summaryrefslogtreecommitdiffstats
path: root/contrib/zkt/examples/flat
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/zkt/examples/flat')
-rwxr-xr-xcontrib/zkt/examples/flat/dist.sh70
-rw-r--r--contrib/zkt/examples/flat/dnssec.conf41
-rw-r--r--contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+003+42138.key3
-rw-r--r--contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+003+42138.private7
-rw-r--r--contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+005+01355.key3
-rw-r--r--contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+005+01355.private10
-rw-r--r--contrib/zkt/examples/flat/dyn.example.net./dnskey.db29
-rw-r--r--contrib/zkt/examples/flat/dyn.example.net./dnssec.conf5
-rw-r--r--contrib/zkt/examples/flat/dyn.example.net./dsset-dyn.example.net.2
-rw-r--r--contrib/zkt/examples/flat/dyn.example.net./keyset-dyn.example.net.18
-rw-r--r--contrib/zkt/examples/flat/dyn.example.net./zone.db136
-rw-r--r--contrib/zkt/examples/flat/dyn.example.net./zone.db.dsigned136
-rw-r--r--contrib/zkt/examples/flat/dyn.example.net./zone.org30
-rw-r--r--contrib/zkt/examples/flat/example.net./Kexample.net.+005+01764.key3
-rw-r--r--contrib/zkt/examples/flat/example.net./Kexample.net.+005+01764.published10
-rw-r--r--contrib/zkt/examples/flat/example.net./Kexample.net.+005+41151.key3
-rw-r--r--contrib/zkt/examples/flat/example.net./Kexample.net.+005+41151.private10
-rw-r--r--contrib/zkt/examples/flat/example.net./Kexample.net.+005+41300.key3
-rw-r--r--contrib/zkt/examples/flat/example.net./Kexample.net.+005+41300.private10
-rw-r--r--contrib/zkt/examples/flat/example.net./dnskey.db33
-rw-r--r--contrib/zkt/examples/flat/example.net./dsset-example.net.4
-rw-r--r--contrib/zkt/examples/flat/example.net./kexample.net.+005+14829.key4
-rw-r--r--contrib/zkt/examples/flat/example.net./kexample.net.+005+14829.private10
-rw-r--r--contrib/zkt/examples/flat/example.net./keyset-example.net.19
-rw-r--r--contrib/zkt/examples/flat/example.net./zone.db43
-rw-r--r--contrib/zkt/examples/flat/example.net./zone.db.signed166
-rw-r--r--contrib/zkt/examples/flat/keysets/dlvset-sub.example.net.2
-rw-r--r--contrib/zkt/examples/flat/keysets/dsset-dyn.example.net.2
-rw-r--r--contrib/zkt/examples/flat/keysets/dsset-example.net.4
-rw-r--r--contrib/zkt/examples/flat/keysets/dsset-sub.example.net.2
-rw-r--r--contrib/zkt/examples/flat/keysets/keyset-dyn.example.net.18
-rw-r--r--contrib/zkt/examples/flat/keysets/keyset-example.net.19
-rw-r--r--contrib/zkt/examples/flat/keysets/keyset-sub.example.net.8
-rw-r--r--contrib/zkt/examples/flat/named.conf99
-rw-r--r--contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+04254.key3
-rw-r--r--contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+04254.private10
-rw-r--r--contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+56744.key3
-rw-r--r--contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+56744.published10
-rw-r--r--contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+005+54876.key1
-rw-r--r--contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+005+54876.private10
-rw-r--r--contrib/zkt/examples/flat/sub.example.net./dlvset-sub.example.net.2
-rw-r--r--contrib/zkt/examples/flat/sub.example.net./dnskey.db29
-rw-r--r--contrib/zkt/examples/flat/sub.example.net./dnssec.conf14
-rw-r--r--contrib/zkt/examples/flat/sub.example.net./zone.db25
-rw-r--r--contrib/zkt/examples/flat/sub.example.net./zone.db.signed103
