flat/example.net/kexample.net.+005+14829.key index fdf427b8..fdf427b8 100644 --- a/contrib/zkt/examples/flat/example.net./kexample.net.+005+14829.key +++ b/contrib/zkt/examples/flat/example.net/kexample.net.+005+14829.key diff --git a/contrib/zkt/examples/flat/example.net./kexample.net.+005+14829.private b/contrib/zkt/examples/flat/example.net/kexample.net.+005+14829.private index 10185613..10185613 100644 --- a/contrib/zkt/examples/flat/example.net./kexample.net.+005+14829.private +++ b/contrib/zkt/examples/flat/example.net/kexample.net.+005+14829.private diff --git a/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41151.key b/contrib/zkt/examples/flat/example.net/kexample.net.+005+41151.key index d72baa94..368d3537 100644 --- a/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41151.key +++ b/contrib/zkt/examples/flat/example.net/kexample.net.+005+41151.key @@ -1,3 +1,4 @@ ;% generationtime=20080420205422 ;% lifetime=60d -example.net. IN DNSKEY 257 3 5 BQEAAAABDAnSCbSyScZdP2M6OQTbTGvZRD5avmDYgAwXv0EsnNautYn7 kzDGwY3oVTXWDTdII+syK0pt0unjUn2ActoXtyFzIk61VRKDroANM9/W O0PO/y50vNIGMJUL1TiMR6jCp23eSxQ39/1A+BeiU+fMjoJK0/Yc7hbM HWwD8myU0IEX8R2iVUTXNPNbmUV2M836Eu5SRLIVTc7P4vjKT1YYVnoQ qw== +;% expirationtime=20081116175850 +example.net. IN DNSKEY 385 3 5 BQEAAAABDAnSCbSyScZdP2M6OQTbTGvZRD5avmDYgAwXv0EsnNautYn7 kzDGwY3oVTXWDTdII+syK0pt0unjUn2ActoXtyFzIk61VRKDroANM9/W O0PO/y50vNIGMJUL1TiMR6jCp23eSxQ39/1A+BeiU+fMjoJK0/Yc7hbM HWwD8myU0IEX8R2iVUTXNPNbmUV2M836Eu5SRLIVTc7P4vjKT1YYVnoQ qw== diff --git a/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41151.private b/contrib/zkt/examples/flat/example.net/kexample.net.+005+41151.private index 554cd127..554cd127 100644 --- a/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41151.private +++ b/contrib/zkt/examples/flat/example.net/kexample.net.+005+41151.private diff --git a/contrib/zkt/examples/flat/example.net./keyset-example.net. b/contrib/zkt/examples/flat/example.net/keyset-example.net. index c8325785..47311feb 100644 --- a/contrib/zkt/examples/flat/example.net./keyset-example.net. +++ b/contrib/zkt/examples/flat/example.net/keyset-example.net. @@ -1,13 +1,13 @@ $ORIGIN . example.net 7200 IN DNSKEY 257 3 5 ( - BQEAAAABDAnSCbSyScZdP2M6OQTbTGvZRD5a - vmDYgAwXv0EsnNautYn7kzDGwY3oVTXWDTdI - I+syK0pt0unjUn2ActoXtyFzIk61VRKDroAN - M9/WO0PO/y50vNIGMJUL1TiMR6jCp23eSxQ3 - 9/1A+BeiU+fMjoJK0/Yc7hbMHWwD8myU0IEX - 8R2iVUTXNPNbmUV2M836Eu5SRLIVTc7P4vjK - T1YYVnoQqw== - ) ; key id = 41151 + BQEAAAABDG+2bUQuvTgeYA99bx5wXDsiaQnh + Jc5oFj+sQLmCvj6hGFfQoUkI67jTMkIzQlfl + Q3UHBfAnQMeFAhhQLrG+/cMXldZN3360Q+Yl + SbGJw2vVXcBr463AUAlENzSDS35D1x8zOgZO + g34rL+1uFn0HBSI0xusYRAlUt9A3vJsLWcRy + A1e/wVthbnx1DGbuy+fM5g1inAAbgmGwyaX5 + JT9+p0yB/Q== + ) ; key id = 7308 7200 IN DNSKEY 257 3 5 ( BQEAAAABDUi2uSUlDjESbnrnY5wd8+pXxhYV Y4wCi2UVjhcehvIb2bF8VJH2Q9/0ubQR1vQ2 diff --git a/contrib/zkt/examples/flat/example.net./zone.db b/contrib/zkt/examples/flat/example.net/zone.db index 42ad0671..98fdfd67 100644 --- a/contrib/zkt/examples/flat/example.net./zone.db +++ b/contrib/zkt/examples/flat/example.net/zone.db @@ -6,12 +6,12 @@ $TTL 7200 -; Be sure that the serial number below is left +; Ensure that the serial number below is left ; justified in a field of at least 10 chars!! ; 0123456789; -; It's also possible to use the date form e.g. 2005040101 +; It's also possible to use the date format e.g. 2005040101 @ IN SOA ns1.example.net. hostmaster.example.net. ( - 306 ; Serial + 333 ; Serial 43200 ; Refresh 1800 ; Retry 2W ; Expire @@ -38,6 +38,6 @@ d IN A 1.2.3.3 ; with option -g or use the dnssec-signer tool) ;-) sub IN NS ns1.example.net. -; this file will have all the zone keys +; this file will contain all the zone keys $INCLUDE dnskey.db diff --git a/contrib/zkt/examples/flat/example.net/zone.db.signed b/contrib/zkt/examples/flat/example.net/zone.db.signed new file mode 100644 index 00000000..8795d222 --- /dev/null +++ b/contrib/zkt/examples/flat/example.net/zone.db.signed @@ -0,0 +1,166 @@ +; File written on Sun Dec 28 23:08:02 2008 +; dnssec_signzone version 9.6.0 +example.net. 7200 IN SOA ns1.example.net. hostmaster.example.net. ( + 333 ; serial + 43200 ; refresh (12 hours) + 1800 ; retry (30 minutes) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 7200 RRSIG SOA 5 2 7200 20090103210802 ( + 20081228210802 4157 example.net. + UqDcRU7Et3DQF9VF+1AmHFXLa9L2x6LYA1ZS + shG02/N9gH+2uNnxxBvuGDkSzTl5C52csvbw + LZnWW56sPCShiw== ) + 7200 NS ns1.example.net. + 7200 NS ns2.example.net. + 7200 RRSIG NS 5 2 7200 20090103210802 ( + 20081228210802 4157 example.net. + i4OCvNnG2BWy6gYbUnwv1xi6MRQjbDl6ts8o + 28CxUNmBX/r3RWlewQiyO8acGC2UJUdWz7So + gbHJqojIAjjpbA== ) + 7200 NSEC a.example.net. NS SOA RRSIG NSEC DNSKEY + 7200 RRSIG NSEC 5 2 7200 20090103210802 ( + 20081228210802 4157 example.net. + g963zm5F91sPNl955WRBExCcKJehXmTjyw0K + ISKE7Dq77Z8zKkTpgf1QWhVe3UOLRRbXwRnC + aQh+jaXNE3vIag== ) + 3600 DNSKEY 256 3 5 ( + BQEAAAAByh7oI/YjOdxlfjCWa2Qowuujjst1 + y5L0ayZ23+17ira2IBRSouCHAmIYYR+JqGMj + c0IQF7PAryhN2olWcINK/w== + ) ; key id = 4157 + 3600 DNSKEY 257 3 5 ( + BQEAAAABDG+2bUQuvTgeYA99bx5wXDsiaQnh + Jc5oFj+sQLmCvj6hGFfQoUkI67jTMkIzQlfl + Q3UHBfAnQMeFAhhQLrG+/cMXldZN3360Q+Yl + SbGJw2vVXcBr463AUAlENzSDS35D1x8zOgZO + g34rL+1uFn0HBSI0xusYRAlUt9A3vJsLWcRy + A1e/wVthbnx1DGbuy+fM5g1inAAbgmGwyaX5 + JT9+p0yB/Q== + ) ; key id = 7308 + 3600 DNSKEY 257 3 5 ( + BQEAAAABDUi2uSUlDjESbnrnY5wd8+pXxhYV + Y4wCi2UVjhcehvIb2bF8VJH2Q9/0ubQR1vQ2 + VJhsGUj3A7bdTfbMETPxKkZaDpc9lCYrm0z5 + HDrslyx4bSb4JX/iCyhgYZXrTVb9WyLXjUtm + DUktDjZgsyVshFHVJShBUSj+YpnfQkndGViD + AbJRycXDYEF1hCNmTK3KsR1JS9dXMKI3WidH + +B9rLlBU8w== + ) ; key id = 1764 + 3600 RRSIG DNSKEY 5 2 3600 20090103210802 ( + 20081228210802 1764 example.net. + DMU1/sQwNC9bxNCo+SGM1JpHAkWGCRoSEswb + 2EV/YDWwF19IM2J/sz+9JB6h7esETapCg4qY + 5SCBrgbMEvQNRL0t16K7ciAHYNKLTbMG0uaP + yEOVQ0/ZofoDEsYJYScyO3hC58F2Vl/YSBFo + hfkYvtrjrrDQqU9Uh8U1rcROIXNJF/FyDSuj + Ca2fzHlCvnJRfF/Djg7DOjXIlWBThc4kI12v + xw== ) + 3600 RRSIG DNSKEY 5 2 3600 20090103210802 ( + 20081228210802 4157 example.net. + gH+J4h1fRmX5QS/wocZKerd9RqgrFR/0m1HE + O+GYS4Q4X19TnGQW4Bq6w/QRI/5OiJH3YR2R + 9MW3EmYMKX9Tuw== ) +a.example.net. 7200 IN A 1.2.3.1 + 7200 RRSIG A 5 3 7200 20090103210802 ( + 20081228210802 4157 example.net. + nh9TDSy8L61ccYJiLAL632N4FIvUpDCvsdcf + 0HhGA8b++YADE5gX346coX1L0Oy+DB9eHIAZ + PCfli582EhPwKA== ) + 7200 NSEC b.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20090103210802 ( + 20081228210802 4157 example.net. + LCe66yRV1gez4AbSq7/SaPznvzuUPRnf+vh2 + Fuv3IlCszc0Bdo/fAyUQcc9LRo8hrvfYFDjI + TFe3Mm0U0A5Lew== ) +b.example.net. 7200 IN MX 10 a.example.net. + 7200 RRSIG MX 5 3 7200 20090103210802 ( + 20081228210802 4157 example.net. + oQuNvNDrqblLnEl5arNz+3YlBC9j33tp7OzF + MptYqb32rDNB/YivuxeiBWNt7ykFmdXh1P94 + DZ8Qq2J8lIW1DA== ) + 7200 NSEC d.example.net. MX RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20090103210802 ( + 20081228210802 4157 example.net. + GF6J2HjZ4xrkdT2a6Zjukl5sUSwejQkzzx2+ + pLRQ/RXtfkcMrO5xpsOZ8AqeZjySUMEGjS2U + RUlbzM0y/70x4g== ) +d.example.net. 7200 IN A 1.2.3.3 + 7200 RRSIG A 5 3 7200 20090103210802 ( + 20081228210802 4157 example.net. + T9LBUwsAKM+3yh1wizaGqWvqfLOqfuTzZhpm + tmpDPZXzSjJ8pj4KO3f8eA7ygo52bY8hNzTh + 2hwGBAQlb1ACpA== ) + 7200 AAAA 2001:db8::3 + 7200 RRSIG AAAA 5 3 7200 20090103210802 ( + 20081228210802 4157 example.net. + gpBuR+r14AbjVJLx48k8plwo52RG6taN03XU + 8uUgfOSpJSprjpvhEzKt1h87aGtmZScoS/WH + 3D3f2Xz4e+r6QA== ) + 7200 NSEC localhost.example.net. A AAAA RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20090103210802 ( + 20081228210802 4157 example.net. + fSM90YN/6UVuUPbVTuhSj2Zzxdn+3TkVIXq6 + CjpGxAxDGa5Uh3x6ExZUg3n7N7TWcuyN2fZV + va8VlkEJeAHd/g== ) +localhost.example.net. 7200 IN A 127.0.0.1 + 7200 RRSIG A 5 3 7200 20090103210802 ( + 20081228210802 4157 example.net. + I0tSvJaBTdG0RTfOTkzDyW2iSKdX555aN5Ux + a4l5gJhiY4tpN1NNofQK8xbdZvJi+F0JBsb4 + qctstfW97RAnZw== ) + 7200 NSEC ns1.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20090103210802 ( + 20081228210802 4157 example.net. + pORPHi5yJId4IynH/UcNM1kL9kyJqO65+iku + G5z9A2CS+aJy39Am6Nbr11GN6SAVcOmSjjeA + SOAdxGlWWpwAvA== ) +ns1.example.net. 7200 IN A 1.0.0.5 + 7200 RRSIG A 5 3 7200 20090103210802 ( + 20081228210802 4157 example.net. + mPktHGQ4Cvn6JwysjndL8/dZhtht6bGq1OZI + qR4SSqIc14Yfbbee819fwuw/JGaaTFyItDU2 + AIU8Ix2FrNLcQA== ) + 7200 AAAA 2001:db8::53 + 7200 RRSIG AAAA 5 3 7200 20090103210802 ( + 20081228210802 4157 example.net. + I+i9d3dewJTTmK1J5gbMlsjodEDjV57fHDbv + 3haEPH6WHn/9W3P9eTDRIVEIvSVCEObAJyem + ItOMKZOxlRTF5Q== ) + 7200 NSEC ns2.example.net. A AAAA RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20090103210802 ( + 20081228210802 4157 example.net. + KF6bVYTEEuOgaYTrD1BhY6dyYtp1k7uPQAbe + +8aDk4OJwtL681t91XIT/TRXvKwiSVH4M7Un + ZOFI4o33/oIJag== ) +ns2.example.net. 7200 IN A 1.2.0.6 + 7200 RRSIG A 5 3 7200 20090103210802 ( + 20081228210802 4157 example.net. + pLL55Ja/b/pGnWdYP2tAOtx84xyKiEdD/oPC + 7prF8HCXLJgbFdnJ3JkZ1umAPbsRrEkFIFII + wGwfrjMkM9c8zw== ) + 7200 NSEC sub.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20090103210802 ( + 20081228210802 4157 example.net. + b5AfO/ekdK8rQBAiyGcjCSFHOLCYfdVJP7DD + FsNKBjkJj+jLz3P1lJClTrgc4gv7EmRlZncd + YOzblBcjylZqAw== ) +sub.example.net. 7200 IN NS ns1.example.net. + 7200 DS 18846 7 1 ( + 71103B8D50793E190E48D99E95B48D9F20C4 + 04C6 ) + 7200 DS 18846 7 2 ( + 42A13BAC66BEB451B6BF17A51FC2C141B765 + D3E9B952C689BA4B572DC1AF2FCC ) + 7200 RRSIG DS 5 3 7200 20090103210802 ( + 20081228210802 4157 example.net. + HeLgZtRjTPXR8HDw0uHiavKTmJTJU2ryunVf + JR8vASP8QT2D4hD0BvCUzQdIB23+oB9eY2dx + f9WtEwKY89dcTQ== ) + 7200 NSEC example.net. NS DS RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20090103210802 ( + 20081228210802 4157 example.net. + XViJS+mWV3mddMCV25zV9i3ZpRlBsQIr/Guq + wJYzIiBP3F5cY+GbzOyjLdRnuy9pIeCUmEIN + 0XsanfbJHcTm8w== ) diff --git a/contrib/zkt/examples/flat/keysets/dlvset-sub.example.net. b/contrib/zkt/examples/flat/keysets/dlvset-sub.example.net. index 8e00719d..8537da02 100644 --- a/contrib/zkt/examples/flat/keysets/dlvset-sub.example.net. +++ b/contrib/zkt/examples/flat/keysets/dlvset-sub.example.net. @@ -1,2 +1,2 @@ -sub.example.net.dlv.trusted-keys.de. IN DLV 54876 5 1 CAB6127E303A8A8D7D5A29AE05DB60F4C5060B10 -sub.example.net.dlv.trusted-keys.de. IN DLV 54876 5 2 7C8CAF1844479F3600213173BB5D1E2A44143D63B6E0B3E10D8C5310 ADF84D30 +sub.example.net.dlv.trusted-keys.de. IN DLV 18846 7 1 71103B8D50793E190E48D99E95B48D9F20C404C6 +sub.example.net.dlv.trusted-keys.de. IN DLV 18846 7 2 42A13BAC66BEB451B6BF17A51FC2C141B765D3E9B952C689BA4B572D C1AF2FCC diff --git a/contrib/zkt/examples/flat/keysets/dsset-example.net. b/contrib/zkt/examples/flat/keysets/dsset-example.net. index d4a01ed9..f07c9b9c 100644 --- a/contrib/zkt/examples/flat/keysets/dsset-example.net. +++ b/contrib/zkt/examples/flat/keysets/dsset-example.net. @@ -1,4 +1,4 @@ example.net. IN DS 1764 5 1 A6F060DDE8DE45CA7FD1C21E2F39C477F214795F example.net. IN DS 1764 5 2 B7109245C60ACEDD1630E145477FDF574D5BD9CABE530AAC6D7192DB 7FBFAA3F -example.net. IN DS 41151 5 1 BBB692EA07571E412F9385A618C1CAD9BFC1469A -example.net. IN DS 41151 5 2 4D22B44C3DC09BD9EEADFFB917EFCE8E45F22E89FF0C096CD14F4405 CA1CAE3F +example.net. IN DS 7308 5 1 16CD09D37EC1FEC2952BE41A5C5E2485C1B0C445 +example.net. IN DS 7308 5 2 FD31B2F54526FAA8131A3311452729467FA7AD5D7D14CA6584B4C41B 0B384D8E diff --git a/contrib/zkt/examples/flat/keysets/dsset-sub.example.net. b/contrib/zkt/examples/flat/keysets/dsset-sub.example.net. index 9bed62a1..f35581d0 100644 --- a/contrib/zkt/examples/flat/keysets/dsset-sub.example.net. +++ b/contrib/zkt/examples/flat/keysets/dsset-sub.example.net. @@ -1,2 +1,2 @@ -sub.example.net. IN DS 54876 5 1 CAB6127E303A8A8D7D5A29AE05DB60F4C5060B10 -sub.example.net. IN DS 54876 5 2 7C8CAF1844479F3600213173BB5D1E2A44143D63B6E0B3E10D8C5310 ADF84D30 +sub.example.net. IN DS 18846 7 1 71103B8D50793E190E48D99E95B48D9F20C404C6 +sub.example.net. IN DS 18846 7 2 42A13BAC66BEB451B6BF17A51FC2C141B765D3E9B952C689BA4B572D C1AF2FCC diff --git a/contrib/zkt/examples/flat/keysets/keyset-example.net. b/contrib/zkt/examples/flat/keysets/keyset-example.net. index c8325785..47311feb 100644 --- a/contrib/zkt/examples/flat/keysets/keyset-example.net. +++ b/contrib/zkt/examples/flat/keysets/keyset-example.net. @@ -1,13 +1,13 @@ $ORIGIN . example.net 7200 IN DNSKEY 257 3 5 ( - BQEAAAABDAnSCbSyScZdP2M6OQTbTGvZRD5a - vmDYgAwXv0EsnNautYn7kzDGwY3oVTXWDTdI - I+syK0pt0unjUn2ActoXtyFzIk61VRKDroAN - M9/WO0PO/y50vNIGMJUL1TiMR6jCp23eSxQ3 - 9/1A+BeiU+fMjoJK0/Yc7hbMHWwD8myU0IEX - 8R2iVUTXNPNbmUV2M836Eu5SRLIVTc7P4vjK - T1YYVnoQqw== - ) ; key id = 41151 + BQEAAAABDG+2bUQuvTgeYA99bx5wXDsiaQnh + Jc5oFj+sQLmCvj6hGFfQoUkI67jTMkIzQlfl + Q3UHBfAnQMeFAhhQLrG+/cMXldZN3360Q+Yl + SbGJw2vVXcBr463AUAlENzSDS35D1x8zOgZO + g34rL+1uFn0HBSI0xusYRAlUt9A3vJsLWcRy + A1e/wVthbnx1DGbuy+fM5g1inAAbgmGwyaX5 + JT9+p0yB/Q== + ) ; key id = 7308 7200 IN DNSKEY 257 3 5 ( BQEAAAABDUi2uSUlDjESbnrnY5wd8+pXxhYV Y4wCi2UVjhcehvIb2bF8VJH2Q9/0ubQR1vQ2 diff --git a/contrib/zkt/examples/flat/keysets/keyset-sub.example.net. b/contrib/zkt/examples/flat/keysets/keyset-sub.example.net. index 77aacd6d..5c58fad5 100644 --- a/contrib/zkt/examples/flat/keysets/keyset-sub.example.net. +++ b/contrib/zkt/examples/flat/keysets/keyset-sub.example.net. @@ -1,8 +1,8 @@ $ORIGIN . -sub.example.net 7200 IN DNSKEY 257 3 5 ( - AQOjGNN0/hLA20+W2qo0sktVActYKf1Opnx+ - bmkWSrsmJHMBHlT8hL507pGTmDoyH0Ae9+3M - ZSTBL1S+HhA12B0htiTp8IbtN/gZOBbwD36c - BpPe72uDQoUy/TdSn1HLtoqUSMTB+saqCTZW - CfIEqcbHRn0T6PhgqLyCvLzbZ/avYw== - ) ; key id = 54876 +sub.example.net 7200 IN DNSKEY 257 3 7 ( + AwEAAeOdfq7cwfhl3aL8BlURGngPA+3I2E3G + 3XPRE7Yaw/Nco7aXorHKJgRFMoM30q7jDBau + dLeXC//fOQAw2P5vCwyuHmIFo4flXn51sMeF + pWdP7E8fmi4k/YoCESu+vBvf+rZWDMVosj8V + VEIbKTcJE16Nsd1ls1FIGfiqfu8SrJ0f + ) ; key id = 18846 diff --git a/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+04254.key b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+04254.key deleted file mode 100644 index a255a7bf..00000000 --- a/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+04254.key +++ /dev/null @@ -1,3 +0,0 @@ -;% generationtime=20080725213107 -;% lifetime=3d -sub.example.net. IN DNSKEY 256 3 1 BQEAAAAB4Z/siqZTvCFKzaOrB8+HHTlR9is+/+/Sem6gxhZt/vpWkNMy aSpAT8LjR7nNHr9vNYsJ2KCQtY2dUFjT5BCeqQ== diff --git a/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+04254.private b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+04254.private deleted file mode 100644 index e636e051..00000000 --- a/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+04254.private +++ /dev/null @@ -1,10 +0,0 @@ -Private-key-format: v1.2 -Algorithm: 1 (RSA) -Modulus: 4Z/siqZTvCFKzaOrB8+HHTlR9is+/+/Sem6gxhZt/vpWkNMyaSpAT8LjR7nNHr9vNYsJ2KCQtY2dUFjT5BCeqQ== -PublicExponent: AQAAAAE= -PrivateExponent: fcaPYDDCumWIaPKV7FY0JB/PofSCo8amWw5u+eXFxh149WE5PeXYOOS2+x41keA5Z1PhYme4Ma5rcCMRN7n+sQ== -Prime1: /RbDZdmt2zlsChJiLR+Brweas6L1jnzUsJFm78HlSnM= -Prime2: 5DhKYbovzYbkIFhp1b9lt22+ymAU8LOGvFXdfb1y33M= -Exponent1: yw61YMxuJGzEAgxVmlAm6oEH0WaaJ5T1PvZGut1xCU0= -Exponent2: wYNtwOUtI0UQWQF1ZCBiVsquBIkPvI5eR2GQypHaK08= -Coefficient: NqkVvrZjnJ/jVWDEykJ2XYuslJOIJPi1+7+sTUyBhPU= diff --git a/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+56744.key b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+56744.key deleted file mode 100644 index 4e7c3e55..00000000 --- a/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+56744.key +++ /dev/null @@ -1,3 +0,0 @@ -;% generationtime=20080730222553 -;% lifetime=3d -sub.example.net. IN DNSKEY 256 3 1 BQEAAAABxZS/DJA1BUdYVj5cOmMMnA5W/SHlkb4sEZkca3uIqV4gTzgv guftN+M1ZgwyPwarn7DQR1Eb92uW3ALxwN2o6w== diff --git a/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+56744.published b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+56744.published deleted file mode 100644 index 2a3ae651..00000000 --- a/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+56744.published +++ /dev/null @@ -1,10 +0,0 @@ -Private-key-format: v1.2 -Algorithm: 1 (RSA) -Modulus: xZS/DJA1BUdYVj5cOmMMnA5W/SHlkb4sEZkca3uIqV4gTzgvguftN+M1ZgwyPwarn7DQR1Eb92uW3ALxwN2o6w== -PublicExponent: AQAAAAE= -PrivateExponent: aSglUr7DxsGNZMOhyoyN6W0xGps+JGfI3ErXbewlvflVSFSHrA19x0OafvR6eFzqmzKKGIyZBJkYT5NHqKIG6Q== -Prime1: 4yqINEZm3xDdHGyv31umolirJtS4X2teORhzWDE/r6U= -Prime2: 3qjiidKP41FSrOsXXgkj3XBi+OAH0cpVBZxCuP+ykU8= -Exponent1: p8nyeR3ldgpw7A6tebr6okucM6324S5LPOWlC8ygxp0= -Exponent2: a1qTrKaBO6pN7UI/mHimSYLoevjQBWeX8jB0tmG0NIc= -Coefficient: NB2eeh6Z+a9qMf1w5UY2z9ME+ZyYtvRbYZSkedB4Q4Y= diff --git a/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+005+54876.key b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+005+54876.key deleted file mode 100644 index 21098f83..00000000 --- a/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+005+54876.key +++ /dev/null @@ -1 +0,0 @@ -sub.example.net. IN DNSKEY 257 3 5 AQOjGNN0/hLA20+W2qo0sktVActYKf1Opnx+bmkWSrsmJHMBHlT8hL50 7pGTmDoyH0Ae9+3MZSTBL1S+HhA12B0htiTp8IbtN/gZOBbwD36cBpPe 72uDQoUy/TdSn1HLtoqUSMTB+saqCTZWCfIEqcbHRn0T6PhgqLyCvLzb Z/avYw== diff --git a/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+005+54876.private b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+005+54876.private deleted file mode 100644 index ad5b3630..00000000 --- a/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+005+54876.private +++ /dev/null @@ -1,10 +0,0 @@ -Private-key-format: v1.2 -Algorithm: 5 (RSASHA1) -Modulus: oxjTdP4SwNtPltqqNLJLVQHLWCn9TqZ8fm5pFkq7JiRzAR5U/IS+dO6Rk5g6Mh9AHvftzGUkwS9Uvh4QNdgdIbYk6fCG7Tf4GTgW8A9+nAaT3u9rg0KFMv03Up9Ry7aKlEjEwfrGqgk2VgnyBKnGx0Z9E+j4YKi8gry822f2r2M= -PublicExponent: Aw== -PrivateExponent: bLs3o1QMgJI1DzxxeHbc41aHkBv+NG79qZ7wuYcnbsL3VhQ4qFh++J8Lt7rRdr+AFKVJMu4YgMo4fr61eTq+FWije4t8PrILH6qzNdwCqOLsQYyKRUODTPsE+2BU6TZVBsBOBPlpJP9hTBj1DCoUTE6y8Evkkmf4C4Y6U7frF/s= -Prime1: 1t2pJC/eQzdhrLR4qHlaaT6vPmBC+7eNPg8zjdZDA03TKMd/V4kw6XtB6QYQZRi/CXg7JjoLr3dpUgyMY0l8tw== -Prime2: wlIHexyw6bAIC1WmnQFESPLNXjvYYYiyRqCmAPwq4b02/4g7LR/BoKkh+3xiBY+VxvhwUOd5XVEIIVjRcMyOtQ== -Exponent1: jz5wwsqULM+WcyL7GvuRm38ffurXUnpeKV93s+QsrN6MxdpU5QYgm6eBRgQK7hB/W6V8xCaydPpGNrMIQjD9zw== -Exponent2: gYwE/L3LRnVasjkZvgDYMKHePtKQQQXMLxXEAKgcln4kqlrSHhUrwHDBUlLsA7UOhKWgNe+mPjYFa5CLoIhfIw== -Coefficient: DWng17udd0Q2STNt5gshQ6PjNQxEQmQMnCwltkosf8rJhl/rQuYULz0elnWhADcMBDYw7Y6Kb7xjpL4FdR0YnA== diff --git a/contrib/zkt/examples/flat/sub.example.net./dlvset-sub.example.net. b/contrib/zkt/examples/flat/sub.example.net./dlvset-sub.example.net. deleted file mode 100644 index 8e00719d..00000000 --- a/contrib/zkt/examples/flat/sub.example.net./dlvset-sub.example.net. +++ /dev/null @@ -1,2 +0,0 @@ -sub.example.net.dlv.trusted-keys.de. IN DLV 54876 5 1 CAB6127E303A8A8D7D5A29AE05DB60F4C5060B10 -sub.example.net.dlv.trusted-keys.de. IN DLV 54876 5 2 7C8CAF1844479F3600213173BB5D1E2A44143D63B6E0B3E10D8C5310 ADF84D30 diff --git a/contrib/zkt/examples/flat/sub.example.net./dnskey.db b/contrib/zkt/examples/flat/sub.example.net./dnskey.db deleted file mode 100644 index 396e7d3b..00000000 --- a/contrib/zkt/examples/flat/sub.example.net./dnskey.db +++ /dev/null @@ -1,29 +0,0 @@ -; -; !!! Don't edit this file by hand. -; !!! It will be generated by dnssec-signer. -; -; Last generation time Jul 31 2008 13:19:17 -; - -; *** List of Key Signing Keys *** -; sub.example.net. tag=54876 algo=RSASHA1 generated Jun 19 2008 00:32:22 -sub.example.net. 3600 IN DNSKEY 257 3 5 ( - AQOjGNN0/hLA20+W2qo0sktVActYKf1Opnx+bmkWSrsmJHMBHlT8hL50 - 7pGTmDoyH0Ae9+3MZSTBL1S+HhA12B0htiTp8IbtN/gZOBbwD36cBpPe - 72uDQoUy/TdSn1HLtoqUSMTB+saqCTZWCfIEqcbHRn0T6PhgqLyCvLzb - Z/avYw== - ) ; key id = 54876 - -; *** List of Zone Signing Keys *** -; sub.example.net. tag=4254 algo=RSAMD5 generated Jul 31 2008 00:25:52 -sub.example.net. 3600 IN DNSKEY 256 3 1 ( - BQEAAAAB4Z/siqZTvCFKzaOrB8+HHTlR9is+/+/Sem6gxhZt/vpWkNMy - aSpAT8LjR7nNHr9vNYsJ2KCQtY2dUFjT5BCeqQ== - ) ; key id = 4254 - -; sub.example.net. tag=56744 algo=RSAMD5 generated Jul 31 2008 00:25:53 -sub.example.net. 3600 IN DNSKEY 256 3 1 ( - BQEAAAABxZS/DJA1BUdYVj5cOmMMnA5W/SHlkb4sEZkca3uIqV4gTzgv - guftN+M1ZgwyPwarn7DQR1Eb92uW3ALxwN2o6w== - ) ; key id = 56744 - diff --git a/contrib/zkt/examples/flat/sub.example.net./zone.db.signed b/contrib/zkt/examples/flat/sub.example.net./zone.db.signed deleted file mode 100644 index 0560d2b0..00000000 --- a/contrib/zkt/examples/flat/sub.example.net./zone.db.signed +++ /dev/null @@ -1,103 +0,0 @@ -; File written on Thu Jul 31 13:19:17 2008 -; dnssec_signzone version 9.5.1b1 -sub.example.net. 7200 IN SOA ns1.example.net. hostmaster.example.net. ( - 1217503157 ; serial - 86400 ; refresh (1 day) - 1800 ; retry (30 minutes) - 1209600 ; expire (2 weeks) - 7200 ; minimum (2 hours) - ) - 7200 RRSIG SOA 1 3 7200 20080802101917 ( - 20080731101917 4254 sub.example.net. - pAevIprv5lPMcSSR4l0cGzaYTY2pG3HsT6z9 - RkSwssWSyyMxRqgYCuR2gErA1THGJNPlT8Qa - 9bvrMVOXpd0Q1g== ) - 7200 NS ns1.example.net. - 7200 RRSIG NS 1 3 7200 20080802101917 ( - 20080731101917 4254 sub.example.net. - zB0f/bN5fvezT404pT+ArKVIW2QHKzTC2osb - k2sUpJiuhKtdJBx1kfBNmyaIuFaZsLtWacJn - 1S/A2bV4S3No7Q== ) - 7200 NSEC a.sub.example.net. NS SOA RRSIG NSEC DNSKEY - 7200 RRSIG NSEC 1 3 7200 20080802101917 ( - 20080731101917 4254 sub.example.net. - ElgI6LCNWdDWM3OKh4vNDN9EiSns1bpnmOPK - TmAPb/tStfHfmNOuwBleW6irtDexizZcZFl8 - feRHQBEYFpgvhA== ) - 3600 DNSKEY 256 3 1 ( - BQEAAAABxZS/DJA1BUdYVj5cOmMMnA5W/SHl - kb4sEZkca3uIqV4gTzgvguftN+M1ZgwyPwar - n7DQR1Eb92uW3ALxwN2o6w== - ) ; key id = 56744 - 3600 DNSKEY 256 3 1 ( - BQEAAAAB4Z/siqZTvCFKzaOrB8+HHTlR9is+ - /+/Sem6gxhZt/vpWkNMyaSpAT8LjR7nNHr9v - NYsJ2KCQtY2dUFjT5BCeqQ== - ) ; key id = 4254 - 3600 DNSKEY 257 3 5 ( - AQOjGNN0/hLA20+W2qo0sktVActYKf1Opnx+ - bmkWSrsmJHMBHlT8hL507pGTmDoyH0Ae9+3M - ZSTBL1S+HhA12B0htiTp8IbtN/gZOBbwD36c - BpPe72uDQoUy/TdSn1HLtoqUSMTB+saqCTZW - CfIEqcbHRn0T6PhgqLyCvLzbZ/avYw== - ) ; key id = 54876 - 3600 RRSIG DNSKEY 1 3 3600 20080802101917 ( - 20080731101917 4254 sub.example.net. - ASLViHuAWYqnzkZ4i6eywTuKvHyk93xsQBba - 4VjRCKc93KzvkWUA6SgOcwGvuRuAGCGb60VT - UW2clZMFj/Fy6g== ) - 3600 RRSIG DNSKEY 5 3 3600 20080802101917 ( - 20080731101917 54876 sub.example.net. - B2w2YAkeV2vx159FnG+B/H36Vnx8L1WwHt3E - 0YV1yYj2s5ZV6B6Gq34Ahm6y+zs7TsVxeYpO - OCoYCck/D+ehpuHOzZRR7xS2Rz/xLIvfASAK - 7NT/aIOlNPWH6I1J3ZAwhfAwF680KEFHPksv - oFMHe/OpIq7x/a4NdMn3yIWbFtg= ) -a.sub.example.net. 7200 IN A 1.2.3.4 - 7200 RRSIG A 1 4 7200 20080802101917 ( - 20080731101917 4254 sub.example.net. - 1bTDrFSMIV8H8HTfEFQiG7dqYGr3a8UvK5fQ - owoh0VJuG4+DCUZU8edUSwnzMW8Yza4Ev0j+ - M4ESPnoKxli7YQ== ) - 7200 NSEC b.sub.example.net. A RRSIG NSEC - 7200 RRSIG NSEC 1 4 7200 20080802101917 ( - 20080731101917 4254 sub.example.net. - nmJGbJWWaChlNmTTk5TgWEYRETeSJFiCoYHv - USKfEwLn13LfKk/lRZJarWIkDh7mxoismPOt - 2ODgeGLhUTap7A== ) -b.sub.example.net. 7200 IN A 1.2.3.5 - 7200 RRSIG A 1 4 7200 20080802101917 ( - 20080731101917 4254 sub.example.net. - ojTCQ+aB8WClC7ncJsVGaN5RY6lczR7/Q0uz - bydmXQBjGUdF/GsuJvhR26mVbPzJNmF7uDNN - S0Et3ivWZSAVOg== ) - 7200 NSEC c.sub.example.net. A RRSIG NSEC - 7200 RRSIG NSEC 1 4 7200 20080802101917 ( - 20080731101917 4254 sub.example.net. - a6adIifDPjibbLme8dVzcKymxSARsIs2pz7B - jHXl0NCH9tmPBc/cBnjHxnSaes3QVDeok04k - +SzjVQtJfxUDsA== ) -c.sub.example.net. 7200 IN A 1.2.3.6 - 7200 RRSIG A 1 4 7200 20080802101917 ( - 20080731101917 4254 sub.example.net. - ZeYTG7C6eEXhcHaBS4oIcwWGA5NayJs9aqhb - eWLRoZ75LxgIxhMQYU6A22PQf+zIWLADd0ID - z5HLpC+KbfpJxw== ) - 7200 NSEC localhost.sub.example.net. A RRSIG NSEC - 7200 RRSIG NSEC 1 4 7200 20080802101917 ( - 20080731101917 4254 sub.example.net. - IypmujoPBPhfEJqJdst5ZBazYfrr5l8nzrIh - a6xQYUDcw8aI96rVxn0pjeeiGBHuge2HbAAh - 4AnYjZlHjfe+MA== ) -localhost.sub.example.net. 7200 IN A 127.0.0.1 - 7200 RRSIG A 1 4 7200 20080802101917 ( - 20080731101917 4254 sub.example.net. - o8kEv5q2Xus/jL8w8gB/M3VSvz7eTP67u38T - X+JO2yRn7W8gIxPo46yYfgr3qB7WXYD8jB8Y - vw4b+pdoWMi0+g== ) - 7200 NSEC sub.example.net. A RRSIG NSEC - 7200 RRSIG NSEC 1 4 7200 20080802101917 ( - 20080731101917 4254 sub.example.net. - XbQQpoL8oV9kgpIKHyX2KoCmtMm2Wub1lVu9 - PP0RM4QO5bpWls0ify3KgNiAg0g6qV86UQIr - SgFnqsd6YTxxpw== ) diff --git a/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+006+04710.key b/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+006+04710.key new file mode 100644 index 00000000..80d1ca0c --- /dev/null +++ b/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+006+04710.key @@ -0,0 +1,3 @@ +;% generationtime=20081228220628 +;% lifetime=3d +sub.example.net. IN DNSKEY 256 3 6 AKh40WuaLB5icdjaU/WvsAlgOwi5vkFZckOUzy7Bj+uFawiZePzJ376i jMX7LHr8z1NNhNOBRhUNxd3yJUjLVzWmoPu6oilpY0T/7JM2IQO3At1z gbfUKNyiPZ6oWgPYv71zph2oeEv/imIItqFoz+s9rJLBevzRINvunS1n n4Fiq7gi21miJiG63hHEoNr5Y/kbB02t91IQ7Ts8qrKZZHDk36K83OzW KnF1OGkSIki7kfoWyUi6cJAMdnc33uPf+7inEguN4Sr2h4QXGNm42hKI v8lZ diff --git a/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+006+04710.published b/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+006+04710.published new file mode 100644 index 00000000..f10110da --- /dev/null +++ b/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+006+04710.published @@ -0,0 +1,7 @@ +Private-key-format: v1.2 +Algorithm: 6 (?) +Prime(p): vkFZckOUzy7Bj+uFawiZePzJ376ijMX7LHr8z1NNhNOBRhUNxd3yJUjLVzWmoPu6oilpY0T/7JM2IQO3At1zgQ== +Subprime(q): qHjRa5osHmJx2NpT9a+wCWA7CLk= +Base(g): t9Qo3KI9nqhaA9i/vXOmHah4S/+KYgi2oWjP6z2sksF6/NEg2+6dLWefgWKruCLbWaImIbreEcSg2vlj+RsHTQ== +Private_value(x): J9kC0094M4urh22UyajBvYp6OUU= +Public_value(y): rfdSEO07PKqymWRw5N+ivNzs1ipxdThpEiJIu5H6FslIunCQDHZ3N97j3/u4pxILjeEq9oeEFxjZuNoSiL/JWQ== diff --git a/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+006+05823.key b/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+006+05823.key new file mode 100644 index 00000000..2cb92c46 --- /dev/null +++ b/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+006+05823.key @@ -0,0 +1,3 @@ +;% generationtime=20081216133130 +;% lifetime=3d +sub.example.net. IN DNSKEY 256 3 6 AM1UxbjTGN5tGzLFwt1CwRx4mlDP50c8zvi1zrCvWeR2s851pF1lyqoi 7w+KlRmWrsEyyGS+HmnxyQDaY1+TYi+gJzHVS1kVv98x1ggg8Gb1EtNp +U1bNU2DyopLKhZR5+6SN5u7R7tlQCGlmesE4yAD2kLBYAvBoSXgPhPn /UDQWz08x3IaYVvVcQccBAgue4Nh/RE3A325wgodhZ4VOghCsKojF+u0 DXLuWYY6h6KWn4yuto6NMBb5hXSDaYMTgiJYO5MS79d876LIPJyv3mls lfy1 diff --git a/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+006+05823.private b/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+006+05823.private new file mode 100644 index 00000000..50a0c942 --- /dev/null +++ b/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+006+05823.private @@ -0,0 +1,7 @@ +Private-key-format: v1.2 +Algorithm: 6 (?) +Prime(p): 50c8zvi1zrCvWeR2s851pF1lyqoi7w+KlRmWrsEyyGS+HmnxyQDaY1+TYi+gJzHVS1kVv98x1ggg8Gb1EtNp+Q== +Subprime(q): zVTFuNMY3m0bMsXC3ULBHHiaUM8= +Base(g): TVs1TYPKiksqFlHn7pI3m7tHu2VAIaWZ6wTjIAPaQsFgC8GhJeA+E+f9QNBbPTzHchphW9VxBxwECC57g2H9EQ== +Private_value(x): LnevSOPwRhakaa7vYh1YBwGWIh8= +Public_value(y): NwN9ucIKHYWeFToIQrCqIxfrtA1y7lmGOoeilp+MrraOjTAW+YV0g2mDE4IiWDuTEu/XfO+iyDycr95pbJX8tQ== diff --git a/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+006+22440.depreciated b/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+006+22440.depreciated new file mode 100644 index 00000000..14edffd1 --- /dev/null +++ b/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+006+22440.depreciated @@ -0,0 +1,7 @@ +Private-key-format: v1.2 +Algorithm: 6 (?) +Prime(p): j+A/58oThRkOD+cmyxsyLP0qrQcozEPyY+SI5/7cj1chepu4me5ek8kaxKMxecDzP79mSCiX60J/Zl73x4qPoQ== +Subprime(q): kuawB/eONoc0BjGmDIKOerRKBkM= +Base(g): C/CRAij2ID/BEajrSxPOHaMWdQ06G5zfI6el3MIZtMFvNxBQypZ3VRawKbBeOncxvSMSX/ecw5MeJDKXCWfi7Q== +Private_value(x): HZ/c+Fa0T/qv5IwEmPEF681ckVw= +Public_value(y): bvjS4V5v38HzFvDmzxxq09i13mBupQ79O5ZLNyxoyE17kHNcKD6/ggVPSVx1jDymtgE9FLYgo1OoKh9qdNrG0w== diff --git a/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+006+22440.key b/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+006+22440.key new file mode 100644 index 00000000..0269761c --- /dev/null +++ b/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+006+22440.key @@ -0,0 +1,3 @@ +;% generationtime=20081209130816 +;% lifetime=3d +sub.example.net. IN DNSKEY 256 3 6 AJLmsAf3jjaHNAYxpgyCjnq0SgZDj+A/58oThRkOD+cmyxsyLP0qrQco zEPyY+SI5/7cj1chepu4me5ek8kaxKMxecDzP79mSCiX60J/Zl73x4qP oQvwkQIo9iA/wRGo60sTzh2jFnUNOhuc3yOnpdzCGbTBbzcQUMqWd1UW sCmwXjp3Mb0jEl/3nMOTHiQylwln4u1u+NLhXm/fwfMW8ObPHGrT2LXe YG6lDv07lks3LGjITXuQc1woPr+CBU9JXHWMPKa2AT0UtiCjU6gqH2p0 2sbT diff --git a/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+18846.key b/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+18846.key new file mode 100644 index 00000000..688d4212 --- /dev/null +++ b/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+18846.key @@ -0,0 +1,3 @@ +;% generationtime=20081125154049 +;% lifetime=60d +sub.example.net. IN DNSKEY 257 3 7 AwEAAeOdfq7cwfhl3aL8BlURGngPA+3I2E3G3XPRE7Yaw/Nco7aXorHK JgRFMoM30q7jDBaudLeXC//fOQAw2P5vCwyuHmIFo4flXn51sMeFpWdP 7E8fmi4k/YoCESu+vBvf+rZWDMVosj8VVEIbKTcJE16Nsd1ls1FIGfiq fu8SrJ0f diff --git a/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+18846.private b/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+18846.private new file mode 100644 index 00000000..5b5edbb3 --- /dev/null +++ b/contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+18846.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 7 (?) +Modulus: 451+rtzB+GXdovwGVREaeA8D7cjYTcbdc9ETthrD81yjtpeiscomBEUygzfSruMMFq50t5cL/985ADDY/m8LDK4eYgWjh+VefnWwx4WlZ0/sTx+aLiT9igIRK768G9/6tlYMxWiyPxVUQhspNwkTXo2x3WWzUUgZ+Kp+7xKsnR8= +PublicExponent: AQAB +PrivateExponent: J0mYBDa2hFmQ2AEIVsaM+wwccX6pV0NsFgGQlW4pRGhJGcsymd16kmIfRebsxqMKAyA5pTa9K30sKYxE6CXikgpm1+TqQtH3CQJGEz81gf5/c/RgHdG4+bygPrKeW1vA7dI5jsEQ8wnhBAJa0jDIt8f0bP9G5rGYyxctmmC8mgE= +Prime1: 8gsI7gGw1oPDMLhQHMx3NorrKgy1wMu3/anCcIEEe1OflmSNHzb0Y4hQ8Zl97EyU6ZuPAGlnI4MfykK2V35orw== +Prime2: 8L163OyeS3aLn+Bxfxlc/6OZGat5b6C5RKFzvdJ9/7ZxM1woegJCe8DD0wwuKwNs7go+venTI4O7L1ZB0jJOkQ== +Exponent1: aJiOLlQ6uCjOk+JCdH+DUOWthEljzcH7a7oNlZKbfjP/9fzT41ZbPBvvZsh+2zuo6l7X6ESkVntWpJA5vguZbw== +Exponent2: a4mIh4VfFICI0Er3B/pxc3RF4JSbc0TNXZ3tUL7lL8P0fyfMoOu/fP5Xuz+2o9os34xOCJGZkkS26edTEa0NMQ== +Coefficient: sEYTrLAosmx+x8M2BBdTYLddTSbv3xXDlqHeCNxajW4bhhbjkn3oMCWQfaq7Oke4zeUXPOAYjaf8Ve2oLD9fzg== diff --git a/contrib/zkt/examples/flat/sub.example.net/dlvset-sub.example.net. b/contrib/zkt/examples/flat/sub.example.net/dlvset-sub.example.net. new file mode 100644 index 00000000..8537da02 --- /dev/null +++ b/contrib/zkt/examples/flat/sub.example.net/dlvset-sub.example.net. @@ -0,0 +1,2 @@ +sub.example.net.dlv.trusted-keys.de. IN DLV 18846 7 1 71103B8D50793E190E48D99E95B48D9F20C404C6 +sub.example.net.dlv.trusted-keys.de. IN DLV 18846 7 2 42A13BAC66BEB451B6BF17A51FC2C141B765D3E9B952C689BA4B572D C1AF2FCC diff --git a/contrib/zkt/examples/flat/sub.example.net/dnskey.db b/contrib/zkt/examples/flat/sub.example.net/dnskey.db new file mode 100644 index 00000000..7d4c4acb --- /dev/null +++ b/contrib/zkt/examples/flat/sub.example.net/dnskey.db @@ -0,0 +1,47 @@ +; +; !!! Don't edit this file by hand. +; !!! It will be generated by dnssec-signer. +; +; Last generation time Dec 28 2008 23:08:02 +; + +; *** List of Key Signing Keys *** +; sub.example.net. tag=18846 algo=NSEC3RSASHA1 generated Nov 25 2008 16:40:49 +sub.example.net. 3600 IN DNSKEY 257 3 7 ( + AwEAAeOdfq7cwfhl3aL8BlURGngPA+3I2E3G3XPRE7Yaw/Nco7aXorHK + JgRFMoM30q7jDBaudLeXC//fOQAw2P5vCwyuHmIFo4flXn51sMeFpWdP + 7E8fmi4k/YoCESu+vBvf+rZWDMVosj8VVEIbKTcJE16Nsd1ls1FIGfiq + fu8SrJ0f + ) ; key id = 18846 + +; *** List of Zone Signing Keys *** +; sub.example.net. tag=5823 algo=NSEC3DSA generated Dec 28 2008 23:06:27 +sub.example.net. 3600 IN DNSKEY 256 3 6 ( + AM1UxbjTGN5tGzLFwt1CwRx4mlDP50c8zvi1zrCvWeR2s851pF1lyqoi + 7w+KlRmWrsEyyGS+HmnxyQDaY1+TYi+gJzHVS1kVv98x1ggg8Gb1EtNp + +U1bNU2DyopLKhZR5+6SN5u7R7tlQCGlmesE4yAD2kLBYAvBoSXgPhPn + /UDQWz08x3IaYVvVcQccBAgue4Nh/RE3A325wgodhZ4VOghCsKojF+u0 + DXLuWYY6h6KWn4yuto6NMBb5hXSDaYMTgiJYO5MS79d876LIPJyv3mls + lfy1 + ) ; key id = 5823 + +; sub.example.net. tag=22440 algo=NSEC3DSA generated Dec 28 2008 23:06:27 +sub.example.net. 3600 IN DNSKEY 256 3 6 ( + AJLmsAf3jjaHNAYxpgyCjnq0SgZDj+A/58oThRkOD+cmyxsyLP0qrQco + zEPyY+SI5/7cj1chepu4me5ek8kaxKMxecDzP79mSCiX60J/Zl73x4qP + oQvwkQIo9iA/wRGo60sTzh2jFnUNOhuc3yOnpdzCGbTBbzcQUMqWd1UW + sCmwXjp3Mb0jEl/3nMOTHiQylwln4u1u+NLhXm/fwfMW8ObPHGrT2LXe + YG6lDv07lks3LGjITXuQc1woPr+CBU9JXHWMPKa2AT0UtiCjU6gqH2p0 + 2sbT + ) ; key id = 22440 + +; sub.example.net. tag=4710 algo=NSEC3DSA generated Dec 28 2008 23:06:28 +sub.example.net. 3600 IN DNSKEY 256 3 6 ( + AKh40WuaLB5icdjaU/WvsAlgOwi5vkFZckOUzy7Bj+uFawiZePzJ376i + jMX7LHr8z1NNhNOBRhUNxd3yJUjLVzWmoPu6oilpY0T/7JM2IQO3At1z + gbfUKNyiPZ6oWgPYv71zph2oeEv/imIItqFoz+s9rJLBevzRINvunS1n + n4Fiq7gi21miJiG63hHEoNr5Y/kbB02t91IQ7Ts8qrKZZHDk36K83OzW + KnF1OGkSIki7kfoWyUi6cJAMdnc33uPf+7inEguN4Sr2h4QXGNm42hKI + v8lZ + ) ; key id = 4710 + diff --git a/contrib/zkt/examples/flat/sub.example.net./dnssec.conf b/contrib/zkt/examples/flat/sub.example.net/dnssec.conf index 4a045ad7..30ae923c 100644 --- a/contrib/zkt/examples/flat/sub.example.net./dnssec.conf +++ b/contrib/zkt/examples/flat/sub.example.net/dnssec.conf @@ -4,11 +4,12 @@ sigvalidity 2d max_ttl 90s Serialformat: unixtime -ksk_algo RSASHA1 +zsk_lifetime 3m +ksk_algo N3RSASHA1 ksk_bits 1024 zsk_lifetime 3d -zsk_algo RSAMD5 +zsk_algo NSEC3DSA zsk_bits 512 dlv_domain "dlv.trusted-keys.de" diff --git a/contrib/zkt/examples/flat/sub.example.net/dsset-sub.example.net. b/contrib/zkt/examples/flat/sub.example.net/dsset-sub.example.net. new file mode 100644 index 00000000..f35581d0 --- /dev/null +++ b/contrib/zkt/examples/flat/sub.example.net/dsset-sub.example.net. @@ -0,0 +1,2 @@ +sub.example.net. IN DS 18846 7 1 71103B8D50793E190E48D99E95B48D9F20C404C6 +sub.example.net. IN DS 18846 7 2 42A13BAC66BEB451B6BF17A51FC2C141B765D3E9B952C689BA4B572D C1AF2FCC diff --git a/contrib/zkt/examples/flat/sub.example.net/keyset-sub.example.net. b/contrib/zkt/examples/flat/sub.example.net/keyset-sub.example.net. new file mode 100644 index 00000000..5c58fad5 --- /dev/null +++ b/contrib/zkt/examples/flat/sub.example.net/keyset-sub.example.net. @@ -0,0 +1,8 @@ +$ORIGIN . +sub.example.net 7200 IN DNSKEY 257 3 7 ( + AwEAAeOdfq7cwfhl3aL8BlURGngPA+3I2E3G + 3XPRE7Yaw/Nco7aXorHKJgRFMoM30q7jDBau + dLeXC//fOQAw2P5vCwyuHmIFo4flXn51sMeF + pWdP7E8fmi4k/YoCESu+vBvf+rZWDMVosj8V + VEIbKTcJE16Nsd1ls1FIGfiqfu8SrJ0f + ) ; key id = 18846 diff --git a/contrib/zkt/examples/flat/sub.example.net/maxhexsalt b/contrib/zkt/examples/flat/sub.example.net/maxhexsalt new file mode 100644 index 00000000..94bc5aff --- /dev/null +++ b/contrib/zkt/examples/flat/sub.example.net/maxhexsalt @@ -0,0 +1 @@ +1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDE
\ No newline at end of file diff --git a/contrib/zkt/examples/flat/sub.example.net/maxhexsalt+1 b/contrib/zkt/examples/flat/sub.example.net/maxhexsalt+1 new file mode 100644 index 00000000..6f1f3b5c --- /dev/null +++ b/contrib/zkt/examples/flat/sub.example.net/maxhexsalt+1 @@ -0,0 +1 @@ +1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDE1
\ No newline at end of file diff --git a/contrib/zkt/examples/flat/sub.example.net./zone.db b/contrib/zkt/examples/flat/sub.example.net/zone.db index c9ec01ee..1eb2d9e1 100644 --- a/contrib/zkt/examples/flat/sub.example.net./zone.db +++ b/contrib/zkt/examples/flat/sub.example.net/zone.db @@ -1,13 +1,13 @@ ;----------------------------------------------------------------- ; -; @(#) sec.example.net/zone.db +; @(#) sub.example.net/zone.db ; ;----------------------------------------------------------------- $TTL 7200 @ IN SOA ns1.example.net. hostmaster.example.net. ( - 0 ; Serial + 2 ; Serial 86400 ; Refresh (RIPE recommendation if NOTIFY is used) 1800 ; Retry 2W ; Expire diff --git a/contrib/zkt/examples/flat/sub.example.net/zone.db.signed b/contrib/zkt/examples/flat/sub.example.net/zone.db.signed new file mode 100644 index 00000000..79cc5e73 --- /dev/null +++ b/contrib/zkt/examples/flat/sub.example.net/zone.db.signed @@ -0,0 +1,116 @@ +; File written on Sun Dec 28 23:08:02 2008 +; dnssec_signzone version 9.6.0 +sub.example.net. 7200 IN SOA ns1.example.net. hostmaster.example.net. ( + 1230502082 ; serial + 86400 ; refresh (1 day) + 1800 ; retry (30 minutes) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 7200 RRSIG SOA 6 3 7200 20081230210802 ( + 20081228210802 5823 sub.example.net. + AMwSbl1AvSw6nz/6SAX26uwD5BAKYAxmfBIq + ynkaiFplhArpE1dTqlU= ) + 7200 NS ns1.example.net. + 7200 RRSIG NS 6 3 7200 20081230210802 ( + 20081228210802 5823 sub.example.net. + AFIZX6ddVm4v+ae2F4zcVgp0jJHow+jKe+LC + YYNpRqF42vDPsri4shw= ) + 3600 DNSKEY 256 3 6 ( + AJLmsAf3jjaHNAYxpgyCjnq0SgZDj+A/58oT + hRkOD+cmyxsyLP0qrQcozEPyY+SI5/7cj1ch + epu4me5ek8kaxKMxecDzP79mSCiX60J/Zl73 + x4qPoQvwkQIo9iA/wRGo60sTzh2jFnUNOhuc + 3yOnpdzCGbTBbzcQUMqWd1UWsCmwXjp3Mb0j + El/3nMOTHiQylwln4u1u+NLhXm/fwfMW8ObP + HGrT2LXeYG6lDv07lks3LGjITXuQc1woPr+C + BU9JXHWMPKa2AT0UtiCjU6gqH2p02sbT + ) ; key id = 22440 + 3600 DNSKEY 256 3 6 ( + AKh40WuaLB5icdjaU/WvsAlgOwi5vkFZckOU + zy7Bj+uFawiZePzJ376ijMX7LHr8z1NNhNOB + RhUNxd3yJUjLVzWmoPu6oilpY0T/7JM2IQO3 + At1zgbfUKNyiPZ6oWgPYv71zph2oeEv/imII + tqFoz+s9rJLBevzRINvunS1nn4Fiq7gi21mi + JiG63hHEoNr5Y/kbB02t91IQ7Ts8qrKZZHDk + 36K83OzWKnF1OGkSIki7kfoWyUi6cJAMdnc3 + 3uPf+7inEguN4Sr2h4QXGNm42hKIv8lZ + ) ; key id = 4710 + 3600 DNSKEY 256 3 6 ( + AM1UxbjTGN5tGzLFwt1CwRx4mlDP50c8zvi1 + zrCvWeR2s851pF1lyqoi7w+KlRmWrsEyyGS+ + HmnxyQDaY1+TYi+gJzHVS1kVv98x1ggg8Gb1 + EtNp+U1bNU2DyopLKhZR5+6SN5u7R7tlQCGl + mesE4yAD2kLBYAvBoSXgPhPn/UDQWz08x3Ia + YVvVcQccBAgue4Nh/RE3A325wgodhZ4VOghC + sKojF+u0DXLuWYY6h6KWn4yuto6NMBb5hXSD + aYMTgiJYO5MS79d876LIPJyv3mlslfy1 + ) ; key id = 5823 + 3600 DNSKEY 257 3 7 ( + AwEAAeOdfq7cwfhl3aL8BlURGngPA+3I2E3G + 3XPRE7Yaw/Nco7aXorHKJgRFMoM30q7jDBau + dLeXC//fOQAw2P5vCwyuHmIFo4flXn51sMeF + pWdP7E8fmi4k/YoCESu+vBvf+rZWDMVosj8V + VEIbKTcJE16Nsd1ls1FIGfiqfu8SrJ0f + ) ; key id = 18846 + 3600 RRSIG DNSKEY 6 3 3600 20081230210802 ( + 20081228210802 5823 sub.example.net. + AMh2mLe04LwOikgp7Djk5OD+VjsxHWFIrM5K + eZ9TwWum0+c3KRc0Ye0= ) + 3600 RRSIG DNSKEY 7 3 3600 20081230210802 ( + 20081228210802 18846 sub.example.net. + oXtpSP1gJIoDZ4HUjdlGV6wyS0VPHp9pv7hB + t8sOWSTxSAQ2D1u+2bHK97lE7c1TJUqNsQO7 + YiTwCvfeypt/9QWSFg8d8TrUTaFvUyZO9yJM + HEeJvoV9+TmRsqT1M4vYNO6OY9zBrqQF8Jov + gblJkg3ftGhllMDdz8JlIe3m35U= ) + 0 NSEC3PARAM 1 0 100 B5EA98 + 0 RRSIG NSEC3PARAM 6 3 0 20081230210802 ( + 20081228210802 5823 sub.example.net. + AEK69arso3M/F6qdvHBnEaS7PYoMPzkXeut8 + f7tQNJi/n/57iOXxBtY= ) +a.sub.example.net. 7200 IN A 1.2.3.4 + 7200 RRSIG A 6 4 7200 20081230210802 ( + 20081228210802 5823 sub.example.net. + ACtzcM76XGO0nQg0MNi/3xIA17I/Zl7dpLie + L+UWpvdyC01FhiJ9nBc= ) +b.sub.example.net. 7200 IN A 1.2.3.5 + 7200 RRSIG A 6 4 7200 20081230210802 ( + 20081228210802 5823 sub.example.net. + AMvlob5onyssxa/DQ13dtCp9pL9sHw4pruqq + PI85Joh+QNgM26VGXRA= ) +c.sub.example.net. 7200 IN A 1.2.3.6 + 7200 RRSIG A 6 4 7200 20081230210802 ( + 20081228210802 5823 sub.example.net. + AJAcwAkedEjx4i28vF/Uu31BDly6Hmc5LI9R + 19PqH1vAijma5No2x5Q= ) +localhost.sub.example.net. 7200 IN A 127.0.0.1 + 7200 RRSIG A 6 4 7200 20081230210802 ( + 20081228210802 5823 sub.example.net. + ACgSEXi/TbpF35NNFs8zocciqhZtwDL5C4e/ + 6hTGwvl3Z+IjCjf8oDc= ) +ANQ08MJB3Q48CAVL5MEKLHUA2EG2808A.sub.example.net. 7200 IN NSEC3 1 0 100 B5EA98 FLIRT946Q32FSU4Q1ISRK4UJAFMRNHEE A RRSIG + 7200 RRSIG NSEC3 6 4 7200 20081230210802 ( + 20081228210802 5823 sub.example.net. + AGjJ1uwyqNVcHgz3aFQZhvNFpBEPXdQaEeKo + /1Joi1+1g5r7AqEPgbU= ) +FLIRT946Q32FSU4Q1ISRK4UJAFMRNHEE.sub.example.net. 7200 IN NSEC3 1 0 100 B5EA98 J961TISKA95UUNS1JAV5OMBDNS342B6O A RRSIG + 7200 RRSIG NSEC3 6 4 7200 20081230210802 ( + 20081228210802 5823 sub.example.net. + AERaVeALOfnnt/33oq5dDu08p3oyfYET59xd + x6I2CRIOFUr7LkHm2ro= ) +J961TISKA95UUNS1JAV5OMBDNS342B6O.sub.example.net. 7200 IN NSEC3 1 0 100 B5EA98 KJVHLHHLAADEDFM1ONPEIBM68DIIPI6O A RRSIG + 7200 RRSIG NSEC3 6 4 7200 20081230210802 ( + 20081228210802 5823 sub.example.net. + ADgp7RYKJ95X9iLaS/O0N75fzc/yjA3NhVnv + hDKrUluwi2qYv1/AOIk= ) +KJVHLHHLAADEDFM1ONPEIBM68DIIPI6O.sub.example.net. 7200 IN NSEC3 1 0 100 B5EA98 TE1BL0NOCKMSQ7ARERPVQTM4NBVRN6CN A RRSIG + 7200 RRSIG NSEC3 6 4 7200 20081230210802 ( + 20081228210802 5823 sub.example.net. + AMkFnz9tj86fr4NmFDnrqDNFlkgMAhRY/fR3 + SGzdb8LfKdbWCRwYtu0= ) +TE1BL0NOCKMSQ7ARERPVQTM4NBVRN6CN.sub.example.net. 7200 IN NSEC3 1 0 100 B5EA98 ANQ08MJB3Q48CAVL5MEKLHUA2EG2808A NS SOA RRSIG DNSKEY NSEC3PARAM + 7200 RRSIG NSEC3 6 4 7200 20081230210802 ( + 20081228210802 5823 sub.example.net. + AHYEmiF12gwP5LOpUfqK+uHzj7cwuxlGXNT7 + OdhDcXznJd5bkkQuoFY= ) diff --git a/contrib/zkt/examples/flat/zkt.log b/contrib/zkt/examples/flat/zkt.log index 9276f945..40729a83 100644 --- a/contrib/zkt/examples/flat/zkt.log +++ b/contrib/zkt/examples/flat/zkt.log @@ -1,2501 +1,139 @@ -2008-06-10 00:36:45.086: warning: zone "sub.example.net.": lifetime of key signing key 54876 exceeded -2008-06-10 00:37:09.073: warning: zone "sub.example.net.": lifetime of key signing key 54876 exceeded -2008-06-10 00:37:09.074: error: zone "example.net.": couldn't increment serialno in file ./example.net./zone.db: not enough space left for serialno -2008-06-10 00:37:24.586: warning: zone "sub.example.net.": lifetime of key signing key 54876 exceeded -2008-06-10 00:37:24.588: error: zone "example.net.": couldn't increment serialno in file ./example.net./zone.db: not enough space left for serialno -2008-06-10 00:38:02.499: warning: zone "sub.example.net.": lifetime of key signing key 54876 exceeded -2008-06-10 00:38:14.016: warning: zone "sub.example.net.": lifetime of key signing key 54876 exceeded -2008-06-10 00:38:14.018: error: zone "example.net.": couldn't increment serialno in file ./example.net./zone.db: couldn't find serialnumber in zone file -2008-06-10 00:38:40.235: warning: zone "sub.example.net.": lifetime of key signing key 54876 exceeded -2008-06-10 00:38:40.236: error: zone "example.net.": couldn't increment serialno in file ./example.net./zone.db: unexpected end of file -2008-06-10 00:38:49.975: warning: zone "sub.example.net.": lifetime of key signing key 54876 exceeded -2008-06-11 13:47:16.909: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded () -2008-06-11 13:51:06.959: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded -16781202() -2008-06-11 13:54:29.680: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded (27w5d5h30m5s) -2008-06-11 13:56:36.990: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w5d5h32m12s -2008-06-11 22:39:48.053: notice: running as ../../dnssec-signer -v -v -2008-06-11 22:39:48.056: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w5d14h15m24s -2008-06-11 22:39:48.056: notice: "sub.example.net.": lifetime of zone signing key 44833 exceeded since 2h30m54s: ZSK rollover done -2008-06-11 22:39:48.143: notice: "sub.example.net.": re-signing triggered: New zone key -2008-06-11 22:39:48.617: notice: end of run: 0 errors occured -2008-06-11 22:41:14.103: notice: running as ../../dnssec-signer -v -v -2008-06-11 22:41:14.106: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w5d14h16m50s -2008-06-11 22:41:14.106: notice: end of run: 0 errors occured -2008-06-11 22:48:18.445: notice: running as ../../dnssec-signer -v -v -2008-06-11 22:48:18.448: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w5d14h23m54s -2008-06-11 22:48:18.448: notice: "sub.example.net.": re-signing triggered: New zone key -2008-06-11 22:48:19.087: notice: end of run: 0 errors occured -2008-06-11 22:56:53.295: notice: running as ../../dnssec-signer -v -v -2008-06-11 22:56:53.297: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w5d14h32m29s -2008-06-11 22:56:53.297: notice: end of run: 0 errors occured -2008-06-11 23:01:41.451: notice: running as ../../dnssec-signer -v -v -2008-06-11 23:01:41.454: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w5d14h37m17s -2008-06-11 23:01:41.454: notice: end of run: 0 errors occured -2008-06-11 23:04:25.909: notice: running as ../../dnssec-signer -c dnssec.conf -v -v -2008-06-11 23:04:25.911: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w5d14h40m1s -2008-06-11 23:04:25.911: notice: end of run: 0 errors occured -2008-06-12 13:06:54.007: notice: running as ../../dnssec-signer -v -v -2008-06-12 13:06:54.055: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d4h42m30s -2008-06-12 13:06:54.056: notice: end of run: 0 errors occured -2008-06-12 13:07:45.126: notice: running as ../../dnssec-signer -v -v -2008-06-12 13:07:45.129: debug: parsing zone "sub.example.net." in dir "./sub.example.net." - -2008-06-12 13:07:45.129: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d4h43m21s -2008-06-12 13:07:45.130: debug: parsing zone "example.net." in dir "./example.net." - -2008-06-12 13:07:45.130: notice: end of run: 0 errors occured -2008-06-12 13:22:02.251: notice: running as ../../dnssec-signer -v -v -2008-06-12 13:22:02.253: debug: parsing zone "sub.example.net." in dir "./sub.example.net." - -2008-06-12 13:22:02.253: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d4h57m38s -2008-06-12 13:22:02.253: debug: parsing zone "example.net." in dir "./example.net." - -2008-06-12 13:22:02.253: notice: end of run: 0 errors occured -2008-06-12 13:24:37.956: notice: running as ../../dnssec-signer -v -v -2008-06-12 13:24:37.958: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-06-12 13:24:37.958: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d5h13s -2008-06-12 13:24:37.958: debug: parsing zone "example.net." in dir "./example.net." -2008-06-12 13:24:37.958: notice: end of run: 0 errors occured -2008-06-12 13:25:32.993: notice: running as ../../dnssec-signer --config-option verboselog: 0; -v -v -2008-06-12 13:25:32.997: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d5h1m8s -2008-06-12 13:25:32.997: notice: end of run: 0 errors occured -2008-06-12 13:26:49.861: notice: running as ../../dnssec-signer -O verboselog: 0; -v -v -2008-06-12 13:26:49.864: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d5h2m25s -2008-06-12 13:26:49.864: notice: end of run: 0 errors occured -2008-06-12 16:28:01.977: notice: running as ../../dnssec-signer --config-option verboselog: 0; -v -v -2008-06-12 16:28:01.979: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h3m37s -2008-06-12 16:28:01.979: notice: end of run: 0 errors occured -2008-06-12 16:28:13.626: notice: running as ../../dnssec-signer --config-option verboselog: 0; -v -2008-06-12 16:28:13.629: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h3m49s -2008-06-12 16:28:13.630: notice: end of run: 0 errors occured -2008-06-12 16:28:30.318: notice: running as ../../dnssec-signer --config-option verboselog: 0; -v -v -2008-06-12 16:28:30.320: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h4m6s -2008-06-12 16:28:30.320: notice: end of run: 0 errors occured -2008-06-12 16:34:06.968: notice: running as ../../dnssec-signer -v -v -2008-06-12 16:34:06.971: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-06-12 16:34:06.971: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h9m42s -2008-06-12 16:34:06.972: debug: parsing zone "example.net." in dir "./example.net." -2008-06-12 16:34:06.972: notice: end of run: 0 errors occured -2008-06-12 16:34:15.816: notice: running as ../../dnssec-signer -2008-06-12 16:34:15.818: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-06-12 16:34:15.818: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h9m51s -2008-06-12 16:34:15.818: debug: parsing zone "example.net." in dir "./example.net." -2008-06-12 16:34:15.818: notice: end of run: 0 errors occured -2008-06-12 16:35:27.777: notice: running as ../../dnssec-signer --config-option verboselog: 0; -v -v -2008-06-12 16:35:27.780: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h11m3s -2008-06-12 16:35:27.780: notice: end of run: 0 errors occured -2008-06-12 16:44:56.266: notice: running as ../../dnssec-signer -v -v -2008-06-12 16:44:56.269: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-06-12 16:44:56.269: debug: ->ksk5011status returns 0 -2008-06-12 16:44:56.269: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h20m32s -2008-06-12 16:44:56.269: debug: Re-signing not necessary! -2008-06-12 16:44:56.269: debug: parsing zone "example.net." in dir "./example.net." -2008-06-12 16:44:56.269: debug: ->ksk5011status returns 2 -2008-06-12 16:44:56.269: debug: Re-signing not necessary! -2008-06-12 16:44:56.270: notice: end of run: 0 errors occured -2008-06-12 16:49:23.380: notice: running as ../../dnssec-signer -v -v -2008-06-12 16:49:23.385: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-06-12 16:49:23.385: debug: ->ksk5011status returns 0 -2008-06-12 16:49:23.386: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h24m59s -2008-06-12 16:49:23.386: debug: Re-signing not necessary! -2008-06-12 16:49:23.386: debug: parsing zone "example.net." in dir "./example.net." -2008-06-12 16:49:23.386: debug: ->ksk5011status returns 2 -2008-06-12 16:49:23.386: debug: Re-signing not necessary! -2008-06-12 16:49:23.386: notice: end of run: 0 errors occured -2008-06-12 16:49:28.284: notice: running as ../../dnssec-signer -r -v -v -2008-06-12 16:49:28.288: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-06-12 16:49:28.288: debug: ->ksk5011status returns 0 -2008-06-12 16:49:28.288: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h25m4s -2008-06-12 16:49:28.288: debug: Re-signing not necessary! -2008-06-12 16:49:28.288: debug: parsing zone "example.net." in dir "./example.net." -2008-06-12 16:49:28.288: debug: ->ksk5011status returns 2 -2008-06-12 16:49:28.288: debug: Re-signing not necessary! -2008-06-12 16:49:28.288: notice: end of run: 0 errors occured -2008-06-12 16:49:32.079: notice: running as ../../dnssec-signer -f -v -v -2008-06-12 16:49:32.081: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-06-12 16:49:32.081: debug: ->ksk5011status returns 0 -2008-06-12 16:49:32.081: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h25m8s -2008-06-12 16:49:32.082: debug: Re-signing necessary: Option -f -2008-06-12 16:49:32.082: notice: "sub.example.net.": re-signing triggered: Option -f -2008-06-12 16:49:32.082: debug: Writing key file "./sub.example.net./dnskey.db" -2008-06-12 16:49:32.082: debug: Signing zone "sub.example.net." -2008-06-12 16:49:32.082: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o sub.example.net. -e +172800 -g -l dlv.trusted-keys.de -N unixtime zone.db K*.private" -2008-06-12 16:49:32.222: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-06-12 16:49:32.222: debug: Signing completed after 0s. -2008-06-12 16:49:32.222: debug: -2008-06-12 16:49:32.222: debug: parsing zone "example.net." in dir "./example.net." -2008-06-12 16:49:32.222: debug: ->ksk5011status returns 2 -2008-06-12 16:49:32.223: debug: Re-signing necessary: Option -f -2008-06-12 16:49:32.223: notice: "example.net.": re-signing triggered: Option -f -2008-06-12 16:49:32.223: debug: Writing key file "./example.net./dnskey.db" -2008-06-12 16:49:32.223: debug: Incrementing serial number in file "./example.net./zone.db" -2008-06-12 16:49:32.223: debug: Signing zone "example.net." -2008-06-12 16:49:32.223: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o example.net. -e +518400 -g zone.db K*.private" -2008-06-12 16:49:32.335: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-06-12 16:49:32.335: debug: Signing completed after 0s. -2008-06-12 16:49:32.335: debug: -2008-06-12 16:49:32.335: notice: end of run: 0 errors occured -2008-06-12 17:02:15.076: notice: running as ../../dnssec-signer -f -v -v -2008-06-12 17:02:15.078: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-06-12 17:02:15.078: debug: Check RFC5011 status -2008-06-12 17:02:15.078: debug: ->ksk5011status returns 0 -2008-06-12 17:02:15.078: debug: Check ksk status -2008-06-12 17:02:15.078: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h37m51s -2008-06-12 17:02:15.078: debug: Re-signing necessary: Option -f -2008-06-12 17:02:15.078: notice: "sub.example.net.": re-signing triggered: Option -f -2008-06-12 17:02:15.078: debug: Writing key file "./sub.example.net./dnskey.db" -2008-06-12 17:02:15.079: debug: Signing zone "sub.example.net." -2008-06-12 17:02:15.079: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o sub.example.net. -e +172800 -g -l dlv.trusted-keys.de -N unixtime zone.db K*.private" -2008-06-12 17:02:15.254: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-06-12 17:02:15.254: debug: Signing completed after 0s. -2008-06-12 17:02:15.254: debug: -2008-06-12 17:02:15.254: debug: parsing zone "example.net." in dir "./example.net." -2008-06-12 17:02:15.255: debug: Check RFC5011 status -2008-06-12 17:02:15.255: debug: ->ksk5011status returns 2 -2008-06-12 17:02:15.255: debug: Re-signing necessary: Option -f -2008-06-12 17:02:15.255: notice: "example.net.": re-signing triggered: Option -f -2008-06-12 17:02:15.255: debug: Writing key file "./example.net./dnskey.db" -2008-06-12 17:02:15.255: debug: Incrementing serial number in file "./example.net./zone.db" -2008-06-12 17:02:15.255: debug: Signing zone "example.net." -2008-06-12 17:02:15.255: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o example.net. -e +518400 -g zone.db K*.private" -2008-06-12 17:02:15.368: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-06-12 17:02:15.368: debug: Signing completed after 0s. -2008-06-12 17:02:15.368: debug: -2008-06-12 17:02:15.368: notice: end of run: 0 errors occured -2008-06-12 17:43:50.388: notice: running as ../../dnssec-signer -f -f -2008-06-12 17:43:50.390: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-06-12 17:43:50.390: debug: Check RFC5011 status -2008-06-12 17:43:50.390: debug: ->ksk5011status returns 0 -2008-06-12 17:43:50.390: debug: Check ksk status -2008-06-12 17:43:50.390: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d9h19m26s -2008-06-12 17:43:50.390: debug: Re-signing necessary: Option -f -2008-06-12 17:43:50.390: notice: "sub.example.net.": re-signing triggered: Option -f -2008-06-12 17:43:50.390: debug: Writing key file "./sub.example.net./dnskey.db" -2008-06-12 17:43:50.390: debug: Signing zone "sub.example.net." -2008-06-12 17:43:50.390: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o sub.example.net. -e +172800 -g -l dlv.trusted-keys.de -N unixtime zone.db K*.private" -2008-06-12 17:43:50.533: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-06-12 17:43:50.533: debug: Signing completed after 0s. -2008-06-12 17:43:50.533: debug: -2008-06-12 17:43:50.533: debug: parsing zone "example.net." in dir "./example.net." -2008-06-12 17:43:50.533: debug: Check RFC5011 status -2008-06-12 17:43:50.533: debug: ->ksk5011status returns 2 -2008-06-12 17:43:50.533: debug: Re-signing necessary: Option -f -2008-06-12 17:43:50.533: notice: "example.net.": re-signing triggered: Option -f -2008-06-12 17:43:50.533: debug: Writing key file "./example.net./dnskey.db" -2008-06-12 17:43:50.534: debug: Incrementing serial number in file "./example.net./zone.db" -2008-06-12 17:43:50.534: debug: Signing zone "example.net." -2008-06-12 17:43:50.534: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o example.net. -e +518400 -g zone.db K*.private" -2008-06-12 17:43:50.645: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-06-12 17:43:50.645: debug: Signing completed after 0s. -2008-06-12 17:43:50.645: debug: -2008-06-12 17:43:50.645: notice: end of run: 0 errors occured -2008-06-12 17:49:43.188: notice: running as ../../dnssec-signer -O verboselog: 2 -v -v -2008-06-12 17:49:43.190: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-06-12 17:49:43.190: debug: Check RFC5011 status -2008-06-12 17:49:43.190: debug: ->ksk5011status returns 0 -2008-06-12 17:49:43.190: debug: Check ksk status -2008-06-12 17:49:43.190: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d9h25m19s -2008-06-12 17:49:43.190: debug: Re-signing not necessary! -2008-06-12 17:49:43.190: debug: parsing zone "example.net." in dir "./example.net." -2008-06-12 17:49:43.190: debug: Check RFC5011 status -2008-06-12 17:49:43.190: debug: ->ksk5011status returns 2 -2008-06-12 17:49:43.190: debug: Re-signing not necessary! -2008-06-12 17:49:43.190: notice: end of run: 0 errors occured -2008-06-12 17:50:09.325: notice: running as ../../dnssec-signer -v -v -2008-06-12 17:50:09.327: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-06-12 17:50:09.327: debug: Check RFC5011 status -2008-06-12 17:50:09.327: debug: ->ksk5011status returns 0 -2008-06-12 17:50:09.327: debug: Check ksk status -2008-06-12 17:50:09.327: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d9h25m45s -2008-06-12 17:50:09.327: debug: Re-signing not necessary! -2008-06-12 17:50:09.327: debug: parsing zone "example.net." in dir "./example.net." -2008-06-12 17:50:09.327: debug: Check RFC5011 status -2008-06-12 17:50:09.327: debug: ->ksk5011status returns 2 -2008-06-12 17:50:09.327: debug: Re-signing not necessary! -2008-06-12 17:50:09.327: notice: end of run: 0 errors occured -2008-06-12 17:52:29.309: notice: running as ../../dnssec-signer -v -v -2008-06-12 17:52:29.311: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-06-12 17:52:29.312: debug: Check RFC5011 status -2008-06-12 17:52:29.312: debug: ->ksk5011status returns 0 -2008-06-12 17:52:29.312: debug: Check ksk status -2008-06-12 17:52:29.312: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d9h28m5s -2008-06-12 17:52:29.312: debug: Re-signing not necessary! -2008-06-12 17:52:29.312: debug: parsing zone "example.net." in dir "./example.net." -2008-06-12 17:52:29.313: debug: Check RFC5011 status -2008-06-12 17:52:29.313: debug: ->ksk5011status returns 2 -2008-06-12 17:52:29.313: debug: Re-signing not necessary! -2008-06-12 17:52:29.313: notice: end of run: 0 errors occured -2008-06-12 18:24:57.405: notice: running as ../../dnssec-signer -v -v -2008-06-12 18:24:57.409: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-06-12 18:24:57.409: debug: Check RFC5011 status -2008-06-12 18:24:57.409: debug: ->ksk5011status returns 0 -2008-06-12 18:24:57.409: debug: Check ksk status -2008-06-12 18:24:57.409: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d10h33s -2008-06-12 18:24:57.409: debug: Re-signing not necessary! -2008-06-12 18:24:57.409: debug: parsing zone "example.net." in dir "./example.net." -2008-06-12 18:24:57.409: debug: Check RFC5011 status -2008-06-12 18:24:57.409: debug: ->ksk5011status returns 2 -2008-06-12 18:24:57.410: debug: Re-signing not necessary! -2008-06-12 18:24:57.410: notice: end of run: 0 errors occured -2008-06-16 23:12:32.309: notice: -2008-06-16 23:12:32.309: notice: running as ../../dnssec-signer -v -v -2008-06-16 23:12:32.654: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-06-16 23:12:32.654: debug: Check RFC5011 status -2008-06-16 23:12:32.654: debug: ->ksk5011status returns 0 -2008-06-16 23:12:32.654: debug: Check ksk status -2008-06-16 23:12:32.654: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 28w3d14h48m8s -2008-06-16 23:12:32.654: debug: Lifetime(259200 +/-150 sec) of active key 44833 exceeded (433964 sec) -2008-06-16 23:12:32.654: debug: ->depreciate it -2008-06-16 23:12:32.654: debug: ->activate pre-publish key 55267 -2008-06-16 23:12:32.654: notice: "sub.example.net.": lifetime of zone signing key 55267 exceeded since 2d32m44s: ZSK rollover done -2008-06-16 23:12:32.654: debug: New pre-publish key needed -2008-06-16 23:12:32.790: debug: ->creating new pre-publish key 56149 -2008-06-16 23:12:32.791: debug: Re-signing necessary: New zone key -2008-06-16 23:12:32.791: notice: "sub.example.net.": re-signing triggered: New zone key -2008-06-16 23:12:32.791: debug: Writing key file "./sub.example.net./dnskey.db" -2008-06-16 23:12:32.792: debug: Signing zone "sub.example.net." -2008-06-16 23:12:32.792: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o sub.example.net. -e +172800 -g -l dlv.trusted-keys.de -N unixtime zone.db K*.private" -2008-06-16 23:12:33.022: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-06-16 23:12:33.022: debug: Signing completed after 1s. -2008-06-16 23:12:33.022: debug: -2008-06-16 23:12:33.023: debug: parsing zone "example.net." in dir "./example.net." -2008-06-16 23:12:33.023: debug: Check RFC5011 status -2008-06-16 23:12:33.023: debug: ->ksk5011status returns 2 -2008-06-16 23:12:33.023: debug: Re-signing necessary: re-signing interval (2d) reached -2008-06-16 23:12:33.023: notice: "example.net.": re-signing triggered: re-signing interval (2d) reached -2008-06-16 23:12:33.023: debug: Writing key file "./example.net./dnskey.db" -2008-06-16 23:12:33.024: debug: Incrementing serial number in file "./example.net./zone.db" -2008-06-16 23:12:33.024: debug: Signing zone "example.net." -2008-06-16 23:12:33.024: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o example.net. -e +518400 -g zone.db K*.private" -2008-06-16 23:12:33.169: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-06-16 23:12:33.170: debug: Signing completed after 0s. -2008-06-16 23:12:33.170: debug: -2008-06-16 23:12:33.170: notice: end of run: 0 errors occured -2008-06-16 23:13:24.119: notice: ===> running as ../../dnssec-signer -v -v <=== -2008-06-16 23:13:24.121: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-06-16 23:13:24.121: debug: Check RFC5011 status -2008-06-16 23:13:24.121: debug: ->ksk5011status returns 0 -2008-06-16 23:13:24.121: debug: Check ksk status -2008-06-16 23:13:24.121: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 28w3d14h49m -2008-06-16 23:13:24.121: debug: Re-signing not necessary! -2008-06-16 23:13:24.121: debug: parsing zone "example.net." in dir "./example.net." -2008-06-16 23:13:24.121: debug: Check RFC5011 status -2008-06-16 23:13:24.121: debug: ->ksk5011status returns 2 -2008-06-16 23:13:24.121: debug: Re-signing not necessary! -2008-06-16 23:13:24.121: notice: end of run: 0 errors occured -2008-06-16 23:13:56.970: notice: =====> running as ../../dnssec-signer -v -v <===== -2008-06-16 23:13:56.972: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-06-16 23:13:56.972: debug: Check RFC5011 status -2008-06-16 23:13:56.972: debug: ->ksk5011status returns 0 -2008-06-16 23:13:56.972: debug: Check ksk status -2008-06-16 23:13:56.973: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 28w3d14h49m32s -2008-06-16 23:13:56.973: debug: Re-signing not necessary! -2008-06-16 23:13:56.973: debug: parsing zone "example.net." in dir "./example.net." -2008-06-16 23:13:56.973: debug: Check RFC5011 status -2008-06-16 23:13:56.973: debug: ->ksk5011status returns 2 -2008-06-16 23:13:56.973: debug: Re-signing not necessary! -2008-06-16 23:13:56.973: notice: end of run: 0 errors occured -2008-06-16 23:15:16.980: notice: ------------------------------------------------------------ -2008-06-16 23:15:16.982: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-06-16 23:15:16.982: debug: Check RFC5011 status -2008-06-16 23:15:16.982: debug: ->ksk5011status returns 0 -2008-06-16 23:15:16.982: debug: Check ksk status -2008-06-16 23:15:16.982: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 28w3d14h50m52s -2008-06-16 23:15:16.982: debug: Re-signing not necessary! -2008-06-16 23:15:16.982: debug: parsing zone "example.net." in dir "./example.net." -2008-06-16 23:15:16.982: debug: Check RFC5011 status -2008-06-16 23:15:16.982: debug: ->ksk5011status returns 2 -2008-06-16 23:15:16.982: debug: Re-signing not necessary! -2008-06-16 23:15:16.983: notice: end of run: 0 errors occured -2008-06-16 23:18:48.101: notice: ------------------------------------------------------------ -2008-06-16 23:18:48.101: notice: running as ../../dnssec-signer -v -v -2008-06-16 23:18:48.103: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-06-16 23:18:48.103: debug: Check RFC5011 status -2008-06-16 23:18:48.103: debug: ->ksk5011status returns 0 -2008-06-16 23:18:48.103: debug: Check ksk status -2008-06-16 23:18:48.103: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 28w3d14h54m24s -2008-06-16 23:18:48.103: debug: Re-signing not necessary! -2008-06-16 23:18:48.103: debug: -2008-06-16 23:18:48.103: debug: parsing zone "example.net." in dir "./example.net." -2008-06-16 23:18:48.104: debug: Check RFC5011 status -2008-06-16 23:18:48.104: debug: ->ksk5011status returns 2 -2008-06-16 23:18:48.104: debug: Re-signing not necessary! -2008-06-16 23:18:48.104: debug: -2008-06-16 23:18:48.104: notice: end of run: 0 errors occured -2008-06-24 14:55:16.347: notice: ------------------------------------------------------------ -2008-06-24 14:55:16.347: notice: running ../../dnssec-signer -v -v -2008-06-24 14:55:16.349: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-06-24 14:55:16.349: debug: Check RFC5011 status -2008-06-24 14:55:16.349: debug: ->ksk5011status returns 0 -2008-06-24 14:55:16.349: debug: Check ksk status -2008-06-24 14:55:16.349: debug: Lifetime(390 sec) of depreciated key 44833 exceeded (483774 sec) -2008-06-24 14:55:16.350: debug: ->remove it -2008-06-24 14:55:16.350: debug: Lifetime(259200 +/-150 sec) of active key 55267 exceeded (483774 sec) -2008-06-24 14:55:16.350: debug: ->depreciate it -2008-06-24 14:55:16.350: debug: ->activate pre-publish key 56149 -2008-06-24 14:55:16.350: notice: "sub.example.net.": lifetime of zone signing key 55267 exceeded: ZSK rollover done -2008-06-24 14:55:16.350: notice: "sub.example.net.": lifetime of zone signing key 56149 exceeded since 2d14h22m54s: ZSK rollover deferred: waiting for pre-publish key -2008-06-24 14:55:16.350: debug: New pre-publish key needed -2008-06-24 14:55:16.532: debug: ->creating new pre-publish key 2338 -2008-06-24 14:55:16.532: debug: Re-signing necessary: New zone key -2008-06-24 14:55:16.533: notice: "sub.example.net.": re-signing triggered: New zone key -2008-06-24 14:55:16.533: debug: Writing key file "./sub.example.net./dnskey.db" -2008-06-24 14:55:16.533: debug: Signing zone "sub.example.net." -2008-06-24 14:55:16.533: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o sub.example.net. -e +172800 -g -l dlv.trusted-keys.de -N unixtime zone.db K*.private" -2008-06-24 14:55:16.776: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-06-24 14:55:16.776: debug: Signing completed after 0s. -2008-06-24 14:55:16.776: debug: -2008-06-24 14:55:16.776: debug: parsing zone "example.net." in dir "./example.net." -2008-06-24 14:55:16.776: debug: Check RFC5011 status -2008-06-24 14:55:16.776: debug: ->ksk5011status returns 2 -2008-06-24 14:55:16.776: debug: Re-signing necessary: re-signing interval (2d) reached -2008-06-24 14:55:16.776: notice: "example.net.": re-signing triggered: re-signing interval (2d) reached -2008-06-24 14:55:16.776: debug: Writing key file "./example.net./dnskey.db" -2008-06-24 14:55:16.777: debug: Incrementing serial number in file "./example.net./zone.db" -2008-06-24 14:55:16.777: debug: Signing zone "example.net." -2008-06-24 14:55:16.777: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o example.net. -e +518400 -g zone.db K*.private" -2008-06-24 14:55:16.922: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-06-24 14:55:16.922: debug: Signing completed after 0s. -2008-06-24 14:55:16.922: debug: -2008-06-24 14:55:16.922: notice: end of run: 0 errors occured -2008-06-24 14:57:56.093: notice: ------------------------------------------------------------ -2008-06-24 14:57:56.094: notice: running ../../dnssec-signer -v -v -2008-06-24 14:57:56.096: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-06-24 14:57:56.096: debug: Check RFC5011 status -2008-06-24 14:57:56.096: debug: ->ksk5011status returns 0 -2008-06-24 14:57:56.096: debug: Check ksk status -2008-06-24 14:57:56.097: debug: Re-signing not necessary! -2008-06-24 14:57:56.097: debug: -2008-06-24 14:57:56.097: debug: parsing zone "example.net." in dir "./example.net." -2008-06-24 14:57:56.097: debug: Check RFC5011 status -2008-06-24 14:57:56.097: debug: ->ksk5011status returns 2 -2008-06-24 14:57:56.097: debug: Re-signing not necessary! -2008-06-24 14:57:56.097: debug: -2008-06-24 14:57:56.098: notice: end of run: 0 errors occured -2008-06-24 23:26:12.632: notice: ------------------------------------------------------------ -2008-06-24 23:26:12.632: notice: running ../../dnssec-signer -v -v -2008-06-24 23:26:12.648: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-06-24 23:26:12.648: debug: Check RFC5011 status -2008-06-24 23:26:12.648: debug: ->ksk5011status returns 0 -2008-06-24 23:26:12.648: debug: Check ksk status -2008-06-24 23:26:12.648: debug: Lifetime(390 sec) of depreciated key 55267 exceeded (30656 sec) -2008-06-24 23:26:12.648: debug: ->remove it -2008-06-24 23:26:12.648: debug: Re-signing necessary: New zone key -2008-06-24 23:26:12.649: notice: "sub.example.net.": re-signing triggered: New zone key -2008-06-24 23:26:12.649: debug: Writing key file "./sub.example.net./dnskey.db" -2008-06-24 23:26:12.655: debug: Signing zone "sub.example.net." -2008-06-24 23:26:12.655: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o sub.example.net. -e +172800 -g -l dlv.trusted-keys.de -N unixtime zone.db K*.private" -2008-06-24 23:26:13.030: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-06-24 23:26:13.030: debug: Signing completed after 1s. -2008-06-24 23:26:13.030: debug: -2008-06-24 23:26:13.030: debug: parsing zone "example.net." in dir "./example.net." -2008-06-24 23:26:13.030: debug: Check RFC5011 status -2008-06-24 23:26:13.030: debug: ->ksk5011status returns 2 -2008-06-24 23:26:13.030: debug: Re-signing not necessary! -2008-06-24 23:26:13.030: debug: -2008-06-24 23:26:13.030: notice: end of run: 0 errors occured -2008-07-08 00:53:55.013: notice: ------------------------------------------------------------ -2008-07-08 00:53:55.013: notice: running ../../dnssec-signer -v -v -2008-07-08 00:53:55.015: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-07-08 00:53:55.015: debug: Check RFC5011 status -2008-07-08 00:53:55.015: debug: ->ksk5011status returns 0 -2008-07-08 00:53:55.015: debug: Check KSK status -2008-07-08 00:53:55.015: debug: Check ZSK status -2008-07-08 00:53:55.015: debug: Lifetime(259200 +/-150 sec) of active key 56149 exceeded (1159119 sec) -2008-07-08 00:53:55.015: debug: ->depreciate it -2008-07-08 00:53:55.015: debug: ->activate pre-publish key 2338 -2008-07-08 00:53:55.018: notice: "sub.example.net.": lifetime of zone signing key 56149 exceeded: ZSK rollover done -2008-07-08 00:53:55.018: debug: New pre-publish key needed -2008-07-08 00:53:55.547: debug: ->creating new pre-publish key 9198 -2008-07-08 00:53:55.547: info: "sub.example.net.": new pre-publish key 9198 created -2008-07-08 00:53:55.547: debug: Re-signing necessary: New zone key -2008-07-08 00:53:55.548: notice: "sub.example.net.": re-signing triggered: New zone key -2008-07-08 00:53:55.548: debug: Writing key file "./sub.example.net./dnskey.db" -2008-07-08 00:53:55.578: debug: Signing zone "sub.example.net." -2008-07-08 00:53:55.578: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" -2008-07-08 00:53:55.708: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-08 00:53:55.708: debug: Signing completed after 0s. -2008-07-08 00:53:55.708: debug: -2008-07-08 00:53:55.708: debug: parsing zone "example.net." in dir "./example.net." -2008-07-08 00:53:55.708: debug: Check RFC5011 status -2008-07-08 00:53:55.708: debug: ->ksk5011status returns 2 -2008-07-08 00:53:55.708: debug: Check ZSK status -2008-07-08 00:53:55.708: debug: Lifetime(1209600 +/-150 sec) of active key 14939 exceeded (1642893 sec) -2008-07-08 00:53:55.708: debug: ->waiting for pre-publish key -2008-07-08 00:53:55.708: notice: "example.net.": lifetime of zone signing key 14939 exceeded since 5d21m33s: ZSK rollover deferred: waiting for pre-publish key -2008-07-08 00:53:55.708: debug: New pre-publish key needed -2008-07-08 00:53:55.747: debug: ->creating new pre-publish key 16682 -2008-07-08 00:53:55.747: info: "example.net.": new pre-publish key 16682 created -2008-07-08 00:53:55.747: debug: Re-signing necessary: New zone key -2008-07-08 00:53:55.747: notice: "example.net.": re-signing triggered: New zone key -2008-07-08 00:53:55.747: debug: Writing key file "./example.net./dnskey.db" -2008-07-08 00:53:55.748: debug: Incrementing serial number in file "./example.net./zone.db" -2008-07-08 00:53:55.748: debug: Signing zone "example.net." -2008-07-08 00:53:55.748: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" -2008-07-08 00:53:55.899: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-08 00:53:55.899: debug: Signing completed after 0s. -2008-07-08 00:53:55.899: debug: -2008-07-08 00:53:55.899: notice: end of run: 0 errors occured -2008-07-08 00:53:57.597: notice: ------------------------------------------------------------ -2008-07-08 00:53:57.597: notice: running ../../dnssec-signer -v -v -2008-07-08 00:53:57.599: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-07-08 00:53:57.599: debug: Check RFC5011 status -2008-07-08 00:53:57.599: debug: ->ksk5011status returns 0 -2008-07-08 00:53:57.599: debug: Check KSK status -2008-07-08 00:53:57.599: debug: Check ZSK status -2008-07-08 00:53:57.599: debug: Re-signing not necessary! -2008-07-08 00:53:57.599: debug: Check if there is a parent file to copy -2008-07-08 00:53:57.599: debug: -2008-07-08 00:53:57.599: debug: parsing zone "example.net." in dir "./example.net." -2008-07-08 00:53:57.599: debug: Check RFC5011 status -2008-07-08 00:53:57.599: debug: ->ksk5011status returns 2 -2008-07-08 00:53:57.599: debug: Check ZSK status -2008-07-08 00:53:57.599: debug: Lifetime(1209600 +/-150 sec) of active key 14939 exceeded (1642895 sec) -2008-07-08 00:53:57.599: debug: ->waiting for pre-publish key -2008-07-08 00:53:57.600: notice: "example.net.": lifetime of zone signing key 14939 exceeded since 5d21m35s: ZSK rollover deferred: waiting for pre-publish key -2008-07-08 00:53:57.600: debug: Re-signing not necessary! -2008-07-08 00:53:57.600: debug: Check if there is a parent file to copy -2008-07-08 00:53:57.600: debug: -2008-07-08 00:53:57.600: notice: end of run: 0 errors occured -2008-07-08 20:28:20.476: notice: ------------------------------------------------------------ -2008-07-08 20:28:20.476: notice: running ../../dnssec-signer -v -v -N named.conf -2008-07-08 20:28:20.476: debug: parsing zone "sub.example.net." in dir "././sub.example.net." -2008-07-08 20:28:20.476: debug: Check RFC5011 status -2008-07-08 20:28:20.476: debug: ->ksk5011status returns 0 -2008-07-08 20:28:20.476: debug: Check KSK status -2008-07-08 20:28:20.476: debug: Check ZSK status -2008-07-08 20:28:20.476: debug: Lifetime(390 sec) of depreciated key 56149 exceeded (70465 sec) -2008-07-08 20:28:20.476: info: "sub.example.net.": removed old ZSK 56149 - -2008-07-08 20:28:20.656: debug: ->remove it -2008-07-08 20:28:20.656: debug: Re-signing necessary: New zone key -2008-07-08 20:28:20.656: notice: "sub.example.net.": re-signing triggered: New zone key -2008-07-08 20:28:20.656: debug: Writing key file "././sub.example.net./dnskey.db" -2008-07-08 20:28:20.656: debug: Signing zone "sub.example.net." -2008-07-08 20:28:20.656: debug: Run cmd "cd ././sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" -2008-07-08 20:28:20.990: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-08 20:28:20.990: debug: Signing completed after 0s. -2008-07-08 20:28:20.990: debug: -2008-07-08 20:28:20.990: debug: parsing zone "example.net." in dir "././example.net." -2008-07-08 20:28:20.990: debug: Check RFC5011 status -2008-07-08 20:28:20.990: debug: ->ksk5011status returns 2 -2008-07-08 20:28:20.990: debug: Check ZSK status -2008-07-08 20:28:20.990: debug: Lifetime(1209600 +/-150 sec) of active key 14939 exceeded (1713358 sec) -2008-07-08 20:28:20.990: debug: ->depreciate it -2008-07-08 20:28:20.990: debug: ->activate pre-publish key 16682 -2008-07-08 20:28:20.990: notice: "example.net.": lifetime of zone signing key 14939 exceeded: ZSK rollover done -2008-07-08 20:28:20.990: debug: Re-signing necessary: New zone key -2008-07-08 20:28:20.990: notice: "example.net.": re-signing triggered: New zone key -2008-07-08 20:28:20.990: debug: Writing key file "././example.net./dnskey.db" -2008-07-08 20:28:20.991: debug: Incrementing serial number in file "././example.net./zone.db" -2008-07-08 20:28:20.991: debug: Signing zone "example.net." -2008-07-08 20:28:20.991: debug: Run cmd "cd ././example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" -2008-07-08 20:28:21.112: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-08 20:28:21.112: debug: Signing completed after 1s. -2008-07-08 20:28:21.112: debug: -2008-07-08 20:28:21.113: notice: end of run: 0 errors occured -2008-07-08 20:32:23.121: notice: ------------------------------------------------------------ -2008-07-08 20:32:23.121: notice: running ../../dnssec-signer -v -v -2008-07-08 20:32:23.123: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-07-08 20:32:23.123: debug: Check RFC5011 status -2008-07-08 20:32:23.124: debug: ->ksk5011status returns 0 -2008-07-08 20:32:23.124: debug: Check KSK status -2008-07-08 20:32:23.124: debug: Check ZSK status -2008-07-08 20:32:23.124: debug: Re-signing not necessary! -2008-07-08 20:32:23.124: debug: Check if there is a parent file to copy -2008-07-08 20:32:23.124: debug: -2008-07-08 20:32:23.124: debug: parsing zone "example.net." in dir "./example.net." -2008-07-08 20:32:23.124: debug: Check RFC5011 status -2008-07-08 20:32:23.124: debug: ->ksk5011status returns 2 -2008-07-08 20:32:23.124: debug: Check ZSK status -2008-07-08 20:32:23.124: debug: Re-signing not necessary! -2008-07-08 20:32:23.124: debug: Check if there is a parent file to copy -2008-07-08 20:32:23.124: debug: -2008-07-08 20:32:23.124: notice: end of run: 0 errors occured -2008-07-08 20:32:30.246: notice: ------------------------------------------------------------ -2008-07-08 20:32:30.246: notice: running ../../dnssec-signer -v -v -N named.conf -2008-07-08 20:32:30.246: debug: parsing zone "sub.example.net." in dir "././sub.example.net." -2008-07-08 20:32:30.246: debug: Check RFC5011 status -2008-07-08 20:32:30.246: debug: ->ksk5011status returns 0 -2008-07-08 20:32:30.246: debug: Check KSK status -2008-07-08 20:32:30.246: debug: Check ZSK status -2008-07-08 20:32:30.246: debug: Re-signing not necessary! -2008-07-08 20:32:30.246: debug: Check if there is a parent file to copy -2008-07-08 20:32:30.246: debug: -2008-07-08 20:32:30.246: debug: parsing zone "example.net." in dir "././example.net." -2008-07-08 20:32:30.246: debug: Check RFC5011 status -2008-07-08 20:32:30.246: debug: ->ksk5011status returns 2 -2008-07-08 20:32:30.247: debug: Check ZSK status -2008-07-08 20:32:30.247: debug: Re-signing not necessary! -2008-07-08 20:32:30.247: debug: Check if there is a parent file to copy -2008-07-08 20:32:30.247: debug: -2008-07-08 20:32:30.247: notice: end of run: 0 errors occured -2008-07-08 20:35:51.512: notice: ------------------------------------------------------------ -2008-07-08 20:35:51.512: notice: running ../../dnssec-signer -v -v -N named.conf -2008-07-08 20:35:51.512: debug: parsing zone "sub.example.net." in dir "././sub.example.net." -2008-07-08 20:35:51.512: debug: Check RFC5011 status -2008-07-08 20:35:51.512: debug: ->ksk5011status returns 0 -2008-07-08 20:35:51.513: debug: Check KSK status -2008-07-08 20:35:51.513: debug: Check ZSK status -2008-07-08 20:35:51.513: debug: Re-signing not necessary! -2008-07-08 20:35:51.513: debug: Check if there is a parent file to copy -2008-07-08 20:35:51.513: debug: -2008-07-08 20:35:51.513: debug: parsing zone "example.net." in dir "././example.net." -2008-07-08 20:35:51.513: debug: Check RFC5011 status -2008-07-08 20:35:51.513: debug: ->ksk5011status returns 2 -2008-07-08 20:35:51.513: debug: Check ZSK status -2008-07-08 20:35:51.513: debug: Re-signing not necessary! -2008-07-08 20:35:51.513: debug: Check if there is a parent file to copy -2008-07-08 20:35:51.513: debug: -2008-07-08 20:35:51.513: notice: end of run: 0 errors occured -2008-07-08 20:37:16.569: notice: ------------------------------------------------------------ -2008-07-08 20:37:16.569: notice: running ../../dnssec-signer -v -v -N named.conf -2008-07-08 20:37:16.569: debug: parsing zone "sub.example.net." in dir "././sub.example.net." -2008-07-08 20:37:16.569: debug: Check RFC5011 status -2008-07-08 20:37:16.569: debug: ->ksk5011status returns 0 -2008-07-08 20:37:16.570: debug: Check KSK status -2008-07-08 20:37:16.570: debug: Check ZSK status -2008-07-08 20:37:16.570: debug: Re-signing not necessary! -2008-07-08 20:37:16.570: debug: Check if there is a parent file to copy -2008-07-08 20:37:16.570: debug: -2008-07-08 20:37:16.570: debug: parsing zone "example.net." in dir "././example.net." -2008-07-08 20:37:16.570: debug: Check RFC5011 status -2008-07-08 20:37:16.570: debug: ->ksk5011status returns 2 -2008-07-08 20:37:16.570: debug: Check ZSK status -2008-07-08 20:37:16.570: debug: Re-signing not necessary! -2008-07-08 20:37:16.570: debug: Check if there is a parent file to copy -2008-07-08 20:37:16.570: debug: -2008-07-08 20:37:16.570: notice: end of run: 0 errors occured -2008-07-08 20:37:29.134: notice: ------------------------------------------------------------ -2008-07-08 20:37:29.134: notice: running ../../dnssec-signer -v -v -2008-07-08 20:37:29.137: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-07-08 20:37:29.137: debug: Check RFC5011 status -2008-07-08 20:37:29.137: debug: ->ksk5011status returns 0 -2008-07-08 20:37:29.137: debug: Check KSK status -2008-07-08 20:37:29.137: debug: Check ZSK status -2008-07-08 20:37:29.137: debug: Re-signing not necessary! -2008-07-08 20:37:29.138: debug: Check if there is a parent file to copy -2008-07-08 20:37:29.138: debug: -2008-07-08 20:37:29.138: debug: parsing zone "example.net." in dir "./example.net." -2008-07-08 20:37:29.138: debug: Check RFC5011 status -2008-07-08 20:37:29.138: debug: ->ksk5011status returns 2 -2008-07-08 20:37:29.138: debug: Check ZSK status -2008-07-08 20:37:29.138: debug: Re-signing not necessary! -2008-07-08 20:37:29.139: debug: Check if there is a parent file to copy -2008-07-08 20:37:29.139: debug: -2008-07-08 20:37:29.139: notice: end of run: 0 errors occured -2008-07-08 20:39:39.895: notice: ------------------------------------------------------------ -2008-07-08 20:39:39.895: notice: running ../../dnssec-signer -N named.conf -v -v -2008-07-08 20:39:39.895: debug: parsing zone "sub.example.net." in dir "././sub.example.net." -2008-07-08 20:39:39.895: debug: Check RFC5011 status -2008-07-08 20:39:39.895: debug: ->ksk5011status returns 0 -2008-07-08 20:39:39.895: debug: Check KSK status -2008-07-08 20:39:39.895: debug: Check ZSK status -2008-07-08 20:39:39.895: debug: Re-signing not necessary! -2008-07-08 20:39:39.895: debug: Check if there is a parent file to copy -2008-07-08 20:39:39.895: debug: -2008-07-08 20:39:39.895: debug: parsing zone "example.net." in dir "././example.net." -2008-07-08 20:39:39.895: debug: Check RFC5011 status -2008-07-08 20:39:39.895: debug: ->ksk5011status returns 2 -2008-07-08 20:39:39.895: debug: Check ZSK status -2008-07-08 20:39:39.895: debug: Re-signing not necessary! -2008-07-08 20:39:39.895: debug: Check if there is a parent file to copy -2008-07-08 20:39:39.895: debug: -2008-07-08 20:39:39.895: notice: end of run: 0 errors occured -2008-07-08 20:42:54.377: notice: ------------------------------------------------------------ -2008-07-08 20:42:54.377: notice: running ../../dnssec-signer -v -v -D . -2008-07-08 20:42:54.377: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-07-08 20:42:54.377: debug: Check RFC5011 status -2008-07-08 20:42:54.377: debug: ->ksk5011status returns 0 -2008-07-08 20:42:54.377: debug: Check KSK status -2008-07-08 20:42:54.377: debug: Check ZSK status -2008-07-08 20:42:54.377: debug: Re-signing not necessary! -2008-07-08 20:42:54.377: debug: Check if there is a parent file to copy -2008-07-08 20:42:54.377: debug: -2008-07-08 20:42:54.377: debug: parsing zone "example.net." in dir "./example.net." -2008-07-08 20:42:54.378: debug: Check RFC5011 status -2008-07-08 20:42:54.378: debug: ->ksk5011status returns 2 -2008-07-08 20:42:54.378: debug: Check ZSK status -2008-07-08 20:42:54.378: debug: Re-signing not necessary! -2008-07-08 20:42:54.378: debug: Check if there is a parent file to copy -2008-07-08 20:42:54.378: debug: -2008-07-08 20:42:54.378: notice: end of run: 0 errors occured -2008-07-08 20:53:40.414: notice: ------------------------------------------------------------ -2008-07-08 20:53:40.414: notice: running ../../dnssec-signer -v -v -D . -2008-07-08 20:53:40.417: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-07-08 20:53:40.417: debug: Check RFC5011 status -2008-07-08 20:53:40.417: debug: ->ksk5011status returns 0 -2008-07-08 20:53:40.417: debug: Check KSK status -2008-07-08 20:53:40.417: debug: Check ZSK status -2008-07-08 20:53:40.417: debug: Re-signing not necessary! -2008-07-08 20:53:40.417: debug: Check if there is a parent file to copy -2008-07-08 20:53:40.417: debug: -2008-07-08 20:53:40.417: debug: parsing zone "example.net." in dir "./example.net." -2008-07-08 20:53:40.417: debug: Check RFC5011 status -2008-07-08 20:53:40.417: debug: ->ksk5011status returns 2 -2008-07-08 20:53:40.417: debug: Check ZSK status -2008-07-08 20:53:40.417: debug: Re-signing not necessary! -2008-07-08 20:53:40.418: debug: Check if there is a parent file to copy -2008-07-08 20:53:40.418: debug: -2008-07-08 20:53:40.418: notice: end of run: 0 errors occured -2008-07-08 20:53:49.488: notice: ------------------------------------------------------------ -2008-07-08 20:53:49.488: notice: running ../../dnssec-signer -v -v -N named.conf -2008-07-08 20:53:49.490: debug: parsing zone "sub.example.net." in dir "././sub.example.net." -2008-07-08 20:53:49.490: debug: Check RFC5011 status -2008-07-08 20:53:49.490: debug: ->ksk5011status returns 0 -2008-07-08 20:53:49.491: debug: Check KSK status -2008-07-08 20:53:49.491: debug: Check ZSK status -2008-07-08 20:53:49.491: debug: Re-signing not necessary! -2008-07-08 20:53:49.491: debug: Check if there is a parent file to copy -2008-07-08 20:53:49.491: debug: -2008-07-08 20:53:49.491: debug: parsing zone "example.net." in dir "././example.net." -2008-07-08 20:53:49.492: debug: Check RFC5011 status -2008-07-08 20:53:49.492: debug: ->ksk5011status returns 2 -2008-07-08 20:53:49.492: debug: Check ZSK status -2008-07-08 20:53:49.492: debug: Re-signing not necessary! -2008-07-08 20:53:49.492: debug: Check if there is a parent file to copy -2008-07-08 20:53:49.492: debug: -2008-07-08 20:53:49.492: notice: end of run: 0 errors occured -2008-07-09 00:42:08.103: notice: ------------------------------------------------------------ -2008-07-09 00:42:08.103: notice: running ../../dnssec-signer -v -v -2008-07-09 00:42:08.106: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-07-09 00:42:08.106: debug: Check RFC5011 status -2008-07-09 00:42:08.106: debug: ->ksk5011status returns 0 -2008-07-09 00:42:08.106: debug: Check KSK status -2008-07-09 00:42:08.106: debug: ksk_rollover -2008-07-09 00:42:08.106: debug: Check ZSK status -2008-07-09 00:42:08.106: debug: Re-signing not necessary! -2008-07-09 00:42:08.106: debug: Check if there is a parent file to copy -2008-07-09 00:42:08.106: debug: -2008-07-09 00:42:08.106: debug: parsing zone "example.net." in dir "./example.net." -2008-07-09 00:42:08.106: debug: Check RFC5011 status -2008-07-09 00:42:08.106: debug: ->ksk5011status returns 2 -2008-07-09 00:42:08.106: debug: Check ZSK status -2008-07-09 00:42:08.106: debug: Re-signing not necessary! -2008-07-09 00:42:08.106: debug: Check if there is a parent file to copy -2008-07-09 00:42:08.106: debug: -2008-07-09 00:42:08.106: notice: end of run: 0 errors occured -2008-07-09 00:45:19.663: notice: ------------------------------------------------------------ -2008-07-09 00:45:19.663: notice: running ../../dnssec-signer -v -v -2008-07-09 00:45:19.665: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-07-09 00:45:19.665: debug: Check RFC5011 status -2008-07-09 00:45:19.665: debug: ->ksk5011status returns 0 -2008-07-09 00:45:19.665: debug: Check KSK status -2008-07-09 00:45:19.665: debug: Check ZSK status -2008-07-09 00:45:19.665: debug: Re-signing not necessary! -2008-07-09 00:45:19.665: debug: Check if there is a parent file to copy -2008-07-09 00:45:19.665: debug: -2008-07-09 00:45:19.665: debug: parsing zone "example.net." in dir "./example.net." -2008-07-09 00:45:19.665: debug: Check RFC5011 status -2008-07-09 00:45:19.665: debug: ->ksk5011status returns 2 -2008-07-09 00:45:19.665: debug: Check ZSK status -2008-07-09 00:45:19.665: debug: Re-signing not necessary! -2008-07-09 00:45:19.665: debug: Check if there is a parent file to copy -2008-07-09 00:45:19.665: debug: -2008-07-09 00:45:19.665: notice: end of run: 0 errors occured -2008-07-09 23:46:12.682: notice: ------------------------------------------------------------ -2008-07-09 23:46:12.682: notice: running ../../dnssec-signer -v -v -D /home/hoz/named/dnssec-signer/zkt-0.97/examples/flat/ -2008-07-09 23:46:12.702: debug: parsing zone "sub.example.net." in dir "/home/hoz/named/dnssec-signer/zkt-0.97/examples/flat/sub.example.net." -2008-07-09 23:46:12.702: debug: Check RFC5011 status -2008-07-09 23:46:12.702: debug: ->ksk5011status returns 0 -2008-07-09 23:46:12.702: debug: Check KSK status -2008-07-09 23:46:12.702: debug: Check ZSK status -2008-07-09 23:46:12.702: debug: Re-signing necessary: re-signing interval (1d) reached -2008-07-09 23:46:12.702: notice: "sub.example.net.": re-signing triggered: re-signing interval (1d) reached -2008-07-09 23:46:12.702: debug: Writing key file "/home/hoz/named/dnssec-signer/zkt-0.97/examples/flat/sub.example.net./dnskey.db" -2008-07-09 23:46:12.702: debug: Signing zone "sub.example.net." -2008-07-09 23:46:12.702: debug: Run cmd "cd /home/hoz/named/dnssec-signer/zkt-0.97/examples/flat/sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" -2008-07-09 23:46:13.222: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-09 23:46:13.222: debug: Signing completed after 1s. -2008-07-09 23:46:13.222: debug: -2008-07-09 23:46:13.222: debug: parsing zone "example.net." in dir "/home/hoz/named/dnssec-signer/zkt-0.97/examples/flat/example.net." -2008-07-09 23:46:13.222: debug: Check RFC5011 status -2008-07-09 23:46:13.222: debug: ->ksk5011status returns 2 -2008-07-09 23:46:13.222: debug: Check ZSK status -2008-07-09 23:46:13.222: debug: Lifetime(29100 sec) of depreciated key 14939 exceeded (98273 sec) -2008-07-09 23:46:13.222: info: "example.net.": removed old ZSK 14939 - -2008-07-09 23:46:13.222: debug: ->remove it -2008-07-09 23:46:13.222: debug: Re-signing necessary: New zone key -2008-07-09 23:46:13.222: notice: "example.net.": re-signing triggered: New zone key -2008-07-09 23:46:13.222: debug: Writing key file "/home/hoz/named/dnssec-signer/zkt-0.97/examples/flat/example.net./dnskey.db" -2008-07-09 23:46:13.223: debug: Incrementing serial number in file "/home/hoz/named/dnssec-signer/zkt-0.97/examples/flat/example.net./zone.db" -2008-07-09 23:46:13.223: debug: Signing zone "example.net." -2008-07-09 23:46:13.223: debug: Run cmd "cd /home/hoz/named/dnssec-signer/zkt-0.97/examples/flat/example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" -2008-07-09 23:46:13.374: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-09 23:46:13.374: debug: Signing completed after 0s. -2008-07-09 23:46:13.374: debug: -2008-07-09 23:46:13.374: notice: end of run: 0 errors occured -2008-07-15 00:21:04.641: notice: ------------------------------------------------------------ -2008-07-15 00:21:04.641: notice: running ../../dnssec-signer -r -v -v -2008-07-15 00:21:05.071: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-07-15 00:21:05.071: debug: Check RFC5011 status -2008-07-15 00:21:05.071: debug: ->ksk5011status returns 0 -2008-07-15 00:21:05.071: debug: Check KSK status -2008-07-15 00:21:05.071: debug: Check ZSK status -2008-07-15 00:21:05.071: debug: Lifetime(259200 +/-150 sec) of active key 2338 exceeded (602830 sec) -2008-07-15 00:21:05.071: debug: ->depreciate it -2008-07-15 00:21:05.072: debug: ->activate published key 9198 -2008-07-15 00:21:05.072: notice: "sub.example.net.": lifetime of zone signing key 2338 exceeded: ZSK rollover done -2008-07-15 00:21:05.072: debug: New published key needed -2008-07-15 00:21:05.128: debug: ->creating new published key 8397 -2008-07-15 00:21:05.128: info: "sub.example.net.": new published key 8397 created -2008-07-15 00:21:05.128: debug: Re-signing necessary: New zone key -2008-07-15 00:21:05.128: notice: "sub.example.net.": re-signing triggered: New zone key -2008-07-15 00:21:05.129: debug: Writing key file "./sub.example.net./dnskey.db" -2008-07-15 00:21:05.129: debug: Signing zone "sub.example.net." -2008-07-15 00:21:05.129: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" -2008-07-15 00:21:05.274: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-15 00:21:05.274: debug: Signing completed after 0s. -2008-07-15 00:21:05.274: notice: "sub.example.net.": distribution triggered -2008-07-15 00:21:05.275: debug: Distribute zone "sub.example.net." -2008-07-15 00:21:05.275: debug: Run cmd "./dist.sh reload sub.example.net." -2008-07-15 00:21:05.279: debug: -2008-07-15 00:21:05.279: debug: parsing zone "example.net." in dir "./example.net." -2008-07-15 00:21:05.279: debug: Check RFC5011 status -2008-07-15 00:21:05.279: debug: ->ksk5011status returns 2 -2008-07-15 00:21:05.279: debug: Check ZSK status -2008-07-15 00:21:05.279: debug: Re-signing necessary: re-signing interval (2d) reached -2008-07-15 00:21:05.279: notice: "example.net.": re-signing triggered: re-signing interval (2d) reached -2008-07-15 00:21:05.279: debug: Writing key file "./example.net./dnskey.db" -2008-07-15 00:21:05.280: debug: Incrementing serial number in file "./example.net./zone.db" -2008-07-15 00:21:05.280: debug: Signing zone "example.net." -2008-07-15 00:21:05.280: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" -2008-07-15 00:21:05.418: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-15 00:21:05.419: debug: Signing completed after 0s. -2008-07-15 00:21:05.419: notice: "example.net.": distribution triggered -2008-07-15 00:21:05.419: debug: Distribute zone "example.net." -2008-07-15 00:21:05.419: debug: Run cmd "./dist.sh reload example.net." -2008-07-15 00:21:05.423: debug: -2008-07-15 00:21:05.423: notice: end of run: 0 errors occured -2008-07-15 00:21:18.128: notice: ------------------------------------------------------------ -2008-07-15 00:21:18.128: notice: running ../../dnssec-signer -r -v -v -2008-07-15 00:21:18.130: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-07-15 00:21:18.130: debug: Check RFC5011 status -2008-07-15 00:21:18.130: debug: ->ksk5011status returns 0 -2008-07-15 00:21:18.130: debug: Check KSK status -2008-07-15 00:21:18.130: debug: Check ZSK status -2008-07-15 00:21:18.130: debug: Re-signing not necessary! -2008-07-15 00:21:18.130: debug: Check if there is a parent file to copy -2008-07-15 00:21:18.130: debug: -2008-07-15 00:21:18.130: debug: parsing zone "example.net." in dir "./example.net." -2008-07-15 00:21:18.131: debug: Check RFC5011 status -2008-07-15 00:21:18.131: debug: ->ksk5011status returns 2 -2008-07-15 00:21:18.131: debug: Check ZSK status -2008-07-15 00:21:18.131: debug: Re-signing not necessary! -2008-07-15 00:21:18.131: debug: Check if there is a parent file to copy -2008-07-15 00:21:18.131: debug: -2008-07-15 00:21:18.131: notice: end of run: 0 errors occured -2008-07-15 00:21:26.360: notice: ------------------------------------------------------------ -2008-07-15 00:21:26.360: notice: running ../../dnssec-signer -f -r -v -v -2008-07-15 00:21:26.362: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-07-15 00:21:26.362: debug: Check RFC5011 status -2008-07-15 00:21:26.362: debug: ->ksk5011status returns 0 -2008-07-15 00:21:26.362: debug: Check KSK status -2008-07-15 00:21:26.362: debug: Check ZSK status -2008-07-15 00:21:26.362: debug: Re-signing necessary: Option -f -2008-07-15 00:21:26.362: notice: "sub.example.net.": re-signing triggered: Option -f -2008-07-15 00:21:26.362: debug: Writing key file "./sub.example.net./dnskey.db" -2008-07-15 00:21:26.363: debug: Signing zone "sub.example.net." -2008-07-15 00:21:26.363: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" -2008-07-15 00:21:26.978: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-15 00:21:26.978: debug: Signing completed after 0s. -2008-07-15 00:21:26.978: notice: "sub.example.net.": distribution triggered -2008-07-15 00:21:26.978: debug: Distribute zone "sub.example.net." -2008-07-15 00:21:26.978: debug: Run cmd "./dist.sh reload sub.example.net." -2008-07-15 00:21:26.983: debug: -2008-07-15 00:21:26.983: debug: parsing zone "example.net." in dir "./example.net." -2008-07-15 00:21:26.983: debug: Check RFC5011 status -2008-07-15 00:21:26.983: debug: ->ksk5011status returns 2 -2008-07-15 00:21:26.983: debug: Check ZSK status -2008-07-15 00:21:26.983: debug: Re-signing necessary: Option -f -2008-07-15 00:21:26.983: notice: "example.net.": re-signing triggered: Option -f -2008-07-15 00:21:26.983: debug: Writing key file "./example.net./dnskey.db" -2008-07-15 00:21:26.983: debug: Incrementing serial number in file "./example.net./zone.db" -2008-07-15 00:21:26.983: debug: Signing zone "example.net." -2008-07-15 00:21:26.983: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" -2008-07-15 00:21:27.122: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-15 00:21:27.122: debug: Signing completed after 1s. -2008-07-15 00:21:27.122: notice: "example.net.": distribution triggered -2008-07-15 00:21:27.122: debug: Distribute zone "example.net." -2008-07-15 00:21:27.122: debug: Run cmd "./dist.sh reload example.net." -2008-07-15 00:21:27.127: debug: -2008-07-15 00:21:27.127: notice: end of run: 0 errors occured -2008-07-15 00:21:52.947: notice: ------------------------------------------------------------ -2008-07-15 00:21:52.947: notice: running ../../dnssec-signer -f -r -v -v -2008-07-15 00:21:52.951: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-07-15 00:21:52.951: debug: Check