-rw-r--r--contrib/zkt/examples/flat/zkt.log2501
-rw-r--r--contrib/zkt/examples/flat/zone.conf10
47 files changed, 3683 insertions, 0 deletions
diff --git a/contrib/zkt/examples/flat/dist.sh b/contrib/zkt/examples/flat/dist.sh
new file mode 100755
index 0000000..c112f55
--- /dev/null
+++ b/contrib/zkt/examples/flat/dist.sh
@@ -0,0 +1,70 @@
+#################################################################
+#
+# @(#) dist.sh -- distribute and reload command for dnssec-signer
+#
+# (c) Jul 2008 Holger Zuleger hznet.de
+#
+# This shell script will be run by dnssec-signer as a distribution
+# and reload command if:
+#
+# a) the dnssec.conf file parameter Distribute_Cmd: points
+# to this file
+# and
+# b) the user running the dnssec-signer command is not
+# root (uid==0)
+# and
+# c) the owner of this shell script is the same as the
+# running user and the access rights don't allow writing
+# for anyone except the owner
+# or
+# d) the group of this shell script is the same as the
+# running user and the access rights don't allow writing
+# for anyone except the group
+#
+#################################################################
+
+# set path to rndc and scp
+PATH="/bin:/usr/bin:/usr/local/sbin"
+
+# remote server and directory
+server=localhost # fqdn of remote name server
+dir=/var/named # zone directory on remote name server
+
+progname=$0
+usage()
+{
+ echo "usage: $progname distribute|reload <domain> <path_to_zonefile> [<viewname>]" 1>&2
+ test $# -gt 0 && echo $* 1>&2
+ exit 1
+}
+
+if test $# -lt 3
+then
+ usage
+fi
+action="$1"
+domain="$2"
+zonefile="$3"
+view=""
+test $# -gt 3 && view="$4"
+
+case $action in
+distribute)
+ if test -n "$view"
+ then
+ echo "scp $zonefile $server:$dir/$view/$domain/"
+ : scp $zonefile $server:$dir/$view/$domain/
+ else
+ echo "scp $zonefile $server:$dir/$domain/"
+ : scp $zonefile $server:$dir/$domain/
+ fi
+ ;;
+reload)
+ echo "rndc $action $zone $view"
+ : rndc $action $zone $view
+ ;;
+*)
+ usage "illegal action $action"
+ ;;
+esac
+
diff --git a/contrib/zkt/examples/flat/dnssec.conf b/contrib/zkt/examples/flat/dnssec.conf
new file mode 100644
index 0000000..2bd9c58
--- /dev/null
+++ b/contrib/zkt/examples/flat/dnssec.conf
@@ -0,0 +1,41 @@
+#
+# @(#) dnssec.conf vT0.96 (c) Feb 2005 - May 2008 Holger Zuleger hznet.de
+#
+
+# dnssec-zkt options
+Zonedir: "."
+Recursive: True
+PrintTime: False
+PrintAge: True
+LeftJustify: False
+
+# zone specific values
+ResignInterval: 2d # (172800 seconds)
+Sigvalidity: 6d # (518400 seconds)
+Max_TTL: 8h # (28800 seconds)
+Propagation: 5m # (300 seconds)
+KEY_TTL: 1h # (3600 seconds)
+Serialformat: incremental
+
+# signing key parameters
+KSK_lifetime: 60d # (5184000 seconds)
+KSK_algo: RSASHA1 # (Algorithm ID 5)
+KSK_bits: 1300
+KSK_randfile: "/dev/urandom"
+ZSK_lifetime: 2w # (1209600 seconds)
+ZSK_algo: RSASHA1 # (Algorithm ID 5)
+ZSK_bits: 512
+ZSK_randfile: "/dev/urandom"
+
+# dnssec-signer options
+LogFile: "zkt.log"
+LogLevel: debug
+SyslogFacility: USER
+SyslogLevel: notice
+VerboseLog: 2
+Keyfile: "dnskey.db"
+Zonefile: "zone.db"
+KeySetDir: "../keysets"
+DLV_Domain: ""
+Sig_Pseudorand: True
+Distribute_Cmd: "./dist.sh"
diff --git a/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+003+42138.key b/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+003+42138.key
new file mode 100644
index 0000000..6a64c44
--- /dev/null