RFC5011 status -2008-07-15 00:21:52.951: debug: ->ksk5011status returns 0 -2008-07-15 00:21:52.951: debug: Check KSK status -2008-07-15 00:21:52.951: debug: Check ZSK status -2008-07-15 00:21:52.951: debug: Re-signing necessary: Option -f -2008-07-15 00:21:52.951: notice: "sub.example.net.": re-signing triggered: Option -f -2008-07-15 00:21:52.951: debug: Writing key file "./sub.example.net./dnskey.db" -2008-07-15 00:21:52.952: debug: Signing zone "sub.example.net." -2008-07-15 00:21:52.952: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" -2008-07-15 00:21:53.119: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-15 00:21:53.119: debug: Signing completed after 1s. -2008-07-15 00:21:53.120: notice: "sub.example.net.": distribution triggered -2008-07-15 00:21:53.120: debug: Distribute zone "sub.example.net." -2008-07-15 00:21:53.120: debug: Run cmd "./dist.sh reload sub.example.net." -2008-07-15 00:21:53.126: debug: -2008-07-15 00:21:53.126: debug: parsing zone "example.net." in dir "./example.net." -2008-07-15 00:21:53.126: debug: Check RFC5011 status -2008-07-15 00:21:53.126: debug: ->ksk5011status returns 2 -2008-07-15 00:21:53.126: debug: Check ZSK status -2008-07-15 00:21:53.126: debug: Re-signing necessary: Option -f -2008-07-15 00:21:53.126: notice: "example.net.": re-signing triggered: Option -f -2008-07-15 00:21:53.126: debug: Writing key file "./example.net./dnskey.db" -2008-07-15 00:21:53.126: debug: Incrementing serial number in file "./example.net./zone.db" -2008-07-15 00:21:53.126: debug: Signing zone "example.net." -2008-07-15 00:21:53.126: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" -2008-07-15 00:21:53.262: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-15 00:21:53.262: debug: Signing completed after 0s. -2008-07-15 00:21:53.262: notice: "example.net.": distribution triggered -2008-07-15 00:21:53.262: debug: Distribute zone "example.net." -2008-07-15 00:21:53.262: debug: Run cmd "./dist.sh reload example.net." -2008-07-15 00:21:53.268: debug: -2008-07-15 00:21:53.268: notice: end of run: 0 errors occured -2008-07-15 00:23:40.781: notice: ------------------------------------------------------------ -2008-07-15 00:23:40.781: notice: running ../../dnssec-signer -f -r -v -v -2008-07-15 00:23:40.783: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-07-15 00:23:40.783: debug: Check RFC5011 status -2008-07-15 00:23:40.783: debug: ->ksk5011status returns 0 -2008-07-15 00:23:40.783: debug: Check KSK status -2008-07-15 00:23:40.783: debug: Check ZSK status -2008-07-15 00:23:40.783: debug: Re-signing necessary: Option -f -2008-07-15 00:23:40.783: notice: "sub.example.net.": re-signing triggered: Option -f -2008-07-15 00:23:40.783: debug: Writing key file "./sub.example.net./dnskey.db" -2008-07-15 00:23:40.786: debug: Signing zone "sub.example.net." -2008-07-15 00:23:40.786: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" -2008-07-15 00:23:41.281: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-15 00:23:41.281: debug: Signing completed after 1s. -2008-07-15 00:23:41.281: notice: "sub.example.net.": distribution triggered -2008-07-15 00:23:41.281: debug: Distribute zone "sub.example.net." -2008-07-15 00:23:41.281: debug: Run cmd "./dist.sh reload sub.example.net." -2008-07-15 00:23:41.287: debug: -2008-07-15 00:23:41.287: debug: parsing zone "example.net." in dir "./example.net." -2008-07-15 00:23:41.287: debug: Check RFC5011 status -2008-07-15 00:23:41.287: debug: ->ksk5011status returns 2 -2008-07-15 00:23:41.287: debug: Check ZSK status -2008-07-15 00:23:41.287: debug: Re-signing necessary: Option -f -2008-07-15 00:23:41.287: notice: "example.net.": re-signing triggered: Option -f -2008-07-15 00:23:41.288: debug: Writing key file "./example.net./dnskey.db" -2008-07-15 00:23:41.288: debug: Incrementing serial number in file "./example.net./zone.db" -2008-07-15 00:23:41.288: debug: Signing zone "example.net." -2008-07-15 00:23:41.289: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" -2008-07-15 00:23:41.561: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-15 00:23:41.561: debug: Signing completed after 0s. -2008-07-15 00:23:41.561: notice: "example.net.": distribution triggered -2008-07-15 00:23:41.561: debug: Distribute zone "example.net." -2008-07-15 00:23:41.561: debug: Run cmd "./dist.sh reload example.net." -2008-07-15 00:23:41.566: debug: -2008-07-15 00:23:41.567: notice: end of run: 0 errors occured -2008-07-15 00:31:10.917: notice: ------------------------------------------------------------ -2008-07-15 00:31:10.917: notice: running ../../dnssec-signer -f -r -v -v -2008-07-15 00:31:10.923: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-07-15 00:31:10.923: debug: Check RFC5011 status -2008-07-15 00:31:10.923: debug: ->ksk5011status returns 0 -2008-07-15 00:31:10.923: debug: Check KSK status -2008-07-15 00:31:10.923: debug: Check ZSK status -2008-07-15 00:31:10.923: debug: Lifetime(390 sec) of depreciated key 2338 exceeded (605 sec) -2008-07-15 00:31:10.923: info: "sub.example.net.": removed old ZSK 2338 - -2008-07-15 00:31:10.924: debug: ->remove it -2008-07-15 00:31:10.924: debug: Re-signing necessary: Option -f -2008-07-15 00:31:10.924: notice: "sub.example.net.": re-signing triggered: Option -f -2008-07-15 00:31:10.924: debug: Writing key file "./sub.example.net./dnskey.db" -2008-07-15 00:31:11.347: debug: Signing zone "sub.example.net." -2008-07-15 00:31:11.347: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" -2008-07-15 00:31:11.571: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-15 00:31:11.571: debug: Signing completed after 0s. -2008-07-15 00:31:11.571: notice: "sub.example.net.": distribution triggered -2008-07-15 00:31:11.571: debug: Distribute zone "sub.example.net." -2008-07-15 00:31:11.571: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" -2008-07-15 00:31:11.579: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed :/sub.example.net." -2008-07-15 00:31:11.579: debug: -2008-07-15 00:31:11.580: debug: parsing zone "example.net." in dir "./example.net." -2008-07-15 00:31:11.580: debug: Check RFC5011 status -2008-07-15 00:31:11.580: debug: ->ksk5011status returns 2 -2008-07-15 00:31:11.580: debug: Check ZSK status -2008-07-15 00:31:11.580: debug: Re-signing necessary: Option -f -2008-07-15 00:31:11.580: notice: "example.net.": re-signing triggered: Option -f -2008-07-15 00:31:11.580: debug: Writing key file "./example.net./dnskey.db" -2008-07-15 00:31:11.581: debug: Incrementing serial number in file "./example.net./zone.db" -2008-07-15 00:31:11.581: debug: Signing zone "example.net." -2008-07-15 00:31:11.581: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" -2008-07-15 00:31:11.698: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-15 00:31:11.698: debug: Signing completed after 0s. -2008-07-15 00:31:11.698: notice: "example.net.": distribution triggered -2008-07-15 00:31:11.698: debug: Distribute zone "example.net." -2008-07-15 00:31:11.698: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" -2008-07-15 00:31:11.704: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed :/example.net." -2008-07-15 00:31:11.704: debug: -2008-07-15 00:31:11.704: notice: end of run: 0 errors occured -2008-07-15 00:32:00.676: notice: ------------------------------------------------------------ -2008-07-15 00:32:00.676: notice: running ../../dnssec-signer -f -r -v -v -2008-07-15 00:32:00.678: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-07-15 00:32:00.678: debug: Check RFC5011 status -2008-07-15 00:32:00.678: debug: ->ksk5011status returns 0 -2008-07-15 00:32:00.678: debug: Check KSK status -2008-07-15 00:32:00.678: debug: Check ZSK status -2008-07-15 00:32:00.678: debug: Re-signing necessary: Option -f -2008-07-15 00:32:00.678: notice: "sub.example.net.": re-signing triggered: Option -f -2008-07-15 00:32:00.678: debug: Writing key file "./sub.example.net./dnskey.db" -2008-07-15 00:32:00.679: debug: Signing zone "sub.example.net." -2008-07-15 00:32:00.679: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" -2008-07-15 00:32:01.282: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-15 00:32:01.282: debug: Signing completed after 1s. -2008-07-15 00:32:01.282: notice: "sub.example.net.": distribution triggered -2008-07-15 00:32:01.282: debug: Distribute zone "sub.example.net." -2008-07-15 00:32:01.282: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" -2008-07-15 00:32:01.289: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/sub.example.net." -2008-07-15 00:32:01.289: debug: -2008-07-15 00:32:01.289: debug: parsing zone "example.net." in dir "./example.net." -2008-07-15 00:32:01.289: debug: Check RFC5011 status -2008-07-15 00:32:01.289: debug: ->ksk5011status returns 2 -2008-07-15 00:32:01.289: debug: Check ZSK status -2008-07-15 00:32:01.290: debug: Re-signing necessary: Option -f -2008-07-15 00:32:01.290: notice: "example.net.": re-signing triggered: Option -f -2008-07-15 00:32:01.290: debug: Writing key file "./example.net./dnskey.db" -2008-07-15 00:32:01.291: debug: Incrementing serial number in file "./example.net./zone.db" -2008-07-15 00:32:01.291: debug: Signing zone "example.net." -2008-07-15 00:32:01.291: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" -2008-07-15 00:32:01.405: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-15 00:32:01.405: debug: Signing completed after 0s. -2008-07-15 00:32:01.406: notice: "example.net.": distribution triggered -2008-07-15 00:32:01.406: debug: Distribute zone "example.net." -2008-07-15 00:32:01.406: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" -2008-07-15 00:32:01.412: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/example.net." -2008-07-15 00:32:01.412: debug: -2008-07-15 00:32:01.412: notice: end of run: 0 errors occured -2008-07-15 00:33:00.866: notice: ------------------------------------------------------------ -2008-07-15 00:33:00.867: notice: running ../../dnssec-signer -f -r -v -v -2008-07-15 00:33:00.869: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-07-15 00:33:00.869: debug: Check RFC5011 status -2008-07-15 00:33:00.869: debug: ->ksk5011status returns 0 -2008-07-15 00:33:00.869: debug: Check KSK status -2008-07-15 00:33:00.869: debug: Check ZSK status -2008-07-15 00:33:00.869: debug: Re-signing necessary: Option -f -2008-07-15 00:33:00.870: notice: "sub.example.net.": re-signing triggered: Option -f -2008-07-15 00:33:00.870: debug: Writing key file "./sub.example.net./dnskey.db" -2008-07-15 00:33:00.870: debug: Signing zone "sub.example.net." -2008-07-15 00:33:00.870: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" -2008-07-15 00:33:01.531: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-15 00:33:01.531: debug: Signing completed after 1s. -2008-07-15 00:33:01.531: notice: "sub.example.net.": distribution triggered -2008-07-15 00:33:01.531: debug: Distribute zone "sub.example.net." -2008-07-15 00:33:01.531: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" -2008-07-15 00:33:01.537: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net." -2008-07-15 00:33:01.537: debug: -2008-07-15 00:33:01.537: debug: parsing zone "example.net." in dir "./example.net." -2008-07-15 00:33:01.538: debug: Check RFC5011 status -2008-07-15 00:33:01.538: debug: ->ksk5011status returns 2 -2008-07-15 00:33:01.538: debug: Check ZSK status -2008-07-15 00:33:01.538: debug: Re-signing necessary: Option -f -2008-07-15 00:33:01.538: notice: "example.net.": re-signing triggered: Option -f -2008-07-15 00:33:01.538: debug: Writing key file "./example.net./dnskey.db" -2008-07-15 00:33:01.539: debug: Incrementing serial number in file "./example.net./zone.db" -2008-07-15 00:33:01.539: debug: Signing zone "example.net." -2008-07-15 00:33:01.539: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" -2008-07-15 00:33:01.655: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-15 00:33:01.655: debug: Signing completed after 0s. -2008-07-15 00:33:01.655: notice: "example.net.": distribution triggered -2008-07-15 00:33:01.655: debug: Distribute zone "example.net." -2008-07-15 00:33:01.656: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" -2008-07-15 00:33:01.661: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net." -2008-07-15 00:33:01.662: debug: -2008-07-15 00:33:01.662: notice: end of run: 0 errors occured -2008-07-15 00:34:09.259: notice: ------------------------------------------------------------ -2008-07-15 00:34:09.259: notice: running ../../dnssec-signer -f -r -v -v -2008-07-15 00:34:09.261: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-07-15 00:34:09.261: debug: Check RFC5011 status -2008-07-15 00:34:09.261: debug: ->ksk5011status returns 0 -2008-07-15 00:34:09.261: debug: Check KSK status -2008-07-15 00:34:09.261: debug: Check ZSK status -2008-07-15 00:34:09.261: debug: Re-signing necessary: Option -f -2008-07-15 00:34:09.261: notice: "sub.example.net.": re-signing triggered: Option -f -2008-07-15 00:34:09.261: debug: Writing key file "./sub.example.net./dnskey.db" -2008-07-15 00:34:09.261: debug: Signing zone "sub.example.net." -2008-07-15 00:34:09.261: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" -2008-07-15 00:34:10.245: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-15 00:34:10.245: debug: Signing completed after 1s. -2008-07-15 00:34:10.245: notice: "sub.example.net.": distribution triggered -2008-07-15 00:34:10.245: debug: Distribute zone "sub.example.net." -2008-07-15 00:34:10.245: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" -2008-07-15 00:34:10.251: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./" -2008-07-15 00:34:10.252: debug: -2008-07-15 00:34:10.252: debug: parsing zone "example.net." in dir "./example.net." -2008-07-15 00:34:10.252: debug: Check RFC5011 status -2008-07-15 00:34:10.252: debug: ->ksk5011status returns 2 -2008-07-15 00:34:10.252: debug: Check ZSK status -2008-07-15 00:34:10.252: debug: Re-signing necessary: Option -f -2008-07-15 00:34:10.252: notice: "example.net.": re-signing triggered: Option -f -2008-07-15 00:34:10.252: debug: Writing key file "./example.net./dnskey.db" -2008-07-15 00:34:10.252: debug: Incrementing serial number in file "./example.net./zone.db" -2008-07-15 00:34:10.252: debug: Signing zone "example.net." -2008-07-15 00:34:10.252: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" -2008-07-15 00:34:10.369: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-15 00:34:10.369: debug: Signing completed after 0s. -2008-07-15 00:34:10.369: notice: "example.net.": distribution triggered -2008-07-15 00:34:10.369: debug: Distribute zone "example.net." -2008-07-15 00:34:10.369: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" -2008-07-15 00:34:10.375: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./" -2008-07-15 00:34:10.375: debug: -2008-07-15 00:34:10.375: notice: end of run: 0 errors occured -2008-07-18 00:38:52.860: notice: ------------------------------------------------------------ -2008-07-18 00:38:52.860: notice: running ../../dnssec-signer -v -v -2008-07-18 00:38:52.862: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-07-18 00:38:52.862: debug: Check RFC5011 status -2008-07-18 00:38:52.862: debug: ->ksk5011status returns 0 -2008-07-18 00:38:52.862: debug: Check KSK status -2008-07-18 00:38:52.862: debug: Check ZSK status -2008-07-18 00:38:52.862: debug: Lifetime(259200 +/-150 sec) of active key 9198 exceeded (260267 sec) -2008-07-18 00:38:52.862: debug: ->depreciate it -2008-07-18 00:38:52.862: debug: ->activate published key 8397 -2008-07-18 00:38:52.862: notice: "sub.example.net.": lifetime of zone signing key 9198 exceeded: ZSK rollover done -2008-07-18 00:38:52.862: debug: New published key needed -2008-07-18 00:38:53.418: debug: ->creating new published key 31081 -2008-07-18 00:38:53.418: info: "sub.example.net.": new key 31081 generated for publishing -2008-07-18 00:38:53.418: debug: Re-signing necessary: New zone key -2008-07-18 00:38:53.418: notice: "sub.example.net.": re-signing triggered: New zone key -2008-07-18 00:38:53.418: debug: Writing key file "./sub.example.net./dnskey.db" -2008-07-18 00:38:53.419: debug: Signing zone "sub.example.net." -2008-07-18 00:38:53.419: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" -2008-07-18 00:38:53.556: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-18 00:38:53.556: debug: Signing completed after 0s. -2008-07-18 00:38:53.556: debug: -2008-07-18 00:38:53.556: debug: parsing zone "example.net." in dir "./example.net." -2008-07-18 00:38:53.557: debug: Check RFC5011 status -2008-07-18 00:38:53.557: debug: ->ksk5011status returns 2 -2008-07-18 00:38:53.557: debug: Check ZSK status -2008-07-18 00:38:53.557: debug: Re-signing necessary: re-signing interval (2d) reached -2008-07-18 00:38:53.557: notice: "example.net.": re-signing triggered: re-signing interval (2d) reached -2008-07-18 00:38:53.557: debug: Writing key file "./example.net./dnskey.db" -2008-07-18 00:38:53.558: debug: Incrementing serial number in file "./example.net./zone.db" -2008-07-18 00:38:53.558: debug: Signing zone "example.net." -2008-07-18 00:38:53.559: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" -2008-07-18 00:38:53.715: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-18 00:38:53.715: debug: Signing completed after 0s. -2008-07-18 00:38:53.715: debug: -2008-07-18 00:38:53.716: notice: end of run: 0 errors occured -2008-07-18 00:39:29.824: notice: ------------------------------------------------------------ -2008-07-18 00:39:29.824: notice: running ../../dnssec-signer -r -v -v -2008-07-18 00:39:29.827: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-07-18 00:39:29.827: debug: Check RFC5011 status -2008-07-18 00:39:29.827: debug: ->ksk5011status returns 0 -2008-07-18 00:39:29.827: debug: Check KSK status -2008-07-18 00:39:29.827: debug: Check ZSK status -2008-07-18 00:39:29.827: debug: Re-signing not necessary! -2008-07-18 00:39:29.827: debug: Check if there is a parent file to copy -2008-07-18 00:39:29.827: debug: -2008-07-18 00:39:29.827: debug: parsing zone "example.net." in dir "./example.net." -2008-07-18 00:39:29.827: debug: Check RFC5011 status -2008-07-18 00:39:29.827: debug: ->ksk5011status returns 2 -2008-07-18 00:39:29.827: debug: Check ZSK status -2008-07-18 00:39:29.827: debug: Re-signing not necessary! -2008-07-18 00:39:29.827: debug: Check if there is a parent file to copy -2008-07-18 00:39:29.827: debug: -2008-07-18 00:39:29.828: notice: end of run: 0 errors occured -2008-07-18 00:39:36.641: notice: ------------------------------------------------------------ -2008-07-18 00:39:36.641: notice: running ../../dnssec-signer -r -f -v -v -2008-07-18 00:39:36.644: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-07-18 00:39:36.644: debug: Check RFC5011 status -2008-07-18 00:39:36.644: debug: ->ksk5011status returns 0 -2008-07-18 00:39:36.644: debug: Check KSK status -2008-07-18 00:39:36.644: debug: Check ZSK status -2008-07-18 00:39:36.644: debug: Re-signing necessary: Option -f -2008-07-18 00:39:36.644: notice: "sub.example.net.": re-signing triggered: Option -f -2008-07-18 00:39:36.644: debug: Writing key file "./sub.example.net./dnskey.db" -2008-07-18 00:39:36.644: debug: Signing zone "sub.example.net." -2008-07-18 00:39:36.644: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" -2008-07-18 00:39:37.144: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-18 00:39:37.144: debug: Signing completed after 1s. -2008-07-18 00:39:37.144: notice: "sub.example.net.": distribution triggered -2008-07-18 00:39:37.144: debug: Distribute zone "sub.example.net." -2008-07-18 00:39:37.144: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" -2008-07-18 00:39:37.151: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./" -2008-07-18 00:39:37.151: debug: -2008-07-18 00:39:37.151: debug: parsing zone "example.net." in dir "./example.net." -2008-07-18 00:39:37.151: debug: Check RFC5011 status -2008-07-18 00:39:37.151: debug: ->ksk5011status returns 2 -2008-07-18 00:39:37.151: debug: Check ZSK status -2008-07-18 00:39:37.151: debug: Re-signing necessary: Option -f -2008-07-18 00:39:37.151: notice: "example.net.": re-signing triggered: Option -f -2008-07-18 00:39:37.151: debug: Writing key file "./example.net./dnskey.db" -2008-07-18 00:39:37.152: debug: Incrementing serial number in file "./example.net./zone.db" -2008-07-18 00:39:37.152: debug: Signing zone "example.net." -2008-07-18 00:39:37.152: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" -2008-07-18 00:39:37.313: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-18 00:39:37.313: debug: Signing completed after 0s. -2008-07-18 00:39:37.313: notice: "example.net.": distribution triggered -2008-07-18 00:39:37.313: debug: Distribute zone "example.net." -2008-07-18 00:39:37.313: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" -2008-07-18 00:39:37.319: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./" -2008-07-18 00:39:37.319: debug: -2008-07-18 00:39:37.319: notice: end of run: 0 errors occured -2008-07-18 00:42:39.912: notice: ------------------------------------------------------------ -2008-07-18 00:42:39.912: notice: running ../../dnssec-signer -v -v -2008-07-18 00:42:39.914: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-07-18 00:42:39.914: debug: Check RFC5011 status -2008-07-18 00:42:39.914: debug: ->ksk5011status returns 0 -2008-07-18 00:42:39.914: debug: Check KSK status -2008-07-18 00:42:39.914: debug: Check ZSK status -2008-07-18 00:42:39.914: debug: Re-signing not necessary! -2008-07-18 00:42:39.914: debug: Check if there is a parent file to copy -2008-07-18 00:42:39.914: debug: -2008-07-18 00:42:39.914: debug: parsing zone "example.net." in dir "./example.net." -2008-07-18 00:42:39.914: debug: Check RFC5011 status -2008-07-18 00:42:39.914: debug: ->ksk5011status returns 2 -2008-07-18 00:42:39.914: debug: Check ZSK status -2008-07-18 00:42:39.914: debug: Re-signing not necessary! -2008-07-18 00:42:39.914: debug: Check if there is a parent file to copy -2008-07-18 00:42:39.914: debug: -2008-07-18 00:42:39.914: notice: end of run: 0 errors occured -2008-07-22 00:10:38.346: notice: ------------------------------------------------------------ -2008-07-22 00:10:38.346: notice: running ../../dnssec-signer -v -v -2008-07-22 00:10:38.349: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-07-22 00:10:38.349: debug: Check RFC5011 status -2008-07-22 00:10:38.349: debug: ->ksk5011status returns 0 -2008-07-22 00:10:38.349: debug: Check KSK status -2008-07-22 00:10:38.349: debug: Check ZSK status -2008-07-22 00:10:38.349: debug: Lifetime(390 sec) of depreciated key 9198 exceeded (343906 sec) -2008-07-22 00:10:38.349: info: "sub.example.net.": removed old ZSK 9198 - -2008-07-22 00:10:38.349: debug: ->remove it -2008-07-22 00:10:38.349: debug: Lifetime(259200 +/-150 sec) of active key 8397 exceeded (343906 sec) -2008-07-22 00:10:38.349: debug: ->depreciate it -2008-07-22 00:10:38.349: debug: ->activate published key 31081 -2008-07-22 00:10:38.349: notice: "sub.example.net.": lifetime of zone signing key 8397 exceeded: ZSK rollover done -2008-07-22 00:10:38.349: debug: New published key needed -2008-07-22 00:10:38.870: debug: ->creating new published key 3615 -2008-07-22 00:10:38.870: info: "sub.example.net.": new key 3615 generated for publishing -2008-07-22 00:10:38.870: debug: Re-signing necessary: New zone key -2008-07-22 00:10:38.870: notice: "sub.example.net.": re-signing triggered: New zone key -2008-07-22 00:10:38.870: debug: Writing key file "./sub.example.net./dnskey.db" -2008-07-22 00:10:38.871: debug: Signing zone "sub.example.net." -2008-07-22 00:10:38.871: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" -2008-07-22 00:10:39.208: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-22 00:10:39.208: debug: Signing completed after 1s. -2008-07-22 00:10:39.208: debug: -2008-07-22 00:10:39.208: debug: parsing zone "example.net." in dir "./example.net." -2008-07-22 00:10:39.208: debug: Check RFC5011 status -2008-07-22 00:10:39.208: debug: ->ksk5011status returns 2 -2008-07-22 00:10:39.208: debug: Check ZSK status -2008-07-22 00:10:39.208: debug: New published key needed -2008-07-22 00:10:39.255: debug: ->creating new published key 41300 -2008-07-22 00:10:39.255: info: "example.net.": new key 41300 generated for publishing -2008-07-22 00:10:39.255: debug: Re-signing necessary: New zone key -2008-07-22 00:10:39.255: notice: "example.net.": re-signing triggered: New zone key -2008-07-22 00:10:39.255: debug: Writing key file "./example.net./dnskey.db" -2008-07-22 00:10:39.256: debug: Incrementing serial number in file "./example.net./zone.db" -2008-07-22 00:10:39.256: debug: Signing zone "example.net." -2008-07-22 00:10:39.256: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" -2008-07-22 00:10:39.414: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-22 00:10:39.414: debug: Signing completed after 0s. -2008-07-22 00:10:39.414: debug: -2008-07-22 00:10:39.414: notice: end of run: 0 errors occured -2008-07-22 00:16:04.680: notice: ------------------------------------------------------------ -2008-07-22 00:16:04.680: notice: running ../../dnssec-signer -v -v -2008-07-22 00:16:04.682: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-07-22 00:16:04.682: debug: Check RFC5011 status -2008-07-22 00:16:04.682: debug: ->ksk5011status returns 0 -2008-07-22 00:16:04.683: debug: Check KSK status -2008-07-22 00:16:04.683: debug: Check ZSK status -2008-07-22 00:16:04.683: debug: Re-signing not necessary! -2008-07-22 00:16:04.683: debug: Check if there is a parent file to copy -2008-07-22 00:16:04.683: debug: -2008-07-22 00:16:04.683: debug: parsing zone "example.net." in dir "./example.net." -2008-07-22 00:16:04.683: debug: Check RFC5011 status -2008-07-22 00:16:04.683: debug: ->ksk5011status returns 2 -2008-07-22 00:16:04.684: debug: Check ZSK status -2008-07-22 00:16:04.684: debug: Re-signing not necessary! -2008-07-22 00:16:04.684: debug: Check if there is a parent file to copy -2008-07-22 00:16:04.684: debug: -2008-07-22 00:16:04.684: notice: end of run: 0 errors occured -2008-07-22 00:16:09.309: notice: ------------------------------------------------------------ -2008-07-22 00:16:09.309: notice: running ../../dnssec-signer -r -v -v -2008-07-22 00:16:09.311: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-07-22 00:16:09.311: debug: Check RFC5011 status -2008-07-22 00:16:09.311: debug: ->ksk5011status returns 0 -2008-07-22 00:16:09.312: debug: Check KSK status -2008-07-22 00:16:09.312: debug: Check ZSK status -2008-07-22 00:16:09.312: debug: Re-signing not necessary! -2008-07-22 00:16:09.312: debug: Check if there is a parent file to copy -2008-07-22 00:16:09.312: debug: -2008-07-22 00:16:09.312: debug: parsing zone "example.net." in dir "./example.net." -2008-07-22 00:16:09.312: debug: Check RFC5011 status -2008-07-22 00:16:09.312: debug: ->ksk5011status returns 2 -2008-07-22 00:16:09.313: debug: Check ZSK status -2008-07-22 00:16:09.313: debug: Re-signing not necessary! -2008-07-22 00:16:09.313: debug: Check if there is a parent file to copy -2008-07-22 00:16:09.313: debug: -2008-07-22 00:16:09.313: notice: end of run: 0 errors occured -2008-07-22 00:16:13.285: notice: ------------------------------------------------------------ -2008-07-22 00:16:13.285: notice: running ../../dnssec-signer -r -f -v -v -2008-07-22 00:16:13.287: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-07-22 00:16:13.287: debug: Check RFC5011 status -2008-07-22 00:16:13.287: debug: ->ksk5011status returns 0 -2008-07-22 00:16:13.287: debug: Check KSK status -2008-07-22 00:16:13.287: debug: Check ZSK status -2008-07-22 00:16:13.287: debug: Re-signing necessary: Option -f -2008-07-22 00:16:13.287: notice: "sub.example.net.": re-signing triggered: Option -f -2008-07-22 00:16:13.287: debug: Writing key file "./sub.example.net./dnskey.db" -2008-07-22 00:16:13.287: debug: Signing zone "sub.example.net." -2008-07-22 00:16:13.287: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" -2008-07-22 00:16:13.822: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-22 00:16:13.822: debug: Signing completed after 0s. -2008-07-22 00:16:13.822: notice: "sub.example.net.": distribution triggered -2008-07-22 00:16:13.822: debug: Distribute zone "sub.example.net." -2008-07-22 00:16:13.822: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" -2008-07-22 00:16:13.828: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./" -2008-07-22 00:16:13.828: debug: -2008-07-22 00:16:13.829: debug: parsing zone "example.net." in dir "./example.net." -2008-07-22 00:16:13.829: debug: Check RFC5011 status -2008-07-22 00:16:13.829: debug: ->ksk5011status returns 2 -2008-07-22 00:16:13.829: debug: Check ZSK status -2008-07-22 00:16:13.829: debug: Re-signing necessary: Option -f -2008-07-22 00:16:13.829: notice: "example.net.": re-signing triggered: Option -f -2008-07-22 00:16:13.829: debug: Writing key file "./example.net./dnskey.db" -2008-07-22 00:16:13.830: debug: Incrementing serial number in file "./example.net./zone.db" -2008-07-22 00:16:13.830: debug: Signing zone "example.net." -2008-07-22 00:16:13.830: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" -2008-07-22 00:16:13.976: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-22 00:16:13.976: debug: Signing completed after 0s. -2008-07-22 00:16:13.977: notice: "example.net.": distribution triggered -2008-07-22 00:16:13.977: debug: Distribute zone "example.net." -2008-07-22 00:16:13.977: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" -2008-07-22 00:16:13.983: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./" -2008-07-22 00:16:13.983: debug: -2008-07-22 00:16:13.983: notice: end of run: 0 errors occured -2008-07-22 00:20:56.119: notice: ------------------------------------------------------------ -2008-07-22 00:20:56.119: notice: running ../../dnssec-signer -r -f -v -v -2008-07-22 00:20:56.121: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-07-22 00:20:56.121: debug: Check RFC5011 status -2008-07-22 00:20:56.121: debug: ->ksk5011status returns 0 -2008-07-22 00:20:56.121: debug: Check KSK status -2008-07-22 00:20:56.121: debug: Check ZSK status -2008-07-22 00:20:56.121: debug: Lifetime(390 sec) of depreciated key 8397 exceeded (618 sec) -2008-07-22 00:20:56.121: info: "sub.example.net.": removed old ZSK 8397 - -2008-07-22 00:20:56.122: debug: ->remove it -2008-07-22 00:20:56.122: debug: Re-signing necessary: Option -f -2008-07-22 00:20:56.122: notice: "sub.example.net.": re-signing triggered: Option -f -2008-07-22 00:20:56.122: debug: Writing key file "./sub.example.net./dnskey.db" -2008-07-22 00:20:56.122: debug: Signing zone "sub.example.net." -2008-07-22 00:20:56.122: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" -2008-07-22 00:20:56.627: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-22 00:20:56.627: debug: Signing completed after 0s. -2008-07-22 00:20:56.627: notice: "sub.example.net.": distribution triggered -2008-07-22 00:20:56.627: debug: Distribute zone "sub.example.net." -2008-07-22 00:20:56.627: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" -2008-07-22 00:20:56.634: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./" -2008-07-22 00:20:56.635: debug: -2008-07-22 00:20:56.635: debug: parsing zone "example.net." in dir "./example.net." -2008-07-22 00:20:56.635: debug: Check RFC5011 status -2008-07-22 00:20:56.635: debug: ->ksk5011status returns 2 -2008-07-22 00:20:56.635: debug: Check ZSK status -2008-07-22 00:20:56.635: debug: Re-signing necessary: Option -f -2008-07-22 00:20:56.635: notice: "example.net.": re-signing triggered: Option -f -2008-07-22 00:20:56.635: debug: Writing key file "./example.net./dnskey.db" -2008-07-22 00:20:56.636: debug: Incrementing serial number in file "./example.net./zone.db" -2008-07-22 00:20:56.636: debug: Signing zone "example.net." -2008-07-22 00:20:56.637: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" -2008-07-22 00:20:56.760: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-22 00:20:56.760: debug: Signing completed after 0s. -2008-07-22 00:20:56.760: notice: "example.net.": distribution triggered -2008-07-22 00:20:56.760: debug: Distribute zone "example.net." -2008-07-22 00:20:56.760: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" -2008-07-22 00:20:56.768: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./" -2008-07-22 00:20:56.769: debug: -2008-07-22 00:20:56.769: notice: end of run: 0 errors occured -2008-07-22 00:23:51.528: notice: ------------------------------------------------------------ -2008-07-22 00:23:51.528: notice: running ../../dnssec-signer -r -f -v -v -2008-07-22 00:23:51.530: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-07-22 00:23:51.530: debug: Check RFC5011 status -2008-07-22 00:23:51.530: debug: ->ksk5011status returns 0 -2008-07-22 00:23:51.531: debug: Check KSK status -2008-07-22 00:23:51.531: debug: Check ZSK status -2008-07-22 00:23:51.531: debug: Re-signing necessary: Option -f -2008-07-22 00:23:51.531: notice: "sub.example.net.": re-signing triggered: Option -f -2008-07-22 00:23:51.531: debug: Writing key file "./sub.example.net./dnskey.db" -2008-07-22 00:23:51.531: debug: Signing zone "sub.example.net." -2008-07-22 00:23:51.532: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" -2008-07-22 00:23:52.042: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-22 00:23:52.042: debug: Signing completed after 1s. -2008-07-22 00:23:52.042: notice: "sub.example.net.": distribution triggered -2008-07-22 00:23:52.042: debug: Distribute zone "sub.example.net." -2008-07-22 00:23:52.043: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" -2008-07-22 00:23:52.049: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./" -2008-07-22 00:23:52.049: debug: -2008-07-22 00:23:52.049: debug: parsing zone "example.net." in dir "./example.net." -2008-07-22 00:23:52.049: debug: Check RFC5011 status -2008-07-22 00:23:52.049: debug: ->ksk5011status returns 2 -2008-07-22 00:23:52.049: debug: Check ZSK status -2008-07-22 00:23:52.049: debug: Re-signing necessary: Option -f -2008-07-22 00:23:52.049: notice: "example.net.": re-signing triggered: Option -f -2008-07-22 00:23:52.049: debug: Writing key file "./example.net./dnskey.db" -2008-07-22 00:23:52.050: debug: Incrementing serial number in file "./example.net./zone.db" -2008-07-22 00:23:52.050: debug: Signing zone "example.net." -2008-07-22 00:23:52.050: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" -2008-07-22 00:23:52.176: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-22 00:23:52.176: debug: Signing completed after 0s. -2008-07-22 00:23:52.176: notice: "example.net.": distribution triggered -2008-07-22 00:23:52.176: debug: Distribute zone "example.net." -2008-07-22 00:23:52.176: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" -2008-07-22 00:23:52.185: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./" -2008-07-22 00:23:52.185: debug: -2008-07-22 00:23:52.185: notice: end of run: 0 errors occured -2008-07-22 00:24:09.609: notice: ------------------------------------------------------------ -2008-07-22 00:24:09.609: notice: running ../../dnssec-signer -r -f -v -v -2008-07-22 00:24:09.614: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-07-22 00:24:09.614: debug: Check RFC5011 status -2008-07-22 00:24:09.614: debug: ->ksk5011status returns 0 -2008-07-22 00:24:09.614: debug: Check KSK status -2008-07-22 00:24:09.614: debug: Check ZSK status -2008-07-22 00:24:09.614: debug: Re-signing necessary: Option -f -2008-07-22 00:24:09.614: notice: "sub.example.net.": re-signing triggered: Option -f -2008-07-22 00:24:09.614: debug: Writing key file "./sub.example.net./dnskey.db" -2008-07-22 00:24:09.614: debug: Signing zone "sub.example.net." -2008-07-22 00:24:09.614: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" -2008-07-22 00:24:10.692: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-22 00:24:10.692: debug: Signing completed after 1s. -2008-07-22 00:24:10.692: notice: "sub.example.net.": distribution triggered -2008-07-22 00:24:10.692: debug: Distribute zone "sub.example.net." -2008-07-22 00:24:10.692: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" -2008-07-22 00:24:10.698: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./" -2008-07-22 00:24:10.698: debug: -2008-07-22 00:24:10.698: debug: parsing zone "example.net." in dir "./example.net." -2008-07-22 00:24:10.698: debug: Check RFC5011 status -2008-07-22 00:24:10.698: debug: ->ksk5011status returns 2 -2008-07-22 00:24:10.698: debug: Check ZSK status -2008-07-22 00:24:10.698: debug: Re-signing necessary: Option -f -2008-07-22 00:24:10.698: notice: "example.net.": re-signing triggered: Option -f -2008-07-22 00:24:10.698: debug: Writing key file "./example.net./dnskey.db" -2008-07-22 00:24:10.699: debug: Incrementing serial number in file "./example.net./zone.db" -2008-07-22 00:24:10.699: debug: Signing zone "example.net." -2008-07-22 00:24:10.699: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" -2008-07-22 00:24:10.883: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-22 00:24:10.883: debug: Signing completed after 0s. -2008-07-22 00:24:10.883: notice: "example.net.": distribution triggered -2008-07-22 00:24:10.883: debug: Distribute zone "example.net." -2008-07-22 00:24:10.883: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" -2008-07-22 00:24:10.889: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./" -2008-07-22 00:24:10.889: debug: -2008-07-22 00:24:10.889: notice: end of run: 0 errors occured -2008-07-22 00:28:44.300: notice: ------------------------------------------------------------ -2008-07-22 00:28:44.300: notice: running ../../dnssec-signer -r -f -v -v -2008-07-22 00:28:44.302: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-07-22 00:28:44.302: debug: Check RFC5011 status -2008-07-22 00:28:44.302: debug: ->ksk5011status returns 0 -2008-07-22 00:28:44.302: debug: Check KSK status -2008-07-22 00:28:44.302: debug: Check ZSK status -2008-07-22 00:28:44.302: debug: Re-signing necessary: Option -f -2008-07-22 00:28:44.302: notice: "sub.example.net.": re-signing triggered: Option -f -2008-07-22 00:28:44.302: debug: Writing key file "./sub.example.net./dnskey.db" -2008-07-22 00:28:44.306: debug: Signing zone "sub.example.net." -2008-07-22 00:28:44.306: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" -2008-07-22 00:28:44.898: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-22 00:28:44.898: debug: Signing completed after 0s. -2008-07-22 00:28:44.898: notice: "sub.example.net.": distribution triggered -2008-07-22 00:28:44.899: debug: Distribute zone "sub.example.net." -2008-07-22 00:28:44.899: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" -2008-07-22 00:28:44.904: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./" -2008-07-22 00:28:44.905: debug: -2008-07-22 00:28:44.905: debug: parsing zone "example.net." in dir "./example.net." -2008-07-22 00:28:44.905: debug: Check RFC5011 status -2008-07-22 00:28:44.905: debug: ->ksk5011status returns 2 -2008-07-22 00:28:44.905: debug: Check ZSK status -2008-07-22 00:28:44.905: debug: Re-signing necessary: Option -f -2008-07-22 00:28:44.905: notice: "example.net.": re-signing triggered: Option -f -2008-07-22 00:28:44.905: debug: Writing key file "./example.net./dnskey.db" -2008-07-22 00:28:44.906: debug: Incrementing serial number in file "./example.net./zone.db" -2008-07-22 00:28:44.906: debug: Signing zone "example.net." -2008-07-22 00:28:44.907: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" -2008-07-22 00:28:45.039: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-22 00:28:45.039: debug: Signing completed after 1s. -2008-07-22 00:28:45.039: notice: "example.net.": distribution triggered -2008-07-22 00:28:45.039: debug: Distribute zone "example.net." -2008-07-22 00:28:45.040: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" -2008-07-22 00:28:45.046: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./" -2008-07-22 00:28:45.046: debug: -2008-07-22 00:28:45.046: notice: end of run: 0 errors occured -2008-07-22 00:39:15.968: notice: ------------------------------------------------------------ -2008-07-22 00:39:15.968: notice: running ../../dnssec-signer -r -v -v -2008-07-22 00:39:16.005: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-07-22 00:39:16.006: debug: Check RFC5011 status -2008-07-22 00:39:16.006: debug: ->ksk5011status returns 0 -2008-07-22 00:39:16.006: debug: Check KSK status -2008-07-22 00:39:16.006: debug: Check ZSK status -2008-07-22 00:39:16.006: debug: Re-signing not necessary! -2008-07-22 00:39:16.006: debug: Check if there is a parent file to copy -2008-07-22 00:39:16.006: debug: -2008-07-22 00:39:16.006: debug: parsing zone "example.net." in dir "./example.net." -2008-07-22 00:39:16.006: debug: Check RFC5011 status -2008-07-22 00:39:16.006: debug: ->ksk5011status returns 2 -2008-07-22 00:39:16.007: debug: Check ZSK status -2008-07-22 00:39:16.007: debug: Re-signing not necessary! -2008-07-22 00:39:16.007: debug: Check if there is a parent file to copy -2008-07-22 00:39:16.007: debug: -2008-07-22 00:39:16.007: notice: end of run: 0 errors occured -2008-07-22 00:39:31.578: notice: ------------------------------------------------------------ -2008-07-22 00:39:31.578: notice: running ../../dnssec-signer -r -f -v -v -2008-07-22 00:39:31.580: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-07-22 00:39:31.580: debug: Check RFC5011 status -2008-07-22 00:39:31.580: debug: ->ksk5011status returns 0 -2008-07-22 00:39:31.580: debug: Check KSK status -2008-07-22 00:39:31.581: debug: Check ZSK status -2008-07-22 00:39:31.581: debug: Re-signing necessary: Option -f -2008-07-22 00:39:31.581: notice: "sub.example.net.": re-signing triggered: Option -f -2008-07-22 00:39:31.581: debug: Writing key file "./sub.example.net./dnskey.db" -2008-07-22 00:39:31.581: debug: Signing zone "sub.example.net." -2008-07-22 00:39:31.582: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" -2008-07-22 00:39:32.216: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-22 00:39:32.216: debug: Signing completed after 1s. -2008-07-22 00:39:32.216: notice: "sub.example.net.": distribution triggered -2008-07-22 00:39:32.216: debug: Distribute zone "sub.example.net." -2008-07-22 00:39:32.217: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" -2008-07-22 00:39:32.223: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./" -2008-07-22 00:39:32.223: debug: -2008-07-22 00:39:32.223: debug: parsing zone "example.net." in dir "./example.net." -2008-07-22 00:39:32.223: debug: Check RFC5011 status -2008-07-22 00:39:32.223: debug: ->ksk5011status returns 2 -2008-07-22 00:39:32.223: debug: Check ZSK status -2008-07-22 00:39:32.223: debug: Re-signing necessary: Option -f -2008-07-22 00:39:32.223: notice: "example.net.": re-signing triggered: Option -f -2008-07-22 00:39:32.223: debug: Writing key file "./example.net./dnskey.db" -2008-07-22 00:39:32.224: debug: Incrementing serial number in file "./example.net./zone.db" -2008-07-22 00:39:32.224: debug: Signing zone "example.net." -2008-07-22 00:39:32.225: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" -2008-07-22 00:39:32.360: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-22 00:39:32.361: debug: Signing completed after 0s. -2008-07-22 00:39:32.361: notice: "example.net.": distribution triggered -2008-07-22 00:39:32.361: debug: Distribute zone "example.net." -2008-07-22 00:39:32.361: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" -2008-07-22 00:39:32.367: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./" -2008-07-22 00:39:32.367: debug: -2008-07-22 00:39:32.367: notice: end of run: 0 errors occured -2008-07-22 00:41:53.710: notice: ------------------------------------------------------------ -2008-07-22 00:41:53.710: notice: running ../../dnssec-signer -r -f -v -v -2008-07-22 00:41:53.712: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-07-22 00:41:53.712: debug: Check RFC5011 status -2008-07-22 00:41:53.712: debug: ->ksk5011status returns 0 -2008-07-22 00:41:53.712: debug: Check KSK status -2008-07-22 00:41:53.712: debug: Check ZSK status -2008-07-22 00:41:53.712: debug: Re-signing necessary: Option -f -2008-07-22 00:41:53.712: notice: "sub.example.net.": re-signing triggered: Option -f -2008-07-22 00:41:53.712: debug: Writing key file "./sub.example.net./dnskey.db" -2008-07-22 00:41:53.712: debug: Signing zone "sub.example.net." -2008-07-22 00:41:53.713: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" -2008-07-22 00:41:53.866: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-22 00:41:53.866: debug: Signing completed after 0s. -2008-07-22 00:41:53.866: notice: "sub.example.net.": distribution triggered -2008-07-22 00:41:53.866: debug: Distribute zone "sub.example.net." -2008-07-22 00:41:53.867: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" -2008-07-22 00:41:53.873: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./" -2008-07-22 00:41:53.873: debug: -2008-07-22 00:41:53.873: debug: parsing zone "example.net." in dir "./example.net." -2008-07-22 00:41:53.873: debug: Check RFC5011 status -2008-07-22 00:41:53.873: debug: ->ksk5011status returns 2 -2008-07-22 00:41:53.873: debug: Check ZSK status -2008-07-22 00:41:53.873: debug: Re-signing necessary: Option -f -2008-07-22 00:41:53.873: notice: "example.net.": re-signing triggered: Option -f -2008-07-22 00:41:53.873: debug: Writing key file "./example.net./dnskey.db" -2008-07-22 00:41:53.873: debug: Incrementing serial number in file "./example.net./zone.db" -2008-07-22 00:41:53.873: debug: Signing zone "example.net." -2008-07-22 00:41:53.873: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" -2008-07-22 00:41:53.989: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-22 00:41:53.989: debug: Signing completed after 0s. -2008-07-22 00:41:53.989: notice: "example.net.": distribution triggered -2008-07-22 00:41:53.989: debug: Distribute zone "example.net." -2008-07-22 00:41:53.989: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" -2008-07-22 00:41:53.995: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./" -2008-07-22 00:41:53.995: debug: -2008-07-22 00:41:53.995: notice: end of run: 0 errors occured -2008-07-22 00:45:46.509: notice: ------------------------------------------------------------ -2008-07-22 00:45:46.509: notice: running ../../dnssec-signer -r -f -v -v -2008-07-22 00:45:46.511: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-07-22 00:45:46.512: debug: Check RFC5011 status -2008-07-22 00:45:46.512: debug: ->ksk5011status returns 0 -2008-07-22 00:45:46.512: debug: Check KSK status -2008-07-22 00:45:46.512: debug: Check ZSK status -2008-07-22 00:45:46.512: debug: Re-signing necessary: Option -f -2008-07-22 00:45:46.512: notice: "sub.example.net.": re-signing triggered: Option -f -2008-07-22 00:45:46.512: debug: Writing key file "./sub.example.net./dnskey.db" -2008-07-22 00:45:46.513: debug: Signing zone "sub.example.net." -2008-07-22 00:45:46.513: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" -2008-07-22 00:45:46.734: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-22 00:45:46.734: debug: Signing completed after 0s. -2008-07-22 00:45:46.734: notice: "sub.example.net.": distribution triggered -2008-07-22 00:45:46.734: debug: Distribute zone "sub.example.net." -2008-07-22 00:45:46.734: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" -2008-07-22 00:45:46.740: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./" -2008-07-22 00:45:46.740: debug: -2008-07-22 00:45:46.740: debug: parsing zone "example.net." in dir "./example.net." -2008-07-22 00:45:46.740: debug: Check RFC5011 status -2008-07-22 00:45:46.741: debug: ->ksk5011status returns 2 -2008-07-22 00:45:46.741: debug: Check ZSK status -2008-07-22 00:45:46.741: debug: Re-signing necessary: Option -f -2008-07-22 00:45:46.741: notice: "example.net.": re-signing triggered: Option -f -2008-07-22 00:45:46.741: debug: Writing key file "./example.net./dnskey.db" -2008-07-22 00:45:46.742: debug: Incrementing serial number in file "./example.net./zone.db" -2008-07-22 00:45:46.742: debug: Signing zone "example.net." -2008-07-22 00:45:46.742: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" -2008-07-22 00:45:47.013: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-22 00:45:47.013: debug: Signing completed after 1s. -2008-07-22 00:45:47.013: notice: "example.net.": distribution triggered -2008-07-22 00:45:47.013: debug: Distribute zone "example.net." -2008-07-22 00:45:47.013: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" -2008-07-22 00:45:47.019: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./" -2008-07-22 00:45:47.019: debug: -2008-07-22 00:45:47.019: notice: end of run: 0 errors occured -2008-07-22 00:48:02.761: notice: ------------------------------------------------------------ -2008-07-22 00:48:02.761: notice: running ../../dnssec-signer -r -f -v -v -2008-07-22 00:48:02.763: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-07-22 