+++ b/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+003+42138.key
@@ -0,0 +1,3 @@
+;% generationtime=20080609224426
+;% lifetime=60d
+dyn.example.net. IN DNSKEY 257 3 3 CNtFdVrUUJ9MPDyzGoPm+tSKUgnX4bble5+VNGd4RjwWpEDj8RhEAhQ7 LybJzr0wtHXT2Q/KS55xARkUtcH2TVO/ayMupa30pM38rd8uF38sm+AB KLEvCbPjaLZyW+s10di8nLp1aAxKFFfAEfXkIhl3Wm5g9CvjrMlrxAOf Ny/jtz4v+asIr6/d992V80G9wMKMvTMQoCr4Sp9s2JubW79i4RBVWgHH JMmtyqq+SqEkPhZvsTuo2sXgIH9vRS3XgfkGtw/KyTUM29bhZ2eB+Ldq +bggp1gbBDiSsxZPjxciizI/mCzXWbq8BdfZ6LsddMjAolJwCtaPCD4e 4infmw+YSxjGau+YGgI0Cc0uItzQmNNpSoejM3IWGV+SN/YuPJIzw8wi xDfO6kCNiPsW45Fvq31148cAvUvwiqYPQ3fONeOTdQjsJWLLdLTApVEH 10kjAGfa30Tm92lQhhG5ovWrWCMbFlw4Lbvlon+X2snWPNut0a1Pz4Wd clDcmNU8dxi1lFvGbcJ0E4qBoJVBIzDh4HX1
diff --git a/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+003+42138.private b/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+003+42138.private
new file mode 100644
index 0000000..4f7ec3d
--- /dev/null
+++ b/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+003+42138.private
@@ -0,0 +1,7 @@
+Private-key-format: v1.2
+Algorithm: 3 (DSA)
+Prime(p): 4bble5+VNGd4RjwWpEDj8RhEAhQ7LybJzr0wtHXT2Q/KS55xARkUtcH2TVO/ayMupa30pM38rd8uF38sm+ABKLEvCbPjaLZyW+s10di8nLp1aAxKFFfAEfXkIhl3Wm5g9CvjrMlrxAOfNy/jtz4v+asIr6/d992V80G9wMKMvTM=
+Subprime(q): 20V1WtRQn0w8PLMag+b61IpSCdc=
+Base(g): EKAq+EqfbNibm1u/YuEQVVoBxyTJrcqqvkqhJD4Wb7E7qNrF4CB/b0Ut14H5BrcPysk1DNvW4Wdngfi3avm4IKdYGwQ4krMWT48XIosyP5gs11m6vAXX2ei7HXTIwKJScArWjwg+HuIp35sPmEsYxmrvmBoCNAnNLiLc0JjTaUo=
+Private_value(x): xY/GSk3U4oHIsvUiAs/9/n+6ttk=
+Public_value(y): h6MzchYZX5I39i48kjPDzCLEN87qQI2I+xbjkW+rfXXjxwC9S/CKpg9Dd84145N1COwlYst0tMClUQfXSSMAZ9rfROb3aVCGEbmi9atYIxsWXDgtu+Wif5faydY8263RrU/PhZ1yUNyY1Tx3GLWUW8ZtwnQTioGglUEjMOHgdfU=
diff --git a/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+005+01355.key b/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+005+01355.key
new file mode 100644
index 0000000..d129398
--- /dev/null
+++ b/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+005+01355.key
@@ -0,0 +1,3 @@
+;% generationtime=20080609224426
+;% lifetime=14d
+dyn.example.net. IN DNSKEY 256 3 5 BQEAAAAB1hmOomNafbJ3H76e8V4qmFvlFWQuIkM+jbh+s79ZpErpCR7w BS5TswdoTeglX9UjP0D6hLmHfTcsdHQLLeMidQ==
diff --git a/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+005+01355.private b/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+005+01355.private
new file mode 100644
index 0000000..3692946
--- /dev/null
+++ b/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+005+01355.private
@@ -0,0 +1,10 @@
+Private-key-format: v1.2
+Algorithm: 5 (RSASHA1)
+Modulus: 1hmOomNafbJ3H76e8V4qmFvlFWQuIkM+jbh+s79ZpErpCR7wBS5TswdoTeglX9UjP0D6hLmHfTcsdHQLLeMidQ==
+PublicExponent: AQAAAAE=
+PrivateExponent: dAiTob6wk4h5l6frfh49NAzd3RBsVRxqqCsMao52fJvlK06wmOb9PkqOaEMTDroJEGgN6zD/sWcGPK7nYwDMHQ==
+Prime1: 731n5xPK9UQqQsQtattcC4MxtL6+OP1CyLy8e2tsd/8=
+Prime2: 5NwPUBy32o2zzpw4TDH3omB6yk0fmFItJx4ek3RaBYs=
+Exponent1: jzq6en2c8SwS5uQwY3/vFY549HMSTxP58kyS/GJ9hqE=
+Exponent2: y52KLCquniy3EwUypKRkPZPftjBoqZkXeQLXSk4b850=
+Coefficient: vHnxG4D4n+IKETXrutOFT+iREDDcfj6GpYubIP/goZc=
diff --git a/contrib/zkt/examples/flat/dyn.example.net./dnskey.db b/contrib/zkt/examples/flat/dyn.example.net./dnskey.db
new file mode 100644
index 0000000..e0f978e
--- /dev/null
+++ b/contrib/zkt/examples/flat/dyn.example.net./dnskey.db
@@ -0,0 +1,29 @@
+;
+; !!! Don't edit this file by hand.