00:48:02.763: debug: Check RFC5011 status -2008-07-22 00:48:02.763: debug: ->ksk5011status returns 0 -2008-07-22 00:48:02.763: debug: Check KSK status -2008-07-22 00:48:02.763: debug: Check ZSK status -2008-07-22 00:48:02.763: debug: Re-signing necessary: Option -f -2008-07-22 00:48:02.763: notice: "sub.example.net.": re-signing triggered: Option -f -2008-07-22 00:48:02.763: debug: Writing key file "./sub.example.net./dnskey.db" -2008-07-22 00:48:02.763: debug: Signing zone "sub.example.net." -2008-07-22 00:48:02.763: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" -2008-07-22 00:48:02.907: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-22 00:48:02.907: debug: Signing completed after 0s. -2008-07-22 00:48:02.907: notice: "sub.example.net.": distribution triggered -2008-07-22 00:48:02.907: debug: Distribute zone "sub.example.net." -2008-07-22 00:48:02.907: debug: -2008-07-22 00:48:02.907: debug: parsing zone "example.net." in dir "./example.net." -2008-07-22 00:48:02.907: debug: Check RFC5011 status -2008-07-22 00:48:02.907: debug: ->ksk5011status returns 2 -2008-07-22 00:48:02.907: debug: Check ZSK status -2008-07-22 00:48:02.907: debug: Re-signing necessary: Option -f -2008-07-22 00:48:02.907: notice: "example.net.": re-signing triggered: Option -f -2008-07-22 00:48:02.907: debug: Writing key file "./example.net./dnskey.db" -2008-07-22 00:48:02.908: debug: Incrementing serial number in file "./example.net./zone.db" -2008-07-22 00:48:02.908: debug: Signing zone "example.net." -2008-07-22 00:48:02.908: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" -2008-07-22 00:48:03.029: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-22 00:48:03.029: debug: Signing completed after 1s. -2008-07-22 00:48:03.029: notice: "example.net.": distribution triggered -2008-07-22 00:48:03.029: debug: Distribute zone "example.net." -2008-07-22 00:48:03.029: debug: -2008-07-22 00:48:03.029: notice: end of run: 0 errors occured -2008-07-22 00:48:56.098: notice: ------------------------------------------------------------ -2008-07-22 00:48:56.098: notice: running ../../dnssec-signer -r -f -v -v -2008-07-22 00:48:56.100: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-07-22 00:48:56.101: debug: Check RFC5011 status -2008-07-22 00:48:56.101: debug: ->ksk5011status returns 0 -2008-07-22 00:48:56.101: debug: Check KSK status -2008-07-22 00:48:56.101: debug: Check ZSK status -2008-07-22 00:48:56.101: debug: Re-signing necessary: Option -f -2008-07-22 00:48:56.101: notice: "sub.example.net.": re-signing triggered: Option -f -2008-07-22 00:48:56.101: debug: Writing key file "./sub.example.net./dnskey.db" -2008-07-22 00:48:56.102: debug: Signing zone "sub.example.net." -2008-07-22 00:48:56.102: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" -2008-07-22 00:48:56.244: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-22 00:48:56.244: debug: Signing completed after 0s. -2008-07-22 00:48:56.244: notice: "sub.example.net.": distribution triggered -2008-07-22 00:48:56.244: debug: Distribute zone "sub.example.net." -2008-07-22 00:48:56.245: debug: -2008-07-22 00:48:56.245: debug: parsing zone "example.net." in dir "./example.net." -2008-07-22 00:48:56.245: debug: Check RFC5011 status -2008-07-22 00:48:56.245: debug: ->ksk5011status returns 2 -2008-07-22 00:48:56.245: debug: Check ZSK status -2008-07-22 00:48:56.245: debug: Re-signing necessary: Option -f -2008-07-22 00:48:56.245: notice: "example.net.": re-signing triggered: Option -f -2008-07-22 00:48:56.246: debug: Writing key file "./example.net./dnskey.db" -2008-07-22 00:48:56.246: debug: Incrementing serial number in file "./example.net./zone.db" -2008-07-22 00:48:56.246: debug: Signing zone "example.net." -2008-07-22 00:48:56.247: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" -2008-07-22 00:48:56.367: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-22 00:48:56.367: debug: Signing completed after 0s. -2008-07-22 00:48:56.367: notice: "example.net.": distribution triggered -2008-07-22 00:48:56.367: debug: Distribute zone "example.net." -2008-07-22 00:48:56.367: debug: -2008-07-22 00:48:56.367: notice: end of run: 0 errors occured -2008-07-22 08:07:30.993: notice: ------------------------------------------------------------ -2008-07-22 08:07:30.993: notice: running ../../dnssec-signer -r -f -v -v -2008-07-22 08:07:30.995: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-07-22 08:07:30.995: debug: Check RFC5011 status -2008-07-22 08:07:30.995: debug: ->ksk5011status returns 0 -2008-07-22 08:07:30.995: debug: Check KSK status -2008-07-22 08:07:30.995: debug: Check ZSK status -2008-07-22 08:07:30.995: debug: Re-signing necessary: Option -f -2008-07-22 08:07:30.996: notice: "sub.example.net.": re-signing triggered: Option -f -2008-07-22 08:07:30.996: debug: Writing key file "./sub.example.net./dnskey.db" -2008-07-22 08:07:30.996: debug: Signing zone "sub.example.net." -2008-07-22 08:07:30.996: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" -2008-07-22 08:07:31.454: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-22 08:07:31.454: debug: Signing completed after 1s. -2008-07-22 08:07:31.454: notice: "sub.example.net.": distribution triggered -2008-07-22 08:07:31.454: debug: Distribute zone "sub.example.net." -2008-07-22 08:07:31.454: debug: -2008-07-22 08:07:31.454: debug: parsing zone "example.net." in dir "./example.net." -2008-07-22 08:07:31.454: debug: Check RFC5011 status -2008-07-22 08:07:31.454: debug: ->ksk5011status returns 2 -2008-07-22 08:07:31.454: debug: Check ZSK status -2008-07-22 08:07:31.454: debug: Re-signing necessary: Option -f -2008-07-22 08:07:31.454: notice: "example.net.": re-signing triggered: Option -f -2008-07-22 08:07:31.454: debug: Writing key file "./example.net./dnskey.db" -2008-07-22 08:07:31.454: debug: Incrementing serial number in file "./example.net./zone.db" -2008-07-22 08:07:31.454: debug: Signing zone "example.net." -2008-07-22 08:07:31.455: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" -2008-07-22 08:07:31.588: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-22 08:07:31.589: debug: Signing completed after 0s. -2008-07-22 08:07:31.589: notice: "example.net.": distribution triggered -2008-07-22 08:07:31.589: debug: Distribute zone "example.net." -2008-07-22 08:07:31.589: debug: -2008-07-22 08:07:31.589: notice: end of run: 0 errors occured -2008-07-22 08:08:09.237: notice: ------------------------------------------------------------ -2008-07-22 08:08:09.237: notice: running ../../dnssec-signer -r -f -v -v -2008-07-22 08:08:09.239: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-07-22 08:08:09.239: debug: Check RFC5011 status -2008-07-22 08:08:09.239: debug: ->ksk5011status returns 0 -2008-07-22 08:08:09.239: debug: Check KSK status -2008-07-22 08:08:09.239: debug: Check ZSK status -2008-07-22 08:08:09.239: debug: Re-signing necessary: Option -f -2008-07-22 08:08:09.239: notice: "sub.example.net.": re-signing triggered: Option -f -2008-07-22 08:08:09.239: debug: Writing key file "./sub.example.net./dnskey.db" -2008-07-22 08:08:09.240: debug: Signing zone "sub.example.net." -2008-07-22 08:08:09.240: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" -2008-07-22 08:08:09.506: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-22 08:08:09.507: debug: Signing completed after 0s. -2008-07-22 08:08:09.507: notice: "sub.example.net.": distribution triggered -2008-07-22 08:08:09.507: debug: Distribute zone "sub.example.net." -2008-07-22 08:10:10.328: notice: ------------------------------------------------------------ -2008-07-22 08:10:10.328: notice: running ../../dnssec-signer -r -f -v -v -2008-07-22 08:10:10.330: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-07-22 08:10:10.330: debug: Check RFC5011 status -2008-07-22 08:10:10.330: debug: ->ksk5011status returns 0 -2008-07-22 08:10:10.330: debug: Check KSK status -2008-07-22 08:10:10.330: debug: Check ZSK status -2008-07-22 08:10:10.330: debug: Re-signing necessary: Option -f -2008-07-22 08:10:10.330: notice: "sub.example.net.": re-signing triggered: Option -f -2008-07-22 08:10:10.330: debug: Writing key file "./sub.example.net./dnskey.db" -2008-07-22 08:10:10.331: debug: Signing zone "sub.example.net." -2008-07-22 08:10:10.331: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" -2008-07-22 08:10:10.950: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-22 08:10:10.950: debug: Signing completed after 0s. -2008-07-22 08:10:10.950: notice: "sub.example.net.": distribution triggered -2008-07-22 08:10:10.950: debug: Distribute zone "sub.example.net." -2008-07-22 08:11:17.247: notice: ------------------------------------------------------------ -2008-07-22 08:11:17.247: notice: running ../../dnssec-signer -r -f -v -v -2008-07-22 08:11:17.249: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-07-22 08:11:17.250: debug: Check RFC5011 status -2008-07-22 08:11:17.250: debug: ->ksk5011status returns 0 -2008-07-22 08:11:17.250: debug: Check KSK status -2008-07-22 08:11:17.250: debug: Check ZSK status -2008-07-22 08:11:17.250: debug: Re-signing necessary: Option -f -2008-07-22 08:11:17.250: notice: "sub.example.net.": re-signing triggered: Option -f -2008-07-22 08:11:17.250: debug: Writing key file "./sub.example.net./dnskey.db" -2008-07-22 08:11:17.251: debug: Signing zone "sub.example.net." -2008-07-22 08:11:17.251: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" -2008-07-22 08:11:17.883: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-22 08:11:17.883: debug: Signing completed after 0s. -2008-07-22 08:11:17.883: notice: "sub.example.net.": distribution triggered -2008-07-22 08:11:17.883: debug: Distribute zone "sub.example.net." -2008-07-22 08:11:17.883: debug: -2008-07-22 08:11:17.883: debug: parsing zone "example.net." in dir "./example.net." -2008-07-22 08:11:17.884: debug: Check RFC5011 status -2008-07-22 08:11:17.884: debug: ->ksk5011status returns 2 -2008-07-22 08:11:17.884: debug: Check ZSK status -2008-07-22 08:11:17.884: debug: Re-signing necessary: Option -f -2008-07-22 08:11:17.884: notice: "example.net.": re-signing triggered: Option -f -2008-07-22 08:11:17.884: debug: Writing key file "./example.net./dnskey.db" -2008-07-22 08:11:17.884: debug: Incrementing serial number in file "./example.net./zone.db" -2008-07-22 08:11:17.884: debug: Signing zone "example.net." -2008-07-22 08:11:17.884: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" -2008-07-22 08:11:18.005: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-22 08:11:18.005: debug: Signing completed after 1s. -2008-07-22 08:11:18.006: notice: "example.net.": distribution triggered -2008-07-22 08:11:18.006: debug: Distribute zone "example.net." -2008-07-22 08:11:18.006: debug: -2008-07-22 08:11:18.006: notice: end of run: 0 errors occured -2008-07-24 00:13:56.493: notice: ------------------------------------------------------------ -2008-07-24 00:13:56.493: notice: running ../../dnssec-signer -v -v -2008-07-24 00:13:56.495: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-07-24 00:13:56.495: debug: Check RFC5011 status -2008-07-24 00:13:56.495: debug: ->ksk5011status returns 0 -2008-07-24 00:13:56.495: debug: Check KSK status -2008-07-24 00:13:56.495: debug: Check ZSK status -2008-07-24 00:13:56.495: debug: Re-signing necessary: re-signing interval (1d) reached -2008-07-24 00:13:56.495: notice: "sub.example.net.": re-signing triggered: re-signing interval (1d) reached -2008-07-24 00:13:56.495: debug: Writing key file "./sub.example.net./dnskey.db" -2008-07-24 00:13:56.495: debug: Signing zone "sub.example.net." -2008-07-24 00:13:56.495: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" -2008-07-24 00:13:57.439: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-24 00:13:57.439: debug: Signing completed after 1s. -2008-07-24 00:13:57.439: debug: -2008-07-24 00:13:57.439: debug: parsing zone "example.net." in dir "./example.net." -2008-07-24 00:13:57.439: debug: Check RFC5011 status -2008-07-24 00:13:57.439: debug: ->ksk5011status returns 2 -2008-07-24 00:13:57.439: debug: Check ZSK status -2008-07-24 00:13:57.440: debug: Lifetime(1209600 +/-150 sec) of active key 16682 exceeded (1309537 sec) -2008-07-24 00:13:57.440: debug: ->depreciate it -2008-07-24 00:13:57.440: debug: ->activate published key 41300 -2008-07-24 00:13:57.440: notice: "example.net.": lifetime of zone signing key 16682 exceeded: ZSK rollover done -2008-07-24 00:13:57.440: debug: Re-signing necessary: New zone key -2008-07-24 00:13:57.440: notice: "example.net.": re-signing triggered: New zone key -2008-07-24 00:13:57.441: debug: Writing key file "./example.net./dnskey.db" -2008-07-24 00:13:57.441: debug: Incrementing serial number in file "./example.net./zone.db" -2008-07-24 00:13:57.441: debug: Signing zone "example.net." -2008-07-24 00:13:57.442: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" -2008-07-24 00:13:57.562: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-24 00:13:57.562: debug: Signing completed after 0s. -2008-07-24 00:13:57.562: debug: -2008-07-24 00:13:57.562: notice: end of run: 0 errors occured -2008-07-24 00:14:08.862: notice: ------------------------------------------------------------ -2008-07-24 00:14:08.862: notice: running ../../dnssec-signer -r -v -v -2008-07-24 00:14:08.864: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-07-24 00:14:08.864: debug: Check RFC5011 status -2008-07-24 00:14:08.864: debug: ->ksk5011status returns 0 -2008-07-24 00:14:08.864: debug: Check KSK status -2008-07-24 00:14:08.864: debug: Check ZSK status -2008-07-24 00:14:08.864: debug: Re-signing not necessary! -2008-07-24 00:14:08.864: debug: Check if there is a parent file to copy -2008-07-24 00:14:08.864: debug: -2008-07-24 00:14:08.864: debug: parsing zone "example.net." in dir "./example.net." -2008-07-24 00:14:08.864: debug: Check RFC5011 status -2008-07-24 00:14:08.864: debug: ->ksk5011status returns 2 -2008-07-24 00:14:08.864: debug: Check ZSK status -2008-07-24 00:14:08.864: debug: Re-signing not necessary! -2008-07-24 00:14:08.864: debug: Check if there is a parent file to copy -2008-07-24 00:14:08.864: debug: -2008-07-24 00:14:08.864: notice: end of run: 0 errors occured -2008-07-24 00:14:12.963: notice: ------------------------------------------------------------ -2008-07-24 00:14:12.963: notice: running ../../dnssec-signer -r -f -v -v -2008-07-24 00:14:12.965: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-07-24 00:14:12.965: debug: Check RFC5011 status -2008-07-24 00:14:12.965: debug: ->ksk5011status returns 0 -2008-07-24 00:14:12.965: debug: Check KSK status -2008-07-24 00:14:12.965: debug: Check ZSK status -2008-07-24 00:14:12.965: debug: Re-signing necessary: Option -f -2008-07-24 00:14:12.965: notice: "sub.example.net.": re-signing triggered: Option -f -2008-07-24 00:14:12.966: debug: Writing key file "./sub.example.net./dnskey.db" -2008-07-24 00:14:12.966: debug: Signing zone "sub.example.net." -2008-07-24 00:14:12.966: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" -2008-07-24 00:14:13.488: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-24 00:14:13.488: debug: Signing completed after 1s. -2008-07-24 00:14:13.488: error: exec of distribution command Ìö÷¿ forbidden due to strange file mode settings -2008-07-24 00:14:13.488: debug: -2008-07-24 00:14:13.488: debug: parsing zone "example.net." in dir "./example.net." -2008-07-24 00:14:13.488: debug: Check RFC5011 status -2008-07-24 00:14:13.488: debug: ->ksk5011status returns 2 -2008-07-24 00:14:13.488: debug: Check ZSK status -2008-07-24 00:14:13.488: debug: Re-signing necessary: Option -f -2008-07-24 00:14:13.488: notice: "example.net.": re-signing triggered: Option -f -2008-07-24 00:14:13.488: debug: Writing key file "./example.net./dnskey.db" -2008-07-24 00:14:13.489: debug: Incrementing serial number in file "./example.net./zone.db" -2008-07-24 00:14:13.489: debug: Signing zone "example.net." -2008-07-24 00:14:13.489: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" -2008-07-24 00:14:13.601: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-24 00:14:13.601: debug: Signing completed after 0s. -2008-07-24 00:14:13.601: error: exec of distribution command Ìö÷¿ forbidden due to strange file mode settings -2008-07-24 00:14:13.602: debug: -2008-07-24 00:14:13.602: notice: end of run: 2 errors occured -2008-07-24 00:15:38.304: notice: ------------------------------------------------------------ -2008-07-24 00:15:38.304: notice: running ../../dnssec-signer -f -v -v -2008-07-24 00:15:38.306: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-07-24 00:15:38.306: debug: Check RFC5011 status -2008-07-24 00:15:38.307: debug: ->ksk5011status returns 0 -2008-07-24 00:15:38.307: debug: Check KSK status -2008-07-24 00:15:38.307: debug: Check ZSK status -2008-07-24 00:15:38.307: debug: Re-signing necessary: Option -f -2008-07-24 00:15:38.307: notice: "sub.example.net.": re-signing triggered: Option -f -2008-07-24 00:15:38.307: debug: Writing key file "./sub.example.net./dnskey.db" -2008-07-24 00:15:38.308: debug: Signing zone "sub.example.net." -2008-07-24 00:15:38.308: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" -2008-07-24 00:15:39.280: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-24 00:15:39.280: debug: Signing completed after 1s. -2008-07-24 00:15:39.281: debug: -2008-07-24 00:15:39.281: debug: parsing zone "example.net." in dir "./example.net." -2008-07-24 00:15:39.281: debug: Check RFC5011 status -2008-07-24 00:15:39.281: debug: ->ksk5011status returns 2 -2008-07-24 00:15:39.281: debug: Check ZSK status -2008-07-24 00:15:39.281: debug: Re-signing necessary: Option -f -2008-07-24 00:15:39.281: notice: "example.net.": re-signing triggered: Option -f -2008-07-24 00:15:39.281: debug: Writing key file "./example.net./dnskey.db" -2008-07-24 00:15:39.282: debug: Incrementing serial number in file "./example.net./zone.db" -2008-07-24 00:15:39.282: debug: Signing zone "example.net." -2008-07-24 00:15:39.282: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" -2008-07-24 00:15:39.402: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-24 00:15:39.402: debug: Signing completed after 0s. -2008-07-24 00:15:39.403: debug: -2008-07-24 00:15:39.403: notice: end of run: 0 errors occured -2008-07-24 00:18:59.568: notice: ------------------------------------------------------------ -2008-07-24 00:18:59.568: notice: running ../../dnssec-signer -r -f -v -v -2008-07-24 00:18:59.570: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-07-24 00:18:59.573: debug: Check RFC5011 status -2008-07-24 00:18:59.573: debug: ->ksk5011status returns 0 -2008-07-24 00:18:59.573: debug: Check KSK status -2008-07-24 00:18:59.573: debug: Check ZSK status -2008-07-24 00:18:59.573: debug: Re-signing necessary: Option -f -2008-07-24 00:18:59.573: notice: "sub.example.net.": re-signing triggered: Option -f -2008-07-24 00:18:59.573: debug: Writing key file "./sub.example.net./dnskey.db" -2008-07-24 00:18:59.573: debug: Signing zone "sub.example.net." -2008-07-24 00:18:59.573: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" -2008-07-24 00:19:00.167: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-24 00:19:00.167: debug: Signing completed after 1s. -2008-07-24 00:19:00.168: error: exec of distribution command ./dist.sh forbidden due to strange file mode settings -2008-07-24 00:19:00.168: debug: -2008-07-24 00:19:00.168: debug: parsing zone "example.net." in dir "./example.net." -2008-07-24 00:19:00.168: debug: Check RFC5011 status -2008-07-24 00:19:00.168: debug: ->ksk5011status returns 2 -2008-07-24 00:19:00.168: debug: Check ZSK status -2008-07-24 00:19:00.168: debug: Re-signing necessary: Option -f -2008-07-24 00:19:00.168: notice: "example.net.": re-signing triggered: Option -f -2008-07-24 00:19:00.168: debug: Writing key file "./example.net./dnskey.db" -2008-07-24 00:19:00.169: debug: Incrementing serial number in file "./example.net./zone.db" -2008-07-24 00:19:00.169: debug: Signing zone "example.net." -2008-07-24 00:19:00.169: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" -2008-07-24 00:19:00.280: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-24 00:19:00.280: debug: Signing completed after 0s. -2008-07-24 00:19:00.280: error: exec of distribution command ./dist.sh forbidden due to strange file mode settings -2008-07-24 00:19:00.280: debug: -2008-07-24 00:19:00.280: notice: end of run: 2 errors occured -2008-07-24 00:22:24.567: notice: ------------------------------------------------------------ -2008-07-24 00:22:24.567: notice: running ../../dnssec-signer -r -f -v -v -2008-07-24 00:22:24.569: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-07-24 00:22:24.569: debug: Check RFC5011 status -2008-07-24 00:22:24.569: debug: ->ksk5011status returns 0 -2008-07-24 00:22:24.569: debug: Check KSK status -2008-07-24 00:22:24.570: debug: Check ZSK status -2008-07-24 00:22:24.570: debug: Re-signing necessary: Option -f -2008-07-24 00:22:24.570: notice: "sub.example.net.": re-signing triggered: Option -f -2008-07-24 00:22:24.570: debug: Writing key file "./sub.example.net./dnskey.db" -2008-07-24 00:22:24.570: debug: Signing zone "sub.example.net." -2008-07-24 00:22:24.571: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" -2008-07-24 00:22:25.147: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-24 00:22:25.148: debug: Signing completed after 1s. -2008-07-24 00:22:25.148: error: exec of distribution command ./dist.sh forbidden due to strange file mode settings -2008-07-24 00:22:25.148: debug: not running distribution command ./dist.sh because of strange file mode settings -2008-07-24 00:22:25.148: debug: -2008-07-24 00:22:25.148: debug: parsing zone "example.net." in dir "./example.net." -2008-07-24 00:22:25.148: debug: Check RFC5011 status -2008-07-24 00:22:25.148: debug: ->ksk5011status returns 2 -2008-07-24 00:22:25.148: debug: Check ZSK status -2008-07-24 00:22:25.149: debug: Re-signing necessary: Option -f -2008-07-24 00:22:25.149: notice: "example.net.": re-signing triggered: Option -f -2008-07-24 00:22:25.149: debug: Writing key file "./example.net./dnskey.db" -2008-07-24 00:22:25.150: debug: Incrementing serial number in file "./example.net./zone.db" -2008-07-24 00:22:25.150: debug: Signing zone "example.net." -2008-07-24 00:22:25.150: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" -2008-07-24 00:22:25.271: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-24 00:22:25.271: debug: Signing completed after 0s. -2008-07-24 00:22:25.271: error: exec of distribution command ./dist.sh forbidden due to strange file mode settings -2008-07-24 00:22:25.271: debug: not running distribution command ./dist.sh because of strange file mode settings -2008-07-24 00:22:25.271: debug: -2008-07-24 00:22:25.271: notice: end of run: 2 errors occured -2008-07-24 00:23:08.907: notice: ------------------------------------------------------------ -2008-07-24 00:23:08.907: notice: running ../../dnssec-signer -r -f -v -v -2008-07-24 00:23:08.909: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-07-24 00:23:08.909: debug: Check RFC5011 status -2008-07-24 00:23:08.909: debug: ->ksk5011status returns 0 -2008-07-24 00:23:08.909: debug: Check KSK status -2008-07-24 00:23:08.909: debug: Check ZSK status -2008-07-24 00:23:08.909: debug: Re-signing necessary: Option -f -2008-07-24 00:23:08.909: notice: "sub.example.net.": re-signing triggered: Option -f -2008-07-24 00:23:08.909: debug: Writing key file "./sub.example.net./dnskey.db" -2008-07-24 00:23:08.910: debug: Signing zone "sub.example.net." -2008-07-24 00:23:08.910: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" -2008-07-24 00:23:09.510: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-24 00:23:09.510: debug: Signing completed after 1s. -2008-07-24 00:23:09.511: notice: "sub.example.net.": distribution triggered -2008-07-24 00:23:09.511: debug: Distribute zone "sub.example.net." -2008-07-24 00:23:09.511: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" -2008-07-24 00:23:09.517: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./" -2008-07-24 00:23:09.517: debug: -2008-07-24 00:23:09.517: debug: parsing zone "example.net." in dir "./example.net." -2008-07-24 00:23:09.517: debug: Check RFC5011 status -2008-07-24 00:23:09.517: debug: ->ksk5011status returns 2 -2008-07-24 00:23:09.517: debug: Check ZSK status -2008-07-24 00:23:09.517: debug: Re-signing necessary: Option -f -2008-07-24 00:23:09.517: notice: "example.net.": re-signing triggered: Option -f -2008-07-24 00:23:09.517: debug: Writing key file "./example.net./dnskey.db" -2008-07-24 00:23:09.518: debug: Incrementing serial number in file "./example.net./zone.db" -2008-07-24 00:23:09.518: debug: Signing zone "example.net." -2008-07-24 00:23:09.518: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" -2008-07-24 00:23:09.633: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-24 00:23:09.633: debug: Signing completed after 0s. -2008-07-24 00:23:09.634: notice: "example.net.": distribution triggered -2008-07-24 00:23:09.634: debug: Distribute zone "example.net." -2008-07-24 00:23:09.634: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" -2008-07-24 00:23:09.640: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./" -2008-07-24 00:23:09.640: debug: -2008-07-24 00:23:09.640: notice: end of run: 0 errors occured -2008-07-24 00:33:30.818: notice: ------------------------------------------------------------ -2008-07-24 00:33:30.818: notice: running ../../dnssec-signer -r -f -v -v -2008-07-24 00:33:30.820: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-07-24 00:33:30.820: debug: Check RFC5011 status -2008-07-24 00:33:30.821: debug: ->ksk5011status returns 0 -2008-07-24 00:33:30.821: debug: Check KSK status -2008-07-24 00:33:30.821: debug: Check ZSK status -2008-07-24 00:33:30.821: debug: Re-signing necessary: Option -f -2008-07-24 00:33:30.821: notice: "sub.example.net.": re-signing triggered: Option -f -2008-07-24 00:33:30.821: debug: Writing key file "./sub.example.net./dnskey.db" -2008-07-24 00:33:30.822: debug: Signing zone "sub.example.net." -2008-07-24 00:33:30.822: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" -2008-07-24 00:33:31.320: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-24 00:33:31.320: debug: Signing completed after 1s. -2008-07-24 00:33:31.320: error: exec of distribution command ./dist.sh forbidden due to running as root -2008-07-24 00:33:31.320: debug: Not running distribution command ./dist.sh as root -2008-07-24 00:33:31.320: debug: -2008-07-24 00:33:31.320: debug: parsing zone "example.net." in dir "./example.net." -2008-07-24 00:33:31.320: debug: Check RFC5011 status -2008-07-24 00:33:31.320: debug: ->ksk5011status returns 2 -2008-07-24 00:33:31.320: debug: Check ZSK status -2008-07-24 00:33:31.320: debug: Re-signing necessary: Option -f -2008-07-24 00:33:31.320: notice: "example.net.": re-signing triggered: Option -f -2008-07-24 00:33:31.320: debug: Writing key file "./example.net./dnskey.db" -2008-07-24 00:33:31.321: debug: Incrementing serial number in file "./example.net./zone.db" -2008-07-24 00:33:31.321: debug: Signing zone "example.net." -2008-07-24 00:33:31.321: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" -2008-07-24 00:33:31.443: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-24 00:33:31.443: debug: Signing completed after 0s. -2008-07-24 00:33:31.443: error: exec of distribution command ./dist.sh forbidden due to running as root -2008-07-24 00:33:31.443: debug: Not running distribution command ./dist.sh as root -2008-07-24 00:33:31.443: debug: -2008-07-24 00:33:31.443: notice: end of run: 2 errors occured -2008-07-24 23:21:55.189: notice: ------------------------------------------------------------ -2008-07-24 23:21:55.189: notice: running ../../dnssec-signer -r -v -v -2008-07-24 23:21:55.196: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-07-24 23:21:55.196: debug: Check RFC5011 status -2008-07-24 23:21:55.196: debug: ->not a rfc5011 zone, looking for a regular ksk rollover -2008-07-24 23:21:55.196: debug: Check KSK status -2008-07-24 23:21:55.196: debug: Check ZSK status -2008-07-24 23:21:55.196: debug: Re-signing not necessary! -2008-07-24 23:21:55.196: debug: Check if there is a parent file to copy -2008-07-24 23:21:55.196: debug: -2008-07-24 23:21:55.196: debug: parsing zone "example.net." in dir "./example.net." -2008-07-24 23:21:55.196: debug: Check RFC5011 status -2008-07-24 23:21:55.196: debug: Check ZSK status -2008-07-24 23:21:55.196: debug: Lifetime(29100 sec) of depreciated key 16682 exceeded (83278 sec) -2008-07-24 23:21:55.196: info: "example.net.": old ZSK 16682 removed -2008-07-24 23:21:55.196: debug: ->remove it -2008-07-24 23:21:55.196: debug: Re-signing necessary: New zone key -2008-07-24 23:21:55.197: notice: "example.net.": re-signing triggered: New zone key -2008-07-24 23:21:55.197: debug: Writing key file "./example.net./dnskey.db" -2008-07-24 23:21:55.197: debug: Incrementing serial number in file "./example.net./zone.db" -2008-07-24 23:21:55.197: debug: Signing zone "example.net." -2008-07-24 23:21:55.197: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" -2008-07-24 23:21:55.873: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-24 23:21:55.873: debug: Signing completed after 0s. -2008-07-24 23:21:55.873: debug: Distribution command ./dist.sh not run as root -2008-07-24 23:21:55.873: error: exec of distribution command ./dist.sh suppressed because of security reasons -2008-07-24 23:21:55.873: debug: -2008-07-24 23:21:55.874: notice: end of run: 1 error occured -2008-07-24 23:23:06.278: notice: ------------------------------------------------------------ -2008-07-24 23:23:06.278: notice: running ../../dnssec-signer -r -v -v -2008-07-24 23:23:06.279: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-07-24 23:23:06.280: debug: Check RFC5011 status -2008-07-24 23:23:06.280: debug: ->not a rfc5011 zone, looking for a regular ksk rollover -2008-07-24 23:23:06.280: debug: Check KSK status -2008-07-24 23:23:06.280: debug: Check ZSK status -2008-07-24 23:23:06.280: debug: Re-signing not necessary! -2008-07-24 23:23:06.280: debug: Check if there is a parent file to copy -2008-07-24 23:23:06.280: debug: -2008-07-24 23:23:06.280: debug: parsing zone "example.net." in dir "./example.net." -2008-07-24 23:23:06.280: debug: Check RFC5011 status -2008-07-24 23:23:06.280: debug: Check ZSK status -2008-07-24 23:23:06.280: debug: Re-signing not necessary! -2008-07-24 23:23:06.280: debug: Check if there is a parent file to copy -2008-07-24 23:23:06.280: debug: -2008-07-24 23:23:06.280: notice: end of run: 0 errors occured -2008-07-24 23:25:21.930: notice: ------------------------------------------------------------ -2008-07-24 23:25:21.930: notice: running ../../dnssec-signer -r -v -v -2008-07-24 23:25:21.932: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-07-24 23:25:21.932: debug: Check RFC5011 status -2008-07-24 23:25:21.932: debug: ->not a rfc5011 zone, looking for a regular ksk rollover -2008-07-24 23:25:21.932: debug: Check KSK status -2008-07-24 23:25:21.932: debug: Check ZSK status -2008-07-24 23:25:21.932: debug: Re-signing not necessary! -2008-07-24 23:25:21.932: debug: Check if there is a parent file to copy -2008-07-24 23:25:21.932: debug: -2008-07-24 23:25:21.932: debug: parsing zone "example.net." in dir "./example.net." -2008-07-24 23:25:21.932: debug: Check RFC5011 status -2008-07-24 23:25:21.932: debug: Check ZSK status -2008-07-24 23:25:21.932: debug: Re-signing not necessary! -2008-07-24 23:25:21.932: debug: Check if there is a parent file to copy -2008-07-24 23:25:21.932: debug: -2008-07-24 23:25:21.932: notice: end of run: 0 errors occured -2008-07-24 23:25:39.009: notice: ------------------------------------------------------------ -2008-07-24 23:25:39.009: notice: running ../../dnssec-signer -f -r -v -v -2008-07-24 23:25:39.011: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-07-24 23:25:39.011: debug: Check RFC5011 status -2008-07-24 23:25:39.011: debug: ->not a rfc5011 zone, looking for a regular ksk rollover -2008-07-24 23:25:39.011: debug: Check KSK status -2008-07-24 23:25:39.011: debug: Check ZSK status -2008-07-24 23:25:39.011: debug: Re-signing necessary: Option -f -2008-07-24 23:25:39.011: notice: "sub.example.net.": re-signing triggered: Option -f -2008-07-24 23:25:39.011: debug: Writing key file "./sub.example.net./dnskey.db" -2008-07-24 23:25:39.011: debug: Signing zone "sub.example.net." -2008-07-24 23:25:39.012: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" -2008-07-24 23:25:39.591: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-24 23:25:39.591: debug: Signing completed after 0s. -2008-07-24 23:25:39.591: debug: Distribution command ./dist.sh not run as root -2008-07-24 23:25:39.591: error: exec of distribution command ./dist.sh suppressed because of security reasons -2008-07-24 23:25:39.592: debug: -2008-07-24 23:25:39.592: debug: parsing zone "example.net." in dir "./example.net." -2008-07-24 23:25:39.592: debug: Check RFC5011 status -2008-07-24 23:25:39.592: debug: Check ZSK status -2008-07-24 23:25:39.592: debug: Re-signing necessary: Option -f -2008-07-24 23:25:39.592: notice: "example.net.": re-signing triggered: Option -f -2008-07-24 23:25:39.592: debug: Writing key file "./example.net./dnskey.db" -2008-07-24 23:25:39.592: debug: Incrementing serial number in file "./example.net./zone.db" -2008-07-24 23:25:39.592: debug: Signing zone "example.net." -2008-07-24 23:25:39.592: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" -2008-07-24 23:25:39.703: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-24 23:25:39.703: debug: Signing completed after 0s. -2008-07-24 23:25:39.703: debug: Distribution command ./dist.sh not run as root -2008-07-24 23:25:39.703: error: exec of distribution command ./dist.sh suppressed because of security reasons -2008-07-24 23:25:39.703: debug: -2008-07-24 23:25:39.703: notice: end of run: 2 errors occured -2008-07-24 23:28:16.436: notice: ------------------------------------------------------------ -2008-07-24 23:28:16.436: notice: running ../../dnssec-signer -r -f -v -v -2008-07-24 23:28:16.438: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-07-24 23:28:16.438: debug: Check RFC5011 status -2008-07-24 23:28:16.438: debug: ->not a rfc5011 zone, looking for a regular ksk rollover -2008-07-24 23:28:16.438: debug: Check KSK status -2008-07-24 23:28:16.438: debug: Check ZSK status -2008-07-24 23:28:16.438: debug: Re-signing necessary: Option -f -2008-07-24 23:28:16.438: notice: "sub.example.net.": re-signing triggered: Option -f -2008-07-24 23:28:16.438: debug: Writing key file "./sub.example.net./dnskey.db" -2008-07-24 23:28:16.438: debug: Signing zone "sub.example.net." -2008-07-24 23:28:16.439: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" -2008-07-24 23:28:17.008: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-24 23:28:17.008: debug: Signing completed after 1s. -2008-07-24 23:28:17.009: notice: "sub.example.net.": distribution triggered -2008-07-24 23:28:17.009: debug: Distribute zone "sub.example.net." -2008-07-24 23:28:17.009: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" -2008-07-24 23:28:17.015: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./" -2008-07-24 23:28:17.015: debug: -2008-07-24 23:28:17.015: debug: parsing zone "example.net." in dir "./example.net." -2008-07-24 23:28:17.015: debug: Check RFC5011 status -2008-07-24 23:28:17.015: debug: Check ZSK status -2008-07-24 23:28:17.015: debug: Re-signing necessary: Option -f -2008-07-24 23:28:17.015: notice: "example.net.": re-signing triggered: Option -f -2008-07-24 23:28:17.015: debug: Writing key file "./example.net./dnskey.db" -2008-07-24 23:28:17.016: debug: Incrementing serial number in file "./example.net./zone.db" -2008-07-24 23:28:17.016: debug: Signing zone "example.net." -2008-07-24 23:28:17.016: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" -2008-07-24 23:28:17.132: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-24 23:28:17.132: debug: Signing completed after 0s. -2008-07-24 23:28:17.132: notice: "example.net.": distribution triggered -2008-07-24 23:28:17.132: debug: Distribute zone "example.net." -2008-07-24 23:28:17.132: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" -2008-07-24 23:28:17.138: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./" -2008-07-24 23:28:17.138: debug: -2008-07-24 23:28:17.138: notice: end of run: 0 errors occured -2008-07-24 23:31:17.354: notice: ------------------------------------------------------------ -2008-07-24 23:31:17.354: notice: running ../../dnssec-signer -r -f -v -v -2008-07-24 23:31:17.364: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-07-24 23:31:17.364: debug: Check RFC5011 status -2008-07-24 23:31:17.364: debug: ->not a rfc5011 zone, looking for a regular ksk rollover -2008-07-24 23:31:17.364: debug: Check KSK status -2008-07-24 23:31:17.364: debug: Check ZSK status -2008-07-24 23:31:17.364: debug: Re-signing necessary: Option -f -2008-07-24 23:31:17.364: notice: "sub.example.net.": re-signing triggered: Option -f -2008-07-24 23:31:17.364: debug: Writing key file "./sub.example.net./dnskey.db" -2008-07-24 23:31:17.364: debug: Signing zone "sub.example.net." -2008-07-24 23:31:17.364: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" -2008-07-24 23:31:18.032: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-24 23:31:18.032: debug: Signing completed after 1s. -2008-07-24 23:31:18.032: notice: "sub.example.net.": distribution triggered -2008-07-24 23:31:18.032: debug: Distribute zone "sub.example.net." -2008-07-24 23:31:18.032: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" -2008-07-24 23:31:18.039: debug: ./dist.sh reload return: "rndc reload " -2008-07-24 23:31:18.039: debug: -2008-07-24 23:31:18.039: debug: parsing zone "example.net." in dir "./example.net." -2008-07-24 23:31:18.039: debug: Check RFC5011 status -2008-07-24 23:31:18.039: debug: Check ZSK status -2008-07-24 23:31:18.039: debug: Re-signing necessary: Option -f -2008-07-24 23:31:18.039: notice: "example.net.": re-signing triggered: Option -f -2008-07-24 23:31:18.039: debug: Writing key file "./example.net./dnskey.db" -2008-07-24 23:31:18.040: debug: Incrementing serial number in file "./example.net./zone.db" -2008-07-24 23:31:18.040: debug: Signing zone "example.net." -2008-07-24 23:31:18.040: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" -2008-07-24 23:31:18.155: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-24 23:31:18.155: debug: Signing completed after 0s. -2008-07-24 23:31:18.155: notice: "example.net.": distribution triggered -2008-07-24 23:31:18.155: debug: Distribute zone "example.net." -2008-07-24 23:31:18.155: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" -2008-07-24 23:31:18.161: debug: ./dist.sh reload return: "rndc reload " -2008-07-24 23:31:18.161: debug: -2008-07-24 23:31:18.162: notice: end of run: 0 errors occured -2008-07-24 23:31:28.467: notice: ------------------------------------------------------------ -2008-07-24 23:31:28.467: notice: running ../../dnssec-signer -r -f -v -v -2008-07-24 23:31:28.470: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-07-24 23:31:28.470: debug: Check RFC5011 status -2008-07-24 23:31:28.470: debug: ->not a rfc5011 zone, looking for a regular ksk rollover -2008-07-24 23:31:28.470: debug: Check KSK status -2008-07-24 23:31:28.470: debug: Check ZSK status -2008-07-24 23:31:28.470: debug: Re-signing necessary: Option -f -2008-07-24 23:31:28.470: notice: "sub.example.net.": re-signing triggered: Option -f -2008-07-24 23:31:28.470: debug: Writing key file "./sub.example.net./dnskey.db" -2008-07-24 23:31:28.471: debug: Signing zone "sub.example.net." -2008-07-24 23:31:28.471: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" -2008-07-24 23:31:29.058: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-24 23:31:29.059: debug: Signing completed after 1s. -2008-07-24 23:31:29.059: notice: "sub.example.net.": distribution triggered -2008-07-24 23:31:29.059: debug: Distribute zone "sub.example.net." -2008-07-24 23:31:29.059: debug: Run cmd "./dist.sh distribute sub.example.net. ./sub.example.net./zone.db.signed" -2008-07-24 23:31:29.066: debug: ./dist.sh distribute return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./" -2008-07-24 23:31:29.066: notice: scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./: distribution triggered -2008-07-24 23:31:29.066: debug: Distribute zone scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./ -2008-07-24 23:31:29.066: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" -2008-07-24 23:31:29.072: debug: ./dist.sh reload return: "rndc reload " -2008-07-24 23:31:29.072: debug: -2008-07-24 23:31:29.073: debug: parsing zone "example.net." in dir "./example.net." -2008-07-24 23:31:29.073: debug: Check RFC5011 status -2008-07-24 23:31:29.073: debug: Check ZSK status -2008-07-24 23:31:29.073: debug: Re-signing necessary: Option -f -2008-07-24 23:31:29.073: notice: "example.net.": re-signing triggered: Option -f -2008-07-24 23:31:29.073: debug: Writing key file "./example.net./dnskey.db" -2008-07-24 23:31:29.074: debug: Incrementing serial number in file "./example.net./zone.db" -2008-07-24 23:31:29.074: debug: Signing zone "example.net." -2008-07-24 23:31:29.075: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" -2008-07-24 23:31:29.204: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-24 23:31:29.204: debug: Signing completed after 0s. -2008-07-24 23:31:29.204: notice: "example.net.": distribution triggered -2008-07-24 23:31:29.204: debug: Distribute zone "example.net." -2008-07-24 23:31:29.205: debug: Run cmd "./dist.sh distribute example.net. ./example.net./zone.db.signed" -2008-07-24 23:31:29.211: debug: ./dist.sh distribute return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./" -2008-07-24 23:31:29.211: notice: scp ./example.net./zone.db.signed localhost:/var/named/example.net./: distribution triggered -2008-07-24 23:31:29.211: debug: Distribute zone scp ./example.net./zone.db.signed localhost:/var/named/example.net./ -2008-07-24 23:31:29.211: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" -2008-07-24 23:31:29.217: debug: ./dist.sh reload return: "rndc reload " -2008-07-24 23:31:29.217: debug: -2008-07-24 23:31:29.217: notice: end of run: 0 errors occured -2008-07-24 23:35:48.844: notice: ------------------------------------------------------------ -2008-07-24 23:35:48.844: notice: running ../../dnssec-signer -r -f -v -v -2008-07-24 23:35:48.846: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-07-24 23:35:48.846: debug: Check RFC5011 status -2008-07-24 23:35:48.846: debug: ->not a rfc5011 zone, looking for a regular ksk rollover -2008-07-24 23:35:48.846: debug: Check KSK status -2008-07-24 23:35:48.846: debug: Check ZSK status -2008-07-24 23:35:48.846: debug: Re-signing necessary: Option -f -2008-07-24 23:35:48.846: notice: "sub.example.net.": re-signing triggered: Option -f -2008-07-24 23:35:48.846: debug: Writing key file "./sub.example.net./dnskey.db" -2008-07-24 23:35:48.846: debug: Signing zone "sub.example.net." -2008-07-24 23:35:48.846: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" -2008-07-24 23:35:49.455: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-24 23:35:49.455: debug: Signing completed after 1s. -2008-07-24 23:35:49.455: notice: "sub.example.net.": distribution triggered -2008-07-24 23:35:49.455: debug: Distribute zone "sub.example.net." -2008-07-24 23:35:49.455: debug: Run cmd "./dist.sh distribute sub.example.net. ./sub.example.net./zone.db.signed" -2008-07-24 23:35:49.462: notice: "sub.example.net.": distribution triggered -2008-07-24 23:35:49.462: debug: Distribute zone "sub.example.net." -2008-07-24 23:35:49.462: debug: ./dist.sh distribute return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./" -2008-07-24 23:35:49.462: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" -2008-07-24 23:35:49.468: notice: "sub.example.net.": reload triggered -2008-07-24 23:35:49.468: debug: Reload zone "sub.example.net." -2008-07-24 23:35:49.468: debug: ./dist.sh reload return: "rndc reload " -2008-07-24 23:35:49.468: debug: -2008-07-24 23:35:49.468: debug: parsing zone "example.net." in dir "./example.net." -2008-07-24 23:35:49.468: debug: Check RFC5011 status -2008-07-24 23:35:49.469: debug: Check ZSK status -2008-07-24 23:35:49.469: debug: Re-signing necessary: Option -f -2008-07-24 23:35:49.469: notice: "example.net.": re-signing triggered: Option -f -2008-07-24 23:35:49.469: debug: Writing key file "./example.net./dnskey.db" -2008-07-24 23:35:49.470: debug: Incrementing serial number in file "./example.net./zone.db" -2008-07-24 23:35:49.470: debug: Signing zone "example.net." -2008-07-24 23:35:49.470: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" -2008-07-24 23:35:49.600: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-24 23:35:49.600: debug: Signing completed after 0s. -2008-07-24 23:35:49.600: notice: "example.net.": distribution triggered -2008-07-24 23:35:49.600: debug: Distribute zone "example.net." -2008-07-24 23:35:49.600: debug: Run cmd "./dist.sh distribute example.net. ./example.net./zone.db.signed" -2008-07-24 23:35:49.606: notice: "example.net.": distribution triggered -2008-07-24 23:35:49.606: debug: Distribute zone "example.net." -2008-07-24 23:35:49.606: debug: ./dist.sh distribute return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./" -2008-07-24 23:35:49.606: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" -2008-07-24 23:35:49.613: notice: "example.net.": reload triggered -2008-07-24 23:35:49.613: debug: Reload zone "example.net." -2008-07-24 23:35:49.613: debug: ./dist.sh reload return: "rndc reload " -2008-07-24 23:35:49.613: debug: -2008-07-24 23:35:49.613: notice: end of run: 0 errors occured -2008-07-24 23:37:41.081: notice: ------------------------------------------------------------ -2008-07-24 23:37:41.081: notice: running ../../dnssec-signer -r -f -v -v -2008-07-24 23:37:41.083: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-07-24 23:37:41.083: debug: Check RFC5011 status -2008-07-24 23:37:41.083: debug: ->not a rfc5011 zone, looking for a regular ksk rollover -2008-07-24 23:37:41.083: debug: Check KSK status -2008-07-24 23:37:41.083: debug: Check ZSK status -2008-07-24 23:37:41.083: debug: Re-signing necessary: Option -f -2008-07-24 23:37:41.083: notice: "sub.example.net.": re-signing triggered: Option -f -2008-07-24 23:37:41.083: debug: Writing key file "./sub.example.net./dnskey.db" -2008-07-24 23:37:41.084: debug: Signing zone "sub.example.net." -2008-07-24 23:37:41.084: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" -2008-07-24 23:37:41.688: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-24 23:37:41.688: debug: Signing completed after 0s. -2008-07-24 23:37:41.689: notice: "sub.example.net.": distribution triggered -2008-07-24 23:37:41.689: debug: Distribute zone "sub.example.net." -2008-07-24 23:37:41.689: debug: Run cmd "./dist.sh distribute sub.example.net. ./sub.example.net./zone.db.signed" -2008-07-24 23:37:41.695: debug: ./dist.sh distribute return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./" -2008-07-24 23:37:41.695: notice: "sub.example.net.": reload triggered -2008-07-24 23:37:41.695: debug: Reload zone "sub.example.net." -2008-07-24 23:37:41.695: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" -2008-07-24 23:37:41.701: debug: ./dist.sh reload return: "rndc reload " -2008-07-24 23:37:41.701: debug: -2008-07-24 23:37:41.701: debug: parsing zone "example.net." in dir "./example.net." -2008-07-24 23:37:41.701: debug: Check RFC5011 status -2008-07-24 23:37:41.701: debug: Check ZSK status -2008-07-24 23:37:41.701: debug: Re-signing necessary: Option -f -2008-07-24 23:37:41.701: notice: "example.net.": re-signing triggered: Option -f -2008-07-24 23:37:41.701: debug: Writing key file "./example.net./dnskey.db" -2008-07-24 23:37:41.702: debug: Incrementing serial number in file "./example.net./zone.db" -2008-07-24 23:37:41.702: debug: Signing zone "example.net." -2008-07-24 23:37:41.702: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" -2008-07-24 23:37:41.823: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-24 23:37:41.824: debug: Signing completed after 0s. -2008-07-24 23:37:41.824: notice: "example.net.": distribution triggered -2008-07-24 23:37:41.824: debug: Distribute zone "example.net." -2008-07-24 23:37:41.824: debug: Run cmd "./dist.sh distribute example.net. ./example.net./zone.db.signed" -2008-07-24 23:37:41.830: debug: ./dist.sh distribute return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./" -2008-07-24 23:37:41.831: notice: "example.net.": reload triggered -2008-07-24 23:37:41.831: debug: Reload zone "example.net." -2008-07-24 23:37:41.831: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" -2008-07-24 23:37:41.837: debug: ./dist.sh reload