+; !!! It will be generated by dnssec-signer.
+;
+; Last generation time Jun 12 2008 18:28:38
+;
+
+; *** List of Key Signing Keys ***
+; dyn.example.net. tag=42138 algo=DSA generated Jun 10 2008 00:44:26
+dyn.example.net. 14400 IN DNSKEY 257 3 3 (
+ CNtFdVrUUJ9MPDyzGoPm+tSKUgnX4bble5+VNGd4RjwWpEDj8RhEAhQ7
+ LybJzr0wtHXT2Q/KS55xARkUtcH2TVO/ayMupa30pM38rd8uF38sm+AB
+ KLEvCbPjaLZyW+s10di8nLp1aAxKFFfAEfXkIhl3Wm5g9CvjrMlrxAOf
+ Ny/jtz4v+asIr6/d992V80G9wMKMvTMQoCr4Sp9s2JubW79i4RBVWgHH
+ JMmtyqq+SqEkPhZvsTuo2sXgIH9vRS3XgfkGtw/KyTUM29bhZ2eB+Ldq
+ +bggp1gbBDiSsxZPjxciizI/mCzXWbq8BdfZ6LsddMjAolJwCtaPCD4e
+ 4infmw+YSxjGau+YGgI0Cc0uItzQmNNpSoejM3IWGV+SN/YuPJIzw8wi
+ xDfO6kCNiPsW45Fvq31148cAvUvwiqYPQ3fONeOTdQjsJWLLdLTApVEH
+ 10kjAGfa30Tm92lQhhG5ovWrWCMbFlw4Lbvlon+X2snWPNut0a1Pz4Wd
+ clDcmNU8dxi1lFvGbcJ0E4qBoJVBIzDh4HX1
+ ) ; key id = 42138
+
+; *** List of Zone Signing Keys ***
+; dyn.example.net. tag=1355 algo=RSASHA1 generated Jun 10 2008 00:44:26
+dyn.example.net. 14400 IN DNSKEY 256 3 5 (
+ BQEAAAAB1hmOomNafbJ3H76e8V4qmFvlFWQuIkM+jbh+s79ZpErpCR7w
+ BS5TswdoTeglX9UjP0D6hLmHfTcsdHQLLeMidQ==
+ ) ; key id = 1355
+
diff --git a/contrib/zkt/examples/flat/dyn.example.net./dnssec.conf b/contrib/zkt/examples/flat/dyn.example.net./dnssec.conf
new file mode 100644
index 0000000..0998fda
--- /dev/null
+++ b/contrib/zkt/examples/flat/dyn.example.net./dnssec.conf
@@ -0,0 +1,5 @@
+# signing key parameters
+KSK_lifetime: 60d # (5184000 seconds)
+KSK_algo: DSA
+KSK_bits: 1024
+KSK_randfile: "/dev/urandom"
diff --git a/contrib/zkt/examples/flat/dyn.example.net./dsset-dyn.example.net. b/contrib/zkt/examples/flat/dyn.example.net./dsset-dyn.example.net.
new file mode 100644
index 0000000..f94666a
--- /dev/null
+++ b/contrib/zkt/examples/flat/dyn.example.net./dsset-dyn.example.net.
@@ -0,0 +1,2 @@
+dyn.example.net. IN DS 42138 3 1 0F49FCDB683D1903F69B6779DB55CA3472974879
+dyn.example.net. IN DS 42138 3 2 94AC94BFE3AFA17F7485F5F741274074FF2E26A360D776D8884F2689 CCED34C6
diff --git a/contrib/zkt/examples/flat/dyn.example.net./keyset-dyn.example.net. b/contrib/zkt/examples/flat/dyn.example.net./keyset-dyn.example.net.
new file mode 100644
index 0000000..002217b
--- /dev/null
+++ b/contrib/zkt/examples/flat/dyn.example.net./keyset-dyn.example.net.
@@ -0,0 +1,18 @@
+$ORIGIN .
+dyn.example.net 7200 IN DNSKEY 257 3 3 (
+ CNtFdVrUUJ9MPDyzGoPm+tSKUgnX4bble5+V
+ NGd4RjwWpEDj8RhEAhQ7LybJzr0wtHXT2Q/K
+ S55xARkUtcH2TVO/ayMupa30pM38rd8uF38s
+ m+ABKLEvCbPjaLZyW+s10di8nLp1aAxKFFfA
+ EfXkIhl3Wm5g9CvjrMlrxAOfNy/jtz4v+asI
+ r6/d992V80G9wMKMvTMQoCr4Sp9s2JubW79i
+ 4RBVWgHHJMmtyqq+SqEkPhZvsTuo2sXgIH9v
+ RS3XgfkGtw/KyTUM29bhZ2eB+Ldq+bggp1gb
+ BDiSsxZPjxciizI/mCzXWbq8BdfZ6LsddMjA
+ olJwCtaPCD4e4infmw+YSxjGau+YGgI0Cc0u
+ ItzQmNNpSoejM3IWGV+SN/YuPJIzw8wixDfO
+ 6kCNiPsW45Fvq31148cAvUvwiqYPQ3fONeOT
+ dQjsJWLLdLTApVEH10kjAGfa30Tm92lQhhG5
+ ovWrWCMbFlw4Lbvlon+X2snWPNut0a1Pz4Wd
+ clDcmNU8dxi1lFvGbcJ0E4qBoJVBIzDh4HX1
+ ) ; key id = 42138
diff --git a/contrib/zkt/examples/flat/dyn.example.net./zone.db b/contrib/zkt/examples/flat/dyn.example.net./zone.db
new file mode 100644
index 0000000..ee557b8
--- /dev/null
+++ b/contrib/zkt/examples/flat/dyn.example.net./zone.db
@@ -0,0 +1,136 @@
+; File written on Thu Jun 12 18:28:34 2008
+; dnssec_signzone version 9.5.0
+dyn.example.net. 7200 IN SOA ns1.example.net. hostmaster.example.net. (
+ 7 ; serial
+ 43200 ; refresh (12 hours)
+ 1800 ; retry (30 minutes)
+ 1209600 ; expire (2 weeks)
+ 7200 ; minimum (2 hours)
+ )
+ 7200 RRSIG SOA 5 3 7200 20080622152834 (
+ 20080612152834 1355 dyn.example.net.
+ h8oKA1I7aC378Cll7LdhM2XZzrtsoxOdPaas
+ SMAd5Ok2zobl8i4nTpxUzmJE27U+yEeOJkf+
+ SXgsy934gAaYLw== )
+ 7200 NS ns1.example.net.
+ 7200 NS ns2.example.net.
+ 7200 RRSIG NS 5 3 7200 20080615214426 (
+ 20080609214426 1355 dyn.example.net.
+ xuEEg3kN7hAVIwdQ8l8lmeEzNhrtz5Ow1PQK
+ Sm3KTIxXI8RLcqZgc4pMlCWq+gWwxekvxJwz
+ lU0C+J4VPkA8pA== )
+ 7200 NSEC localhost.dyn.example.net. NS SOA RRSIG NSEC DNSKEY
+ 7200 RRSIG NSEC 5 3 7200 20080615214426 (
+ 20080609214426 1355 dyn.example.net.