return: "rndc reload " -2008-07-24 23:37:41.837: debug: -2008-07-24 23:37:41.837: notice: end of run: 0 errors occured -2008-07-24 23:37:51.742: notice: ------------------------------------------------------------ -2008-07-24 23:37:51.742: notice: running ../../dnssec-signer -r -f -v -2008-07-24 23:37:51.744: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-07-24 23:37:51.744: debug: Check RFC5011 status -2008-07-24 23:37:51.744: debug: ->not a rfc5011 zone, looking for a regular ksk rollover -2008-07-24 23:37:51.744: debug: Check KSK status -2008-07-24 23:37:51.744: debug: Check ZSK status -2008-07-24 23:37:51.744: debug: Re-signing necessary: Option -f -2008-07-24 23:37:51.744: notice: "sub.example.net.": re-signing triggered: Option -f -2008-07-24 23:37:51.744: debug: Writing key file "./sub.example.net./dnskey.db" -2008-07-24 23:37:51.745: debug: Signing zone "sub.example.net." -2008-07-24 23:37:51.745: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" -2008-07-24 23:37:52.263: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-24 23:37:52.264: debug: Signing completed after 1s. -2008-07-24 23:37:52.264: notice: "sub.example.net.": distribution triggered -2008-07-24 23:37:52.264: debug: Distribute zone "sub.example.net." -2008-07-24 23:37:52.264: debug: Run cmd "./dist.sh distribute sub.example.net. ./sub.example.net./zone.db.signed" -2008-07-24 23:37:52.270: debug: ./dist.sh distribute return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./" -2008-07-24 23:37:52.271: notice: "sub.example.net.": reload triggered -2008-07-24 23:37:52.271: debug: Reload zone "sub.example.net." -2008-07-24 23:37:52.271: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" -2008-07-24 23:37:52.276: debug: ./dist.sh reload return: "rndc reload " -2008-07-24 23:37:52.277: debug: -2008-07-24 23:37:52.277: debug: parsing zone "example.net." in dir "./example.net." -2008-07-24 23:37:52.277: debug: Check RFC5011 status -2008-07-24 23:37:52.277: debug: Check ZSK status -2008-07-24 23:37:52.277: debug: Re-signing necessary: Option -f -2008-07-24 23:37:52.277: notice: "example.net.": re-signing triggered: Option -f -2008-07-24 23:37:52.277: debug: Writing key file "./example.net./dnskey.db" -2008-07-24 23:37:52.277: debug: Incrementing serial number in file "./example.net./zone.db" -2008-07-24 23:37:52.277: debug: Signing zone "example.net." -2008-07-24 23:37:52.277: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" -2008-07-24 23:37:52.397: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-24 23:37:52.398: debug: Signing completed after 0s. -2008-07-24 23:37:52.398: notice: "example.net.": distribution triggered -2008-07-24 23:37:52.398: debug: Distribute zone "example.net." -2008-07-24 23:37:52.398: debug: Run cmd "./dist.sh distribute example.net. ./example.net./zone.db.signed" -2008-07-24 23:37:52.404: debug: ./dist.sh distribute return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./" -2008-07-24 23:37:52.404: notice: "example.net.": reload triggered -2008-07-24 23:37:52.404: debug: Reload zone "example.net." -2008-07-24 23:37:52.404: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" -2008-07-24 23:37:52.410: debug: ./dist.sh reload return: "rndc reload " -2008-07-24 23:37:52.410: debug: -2008-07-24 23:37:52.410: notice: end of run: 0 errors occured -2008-07-24 23:44:51.717: notice: ------------------------------------------------------------ -2008-07-24 23:44:51.717: notice: running ../../dnssec-signer -n -r -f -v -2008-07-24 23:44:51.719: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-07-24 23:44:51.719: debug: Check RFC5011 status -2008-07-24 23:44:51.719: debug: ->not a rfc5011 zone, looking for a regular ksk rollover -2008-07-24 23:44:51.719: debug: Check KSK status -2008-07-24 23:44:51.720: debug: Check ZSK status -2008-07-24 23:44:51.720: debug: Re-signing necessary: Option -f -2008-07-24 23:44:51.720: notice: "sub.example.net.": re-signing triggered: Option -f -2008-07-24 23:44:51.720: debug: Writing key file "./sub.example.net./dnskey.db" -2008-07-24 23:44:51.720: debug: Signing zone "sub.example.net." -2008-07-24 23:44:51.720: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" -2008-07-24 23:44:51.720: debug: Cmd dnssec-signzone return: "" -2008-07-24 23:44:51.720: debug: Signing completed after 0s. -2008-07-24 23:44:51.721: notice: "sub.example.net.": distribution triggered -2008-07-24 23:44:51.721: debug: Distribute zone "sub.example.net." -2008-07-24 23:44:51.721: debug: Run cmd "./dist.sh distribute sub.example.net. ./sub.example.net./zone.db.signed" -2008-07-24 23:44:51.721: debug: ./dist.sh distribute return: "" -2008-07-24 23:44:51.721: notice: "sub.example.net.": reload triggered -2008-07-24 23:44:51.721: debug: Reload zone "sub.example.net." -2008-07-24 23:44:51.721: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" -2008-07-24 23:44:51.721: debug: ./dist.sh reload return: "" -2008-07-24 23:44:51.721: debug: -2008-07-24 23:44:51.721: debug: parsing zone "example.net." in dir "./example.net." -2008-07-24 23:44:51.721: debug: Check RFC5011 status -2008-07-24 23:44:51.721: debug: Check ZSK status -2008-07-24 23:44:51.721: debug: Re-signing necessary: Option -f -2008-07-24 23:44:51.722: notice: "example.net.": re-signing triggered: Option -f -2008-07-24 23:44:51.722: debug: Writing key file "./example.net./dnskey.db" -2008-07-24 23:44:51.722: debug: Incrementing serial number in file "./example.net./zone.db" -2008-07-24 23:44:51.722: notice: "example.net.": distribution triggered -2008-07-24 23:44:51.722: debug: Distribute zone "example.net." -2008-07-24 23:44:51.722: debug: Run cmd "./dist.sh distribute example.net. ./example.net./zone.db.signed" -2008-07-24 23:44:51.722: debug: ./dist.sh distribute return: "" -2008-07-24 23:44:51.722: notice: "example.net.": reload triggered -2008-07-24 23:44:51.722: debug: Reload zone "example.net." -2008-07-24 23:44:51.722: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" -2008-07-24 23:44:51.722: debug: ./dist.sh reload return: "" -2008-07-24 23:44:51.723: debug: -2008-07-24 23:44:51.723: notice: end of run: 0 errors occured -2008-07-24 23:44:57.039: notice: ------------------------------------------------------------ -2008-07-24 23:44:57.040: notice: running ../../dnssec-signer -n -r -f -v -v -2008-07-24 23:44:57.042: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-07-24 23:44:57.042: debug: Check RFC5011 status -2008-07-24 23:44:57.042: debug: ->not a rfc5011 zone, looking for a regular ksk rollover -2008-07-24 23:44:57.042: debug: Check KSK status -2008-07-24 23:44:57.042: debug: Check ZSK status -2008-07-24 23:44:57.042: debug: Re-signing necessary: Option -f -2008-07-24 23:44:57.042: notice: "sub.example.net.": re-signing triggered: Option -f -2008-07-24 23:44:57.042: debug: Writing key file "./sub.example.net./dnskey.db" -2008-07-24 23:44:57.042: debug: Signing zone "sub.example.net." -2008-07-24 23:44:57.042: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" -2008-07-24 23:44:57.042: debug: Cmd dnssec-signzone return: "" -2008-07-24 23:44:57.042: debug: Signing completed after 0s. -2008-07-24 23:44:57.042: notice: "sub.example.net.": distribution triggered -2008-07-24 23:44:57.042: debug: Distribute zone "sub.example.net." -2008-07-24 23:44:57.042: debug: Run cmd "./dist.sh distribute sub.example.net. ./sub.example.net./zone.db.signed" -2008-07-24 23:44:57.042: debug: ./dist.sh distribute return: "" -2008-07-24 23:44:57.043: notice: "sub.example.net.": reload triggered -2008-07-24 23:44:57.043: debug: Reload zone "sub.example.net." -2008-07-24 23:44:57.043: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" -2008-07-24 23:44:57.043: debug: ./dist.sh reload return: "" -2008-07-24 23:44:57.043: debug: -2008-07-24 23:44:57.043: debug: parsing zone "example.net." in dir "./example.net." -2008-07-24 23:44:57.043: debug: Check RFC5011 status -2008-07-24 23:44:57.043: debug: Check ZSK status -2008-07-24 23:44:57.043: debug: Re-signing necessary: Option -f -2008-07-24 23:44:57.043: notice: "example.net.": re-signing triggered: Option -f -2008-07-24 23:44:57.043: debug: Writing key file "./example.net./dnskey.db" -2008-07-24 23:44:57.043: debug: Incrementing serial number in file "./example.net./zone.db" -2008-07-24 23:44:57.043: notice: "example.net.": distribution triggered -2008-07-24 23:44:57.043: debug: Distribute zone "example.net." -2008-07-24 23:44:57.043: debug: Run cmd "./dist.sh distribute example.net. ./example.net./zone.db.signed" -2008-07-24 23:44:57.043: debug: ./dist.sh distribute return: "" -2008-07-24 23:44:57.043: notice: "example.net.": reload triggered -2008-07-24 23:44:57.043: debug: Reload zone "example.net." -2008-07-24 23:44:57.043: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" -2008-07-24 23:44:57.043: debug: ./dist.sh reload return: "" -2008-07-24 23:44:57.043: debug: -2008-07-24 23:44:57.043: notice: end of run: 0 errors occured -2008-07-25 23:31:07.235: notice: ------------------------------------------------------------ -2008-07-25 23:31:07.236: notice: running ../../dnssec-signer -v -v -2008-07-25 23:31:07.238: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-07-25 23:31:07.238: debug: Check RFC5011 status -2008-07-25 23:31:07.238: debug: ->not a rfc5011 zone, looking for a regular ksk rollover -2008-07-25 23:31:07.238: debug: Check KSK status -2008-07-25 23:31:07.238: debug: Check ZSK status -2008-07-25 23:31:07.238: debug: Lifetime(259200 +/-150 sec) of active key 31081 exceeded (343229 sec) -2008-07-25 23:31:07.239: debug: ->depreciate it -2008-07-25 23:31:07.239: debug: ->activate published key 3615 -2008-07-25 23:31:07.239: notice: "sub.example.net.": lifetime of zone signing key 31081 exceeded: ZSK rollover done -2008-07-25 23:31:07.239: debug: New published key needed -2008-07-25 23:31:07.397: debug: ->creating new published key 4254 -2008-07-25 23:31:07.397: info: "sub.example.net.": new key 4254 generated for publishing -2008-07-25 23:31:07.397: debug: Re-signing necessary: New zone key -2008-07-25 23:31:07.397: notice: "sub.example.net.": re-signing triggered: New zone key -2008-07-25 23:31:07.398: debug: Writing key file "./sub.example.net./dnskey.db" -2008-07-25 23:31:07.398: debug: Signing zone "sub.example.net." -2008-07-25 23:31:07.398: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" -2008-07-25 23:31:07.639: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-25 23:31:07.639: debug: Signing completed after 0s. -2008-07-25 23:31:07.639: debug: -2008-07-25 23:31:07.639: debug: parsing zone "example.net." in dir "./example.net." -2008-07-25 23:31:07.639: debug: Check RFC5011 status -2008-07-25 23:31:07.639: debug: Check ZSK status -2008-07-25 23:31:07.639: debug: Re-signing necessary: Modified keys -2008-07-25 23:31:07.639: notice: "example.net.": re-signing triggered: Modified keys -2008-07-25 23:31:07.639: debug: Writing key file "./example.net./dnskey.db" -2008-07-25 23:31:07.640: debug: Incrementing serial number in file "./example.net./zone.db" -2008-07-25 23:31:07.640: debug: Signing zone "example.net." -2008-07-25 23:31:07.640: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" -2008-07-25 23:31:07.783: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-25 23:31:07.783: debug: Signing completed after 0s. -2008-07-25 23:31:07.783: debug: -2008-07-25 23:31:07.783: notice: end of run: 0 errors occured -2008-07-25 23:32:27.052: notice: ------------------------------------------------------------ -2008-07-25 23:32:27.052: notice: running ../../dnssec-signer -v -v -2008-07-25 23:32:27.054: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-07-25 23:32:27.054: debug: Check RFC5011 status -2008-07-25 23:32:27.054: debug: ->not a rfc5011 zone, looking for a regular ksk rollover -2008-07-25 23:32:27.054: debug: Check KSK status -2008-07-25 23:32:27.054: debug: Check ZSK status -2008-07-25 23:32:27.054: debug: Re-signing not necessary! -2008-07-25 23:32:27.054: debug: Check if there is a parent file to copy -2008-07-25 23:32:27.054: debug: -2008-07-25 23:32:27.054: debug: parsing zone "example.net." in dir "./example.net." -2008-07-25 23:32:27.054: debug: Check RFC5011 status -2008-07-25 23:32:27.054: debug: Check ZSK status -2008-07-25 23:32:27.054: debug: Re-signing not necessary! -2008-07-25 23:32:27.054: debug: Check if there is a parent file to copy -2008-07-25 23:32:27.057: debug: -2008-07-25 23:32:27.057: notice: end of run: 0 errors occured -2008-07-31 00:25:52.601: notice: ------------------------------------------------------------ -2008-07-31 00:25:52.601: notice: running ../../dnssec-signer -v -v -2008-07-31 00:25:52.604: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-07-31 00:25:52.604: debug: Check RFC5011 status -2008-07-31 00:25:52.604: debug: ->not a rfc5011 zone, looking for a regular ksk rollover -2008-07-31 00:25:52.604: debug: Check KSK status -2008-07-31 00:25:52.604: debug: Check ZSK status -2008-07-31 00:25:52.604: debug: Lifetime(390 sec) of depreciated key 31081 exceeded (435285 sec) -2008-07-31 00:25:52.604: info: "sub.example.net.": old ZSK 31081 removed -2008-07-31 00:25:52.605: debug: ->remove it -2008-07-31 00:25:52.605: debug: Lifetime(259200 +/-150 sec) of active key 3615 exceeded (435285 sec) -2008-07-31 00:25:52.605: debug: ->depreciate it -2008-07-31 00:25:52.605: debug: ->activate published key 4254 -2008-07-31 00:25:52.605: notice: "sub.example.net.": lifetime of zone signing key 3615 exceeded: ZSK rollover done -2008-07-31 00:25:52.605: debug: New key for publishing needed -2008-07-31 00:25:53.128: debug: ->creating new key 56744 -2008-07-31 00:25:53.128: info: "sub.example.net.": new key 56744 generated for publishing -2008-07-31 00:25:53.128: debug: Re-signing necessary: New zone key -2008-07-31 00:25:53.128: notice: "sub.example.net.": re-signing triggered: New zone key -2008-07-31 00:25:53.128: debug: Writing key file "./sub.example.net./dnskey.db" -2008-07-31 00:25:53.128: debug: Signing zone "sub.example.net." -2008-07-31 00:25:53.128: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" -2008-07-31 00:25:53.332: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-31 00:25:53.332: debug: Signing completed after 0s. -2008-07-31 00:25:53.332: debug: -2008-07-31 00:25:53.332: debug: parsing zone "example.net." in dir "./example.net." -2008-07-31 00:25:53.332: debug: Check RFC5011 status -2008-07-31 00:25:53.332: debug: Check ZSK status -2008-07-31 00:25:53.332: debug: Re-signing necessary: re-signing interval (2d) reached -2008-07-31 00:25:53.332: notice: "example.net.": re-signing triggered: re-signing interval (2d) reached -2008-07-31 00:25:53.332: debug: Writing key file "./example.net./dnskey.db" -2008-07-31 00:25:53.333: debug: Incrementing serial number in file "./example.net./zone.db" -2008-07-31 00:25:53.333: debug: Signing zone "example.net." -2008-07-31 00:25:53.333: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" -2008-07-31 00:25:53.477: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-31 00:25:53.477: debug: Signing completed after 0s. -2008-07-31 00:25:53.477: debug: -2008-07-31 00:25:53.477: notice: end of run: 0 errors occured -2008-07-31 13:19:17.447: notice: ------------------------------------------------------------ -2008-07-31 13:19:17.447: notice: running ../../dnssec-signer -v -v -2008-07-31 13:19:17.449: debug: parsing zone "sub.example.net." in dir "./sub.example.net." -2008-07-31 13:19:17.449: debug: Check RFC5011 status -2008-07-31 13:19:17.450: debug: ->not a rfc5011 zone, looking for a regular ksk rollover -2008-07-31 13:19:17.450: debug: Check KSK status -2008-07-31 13:19:17.450: debug: Check ZSK status -2008-07-31 13:19:17.450: debug: Lifetime(390 sec) of depreciated key 3615 exceeded (46405 sec) -2008-07-31 13:19:17.450: info: "sub.example.net.": old ZSK 3615 removed -2008-07-31 13:19:17.450: debug: ->remove it -2008-07-31 13:19:17.450: debug: Re-signing necessary: New zone key -2008-07-31 13:19:17.451: notice: "sub.example.net.": re-signing triggered: New zone key -2008-07-31 13:19:17.451: debug: Writing key file "./sub.example.net./dnskey.db" -2008-07-31 13:19:17.451: debug: Signing zone "sub.example.net." -2008-07-31 13:19:17.451: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" -2008-07-31 13:19:17.943: debug: Cmd dnssec-signzone return: "zone.db.signed" -2008-07-31 13:19:17.944: debug: Signing completed after 0s. -2008-07-31 13:19:17.944: debug: -2008-07-31 13:19:17.944: debug: parsing zone "example.net." in dir "./example.net." -2008-07-31 13:19:17.944: debug: Check RFC5011 status -2008-07-31 13:19:17.944: debug: Check ZSK status -2008-07-31 13:19:17.944: debug: Re-signing not necessary! -2008-07-31 13:19:17.944: debug: Check if there is a parent file to copy -2008-07-31 13:19:17.944: debug: -2008-07-31 13:19:17.945: notice: end of run: 0 errors occured +2008-12-18 01:02:56.187: notice: ------------------------------------------------------------ +2008-12-18 01:02:56.187: notice: running ../../dnssec-signer -v -v +2008-12-18 01:02:56.589: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2008-12-18 01:02:56.589: debug: Check RFC5011 status +2008-12-18 01:02:56.589: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2008-12-18 01:02:56.589: debug: Check KSK status +2008-12-18 01:02:56.589: debug: Check ZSK status +2008-12-18 01:02:56.590: debug: Lifetime(390 sec) of depreciated key 45361 exceeded (124287 sec) +2008-12-18 01:02:56.590: info: "sub.example.net.": old ZSK 45361 removed +2008-12-18 01:02:56.604: debug: ->remove it +2008-12-18 01:02:56.604: debug: Re-signing necessary: Modfied zone key set +2008-12-18 01:02:56.604: notice: "sub.example.net.": re-signing triggered: Modfied zone key set +2008-12-18 01:02:56.604: debug: Writing key file "./sub.example.net/dnskey.db" +2008-12-18 01:02:56.605: debug: Signing zone "sub.example.net." +2008-12-18 01:02:56.605: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -3 BE70E4 -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-12-18 01:02:56.970: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-12-18 01:02:56.971: debug: Signing completed after 0s. +2008-12-18 01:02:56.971: debug: +2008-12-18 01:02:56.971: debug: parsing zone "example.net." in dir "./example.net" +2008-12-18 01:02:56.971: debug: Check RFC5011 status +2008-12-18 01:02:56.971: debug: Check ZSK status +2008-12-18 01:02:56.971: debug: Re-signing necessary: Zone file edited +2008-12-18 01:02:56.971: notice: "example.net.": re-signing triggered: Zone file edited +2008-12-18 01:02:56.972: debug: Writing key file "./example.net/dnskey.db" +2008-12-18 01:02:56.972: debug: Incrementing serial number in file "./example.net/zone.db" +2008-12-18 01:02:56.973: debug: Signing zone "example.net." +2008-12-18 01:02:56.973: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-12-18 01:02:57.106: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-12-18 01:02:57.106: debug: Signing completed after 1s. +2008-12-18 01:02:57.106: debug: +2008-12-18 01:02:57.106: notice: end of run: 0 errors occured +2008-12-18 01:03:01.191: notice: ------------------------------------------------------------ +2008-12-18 01:03:01.192: notice: running ../../dnssec-signer -d -v -v +2008-12-18 01:03:01.194: debug: parsing zone "dyn.example.net." in dir "./dyn.example.net" +2008-12-18 01:03:01.194: debug: Check RFC5011 status +2008-12-18 01:03:01.194: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2008-12-18 01:03:01.194: debug: Check KSK status +2008-12-18 01:03:01.194: warning: "dyn.example.net.": lifetime of key signing key 42138 exceeded since 10w4d3h1m4s +2008-12-18 01:03:01.194: debug: Check ZSK status +2008-12-18 01:03:01.195: debug: Lifetime(1209600 +/-150 sec) of active key 1355 exceeded (11588464 sec) +2008-12-18 01:03:01.195: debug: ->depreciate it +2008-12-18 01:03:01.195: debug: ->activate published key 10643 +2008-12-18 01:03:01.195: notice: "dyn.example.net.": lifetime of zone signing key 1355 exceeded: ZSK rollover done +2008-12-18 01:03:01.196: debug: Re-signing necessary: Modfied zone key set +2008-12-18 01:03:01.196: notice: "dyn.example.net.": re-signing triggered: Modfied zone key set +2008-12-18 01:03:01.196: debug: Writing key file "./dyn.example.net/dnskey.db" +2008-12-18 01:03:01.196: debug: Signing zone "dyn.example.net." +2008-12-18 01:03:01.196: notice: "dyn.example.net.": freeze dynamic zone +2008-12-18 01:03:01.196: debug: freeze dynamic zone "dyn.example.net." +2008-12-18 01:03:01.197: debug: Run cmd "/usr/local/sbin/rndc freeze dyn.example.net." +2008-12-18 01:03:01.628: debug: Dynamic Zone signing: copy old signed zone file ./dyn.example.net/zone.db.dsigned to new input file ./dyn.example.net/zone.db +2008-12-18 01:03:01.653: debug: Run cmd "cd ./dyn.example.net; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o dyn.example.net. -e +518400 -N increment -f zone.db.dsigned zone.db K*.private" +2008-12-18 01:03:01.792: debug: Cmd dnssec-signzone return: "zone.db.dsigned" +2008-12-18 01:03:01.792: notice: "dyn.example.net.": thaw dynamic zone +2008-12-18 01:03:01.792: debug: thaw dynamic zone "dyn.example.net." +2008-12-18 01:03:01.792: debug: Run cmd "/usr/local/sbin/rndc thaw dyn.example.net." +2008-12-18 01:03:01.802: debug: Signing completed after 0s. +2008-12-18 01:03:01.802: debug: +2008-12-18 01:03:01.802: notice: end of run: 0 errors occured +2008-12-28 23:06:27.762: notice: ------------------------------------------------------------ +2008-12-28 23:06:27.762: notice: running ../../dnssec-signer -v -v +2008-12-28 23:06:27.764: debug: parsing zone "sub.example.net." in dir "./sub.example.net" +2008-12-28 23:06:27.765: debug: Check RFC5011 status +2008-12-28 23:06:27.765: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2008-12-28 23:06:27.765: debug: Check KSK status +2008-12-28 23:06:27.765: debug: Check ZSK status +2008-12-28 23:06:27.765: debug: Lifetime(259200 +/-150 sec) of active key 22440 exceeded (1067698 sec) +2008-12-28 23:06:27.765: debug: ->depreciate it +2008-12-28 23:06:27.766: debug: ->activate published key 5823 +2008-12-28 23:06:27.766: notice: "sub.example.net.": lifetime of zone signing key 22440 exceeded: ZSK rollover done +2008-12-28 23:06:27.766: debug: New key for publishing needed +2008-12-28 23:06:28.696: debug: ->creating new key 4710 +2008-12-28 23:06:28.696: info: "sub.example.net.": new key 4710 generated for publishing +2008-12-28 23:06:28.696: debug: Re-signing necessary: Modfied zone key set +2008-12-28 23:06:28.696: notice: "sub.example.net.": re-signing triggered: Modfied zone key set +2008-12-28 23:06:28.696: debug: Writing key file "./sub.example.net/dnskey.db" +2008-12-28 23:06:28.697: debug: Signing zone "sub.example.net." +2008-12-28 23:06:28.697: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -3 B9D9AA -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-12-28 23:06:28.804: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-12-28 23:06:28.804: debug: Signing completed after 0s. +2008-12-28 23:06:28.804: debug: +2008-12-28 23:06:28.804: debug: parsing zone "example.net." in dir "./example.net" +2008-12-28 23:06:28.804: debug: Check RFC5011 status +2008-12-28 23:06:28.804: debug: Check ZSK status +2008-12-28 23:06:28.804: debug: Re-signing necessary: re-signing interval (2d) reached +2008-12-28 23:06:28.804: notice: "example.net.": re-signing triggered: re-signing interval (2d) reached +2008-12-28 23:06:28.804: debug: Writing key file "./example.net/dnskey.db" +2008-12-28 23:06:28.805: debug: Incrementing serial number in file "./example.net/zone.db" +2008-12-28 23:06:28.805: debug: Signing zone "example.net." +2008-12-28 23:06:28.805: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-12-28 23:06:28.898: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-12-28 23:06:28.898: debug: Signing completed after 0s. +2008-12-28 23:06:28.898: debug: +2008-12-28 23:06:28.899: notice: end of run: 0 errors occured +2008-12-28 23:07:39.896: notice: ------------------------------------------------------------ +2008-12-28 23:07:39.896: notice: running ../../dnssec-signer -v -v -N named.conf +2008-12-28 23:07:39.899: debug: parsing zone "sub.example.net." in dir "././sub.example.net" +2008-12-28 23:07:39.899: debug: Check RFC5011 status +2008-12-28 23:07:39.899: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2008-12-28 23:07:39.899: debug: Check KSK status +2008-12-28 23:07:39.899: debug: Check ZSK status +2008-12-28 23:07:39.899: debug: Re-signing not necessary! +2008-12-28 23:07:39.899: debug: Check if there is a parent file to copy +2008-12-28 23:07:39.899: debug: +2008-12-28 23:07:39.899: debug: parsing zone "example.net." in dir "././example.net" +2008-12-28 23:07:39.899: debug: Check RFC5011 status +2008-12-28 23:07:39.899: debug: Check ZSK status +2008-12-28 23:07:39.899: debug: Re-signing not necessary! +2008-12-28 23:07:39.899: debug: Check if there is a parent file to copy +2008-12-28 23:07:39.899: debug: +2008-12-28 23:07:39.899: notice: end of run: 0 errors occured +2008-12-28 23:08:02.141: notice: ------------------------------------------------------------ +2008-12-28 23:08:02.141: notice: running ../../dnssec-signer -f -v -v -N named.conf +2008-12-28 23:08:02.143: debug: parsing zone "sub.example.net." in dir "././sub.example.net" +2008-12-28 23:08:02.143: debug: Check RFC5011 status +2008-12-28 23:08:02.143: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2008-12-28 23:08:02.143: debug: Check KSK status +2008-12-28 23:08:02.143: debug: Check ZSK status +2008-12-28 23:08:02.143: debug: Re-signing necessary: Option -f +2008-12-28 23:08:02.143: notice: "sub.example.net.": re-signing triggered: Option -f +2008-12-28 23:08:02.143: debug: Writing key file "././sub.example.net/dnskey.db" +2008-12-28 23:08:02.144: debug: Signing zone "sub.example.net." +2008-12-28 23:08:02.144: debug: Run cmd "cd ././sub.example.net; /usr/local/sbin/dnssec-signzone -3 B5EA98 -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-12-28 23:08:02.266: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-12-28 23:08:02.266: debug: Signing completed after 0s. +2008-12-28 23:08:02.266: debug: +2008-12-28 23:08:02.266: debug: parsing zone "example.net." in dir "././example.net" +2008-12-28 23:08:02.266: debug: Check RFC5011 status +2008-12-28 23:08:02.266: debug: Check ZSK status +2008-12-28 23:08:02.266: debug: Re-signing necessary: Option -f +2008-12-28 23:08:02.266: notice: "example.net.": re-signing triggered: Option -f +2008-12-28 23:08:02.266: debug: Writing key file "././example.net/dnskey.db" +2008-12-28 23:08:02.267: debug: Incrementing serial number in file "././example.net/zone.db" +2008-12-28 23:08:02.267: debug: Signing zone "example.net." +2008-12-28 23:08:02.267: debug: Run cmd "cd ././example.net; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-12-28 23:08:02.534: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-12-28 23:08:02.534: debug: Signing completed after 0s. +2008-12-28 23:08:02.534: debug: +2008-12-28 23:08:02.534: notice: end of run: 0 errors occured diff --git a/contrib/zkt/examples/flat/zone.conf b/contrib/zkt/examples/flat/zone.conf index 0ccc7f61..54487af2 100644 --- a/contrib/zkt/examples/flat/zone.conf +++ b/contrib/zkt/examples/flat/zone.conf @@ -1,10 +1,10 @@ zone "example.NET." in { type master; - file "example.net./zone.db.signed"; + file "example.net/zone.db.signed"; }; zone "sub.example.NET." in { type master; - file "sub.example.net./zone.db.signed"; + file "sub.example.net/zone.db.signed"; }; diff --git a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+11867.key b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+11867.key deleted file mode 100644 index a8242089..00000000 --- a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+11867.key +++ /dev/null @@ -1,3 +0,0 @@ -;% generationtime=20080717083652 -;% lifetime=28d -example.de. IN DNSKEY 256 3 5 BQEAAAAByN2rMrazHwh+sNOv8cBef3HUotAQTS9QW4Y5NjNuyYNraJBA OqV8KSaGQqIhkh0ZD0oIm2h0JowdyERZVj6ZZQ== diff --git a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+11867.published b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+11867.published deleted file mode 100644 index 87038163..00000000 --- a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+11867.published +++ /dev/null @@ -1,10 +0,0 @@ -Private-key-format: v1.2 -Algorithm: 5 (RSASHA1) -Modulus: yN2rMrazHwh+sNOv8cBef3HUotAQTS9QW4Y5NjNuyYNraJBAOqV8KSaGQqIhkh0ZD0oIm2h0JowdyERZVj6ZZQ== -PublicExponent: AQAAAAE= -PrivateExponent: PUJ1+zrJn3r8Z+GcNmxwyHaNeLivsjSiSoGZu2FnlJHgHV3Kq5ZL+d5jeGpbPyW6Bc5z+NpkqGPuz/DG9C6OhQ== -Prime1: 8NWUn++L7p45k/tgcIoVKWe9Jgwtn4m8K8PkNQG1H4s= -Prime2: 1YPE6Nw/KsuDHPkM6NAqtnMWugaG9kDq348eSTkhSM8= -Exponent1: tF/x51phYle6xgqBLw3ixmkQJCSpCa3F51pb/zGieV0= -Exponent2: PeU/PmlccGmtux9ZC9rEdu/xmMERXZri3QdBtCzYDLs= -Coefficient: gMF5l8BpGn2VBO7XqZNTJWOkx1lBOytfBc4y6yh+Cn8= diff --git a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+35672.key b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+35672.key deleted file mode 100644 index 4836d51f..00000000 --- a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+35672.key +++ /dev/null @@ -1,3 +0,0 @@ -;% generationtime=20080608210458 -;% lifetime=28d -example.de. IN DNSKEY 256 3 5 BQEAAAABnRJdmY7dzRKi93pVkLToV5FK4Ffm8YnY0c6IHKcAmb5t8FLv pNijniIclCPXTpfio+HNa59a4UA8jTdJb+kT0w== diff --git a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+35672.private b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+35672.private deleted file mode 100644 index 3b1b32ec..00000000 --- a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+35672.private +++ /dev/null @@ -1,10 +0,0 @@ -Private-key-format: v1.2 -Algorithm: 5 (RSASHA1) -Modulus: nRJdmY7dzRKi93pVkLToV5FK4Ffm8YnY0c6IHKcAmb5t8FLvpNijniIclCPXTpfio+HNa59a4UA8jTdJb+kT0w== -PublicExponent: AQAAAAE= -PrivateExponent: I2jMbjLfEzJ4iZHvXDTRZKM2/SXOLH9dTWkzH8zfbW+jzsKObfnt7/yJYaIHv0gQOvOAfQ46RutqryjQpLPtoQ== -Prime1: 0TgZK52tc+JlhyG5229kjntpXP0enYcMqROdLM9lSoM= -Prime2: wDFNEVHv0GDU7L7ZLPIuRewnHg9SHgSnQ+kOWDhZEHE= -Exponent1: aVdC0HyDAG7bvUkwx468HhrL/00lGXQYvnxoKqV3/dU= -Exponent2: quQ/NY7YkT3jYi649bQ9hsWDkaAoBf1FrIVPcf3FSXE= -Coefficient: Td8UjaaoC44Qt0jCQ4uULI1YUQRNdPYH3024NghryrE= diff --git a/contrib/zkt/examples/hierarchical/de./example.de./dnskey.db b/contrib/zkt/examples/hierarchical/de./example.de./dnskey.db deleted file mode 100644 index bd106bd7..00000000 --- a/contrib/zkt/examples/hierarchical/de./example.de./dnskey.db +++ /dev/null @@ -1,48 +0,0 @@ -; -; !!! Don't edit this file by hand. -; !!! It will be generated by dnssec-signer. -; -; Last generation time Jul 29 2008 12:44:06 -; - -; *** List of Key Signing Keys *** -; example.de. tag=17439 algo=RSASHA1 generated Jun 19 2008 00:32:22 -example.de. 3600 IN DNSKEY 385 3 5 ( - BQEAAAABCyg92L7v21N3lc/gR07/2iLmvt6dUn1KKauLvmkRuT040XT+ - Rd3Iq20iq6BqVPsPS+hCOTRA3xikTIn5YzmPLPutIRtjIodHhsrML4D9 - Pp1dzgEDKWLam96v+E7KC0GGH/BI6/WelqeqjS5BjI4Gjv4roaTyDCi6 - 3oXwcMFDVwrSjws4A/5AGANka41Aky+UCGse6+64YmNP/QkSXDAeBZqw - rw== - ) ; key id = 17567 (original key id = 17439) - -; example.de. tag=41145 algo=RSASHA1 generated Jul 12 2008 00:10:00 -example.de. 3600 IN DNSKEY 257 3 5 ( - BQEAAAABDrm5aXRPuZOmwT4nINnY2qXyXWLtutggFAJgBW5Ua7uzAR+7 - r/DcOE7IfjnT5FQhbYXIuKy61uOEqPu1TYvDsGb1pseKSB4J0jmXDU9N - tu9TDp6X6ZXE11+cFdATa4TPnsAUMSxVkLZanrbyACmcNr1gjT3dz6qI - VBVPb5OnUldndbgtlOX3wcE0aR/MIsIjz1UQl/QoxbVclZVOUNdJQGb9 - zQ== - ) ; key id = 41145 - -; example.de. tag=59244 algo=RSASHA1 generated Jul 12 2008 00:10:00 -example.de. 3600 IN DNSKEY 257 3 5 ( - BQEAAAABDfaBERX9p+FUi1OXYVig7zLCQFZoRYpwDDuLzBcC7k+G1+wW - dftyA1vBm5HMpyq0OifT0Hsez4+H+0CIWHZP8oPCYfKrq+wM2EgMzDDO - Yv+O1TQU4i3G+iONxB1RAwH/J2lA+U0zCbrdf0KLq/enNquchhPw4gCX - 0RB9HC+TkpoPf2u7aKFcjlpw4C4uhDl1s6FpfdXe6NQWW6c+ONUcLAEt - +w== - ) ; key id = 59244 - -; *** List of Zone Signing Keys *** -; example.de. tag=35672 algo=RSASHA1 generated Jul 17 2008 10:36:52 -example.de. 3600 IN DNSKEY 256 3 5 ( - BQEAAAABnRJdmY7dzRKi93pVkLToV5FK4Ffm8YnY0c6IHKcAmb5t8FLv - pNijniIclCPXTpfio+HNa59a4UA8jTdJb+kT0w== - ) ; key id = 35672 - -; example.de. tag=11867 algo=RSASHA1 generated Jul 17 2008 10:36:52 -example.de. 3600 IN DNSKEY 256 3 5 ( - BQEAAAAByN2rMrazHwh+sNOv8cBef3HUotAQTS9QW4Y5NjNuyYNraJBA - OqV8KSaGQqIhkh0ZD0oIm2h0JowdyERZVj6ZZQ== - ) ; key id = 11867 - diff --git a/contrib/zkt/examples/hierarchical/de./example.de./dsset-example.de. b/contrib/zkt/examples/hierarchical/de./example.de./dsset-example.de. deleted file mode 100644 index a2cb04a3..00000000 --- a/contrib/zkt/examples/hierarchical/de./example.de./dsset-example.de. +++ /dev/null @@ -1,6 +0,0 @@ -example.de. IN DS 17567 5 1 D2AE03CF2A76AA0A28AE8593B3D96E497C6508E5 -example.de. IN DS 17567 5 2 A9F2D82927721257F7C4325B402F664BBFE58780A786BB7B7188A0DB FD5D7008 -example.de. IN DS 41145 5 1 8F18A5F2A59AEF518DBA5A0CD0F0E259DD0F8C05 -example.de. IN DS 41145 5 2 BA5A78FB98E5A38554B4D73B32F15C4794AEE9E25934B3696B999451 A534102A -example.de. IN DS 59244 5 1 56F34A865AFA3A183D3C008490B94CB1D238BB9A -example.de. IN DS 59244 5 2 08C1BFC17C4634BE4A03A297D65E44CC8EB375B4027534541B7E0596 5E985313 diff --git a/contrib/zkt/examples/hierarchical/de./example.de./keyset-example.de. b/contrib/zkt/examples/hierarchical/de./example.de./keyset-example.de. deleted file mode 100644 index 2b40c68f..00000000 --- a/contrib/zkt/examples/hierarchical/de./example.de./keyset-example.de. +++ /dev/null @@ -1,28 +0,0 @@ -$ORIGIN . -example.de 7200 IN DNSKEY 257 3 5 ( - BQEAAAABDfaBERX9p+FUi1OXYVig7zLCQFZo - RYpwDDuLzBcC7k+G1+wWdftyA1vBm5HMpyq0 - OifT0Hsez4+H+0CIWHZP8oPCYfKrq+wM2EgM - zDDOYv+O1TQU4i3G+iONxB1RAwH/J2lA+U0z - Cbrdf0KLq/enNquchhPw4gCX0RB9HC+TkpoP - f2u7aKFcjlpw4C4uhDl1s6FpfdXe6NQWW6c+ - ONUcLAEt+w== - ) ; key id = 59244 - 7200 IN DNSKEY 257 3 5 ( - BQEAAAABDrm5aXRPuZOmwT4nINnY2qXyXWLt - utggFAJgBW5Ua7uzAR+7r/DcOE7IfjnT5FQh - bYXIuKy61uOEqPu1TYvDsGb1pseKSB4J0jmX - DU9Ntu9TDp6X6ZXE11+cFdATa4TPnsAUMSxV - kLZanrbyACmcNr1gjT3dz6qIVBVPb5OnUldn - dbgtlOX3wcE0aR/MIsIjz1UQl/QoxbVclZVO - UNdJQGb9zQ== - ) ; key id = 41145 - 7200 IN DNSKEY 385 3 5 ( - BQEAAAABCyg92L7v21N3lc/gR07/2iLmvt6d - Un1KKauLvmkRuT040XT+Rd3Iq20iq6BqVPsP - S+hCOTRA3xikTIn5YzmPLPutIRtjIodHhsrM - L4D9Pp1dzgEDKWLam96v+E7KC0GGH/BI6/We - lqeqjS5BjI4Gjv4roaTyDCi63oXwcMFDVwrS - jws4A/5AGANka41Aky+UCGse6+64YmNP/QkS - XDAeBZqwrw== - ) ; key id = 17567 diff --git a/contrib/zkt/examples/hierarchical/de./example.de./keyset-sub.example.de. b/contrib/zkt/examples/hierarchical/de./example.de./keyset-sub.example.de. deleted file mode 100644 index 04ed33aa..00000000 --- a/contrib/zkt/examples/hierarchical/de./example.de./keyset-sub.example.de. +++ /dev/null @@ -1,8 +0,0 @@ -$ORIGIN . -sub.example.de 7200 IN DNSKEY 257 3 5 ( - BQEAAAABpL4/T8z6mCbTm46Y9+KJOgCAk+dG - HBoyg75N1f0lwYSZOLyyyOLWwDxlsfkb5Wwv - Z1ZG6NFmg/3o5N3Zd7TEkkvHZafRMrzHFicd - IMSvjmOWVBR0GsEb+reREu5X0sdZbqOuxT6C - kKoTXRpRZgU9ouus6W5bSWQAfdQIegTBBKk= - ) ; key id = 40998 diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+19793.key b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+19793.key deleted file mode 100644 index 6b6aca17..00000000 --- a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+19793.key +++ /dev/null @@ -1,3 +0,0 @@ -;% generationtime=20080729104405 -;% lifetime=2d -sub.example.de. IN DNSKEY 256 3 1 BQEAAAABny2+yO3erGn/4hCJyG031zbeZa91KPPsQRfqgx3eNgyaQjfD 7NTKuAfJjbSTbHnvXF008duYET+UU9+hS01RIw== diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+19793.private b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+19793.private deleted file mode 100644 index 23776358..00000000 --- a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+19793.private +++ /dev/null @@ -1,10 +0,0 @@ -Private-key-format: v1.2 -Algorithm: 1 (RSA) -Modulus: ny2+yO3erGn/4hCJyG031zbeZa91KPPsQRfqgx3eNgyaQjfD7NTKuAfJjbSTbHnvXF008duYET+UU9+hS01RIw== -PublicExponent: AQAAAAE= -PrivateExponent: njIKbIVXtg54r7CRULxKaNXpW0BUus3VYh/JBkMgd+runwCUtXUccG14jHrZ/H2M6Yx46EIYxebzoi0rStisAQ== -Prime1: zsU5EgehqDuowoV/yRkMTDa/b3unK6hUy4AnqCpumtE= -Prime2: xRPHnd4KuW4H4SueCLf3oduoTfOp6pl6cKdJyjooQbM= -Exponent1: WbbHa11huZfttfhiiocYX0zKzy+2hTHb8vXBJ27mIcE= -Exponent2: JrXRbJt0aQuZ7PEcBuYpcLp0d4WZFD0htANku1j9xHc= -Coefficient: y0cK7SB3Usly0yku3wY50DpxX0k+qPu8HztqHeGCXpg= diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+51977.depreciated b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+51977.depreciated deleted file mode 100644 index 934f6302..00000000 --- a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+51977.depreciated +++ /dev/null @@ -1,10 +0,0 @@ -Private-key-format: v1.2 -Algorithm: 1 (RSA) -Modulus: rPRVqWxFqCoVRrtQ8XYrbeogdBKBvEus359hPgFqYdGHvR1Kkyl8EhioksP/Tze5cGBHTSFCjIh+lGMPEssJCQ== -PublicExponent: AQAAAAE= -PrivateExponent: OGFXm5oxuztSyLrcmyhrWs14NTOKh745RZMjIUVyoem0SLRjkJWdqGlPnMsR+lmyVieKx6OhFTOZnbjRaeu2AQ== -Prime1: 1epbg5Yr1USYkwGu9zV7AXpB74Wfu7I3WDzPabBFQ+k= -Prime2: zvsD4Q/+PCmzXiRwsSlwZwtwpcSump1fuIve+REOCCE= -Exponent1: kMpHQJed0XNHcNZ2hcEZ1/yG3Ex4MZbdJ9DsK2Rgosk= -Exponent2: LEK4vqbV5lWlccULSqR0puA/1lFWmvRbS0yu7qp4OGE= -Coefficient: gXEyODoVUSbHQP2mar5cwP3BDdi1LwDYVvdvKYEPIrw= diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+51977.key b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+51977.key deleted file mode 100644 index 2c662a9a..00000000 --- a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+51977.key +++ /dev/null @@ -1,3 +0,0 @@ -;% generationtime=20080726213646 -;% lifetime=2d -sub.example.de. IN DNSKEY 256 3 1 BQEAAAABrPRVqWxFqCoVRrtQ8XYrbeogdBKBvEus359hPgFqYdGHvR1K kyl8EhioksP/Tze5cGBHTSFCjIh+lGMPEssJCQ== diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+55699.key b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+55699.key deleted file mode 100644 index 3a0fcec0..00000000 --- a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+55699.key +++ /dev/null @@ -1,3 +0,0 @@ -;% generationtime=20080731111645 -;% lifetime=2d -sub.example.de. IN DNSKEY 256 3 1 BQEAAAABwutYROLC3W5wyq8jZEN7Fjgn2bLMoUAVJoteHeTZgfc11ekm /T+TEsR0L1Eazfc/MP+8X0OzdEl97NGOPtmT9w== diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+55699.published b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+55699.published deleted file mode 100644 index b45db1f0..00000000 --- a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+55699.published +++ /dev/null @@ -1,10 +0,0 @@ -Private-key-format: v1.2 -Algorithm: 1 (RSA) -Modulus: wutYROLC3W5wyq8jZEN7Fjgn2bLMoUAVJoteHeTZgfc11ekm/T+TEsR0L1Eazfc/MP+8X0OzdEl97NGOPtmT9w== -PublicExponent: AQAAAAE= -PrivateExponent: f7ufWzg6L93T6LUD9P4Enjv0YvfQoIAJwO3OLdaMTuvz7ehqy+FWuAzy4fQwBxr768pDWv/EZqpqPuDIifUCUQ== -Prime1: 50l7b5UFq5ejhH7Y/ZTA03M0JMZiIQDrpJdWL89sn6M= -Prime2: 178TrVx2Of4cF18K9sbgdrbQCL82IotrErwo5YAsb50= -Exponent1: Gs/D3DZdG7gy9INcfyIBH8pOHkcITjxJQbEJotYtp48= -Exponent2: xVkRB61kvgdvwcowk4UnL6FqBPi5p9Jk1AlNteSksMU= -Coefficient: Z9dHWKQ4b7QgZt5kzJNs4gW4iZPvD2pdm31V0jEbPoA= diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./dlvset-sub.example.de. b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./dlvset-sub.example.de. deleted file mode 100644 index c392b9a2..00000000 --- a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./dlvset-sub.example.de. +++ /dev/null @@ -1,2 +0,0 @@ -sub.example.de.dlv.trusted-keys.net. IN DLV 40998 5 1 1414E9C46F367D787EEF2EC91E1FC66DD087AEAE -sub.example.de.dlv.trusted-keys.net. IN DLV 40998 5 2 6FE53984AB75C31A06778E9944F8CDB4790527D36BBD08CC1E90DA7A E32EEE5F diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./dnskey.db b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./dnskey.db deleted file mode 100644 index e922c186..00000000 --- a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./dnskey.db +++ /dev/null @@ -1,35 +0,0 @@ -; -; !!! Don't edit this file by hand. -; !!! It will be generated by dnssec-signer. -; -; Last generation time Jul 31 2008 13:16:45 -; - -; *** List of Key Signing Keys *** -; sub.example.de. tag=40998 algo=RSASHA1 generated Jul 27 2008 00:17:46 -sub.example.de. 3600 IN DNSKEY 257 3 5 ( - BQEAAAABpL4/T8z6mCbTm46Y9+KJOgCAk+dGHBoyg75N1f0lwYSZOLyy - yOLWwDxlsfkb5WwvZ1ZG6NFmg/3o5N3Zd7TEkkvHZafRMrzHFicdIMSv - jmOWVBR0GsEb+reREu5X0sdZbqOuxT6CkKoTXRpRZgU9ouus6W5bSWQA - fdQIegTBBKk= - ) ; key id = 40998 - -; *** List of Zone Signing Keys *** -; sub.example.de. tag=51977 algo=RSAMD5 generated Jul 29 2008 12:44:04 -sub.example.de. 3600 IN DNSKEY 256 3 1 ( - BQEAAAABrPRVqWxFqCoVRrtQ8XYrbeogdBKBvEus359hPgFqYdGHvR1K - kyl8EhioksP/Tze5cGBHTSFCjIh+lGMPEssJCQ== - ) ; key id = 51977 - -; sub.example.de. tag=19793 algo=RSAMD5 generated Jul 29 2008 12:44:05 -sub.example.de. 3600 IN DNSKEY 256 3 1 ( - BQEAAAABny2+yO3erGn/4hCJyG031zbeZa91KPPsQRfqgx3eNgyaQjfD - 7NTKuAfJjbSTbHnvXF008duYET+UU9+hS01RIw== - ) ; key id = 19793 - -; sub.example.de. tag=55699 algo=RSAMD5 generated Jul 31 2008 13:16:45 -sub.example.de. 3600 IN DNSKEY 256 3 1 ( - BQEAAAABwutYROLC3W5wyq8jZEN7Fjgn2bLMoUAVJoteHeTZgfc11ekm - /T+TEsR0L1Eazfc/MP+8X0OzdEl97NGOPtmT9w== - ) ; key id = 55699 - diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./dsset-sub.example.de. b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./dsset-sub.example.de. deleted file mode 100644 index b8ec77b3..00000000 --- a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./dsset-sub.example.de. +++ /dev/null @@ -1,2 +0,0 @@ -sub.example.de. IN DS 40998 5 1 1414E9C46F367D787EEF2EC91E1FC66DD087AEAE -sub.example.de. IN DS 40998 5 2 6FE53984AB75C31A06778E9944F8CDB4790527D36BBD08CC1E90DA7A E32EEE5F diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./keyset-sub.example.de. b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./keyset-sub.example.de. deleted file mode 100644 index 04ed33aa..00000000 --- a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./keyset-sub.example.de. +++ /dev/null @@ -1,8 +0,0 @@ -$ORIGIN . -sub.example.de 7200 IN DNSKEY 257 3 5 ( - BQEAAAABpL4/T8z6mCbTm46Y9+KJOgCAk+dG - HBoyg75N1f0lwYSZOLyyyOLWwDxlsfkb5Wwv - Z1ZG6NFmg/3o5N3Zd7TEkkvHZafRMrzHFicd - IMSvjmOWVBR0GsEb+reREu5X0sdZbqOuxT6C - kKoTXRpRZgU9ouus6W5bSWQAfdQIegTBBKk= - ) ; key id = 40998 diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./zone.db.signed b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./zone.db.signed deleted file mode 100644 index d607de5f..00000000 --- a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./zone.db.signed +++ /dev/null @@ -1,108 +0,0 @@ -; File written on Thu Jul 31 13:16:45 2008 -; dnssec_signzone version 9.5.1b1 -sub.example.de. 7200 IN SOA ns1.example.de. hostmaster.example.de. ( - 2008073101 ; serial - 86400 ; refresh (1 day) - 1800 ; retry (30 minutes) - 1209600 ; expire (2 weeks) - 7200 ; minimum (2 hours) - ) - 7200 RRSIG SOA 1 3 7200 20080802100259 ( - 20080731101645 19793 sub.example.de. - d/lRqmf+AWENEHoKbG+ABspEFH0UEHsyue0o - DPPUzkAw/gZcHcwoCuf4AsbUYHz1HKyHjeUz - g2+AsH8mPZKGvg== ) - 7200 NS ns1.example.de. - 7200 RRSIG NS 1 3 7200 20080802095409 ( - 20080731101645 19793 sub.example.de. - VoXeajFhxMQjwVXspcxBN/lfM1R6hc1fIVdV - HjWlw0RSeCL7fBOY54HOIWcu6jHegMrjuB9y - KTOgEwv3r8kOiw== ) - 7200 NSEC a.sub.example.de. NS SOA RRSIG NSEC DNSKEY - 7200 RRSIG NSEC 1 3 7200 20080802095639 ( - 20080731101645 19793 sub.example.de. - cmhtmISCv2bbpBkgwyMuKNnlrNsJ3GViYUxT - lhQ8ASHjNH74mIuenBIGy+w3RxyDzoMk1w6Y - J0qpEvDF3FNvRQ== ) - 3600 DNSKEY 256 3 1 ( - BQEAAAABny2+yO3erGn/4hCJyG031zbeZa91 - KPPsQRfqgx3eNgyaQjfD7NTKuAfJjbSTbHnv - XF008duYET+UU9+hS01RIw== - ) ; key id = 19793 - 3600 DNSKEY 256 3 1 ( - BQEAAAABrPRVqWxFqCoVRrtQ8XYrbeogdBKB - vEus359hPgFqYdGHvR1Kkyl8EhioksP/Tze5 - cGBHTSFCjIh+lGMPEssJCQ== - ) ; key id = 51977 - 3600 DNSKEY 256 3 1 ( - BQEAAAABwutYROLC3W5wyq8jZEN7Fjgn2bLM - oUAVJoteHeTZgfc11ekm/T+TEsR0L1Eazfc/ - MP+8X0OzdEl97NGOPtmT9w== - ) ; key id = 55699 - 3600 DNSKEY 257 3 5 ( - BQEAAAABpL4/T8z6mCbTm46Y9+KJOgCAk+dG - HBoyg75N1f0lwYSZOLyyyOLWwDxlsfkb5Wwv - Z1ZG6NFmg/3o5N3Zd7TEkkvHZafRMrzHFicd - IMSvjmOWVBR0GsEb+reREu5X0sdZbqOuxT6C - kKoTXRpRZgU9ouus6W5bSWQAfdQIegTBBKk= - ) ; key id = 40998 - 3600 RRSIG DNSKEY 1 3 3600 20080802100935 ( - 20080731101645 19793 sub.example.de. - WU1UIuqpuCLRe/46p4u2eqEvKrfsBvKpzKmx - TLG2AX+AOxWhRH5CqZ1zDiKUd+Xu6ekGxB/g - ZOu0rsPqvux2PA== ) - 3600 RRSIG DNSKEY 5 3 3600 20080802100334 ( - 20080731101645 40998 sub.example.de. - WW23Oq06HTSt5R/4Ds/nOl1n0Egsbf4bztB8 - MZQAv6khorlDzmy3B4WPG1f79yuc26Zb6/Z9 - QxNH0s68kp3X/eBR7FTEfHehsKaoRtaxldhz - V0VjOKI2iu4mhA6n/P0bAEhfxFxxde5tymP/ - Od6//GN4UmNi9LCwWtLbGnF4Gpc= ) -a.sub.example.de. 7200 IN A 1.2.3.4 - 7200 RRSIG A 1 4 7200 20080802095159 ( - 20080731101645 19793 sub.example.de. - LxVthdAkEiBec6khr63+rufhSwtByBNvff8e - HEG/m+yusTBVqVoUp987aabxqaeW5v6f4GaB - 4iK4mspVH4Md7A== ) - 7200 NSEC b.sub.example.de. A RRSIG NSEC - 7200 RRSIG NSEC 1 4 7200 20080802100843 ( - 20080731101645 19793 sub.example.de. - HEqR2LChtQD2AeGCBhCsCemP3kjwAGi3RIXu - UpklHVo44Yu+JINnO/jxZ61CtlvBaZ25dpjt - 4ldl+d6z3bs4pQ== ) -b.sub.example.de. 7200 IN A 1.2.3.5 - 7200 RRSIG A 1 4 7200 20080802095415 ( - 20080731101645 19793 sub.example.de. - eLTaD1maS++Py3rybVftMtz0V8QnJenAH6tQ - PIcoZElIaLt8DGfwJYPmIPJlhwNlyqJH7d2A - SDEWBEFsFCnMkg== ) - 7200 NSEC c.sub.example.de. A RRSIG NSEC - 7200 RRSIG NSEC 1 4 7200 20080802094836 ( - 20080731101645 19793 sub.example.de. - nHvo1ValqHljlwCiPI51hdl0lnd5WiDIHbo7 - MMxxZrYLNAP9ECK5DCzht9UrEGgIpI/MAvsU - 7S7eIlt0jBSehg== ) -c.sub.example.de. 7200 IN A 1.2.3.6 - 7200 RRSIG A 1 4 7200 20080802095037 ( - 20080731101645 19793 sub.example.de. - eVluthAz6YLAJWSaroRGuf5IsjhHoLz60Ot9 - 1KTnw9zAFU16H6vuQ/TIH7ZzHOT0CgdwawF5 - V0L4MAkK76H00w== ) - 7200 NSEC localhost.sub.example.de. A RRSIG NSEC - 7200 RRSIG NSEC 1 4 7200 20080802100135 ( - 20080731101645 19793 sub.example.de. - KRTIiVJPkQayfB8k6sIWyZPm6fqQAZbs8BQ4 - jz/EGrHj3oFPRULUpLMKUdLFAp0kU0qRqCwl - Ull//CFV9J272A== ) -localhost.sub.example.de. 7200 IN A 127.0.0.1 - 7200 RRSIG A 1 4 7200 20080802095833 ( - 20080731101645 19793 sub.example.de. - fXGLRIRCvK/Q9D+dQTia3HUe1xlVBwBL1vcY - wRWdvNQgXQnOkpGtcb9fjKXkPz34SirmyESh - 8kYWUvV1kghBzA== ) - 7200 NSEC sub.example.de. A RRSIG NSEC - 7200 RRSIG NSEC 1 4 7200 20080802101452 ( - 20080731101645 19793 sub.example.de. - EqI9jcbxtroVBCVrCLWezzcxNvwm2xl/1nCt - 6Nogs3WvBPpMExUX2tWvpJMV14vpFSW2qWQK - UoFq9NHsH2WSDw== ) diff --git a/contrib/zkt/examples/hierarchical/de./example.de./zone.db.signed b/contrib/zkt/examples/hierarchical/de./example.de./zone.db.signed deleted file mode 100644 index 4b9b3dc7..00000000 --- a/contrib/zkt/examples/hierarchical/de./example.de./zone.db.signed +++ /dev/null @@ -1,147 +0,0 @@ -; File written on Tue Jul 29 12:44:06 2008 -; dnssec_signzone version 9.5.1b1 -example.de. 7200 IN SOA ns1.example.de. hostmaster.example.de. ( - 258 ; serial - 43200 ; refresh (12 hours) - 1800 ; retry (30 minutes) - 1209600 ; expire (2 weeks) - 7200 ; minimum (2 hours) - ) - 7200 RRSIG SOA 5 2 7200 20080808092956 ( - 20080729094406 35672 example.de. - UufM9vATUwvqXJjvgt9WGAytmMhd7Pz/3DK0 - 6a9uReXHcU4NcO0BhTP9chwXAQC5pI2ucRxs - /4p/Vc/L91wUMA== ) - 7200 NS ns1.example.de. - 7200 NS ns2.example.de. - 7200 RRSIG NS 5 2 7200 20080808091515 ( - 20080729094406 35672 example.de. - hpHATL81t7GASSKPPBuheQqBqXU688itETkN - QYfy/OwcE/7g+LvS1oHEBRds6neRkXxUpDa1 - hsdbbCDo6UuHSg== ) - 7200 NSEC localhost.example.de. NS SOA RRSIG NSEC DNSKEY - 7200 RRSIG NSEC 5 2 7200 20080808092007 ( - 20080729094406 35672 example.de. - aN9cYobVe+qJ5Gw0GPMQI3V7vPQaF7cBuX6T - +yWZ/TAHhKcJYqbwOQH2XQar2s+JwckEMSdI - HFPySUOtQaNNxA== ) - 3600 DNSKEY 256 3 5 ( - BQEAAAABnRJdmY7dzRKi93pVkLToV5FK4Ffm - 8YnY0c6IHKcAmb5t8FLvpNijniIclCPXTpfi - o+HNa59a4UA8jTdJb+kT0w== - ) ; key id = 35672 - 3600 DNSKEY 256 3 5 ( - BQEAAAAByN2rMrazHwh+sNOv8cBef3HUotAQ - TS9QW4Y5NjNuyYNraJBAOqV8KSaGQqIhkh0Z - D0oIm2h0JowdyERZVj6ZZQ== - ) ; key id = 11867 - 3600 DNSKEY 257 3 5 ( - BQEAAAABDfaBERX9p+FUi1OXYVig7zLCQFZo - RYpwDDuLzBcC7k+G1+wWdftyA1vBm5HMpyq0 - OifT0Hsez4+H+0CIWHZP8oPCYfKrq+wM2EgM - zDDOYv+O1TQU4i3G+iONxB1RAwH/J2lA+U0z - Cbrdf0KLq/enNquchhPw4gCX0RB9HC+TkpoP - f2u7aKFcjlpw4C4uhDl1s6FpfdXe6NQWW6c+ - ONUcLAEt+w== - ) ; key id = 59244 - 3600 DNSKEY 257 3 5 ( - BQEAAAABDrm5aXRPuZOmwT4nINnY2qXyXWLt - utggFAJgBW5Ua7uzAR+7r/DcOE7IfjnT5FQh - bYXIuKy61uOEqPu1TYvDsGb1pseKSB4J0jmX - DU9Ntu9TDp6X6ZXE11+cFdATa4TPnsAUMSxV - kLZanrbyACmcNr1gjT3dz6qIVBVPb5OnUldn - dbgtlOX3wcE0aR/MIsIjz1UQl/QoxbVclZVO - UNdJQGb9zQ== - ) ; key id = 41145 - 3600 DNSKEY 385 3 5 ( - BQEAAAABCyg92L7v21N3lc/gR07/2iLmvt6d - Un1KKauLvmkRuT040XT+Rd3Iq20iq6BqVPsP - S+hCOTRA3xikTIn5YzmPLPutIRtjIodHhsrM - L4D9Pp1dzgEDKWLam96v+E7KC0GGH/BI6/We - lqeqjS5BjI4Gjv4roaTyDCi63oXwcMFDVwrS - jws4A/5AGANka41Aky+UCGse6+64YmNP/QkS - XDAeBZqwrw== - ) ; key id = 17567 - 3600 RRSIG DNSKEY 5 2 3600 20080808092214 ( - 20080729094406 41145 example.de. - BMVp5vW7MgvrhoGfqQhdwGg1mBHNw4xnI+YX - XMYqOAMMRmFg7G6Vn+UcFmUoL1AdUKIdXPp7 - t30UREHQspELWmnLVdJ36HRmzk1eNgwLFuUM - l+Lr+KeoufJ2QlF4TWeItozv0pgmkxaOr0Im - fzRmWKs84rwautwY+R/b5wrCMfZt96/JPGA0 - 4JWDls1wJ7iR0LtiJxe7mvtNRZ5krPFKXBRz - nA== ) - 3600 RRSIG DNSKEY 5 2 3600 20080808092411 ( - 20080729094406 17567 example.de. - BmHQcJsmGmt7HZHqWPAHQuelDrWXASUy7tgc - W4RVIed4voZiHyvxfTPR3cldIWpdP2RqxMm8 - Dj5hlYRqnVt3phSSnwpczcPkfQD4meTqK0DJ - kpX/mBCMHedfvATKf82A9wri13/Zi97N6sTK - 4VZZIWaUH/YDYyMwxgK70+jU0m2N8Iebm3s6 - RshTMxAZjiSH29mgow/HSHtf+cnaTUGAr83P - ug== ) - 3600 RRSIG DNSKEY 5 2 3600 20080808093317 ( - 20080729094406 35672 example.de. - Q5UnfDMbzApCl/wOy9IDna25UVvjKhuV/dos - hFKPUArM4wDx9kJU5tc1Eatwh4MAXPM81kNW - 6DbiKMXJpO7biQ== ) -localhost.example.de. 7200 IN A 127.0.0.1 - 7200 RRSIG A 5 3 7200 20080808092724 ( - 20080729094406 35672 example.de. - JW8ScAtavvTR0fHI/ZDZTgARHSXM/QcLT+w6 - dl6kaeR/9JqxTKpKnH6mtYYdfqom4siJnZCI - D66sltGHW/er+Q== ) - 7200 NSEC ns1.example.de. A RRSIG NSEC - 7200 RRSIG NSEC 5 3 7200 20080808094047 ( - 20080729094406 35672 example.de. - XsTqHahVRcPPyrdffkdyBj0BFlTx2vkmfrvY - IIQcaNiUxrgZfyDBQ1GZbL4tDGK/ujValdz9 - s2s+6ISxxobC3A== ) -ns1.example.de. 7200 IN A 1.0.0.5 - 7200 RRSIG A 5 3 7200 20080808091743 ( - 20080729094406 35672 example.de. - ljYOmOC9r3RlsohXrHt40sIQuF98JSkRSFHb - xKlcToqEVSgxAKkMlwPKBQPaHtRdQhIVkxly - OpCYxAQSguB/MA== ) - 7200 AAAA 2001:db8::53 - 7200 RRSIG AAAA 5 3 7200 20080808094144 ( - 20080729094406 35672 example.de. - nNchBWvoPtgRNxaz9bmFwvv/KtgloYq1SGti - 59yQFFm6ixY0p0l0d+U5nnwgI1iS5h0JGYqI - 0mOu0mNbxtt9gQ== ) - 7200 NSEC ns2.example.de. A AAAA RRSIG NSEC - 7200 RRSIG NSEC 5 3 7200 20080808092537 ( - 20080729094406 35672 example.de. - MgnxPyKHMqQXnmfjh5ffr0FRvgRyl7D56phx - xKzTquSXDECP5ORpDxvybixbvHvM8R59LjYH - 1OZ3fi+/kWVAJg== ) -ns2.example.de. 7200 IN A 1.2.0.6 - 7200 RRSIG A 5 3 7200 20080808091624 ( - 20080729094406 35672 example.de. - MkrwvOLYJQvoNFNeqtLOOmDnVFY0n7qdTOUL - Ia2stlfOn7r/7f4lKQTE5UMM+SBN2iizV4qc - SFFUxREAI5UGkQ== ) - 7200 NSEC sub.example.de. A RRSIG NSEC - 7200 RRSIG NSEC 5 3 7200 20080808094337 ( - 20080729094406 35672 example.de. - QE8DYRraVloZVQi2RTpYwxEY1P0u3ovHgC58 - AR1NiLtbQ0YCsPJZeIhVSXbdd8qLZzb5gsJ2 - 9AU6m1TfAa5WSw== ) -sub.example.de. 7200 IN NS ns1.example.de. - 7200 DS 40998 5 1 ( - 1414E9C46F367D787EEF2EC91E1FC66DD087 - AEAE ) - 7200 DS 40998 5 2 ( - 6FE53984AB75C31A06778E9944F8CDB47905 - 27D36BBD08CC1E90DA7AE32EEE5F ) - 7200 RRSIG DS 5 3 7200 20080808092142 ( - 20080729094406 35672 example.de. - cdyXeVNOD5TBuab8JFkwcf4GiS2n9F4tgct/ - ZedULbikEqO0CyJddPW3wSsNAZeP2tgXJNI8 - H6SutDh0IiR5MA== ) - 7200 NSEC example.de. NS DS RRSIG NSEC - 7200 RRSIG NSEC 5 3 7200 20080808091754 ( - 20080729094406 35672 example.de. - jkvn4NznbaH8S5PeWkPf/cHaq19kNav8Y78E - 3GVQHD3ApcDAMs8gImjRrJMT1lqSB7yCu/5f - k3CPfTs/+p/8Og== ) diff --git a/contrib/zkt/examples/hierarchical/de./keyset-example.de. b/contrib/zkt/examples/hierarchical/de./keyset-example.de. deleted file mode 100644 index 2b40c68f..00000000 --- a/contrib/zkt/examples/hierarchical/de./keyset-example.de. +++ /dev/null @@ -1,28 +0,0 @@ -$ORIGIN . -example.de 7200 IN DNSKEY 257 3 5 ( - BQEAAAABDfaBERX9p+FUi1OXYVig7zLCQFZo - RYpwDDuLzBcC7k+G1+wWdftyA1vBm5HMpyq0 - OifT0Hsez4+H+0CIWHZP8oPCYfKrq+wM2EgM - zDDOYv+O1TQU4i3G+iONxB1RAwH/J2lA+U0z - Cbrdf0KLq/enNquchhPw4gCX0RB9HC+TkpoP - f2u7aKFcjlpw4C4uhDl1s6FpfdXe6NQWW6c+ - ONUcLAEt+w== - ) ; key id = 59244 - 7200 IN DNSKEY 257 3 5 ( - BQEAAAABDrm5aXRPuZOmwT4nINnY2qXyXWLt - utggFAJgBW5Ua7uzAR+7r/DcOE7IfjnT5FQh - bYXIuKy61uOEqPu1TYvDsGb1pseKSB4J0jmX - DU9Ntu9TDp6X6ZXE11+cFdATa4TPnsAUMSxV - kLZanrbyACmcNr1gjT3dz6qIVBVPb5OnUldn - dbgtlOX3wcE0aR/MIsIjz1UQl/QoxbVclZVO - UNdJQGb9zQ== - ) ; key id = 41145 - 7200 IN DNSKEY 385 3 5 ( - BQEAAAABCyg92L7v21N3lc/gR07/2iLmvt6d - Un1KKauLvmkRuT040XT+Rd3Iq20iq6BqVPsP - S+hCOTRA3xikTIn5YzmPLPutIRtjIodHhsrM - L4D9Pp1dzgEDKWLam96v+E7KC0GGH/BI6/We - lqeqjS5BjI4Gjv4roaTyDCi63oXwcMFDVwrS - jws4A/5AGANka41Aky+UCGse6+64YmNP/QkS - XDAeBZqwrw== - ) ; key id = 17567 diff --git a/contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+11327.key b/contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+11327.key new file mode 100644 index 00000000..554986d5 --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+11327.key @@ -0,0 +1,3 @@ +;% generationtime=20080914221502 +;% lifetime=90d +example.de. IN DNSKEY 256 3 5 BQEAAAABqbCqCu2ncgLw+0oWWiveBVK3zchYFYUD2lnvJKeq7ATwesuR Npn17Erjz09GhDn9l2J92dAy8m4uofcdFkYKnQ== diff --git a/contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+11327.private b/contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+11327.private new file mode 100644 index 00000000..dda12aa8 --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+11327.