+ XFDBfmcN874qUtNsGwD9Ir0QAzjYMw3BI40I
+ HFEOkTBJouhQ8RBpR6YqgWpkLqg1khvES5DH
+ +6XuqA8u/xPmbw== )
+ 3600 DNSKEY 256 3 5 (
+ BQEAAAAB1hmOomNafbJ3H76e8V4qmFvlFWQu
+ IkM+jbh+s79ZpErpCR7wBS5TswdoTeglX9Uj
+ P0D6hLmHfTcsdHQLLeMidQ==
+ ) ; key id = 1355
+ 3600 DNSKEY 257 3 3 (
+ CNtFdVrUUJ9MPDyzGoPm+tSKUgnX4bble5+V
+ NGd4RjwWpEDj8RhEAhQ7LybJzr0wtHXT2Q/K
+ S55xARkUtcH2TVO/ayMupa30pM38rd8uF38s
+ m+ABKLEvCbPjaLZyW+s10di8nLp1aAxKFFfA
+ EfXkIhl3Wm5g9CvjrMlrxAOfNy/jtz4v+asI
+ r6/d992V80G9wMKMvTMQoCr4Sp9s2JubW79i
+ 4RBVWgHHJMmtyqq+SqEkPhZvsTuo2sXgIH9v
+ RS3XgfkGtw/KyTUM29bhZ2eB+Ldq+bggp1gb
+ BDiSsxZPjxciizI/mCzXWbq8BdfZ6LsddMjA
+ olJwCtaPCD4e4infmw+YSxjGau+YGgI0Cc0u
+ ItzQmNNpSoejM3IWGV+SN/YuPJIzw8wixDfO
+ 6kCNiPsW45Fvq31148cAvUvwiqYPQ3fONeOT
+ dQjsJWLLdLTApVEH10kjAGfa30Tm92lQhhG5
+ ovWrWCMbFlw4Lbvlon+X2snWPNut0a1Pz4Wd
+ clDcmNU8dxi1lFvGbcJ0E4qBoJVBIzDh4HX1
+ ) ; key id = 42138
+ 3600 RRSIG DNSKEY 3 3 3600 20080615214426 (
+ 20080609214426 42138 dyn.example.net.
+ CIIuZ4cbwEWxoPGO6KDcLRO4Z3y0i2VhXy+5
+ 1X+nmHSkpcKJrUty/wY= )
+ 3600 RRSIG DNSKEY 5 3 3600 20080615214426 (
+ 20080609214426 1355 dyn.example.net.
+ xGL6ZjA7v2RjPj7BnYjCvsgMRm/Z94j4c5K4
+ 7twJsUZ0AO/mURIpdbCigDfFJuK2fy/8X4Vi
+ 9K8P4EgCcj52Jw== )
+localhost.dyn.example.net. 7200 IN A 127.0.0.1
+ 7200 RRSIG A 5 4 7200 20080615214426 (
+ 20080609214426 1355 dyn.example.net.
+ s+RvcycC8aAYgRcR5qBdVXhpRxBMTFS5Q0Pk
+ FN7OAdfmJ/3nV7+ehu0eOZ2ZjO2Pm4ZFcSM1
+ Sm1ttNxSTe2M8A== )
+ 7200 NSEC ns1.dyn.example.net. A RRSIG NSEC
+ 7200 RRSIG NSEC 5 4 7200 20080615214426 (
+ 20080609214426 1355 dyn.example.net.
+ ZhXlmS/WJPbIiXwLKzNFOxw7RU3owfTA8vEM
+ +/SDZO/7+aVSj5IgbsUs3qLAuFrMN8BFEAWt
+ AqArf+M3STbO9g== )
+ns1.dyn.example.net. 7200 IN A 1.0.0.5
+ 7200 RRSIG A 5 4 7200 20080615214426 (
+ 20080609214426 1355 dyn.example.net.
+ gPY1vUcxdWRJ1YbFMg/8rgoPZwta6rFrxQZl
+ KbyBNctNmlbXxeynP6j3qjwq9dydzbNt+sjO
+ TdWtXSZIlU2JKQ== )
+ 7200 AAAA 2001:db8::53
+ 7200 RRSIG AAAA 5 4 7200 20080615214426 (
+ 20080609214426 1355 dyn.example.net.
+ Y/PZmvaKPq4CqDvdG7eA2sxlnCPeNKHkZOB4
+ eDvK1x+q/WfTs3BDd3+g4zlG5nMC+NRSlXeO
+ Q4Pxd2rI9ud1hA== )
+ 7200 NSEC ns2.dyn.example.net. A AAAA RRSIG NSEC
+ 7200 RRSIG NSEC 5 4 7200 20080615214426 (
+ 20080609214426 1355 dyn.example.net.
+ pLgxecgjqGdhVmCcUl59FljWsnC4bjkslUdt
+ 0etzeGD1SNGUqhFcW10EgZE4Y9pXwvLvw68R
+ sj80tqtN0NHi/Q== )
+ns2.dyn.example.net. 7200 IN A 1.2.0.6
+ 7200 RRSIG A 5 4 7200 20080615214426 (
+ 20080609214426 1355 dyn.example.net.
+ pHtJzfj0HU/AkLE70xT0UG8M/Gvvsia61TnC
+ UrxR/61uQk1X4Vy2+oPA14Yb2QJ7ZHG5D1cn
+ LrVtjyQbfimbOA== )
+ 7200 NSEC x.dyn.example.net. A RRSIG NSEC
+ 7200 RRSIG NSEC 5 4 7200 20080615214426 (
+ 20080609214426 1355 dyn.example.net.
+ vjPL9Mb6oUyg9y8m+BpVpTRpac9+WJxu8FHd
+ Xv4xk67NN+L+Zpukm0D8LSOrk4hZk0X5JkLD
+ Pz/gpH280yQJFA== )
+x.dyn.example.net. 7200 IN A 1.2.3.4
+ 7200 RRSIG A 5 4 7200 20080615214426 (
+ 20080609214426 1355 dyn.example.net.
+ tFyv0gmTKt8/IXdH9VA1H1ymBQ8EIviN2xbC
+ P8vzWZbay3Az2GPObYmaHKb1dm+Sq1dQUJsb
+ jn6fdB+T2Zs9Pw== )
+ 7200 NSEC y.dyn.example.net. A RRSIG NSEC
+ 7200 RRSIG NSEC 5 4 7200 20080615214426 (
+ 20080609214426 1355 dyn.example.net.
+ bWhiuA+4V86k/bfw7XQ7qDHwxTwbTyN+2gu5
+ MeYQA/WeHdb+3QUOYr6aERRJlbD4q431d4f7
+ 0sIwBMHOsDjTSA== )
+y.dyn.example.net. 7200 IN A 1.2.3.5
+ 7200 RRSIG A 5 4 7200 20080615214426 (
+ 20080609214426 1355 dyn.example.net.
+ KQbZCcMcXWwGUyHyubt0VRhrpgiOel/0rQpF
+ 18PyCNIAUIdRra1+Tj12ZaCBT2x5fu+/rtki
+ qA5CzWo8HIPwmA== )
+ 7200 NSEC z.dyn.example.net. A RRSIG NSEC
+ 7200 RRSIG NSEC 5 4 7200 20080615214426 (
+ 20080609214426 1355 dyn.example.net.
+ e/zPTQ1WxvSJymZ/QSyPYFRYpc8gScTbwfXY
+ mSyhQGyn1FjfLodAvyicNYbKF/oxR7IaXKLn
+ lO6C9gQ+Iu9wyw== )
+z.dyn.example.net. 7200 IN A 1.2.3.6
+ 7200 RRSIG A 5 4 7200 20080615214426 (
+ 20080609214426 1355 dyn.example.net.
+ hv9KA2BS+b97KSebN4h/nrP8cU4FUASHdsZj
+ E2GMTf1aV3gpUyPf8LizKhLbUo/LF0bO3CpJ
+ rWBT4VggwE8blQ== )
+ 7200 NSEC dyn.example.net. A RRSIG NSEC
+ 7200 RRSIG NSEC 5 4 7200 20080615214426 (
+ 20080609214426 1355 dyn.example.net.