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: qbCqCu2ncgLw+0oWWiveBVK3zchYFYUD2lnvJKeq7ATwesuRNpn17Erjz09GhDn9l2J92dAy8m4uofcdFkYKnQ== +PublicExponent: AQAAAAE= +PrivateExponent: h7mIMjyW6H7MpJIYWhTgerkh5pR9LbSJbuA/cKp9AU18blpyk4xOzIYGw0SXBqFezHpF0I6BEzSikgwyF1RDAQ== +Prime1: 1YdJ1XTzsyvAgEjhutvSA4RSkCyPGsTZ81wxZcifWtE= +Prime2: y3EofwE/nv2kF6/I2STrb3A8gbsBx5D4/6SiKFuHDg0= +Exponent1: vjWx9G8qNVnlPPWD9uc/6um1vS2+yvriFV3MIMIZL/E= +Exponent2: o/Jlw/TZ/IrlSvzNCc+xeF8qpip51onZ6fOFFjQ+QQ== +Coefficient: K/UescJkRXWQr6FmABrKx3kalg748qkaWqvrY101OeY= diff --git a/contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+37983.key b/contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+37983.key new file mode 100644 index 00000000..55364ea6 --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+37983.key @@ -0,0 +1,3 @@ +;% generationtime=20081116180040 +;% lifetime=365d +example.de. IN DNSKEY 257 3 5 BQEAAAABDOkPawC/tCqSITj6lvzcIPwcMEX+Nvz17GBu85jmigMuvZQU YZBVUmJNNBbCNStlz+Y+1pGg9HbWFvn0tpH/bm4mZPlJmk+WxQhHz7eT m5xhSaSEEzq0uf087tAbaq1yaTpTtA2R7JXIPxt6CuD9Ou5bbYOzrFnB q1VBAYrwB6t/us10+Ab7T6Jvie/W+v4jto1Xx912Z8HHTbU48Mlp1+mU jQ== diff --git a/contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+37983.published b/contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+37983.published new file mode 100644 index 00000000..b120c0c6 --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+37983.published @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: DOkPawC/tCqSITj6lvzcIPwcMEX+Nvz17GBu85jmigMuvZQUYZBVUmJNNBbCNStlz+Y+1pGg9HbWFvn0tpH/bm4mZPlJmk+WxQhHz7eTm5xhSaSEEzq0uf087tAbaq1yaTpTtA2R7JXIPxt6CuD9Ou5bbYOzrFnBq1VBAYrwB6t/us10+Ab7T6Jvie/W+v4jto1Xx912Z8HHTbU48Mlp1+mUjQ== +PublicExponent: AQAAAAE= +PrivateExponent: AcxmOS9ewHH4UTWVHOSEyONodDImWb5DFyMOUzn3FCkdBEnsOAYTO8/noT3PP0uoMK0s7/BlIReEqsyCVcgQVrTbJszoKlwhHT+XO60i3wPJIWF9u8ouFDnGLkbSRpw6L72uRZy9SdSWUWHdlRayK6T3uJGrcsCLIlzaSue1vXjdUobHMVxQ+mPCFNjSgRWOvTxGcsoXPKx5MjrmAUEnLyQuoQ== +Prime1: A50KZhIYCkyx48okZHgirDXs0cVYf2OOvLcNKF4AvBBTwoV9+oFfTd+wKy9f+G/FqVBV1s4rv/M7UCpAFJPCqaDkt+EEv5DNnX69RgvwBrHyxQ== +Prime2: A5KoV2IkWEM9Djm8pZay/fQpM8coQxVutNDb9G4ADMwpwK5ddGifS38jPlHenUKDxSFtfOZBQbyf7ra/lSttpOqSnr/e6s6HHRn5TYfdR9IXKQ== +Exponent1: eWP9FtwMjnnrsAhQlO7Fbko74gKGRVaygSe4Pd+TGM22dHDZCCoc//IBL+s2Dhezy1l8xiOPVbcxzxHMbqrQhPENi7HihDwiR1WfuSaoIfod +Exponent2: AweXUxlW7qBg+v2qV5cCZl+gvTBW/1vP7llsoOqbHR69xLklXEV96TlEbKU8hoSnq8ts8qqh4/HFj1d+KRTeHWpseUm0GXdK/k7ZvYfr7KVHUQ== +Coefficient: AwVZtbgFX0bAOj9J2p48qYAn3EaIuCvzDYoIE3E/m3NZS8UXQ5MK12AFhulRYpWOgZCIWK9fH0MTvtDFk3I5vyFTMhovDBrSWNn/+TJ47CwrBQ== diff --git a/contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+47280.key b/contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+47280.key new file mode 100644 index 00000000..cf983b69 --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+47280.key @@ -0,0 +1,3 @@ +;% generationtime=20080914221502 +;% lifetime=365d +example.de. IN DNSKEY 257 3 5 BQEAAAABDV7kFHqVcWLoSAShdlXU5LKUdyU4LlsJGYMr8oIpjEzvwonR mX5pRiEjVhTwx+vx6eWluv6txXVu+F0g2ykmqUQdMfPYWmD9AJOqvc2t CKVSRePqZ+HeIZR+heBnFKr5kWQmB5XOlMdWNRA3y78s/LufVB8hD7r2 60jrVJ0W6wSMGDjN4zQce8rHCe+LNB1GfaIASkMWjdgxNNAsK9bqDM8E uw== diff --git a/contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+47280.private b/contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+47280.private new file mode 100644 index 00000000..fed718b5 --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+47280.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: DV7kFHqVcWLoSAShdlXU5LKUdyU4LlsJGYMr8oIpjEzvwonRmX5pRiEjVhTwx+vx6eWluv6txXVu+F0g2ykmqUQdMfPYWmD9AJOqvc2tCKVSRePqZ+HeIZR+heBnFKr5kWQmB5XOlMdWNRA3y78s/LufVB8hD7r260jrVJ0W6wSMGDjN4zQce8rHCe+LNB1GfaIASkMWjdgxNNAsK9bqDM8Euw== +PublicExponent: AQAAAAE= +PrivateExponent: CxINUgbVqMf0BnMNYq3aL8ucN4fael2ljQYgDCpcTMfqVuRo+Vo6sMEr3C6Bw8MTHWo2jMxdulyS4tsiMQVVjWUArFL/sfFYLwopjOExcneji6noi8n9dzgslNpo3QAdnKwDGUwj+k7CBzCbLSZ5xpt/eaHcN4l1buQ0tcqShthdh7sNHFX1nAqjsLa7xxCiBsliA6LD/QTAAzcbED0Xw7SJWQ== +Prime1: A+RY6jx9urFg5GeyRqrAiqqClEzyWgEM4HsJn/oQ38PE6NrPzcG9U95um79u1WwWtXe5xTifInhN40CpxQYH45NFjZEuEvROvkXk5JHV9b5UHw== +Prime2: A2949khdV+cKgI2EHmRIu7PJUFkBgrMXacwVpGdaN41NpJYFRYW8qoPmKRrw/Fji7GZj0rrro51XT7JNDbC44dX/bGdNa/eWvslPJGfCR4Gb5Q== +Exponent1: rVHNFnlV2HXIOzi9+2Hit8m7bNXrVXA/DJ3lGCzDL2PzpvQcrL6mMXzaYznP9XaSgyR9M8u+Tdwqq11lHsnWhNLyWKTyAlO5WP3syQD3+0Jp +Exponent2: ArQCCQS8lPgDvu7LI3q5tanr2nmM2uMzPNud9EPSqAql8iEIgOZDLDsMDZd9QHm2Dicjc2UifTcJgQlc3OACSVYkkxjvHKO7t03KNoZkhceTTQ== +Coefficient: GUOOUFWtz0iCPZx1ljdxpP3T4hW7Jux1zcfV6PwX+Nx+8KcawXFfNxjsC1+Sla9Txv02Kgqg9Mh3mCNGynimcbkmmOcfyozKOttAD1sheFK0 diff --git a/contrib/zkt/examples/hierarchical/de/example.de/dnskey.db b/contrib/zkt/examples/hierarchical/de/example.de/dnskey.db new file mode 100644 index 00000000..6fb2c44a --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de/example.de/dnskey.db @@ -0,0 +1,33 @@ +; +; !!! Don't edit this file by hand. +; !!! It will be generated by dnssec-signer. +; +; Last generation time Dec 28 2008 23:06:40 +; + +; *** List of Key Signing Keys *** +; example.de. tag=47280 algo=RSASHA1 generated Nov 16 2008 19:00:40 +example.de. 3600 IN DNSKEY 257 3 5 ( + BQEAAAABDV7kFHqVcWLoSAShdlXU5LKUdyU4LlsJGYMr8oIpjEzvwonR + mX5pRiEjVhTwx+vx6eWluv6txXVu+F0g2ykmqUQdMfPYWmD9AJOqvc2t + CKVSRePqZ+HeIZR+heBnFKr5kWQmB5XOlMdWNRA3y78s/LufVB8hD7r2 + 60jrVJ0W6wSMGDjN4zQce8rHCe+LNB1GfaIASkMWjdgxNNAsK9bqDM8E + uw== + ) ; key id = 47280 + +; example.de. tag=37983 algo=RSASHA1 generated Nov 16 2008 19:00:40 +example.de. 3600 IN DNSKEY 257 3 5 ( + BQEAAAABDOkPawC/tCqSITj6lvzcIPwcMEX+Nvz17GBu85jmigMuvZQU + YZBVUmJNNBbCNStlz+Y+1pGg9HbWFvn0tpH/bm4mZPlJmk+WxQhHz7eT + m5xhSaSEEzq0uf087tAbaq1yaTpTtA2R7JXIPxt6CuD9Ou5bbYOzrFnB + q1VBAYrwB6t/us10+Ab7T6Jvie/W+v4jto1Xx912Z8HHTbU48Mlp1+mU + jQ== + ) ; key id = 37983 + +; *** List of Zone Signing Keys *** +; example.de. tag=11327 algo=RSASHA1 generated Nov 16 2008 19:00:40 +example.de. 3600 IN DNSKEY 256 3 5 ( + BQEAAAABqbCqCu2ncgLw+0oWWiveBVK3zchYFYUD2lnvJKeq7ATwesuR + Npn17Erjz09GhDn9l2J92dAy8m4uofcdFkYKnQ== + ) ; key id = 11327 + diff --git a/contrib/zkt/examples/hierarchical/de/example.de/dsset-example.de. b/contrib/zkt/examples/hierarchical/de/example.de/dsset-example.de. new file mode 100644 index 00000000..86ba183b --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de/example.de/dsset-example.de. @@ -0,0 +1,4 @@ +example.de. IN DS 37983 5 1 635B486D53D19B16BC4A87366BC2D5626978F4B9 +example.de. IN DS 37983 5 2 5B8412FE443D8F4F77AC4C89FF12289DA88998D864EC68E3E5A4EE2C B192F9DC +example.de. IN DS 47280 5 1 149C886C8175B220A964D4293EB4FCFAC1650974 +example.de. IN DS 47280 5 2 466E738B6913F7081DE5E17FC3567771618AB1D6CB0A333270A4AC24 7DB14DD0 diff --git a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+17439.key b/contrib/zkt/examples/hierarchical/de/example.de/kexample.de.+005+17439.key index 19861178..19861178 100644 --- a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+17439.key +++ b/contrib/zkt/examples/hierarchical/de/example.de/kexample.de.+005+17439.key diff --git a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+17439.private b/contrib/zkt/examples/hierarchical/de/example.de/kexample.de.+005+17439.private index 62b7ca4c..62b7ca4c 100644 --- a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+17439.private +++ b/contrib/zkt/examples/hierarchical/de/example.de/kexample.de.+005+17439.private diff --git a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+41145.key b/contrib/zkt/examples/hierarchical/de/example.de/kexample.de.+005+41145.key index 3a636d47..868d2f14 100644 --- a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+41145.key +++ b/contrib/zkt/examples/hierarchical/de/example.de/kexample.de.+005+41145.key @@ -1,3 +1,4 @@ ;% generationtime=20080608210458 ;% lifetime=20d -example.de. IN DNSKEY 257 3 5 BQEAAAABDrm5aXRPuZOmwT4nINnY2qXyXWLtutggFAJgBW5Ua7uzAR+7 r/DcOE7IfjnT5FQhbYXIuKy61uOEqPu1TYvDsGb1pseKSB4J0jmXDU9N tu9TDp6X6ZXE11+cFdATa4TPnsAUMSxVkLZanrbyACmcNr1gjT3dz6qI VBVPb5OnUldndbgtlOX3wcE0aR/MIsIjz1UQl/QoxbVclZVOUNdJQGb9 zQ== +;% expirationtime=20080914221502 +example.de. IN DNSKEY 385 3 5 BQEAAAABDrm5aXRPuZOmwT4nINnY2qXyXWLtutggFAJgBW5Ua7uzAR+7 r/DcOE7IfjnT5FQhbYXIuKy61uOEqPu1TYvDsGb1pseKSB4J0jmXDU9N tu9TDp6X6ZXE11+cFdATa4TPnsAUMSxVkLZanrbyACmcNr1gjT3dz6qI VBVPb5OnUldndbgtlOX3wcE0aR/MIsIjz1UQl/QoxbVclZVOUNdJQGb9 zQ== diff --git a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+41145.private b/contrib/zkt/examples/hierarchical/de/example.de/kexample.de.+005+41145.private index b0466be3..b0466be3 100644 --- a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+41145.private +++ b/contrib/zkt/examples/hierarchical/de/example.de/kexample.de.+005+41145.private diff --git a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+59244.key b/contrib/zkt/examples/hierarchical/de/example.de/kexample.de.+005+59244.key index 35d4c6ab..b1fede64 100644 --- a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+59244.key +++ b/contrib/zkt/examples/hierarchical/de/example.de/kexample.de.+005+59244.key @@ -1,3 +1,4 @@ ;% generationtime=20080711221000 ;% lifetime=20d -example.de. IN DNSKEY 257 3 5 BQEAAAABDfaBERX9p+FUi1OXYVig7zLCQFZoRYpwDDuLzBcC7k+G1+wW dftyA1vBm5HMpyq0OifT0Hsez4+H+0CIWHZP8oPCYfKrq+wM2EgMzDDO Yv+O1TQU4i3G+iONxB1RAwH/J2lA+U0zCbrdf0KLq/enNquchhPw4gCX 0RB9HC+TkpoPf2u7aKFcjlpw4C4uhDl1s6FpfdXe6NQWW6c+ONUcLAEt +w== +;% expirationtime=20081116180039 +example.de. IN DNSKEY 385 3 5 BQEAAAABDfaBERX9p+FUi1OXYVig7zLCQFZoRYpwDDuLzBcC7k+G1+wW dftyA1vBm5HMpyq0OifT0Hsez4+H+0CIWHZP8oPCYfKrq+wM2EgMzDDO Yv+O1TQU4i3G+iONxB1RAwH/J2lA+U0zCbrdf0KLq/enNquchhPw4gCX 0RB9HC+TkpoPf2u7aKFcjlpw4C4uhDl1s6FpfdXe6NQWW6c+ONUcLAEt +w== diff --git a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+59244.published b/contrib/zkt/examples/hierarchical/de/example.de/kexample.de.+005+59244.private index b7f28dba..b7f28dba 100644 --- a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+59244.published +++ b/contrib/zkt/examples/hierarchical/de/example.de/kexample.de.+005+59244.private diff --git a/contrib/zkt/examples/hierarchical/de/example.de/keyset-example.de. b/contrib/zkt/examples/hierarchical/de/example.de/keyset-example.de. new file mode 100644 index 00000000..27a14419 --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de/example.de/keyset-example.de. @@ -0,0 +1,19 @@ +$ORIGIN . +example.de 7200 IN DNSKEY 257 3 5 ( + BQEAAAABDOkPawC/tCqSITj6lvzcIPwcMEX+ + Nvz17GBu85jmigMuvZQUYZBVUmJNNBbCNStl + z+Y+1pGg9HbWFvn0tpH/bm4mZPlJmk+WxQhH + z7eTm5xhSaSEEzq0uf087tAbaq1yaTpTtA2R + 7JXIPxt6CuD9Ou5bbYOzrFnBq1VBAYrwB6t/ + us10+Ab7T6Jvie/W+v4jto1Xx912Z8HHTbU4 + 8Mlp1+mUjQ== + ) ; key id = 37983 + 7200 IN DNSKEY 257 3 5 ( + BQEAAAABDV7kFHqVcWLoSAShdlXU5LKUdyU4 + LlsJGYMr8oIpjEzvwonRmX5pRiEjVhTwx+vx + 6eWluv6txXVu+F0g2ykmqUQdMfPYWmD9AJOq + vc2tCKVSRePqZ+HeIZR+heBnFKr5kWQmB5XO + lMdWNRA3y78s/LufVB8hD7r260jrVJ0W6wSM + GDjN4zQce8rHCe+LNB1GfaIASkMWjdgxNNAs + K9bqDM8Euw== + ) ; key id = 47280 diff --git a/contrib/zkt/examples/hierarchical/de/example.de/keyset-sub.example.de. b/contrib/zkt/examples/hierarchical/de/example.de/keyset-sub.example.de. new file mode 100644 index 00000000..27cb7b9e --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de/example.de/keyset-sub.example.de. @@ -0,0 +1,7 @@ +; KSK rollover phase2 (this is the new key) +sub.example.de. 3600 IN DNSKEY 257 3 5 ( + BQEAAAABolXOM+J0RdjVTzlptvXKqtwxQQkc7uzNfjzrCL9VNvD4Aayd + pGIqeqC05rLCILe62RRgCnQOs62kcUySrxRkmuAkkfONwU5PhXBAjrbl + cV1T2xziS0rUBHMtgQlp3da0xOAqZVmBcCJChytISJJmtuh0qryY1Z3n + GLv3a4BbGFc= + ) ; key id = 56595 diff --git a/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+001+04031.key b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+001+04031.key new file mode 100644 index 00000000..19151efe --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+001+04031.key @@ -0,0 +1,3 @@ +;% generationtime=20081228220640 +;% lifetime=2d +sub.example.de. IN DNSKEY 256 3 1 BQEAAAAB6ULnEaSHOrlAYtx8LDD0KvOoyJE10FHTeLeGsVUxBx+O/HgN cV4elmXG/wGBvDjx4vQsbPO5WDiIoXmDUg+/sQ== diff --git a/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+001+04031.published b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+001+04031.published new file mode 100644 index 00000000..ea99d83d --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+001+04031.published @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 1 (RSA) +Modulus: 6ULnEaSHOrlAYtx8LDD0KvOoyJE10FHTeLeGsVUxBx+O/HgNcV4elmXG/wGBvDjx4vQsbPO5WDiIoXmDUg+/sQ== +PublicExponent: AQAAAAE= +PrivateExponent: uXBzw9Ow7+rVGZ4XZlUjLoBxRUAdN207E+mvZ+OadkH4f7l3PNYJYVn2hTvTZb8v6vhKc/sOoenMRAMavK2oCQ== +Prime1: 97fUb9zU6zIQ6P53ykjHwpMriBptXWkqH4LUKrtqAYs= +Prime2: 8Q9XIHa/vuddNXGbnv1WjhQ+BLULtEHoAor6Zz/AczM= +Exponent1: lys3DhbjPd0964qLcwyI0qZ5lMviMzFBbB/IOthfYnc= +Exponent2: 2csu2XGtql2o+T1SXeXc6JtC8prIJ+mJuXa0FapeHBc= +Coefficient: 0+x8jSWVmxWNuZlQNW0mZBFS5cEgll+u0t17KXdh6nI= diff --git a/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+001+39146.key b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+001+39146.key new file mode 100644 index 00000000..16443f99 --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+001+39146.key @@ -0,0 +1,3 @@ +;% generationtime=20081216163027 +;% lifetime=2d +sub.example.de. IN DNSKEY 256 3 1 BQEAAAAB46KNL8HNsVPnvBw24iONL++CrObjeSZsRLJkmrYa+cWJSqmw 9b7xlpaO+uBE5pkz/9GKXXOH+o/q+dBCoZjqTQ== diff --git a/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+001+39146.private b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+001+39146.private new file mode 100644 index 00000000..fe9768c2 --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+001+39146.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 1 (RSA) +Modulus: 46KNL8HNsVPnvBw24iONL++CrObjeSZsRLJkmrYa+cWJSqmw9b7xlpaO+uBE5pkz/9GKXXOH+o/q+dBCoZjqTQ== +PublicExponent: AQAAAAE= +PrivateExponent: pqVDVhiSmZyjz4IM3xFkks4yc4MToD2EWbPKp4j8v4RETHjec3F9YYIMpkGaYoNqkx3+yvWpYPPy4YideIu3wQ== +Prime1: +1CFbP41B3shnGApkHvZYr3439pvg5KO60ykyewDDUU= +Prime2: 5+EDE42uEwgwiaPs+n4hXruj+K3ewL7cTY1HS7rPpWk= +Exponent1: tuWKUuBr0ajPkrvq1OdN0EcuggHhuizHNMl9ApAxBYU= +Exponent2: CHyQ5qkbFlgzbbfyXvjS6aonXu0vRQXN6xEpDrTAiek= +Coefficient: i4dbOUlePz8KFhOt0/8FImz2TAd2zZ0hryj4uAQbtUY= diff --git a/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+001+59924.depreciated b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+001+59924.depreciated new file mode 100644 index 00000000..08c0368d --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+001+59924.depreciated @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 1 (RSA) +Modulus: mjp7RFegQjGnrXbRQ4uk0Wdxj4+cU4MucX+3xq6Emve8Q/jBeymytqtCmRli/G0ROBlid0KE2rxJ7rDekuoUiw== +PublicExponent: AQAAAAE= +PrivateExponent: MPsUwCUqooIUfhCOmRxnn6ZhxzH+CpJOfJ1K0njPwjaQKm8ACnVpM7Fr3mv5b9m0TXNn3jpfQgD+mHzopnR8gQ== +Prime1: y24Ur3BJ40hhvFGqAPXaUEJcrEZIy4aCq2TxRSfFWs8= +Prime2: whV4QY7Syoe/CDglpRb/X1ZROUYNLo1y+uXMoSNtaYU= +Exponent1: DQywtacomS2IXan7sOtmkcWxxe7P6jTtI5KjlN4IhD0= +Exponent2: N/KfPaxytWiti6+d2E9B00TCwndDQq/vnJ2iYGdNp9k= +Coefficient: Lp80HvUH/WDwsH1akU1UWbN2n4m3g/hLtihVVuzf0s0= diff --git a/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+001+59924.key b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+001+59924.key new file mode 100644 index 00000000..d5ded3a0 --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+001+59924.key @@ -0,0 +1,3 @@ +;% generationtime=20081120072448 +;% lifetime=2d +sub.example.de. IN DNSKEY 256 3 1 BQEAAAABmjp7RFegQjGnrXbRQ4uk0Wdxj4+cU4MucX+3xq6Emve8Q/jB eymytqtCmRli/G0ROBlid0KE2rxJ7rDekuoUiw== diff --git a/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+31785.key b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+31785.key new file mode 100644 index 00000000..1ff71b83 --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+31785.key @@ -0,0 +1,3 @@ +;% generationtime=20081216163213 +;% lifetime=5d +sub.example.de. IN DNSKEY 257 3 5 BQEAAAABvFi0FuW1hnSuYpaWPBhN7/hQo59igc30zlVBFugkWd9wjsxX T5mNmmg8pceNgOgV4+0bHBgQlAkC0I605MlTdljra6dLBsxIneJxfWEE J9LOQPPbnEPAJrEQzqtt5crVc687oyWYg9UGZBconBIAeefO2h19hVji qj6JGXl48/0= diff --git a/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+31785.private b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+31785.private new file mode 100644 index 00000000..2bf7a995 --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+31785.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: vFi0FuW1hnSuYpaWPBhN7/hQo59igc30zlVBFugkWd9wjsxXT5mNmmg8pceNgOgV4+0bHBgQlAkC0I605MlTdljra6dLBsxIneJxfWEEJ9LOQPPbnEPAJrEQzqtt5crVc687oyWYg9UGZBconBIAeefO2h19hVjiqj6JGXl48/0= +PublicExponent: AQAAAAE= +PrivateExponent: BKxnBi6a/3ziyfbN1FifPRo0QzGrQaZsVmJK3KF5keyYTRbImsVEFuYyc2sD7YZdACRvX1MIFoxMiORhxXlU7rrawQHtGXHHFIdBCE+/GINg9NtAijz/I8LCFexsttRGUESyXQjx0QCOr2j/qGpLU2jDspoQnOuAJNABDQeXtNk= +Prime1: 8ta4x0uQsfcfBqvGUoX4Ngtr/zWExLRDY+THy9DV7aKNw7UBvOnPjL7NQD4RTHRp52buZbh33XDB2ujA6lV/Yw== +Prime2: xo3tGYInbtnFZe6/Itwz+uihogLj5lWpn+e1VT6aa2SdSES53MrVnu7+Swsv7KAZHGnT99pLjwaTsNvo1MeNHw== +Exponent1: 6ALwJf4uypQi4g+zXXfnhNnkU6xHhG8MolwpE2UlfJ02GovKsgWbxNnoqdQyGeOMhSeHaj1Fzyca0TmJqx0oQQ== +Exponent2: iA6ciyRLclAnq3HMo1uul8ssrtyRF4FhfFJ+/nhSvqYX6uvcUH3HqV4Tarq0Irf79jq+wwEUKmG6VLP6wMnwRQ== +Coefficient: Z7PYXTT7y8EHoHTBE1ioOegzTgJ3gNnb6Pd4atgsyANeFxbUPukgr/rf4ahkipp+r6RcjBm4yJtEp0kSlJnhCw== diff --git a/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+40956.key b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+40956.key new file mode 100644 index 00000000..34d554cf --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+40956.key @@ -0,0 +1,3 @@ +;% generationtime=20081002230219 +;% lifetime=5d +sub.example.de. IN DNSKEY 257 3 5 BQEAAAAB1c44bXfWMzPJQ0k35Gz0euAPGkw48XBb+ECUiiiI5wklFOjg CyN1Yr9j1QYsvsYvyVxF4uMSbQ4p0JDyYwtxwVG3EACUK6vUsvTidHO/ zxIflx5YGrB6ENTJcztRsp40EO1wBOmBgeX+aCC07zpu3SuKxzaiwTnU ISRyLtFdi10= diff --git a/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+40956.private b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+40956.private new file mode 100644 index 00000000..bcb0e163 --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+40956.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: 1c44bXfWMzPJQ0k35Gz0euAPGkw48XBb+ECUiiiI5wklFOjgCyN1Yr9j1QYsvsYvyVxF4uMSbQ4p0JDyYwtxwVG3EACUK6vUsvTidHO/zxIflx5YGrB6ENTJcztRsp40EO1wBOmBgeX+aCC07zpu3SuKxzaiwTnUISRyLtFdi10= +PublicExponent: AQAAAAE= +PrivateExponent: esuIKav5AkrTaOu06kDZnh1+fL3BRkH6D6IZBBZxmidd6zwEvTR9dQ8kkoDSY0WTZxZDKYOJtWha5jrDnLaqKvPizEnfxs7P4yCe9fpGy/BZ6BkvVWECKeQ9o8ZacALg8If1NagdhTmueflj39qquBogoe7TWiWxsNTJzq0os4E= +Prime1: 74wMDEa4SeFhMLIWgOz6hwdP86ak+JLjdRsTmj1qFykYHTlG+h3y8ic79fimHaD0P1Tbk91pOgh1rBeLWTXzOQ== +Prime2: 5H2Pik/CdxqcIBCyqBSN0hwfzwCry3t2mPVtDmc79XyGLOwiGhzWkbMeZro5hjBxpN3U4Kb5WuUGu7+paEnlRQ== +Exponent1: 6QSyuPdI58qXPZQogATGykz9nR+n1FySUWtanLUlQcNDS2Nl1zaZy9+fzAuiekF3EZQxlSL/dTNoUP/dei4pyQ== +Exponent2: R5IuojoV16bq6HTDRahO756zqMwaG+Kp8DGijSjzHchNywnCpzvlHK2+WXbjx/7Smno5zrB1cOYMQ0xRwOAn1Q== +Coefficient: Bc9CyTQt6wEU/ShcJLXYGKVnBMdzM4JjB7y7sj05E4kLocYaQw2slxBFZyc7oGKEaAFKsqIC2JyurCo4Z6mDrQ== diff --git a/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+56595.key b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+56595.key new file mode 100644 index 00000000..1ee44bbb --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+56595.key @@ -0,0 +1,3 @@ +;% generationtime=20081003212715 +;% lifetime=5d +sub.example.de. IN DNSKEY 257 3 5 BQEAAAABolXOM+J0RdjVTzlptvXKqtwxQQkc7uzNfjzrCL9VNvD4Aayd pGIqeqC05rLCILe62RRgCnQOs62kcUySrxRkmuAkkfONwU5PhXBAjrbl cV1T2xziS0rUBHMtgQlp3da0xOAqZVmBcCJChytISJJmtuh0qryY1Z3n GLv3a4BbGFc= diff --git a/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+56595.private b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+56595.private new file mode 100644 index 00000000..4b444504 --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+56595.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: olXOM+J0RdjVTzlptvXKqtwxQQkc7uzNfjzrCL9VNvD4AaydpGIqeqC05rLCILe62RRgCnQOs62kcUySrxRkmuAkkfONwU5PhXBAjrblcV1T2xziS0rUBHMtgQlp3da0xOAqZVmBcCJChytISJJmtuh0qryY1Z3nGLv3a4BbGFc= +PublicExponent: AQAAAAE= +PrivateExponent: OZyxcY+HDUm3QnD5ZKQNlUHg5m5SuiUNpDUPzsguED89tgWM12U8IgsChJd2kVlM2Ntayu3KhtUs0/bwFk7yMEyrHPkRcMCInAlB28cXKailxaad5pIvHOu+xt5/44C+j5p125Xd7N29dhRjH7afQY7eYV7FYmDcnXrPyrTkBeE= +Prime1: 0GylzPNywg5QbH9EzgBTjb1J87G2gmKW2eSePiAFq6g4LKUh/HTeCX9TkXmszC/xaA5X96h7UoiPTyl/uq5mRw== +Prime2: x2Pq+Edr4PVN9PaZ/RImYjQGk3gs0J5SbJ9kNKFTPw2ZsWr9wtN5n1KKUCHDqsJ0I9XbOmdI94Ze96uju5L1cQ== +Exponent1: K1098oZ5S8EV4rjvzRrJRe+zLNhvCOeyKQLeE0pZk9G60aMxRTm1HAYyof1kcw43G8BgPU2+26kzFAFQHQIK+w== +Exponent2: oL+7Esi69/qc5yJFk65FJld6jfvv5XHiZOLmj5K/Sagk1mYpj+vveitQzPaNb5G2cl7sN1rW8jgiYdKsyCe0QQ== +Coefficient: MoX+4JTGDuR2nPCAjwMRBDIu6hCTn65zU2EHAFMWaf7hvvhWVEBn0YTK1/sYFzz0LxJUJxa/JJltY7ZYulk7uQ== diff --git a/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/dlvset-sub.example.de. b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/dlvset-sub.example.de. new file mode 100644 index 00000000..d2b84f70 --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/dlvset-sub.example.de. @@ -0,0 +1,6 @@ +sub.example.de.dlv.trusted-keys.net. IN DLV 31785 5 1 3D56DD760ECF5184EAAE810F523934239F3D5AA5 +sub.example.de.dlv.trusted-keys.net. IN DLV 31785 5 2 BAF6AFA18EED60E28AFFDB6094DCE3095A0C6B039D2DF8020580F6BD E43B76F9 +sub.example.de.dlv.trusted-keys.net. IN DLV 40956 5 1 F3BC3C3D8EF9A21CCCD983FA01D308C36824E79A +sub.example.de.dlv.trusted-keys.net. IN DLV 40956 5 2 F276443895C23D052089011BED4BB2683067C1397D62EEF726BFF4F2 4B5981A1 +sub.example.de.dlv.trusted-keys.net. IN DLV 56595 5 1 839C43F0267473F1335354384D91BFD70145AC01 +sub.example.de.dlv.trusted-keys.net. IN DLV 56595 5 2 37F3AA854D2B7B2A9FAE3868EB37FFB08E1EDE2E14AF4D259E6C46B0 27D5C5B7 diff --git a/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/dnskey.db b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/dnskey.db new file mode 100644 index 00000000..38c3c70e --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/dnskey.db @@ -0,0 +1,51 @@ +; +; !!! Don't edit this file by hand. +; !!! It will be generated by dnssec-signer. +; +; Last generation time Dec 28 2008 23:06:40 +; + +; *** List of Key Signing Keys *** +; sub.example.de. tag=40956 algo=RSASHA1 generated Oct 03 2008 01:02:19 +sub.example.de. 3600 IN DNSKEY 257 3 5 ( + BQEAAAAB1c44bXfWMzPJQ0k35Gz0euAPGkw48XBb+ECUiiiI5wklFOjg + CyN1Yr9j1QYsvsYvyVxF4uMSbQ4p0JDyYwtxwVG3EACUK6vUsvTidHO/ + zxIflx5YGrB6ENTJcztRsp40EO1wBOmBgeX+aCC07zpu3SuKxzaiwTnU + ISRyLtFdi10= + ) ; key id = 40956 + +; sub.example.de. tag=56595 algo=RSASHA1 generated Oct 03 2008 23:27:15 +sub.example.de. 3600 IN DNSKEY 257 3 5 ( + BQEAAAABolXOM+J0RdjVTzlptvXKqtwxQQkc7uzNfjzrCL9VNvD4Aayd + pGIqeqC05rLCILe62RRgCnQOs62kcUySrxRkmuAkkfONwU5PhXBAjrbl + cV1T2xziS0rUBHMtgQlp3da0xOAqZVmBcCJChytISJJmtuh0qryY1Z3n + GLv3a4BbGFc= + ) ; key id = 56595 + +; sub.example.de. tag=31785 algo=RSASHA1 generated Dec 16 2008 17:32:13 +sub.example.de. 3600 IN DNSKEY 257 3 5 ( + BQEAAAABvFi0FuW1hnSuYpaWPBhN7/hQo59igc30zlVBFugkWd9wjsxX + T5mNmmg8pceNgOgV4+0bHBgQlAkC0I605MlTdljra6dLBsxIneJxfWEE + J9LOQPPbnEPAJrEQzqtt5crVc687oyWYg9UGZBconBIAeefO2h19hVji + qj6JGXl48/0= + ) ; key id = 31785 + +; *** List of Zone Signing Keys *** +; sub.example.de. tag=59924 algo=RSAMD5 generated Dec 16 2008 17:30:27 +sub.example.de. 3600 IN DNSKEY 256 3 1 ( + BQEAAAABmjp7RFegQjGnrXbRQ4uk0Wdxj4+cU4MucX+3xq6Emve8Q/jB + eymytqtCmRli/G0ROBlid0KE2rxJ7rDekuoUiw== + ) ; key id = 59924 + +; sub.example.de. tag=39146 algo=RSAMD5 generated Dec 16 2008 17:30:27 +sub.example.de. 3600 IN DNSKEY 256 3 1 ( + BQEAAAAB46KNL8HNsVPnvBw24iONL++CrObjeSZsRLJkmrYa+cWJSqmw + 9b7xlpaO+uBE5pkz/9GKXXOH+o/q+dBCoZjqTQ== + ) ; key id = 39146 + +; sub.example.de. tag=4031 algo=RSAMD5 generated Dec 28 2008 23:06:40 +sub.example.de. 3600 IN DNSKEY 256 3 1 ( + BQEAAAAB6ULnEaSHOrlAYtx8LDD0KvOoyJE10FHTeLeGsVUxBx+O/HgN + cV4elmXG/wGBvDjx4vQsbPO5WDiIoXmDUg+/sQ== + ) ; key id = 4031 + diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./dnssec.conf b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/dnssec.conf index d7d33ca8..d7d33ca8 100644 --- a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./dnssec.conf +++ b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/dnssec.conf diff --git a/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/dsset-sub.example.de. b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/dsset-sub.example.de. new file mode 100644 index 00000000..9e2970a9 --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/dsset-sub.example.de. @@ -0,0 +1,6 @@ +sub.example.de. IN DS 31785 5 1 3D56DD760ECF5184EAAE810F523934239F3D5AA5 +sub.example.de. IN DS 31785 5 2 BAF6AFA18EED60E28AFFDB6094DCE3095A0C6B039D2DF8020580F6BD E43B76F9 +sub.example.de. IN DS 40956 5 1 F3BC3C3D8EF9A21CCCD983FA01D308C36824E79A +sub.example.de. IN DS 40956 5 2 F276443895C23D052089011BED4BB2683067C1397D62EEF726BFF4F2 4B5981A1 +sub.example.de. IN DS 56595 5 1 839C43F0267473F1335354384D91BFD70145AC01 +sub.example.de. IN DS 56595 5 2 37F3AA854D2B7B2A9FAE3868EB37FFB08E1EDE2E14AF4D259E6C46B0 27D5C5B7 diff --git a/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/keyset-sub.example.de. b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/keyset-sub.example.de. new file mode 100644 index 00000000..2535a309 --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/keyset-sub.example.de. @@ -0,0 +1,22 @@ +$ORIGIN . +sub.example.de 7200 IN DNSKEY 257 3 5 ( + BQEAAAABolXOM+J0RdjVTzlptvXKqtwxQQkc + 7uzNfjzrCL9VNvD4AaydpGIqeqC05rLCILe6 + 2RRgCnQOs62kcUySrxRkmuAkkfONwU5PhXBA + jrblcV1T2xziS0rUBHMtgQlp3da0xOAqZVmB + cCJChytISJJmtuh0qryY1Z3nGLv3a4BbGFc= + ) ; key id = 56595 + 7200 IN DNSKEY 257 3 5 ( + BQEAAAABvFi0FuW1hnSuYpaWPBhN7/hQo59i + gc30zlVBFugkWd9wjsxXT5mNmmg8pceNgOgV + 4+0bHBgQlAkC0I605MlTdljra6dLBsxIneJx + fWEEJ9LOQPPbnEPAJrEQzqtt5crVc687oyWY + g9UGZBconBIAeefO2h19hVjiqj6JGXl48/0= + ) ; key id = 31785 + 7200 IN DNSKEY 257 3 5 ( + BQEAAAAB1c44bXfWMzPJQ0k35Gz0euAPGkw4 + 8XBb+ECUiiiI5wklFOjgCyN1Yr9j1QYsvsYv + yVxF4uMSbQ4p0JDyYwtxwVG3EACUK6vUsvTi + dHO/zxIflx5YGrB6ENTJcztRsp40EO1wBOmB + geX+aCC07zpu3SuKxzaiwTnUISRyLtFdi10= + ) ; key id = 40956 diff --git a/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/ksub.example.de.+005+06903.key b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/ksub.example.de.+005+06903.key new file mode 100644 index 00000000..c880c4fa --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/ksub.example.de.+005+06903.key @@ -0,0 +1,3 @@ +;% generationtime=20080818053647 +;% lifetime=5d +sub.example.de. IN DNSKEY 257 3 5 BQEAAAABvYDREzYgpwbapQq47TOdCxf0+0vn0rFKNv0HedmV0uSQ8mkt PRHKKQNgeBDWN99JjV47XEFeYRmMYIixsEjjMTv7jBbYYlf+pMEnDfip wj1bvaQRsQ8KFLHnII0syARkZfxVllNulIYsYLA0QOH1bqUXCy3WOUO+ ykohqGTWSgs= diff --git a/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/ksub.example.de.+005+06903.private b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/ksub.example.de.+005+06903.private new file mode 100644 index 00000000..b9141de4 --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/ksub.example.de.+005+06903.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: vYDREzYgpwbapQq47TOdCxf0+0vn0rFKNv0HedmV0uSQ8mktPRHKKQNgeBDWN99JjV47XEFeYRmMYIixsEjjMTv7jBbYYlf+pMEnDfipwj1bvaQRsQ8KFLHnII0syARkZfxVllNulIYsYLA0QOH1bqUXCy3WOUO+ykohqGTWSgs= +PublicExponent: AQAAAAE= +PrivateExponent: XMRzabB2jRdVLpnDth8Zr1okVfyBA9U0f2/qRnQT0ltPBomFgazQlrN1cyvt34vuqHsk+Nb44/HZLzl369HK9iO99sD3N+gKDXv0rB+r0QOSoku8eImkk6p0G5VLkdROSggo+GgUJmWMa0BGg4Y9XnStN0+bwyr/cJDkdPLnKqE= +Prime1: +UoUiIMjAVNDQ4BRYUhW9PIiXCFMUOJQNQ5bIcYLBJBtkKJl1exS8MTNxTQgcRy3YNgUx7u4Fh6FEsBfVlL8kQ== +Prime2: wpq74Cv2kvENsDlAXpYcigtNB8rtiOXGpe/eUl3Pj6aahS97KYyXivoHK+xZpoxLTz5dE28v2jRc+o7Dedma2w== +Exponent1: toMLd17tND5W6ifexKH0olazwhokTxSyL1JrSjmSo2BqKjohREv3alaIq/+2epKuDoX1/jI6kOL5JJHvX0ngEQ== +Exponent2: JR1w0pvriWfzXCwPel0crw+JUUpDM8bFiYDZX/zkNyuOrplqbh2REi5bCf0AUOgxie78WjxTvhyewwiByHtF/w== +Coefficient: RADyZiLO+IXAJ4pFGsX5m0fZvixCmQdN1mmN9NnzZws43mb2KhKs+UwOsDpU1R5RddoCWgFhz58dgMS2VId8XA== diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+005+40998.key b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/ksub.example.de.+005+40998.key index 9c7c36c8..9c7c36c8 100644 --- a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+005+40998.key +++ b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/ksub.example.de.+005+40998.key diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+005+40998.private b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/ksub.example.de.+005+40998.private index 3e39f5ac..3e39f5ac 100644 --- a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+005+40998.private +++ b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/ksub.example.de.+005+40998.private diff --git a/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/parent-sub.example.de. b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/parent-sub.example.de. new file mode 100644 index 00000000..27cb7b9e --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/parent-sub.example.de. @@ -0,0 +1,7 @@ +; KSK rollover phase2 (this is the new key) +sub.example.de. 3600 IN DNSKEY 257 3 5 ( + BQEAAAABolXOM+J0RdjVTzlptvXKqtwxQQkc7uzNfjzrCL9VNvD4Aayd + pGIqeqC05rLCILe62RRgCnQOs62kcUySrxRkmuAkkfONwU5PhXBAjrbl + cV1T2xziS0rUBHMtgQlp3da0xOAqZVmBcCJChytISJJmtuh0qryY1Z3n + GLv3a4BbGFc= + ) ; key id = 56595 diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./zone.db b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/zone.db index 05489a42..f04c19a2 100644 --- a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./zone.db +++ b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/zone.db @@ -7,7 +7,7 @@ $TTL 7200 @ IN SOA ns1.example.de. hostmaster.example.de. ( - 2008073101; Serial (up to 10 digits) + 2008122801; Serial (up to 10 digits) 86400 ; Refresh (RIPE recommendation if NOTIFY is used) 1800 ; Retry 2W ; Expire diff --git a/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/zone.db.signed b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/zone.db.signed new file mode 100644 index 00000000..066477c5 --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/zone.db.signed @@ -0,0 +1,136 @@ +; File written on Sun Dec 28 23:06:40 2008 +; dnssec_signzone version 9.6.0 +sub.example.de. 7200 IN SOA ns1.example.de. hostmaster.example.de. ( + 2008122801 ; serial + 86400 ; refresh (1 day) + 1800 ; retry (30 minutes) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 7200 RRSIG SOA 1 3 7200 20081230210417 ( + 20081228210640 39146 sub.example.de. + XM/3402boromtkWjxtvE0SHpUW3J5ITudixH + Ol/DXfSIUiv5Km5ekQueBMgMIEMFkYHxRYH/ + CRDCu4gTzYJElw== ) + 7200 NS ns1.example.de. + 7200 RRSIG NS 1 3 7200 20081230210435 ( + 20081228210640 39146 sub.example.de. + YGkNNi+q2byWBB2AnRrZ0fY9eOzOkcvlW98U + Ti/2LoJhn+LrVNSOG5Xbd7o3KfoxnyyFS+lh + IwcTPCxkYyTv2A== ) + 7200 NSEC a.sub.example.de. NS SOA RRSIG NSEC DNSKEY + 7200 RRSIG NSEC 1 3 7200 20081230205813 ( + 20081228210640 39146 sub.example.de. + dR8j2F8b+725x9Ipuym92XPF0CfLywcU8rVd + kMwIEHYqvxHtAGgMS7Rg6ehc1Dyu/4AxK5Le + xQpUFau71SR5zA== ) + 3600 DNSKEY 256 3 1 ( + BQEAAAABmjp7RFegQjGnrXbRQ4uk0Wdxj4+c + U4MucX+3xq6Emve8Q/jBeymytqtCmRli/G0R + OBlid0KE2rxJ7rDekuoUiw== + ) ; key id = 59924 + 3600 DNSKEY 256 3 1 ( + BQEAAAAB46KNL8HNsVPnvBw24iONL++CrObj + eSZsRLJkmrYa+cWJSqmw9b7xlpaO+uBE5pkz + /9GKXXOH+o/q+dBCoZjqTQ== + ) ; key id = 39146 + 3600 DNSKEY 256 3 1 ( + BQEAAAAB6ULnEaSHOrlAYtx8LDD0KvOoyJE1 + 0FHTeLeGsVUxBx+O/HgNcV4elmXG/wGBvDjx + 4vQsbPO5WDiIoXmDUg+/sQ== + ) ; key id = 4031 + 3600 DNSKEY 257 3 5 ( + BQEAAAABolXOM+J0RdjVTzlptvXKqtwxQQkc + 7uzNfjzrCL9VNvD4AaydpGIqeqC05rLCILe6 + 2RRgCnQOs62kcUySrxRkmuAkkfONwU5PhXBA + jrblcV1T2xziS0rUBHMtgQlp3da0xOAqZVmB + cCJChytISJJmtuh0qryY1Z3nGLv3a4BbGFc= + ) ; key id = 56595 + 3600 DNSKEY 257 3 5 ( + BQEAAAABvFi0FuW1hnSuYpaWPBhN7/hQo59i + gc30zlVBFugkWd9wjsxXT5mNmmg8pceNgOgV + 4+0bHBgQlAkC0I605MlTdljra6dLBsxIneJx + fWEEJ9LOQPPbnEPAJrEQzqtt5crVc687oyWY + g9UGZBconBIAeefO2h19hVjiqj6JGXl48/0= + ) ; key id = 31785 + 3600 DNSKEY 257 3 5 ( + BQEAAAAB1c44bXfWMzPJQ0k35Gz0euAPGkw4 + 8XBb+ECUiiiI5wklFOjgCyN1Yr9j1QYsvsYv + yVxF4uMSbQ4p0JDyYwtxwVG3EACUK6vUsvTi + dHO/zxIflx5YGrB6ENTJcztRsp40EO1wBOmB + geX+aCC07zpu3SuKxzaiwTnUISRyLtFdi10= + ) ; key id = 40956 + 3600 RRSIG DNSKEY 1 3 3600 20081230204044 ( + 20081228210640 39146 sub.example.de. + rdyBfWCdLqJSLOIg22HSMNpLQTV1GLsg2w5Q + thtAdJWWdN+YDJfeeD+jkJvwWoQSouleSRdM + MHZ69c4Fp0KlUg== ) + 3600 RRSIG DNSKEY 5 3 3600 20081230204405 ( + 20081228210640 56595 sub.example.de. + B4kvh0gQqHNBdwiABmUwMJ+Iqi2dKSsDQTKj + 0rtquoGkVbbB1mKqGeA0EWjts9g388evvZGz + hpHVeXQQds4OxRTpt+XlQejbL98RB+8xM+I9 + clj31Dg22MYkzogVqk7VBYTfZN/frK5co5WO + E+aX97skAkBO8C9rZshwsISbFR0= ) + 3600 RRSIG DNSKEY 5 3 3600 20081230205150 ( + 20081228210640 31785 sub.example.de. + SiQmiuudpKBGbtKxHupnbvkksCBkYwihgyhl + kznLuR+GjrZKE4GuzYNAspe5CkDCSbNUHbl2 + CbPFjU4lvGyShA3UtzSM2Cx4SAGi4JtRh7XC + DtXNIuZK4GBwprUD5nffYAH9Q7Pck9fhl8u8 + YP0JapJ+GV9dx2iSKdbb1JKE8zk= ) + 3600 RRSIG DNSKEY 5 3 3600 20081230205404 ( + 20081228210640 40956 sub.example.de. + jQty/hjEoHR/lx/tNopuPFNZQ0VF4Qdi37I0 + q2A084KeBTh4v2hgTUA0B00hVncllfgUlOYl + HbvgHzqhLZPrx2qvtvFlPRmj7FlwjJbXRt5T + 5JBAMP4IMfd0W6SDsuo1saVVZuiAQPicBbN8 + Rc0Tgde1NEy2rlyVLkk7uKLB0pU= ) +a.sub.example.de. 7200 IN A 1.2.3.4 + 7200 RRSIG A 1 4 7200 20081230210029 ( + 20081228210640 39146 sub.example.de. + Mfh4ntlgKOlE1vleYbD8tN8VfvHEYbIZ1/bG + TWEu2pQNK2YLC7mLfVQWW3bcpzlmOucmWFJq + XXH+nnsftjxZog== ) + 7200 NSEC b.sub.example.de. A RRSIG NSEC + 7200 RRSIG NSEC 1 4 7200 20081230210434 ( + 20081228210640 39146 sub.example.de. + hKTSoLDwWufmjaQnW53kLzog9MfMK3eUcjHr + 98uOCfKY3xRFqxHn0UmUvfaHSrCaMGRuwH0H + 84fk3FvVO3Sg4g== ) +b.sub.example.de. 7200 IN A 1.2.3.5 + 7200 RRSIG A 1 4 7200 20081230210628 ( + 20081228210640 39146 sub.example.de. + LP1xgEzTIlc0w57Ohv9HwJ9eAeGFGeMDM3Ag + 9oA18G8lUWpzTX66D9sHKdpDxCo8IX8IuosE + AO4BjHjFytWPLQ== ) + 7200 NSEC c.sub.example.de. A RRSIG NSEC + 7200 RRSIG NSEC 1 4 7200 20081230204400 ( + 20081228210640 39146 sub.example.de. + 2tmWQXRQEOF5tojcBhFRMVe5pp0V1tA+Jk8M + svsYT1ukbaJ3QeDOaTGUA604hLEm7J+uapy+ + LTvOcKZl65st6g== ) +c.sub.example.de. 7200 IN A 1.2.3.6 + 7200 RRSIG A 1 4 7200 20081230205321 ( + 20081228210640 39146 sub.example.de. + m5/r/M1tF0d3rEU/kmubSZdV5ZmdKWmcCWTo + kv+oTux07+5dS7XisCHT+ufjiFkIgI3cf9I6 + bbtEMaChCRmwhA== ) + 7200 NSEC localhost.sub.example.de. A RRSIG NSEC + 7200 RRSIG NSEC 1 4 7200 20081230204731 ( + 20081228210640 39146 sub.example.de. + WZAiKmtmMVq69fGpQAxKXFj9179lZm1qd7qs + gyiutFjWtQTRQFI6wxHyhh1WXdagtI2AjR9V + eGdKUuoZ9n22yA== ) +localhost.sub.example.de. 7200 IN A 127.0.0.1 + 7200 RRSIG A 1 4 7200 20081230205746 ( + 20081228210640 39146 sub.example.de. + Vc48b7SkFZO1e4lNIti+Iw9vPSgxANdhakP/ + oqjKgxMMr+dmk0Vn29DYBTH+bkR7nBpccP9l + qe0UCeieNSgqOg== ) + 7200 NSEC sub.example.de. A RRSIG NSEC + 7200 RRSIG NSEC 1 4 7200 20081230203757 ( + 20081228210640 39146 sub.example.de. + StI4gda9HqSmD1/1zcW/wJaFXvd8zKRHnH89 + nrUy4C6PWJ+9Tqs4QhYm1AzAtZRwSEasS0jX + g0mFyc6p12gXqg== ) diff --git a/contrib/zkt/examples/hierarchical/de./example.de./zone.db b/contrib/zkt/examples/hierarchical/de/example.de/zone.db index c4851816..917cd79f 100644 --- a/contrib/zkt/examples/hierarchical/de./example.de./zone.db +++ b/contrib/zkt/examples/hierarchical/de/example.de/zone.db @@ -6,17 +6,18 @@ $TTL 7200 -; Be sure that the serial number below is left +; Ensure that the serial number below is left ; justified in a field of at least 10 chars!! ; 0123456789; -; It's also possible to use the date form e.g. 2005040101 +; It's also possible to use the date format e.g. 2005040101 @ IN SOA ns1.example.de. hostmaster.example.de. ( - 258 ; Serial + 269 ; Serial 43200 ; Refresh 1800 ; Retry 2W ; Expire 7200 ) ; Minimum + IN NS ns1.example.de. IN NS ns2.example.de. @@ -32,6 +33,6 @@ localhost IN A 127.0.0.1 ; with option -g or use the dnssec-signer tool) ;-) sub IN NS ns1.example.de. -; this file will have all the zone keys +; this file will contain all the zone keys $INCLUDE dnskey.db diff --git a/contrib/zkt/examples/hierarchical/de/example.de/zone.db.signed b/contrib/zkt/examples/hierarchical/de/example.de/zone.db.signed new file mode 100644 index 00000000..9fdf5dfb --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de/example.de/zone.db.signed @@ -0,0 +1,124 @@ +; File written on Sun Dec 28 23:06:40 2008 +; dnssec_signzone version 9.6.0 +example.de. 7200 IN SOA ns1.example.de. hostmaster.example.de. ( + 269 ; serial + 43200 ; refresh (12 hours) + 1800 ; retry (30 minutes) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 7200 RRSIG SOA 5 2 7200 20090107205708 ( + 20081228210640 11327 example.de. + KC6gXko+4iRmpofCb+uOs5e0Jgq4CJVUgsw3 + jjXDsra7FXWybJj9FgO5cdy2KHbV/cQJ5Li6 + bgH2E0gZpcYrvA== ) + 7200 NS ns1.example.de. + 7200 NS ns2.example.de. + 7200 RRSIG NS 5 2 7200 20090107205857 ( + 20081228210640 11327 example.de. + P5GvCnGqZ3+rGh4fZtGmYfezyI4swQXFVdtp + UkhR8SBDRgC9HQU5qZw7g7cbuO/CrRUWZLuf + NYgJvaeyoL8Khw== ) + 7200 NSEC localhost.example.de. NS SOA RRSIG NSEC DNSKEY + 7200 RRSIG NSEC 5 2 7200 20090107204400 ( + 20081228210640 11327 example.de. + cdjSIAQDouZldROWir7R4/k6xcwbvOUcOmNO + rkGROzjrQf3IdE7vCwxLj/KavLqK5OIhSztf + Xx9lY5RJWhhxQA== ) + 3600 DNSKEY 256 3 5 ( + BQEAAAABqbCqCu2ncgLw+0oWWiveBVK3zchY + FYUD2lnvJKeq7ATwesuRNpn17Erjz09GhDn9 + l2J92dAy8m4uofcdFkYKnQ== + ) ; key id = 11327 + 3600 DNSKEY 257 3 5 ( + BQEAAAABDOkPawC/tCqSITj6lvzcIPwcMEX+ + Nvz17GBu85jmigMuvZQUYZBVUmJNNBbCNStl + z+Y+1pGg9HbWFvn0tpH/bm4mZPlJmk+WxQhH + z7eTm5xhSaSEEzq0uf087tAbaq1yaTpTtA2R + 7JXIPxt6CuD9Ou5bbYOzrFnBq1VBAYrwB6t/ + us10+Ab7T6Jvie/W+v4jto1Xx912Z8HHTbU4 + 8Mlp1+mUjQ== + ) ; key id = 37983 + 3600 DNSKEY 257 3 5 ( + BQEAAAABDV7kFHqVcWLoSAShdlXU5LKUdyU4 + LlsJGYMr8oIpjEzvwonRmX5pRiEjVhTwx+vx + 6eWluv6txXVu+F0g2ykmqUQdMfPYWmD9AJOq + vc2tCKVSRePqZ+HeIZR+heBnFKr5kWQmB5XO + lMdWNRA3y78s/LufVB8hD7r260jrVJ0W6wSM + GDjN4zQce8rHCe+LNB1GfaIASkMWjdgxNNAs + K9bqDM8Euw== + ) ; key id = 47280 + 3600 RRSIG DNSKEY 5 2 3600 20090107203935 ( + 20081228210640 47280 example.de. + Bk6rghHHe5smNETUq9iRY6JWr4gSZirMv6Pr + Sv6AuRNYbHz1K0ZMhQxdjkYbz7WidOtjtolm + lO2LGZreuNuU8vTbBNxJYTLHUDtncncuYQZR + htD5hsgGVyeYgEo5X+aIz0+NjrdJrkh3aDZd + k6FO0ga5+kmbg9My/C1vvnLgjWUaqjP3vnFB + 9mO5sb30X6qv3VT2d6A4DDqzCucYAphCSuSP + jw== ) + 3600 RRSIG DNSKEY 5 2 3600 20090107205931 ( + 20081228210640 11327 example.de. + EW0xShpQjjJnNl94XIe3SBqW/Ml2o5J5R5pf + pIp2NAVwE2lrBzukxjHQ+M4PPF2EtIUW9lF4 + AFrLMfn3ymVnCw== ) +localhost.example.de. 7200 IN A 127.0.0.1 + 7200 RRSIG A 5 3 7200 20090107205407 ( + 20081228210640 11327 example.de. + WSfYUmVVSaPb9nKWyCzczQDcjqlY+QsUSFlx + FN7OuARdi5JHQ6b/z3y9zrsUJOhuqM1XiF7H + +Y9WEsWuNjmzmw== ) + 7200 NSEC ns1.example.de. A RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20090107204235 ( + 20081228210640 11327 example.de. + URFD9Qy9xizej4LokkN8xqqGE4A4Fbe7S33O + vlUr1mw1Kx4zlzscUtGYAuMsHZgi/Rlyppib + XW+Fd3NHsYhisg== ) +ns1.example.de. 7200 IN A 1.0.0.5 + 7200 RRSIG A 5 3 7200 20090107204603 ( + 20081228210640 11327 example.de. + ZO17IgiAhdKtukAJEHIQyN+RqUHWOMvsDod8 + XAFuBfunAeul+LiSjupWQDOijQoOfa5uVMRT + 1wFhEqz//YgXkQ== ) + 7200 AAAA 2001:db8::53 + 7200 RRSIG AAAA 5 3 7200 20090107204610 ( + 20081228210640 11327 example.de. + S4aYxgu/DoVFaM0xdQ7WhfMaPK5sPt4ksZXx + rsNKCpL1JdNP9S78H4Iy1RUJ0I9i1EAFiWOl + 0JhVSprPJJiOIg== ) + 7200 NSEC ns2.example.de. A AAAA RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20090107210249 ( + 20081228210640 11327 example.de. + XVIz/mWN2RQ5mm20RYOytSl5Q7n9LNMenB6d + HpT1kaDLYSdPXd3ZlvBCNNMdNhMFmZTBxAxL + b0Mz8eoLdsy6Lg== ) +ns2.example.de. 7200 IN A 1.2.0.6 + 7200 RRSIG A 5 3 7200 20090107204524 ( + 20081228210640 11327 example.de. + fCtOEIQlgh4XDJTZdmh0MBBHOlXvvCR4L+bR + gKBOUUtzaeL+FuXo8zyrWKuOp6hXj8eOceEL + oZCrKrjJBbHrJA== ) + 7200 NSEC sub.example.de. A RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20090107210617 ( + 20081228210640 11327 example.de. + R4s8H352jY7amgr0bNRmhW4oXD++1itgbk33 + OMDY3cbEEmZ+NonMRDkIOb4cTjDh4in9otMs + Cl2vNscx9VO9QQ== ) +sub.example.de. 7200 IN NS ns1.example.de. + 7200 DS 56595 5 1 ( + 839C43F0267473F1335354384D91BFD70145 + AC01 ) + 7200 DS 56595 5 2 ( + 37F3AA854D2B7B2A9FAE3868EB37FFB08E1E + DE2E14AF4D259E6C46B027D5C5B7 ) + 7200 RRSIG DS 5 3 7200 20090107204420 ( + 20081228210640 11327 example.de. + ksOzuWcVDmEEipMetLHeNfWjhSiGizHN5qUL + H78iOQsu9/zGDuMlLt1ysY+B2vAASCl5jVTp + B5vr9CTvewcyAA== ) + 7200 NSEC example.de. NS DS RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20090107204025 ( + 20081228210640 11327 example.de. + pyIEOLCMXk7H4wDJ2IwJdoUxvm7UdDlHpsVR + gsgyogrsRb7xjnWQJ/lwHso+cmcGwvMoD/Qz + IjVpouYPkbRe3w== ) diff --git a/contrib/zkt/examples/hierarchical/de/example.de/zone.soa b/contrib/zkt/examples/hierarchical/de/example.de/zone.soa new file mode 100644 index 00000000..9b200c1b --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de/example.de/zone.soa @@ -0,0 +1,10 @@ +; Be sure that the serial number below is left +; justified in a field of at least 10 chars!! +; 0123456789; +; It's also possible to use the date form e.g. 2005040101 +@ IN SOA ns1.example.de. hostmaster.example.de. ( + 267 ; Serial + 43200 ; Refresh + 1800 ; Retry + 2W ; Expire + 7200 ) ; Minimum diff --git a/contrib/zkt/examples/hierarchical/de/keyset-example.de. b/contrib/zkt/examples/hierarchical/de/keyset-example.de. new file mode 100644 index 00000000..27a14419 --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de/keyset-example.de. @@ -0,0 +1,19 @@ +$ORIGIN . +example.de 7200 IN DNSKEY 257 3 5 ( + BQEAAAABDOkPawC/tCqSITj6lvzcIPwcMEX+ + Nvz17GBu85jmigMuvZQUYZBVUmJNNBbCNStl + z+Y+1pGg9HbWFvn0tpH/bm4mZPlJmk+WxQhH + z7eTm5xhSaSEEzq0uf087tAbaq1yaTpTtA2R + 7JXIPxt6CuD9Ou5bbYOzrFnBq1VBAYrwB6t/ + us10+Ab7T6Jvie/W+v4jto1Xx912Z8HHTbU4 + 8Mlp1+mUjQ== + ) ; key id = 37983 + 7200 IN DNSKEY 257 3 5 ( + BQEAAAABDV7kFHqVcWLoSAShdlXU5LKUdyU4 + LlsJGYMr8oIpjEzvwonRmX5pRiEjVhTwx+vx + 6eWluv6txXVu+F0g2ykmqUQdMfPYWmD9AJOq + vc2tCKVSRePqZ+HeIZR+heBnFKr5kWQmB5XO + lMdWNRA3y78s/LufVB8hD7r260jrVJ0W6wSM + GDjN4zQce8rHCe+LNB1GfaIASkMWjdgxNNAs + K9bqDM8Euw== + ) ; key id = 47280 diff --git a/contrib/zkt/examples/hierarchical/zone.conf b/contrib/zkt/examples/hierarchical/zone.conf index 6944d5aa..afd5a739 100644 --- a/contrib/zkt/examples/hierarchical/zone.conf +++ b/contrib/zkt/examples/hierarchical/zone.conf @@ -1,10 +1,10 @@ zone "example.de." in { type master; - file "de./example.de./zone.db.signed"; + file "de/example.de/zone.db.signed"; }; zone "sub.example.de." in { type master; - file "de./example.de./sub.example.de./zone.db.signed"; + file "de/example.de/sub.example.de/zone.db.signed"; }; diff --git a/contrib/zkt/examples/views/extern/example.net./zone.db.signed b/contrib/zkt/examples/views/extern/example.net./zone.db.signed deleted file mode 100644 index c0e28017..00000000 --- a/contrib/zkt/examples/views/extern/example.net./zone.db.signed +++ /dev/null @@ -1,109 +0,0 @@ -; File written on Thu Jun 12 17:56:06 2008 -; dnssec_signzone version 9.5.0 -example.net. 7200 IN SOA ns1.example.net. hostmaster.example.net. ( - 1213286165 ; serial - 43200 ; refresh (12 hours) - 1800 ; retry (30 minutes) - 1209600 ; expire (2 weeks) - 7200 ; minimum (2 hours) - ) - 7200 RRSIG SOA 5 2 7200 20080622145605 ( - 20080612145605 35744 example.net. - iSF46kemTmJ62ipRyAzcVF0zlND4ZXdMSzAg - wGLfXN1xlgt0IwB8ypP1OjDyUx+YwBpbMlJt - tFsswvYaZtP11Q== ) - 7200 NS ns1.example.net. - 7200 NS ns2.example.net. - 7200 RRSIG NS 5 2 7200 20080622145605 ( - 20080612145605 35744 example.net. - fmC9BXzFcy6TRXixIHk51TYTetGd69YcRguc - VlqTalvPJTJ99nKkRS5HdP2CZPJqv9bHOmSO - yQibjS4TA5Pr3g== ) - 7200 NSEC localhost.example.net. NS SOA RRSIG NSEC DNSKEY - 7200 RRSIG NSEC 5 2 7200 20080622145605 ( - 20080612145605 35744 example.net. - kimcFA1awlsIou/66y2XLByBWKc2e7Wm8vis - Pz/i0NS4NFoe+oSKIeIjUorWOSf5AkpxxntV - 91i/sxof6bc61w== ) - 3600 DNSKEY 256 3 5 ( - BQEAAAABsQvn4MXvSlbajLPMJdGnczsX/Zw5 - yYSeERYtaO2Wxi+kHz6wiAyKkbBYFUGtmbPJ - 6JFt+4f9KnNPi1txiBg76Q== - ) ; key id = 35744 - 3600 DNSKEY 256 3 5 ( - BQEAAAAB3U9DMT6BkywYADO+5p0lG4VFLLzN - vJUMaOc++HqN2N1sKSX4ZTf2V5gtamPZ/1kM - rg8gYImKCl6n3K37EjXYBw== - ) ; key id = 10367 - 3600 DNSKEY 257 3 5 ( - BQEAAAABDEEycfY6uqWNTpQO8ygi9xms6NOF - YGhCjijN109fVGJ4KDnIZtLhoFrOKru9rZn+ - pyqurlyZG4vESg0BMty6xljVDlr/TegDYFTN - 19mQuwvlasJhZPv9pjROPqQGnqLaw3O4OKCY - 9HgTTPdXK1hQ4Mg2rNU4SM2Tu5ki91f5AQqi - XF8KYMics0mwVvpj5C2YTDvE9SafLrce68JM - 6DaiC6E1sQ== - ) ; key id = 23553 - 3600 RRSIG DNSKEY 5 2 3600 20080622145605 ( - 20080612145605 23553 example.net. - Bfg8AMvj3OmC7E5aMCfotsdL4eJ+hPqtH30E - +aGEJojZNgfhnSKZrolMJa5fij4oZ+Fp8U+a - V73egxkrYI+NnddGRVium+vT6NDVknYl6hx0 - kgKmZ8oYMulF8CCmTaw6WXswIX0j/7e17Qtw - ZjbkWZagIXWotE5t0qel3doAQ37ZUaKMMAoc - SRgJ8s+w7OZ86f1kWyGNdhYeF8yY3AraSx7h - fg== ) - 3600 RRSIG DNSKEY 5 2 3600 20080622145605 ( - 20080612145605 35744 example.net. - SrsmKW7eB+zWA+8j2DvlDktthDusinJP4QKV - ihsJN1Gq8fTcHsFX2+3EJLyGZfhKyW7Q5Z1W - dIM4sjx78Zjh5Q== ) -localhost.example.net. 7200 IN A 127.0.0.1 - 7200 RRSIG A 5 3 7200 20080622145605 ( - 20080612145605 35744 example.net. - DUWSV0Wj/h1U4idKUoDLB+NXgj8M9et1E8BP - X0lhAu4CMrPhsiFU1NN+N3bhC16u7S+xxeEI - N/c7vC223ejn8A== ) - 7200 NSEC ns1.example.net. A RRSIG NSEC - 7200 RRSIG NSEC 5 3 7200 20080622145605 ( - 20080612145605 35744 example.net. - qQ7FB0+O9Ve88VblRspGAm28JXurNAQ23HX9 - rkmbFLL/Z7Xp7xO2899oJZrgHl3CWLcKRBV+ - P50QYwYXET3byw== ) -ns1.example.net. 7200 IN A 1.0.0.5 - 7200 RRSIG A 5 3 7200 20080622145605 ( - 20080612145605 35744 example.net. - qv8y5gEQg/5BpSTMoZvwW6AAzMIxT34ds4VK - QQ9ScfVYOwtKigsaFmr8Zs97R946rl5vh/cs - w8uw5x6/1ECflg== ) - 7200 AAAA 2001:db8::53 - 7200 RRSIG AAAA 5 3 7200 20080622145605 ( - 20080612145605 35744 example.net. - T5MtLR9ZY0e6PKk+nU9cjRpSAWaccH2bGjzI - aYEvKRFcLQ0QPDww8gBZNimYL+BYfCSysyXz - LNjR7KqYQxrXmg== ) - 7200 NSEC ns2.example.net. A AAAA RRSIG NSEC - 7200 RRSIG NSEC 5 3 7200 20080622145605 ( - 20080612145605 35744 example.net. - IlRZWwLVtf7oalaLBCMbqH4pxgqCJ7f0wQzO - ftS2jhMGVez+q7SgO8Vpw5f+vhNiSWe6noiN - ogRV1rxohxDyCw== ) -ns2.example.net. 7200 IN A 1.2.0.6 - 7200 RRSIG A 5 3 7200 20080622145605 ( - 20080612145605 35744 example.net. - NR3Nkw9U12uZcZs8ChTY+u3a0QisLV/5okqR - Cy1Jpg8YkEzBJ0nEdxoGX6WUtnb0u5Kjxea1 - iTZYEXffLBchmw== ) - 7200 NSEC sub.example.net. A RRSIG NSEC - 7200 RRSIG NSEC 5 3 7200 20080622145605 ( - 20080612145605 35744 example.net. - eM1ckSfeiEg6pV8JxJEEkDeDo04i1iblO6a1 - pWydc4IGMH0vaCuGHvLlfCmSOZK7TWMFSLJN - SqabEFO1114AyQ== ) -sub.example.net. 7200 IN NS ns1.example.net. - 7200 NSEC example.net. NS RRSIG NSEC - 7200 RRSIG NSEC 5 3 7200 20080622145605 ( - 20080612145605 35744 example.net. - nwfqNjzYHKtWWsJgoiM9ZQFY9UKHMS6pkyNB - ISgm6pTLeG9QXuwf9vTrtfvhPYAp5DRz96AT - db/3/DXIwUnMnA== ) diff --git a/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+10367.key b/contrib/zkt/examples/views/extern/example.net/Kexample.net.+005+10367.key index 54ba934b..54ba934b 100644 --- a/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+10367.key +++ b/contrib/zkt/examples/views/extern/example.net/Kexample.net.+005+10367.key diff --git a/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+10367.published b/contrib/zkt/examples/views/extern/example.net/Kexample.net.+005+10367.private index 7240075f..7240075f 100644 --- a/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+10367.published +++ b/contrib/zkt/examples/views/extern/example.net/Kexample.net.+005+10367.private diff --git a/contrib/zkt/examples/views/extern/example.net/Kexample.net.+005+14714.key b/contrib/zkt/examples/views/extern/example.net/Kexample.net.+005+14714.key new file mode 100644 index 00000000..08bebc1e --- /dev/null +++ b/contrib/zkt/examples/views/extern/example.net/Kexample.net.+005+14714.key @@ -0,0 +1,3 @@ +;% generationtime=20081002230045 +;% lifetime=30d +example.net. IN DNSKEY 256 3 5 BQEAAAABzPSR9zqdJdYnKWNwcUeyykwvSBrkAidjF2+ndxtzw5OCLZG0 QfmUumSh2Cq+g1dZw2lIKan+blLCD7vRCX6cRw== diff --git a/contrib/zkt/examples/views/extern/example.net/Kexample.net.+005+14714.published b/contrib/zkt/examples/views/extern/example.net/Kexample.net.+005+14714.published new file mode 100644 index 00000000..fc9402ab --- /dev/null +++ b/contrib/zkt/examples/views/extern/example.net/Kexample.net.+005+14714.published @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: zPSR9zqdJdYnKWNwcUeyykwvSBrkAidjF2+ndxtzw5OCLZG0QfmUumSh2Cq+g1dZw2lIKan+blLCD7vRCX6cRw== +PublicExponent: AQAAAAE= +PrivateExponent: UPJ5tLih3Wxu/lvoTctyw53YqaVngGRH+fSTLNchJfqXrwwKdP0LqiNMjWHv1m+OtDZJgbU8sZmXCXUVZOgCAQ== +Prime1: /0fbhjXuq926sklBidVvZ5KPmAJPlbAeCprKhXi7GwE= +Prime2: zYhpS9+p5PR1MisPZ5jf456zfJZg/XsuLZ288+5VH0c= +Exponent1: rrZnAccK6f+4bRRLZEzM6V5tVopoZuSo3StxdGFIuAE= +Exponent2: ChoiCjVQLac7g0/XOTbjeCoqrgcz9KB/z/36ZbuGRQ0= +Coefficient: Lria2iu3j2EXiZal1YUyoUleY2jM64c4Dv5SYVzrsVU= diff --git a/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+23553.key b/contrib/zkt/examples/views/extern/example.net/Kexample.net.+005+23553.key index ec11dcb5..ec11dcb5 100644 --- a/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+23553.key +++ b/contrib/zkt/examples/views/extern/example.net/Kexample.net.+005+23553.key diff --git a/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+23553.private b/contrib/zkt/examples/views/extern/example.net/Kexample.net.+005+23553.private index ea294474..ea294474 100644 --- a/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+23553.private +++ b/contrib/zkt/examples/views/extern/example.net/Kexample.net.+005+23553.private diff --git a/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+35744.private b/contrib/zkt/examples/views/extern/example.net/Kexample.net.+005+35744.depreciated index ca789ebf..ca789ebf 100644 --- a/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+35744.private +++ b/contrib/zkt/examples/views/extern/example.net/Kexample.net.+005+35744.depreciated diff --git a/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+35744.key b/contrib/zkt/examples/views/extern/example.net/Kexample.net.+005+35744.key index 1809a935..1809a935 100644 --- a/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+35744.key +++ b/contrib/zkt/examples/views/extern/example.net/Kexample.net.+005+35744.key diff --git a/contrib/zkt/examples/views/extern/example.net./dnskey.db b/contrib/zkt/examples/views/extern/example.net/dnskey.db index d46eff9f..0ed196ef 100644 --- a/contrib/zkt/examples/views/extern/example.net./dnskey.db +++ b/contrib/zkt/examples/views/extern/example.net/dnskey.db @@ -2,11 +2,11 @@ ; !!! Don't edit this file by hand. ; !!! It will be generated by dnssec-signer. ; -; Last generation time Jun 12 2008 17:56:05 +; Last generation time Oct 03 2008 01:00:45 ; ; *** List of Key Signing Keys *** -; example.net. tag=23553 algo=RSASHA1 generated Nov 20 2007 12:49:04 +; example.net. tag=23553 algo=RSASHA1 generated Aug 05 2008 23:01:57 example.net. 3600 IN DNSKEY 257 3 5 ( BQEAAAABDEEycfY6uqWNTpQO8ygi9xms6NOFYGhCjijN109fVGJ4KDnI ZtLhoFrOKru9rZn+pyqurlyZG4vESg0BMty6xljVDlr/TegDYFTN19mQ @@ -16,15 +16,21 @@ example.net. 3600 IN DNSKEY 257 3 5 ( ) ; key id = 23553 ; *** List of Zone Signing Keys *** -; example.net. tag=35744 algo=RSASHA1 generated Jun 10 2008 01:11:43 +; example.net. tag=35744 algo=RSASHA1 generated Aug 05 2008 23:01:57 example.net. 3600 IN DNSKEY 256 3 5 ( BQEAAAABsQvn4MXvSlbajLPMJdGnczsX/Zw5yYSeERYtaO2Wxi+kHz6w iAyKkbBYFUGtmbPJ6JFt+4f9KnNPi1txiBg76Q== ) ; key id = 35744 -; example.net. tag=10367 algo=RSASHA1 generated Jun 10 2008 01:11:43 +; example.net. tag=10367 algo=RSASHA1 generated Aug 05 2008 23:01:57 example.net. 3600 IN DNSKEY 256 3 5 ( BQEAAAAB3U9DMT6BkywYADO+5p0lG4VFLLzNvJUMaOc++HqN2N1sKSX4 ZTf2V5gtamPZ/1kMrg8gYImKCl6n3K37EjXYBw== ) ; key id = 10367 +; example.net. tag=14714 algo=RSASHA1 generated Oct 03 2008 01:00:45 +example.net. 3600 IN DNSKEY 256 3 5 ( + BQEAAAABzPSR9zqdJdYnKWNwcUeyykwvSBrkAidjF2+ndxtzw5OCLZG0 + QfmUumSh2Cq+g1dZw2lIKan+blLCD7vRCX6cRw== + ) ; key id = 14714 + diff --git a/contrib/zkt/examples/views/extern/example.net./dsset-example.net. b/contrib/zkt/examples/views/extern/example.net/dsset-example.net. index cbcd3d02..cbcd3d02 100644 --- a/contrib/zkt/examples/views/extern/example.net./dsset-example.net. +++ b/contrib/zkt/examples/views/extern/example.net/dsset-example.net. diff --git a/contrib/zkt/examples/views/extern/example.net./keyset-example.net. b/contrib/zkt/examples/views/extern/example.net/keyset-example.net. index b8452456..b8452456 100644 --- a/contrib/zkt/examples/views/extern/example.net./keyset-example.net. +++ b/contrib/zkt/examples/views/extern/example.net/keyset-example.net. diff --git a/contrib/zkt/examples/views/extern/example.net./zone.db b/contrib/zkt/examples/views/extern/example.net/zone.db index 4c72928f..4c72928f 100644 --- a/contrib/zkt/examples/views/extern/example.net./zone.db +++ b/contrib/zkt/examples/views/extern/example.net/zone.db diff --git a/contrib/zkt/examples/views/extern/example.net/zone.db.signed b/contrib/zkt/examples/views/extern/example.net/zone.db.signed new file mode 100644 index 00000000..271ac0f2 --- /dev/null +++ b/contrib/zkt/examples/views/extern/example.net/zone.db.signed @@ -0,0 +1,114 @@ +; File written on Fri Oct 3 01:00:46 2008 +; dnssec_signzone version 9.5.1b2 +example.net. 7200 IN SOA ns1.example.net. hostmaster.example.net. ( + 1222988445 ; serial + 43200 ; refresh (12 hours) + 1800 ; retry (30 minutes) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 7200 RRSIG SOA 5 2 7200 20081012220045 ( + 20081002220045 10367 example.net. + LCFqUSzaxGi6kFs/IV6OuWgB77TzF4cYCH0S + UKrZ2PBlf7iR10Y1t7UsG/RGy/mBZxMMebf+ + IzaEcsJynOXTOA== ) + 7200 NS ns1.example.net. + 7200 NS ns2.example.net. + 7200 RRSIG NS 5 2 7200 20081012220045 ( + 20081002220045 10367 example.net. + hc9aE9RI0TQr9IlIv7A6Xl3D+O7IT4B2vmAj + 7HA6znKCJMoA42h/EBNaSpc7lwLQmsHVpjP6 + I1cAjynNC+KCwA== ) + 7200 NSEC localhost.example.net. NS SOA RRSIG NSEC DNSKEY + 7200 RRSIG NSEC 5 2 7200 20081012220045 ( + 20081002220045 10367 example.net. + mRRRKkwqB3r09e9vBGCGj4d+TiPmKAFnldyd + bWIoh7zT/cJm/HH8nDR1zUXXdeKp3/k8ddup + rXE8rdS4LHa7sg== ) + 3600 DNSKEY 256 3 5 ( + BQEAAAABsQvn4MXvSlbajLPMJdGnczsX/Zw5 + yYSeERYtaO2Wxi+kHz6wiAyKkbBYFUGtmbPJ + 6JFt+4f9KnNPi1txiBg76Q== + ) ; key id = 35744 + 3600 DNSKEY 256 3 5 ( + BQEAAAABzPSR9zqdJdYnKWNwcUeyykwvSBrk + AidjF2+ndxtzw5OCLZG0QfmUumSh2Cq+g1dZ + w2lIKan+blLCD7vRCX6cRw== + ) ; key id = 14714 + 3600 DNSKEY 256 3 5 ( + BQEAAAAB3U9DMT6BkywYADO+5p0lG4VFLLzN + vJUMaOc++HqN2N1sKSX4ZTf2V5gtamPZ/1kM + rg8gYImKCl6n3K37EjXYBw== + ) ; key id = 10367 + 3600 DNSKEY 257 3 5 ( + BQEAAAABDEEycfY6uqWNTpQO8ygi9xms6NOF + YGhCjijN109fVGJ4KDnIZtLhoFrOKru9rZn+ + pyqurlyZG4vESg0BMty6xljVDlr/TegDYFTN + 19mQuwvlasJhZPv9pjROPqQGnqLaw3O4OKCY + 9HgTTPdXK1hQ4Mg2rNU4SM2Tu5ki91f5AQqi + XF8KYMics0mwVvpj5C2YTDvE9SafLrce68JM + 6DaiC6E1sQ== + ) ; key id = 23553 + 3600 RRSIG DNSKEY 5 2 3600 20081012220045 ( + 20081002220045 10367 example.net. + RfMpx9krw1j7GCBGHnLU1NvvoBFOw2+HA08j + zhrSrOd0iKlSxyewCf0r2LVUV0EXFEzwbrqy + Wyt1l1ojfDX7mQ== ) + 3600 RRSIG DNSKEY 5 2 3600 20081012220045 ( + 20081002220045 23553 example.net. + AYHR7rcPmwdcr3UP8jPBNesQ3aC8RdeB8vtg + V01vPtvNIpp1OtMPIEx7bot9eWfmD/gVNuyS + xOAp77KxECFIULPvq6Pk1dyTUOWXn19JOMDU + CPyIxJs9gjD9AQ+UYo7UhhipOV1w5Y/g3Kvj + TiPEMprIF2xBUSRDSn8+qTZdvQE8QymU4ujj + 0gTF8egaCwgSmdeBajS3Vb6/L8M+GGP1tSOb + Sg== ) +localhost.example.net. 7200 IN A 127.0.0.1 + 7200 RRSIG A 5 3 7200 20081012220045 ( + 20081002220045 10367 example.net. + ngq0qDdgR3JILUgNpXzafmJd16pMcIJBlX3Q + URIhGFOXTgUvRmOGsZvhqEqSCQQwkPYkpsNd + 6NEKo5ZMZujTzA== ) + 7200 NSEC ns1.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20081012220045 ( + 20081002220045 10367 example.net. + KoYaIavkKL8/oYzk1DQIy9SodaCd8yYC6QMD + Ry4PfyiaoKchq45KFlQ5SVkaPfXQmGffbJdT + mndSk+Txu7C2aw== ) +ns1.example.net. 7200 IN A 1.0.0.5 + 7200 RRSIG A 5 3 7200 20081012220045 ( + 20081002220045 10367 example.net. + TZnIpUO6Odm6FaN2fzXslFfPjN0BmueDUco8 + T/sxtBpVAMbLkgSopaTEKgvV/J+pZfR1ehIh + GZfIki/kSWfXxg== ) + 7200 AAAA 2001:db8::53 + 7200 RRSIG AAAA 5 3 7200 20081012220045 ( + 20081002220045 10367 example.net. + Kr+R4GvcpfWp6RGMauy1MFK9iRwIuvxFfAxd + ZAa/RiGOAB6BnLuGP6JHbJg25n6e+zPT7HeB + cHmHAn4azykZDg== ) + 7200 NSEC ns2.example.net. A AAAA RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20081012220045 ( + 20081002220045 10367 example.net. + t7VkcKKR55956Kv9ASpw5vJCIFtZ1jYoBOU/ + aaB5OFsrN8706ARrlkUw6aFBCh1sd9vzi+SU + vkgWg0dE7bbUpg== ) +ns2.example.net. 7200 IN A 1.2.0.6 + 7200 RRSIG A 5 3 7200 20081012220045 ( + 20081002220045 10367 example.net. + lpYgf61HD7a7hAPtZuMnMxnVsjFSwY7qyRce + cVzUeaxlqHTBbgXazldKYyYkBsPR1f7x7JUI + m39kBVe4kf9byg== ) + 7200 NSEC sub.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20081012220045 ( + 20081002220045 10367 example.net. + fC8u/dDkso6U3eBqyQrhohlnsMOZjHvn/vOx + PxNCoJ3ideGp6g/WWExRdLA+SdQJqm40QJoQ + +72LfvnXzQ+tRg== ) +sub.example.net. 7200 IN NS ns1.example.net. + 7200 NSEC example.net. NS RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20081012220045 ( + 20081002220045 10367 example.net. + OGaRT/2gV7fgQ88YXhqbP08cH+x/otO5qOEX + WJ7PvCMhForeY7z66e1LZufRqU2HchNpx94o + cz9+z1t7ECFYhw== ) diff --git a/contrib/zkt/examples/views/extern/zkt-ext.log b/contrib/zkt/examples/views/extern/zkt-ext.log index 04fa4fbc..d070ca23 100644 --- a/contrib/zkt/examples/views/extern/zkt-ext.log +++ b/contrib/zkt/examples/views/extern/zkt-ext.log @@ -26,3 +26,26 @@ 2008-06-12 18:00:39.020: debug: Check ksk status 2008-06-12 18:00:39.020: debug: Re-signing not necessary! 2008-06-12 18:00:39.020: notice: end of run: 0 errors occured +2008-10-03 01:00:45.544: notice: ------------------------------------------------------------ +2008-10-03 01:00:45.544: notice: running ../../dnssec-signer -V extern -v -v +2008-10-03 01:00:45.545: debug: parsing zone "example.net" in dir "extern/example.net" +2008-10-03 01:00:45.545: debug: Check RFC5011 status +2008-10-03 01:00:45.545: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2008-10-03 01:00:45.545: debug: Check KSK status +2008-10-03 01:00:45.545: debug: Check ZSK status +2008-10-03 01:00:45.545: debug: Lifetime(2592000 +/-150 sec) of active key 35744 exceeded (5018328 sec) +2008-10-03 01:00:45.546: debug: ->depreciate it +2008-10-03 01:00:45.546: debug: ->activate published key 10367 +2008-10-03 01:00:45.546: notice: "example.net": lifetime of zone signing key 35744 exceeded: ZSK rollover done +2008-10-03 01:00:45.546: debug: New key for publishing needed +2008-10-03 01:00:45.614: debug: ->creating new key 14714 +2008-10-03 01:00:45.614: info: "example.net": new key 14714 generated for publishing +2008-10-03 01:00:45.614: debug: Re-signing necessary: New zone key +2008-10-03 01:00:45.614: notice: "example.net": re-signing triggered: New zone key +2008-10-03 01:00:45.614: debug: Writing key file "extern/example.net/dnskey.db" +2008-10-03 01:00:45.614: debug: Signing zone "example.net" +2008-10-03 01:00:45.614: debug: Run cmd "cd extern/example.net; /usr/local/sbin/dnssec-signzone -g -p -o example.net -e +864000 -N unixtime zone.db K*.private" +2008-10-03 01:00:46.114: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-10-03 01:00:46.114: debug: Signing completed after 1s. +2008-10-03 01:00:46.114: debug: +2008-10-03 01:00:46.114: notice: end of run: 0 errors occured diff --git a/contrib/zkt/examples/views/intern/example.net./zone.db.signed b/contrib/zkt/examples/views/intern/example.net./zone.db.signed deleted file mode 100644 index 88a42c6a..00000000 --- a/contrib/zkt/examples/views/intern/example.net./zone.db.signed +++ /dev/null @@ -1,109 +0,0 @@ -; File written on Thu Jun 12 18:13:43 2008 -; dnssec_signzone version 9.5.0 -example.net. 7200 IN SOA ns1.example.net. hostmaster.example.net. ( - 1213287223 ; serial - 43200 ; refresh (12 hours) - 1800 ; retry (30 minutes) - 1209600 ; expire (2 weeks) - 7200 ; minimum (2 hours) - ) - 7200 RRSIG SOA 5 2 7200 20080613151343 ( - 20080612151343 5972 example.net. - Pc3wGwZm0n5gMs9lSHUiRG4EIpalC+UUJPwy - 2LwHbyFkzCdGQz2RDJeL6mRKS4Z+gmt3oNUV - aV3H0KfNq6ITLg== ) - 7200 NS ns1.example.net. - 7200 NS ns2.example.net. - 7200 RRSIG NS 5 2 7200 20080613151343 ( - 20080612151343 5972 example.net. - dUy23xqHx9shvAc20zW9uBOt8TnrI5ot31vS - Gas9s5ksxGZuQIIdpdYvbFtufp9jLfAQG98L - a6rQDFcnJ8xzng== ) - 7200 NSEC localhost.example.net. NS SOA RRSIG NSEC DNSKEY - 7200 RRSIG NSEC 5 2 7200 20080613151343 ( - 20080612151343 5972 example.net. - gWt7VDw60E1q7qS4+pkor6RR2Dfc1sshGHia - UEJBt9F4PiHux3ICJbyWQ2USBLJMzO+uR8GH - kt2inbyQytbPDQ== ) - 1800 DNSKEY 256 3 5 ( - BQEAAAABsMIdQ+yt52Q/OR1s+QPj7SuBydYb - 11l0HC5kGIDp+JPQIQHxpyCWa/LaLgcvK3IA - 1HR8YaO3QXB2LAHEz5B/CQ== - ) ; key id = 5972 - 1800 DNSKEY 256 3 5 ( - BQEAAAABzbx90CiFrOSh0/BkiRQYRC4rHL0Q - Qv96Qwy5/zuOa/3Zy9LcTpbE13DtEAqOfVGS - Q79S4WgKalFJxq6lSk0xrw== - ) ; key id = 23375 - 1800 DNSKEY 257 3 5 ( - BQEAAAABC+JLXRgWPqqGe0cta8CR95tz7Pkk - gRDlXyxESD+XkpVDkJ3Wey/1Lh7083Ve1WmI - uUAo3N4d7HjLgrFVZxiumGGRz/aV3s01OFFS - 5JqIwF9BTNrNPGLPzzbBaQMHErO88HIbbg4s - ot7e6bSrtpAEf23MhZ3qZJC9+nN+DknmsgTE - 6EpK6ZyUrZc64/0K68EWhtk1gf95NQEzTD4Q - grOD6IYqLw== - ) ; key id = 126 - 1800 RRSIG DNSKEY 5 2 1800 20080613151343 ( - 20080612151343 126 example.net. - CPj9rEcjTazkLm5yNpC4PatufPvKQdCkaIj9 - EKFgYUpPftfvhP1MzKcHnKraVq8jU995e1vU - WZ3ac9M4KRynUoYYj4/nMFwWQu/xC9yaUjj0 - XodXMEMlSjjN5BE/2Og3xzKJ9grim7riKClH - fixhNn6WGUXWT7TV1GKNnB7Ix/ZVCpzU4QAz - qr28rqTYvbmoowGXPf6OgafFdRQ6rdTRTzvK - xA== ) - 1800 RRSIG DNSKEY 5 2 1800 20080613151343 ( - 20080612151343 5972 example.net. - dOdjm4GD0nzgoMgRYl8HiEqi4nxP/ocB7n/N - WRKdU4Tuk7OYacr2Bd+tVa2bKLJZ9JmMQR8v - VDkzRjT4eONxuA== ) -localhost.example.net. 7200 IN A 127.0.0.1 - 7200 RRSIG A 5 3 7200 20080613151343 ( - 20080612151343 5972 example.net. - KRpkDBsuqC+WHv++YBsxW1rhkALl/LWyI24E - qJJevkm0+5tCmHgHa9WovZwDDMEn/tzxOaqi - rk8Mnbf6cYxSlw== ) - 7200 NSEC ns1.example.net. A RRSIG NSEC - 7200 RRSIG NSEC 5 3 7200 20080613151343 ( - 20080612151343 5972 example.net. - GdpOVVyqa1nTaGFuN4ohqxnYs5yG+vGK9gK0 - Tt4aenChFAmcuIvhX7ZcdejXM8x+imttnKCp - Smho3kSGf9gQRQ== ) -ns1.example.net. 7200 IN A 192.168.1.53 - 7200 RRSIG A 5 3 7200 20080613151343 ( - 20080612151343 5972 example.net. - P4vZDd3DBZIEwk9mQWoR1qjqyFTNOvsp+yOt - z2OvdAjSnlVnYHC0lM0LY24RVTQlQPLRq75F - joAIP/0wvXihsA== ) - 7200 AAAA fd12:63c:cdbb::53 - 7200 RRSIG AAAA 5 3 7200 20080613151343 ( - 20080612151343 5972 example.net. - V04kA3VrzhcNfwCEXBpgKyu+eRFYGCIrXuty - XiRCHV2DCOlr9EBKGdXzpR8kUnpRZI2BuP17 - 2a3emgs9BHJJ6A== ) - 7200 NSEC ns2.example.net. A AAAA RRSIG NSEC - 7200 RRSIG NSEC 5 3 7200 20080613151343 ( - 20080612151343 5972 example.net. - Y0DaMxmczQLNCtzKO/MA7Nvt4Rh3MdnEvcPJ - 48blsqd3UWGlRcHD/yx1NFV2JxBFSNTsAkBs - JFhw+nVeZJdHJA== ) -ns2.example.net. 7200 IN A 10.1.2.3 - 7200 RRSIG A 5 3 7200 20080613151343 ( - 20080612151343 5972 example.net. - GsvMGEozNeTjBPOuYM3thOZsQ+pPv7/8zQlj - FPnivBwkvkgrk+IyJxoh9xyTnVxd93mPY0Rv - Xsp5ITBTILSM6Q== ) - 7200 NSEC sub.example.net. A RRSIG NSEC - 7200 RRSIG NSEC 5 3 7200 20080613151343 ( - 20080612151343 5972 example.net. - LYIa+Hhk4l6KnbT/QKS0Zqkfy8Ywpz8J9RLh - 9VqzxFcdXrJswV4o/5fbZCT33sBqzebggBVR - LYF/o0HVi5uzJA== ) -sub.example.net. 7200 IN NS ns1.example.net. - 7200 NSEC example.net. NS RRSIG NSEC - 7200 RRSIG NSEC 5 3 7200 20080613151343 ( - 20080612151343 5972 example.net. - nkGsdegvupGxCOpr/8K6kY/0iZH1ZC8y5HwQ - 8Z3/aD0wJxaVK9iMjZ+jbIbQHg3Es5V0UYFR - RPdjTNk7YEC0Mg== ) diff --git a/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+00126.key b/contrib/zkt/examples/views/intern/example.net/Kexample.net.+005+00126.key index 316e4cfe..316e4cfe 100644 --- a/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+00126.key +++ b/contrib/zkt/examples/views/intern/example.net/Kexample.net.+005+00126.key diff --git a/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+00126.private b/contrib/zkt/examples/views/intern/example.net/Kexample.net.+005+00126.private index 96e1ff6e..96e1ff6e 100644 --- a/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+00126.private +++ b/contrib/zkt/examples/views/intern/example.net/Kexample.net.+005+00126.private diff --git a/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+05972.private b/contrib/zkt/examples/views/intern/example.net/Kexample.net.+005+05972.depreciated index b5196416..b5196416 100644 --- a/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+05972.private +++ b/contrib/zkt/examples/views/intern/example.net/Kexample.net.+005+05972.depreciated diff --git a/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+05972.key b/contrib/zkt/examples/views/intern/example.net/Kexample.net.+005+05972.key index 8be3973c..8be3973c 100644 --- a/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+05972.key +++ b/contrib/zkt/examples/views/intern/example.net/Kexample.net.+005+05972.key diff --git a/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+23375.key b/contrib/zkt/examples/views/intern/example.net/Kexample.net.+005+23375.key index 160110ec..160110ec 100644 --- a/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+23375.key +++ b/contrib/zkt/examples/views/intern/example.net/Kexample.net.+005+23375.key diff --git a/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+23375.published b/contrib/zkt/examples/views/intern/example.net/Kexample.net.+005+23375.private index 60e43160..60e43160 100644 --- a/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+23375.published +++ b/contrib/zkt/examples/views/intern/example.net/Kexample.net.+005+23375.private diff --git a/contrib/zkt/examples/views/intern/example.net/Kexample.net.+005+55745.key b/contrib/zkt/examples/views/intern/example.net/Kexample.net.+005+55745.key new file mode 100644 index 00000000..e8977b33 --- /dev/null +++ b/contrib/zkt/examples/views/intern/example.net/Kexample.net.+005+55745.key @@ -0,0 +1,3 @@ +;% generationtime=20081002230038 +;% lifetime=30d +example.net. IN DNSKEY 256 3 5 BQEAAAAB1g5OlYFp03w9hVcucAfvd/zwaAMgH3nDnWBT3BD75hEuz/Cb 6YapmxaZybxc+EE/Ts8bhXGqPEwoADjxfW1UFw== diff --git a/contrib/zkt/examples/views/intern/example.net/Kexample.net.+005+55745.published b/contrib/zkt/examples/views/intern/example.net/Kexample.net.+005+55745.published new file mode 100644 index 00000000..08c8f20b --- /dev/null +++ b/contrib/zkt/examples/views/intern/example.net/Kexample.net.+005+55745.published @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: 1g5OlYFp03w9hVcucAfvd/zwaAMgH3nDnWBT3BD75hEuz/Cb6YapmxaZybxc+EE/Ts8bhXGqPEwoADjxfW1UFw== +PublicExponent: AQAAAAE= +PrivateExponent: dQ8votLvyw0GPMsOp8k0mmhnjV07S4auujNLDyYZAiuHzVAXnGNz3xT2SnFW8w8DefMPcsV5xcIrRK7e0IwFQQ== +Prime1: /cDlq0uko2XS08z5G6tedDY2VMrpPBHtZfPFv+deJNU= +Prime2: 1/NwlY7J6WKGV/OIF6rlhn4UUitvTW7fpvUtyVEm+zs= +Exponent1: omnudnzEz+TTOSfoandcrZGS9x4qxU7hN+WjpRI7sCU= +Exponent2: rrt9FPIRiwGDSRtlsUaPNqgcgk4l/EQdWciqnhWu5ms= +Coefficient: GFA1bGcsWxRZza80zKnL/V9YsfoNaI4id7pwU7FOtAE= diff --git a/contrib/zkt/examples/views/intern/example.net./dnskey.db b/contrib/zkt/examples/views/intern/example.net/dnskey.db index 9e2c47ff..76e992de 100644 --- a/contrib/zkt/examples/views/intern/example.net./dnskey.db +++ b/contrib/zkt/examples/views/intern/example.net/dnskey.db @@ -2,11 +2,11 @@ ; !!! Don't edit this file by hand. ; !!! It will be generated by dnssec-signer. ; -; Last generation time Jun 12 2008 18:13:43 +; Last generation time Oct 03 2008 01:00:38 ; ; *** List of Key Signing Keys *** -; example.net. tag=126 algo=RSASHA1 generated Nov 20 2007 12:44:27 +; example.net. tag=126 algo=RSASHA1 generated Aug 05 2008 23:01:57 example.net. 1800 IN DNSKEY 257 3 5 ( BQEAAAABC+JLXRgWPqqGe0cta8CR95tz7PkkgRDlXyxESD+XkpVDkJ3W ey/1Lh7083Ve1WmIuUAo3N4d7HjLgrFVZxiumGGRz/aV3s01OFFS5JqI @@ -16,15 +16,21 @@ example.net. 1800 IN DNSKEY 257 3 5 ( ) ; key id = 126 ; *** List of Zone Signing Keys *** -; example.net. tag=5972 algo=RSASHA1 generated Nov 20 2007 12:44:27 +; example.net. tag=23375 algo=RSASHA1 generated Aug 05 2008 23:01:57 +example.net. 1800 IN DNSKEY 256 3 5 ( + BQEAAAABzbx90CiFrOSh0/BkiRQYRC4rHL0QQv96Qwy5/zuOa/3Zy9Lc + TpbE13DtEAqOfVGSQ79S4WgKalFJxq6lSk0xrw== + ) ; key id = 23375 + +; example.net. tag=5972 algo=RSASHA1 generated Aug 05 2008 23:01:57 example.net. 1800 IN DNSKEY 256 3 5 ( BQEAAAABsMIdQ+yt52Q/OR1s+QPj7SuBydYb11l0HC5kGIDp+JPQIQHx pyCWa/LaLgcvK3IA1HR8YaO3QXB2LAHEz5B/CQ== ) ; key id = 5972 -; example.net. tag=23375 algo=RSASHA1 generated Jun 12 2008 17:45:45 +; example.net. tag=55745 algo=RSASHA1 generated Oct 03 2008 01:00:38 example.net. 1800 IN DNSKEY 256 3 5 ( - BQEAAAABzbx90CiFrOSh0/BkiRQYRC4rHL0QQv96Qwy5/zuOa/3Zy9Lc - TpbE13DtEAqOfVGSQ79S4WgKalFJxq6lSk0xrw== - ) ; key id = 23375 + BQEAAAAB1g5OlYFp03w9hVcucAfvd/zwaAMgH3nDnWBT3BD75hEuz/Cb + 6YapmxaZybxc+EE/Ts8bhXGqPEwoADjxfW1UFw== + ) ; key id = 55745 diff --git a/contrib/zkt/examples/views/intern/example.net./dsset-example.net. b/contrib/zkt/examples/views/intern/example.net/dsset-example.net. index b61c1b6f..b61c1b6f 100644 --- a/contrib/zkt/examples/views/intern/example.net./dsset-example.net. +++ b/contrib/zkt/examples/views/intern/example.net/dsset-example.net. diff --git a/contrib/zkt/examples/views/intern/example.net./keyset-example.net. b/contrib/zkt/examples/views/intern/example.net/keyset-example.net. index 0aa2c7d4..0aa2c7d4 100644 --- a/contrib/zkt/examples/views/intern/example.net./keyset-example.net. +++ b/contrib/zkt/examples/views/intern/example.net/keyset-example.net. diff --git a/contrib/zkt/examples/views/intern/example.net./zone.db b/contrib/zkt/examples/views/intern/example.net/zone.db index d3e90f7f..d3e90f7f 100644 --- a/contrib/zkt/examples/views/intern/example.net./zone.db +++ b/contrib/zkt/examples/views/intern/example.net/zone.db diff --git a/contrib/zkt/examples/views/intern/example.net/zone.db.signed b/contrib/zkt/examples/views/intern/example.net/zone.db.signed new file mode 100644 index 00000000..14beb424 --- /dev/null +++ b/contrib/zkt/examples/views/intern/example.net/zone.db.signed @@ -0,0 +1,114 @@ +; File written on Fri Oct 3 01:00:38 2008 +; dnssec_signzone version 9.5.1b2 +example.net. 7200 IN SOA ns1.example.net. hostmaster.example.net. ( + 1222988438 ; serial + 43200 ; refresh (12 hours) + 1800 ; retry (30 minutes) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 7200 RRSIG SOA 5 2 7200 20081003220038 ( + 20081002220038 23375 example.net. + EaJUHwT7koYW6b+W6LZ/1L3zXvs/SMSW+d94 + PjdcgdSR4b8mhJetzWj2ZO/n5uy7CUl496Hx + RU+QoCF8K6HkVw== ) + 7200 NS ns1.example.net. + 7200 NS ns2.example.net. + 7200 RRSIG NS 5 2 7200 20081003220038 ( + 20081002220038 23375 example.net. + b0W8xa7AgV6IWMSYtVCuix1bEHeohx2oboqs + HqCrVPgd0OtYdSpxgcIJhLiUv/9ux9YihjKC + aKsw9D8YtpOmpg== ) + 7200 NSEC localhost.example.net. NS SOA RRSIG NSEC DNSKEY + 7200 RRSIG NSEC 5 2 7200 20081003220038 ( + 20081002220038 23375 example.net. + mHJnc/UsTztaTRWQCTVc7vgM8bt5mgFJTIlJ + 52+Rn74uzak2fDTfR4jHEHCqsinx9EA+iAcN + 2na44xgRs2dCNQ== ) + 1800 DNSKEY 256 3 5 ( + BQEAAAABsMIdQ+yt52Q/OR1s+QPj7SuBydYb + 11l0HC5kGIDp+JPQIQHxpyCWa/LaLgcvK3IA + 1HR8YaO3QXB2LAHEz5B/CQ== + ) ; key id = 5972 + 1800 DNSKEY 256 3 5 ( + BQEAAAABzbx90CiFrOSh0/BkiRQYRC4rHL0Q + Qv96Qwy5/zuOa/3Zy9LcTpbE13DtEAqOfVGS + Q79S4WgKalFJxq6lSk0xrw== + ) ; key id = 23375 + 1800 DNSKEY 256 3 5 ( + BQEAAAAB1g5OlYFp03w9hVcucAfvd/zwaAMg + H3nDnWBT3BD75hEuz/Cb6YapmxaZybxc+EE/ + Ts8bhXGqPEwoADjxfW1UFw== + ) ; key id = 55745 + 1800 DNSKEY 257 3 5 ( + BQEAAAABC+JLXRgWPqqGe0cta8CR95tz7Pkk + gRDlXyxESD+XkpVDkJ3Wey/1Lh7083Ve1WmI + uUAo3N4d7HjLgrFVZxiumGGRz/aV3s01OFFS + 5JqIwF9BTNrNPGLPzzbBaQMHErO88HIbbg4s + ot7e6bSrtpAEf23MhZ3qZJC9+nN+DknmsgTE + 6EpK6ZyUrZc64/0K68EWhtk1gf95NQEzTD4Q + grOD6IYqLw== + ) ; key id = 126 + 1800 RRSIG DNSKEY 5 2 1800 20081003220038 ( + 20081002220038 126 example.net. + CLKVhqz7zOAEyJrQq/WAEaRsnTfNEnCwYEMj + KPrAgiXXF+RJy18cHN7QoXb4kc8KA/TrOU1w + WN8IjdESlPj9pQKqUs/uO9RLzIcv6jOlOKQP + oKOjjnOxAL52+WNK94TUpunlvfd53ovC8YK4 + /nOsSjpLoqTbmL1r45vqpL/C6jqJR8bTouwy + rjAYEtkWRND0QZ9R6IAHfxO6onmX1GOtu5Ji + ew== ) + 1800 RRSIG DNSKEY 5 2 1800 20081003220038 ( + 20081002220038 23375 example.net. + WXsmdMkwYcvzrf8qevByn+BMPjTE8aEcze7q + uzZI+3NOcbZ4MMlAdauc6jhfc9xmgSiJu52q + EUX5JLL8xQ7tDg== ) +localhost.example.net. 7200 IN A 127.0.0.1 + 7200 RRSIG A 5 3 7200 20081003220038 ( + 20081002220038 23375 example.net. + FoSR7rfi2wfgEz5wj+qILnVwV7mAmL4XknQA + b1uGLJ8Wcnkn4sqjaISgfVwG/GVxwuBOuVne + SqXIFVVvKQtEUg== ) + 7200 NSEC ns1.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20081003220038 ( + 20081002220038 23375 example.net. + iwB4+BZVreVKVnmBZdVdz/NxRy1tyYpd0JgK + otoiLA6dESoC29tHQL/hBx92Q7lETZI+8gSE + II0sRQv+1PL+JQ== ) +ns1.example.net. 7200 IN A 192.168.1.53 + 7200 RRSIG A 5 3 7200 20081003220038 ( + 20081002220038 23375 example.net. + oBiQfEsq72v6NMONwgdewLtvNyH1K/Btz1b5 + hEYqdoX1QpaduXlQNodFPf15PdwEp4v4FwZ0 + rOtPt7kO4EQnww== ) + 7200 AAAA fd12:63c:cdbb::53 + 7200 RRSIG AAAA 5 3 7200 20081003220038 ( + 20081002220038 23375 example.net. + mmNK/6aWk1nr7lWhVt9m6A9vgenngt1hsOxs + 43jwarEb7SeYRanHMnML/g101mk7czXAiRxq + np4Cjs3lo1M/Bg== ) + 7200 NSEC ns2.example.net. A AAAA RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20081003220038 ( + 20081002220038 23375 example.net. + jTnbufp39i9n9cZwasJ6IsRwqWIIeTU1Z/wy + ECBmyYQlfAuYmWTYmX4BPsQ9SwFZVIICg40I + /BYlDBm7ihxUyw== ) +ns2.example.net. 7200 IN A 10.1.2.3 + 7200 RRSIG A 5 3 7200 20081003220038 ( + 20081002220038 23375 example.net. + Rdu1WWzZdPJ5CjfMd9n31XY6Df4NiO2wPnxy + Wp6x3EyLrABDdM95fwf8DBgjarppJNtOaV5j + Lr5CujYtAoXksA== ) + 7200 NSEC sub.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20081003220038 ( + 20081002220038 23375 example.net. + GcxFEovqwXtJ/tYRG4G4tNKyVY7Vg9HULhbj + JZfi8IlaR3bloMVMj2bHWhNQvvXTFY+N59UG + PNWE+krE+L4yfQ== ) +sub.example.net. 7200 IN NS ns1.example.net. + 7200 NSEC example.net. NS RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20081003220038 ( + 20081002220038 23375 example.net. + SgCqYEbpzuCcVDLi5PcyUEG8qKm+EQ0lj3mz + uiSDDTh6OsCKOVqW8dKs15P8v3i5LDJwM/Eu + OaqT7RJgB2UOkQ== ) diff --git a/contrib/zkt/examples/views/intern/zkt-int.log b/contrib/zkt/examples/views/intern/zkt-int.log index 07291390..d6d4593c 100644 --- a/contrib/zkt/examples/views/intern/zkt-int.log +++ b/contrib/zkt/examples/views/intern/zkt-int.log @@ -167,3 +167,26 @@ 2008-06-12 18:13:43.262: debug: Run cmd "/usr/local/sbin/rndc reload example.net. IN intern" 2008-06-12 18:13:43.273: debug: 2008-06-12 18:13:43.273: notice: end of run: 0 errors occured +2008-10-03 01:00:38.404: notice: ------------------------------------------------------------ +2008-10-03 01:00:38.404: notice: running ../../dnssec-signer -V intern +2008-10-03 01:00:38.405: debug: parsing zone "example.net" in dir "intern/example.net" +2008-10-03 01:00:38.405: debug: Check RFC5011 status +2008-10-03 01:00:38.405: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2008-10-03 01:00:38.405: debug: Check KSK status +2008-10-03 01:00:38.405: debug: Check ZSK status +2008-10-03 01:00:38.405: debug: Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (5018321 sec) +2008-10-03 01:00:38.405: debug: ->depreciate it +2008-10-03 01:00:38.405: debug: ->activate published key 23375 +2008-10-03 01:00:38.405: notice: "example.net": lifetime of zone signing key 5972 exceeded: ZSK rollover done +2008-10-03 01:00:38.405: debug: New key for publishing needed +2008-10-03 01:00:38.491: debug: ->creating new key 55745 +2008-10-03 01:00:38.492: info: "example.net": new key 55745 generated for publishing +2008-10-03 01:00:38.492: debug: Re-signing necessary: New zone key +2008-10-03 01:00:38.492: notice: "example.net": re-signing triggered: New zone key +2008-10-03 01:00:38.492: debug: Writing key file "intern/example.net/dnskey.db" +2008-10-03 01:00:38.492: debug: Signing zone "example.net" +2008-10-03 01:00:38.492: debug: Run cmd "cd intern/example.net; /usr/local/sbin/dnssec-signzone -g -p -o example.net -e +86400 -N unixtime zone.db K*.private" +2008-10-03 01:00:38.796: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-10-03 01:00:38.796: debug: Signing completed after 0s. +2008-10-03 01:00:38.796: debug: +2008-10-03 01:00:38.796: notice: end of run: 0 errors occured diff --git a/contrib/zkt/examples/views/named.conf b/contrib/zkt/examples/views/named.conf index 1ec3d132..c7034e2f 100644 --- a/contrib/zkt/examples/views/named.conf +++ b/contrib/zkt/examples/views/named.conf @@ -75,7 +75,7 @@ view "intern" { zone "example.net" in { type master; - file "intern/example.net./zone.db.signed"; + file "intern/example.net/zone.db.signed"; }; }; @@ -92,6 +92,6 @@ view "extern" { zone "example.net" in { type master; - file "extern/example.net./zone.db.signed"; + file "extern/example.net/zone.db.signed"; }; }; diff --git a/contrib/zkt/examples/zone.db b/contrib/zkt/examples/zone.db deleted file mode 100644 index 9864cb1d..00000000 --- a/contrib/zkt/examples/zone.db +++ /dev/null @@ -1,45 +0,0 @@ -;----------------------------------------------------------------- -; -; @(#) example.net/zone.db -; -;----------------------------------------------------------------- - -$TTL 7200 - -; Be sure that the serial number below is left -; justified in a field of at least 10 chars!! -; 0123456789; -; It's also possible to use the date form e.g. 2005040101 -@ IN SOA ns1.example.net. hostmaster.example.net. ( - 263 ; Serial - 43200 ; Refresh - 1800 ; Retry - 2W ; Expire - 7200 ) ; Minimum - - IN NS ns1.example.net. - IN NS ns2.example.net. - -ns1 IN A 1.0.0.5 - IN AAAA 2001:db8::53 -ns2 IN A 1.2.0.6 - -localhost IN A 127.0.0.1 - -a IN A 1.2.3.1 -b IN MX 10 a -;c IN A 1.2.3.2 -d IN A 1.2.3.3 - IN AAAA 2001:0db8::3 - -; Delegation to secure zone; The DS resource record will -; be added by dnssec-signzone automatically if the -; keyset-sub.example.net file is present (run dnssec-signzone -; with option -g or use the dnssec-signer tool) ;-) -sub IN NS ns1.example.net. -sub IN DS 54876 5 1 CAB6127E303A8A8D7D5A29AE05DB60F4C5060B10 -sub IN DS 54876 5 2 7C8CAF1844479F3600213173BB5D1E2A44143D63B6E0B3E10D8C5310 ADF84D30 - -; this file will have all the zone keys -$INCLUDE dnskey.db - diff --git a/contrib/zkt/examples/zone.db.signed b/contrib/zkt/examples/zone.db.signed deleted file mode 100644 index 1e389ea0..00000000 --- a/contrib/zkt/examples/zone.db.signed +++ /dev/null @@ -1,146 +0,0 @@ -; File written on Tue Jun 24 10:00:31 2008 -; dnssec_signzone version 9.5.0 -example.net. 7200 IN SOA ns1.example.net. hostmaster.example.net. ( - 263 ; serial - 43200 ; refresh (12 hours) - 1800 ; retry (30 minutes) - 1209600 ; expire (2 weeks) - 7200 ; minimum (2 hours) - ) - 7200 RRSIG SOA 5 2 7200 20080724070030 ( - 20080624070030 33755 example.net. - FFUGR4+nzjZbpDT/RAncV7dNvBy1xil4MO17 - DU+gotHHV1Yq+4RRqEnRhOSWydDC9ENAjH7W - lmzr+igFHp8qiw== ) - 7200 NS ns1.example.net. - 7200 NS ns2.example.net. - 7200 RRSIG NS 5 2 7200 20080724070030 ( - 20080624070030 33755 example.net. - mpT5zY57UtLMdl6iKVtvr78vINyaA3NkZ0af - E/TtUUBJeIEjLauzxA5jJBGqLWAiLj8HKWhS - dq1VfORhRh/Xng== ) - 7200 NSEC a.example.net. NS SOA RRSIG NSEC DNSKEY - 7200 RRSIG NSEC 5 2 7200 20080724070030 ( - 20080624070030 33755 example.net. - Q5yxSoL+Df3UbGe1RSFFj01SoBGLgjXvgLd5 - wKota7wnjO8CxidmrN+qcKQHjF+R+mH8GeQ7 - xL1qZxKLQqxmwA== ) - 14400 DNSKEY 256 3 5 ( - BQEAAAABzN8pvZb5GSy8AozXt4L8HK/x59TQ - jh9IaZS+mIyyuHDX2iaFUigOqHixIJtDLD1r - /MfelgJ/Mh6+vCu+XmMQuw== - ) ; key id = 33755 - 14400 DNSKEY 257 3 5 ( - BQEAAAABC23icFZAD3DFBLoEw7DWKl8Hig7a - zmEbpXHYyAV98l+QQaTAb98Ob3YbrVJ9IU8E - 0KBFb5iYpHobxowPsI8FjUH2oL/7PfhtN1E3 - NlL6Uhbo8Umf6H0UULEsUTlTT8dnX+ikjAr8 - bN71YJP7BXlszezsFHuMEspNdOPyMr93230+ - R2KTEzC2H4CQzSRIr5xXSIq8kkrJ3miGjTyj - 5awvXfJ+eQ== - ) ; key id = 31674 - 14400 RRSIG DNSKEY 5 2 14400 20080724070030 ( - 20080624070030 31674 example.net. - BGed6Vivkmx/SM7HuXMy9ex+p0fDWcXW6uTH - SZLs9oAZMSkm8Xh2RNNI1sgZefGpsOc7AZJE - JuIWttqKm5VL57qpEKeTxZ9oE6Vpk4ko5lMo - yTJUoih7lTXo7a1OsNHMFZadE7Fu4Q8pjGUZ - ZJI4zBrT7JmgyPNCkgn1JdC2qJlc6ClHEb4E - 6pQyH3BnSOFudZDz8MdVQnqdxpShGwucnf2i - oA== ) - 14400 RRSIG DNSKEY 5 2 14400 20080724070030 ( - 20080624070030 33755 example.net. - f03G7Cq3CwWz7Lbe7cl61ciSsdEYv4heYnR3 - binJ3xWO7jSiRAvUAfkIYDspdlF/PCOnv8sr - id8TL8q/qQ0MCg== ) -a.example.net. 7200 IN A 1.2.3.1 - 7200 RRSIG A 5 3 7200 20080724070030 ( - 20080624070030 33755 example.net. - VuIrcft9jvWKORJy2SQ4UgWwRnUL4gIiaVpy - 3i5hfjM6X38FHsy0SvGrjxQqiurwZZS4NxXG - ljUerawxMdHWWw== ) - 7200 NSEC b.example.net. A RRSIG NSEC - 7200 RRSIG NSEC 5 3 7200 20080724070030 ( - 20080624070030 33755 example.net. - yc/tsRYQRaYsPp+5jPUj2NR0R3zHKvXBQ/RO - 14b/eKL9i4NnuzS50qFZwzpcOBOJd6XITO4p - yJNZQKtryRJuSg== ) -b.example.net. 7200 IN MX 10 a.example.net. - 7200 RRSIG MX 5 3 7200 20080724070030 ( - 20080624070030 33755 example.net. - xVjOhCO2zJVp1SsoMdM6ePCZUkittsqEP7rI - 7j8r2S1j4oiIdXaxCBBVwddhS/x1eziI/a2S - /HwVRJThIYIKnQ== ) - 7200 NSEC d.example.net. MX RRSIG NSEC - 7200 RRSIG NSEC 5 3 7200 20080724070030 ( - 20080624070030 33755 example.net. - jC171VBU0dqcI1NnMUUqrUIjq09sVHnFo9CH - 0jKNwxkj+K1Zkr7CBm6htH+EkKKhqKFW8kz7 - b2r05FL1xakcnQ== ) -d.example.net. 7200 IN A 1.2.3.3 - 7200 RRSIG A 5 3 7200 20080724070030 ( - 20080624070030 33755 example.net. - Q4C7HCpDR6fxIczzqGDnkpXUL5oxdPDYWF2H - vmAalL++9A5hVGz8S5IfX87dZAg71c1j8ZAe - 5oS0pvLQnweoIw== ) - 7200 AAAA 2001:db8::3 - 7200 RRSIG AAAA 5 3 7200 20080724070030 ( - 20080624070030 33755 example.net. - ECjxqQpJCbL6A9iBk/bImgzDNevUXFjq8n2L - 14ewG5zQSz/0l0NqcHKtCiruBjHd+DEXjTEI - Qo8RvMm7Rn8OsA== ) - 7200 NSEC localhost.example.net. A AAAA RRSIG NSEC - 7200 RRSIG NSEC 5 3 7200 20080724070030 ( - 20080624070030 33755 example.net. - k+AhslVfBZgXkTaWjDVB+3nLm2ye8UOGMNhY - QcKxJZaVYKnUZfyX1sJONN4UdFjmnkdNcRVC - 6ouWrLbIwslqIQ== ) -localhost.example.net. 7200 IN A 127.0.0.1 - 7200 RRSIG A 5 3 7200 20080724070030 ( - 20080624070030 33755 example.net. - wZjK9o3CElHLPSzynvzft/nQAEeBpNOj22vq - 3TWa9HWQ0RqL55NRmzxuDtyMtPOFQpniVxgV - jizb8X3SPJ5V1g== ) - 7200 NSEC ns1.example.net. A RRSIG NSEC - 7200 RRSIG NSEC 5 3 7200 20080724070030 ( - 20080624070030 33755 example.net. - e4nOW7PuqCQBYgSCBQH06V2XB7SF85jmfFIc - dSMbsLRK+1tN/Y2+85WKVSQrXZzWRHgjQ+Hw - iL/FWK5Zfq7ixg== ) -ns1.example.net. 7200 IN A 1.0.0.5 - 7200 RRSIG A 5 3 7200 20080724070030 ( - 20080624070030 33755 example.net. - tTfMDk2ww2uWutlhjRMDPGo9ZPugjJqSbdyP - 6cJcCDJUBce0UZFxjvDBZhfG7O2XUscooUjp - JpXsJ54ksPugXA== ) - 7200 AAAA 2001:db8::53 - 7200 RRSIG AAAA 5 3 7200 20080724070030 ( - 20080624070030 33755 example.net. - x8iMgcICSOxgx4biLForfZxgMbMVpzwMQR6n - naFVK79GOwFFT8krAfo6K6Rg7Fyu0jSE/59H - 3Y15F0ju6YvbAg== ) - 7200 NSEC ns2.example.net. A AAAA RRSIG NSEC - 7200 RRSIG NSEC 5 3 7200 20080724070030 ( - 20080624070030 33755 example.net. - EYof9XuXHXuWgRF0MzgO/Z8FGYJEfLlJKWCV - IWh+b8XJejLO1Tt0vlJZl0orrs6yam/B8CWb - dgq8ktbqpNHmvg== ) -ns2.example.net. 7200 IN A 1.2.0.6 - 7200 RRSIG A 5 3 7200 20080724070030 ( - 20080624070030 33755 example.net. - Uh93B1J7mOqBcW8sXWHA6vmeGszGJGE/BtFV - cdO4tBNoIDbIdkzBUJZphc6HfK7/gu7WFhAo - 5v6cZr4bRDOf6A== ) - 7200 NSEC sub.example.net. A RRSIG NSEC - 7200 RRSIG NSEC 5 3 7200 20080724070030 ( - 20080624070030 33755 example.net. - xOkV3aTsgrP7ZyaHfKhLmjJfhboQJpDYFdqV - y0zzZuGQr7Yr4PxWED5WJhm4fFf48agNWBmm - rk1OaFadv6m2uw== ) -sub.example.net. 7200 IN NS ns1.example.net. - 7200 NSEC example.net. NS RRSIG NSEC - 7200 RRSIG NSEC 5 3 7200 20080724070030 ( - 20080624070030 33755 example.net. - Pr8KFvU/Fr2lp9W6Wqqq47VKrnh3tL90S8Eu - KIPsfmBE00g7eGPVswJUWShXMBZFLtfqI8z/ - UBM6VzROSTtryA== ) diff --git a/contrib/zkt/dnssec-signer.8 b/contrib/zkt/man/dnssec-signer.8 index 07c3c6c2..62ee1fcb 100644 --- a/contrib/zkt/dnssec-signer.8 +++ b/contrib/zkt/man/dnssec-signer.8 @@ -1,4 +1,4 @@ -.TH dnssec-signer 8 "June 27, 2008" "ZKT 0.96" "" +.TH dnssec-signer 8 "December 28, 2008" "ZKT 0.98" "" \" turn off hyphenation .\" if n .nh .nh @@ -129,7 +129,7 @@ is given, then the default directory specified in the .I dnssec.conf file by the parameter .I zonedir -will be used as the top level directory. +will be used as top level directory. .SH OPTIONS .TP @@ -411,7 +411,7 @@ file (parameter .PP The zone name given as an argument must be ending with a dot. .PP -The named.conf parser is a little bit rudimental and not +The named.conf parser is a bit rudimental and not very well tested. .SH AUTHOR @@ -419,7 +419,7 @@ Holger Zuleger .SH COPYRIGHT Copyright (c) 2005 \- 2008 by Holger Zuleger. -Licensed under the GPL 2. There is NO warranty; not even for MERCHANTABILITY or +Licensed under the BSD Licence. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. .\"-------------------------------------------------- .SH SEE ALSO diff --git a/contrib/zkt/man/dnssec-signer.8.html b/contrib/zkt/man/dnssec-signer.8.html new file mode 100644 index 00000000..a0c362d9 --- /dev/null +++ b/contrib/zkt/man/dnssec-signer.8.html @@ -0,0 +1,430 @@ +<!-- Creator : groff version 1.19.2 --> +<!-- CreationDate: Sun Dec 28 23:15:25 2008 --> +<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" +"http://www.w3.org/TR/html4/loose.dtd"> +<html> +<head> +<meta name="generator" content="groff -Thtml, see www.gnu.org"> +<meta http-equiv="Content-Type" content="text/html; charset=US-ASCII"> +<meta name="Content-Style" content="text/css"> +<style type="text/css"> + p { margin-top: 0; margin-bottom: 0; } + pre { margin-top: 0; margin-bottom: 0; } + table { margin-top: 0; margin-bottom: 0; } +</style> +<title>dnssec-signer</title> + +</head> +<body> + +<h1 align=center>dnssec-signer</h1> + +<a href="#NAME">NAME</a><br> +<a href="#SYNOPSYS">SYNOPSYS</a><br> +<a href="#DESCRIPTION">DESCRIPTION</a><br> +<a href="#OPTIONS">OPTIONS</a><br> +<a href="#SAMPLE USAGE">SAMPLE USAGE</a><br> +<a href="#Zone setup and initial preparation">Zone setup and initial preparation</a><br> +<a href="#ENVIRONMENT VARIABLES">ENVIRONMENT VARIABLES</a><br> +<a href="#FILES">FILES</a><br> +<a href="#BUGS">BUGS</a><br> +<a href="#AUTHOR">AUTHOR</a><br> +<a href="#COPYRIGHT">COPYRIGHT</a><br> +<a href="#SEE ALSO">SEE ALSO</a><br> + +<hr> + + +<a name="NAME"></a> +<h2>NAME</h2> + + +<p style="margin-left:11%; margin-top: 1em">dnssec-signer +— Secure DNS zone signing tool</p> + +<a name="SYNOPSYS"></a> +<h2>SYNOPSYS</h2> + + + +<p style="margin-left:11%; margin-top: 1em"><b>dnssec-signer</b> +[<b>−L|--logfile</b> <i>file</i>] +[<b>−V|--view</b> <i>view</i>] [<b>−c</b> +<i>file</i>] [<b>−fhnr</b>] [<b>−v</b> +[<b>−v</b>]] <b>−N</b> <i>named.conf</i> +[<i>zone ...</i>] <b><br> +dnssec-signer</b> [<b>−L|--logfile</b> <i>file</i>] +[<b>−V|--view</b> <i>view</i>] [<b>−c</b> +<i>file</i>] [<b>−fhnr</b>] [<b>−v</b> +[<b>−v</b>]] [<b>−D</b> <i>directory</i>] +[<i>zone ...</i>] <b><br> +dnssec-signer</b> [<b>−L|--logfile</b> <i>file</i>] +[<b>−V|--view</b> <i>view</i>] [<b>−c</b> +<i>file</i>] [<b>−fhnr</b>] [<b>−v</b> +[<b>−v</b>]] <b>−o</b> <i>origin</i> +[<i>zonefile</i>]</p> + +<a name="DESCRIPTION"></a> +<h2>DESCRIPTION</h2> + + +<p style="margin-left:11%; margin-top: 1em">The +<i>dnssec-signer</i> command is a wrapper around +<i>dnssec-signzone(8)</i> and <i>dnssec-keygen(8)</i> to +sign a zone and manage the necessary zone keys. It’s +able to increment the serial number before signing the zone +and can trigger <i>named(8)</i> to reload the signed zone +file. The command controls several secure zones and, if +started in regular intervals via <i>cron(8)</i>, can do all +that stuff automatically.</p> + +<p style="margin-left:11%; margin-top: 1em">In the most +useful usage scenario the command will be called with option +<b>−N</b> to read the secure zones out of the given +<i>named.conf</i> file. If you have a configuration file +with views, you have to use option -V viewname or --view +viewname to specify the name of the view. Alternatively you +could link the executable file to a second name like +<i>dnssec-signer-viewname</i> and use that command to +specify the name of the view. All master zone statements +will be scanned for filenames ending with +".signed". These zones will be checked if the +necessary zone- and key signing keys are existent and fresh +enough to be used in the signing process. If some out-dated +keys where found, new keying material will be generated via +the <i>dnssec-keygen(8)</i> command and the old ones will be +marked as depreciated. So the command do anything needed for +a zone key rollover as defined by [2].</p> + +<p style="margin-left:11%; margin-top: 1em">If the +resigning interval is reached or any new key must be +announced, the serial number of the zone will be incremented +and the <i>dnssec-signzone(8)</i> command will be evoked to +sign the zone. After that, if the option <b>−r</b> is +given, the <i>rndc(8)</i> command will be called to reload +the zone on the nameserver.</p> + +<p style="margin-left:11%; margin-top: 1em">In the second +form of the command it’s possible to specify a +directory tree with the option <b>−D</b> <i>dir</i>. +Every secure zone found in a subdirectory below <i>dir</i> +will be signed. However, it’s also possible to reduce +the signing to those zones given as arguments. In directory +mode the pre-requisite is, that the directory name is +exactly (including the trailing dot) the same as the zone +name.</p> + +<p style="margin-left:11%; margin-top: 1em">In the last +form of the command, the functionality is more or less the +same as the <i>dnssec-signzone (8)</i> command. The +parameter specify the zone file name and the option +<b>−o</b> takes the name of the zone.</p> + +<p style="margin-left:11%; margin-top: 1em">If neither +<b>−N</b> nor <b>−D</b> nor <b>−o</b> is +given, then the default directory specified in the +<i>dnssec.conf</i> file by the parameter <i>zonedir</i> will +be used as top level directory.</p> + +<a name="OPTIONS"></a> +<h2>OPTIONS</h2> + + + +<p style="margin-left:11%; margin-top: 1em"><b>−L</b> +<i>file|dir</i><b>, +−−logfile=</b><i>file|dir</i></p> + +<p style="margin-left:22%;">Specify the name of a log file +or a directory where logfiles are created with a name like +zkt-<i>YYYY-MM-DD</i>T<i>hhmmss</i>Z.log<i>.</i> If the +argument is not an absolute path name and a zone directory +is specified in the config file, this will prepend the given +name. This option is also settable in the dnssec.conf file +via the parameter <b>LogFile</b><i>.</i> <br> +The default is no file logging, but error logging to syslog +with facility <b>USER</b> at level <b>ERROR</b> is enabled +by default. These parameters are settable via the config +file parameter <b>SyslogFacility:</b><i>,</i> +<b>SyslogLevel:</b><i>,</i> <b>LogFile:</b> and +<b>Loglevel</b><i>.</i> <br> +There is an additional parameter <b>VerboseLog:</b> which +specifies the verbosity (0|1|2) of messages that will be +logged with level <b>DEBUG</b> to file and syslog.</p> + +<p style="margin-left:11%;"><b>−V</b> <i>view</i><b>, +−−view=</b><i>view</i></p> + +<p style="margin-left:22%;">Try to read the default +configuration out of a file named +<i>dnssec-<view>.conf .</i> Instead of specifying the +−V or --view option every time, it’s also +possible to create a hard or softlink to the executable file +with an additional name like <i>dnssec-zkt-<view> +.</i></p> + +<p style="margin-left:11%;"><b>−c</b> <i>file</i><b>, +−−config=</b><i>file</i></p> + +<p style="margin-left:22%;">Read configuration values out +of the specified file. Otherwise the default config file is +read or build-in defaults will be used.</p> + +<p style="margin-left:11%;"><b>−O</b> +<i>optstr</i><b>, +−−config-option=</b><i>optstr</i></p> + +<p style="margin-left:22%;">Set any config file option via +the commandline. Several config file options could be +specified at the argument string but have to be delimited by +semicolon (or newline).</p> + +<p style="margin-left:11%;"><b>−f</b>, +<b>−−force</b></p> + +<p style="margin-left:22%;">Force a resigning of the zone, +regardless if the resigning interval is reached, or any new +keys must be announced.</p> + +<p style="margin-left:11%;"><b>−n</b>, +<b>−−noexec</b></p> + +<p style="margin-left:22%;">Don’t execute the +<i>dnssec-signzone(8)</i> command. Currently this option is +of very limited usage.</p> + +<p style="margin-left:11%;"><b>−r</b>, +<b>−−reload</b></p> + +<p style="margin-left:22%;">Reload the zone via +<i>rndc(8)</i> after successful signing. In a production +environment it’s recommended to use this option to be +sure that a freshly signed zone will be immediately +propagated. However, that’s only feasable if the named +runs on the signing machine, which is not recommended. +Otherwise the signed zonefile must be copied to the +production server before reloading the zone. If this is the +case, the parameter <i>propagation</i> in the +<i>dnssec.conf</i> file must be set to a reasonable +value.</p> + +<p style="margin-left:11%;"><b>−v</b>, +<b>−−verbose</b></p> + +<p style="margin-left:22%;">Verbose mode (recommended). A +second <b>−v</b> will be a little more verbose.</p> + +<p style="margin-left:11%;"><b>−h</b>, +<b>−−help</b></p> + +<p style="margin-left:22%;">Print out the online help.</p> + +<a name="SAMPLE USAGE"></a> +<h2>SAMPLE USAGE</h2> + + + +<p style="margin-left:11%; margin-top: 1em"><b>dnssec-signer +−N /var/named/named.conf −r −v +−v</b></p> + +<p style="margin-left:22%;">Sign all secure zones found in +the named.conf file and, if necessary, trigger a reload of +the zone. Print some explanatory remarks on stdout.</p> + +<p style="margin-left:11%;"><b>dnssec-signer −D +zonedir/example.net. −f −v −v</b></p> + +<p style="margin-left:22%;">Force the signing of the zone +found in the directory <i>zonedir/example.net .</i> Do not +reload the zone.</p> + +<p style="margin-left:11%;"><b>dnssec-signer −D +zonedir −f −v −v example.net.</b></p> + +<p style="margin-left:22%;">Same as above.</p> + +<p style="margin-left:11%;"><b>dnssec-signer −f +−v −v example.net.</b></p> + +<p style="margin-left:22%;">Same as above if the +<i>dnssec.conf</i> file contains the path of the parent +directory of the <i>example.net</i> zone.</p> + +<p style="margin-left:11%;"><b>dnssec-signer −f +−v −v −o example.net. zone.db</b></p> + +<p style="margin-left:22%;">Same as above if we are in the +directory containing the <i>example.net</i> files.</p> + +<p style="margin-left:11%;"><b>dnssec-signer +−−config-option=’ResignInterval 1d; +Sigvalidity 28h; \</b></p> + +<p style="margin-left:22%;"><b>ZSK_lifetime 2d;’ +−v −v −o example.net. zone.db</b> <br> +Sign the example.net zone but overwrite some config file +values with the parameters given on the commandline.</p> + +<a name="Zone setup and initial preparation"></a> +<h2>Zone setup and initial preparation</h2> + + +<p style="margin-left:11%; margin-top: 1em">Create a +separate directory for every secure zone.</p> + +<p style="margin-left:22%;">This is useful because there +are many additional files needed to secure a zone. Besides +the zone file (<i>zone.db</i>), there is a signed zone file +(<i>zone.db.signed),</i> a minimum of four files containing +the keying material, a file called <i>dnskey.db</i> with the +current used keys, and the <i>dsset-</i> and +<i>keyset-</i>files created by the <i>dnssec-signzone(8)</i> +command. So in summary there is a minimum of nine files used +per secure zone. For every additional key there are two +extra files and every delegated subzone creates also two or +three files.</p> + +<p style="margin-left:11%;">Name the directory just like +the zone.</p> + +<p style="margin-left:22%;">That’s only needed if you +want to use the dnssec-signer command in directory mode +(<b>−D</b>). Then the name of the zone will be parsed +out of the directory name.</p> + +<p style="margin-left:11%;">Change the name of the zone +file to <i>zone.db</i></p> + +<p style="margin-left:22%;">Otherwise you have to set the +name via the <i>dnssec.conf</i> parameter <i>zonefile</i>, +or you have to use the option <b>−o</b> to name the +zone and specify the zone file as argument.</p> + +<p style="margin-left:11%;">Add the name of the signed +zonefile to the <i>named.conf</i> file</p> + +<p style="margin-left:22%;">The filename is the name of the +zone file with the extension <i>.signed</i>. Create an empty +file with the name <i>zonefile</i><b>.signed</b> in the zone +directory.</p> + +<p style="margin-left:11%;">Include the keyfile in the +zone.</p> + +<p style="margin-left:22%;">The name of the keyfile is +settable by the <i>dnssec.conf</i> parameter <i>keyfile +.</i> The default is <i>dnskey.db .</i></p> + +<p style="margin-left:11%;">Control the format of the +SOA-Record</p> + +<p style="margin-left:22%;">For automatic incrementation of +the serial number, the SOA-Record must be formated, so that +the serial number is on a single line and left justified in +a field of at least 10 spaces! If you use a BIND Verison of +9.4 or greater and use the unixtime format for the serial +number (See parameter Serialformat in <i>dnssec.conf</i>) +than this is not necessary.</p> + +<p style="margin-left:11%;">Try to sign the zone</p> + +<p style="margin-left:22%;">If the current working +directory is the directory of the zone <i>example.net</i>, +use the command <br> +$ dnssec-signer −D .. −v −v example.net +<br> +$ dnssec-signer −o example.net. <br> +to create the initial keying material and a signed zone +file. Then try to load the file on the name server.</p> + +<a name="ENVIRONMENT VARIABLES"></a> +<h2>ENVIRONMENT VARIABLES</h2> + + + +<p style="margin-left:11%; margin-top: 1em">ZKT_CONFFILE</p> + +<p style="margin-left:22%;">Specifies the name of the +default global configuration files.</p> + +<a name="FILES"></a> +<h2>FILES</h2> + + + +<p style="margin-left:11%; margin-top: 1em"><i>/var/named/dnssec.conf</i></p> + +<p style="margin-left:22%;">Built-in default global +configuration file. The name of the default global config +file is settable via the environment variable ZKT_CONFFILE. +Use <i>dnssec-zkt(8)</i> with option <b>−Z</b> to +create an initial config file.</p> + + +<p style="margin-left:11%;"><i>/var/named/dnssec-<view>.conf</i></p> + +<p style="margin-left:22%;">View specific global +configuration file.</p> + +<p style="margin-left:11%;"><i>./dnssec.conf</i></p> + +<p style="margin-left:22%;">Local configuration file.</p> + +<p style="margin-left:11%;"><i>dnskey.db</i></p> + +<p style="margin-left:22%;">The file contains the currently +used key and zone signing keys. It will be created by +<i>dnsssec-signer(8)</i>. The name of the file is settable +via the dnssec configuration file (parameter +<i>keyfile</i>).</p> + +<p style="margin-left:11%;"><i>zone.db</i></p> + +<p style="margin-left:22%;">This is the zone file. The name +of the file is settable via the dnssec configuration file +(parameter <i>zonefile</i>).</p> + +<a name="BUGS"></a> +<h2>BUGS</h2> + + +<p style="margin-left:11%; margin-top: 1em">The zone name +given as an argument must be ending with a dot.</p> + +<p style="margin-left:11%; margin-top: 1em">The named.conf +parser is a bit rudimental and not very well tested.</p> + +<a name="AUTHOR"></a> +<h2>AUTHOR</h2> + + +<p style="margin-left:11%; margin-top: 1em">Holger +Zuleger</p> + +<a name="COPYRIGHT"></a> +<h2>COPYRIGHT</h2> + + +<p style="margin-left:11%; margin-top: 1em">Copyright (c) +2005 − 2008 by Holger Zuleger. Licensed under the BSD +Licence. There is NO warranty; not even for MERCHANTABILITY +or FITNESS FOR A PARTICULAR PURPOSE.</p> + +<a name="SEE ALSO"></a> +<h2>SEE ALSO</h2> + + + +<p style="margin-left:11%; margin-top: 1em">dnssec-keygen(8), +dnssec-signzone(8), rndc(8), named.conf(5), dnssec-zkt(8) +<br> +RFC4033, RFC4034, RFC4035 <br> +[1] DNSSEC HOWTO Tutorial by Olaf Kolkman, RIPE NCC <br> +(http://www.nlnetlabs.nl/dnssec_howto/) <br> +[2] RFC4641 "DNSSEC Operational Practices" by Miek +Gieben and Olaf Kolkman <br> + (http://www.ietf.org/rfc/rfc4641.txt)</p> +<hr> +</body> +</html> diff --git a/contrib/zkt/dnssec-zkt.8 b/contrib/zkt/man/dnssec-zkt.8 index b53f8bb3..fa824c22 100644 --- a/contrib/zkt/dnssec-zkt.8 +++ b/contrib/zkt/man/dnssec-zkt.8 @@ -1,4 +1,4 @@ -.TH dnssec-zkt 8 "July 27, 2008" "ZKT 0.97" "" +.TH dnssec-zkt 8 "December 28, 2008" "ZKT 0.98" "" \" turn off hyphenation .\" if n .nh .nh @@ -466,8 +466,8 @@ insist on domain names ending with a dot. Holger Zuleger .SH COPYRIGHT -Copyright (c) 2005 \- 2007 by Holger Zuleger. -Licensed under the GPL 2. There is NO warranty; not even for MERCHANTABILITY or +Copyright (c) 2005 \- 2008 by Holger Zuleger. +Licensed under the BSD Licences. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. .\"-------------------------------------------------- .SH SEE ALSO diff --git a/contrib/zkt/man/dnssec-zkt.8.html b/contrib/zkt/man/dnssec-zkt.8.html new file mode 100644 index 00000000..9bab81f6 --- /dev/null +++ b/contrib/zkt/man/dnssec-zkt.8.html @@ -0,0 +1,526 @@ +<!-- Creator : groff version 1.19.2 --> +<!-- CreationDate: Sun Dec 28 23:15:24 2008 --> +<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" +"http://www.w3.org/TR/html4/loose.dtd"> +<html> +<head> +<meta name="generator" content="groff -Thtml, see www.gnu.org"> +<meta http-equiv="Content-Type" content="text/html; charset=US-ASCII"> +<meta name="Content-Style" content="text/css"> +<style type="text/css"> + p { margin-top: 0; margin-bottom: 0; } + pre { margin-top: 0; margin-bottom: 0; } + table { margin-top: 0; margin-bottom: 0; } +</style> +<title>dnssec-zkt</title> + +</head> +<body> + +<h1 align=center>dnssec-zkt</h1> + +<a href="#NAME">NAME</a><br> +<a href="#SYNOPSYS">SYNOPSYS</a><br> +<a href="#DESCRIPTION">DESCRIPTION</a><br> +<a href="#GENERAL OPTIONS">GENERAL OPTIONS</a><br> +<a href="#COMMAND OPTIONS">COMMAND OPTIONS</a><br> +<a href="#SAMPLE USAGE">SAMPLE USAGE</a><br> +<a href="#ENVIRONMENT VARIABLES">ENVIRONMENT VARIABLES</a><br> +<a href="#FILES">FILES</a><br> +<a href="#BUGS">BUGS</a><br> +<a href="#AUTHOR">AUTHOR</a><br> +<a href="#COPYRIGHT">COPYRIGHT</a><br> +<a href="#SEE ALSO">SEE ALSO</a><br> + +<hr> + + +<a name="NAME"></a> +<h2>NAME</h2> + + +<p style="margin-left:11%; margin-top: 1em">dnssec-zkt +— Secure DNS zone key tool</p> + +<a name="SYNOPSYS"></a> +<h2>SYNOPSYS</h2> + + + +<p style="margin-left:11%; margin-top: 1em"><b>dnssec-zkt</b> +[<b>−V|--view</b> <i>view</i>] [<b>−c</b> +<i>file</i>] [<b>−l</b> <i>list</i>] +[<b>−adefhkLrptz</b>] [{<i>keyfile</i>|<i>dir</i>} +<i>...</i>]</p> + +<p style="margin-left:11%; margin-top: 1em"><b>dnssec-zkt +−C</b><label> [<b>−V|--view</b> +<i>view</i>] [<b>−c</b> <i>file</i>] +[<b>−krpz</b>] [{<i>keyfile</i>|<i>dir</i>} +<i>...</i>] <b><br> +dnssec-zkt −−create=</b><label> +[<b>−V|--view</b> <i>view</i>] [<b>−c</b> +<i>file</i>] [<b>−krpz</b>] +[{<i>keyfile</i>|<i>dir</i>} <i>...</i>]</p> + +<p style="margin-left:11%; margin-top: 1em"><b>dnssec-zkt +−</b>{<b>P</b>|<b>A</b>|<b>D</b>|<b>R</b>}<b><keytag></b> +[<b>−V|--view</b> <i>view</i>] [<b>−c</b> +<i>file</i>] [<b>−r</b>] [{<i>keyfile</i>|<i>dir</i>} +<i>...</i>] <b><br> +dnssec-zkt −−published=</b><keytag> +[<b>−V|--view</b> <i>view</i>] [<b>−c</b> +<i>file</i>] [<b>−r</b>] [{<i>keyfile</i>|<i>dir</i>} +<i>...</i>] <b><br> +dnssec-zkt −−active=</b><keytag> +[<b>−V|--view</b> <i>view</i>] [<b>−c</b> +<i>file</i>] [<b>−r</b>] [{<i>keyfile</i>|<i>dir</i>} +<i>...</i>] <b><br> +dnssec-zkt −−depreciate=</b><keytag> +[<b>−V|--view</b> <i>view</i>] [<b>−c</b> +<i>file</i>] [<b>−r</b>] [{<i>keyfile</i>|<i>dir</i>} +<i>...</i>] <b><br> +dnssec-zkt −−rename=</b><keytag> +[<b>−V|--view</b> <i>view</i>] [<b>−c</b> +<i>file</i>] [<b>−r</b>] [{<i>keyfile</i>|<i>dir</i>} +<i>...</i>]</p> + +<p style="margin-left:11%; margin-top: 1em"><b>dnssec-zkt +−−destroy=</b><keytag> +[<b>−V|--view</b> <i>view</i>] [<b>−c</b> +<i>file</i>] [<b>−r</b>] [{<i>keyfile</i>|<i>dir</i>} +<i>...</i>]</p> + +<p style="margin-left:11%; margin-top: 1em"><b>dnssec-zkt +−T</b> [<b>−V|--view</b> <i>view</i>] +[<b>−c</b> <i>file</i>] [<b>−l</b> <i>list</i>] +[<b>−hr</b>] [{<i>keyfile</i>|<i>dir</i>} <i>...</i>] +<b><br> +dnssec-zkt −−list-trustedkeys</b> +[<b>−V|--view</b> <i>view</i>] [<b>−c</b> +<i>file</i>] [<b>−l</b> <i>list</i>] +[<b>−hr</b>] [{<i>keyfile</i>|<i>dir</i>} +<i>...</i>]</p> + +<p style="margin-left:11%; margin-top: 1em"><b>dnssec-zkt +−K</b> [<b>−V|--view</b> <i>view</i>] +[<b>−c</b> <i>file</i>] [<b>−l</b> <i>list</i>] +[<b>−hkzr</b>] [{<i>keyfile</i>|<i>dir</i>} +<i>...</i>] <b><br> +dnssec-zkt −−list-dnskeys</b> +[<b>−V|--view</b> <i>view</i>] [<b>−c</b> +<i>file</i>] [<b>−l</b> <i>list</i>] +[<b>−hkzr</b>] [{<i>keyfile</i>|<i>dir</i>} +<i>...</i>]</p> + +<p style="margin-left:11%; margin-top: 1em"><b>dnssec-zkt +−Z</b> [<b>−V|--view</b> <i>view</i>] +[<b>−c</b> <i>file</i>] <b><br> +dnssec-zkt −−zone-config</b> +[<b>−V|--view</b> <i>view</i>] [<b>−c</b> +<i>file</i>]</p> + +<p style="margin-left:11%; margin-top: 1em"><b>dnssec-zkt +−9 | −−ksk-rollover <br> +dnssec-zkt −1 | −−ksk-roll-phase1</b> +<i>do.ma.in.</i> [<b>−V|--view</b> <i>view</i>] +[<b>−c</b> <i>file</i>] <b><br> +dnssec-zkt −2 | −−ksk-roll-phase2</b> +<i>do.ma.in.</i> [<b>−V|--view</b> <i>view</i>] +[<b>−c</b> <i>file</i>] <b><br> +dnssec-zkt −3 | −−ksk-roll-phase3</b> +<i>do.ma.in.</i> [<b>−V|--view</b> <i>view</i>] +[<b>−c</b> <i>file</i>] <b><br> +dnssec-zkt −0 | −−ksk-roll-stat</b> +<i>do.ma.in.</i> [<b>−V|--view</b> <i>view</i>] +[<b>−c</b> <i>file</i>]</p> + +<a name="DESCRIPTION"></a> +<h2>DESCRIPTION</h2> + + +<p style="margin-left:11%; margin-top: 1em">The +<i>dnssec-zkt</i> command is a wrapper around +<i>dnssec-keygen(8)</i> to assist in dnssec zone key +management.</p> + +<p style="margin-left:11%; margin-top: 1em">In the common +usage the command prints out information about all dnssec +(zone) keys found in the given (or predefined default) +directory. It’s also possible to specify keyfiles +(K*.key) as arguments. With option <b>−r</b> +subdirectories will be searched recursively, and all dnssec +keys found will be listed sorted by domain name, key type +and generation time. In that mode the use of the +<b>−p</b> option may be helpful to find the location +of the keyfile in the directory tree.</p> + +<p style="margin-left:11%; margin-top: 1em">Other forms of +the command print out keys in a format suitable for a +trusted-key section or as a DNSKEY resource record.</p> + +<p style="margin-left:11%; margin-top: 1em">The command is +also useful in dns key management. It allows key livetime +monitoring and status change.</p> + +<a name="GENERAL OPTIONS"></a> +<h2>GENERAL OPTIONS</h2> + + + +<p style="margin-left:11%; margin-top: 1em"><b>−V</b> +<i>view</i><b>, −−view=</b><i>view</i></p> + +<p style="margin-left:22%;">Try to read the default +configuration out of a file named +<i>dnssec-<view>.conf .</i> Instead of specifying the +−V or --view option every time, it’s also +possible to create a hard or softlink to the executable file +to give it an additional name like +<i>dnssec-zkt-<view> .</i></p> + +<p style="margin-left:11%;"><b>−c</b> <i>file</i><b>, +−−config=</b><i>file</i></p> + +<p style="margin-left:22%;">Read default values from the +specified config file. Otherwise the default config file is +read or build in defaults will be used.</p> + +<p style="margin-left:11%;"><b>−O</b> +<i>optstr</i><b>, +−−config-option=</b><i>optstr</i></p> + +<p style="margin-left:22%;">Set any config file option via +the commandline. Several config file options could be +specified at the argument string but have to be delimited by +semicolon (or newline).</p> + +<p style="margin-left:11%;"><b>−l</b> <i>list</i></p> + +<p style="margin-left:22%;">Print out information solely +about domains given in the comma or space separated list. +Take care of, that every domain name has a trailing dot.</p> + +<p style="margin-left:11%;"><b>−d</b>, +<b>−−directory</b></p> + +<p style="margin-left:22%;">Skip directory arguments. This +will be useful in combination with wildcard arguments to +prevent dnsssec-zkt to list all keys found in +subdirectories. For example "dnssec-zkt -d *" will +print out a list of all keys only found in the current +directory. Maybe it’s easier to use "dnssec-zkt +." instead (without -r set). The option works similar +to the −d option of <i>ls(1)</i>.</p> + +<p style="margin-left:11%;"><b>−L</b>, +<b>−−left-justify</b></p> + +<p style="margin-left:22%;">Print out the domain name left +justified.</p> + +<p style="margin-left:11%;"><b>−k</b>, +<b>−−ksk</b></p> + +<p style="margin-left:22%;">Select and print key signing +keys only (default depends on command mode).</p> + +<p style="margin-left:11%;"><b>−z</b>, +<b>−−zsk</b></p> + +<p style="margin-left:22%;">Select and print zone signing +keys only (default depends on command mode).</p> + +<p style="margin-left:11%;"><b>−r</b>, +<b>−−recursive</b></p> + +<p style="margin-left:22%;">Recursive mode (default is +off). <br> +Also settable in the dnssec.conf file (Parameter: +Recursive).</p> + +<p style="margin-left:11%;"><b>−p</b>, +<b>−−path</b></p> + +<p style="margin-left:22%;">Print pathname in listing mode. +In -C mode, don’t create the new key in the same +directory as (already existing) keys with the same +label.</p> + +<p style="margin-left:11%;"><b>−a</b>, +<b>−−age</b></p> + +<p style="margin-left:22%;">Print age of key in weeks, +days, hours, minutes and seconds (default is off). <br> +Also settable in the dnssec.conf file (Parameter: +PrintAge).</p> + +<p style="margin-left:11%;"><b>−f</b>, +<b>−−lifetime</b></p> + +<p style="margin-left:22%;">Print the key lifetime.</p> + +<p style="margin-left:11%;"><b>−F</b>, +<b>−−setlifetime</b></p> + +<p style="margin-left:22%;">Set the key lifetime of all the +selected keys. Use option -k, -z, -l or the file and dir +argument for key selection.</p> + +<p style="margin-left:11%;"><b>−e</b>, +<b>−−exptime</b></p> + +<p style="margin-left:22%;">Print the key expiration +time.</p> + +<p style="margin-left:11%;"><b>−t</b>, +<b>−−time</b></p> + +<p style="margin-left:22%;">Print the key generation time +(default is on). <br> +Also settable in the dnssec.conf file (Parameter: +PrintTime).</p> + +<table width="100%" border=0 rules="none" frame="void" + cellspacing="0" cellpadding="0"> +<tr valign="top" align="left"> +<td width="11%"></td> +<td width="3%"> + + + +<p style="margin-top: 1em" valign="top"><b>−h</b></p> </td> +<td width="8%"></td> +<td width="78%"> + + +<p style="margin-top: 1em" valign="top">No header or +trusted-key section header and trailer in -T mode</p></td> +</table> + +<a name="COMMAND OPTIONS"></a> +<h2>COMMAND OPTIONS</h2> + + + +<p style="margin-left:11%; margin-top: 1em"><b>−H</b>, +<b>−−help</b></p> + +<p style="margin-left:22%;">Print out the online help.</p> + +<p style="margin-left:11%;"><b>−T</b>, +<b>−−list-trustedkeys</b></p> + +<p style="margin-left:22%;">List all key signing keys as a +<i>named.conf</i> trusted-key section. Use <b>−h</b> +to supress the section header/trailer.</p> + +<p style="margin-left:11%;"><b>−K</b>, +<b>−−list-dnskeys</b></p> + +<p style="margin-left:22%;">List the public part of all the +keys in DNSKEY resource record format. Use <b>−h</b> +to suppress comment lines.</p> + +<p style="margin-left:11%;"><b>−C</b> <i>zone</i><b>, +−−create=</b><i>zone</i></p> + +<p style="margin-left:22%;">Create a new zone signing key +for the given zone. Add option <b>−k</b> to create a +key signing key. The key algorithm and key length will be +examined from built-in default values or from the parameter +settings in the <i>dnssec.conf</i> file. <br> +The keyfile will be created in the current directory if the +<b>−p</b> option is specified.</p> + +<p style="margin-left:11%;"><b>−R</b> +<i>keyid</i><b>, −−revoke=</b><i>keyid</i></p> + +<p style="margin-left:22%;">Revoke the key signing key with +the given keyid. A revoked key has bit 8 in the flags filed +set (see RFC5011). The keyid is the numeric keytag with an +optionally added zone name separated by a colon.</p> + + +<p style="margin-left:11%;"><b>−−rename="</b><i>keyid</i></p> + +<p style="margin-left:22%;">Rename the key files of the key +with the given keyid (Look at key file names starting with +an lower ’k’). The keyid is the numeric keytag +with an optionally added zone name separated by a colon.</p> + + +<p style="margin-left:11%;"><b>−−destroy=</b><i>keyid</i></p> + +<p style="margin-left:22%;">Deletes the key with the given +keyid. The keyid is the numeric keytag with an optionally +added zone name separated by a colon. Beware that this +deletes both private and public keyfiles, thus the key is +unrecoverable lost.</p> + +<p style="margin-left:11%;"><b>−P|A|D</b> +<i>keyid,</i> <b>−−published=</b><i>keyid,</i> +<b>−−active=</b><i>keyid,</i> +<b>−−depreciated=</b><i>keyid</i></p> + +<p style="margin-left:22%;">Change the status of the given +dnssec key to published (<b>−P</b>), active +(<b>−A</b>) or depreciated (<b>−D</b>). The +<i>keyid</i> is the numeric keytag with an optionally added +zone name separated by a colon. Setting the status to +"published" or "depreciate" will change +the filename of the private key file to +".published" or ".depreciated" +respectivly. This prevents the usage of the key as a signing +key by the use of <i>dnssec-signzone(8)</i>. The time of +status change will be stored in the ’mtime’ +field of the corresponding ".key" file. Key +activation via option <b>−A</b> will restore the +original timestamp and file name (".private").</p> + +<p style="margin-left:11%;"><b>−Z</b>, +<b>−−zone-config</b></p> + +<p style="margin-left:22%;">Write all config parameters to +stdout. The output is suitable as a template for the +<i>dnssec.conf</i> file, so the easiest way to create a +<i>dnssec.conf</i> file is to redirect the standard output +of the above command. Pay attention not to overwrite an +existing file.</p> + + +<p style="margin-left:11%;"><b>−−ksk-roll-phase[123]</b> +<i>do.ma.in.</i></p> + +<p style="margin-left:22%;">Initiate a key signing key +rollover of the specified domain. This feature is currently +in experimental status and is mainly for the use in an +hierachical environment. Use --ksk-rollover for a little +more detailed description.</p> + +<a name="SAMPLE USAGE"></a> +<h2>SAMPLE USAGE</h2> + + +<p style="margin-left:11%; margin-top: 1em"><b>dnssec-zkt +−r .</b></p> + +<p style="margin-left:22%;">Print out a list of all zone +keys found below the current directory.</p> + +<p style="margin-left:11%;"><b>dnssec-zkt −Z −c +""</b></p> + +<p style="margin-left:22%;">Print out the compiled in +default parameters.</p> + +<p style="margin-left:11%;"><b>dnssec-zkt −C +example.net −k −r ./zonedir</b></p> + +<p style="margin-left:22%;">Create a new key signing key +for the zone "example.net". Store the key in the +same directory below "zonedir" where the other +"example.net" keys live.</p> + +<p style="margin-left:11%;"><b>dnssec-zkt −T +./zonedir/example.net</b></p> + +<p style="margin-left:22%;">Print out a trusted-key section +containing the key signing keys of +"example.net".</p> + +<p style="margin-left:11%;"><b>dnssec-zkt −D 123245 +−r .</b></p> + +<p style="margin-left:22%;">Depreciate the key with tag +"12345" below the current directory,</p> + +<p style="margin-left:11%;"><b>dnssec-zkt --view +intern</b></p> + +<p style="margin-left:22%;">Print out a list of all zone +keys found below the directory where all the zones of view +intern live. There should be a seperate dnssec config file +<i>dnssec-intern.conf</i> with a directory option to take +affect of this.</p> + +<p style="margin-left:11%;"><b>dnssec-zkt-intern</b></p> + +<p style="margin-left:22%;">Same as above. The binary file +<i>dnssec-zkt</i> have linked to <i>dnssec-zkt-intern +.</i></p> + +<a name="ENVIRONMENT VARIABLES"></a> +<h2>ENVIRONMENT VARIABLES</h2> + + + +<p style="margin-left:11%; margin-top: 1em">ZKT_CONFFILE</p> + +<p style="margin-left:22%;">Specifies the name of the +default global configuration files.</p> + +<a name="FILES"></a> +<h2>FILES</h2> + + + +<p style="margin-left:11%; margin-top: 1em"><i>/var/named/dnssec.conf</i></p> + +<p style="margin-left:22%;">Built-in default global +configuration file. The name of the default global config +file is settable via the environment variable +ZKT_CONFFILE.</p> + + +<p style="margin-left:11%;"><i>/var/named/dnssec-<view>.conf</i></p> + +<p style="margin-left:22%;">View specific global +configuration file.</p> + +<p style="margin-left:11%;"><i>./dnssec.conf</i></p> + +<p style="margin-left:22%;">Local configuration file (only +used in <b>−C</b> mode).</p> + +<a name="BUGS"></a> +<h2>BUGS</h2> + + +<p style="margin-left:11%; margin-top: 1em">Some of the +general options will not be meaningful in all of the command +modes. <br> +The option <b>−l</b> and the ksk rollover options +insist on domain names ending with a dot.</p> + +<a name="AUTHOR"></a> +<h2>AUTHOR</h2> + + +<p style="margin-left:11%; margin-top: 1em">Holger +Zuleger</p> + +<a name="COPYRIGHT"></a> +<h2>COPYRIGHT</h2> + + +<p style="margin-left:11%; margin-top: 1em">Copyright (c) +2005 − 2008 by Holger Zuleger. Licensed under the BSD +Licences. There is NO warranty; not even for MERCHANTABILITY +or FITNESS FOR A PARTICULAR PURPOSE.</p> + +<a name="SEE ALSO"></a> +<h2>SEE ALSO</h2> + + + +<p style="margin-left:11%; margin-top: 1em">dnssec-keygen(8), +dnssec-signzone(8), rndc(8), named.conf(5), +dnssec-signer(8), <br> +RFC4641 "DNSSEC Operational Practices" by Miek +Gieben and Olaf Kolkman, <br> +DNSSEC HOWTO Tutorial by Olaf Kolkman, RIPE NCC <br> + (http://www.nlnetlabs.nl/dnssec_howto/)</p> +<hr> +</body> +</html> diff --git a/contrib/zkt/misc.c b/contrib/zkt/misc.c index d2465c33..c073c980 100644 --- a/contrib/zkt/misc.c +++ b/contrib/zkt/misc.c @@ -62,6 +62,8 @@ extern const char *progname; static int inc_soa_serial (FILE *fp, int use_unixtime); +static int is_soa_rr (const char *line); +static const char *strfindstr (const char *str, const char *search); /***************************************************************** ** getnameappendix (progname, basename) @@ -94,7 +96,8 @@ const char *getnameappendix (const char *progname, const char *basename) /***************************************************************** ** getdefconfname (view) -** returns the default configuration file name +** returns a pointer to a dynamic string containing the +** default configuration file name *****************************************************************/ const char *getdefconfname (const char *view) { @@ -105,13 +108,14 @@ const char *getdefconfname (const char *view) if ( (file = getenv ("ZKT_CONFFILE")) == NULL ) file = CONFIG_FILE; + dbg_val2 ("getdefconfname (%s) file = %s\n", view ? view : "NULL", file); if ( view == NULL || *view == '\0' || (p = strrchr (file, '.')) == NULL ) return strdup (file); size = strlen (file) + strlen (view) + 1 + 1; if ( (buf = malloc (size)) == NULL ) - return file; + return strdup (file); dbg_val1 ("0123456789o123456789o123456789\tsize=%d\n", size); dbg_val4 ("%.*s-%s%s\n", p - file, file, view, p); @@ -120,6 +124,40 @@ const char *getdefconfname (const char *view) return buf; } +#if 1 +/***************************************************************** +** domain_canonicdup (s) +** returns NULL or a pointer to a dynamic string containing the +** canonic (all lower case letters and ending with a '.') +** domain name +*****************************************************************/ +char *domain_canonicdup (const char *s) +{ + char *new; + char *p; + int len; + int add_dot; + + if ( s == NULL ) + return NULL; + + add_dot = 0; + len = strlen (s); + if ( len > 0 && s[len-1] != '.' ) + add_dot = len++; + + if ( (new = p = malloc (len + 1)) == NULL ) + return NULL; + + while ( *s ) + *p++ = tolower (*s++); + if ( add_dot ) + *p++ = '.'; + *p = '\0'; + + return new; +} +#else /***************************************************************** ** str_tolowerdup (s) *****************************************************************/ @@ -137,6 +175,7 @@ char *str_tolowerdup (const char *s) return new; } +#endif /***************************************************************** ** str_delspace (s) @@ -956,7 +995,7 @@ time_t stop_timer (time_t start) ** ** To match the SOA record, the SOA RR must be formatted ** like this: -** @ IN SOA <master.fq.dn.> <hostmaster.fq.dn.> ( +** @ [ttl] IN SOA <master.fq.dn.> <hostmaster.fq.dn.> ( ** <SPACEes or TABs> 1234567890; serial number ** <SPACEes or TABs> 86400 ; other values ** ... @@ -972,7 +1011,6 @@ int inc_serial (const char *fname, int use_unixtime) { FILE *fp; char buf[4095+1]; - char master[254+1]; int error; /** @@ -988,8 +1026,7 @@ int inc_serial (const char *fname, int use_unixtime) return -1; /* read until the line matches the beginning of a soa record ... */ - while ( fgets (buf, sizeof buf, fp) && - sscanf (buf, "@ IN SOA %255s %*s (\n", master) != 1 ) + while ( fgets (buf, sizeof buf, fp) && !is_soa_rr (buf) ) ; if ( feof (fp) ) @@ -1006,6 +1043,54 @@ int inc_serial (const char *fname, int use_unixtime) } /***************************************************************** +** check if line is the beginning of a SOA RR record, thus +** containing the string "IN .* SOA" and ends with a '(' +** returns 1 if true +*****************************************************************/ +static int is_soa_rr (const char *line) +{ + const char *p; + + assert ( line != NULL ); + + if ( (p = strfindstr (line, "IN")) && strfindstr (p+2, "SOA") ) /* line contains "IN" and "SOA" */ + { + p = line + strlen (line) - 1; + while ( p > line && isspace (*p) ) + p--; + if ( *p == '(' ) /* last character have to be a '(' to start a multi line record */ + return 1; + } + + return 0; +} + +/***************************************************************** +** Find string 'search' in 'str' and ignore case in comparison. +** returns the position of 'search' in 'str' or NULL if not found. +*****************************************************************/ +static const char *strfindstr (const char *str, const char *search) +{ + const char *p; + int c; + + assert ( str != NULL ); + assert ( search != NULL ); + + c = tolower (*search); + p = str; + do { + while ( *p && tolower (*p) != c ) + p++; + if ( strncasecmp (p, search, strlen (search)) == 0 ) + return p; + p++; + } while ( *p ); + + return NULL; +} + +/***************************************************************** ** return the serial number of the current day in the form ** of YYYYmmdd00 *****************************************************************/ @@ -1100,8 +1185,11 @@ main (int argc, char *argv[]) now = today_serialtime (); printf ("now = %lu\n", now); - if ( (err = inc_serial (argv[1]), 0) < 0 ) + if ( (err = inc_serial (argv[1], 0)) <= 0 ) + { error ("can't change serial errno=%d\n", err); + exit (1); + } snprintf (cmd, sizeof(cmd), "head -15 %s", argv[1]); system (cmd); diff --git a/contrib/zkt/misc.h b/contrib/zkt/misc.h index 842a80d8..c9c55171 100644 --- a/contrib/zkt/misc.h +++ b/contrib/zkt/misc.h @@ -56,7 +56,11 @@ extern int copyfile (const char *fromfile, const char *tofile, const char *dnske extern int copyzonefile (const char *fromfile, const char *tofile, const char *dnskeyfile); extern int cmpfile (const char *file1, const char *file2); extern char *str_delspace (char *s); +#if 1 +extern char *domain_canonicdup (const char *s); +#else extern char *str_tolowerdup (const char *s); +#endif extern int in_strarr (const char *str, char *const arr[], int cnt); extern const char *splitpath (char *path, size_t size, const char *filename); extern char *pathname (char *name, size_t size, const char *path, const char *file, const char *ext); diff --git a/contrib/zkt/rollover.c b/contrib/zkt/rollover.c index 0c9fee07..e2b754fb 100644 --- a/contrib/zkt/rollover.c +++ b/contrib/zkt/rollover.c @@ -276,7 +276,7 @@ static int kskrollover (dki_t *ksk, zone_t *zonelist, zone_t *zp) parfile_age = file_age (path); /* TODO: Set these values to the one found in the parent dnssec.conf file */ - parent_propagation = 5 * MINSEC; + parent_propagation = PARENT_PROPAGATION; parent_resign = z->resign; parent_keyttl = z->key_ttl; @@ -293,7 +293,7 @@ static int kskrollover (dki_t *ksk, zone_t *zonelist, zone_t *zp) return 1; } else - verbmesg (2, z, "\t\tkskrollover: we are in state 1 and waiting for propagation of the new key (parentfile %d < prop %d + keyttl %d\n", parfile_age, z->proptime, z->key_ttl); + verbmesg (2, z, "\t\tkskrollover: we are in state 1 and waiting for propagation of the new key (parentfile %dsec < prop %dsec + keyttl %dsec\n", parfile_age, z->proptime, z->key_ttl); break; case 2: /* we are currently in state two (propagation of new key to the parent) */ #if 0 @@ -318,7 +318,7 @@ static int kskrollover (dki_t *ksk, zone_t *zonelist, zone_t *zp) #if 0 verbmesg (2, z, "\t\tkskrollover: we are in state 2 and waiting for parent propagation (parentfile %d < parentprop %d + parentresig %d + parentkeyttl %d\n", parfile_age, parent_propagation, parent_resign, parent_keyttl); #else - verbmesg (2, z, "\t\tkskrollover: we are in state 2 and waiting for parent propagation (parentfile %d < parentprop %d + parentkeyttl %d\n", parfile_age, parent_propagation, parent_keyttl); + verbmesg (2, z, "\t\tkskrollover: we are in state 2 and waiting for parent propagation (parentfile %dsec < parentprop %dsec + parentkeyttl %dsec\n", parfile_age, parent_propagation, parent_keyttl); #endif break; default: @@ -373,10 +373,10 @@ int ksk5011status (dki_t **listp, const char *dir, const char *domain, const zco { exptime = get_exptime (dkp, z); if ( dki_isrevoked (dkp) ) - lg_mesg (LG_DEBUG, "Rev Exptime: %s", time2str (exptime, 's')); + lg_mesg (LG_DEBUG, "zone \"%s\": found revoked key with exptime of: %s", domain, time2str (exptime, 's')); /* revoked key is older than 30 days? */ - if ( dki_isrevoked (dkp) && currtime > exptime + (DAYSEC * 30) ) + if ( dki_isrevoked (dkp) && currtime > exptime + REMOVE_HOLD_DOWN ) { verbmesg (1, z, "\tRemove revoked key %d which is older than 30 days\n", dkp->tag); lg_mesg (LG_NOTICE, "zone \"%s\": removing revoked key %d", domain, dkp->tag); @@ -387,7 +387,7 @@ int ksk5011status (dki_t **listp, const char *dir, const char *domain, const zco else /* anywhere in the middle of the list */ prev->next = dki_remove (dkp); - ret |= 01; /* from now on a resigning is neccessary */ + ret |= 01; /* from now on a resigning is necessary */ } /* remember oldest standby and active key */ @@ -396,8 +396,8 @@ int ksk5011status (dki_t **listp, const char *dir, const char *domain, const zco if ( dki_status (dkp) == DKI_ACTIVE ) activekey = dkp; } - - if ( standbykey == NULL && ret == 0 ) /* no standby key and also no revoked key found ? */ + /* no activekey or no standby key and also no revoked key found ? */ + if ( activekey == NULL || (standbykey == NULL && ret == 0) ) return ret; /* Seems that this is a non rfc5011 zone! */ ret |= 02; /* Zone looks like a rfc5011 zone */ @@ -410,7 +410,7 @@ int ksk5011status (dki_t **listp, const char *dir, const char *domain, const zco #endif /* At the time we first introduce a standby key, the lifetime of the current KSK should not be expired, */ /* otherwise we run into an (nearly) immediate key rollover! */ - if ( currtime > exptime && currtime > dki_time (standbykey) + min (DAYSEC * 30, z->key_ttl) ) + if ( currtime > exptime && currtime > dki_time (standbykey) + min (ADD_HOLD_DOWN, z->key_ttl) ) { lg_mesg (LG_NOTICE, "\"%s\": starting rfc5011 rollover", domain); verbmesg (1, z, "\tLifetime of Key Signing Key %d exceeded (%s): Starting rfc5011 rollover!\n", @@ -434,7 +434,7 @@ int ksk5011status (dki_t **listp, const char *dir, const char *domain, const zco dki_setstatus (activekey, DKI_REVOKED); dki_setexptime (activekey, currtime); /* now the key is expired */ - ret |= 01; /* resigning neccessary */ + ret |= 01; /* resigning necessary */ } return ret; @@ -446,7 +446,7 @@ int ksk5011status (dki_t **listp, const char *dir, const char *domain, const zco ** If there is no key signing key present create a new one. ** Prints out a warning message if the lifetime of the current ** key signing key is over. -** Returns 1 if a resigning of the zone is neccessary, otherwise +** Returns 1 if a resigning of the zone is necessary, otherwise ** the function returns 0. *****************************************************************/ int kskstatus (zone_t *zonelist, zone_t *zp) @@ -486,7 +486,7 @@ int kskstatus (zone_t *zonelist, zone_t *zp) /***************************************************************** ** zskstatus () ** Check the zsk status of a zone. -** Returns 1 if a resigning of the zone is neccessary, otherwise +** Returns 1 if a resigning of the zone is necessary, otherwise ** the function returns 0. *****************************************************************/ int zskstatus (dki_t **listp, const char *dir, const char *domain, const zconf_t *z) @@ -576,6 +576,7 @@ int zskstatus (dki_t **listp, const char *dir, const char *domain, const zconf_t lg_mesg (LG_NOTICE, "\"%s\": lifetime of zone signing key %d exceeded: ZSK rollover done", domain, akey->tag); akey = nextkey; nextkey = NULL; + lifetime = dki_lifetime (akey); /* set lifetime to lt of the new active key (F. Behrens) */ } else { @@ -585,7 +586,7 @@ int zskstatus (dki_t **listp, const char *dir, const char *domain, const zconf_t } } } - /* Should we add a new publish key? This is neccessary if the active + /* Should we add a new publish key? This is necessary if the active * key will be expired at the next re-signing interval (The published * time will be checked just before the active key will be removed. * See above). diff --git a/contrib/zkt/rollover.h b/contrib/zkt/rollover.h index 8d53293f..ef9c6094 100644 --- a/contrib/zkt/rollover.h +++ b/contrib/zkt/rollover.h @@ -44,7 +44,14 @@ # include "zconf.h" #endif -# define OFFSET ((int) (2.5 * MINSEC)) +# define OFFSET ((int) (2.5 * MINSEC)) +# define PARENT_PROPAGATION (5 * MINSEC) +# define ADD_HOLD_DOWN (30 * DAYSEC) +#if 0 +# define REMOVE_HOLD_DOWN (30 * DAYSEC) +#else +# define REMOVE_HOLD_DOWN (10 * DAYSEC) /* reduced for testiing purposes */ +#endif extern int ksk5011status (dki_t **listp, const char *dir, const char *domain, const zconf_t *z); extern int kskstatus (zone_t *zonelist, zone_t *zp); diff --git a/contrib/zkt/strlist.c b/contrib/zkt/strlist.c index 81a84bcd..c142ffea 100644 --- a/contrib/zkt/strlist.c +++ b/contrib/zkt/strlist.c @@ -49,7 +49,7 @@ /***************************************************************** ** prepstrlist (str, delim) -** prepare a string with delimeters to a so called strlist. +** prepare a string with delimiters to a so called strlist. ** 'str' is a list of substrings delimeted by 'delim' ** The # of strings is stored at the first byte of the allocated ** memory. Every substring is stored as a '\0' terminated C-String. diff --git a/contrib/zkt/tags b/contrib/zkt/tags index 1471aff9..4fc5a237 100644 --- a/contrib/zkt/tags +++ b/contrib/zkt/tags @@ -17,10 +17,10 @@ CONF_TIMEINT zconf.c /^ CONF_TIMEINT,$/;" e file: ISCOMMENT zconf.c 68;" d file: ISDELIM zconf.c 70;" d file: ISTRUE zconf.c 66;" d file: -KEYSET_FILE_PFX dnssec-signer.c 669;" d file: +KEYSET_FILE_PFX dnssec-signer.c 691;" d file: KeyWords ncparse.c /^static struct KeyWords {$/;" s file: MAXFNAME log.c 97;" d file: -STRCONFIG_DELIMITER zconf.c 505;" d file: +STRCONFIG_DELIMITER zconf.c 513;" d file: TAINTEDCHARS misc.c 60;" d file: TOK_DELEGATION ncparse.c 59;" d file: TOK_DIR ncparse.c 49;" d file: @@ -41,6 +41,8 @@ add2zonelist dnssec-signer.c /^static int add2zonelist (const char *dir, const c age2str misc.c /^char *age2str (time_t sec)$/;" f ageflag dnssec-zkt.c /^int ageflag = 0;$/;" v b domaincmp.c /^ char *b;$/;" m file: +bind94_dynzone dnssec-signer.c 131;" d file: +bind96_dynzone dnssec-signer.c 132;" d file: bool2str zconf.c /^static const char *bool2str (int val)$/;" f file: check_keydb_timestamp dnssec-signer.c /^static int check_keydb_timestamp (dki_t *keylist, time_t reftime)$/;" f file: checkconfig zconf.c /^int checkconfig (const zconf_t *z)$/;" f @@ -62,6 +64,7 @@ dirname dnssec-signer.c /^const char *dirname = NULL;$/;" v dist_and_reload dnssec-signer.c /^static int dist_and_reload (const zone_t *zp)$/;" f file: dki_add dki.c /^dki_t *dki_add (dki_t **list, dki_t *new)$/;" f dki_age dki.c /^int dki_age (const dki_t *dkp, time_t curr)$/;" f +dki_algo2sstr dki.c /^char *dki_algo2sstr (int algo)$/;" f dki_algo2str dki.c /^char *dki_algo2str (int algo)$/;" f dki_allcmp dki.c /^int dki_allcmp (const dki_t *a, const dki_t *b)$/;" f dki_alloc dki.c /^static dki_t *dki_alloc ()$/;" f file: @@ -110,6 +113,7 @@ dki_timecmp dki.c /^int dki_timecmp (const dki_t *a, const dki_t *b)$/;" f dki_tsearch dki.c /^const dki_t *dki_tsearch (const dki_t *tree, int tag, const char *name)$/;" f dki_unsetflag dki.c /^dk_flag_t dki_unsetflag (dki_t *dkp, dk_flag_t flag)$/;" f dki_writeinfo dki.c /^static int dki_writeinfo (const dki_t *dkp, const char *path)$/;" f file: +domain_canonicdup misc.c /^char *domain_canonicdup (const char *s)$/;" f domaincmp domaincmp.c /^int domaincmp (const char *a, const char *b)$/;" f dosigning dnssec-signer.c /^static int dosigning (zone_t *zonelist, zone_t *zp)$/;" f file: dupconfig zconf.c /^zconf_t *dupconfig (const zconf_t *conf)$/;" f @@ -160,6 +164,7 @@ is_dotfile misc.c /^int is_dotfile (const char *name)$/;" f is_exec_ok misc.c /^int is_exec_ok (const char *prog)$/;" f is_keyfilename misc.c /^int is_keyfilename (const char *name)$/;" f is_parentdirsigned rollover.c /^static int is_parentdirsigned (const zone_t *zonelist, const zone_t *zp)$/;" f file: +is_soa_rr misc.c /^static int is_soa_rr (const char *line)$/;" f file: isinlist strlist.c /^int isinlist (const char *str, const char *list)$/;" f ksk5011status rollover.c /^int ksk5011status (dki_t **listp, const char *dir, const char *domain, const zconf_t *z)$/;" f ksk_roll dnssec-zkt.c /^static void ksk_roll (const char *keyname, int phase, const dki_t *list, const zconf_t *conf)$/;" f file: @@ -204,14 +209,14 @@ logflush misc.c /^void logflush ()$/;" f logmesg misc.c /^void logmesg (char *fmt, ...)$/;" f long_options dnssec-signer.c /^static struct option long_options[] = {$/;" v file: long_options dnssec-zkt.c /^static struct option long_options[] = {$/;" v file: -lopt_usage dnssec-signer.c 302;" d file: -lopt_usage dnssec-signer.c 305;" d file: -lopt_usage dnssec-zkt.c 410;" d file: -lopt_usage dnssec-zkt.c 413;" d file: -loptstr dnssec-signer.c 303;" d file: -loptstr dnssec-signer.c 306;" d file: -loptstr dnssec-zkt.c 411;" d file: -loptstr dnssec-zkt.c 414;" d file: +lopt_usage dnssec-signer.c 323;" d file: +lopt_usage dnssec-signer.c 326;" d file: +lopt_usage dnssec-zkt.c 402;" d file: +lopt_usage dnssec-zkt.c 405;" d file: +loptstr dnssec-signer.c 324;" d file: +loptstr dnssec-signer.c 327;" d file: +loptstr dnssec-zkt.c 403;" d file: +loptstr dnssec-zkt.c 406;" d file: main dnssec-signer.c /^int main (int argc, char *const argv[])$/;" f main dnssec-zkt.c /^int main (int argc, char *argv[])$/;" f main domaincmp.c /^main (int argc, char *argv[])$/;" f @@ -259,6 +264,8 @@ searchitem zkt.c /^static int searchitem;$/;" v file: searchkw ncparse.c /^static int searchkw (const char *keyword)$/;" f file: searchresult zkt.c /^static const dki_t *searchresult;$/;" v file: set_all_varptr zconf.c /^static void set_all_varptr (zconf_t *cp)$/;" f file: +set_bind94_dynzone dnssec-signer.c 129;" d file: +set_bind96_dynzone dnssec-signer.c 130;" d file: set_keylifetime zkt.c /^static void set_keylifetime (const dki_t **nodep, const VISIT which, int depth)$/;" f file: set_varptr zconf.c /^static int set_varptr (char *entry, void *ptr)$/;" f file: setconfigpar zconf.c /^int setconfigpar (zconf_t *config, char *entry, const void *pval)$/;" f @@ -267,8 +274,8 @@ short_options dnssec-signer.c 66;" d file: short_options dnssec-signer.c 68;" d file: short_options dnssec-zkt.c 89;" d file: sign_zone dnssec-signer.c /^static int sign_zone (const char *dir, const char *domain, const char *file, const zconf_t *conf)$/;" f file: -sopt_usage dnssec-signer.c 300;" d file: -sopt_usage dnssec-zkt.c 408;" d file: +sopt_usage dnssec-signer.c 321;" d file: +sopt_usage dnssec-zkt.c 400;" d file: splitpath misc.c /^const char *splitpath (char *path, size_t size, const char *filename)$/;" f start_timer misc.c /^time_t start_timer ()$/;" f stop_timer misc.c /^time_t stop_timer (time_t start)$/;" f @@ -277,6 +284,7 @@ str_chop misc.c /^char *str_chop (char *str, char c)$/;" f str_delspace misc.c /^char *str_delspace (char *s)$/;" f str_tolowerdup misc.c /^char *str_tolowerdup (const char *s)$/;" f str_untaint misc.c /^char *str_untaint (char *str)$/;" f +strfindstr misc.c /^static const char *strfindstr (const char *str, const char *search)$/;" f file: symtbl log.c /^static lg_symtbl_t symtbl[] = {$/;" v file: syslog_level log.c /^ int syslog_level;$/;" m file: tag_search zkt.c /^static void tag_search (const dki_t **nodep, const VISIT which, int depth)$/;" f file: diff --git a/contrib/zkt/zconf.c b/contrib/zkt/zconf.c index 1dee484b..831d1815 100644 --- a/contrib/zkt/zconf.c +++ b/contrib/zkt/zconf.c @@ -93,6 +93,7 @@ static zconf_t def = { RESIGN_INT, KSK_LIFETIME, KSK_ALGO, KSK_BITS, KSK_RANDOM, ZSK_LIFETIME, ZSK_ALGO, ZSK_BITS, ZSK_RANDOM, + SALTLEN, NULL, /* viewname cmdline paramter */ LOGFILE, LOGLEVEL, SYSLOGFACILITY, SYSLOGLEVEL, VERBOSELOG, 0, DNSKEYFILE, ZONEFILE, KEYSETDIR, @@ -143,6 +144,7 @@ static zconf_para_t confpara[] = { { "ZSK_algo", 0, CONF_ALGO, &def.z_algo }, { "ZSK_bits", 0, CONF_INT, &def.z_bits }, { "ZSK_randfile", 0, CONF_STRING, &def.z_random }, + { "SaltBits", 0, CONF_INT, &def.saltbits }, { "", 0, CONF_COMMENT, NULL }, { "", 0, CONF_COMMENT, "dnssec-signer options"}, @@ -236,6 +238,7 @@ static void set_all_varptr (zconf_t *cp) set_varptr ("zsk_algo", &cp->z_algo); set_varptr ("zsk_bits", &cp->z_bits); set_varptr ("zsk_randfile", &cp->z_random); + set_varptr ("saltbits", &cp->saltbits); set_varptr ("--view", &cp->view); set_varptr ("logfile", &cp->logfile); @@ -262,6 +265,8 @@ static void parseconfigline (char *buf, unsigned int line, zconf_t *z) unsigned int len, found; zconf_para_t *c; + assert (buf[0] != '\0'); + p = &buf[strlen(buf)-1]; /* Chop off white space at eol */ while ( p >= buf && isspace (*p) ) *p-- = '\0'; @@ -357,6 +362,12 @@ static void parseconfigline (char *buf, unsigned int line, zconf_t *z) *((int *)c->var) = DK_ALGO_DSA; else if ( strcasecmp (val, "rsasha1") == 0 ) *((int *)c->var) = DK_ALGO_RSASHA1; + else if ( strcasecmp (val, "nsec3dsa") == 0 || + strcasecmp (val, "n3dsa") == 0 ) + *((int *)c->var) = DK_ALGO_NSEC3DSA; + else if ( strcasecmp (val, "nsec3rsasha1") == 0 || + strcasecmp (val, "n3rsasha1") == 0 ) + *((int *)c->var) = DK_ALGO_NSEC3RSASHA1; else error ("Illegal algorithm \"%s\" " "in line %d.\n" , val, line); @@ -475,13 +486,13 @@ zconf_t *loadconfig (const char *filename, zconf_t *z) return NULL; if ( filename && *filename ) - memcpy (z, &def, sizeof (*z)); /* init new struct with defaults */ + memcpy (z, &def, sizeof (zconf_t)); /* init new struct with defaults */ } if ( filename == NULL || *filename == '\0' ) /* no file name given... */ { dbg_val0("loadconfig (NULL)\n"); - memcpy (z, &def, sizeof (*z)); /* ..then init with defaults */ + memcpy (z, &def, sizeof (zconf_t)); /* ..then init with defaults */ return z; } @@ -493,11 +504,8 @@ zconf_t *loadconfig (const char *filename, zconf_t *z) line = 0; while (fgets(buf, sizeof(buf), fp)) - { - line++; + parseconfigline (buf, ++line, z); - parseconfigline (buf, line, z); - } fclose(fp); return z; } @@ -513,13 +521,13 @@ zconf_t *loadconfig_fromstr (const char *str, zconf_t *z) { if ( (z = calloc (1, sizeof (zconf_t))) == NULL ) return NULL; - memcpy (z, &def, sizeof (*z)); /* init with defaults */ + memcpy (z, &def, sizeof (zconf_t)); /* init with defaults */ } if ( str == NULL || *str == '\0' ) { dbg_val0("loadconfig_fromstr (NULL)\n"); - memcpy (z, &def, sizeof (*z)); /* init with defaults */ + memcpy (z, &def, sizeof (zconf_t)); /* init with defaults */ return z; } @@ -555,7 +563,7 @@ zconf_t *dupconfig (const zconf_t *conf) if ( (z = calloc (1, sizeof (zconf_t))) == NULL ) return NULL; - memcpy (z, conf, sizeof (*conf)); + memcpy (z, conf, sizeof (zconf_t)); return z; } @@ -698,6 +706,14 @@ int checkconfig (const zconf_t *z) if ( z == NULL ) return 1; + if ( z->saltbits < 4 ) + fprintf (stderr, "Saltlength must be at least 4 bits\n"); + if ( z->saltbits > 128 ) + { + fprintf (stderr, "While the maximum is 520 bits of salt, it's not recommended to use more than 128 bits.\n"); + fprintf (stderr, "The current value is %d bits\n", z->saltbits); + } + if ( z->sigvalidity < (1 * DAYSEC) || z->sigvalidity > (12 * WEEKSEC) ) { fprintf (stderr, "Signature should be valid for at least 1 day and no longer than 3 month (12 weeks)\n"); diff --git a/contrib/zkt/zconf.h b/contrib/zkt/zconf.h index de8b2ef9..08adfd9b 100644 --- a/contrib/zkt/zconf.h +++ b/contrib/zkt/zconf.h @@ -73,6 +73,7 @@ # define ZSK_ALGO (DK_ALGO_RSASHA1) # define ZSK_BITS (512) # define ZSK_RANDOM "/dev/urandom" +# define SALTLEN 24 /* salt length in bits (resolution is 4 bits)*/ # define ZONEDIR "." # define RECURSIVE 0 @@ -89,7 +90,7 @@ # define DNSKEYFILE "dnskey.db" # define LOOKASIDEDOMAIN "" /* "dlv.trusted-keys.de" */ # define SIG_RANDOM NULL /* "/dev/urandom" */ -# define SIG_PSEUDO 1 +# define SIG_PSEUDO 0 # define SIG_GENDS 1 # define SIG_PARAM "" # define DIST_CMD NULL /* default is to run "rndc reload" */ @@ -143,6 +144,7 @@ typedef struct zconf { int z_algo; int z_bits; char *z_random; + int saltbits; char *view; // char *errlog; diff --git a/contrib/zkt/zkt.c b/contrib/zkt/zkt.c index e699842d..f8e51a97 100644 --- a/contrib/zkt/zkt.c +++ b/contrib/zkt/zkt.c @@ -100,7 +100,7 @@ static void printkeyinfo (const dki_t *dkp, const char *oldpath) printf ("%05d ", dkp->tag); printf ("%3s ", dki_isksk (dkp) ? "KSK" : "ZSK"); printf ("%-3.3s ", dki_statusstr (dkp) ); - printf ("%-7s", dki_algo2str(dkp->algo)); + printf ("%-7s", dki_algo2sstr(dkp->algo)); if ( timeflag ) printf (" %-20s", time2str (dkp->gentime ? dkp->gentime: dkp->time, 's')); if ( exptimeflag ) diff --git a/contrib/zkt/zone.c b/contrib/zkt/zone.c index dec214e1..9f7df62d 100644 --- a/contrib/zkt/zone.c +++ b/contrib/zkt/zone.c @@ -166,7 +166,7 @@ zone_t *zone_new (zone_t **zp, const char *zone, const char *dir, const char *fi { char *p; - new->zone = str_tolowerdup (zone); + new->zone = domain_canonicdup (zone); new->dir = strdup (dir); new->file = strdup (file); /* check if file ends with ".signed" ? */ @@ -208,7 +208,10 @@ int zone_readdir (const char *dir, const char *zone, const char *zfile, zone_t * else zone = dir; } - dbg_val4 ("zone_readdir: (dir: %s, zone: %s, zfile: %s zp, cp, dyn_zone = %d)\n", + if ( zone == NULL ) /* zone name still null ? */ + return 0; + + dbg_val4 ("zone_readdir: (dir: \"%s\", zone: \"%s\", zfile: \"%s\", zp, cp, dyn_zone = %d)\n", dir, zone, zfile ? zfile: "NULL", dyn_zone); if ( dyn_zone ) |