+ r8f5dzQcdnn8gvr0jiExt/n4IUCVKID9Nahx
+ XMDPLrA7ZH7omol+hKz6wlumYmjphlP2mHUU
+ TNZYnWKCkD3hAQ== )
diff --git a/contrib/zkt/examples/flat/dyn.example.net./zone.db.dsigned b/contrib/zkt/examples/flat/dyn.example.net./zone.db.dsigned
new file mode 100644
index 0000000..9e4c5c8
--- /dev/null
+++ b/contrib/zkt/examples/flat/dyn.example.net./zone.db.dsigned
@@ -0,0 +1,136 @@
+; File written on Thu Jun 12 18:28:39 2008
+; dnssec_signzone version 9.5.0
+dyn.example.net. 7200 IN SOA ns1.example.net. hostmaster.example.net. (
+ 8 ; serial
+ 43200 ; refresh (12 hours)
+ 1800 ; retry (30 minutes)
+ 1209600 ; expire (2 weeks)
+ 7200 ; minimum (2 hours)
+ )
+ 7200 RRSIG SOA 5 3 7200 20080622152838 (
+ 20080612152838 1355 dyn.example.net.
+ GXyAKsmJ3D+pFic86kQxw+ASoAeGwuGj2rY+
+ fby0HR5ud3i/Iq857ZlluDbQbg1EKZuar0l5
+ e7HwrB59bxKAuw== )
+ 7200 NS ns1.example.net.
+ 7200 NS ns2.example.net.
+ 7200 RRSIG NS 5 3 7200 20080615214426 (
+ 20080609214426 1355 dyn.example.net.
+ xuEEg3kN7hAVIwdQ8l8lmeEzNhrtz5Ow1PQK
+ Sm3KTIxXI8RLcqZgc4pMlCWq+gWwxekvxJwz
+ lU0C+J4VPkA8pA== )
+ 7200 NSEC localhost.dyn.example.net. NS SOA RRSIG NSEC DNSKEY
+ 7200 RRSIG NSEC 5 3 7200 20080615214426 (
+ 20080609214426 1355 dyn.example.net.
+ XFDBfmcN874qUtNsGwD9Ir0QAzjYMw3BI40I
+ HFEOkTBJouhQ8RBpR6YqgWpkLqg1khvES5DH
+ +6XuqA8u/xPmbw== )
+ 3600 DNSKEY 256 3 5 (
+ BQEAAAAB1hmOomNafbJ3H76e8V4qmFvlFWQu
+ IkM+jbh+s79ZpErpCR7wBS5TswdoTeglX9Uj
+ P0D6hLmHfTcsdHQLLeMidQ==
+ ) ; key id = 1355
+ 3600 DNSKEY 257 3 3 (
+ CNtFdVrUUJ9MPDyzGoPm+tSKUgnX4bble5+V
+ NGd4RjwWpEDj8RhEAhQ7LybJzr0wtHXT2Q/K
+ S55xARkUtcH2TVO/ayMupa30pM38rd8uF38s
+ m+ABKLEvCbPjaLZyW+s10di8nLp1aAxKFFfA
+ EfXkIhl3Wm5g9CvjrMlrxAOfNy/jtz4v+asI
+ r6/d992V80G9wMKMvTMQoCr4Sp9s2JubW79i
+ 4RBVWgHHJMmtyqq+SqEkPhZvsTuo2sXgIH9v
+ RS3XgfkGtw/KyTUM29bhZ2eB+Ldq+bggp1gb
+ BDiSsxZPjxciizI/mCzXWbq8BdfZ6LsddMjA
+ olJwCtaPCD4e4infmw+YSxjGau+YGgI0Cc0u
+ ItzQmNNpSoejM3IWGV+SN/YuPJIzw8wixDfO
+ 6kCNiPsW45Fvq31148cAvUvwiqYPQ3fONeOT
+ dQjsJWLLdLTApVEH10kjAGfa30Tm92lQhhG5
+ ovWrWCMbFlw4Lbvlon+X2snWPNut0a1Pz4Wd
+ clDcmNU8dxi1lFvGbcJ0E4qBoJVBIzDh4HX1
+ ) ; key id = 42138
+ 3600 RRSIG DNSKEY 3 3 3600 20080615214426 (
+ 20080609214426 42138 dyn.example.net.
+ CIIuZ4cbwEWxoPGO6KDcLRO4Z3y0i2VhXy+5
+ 1X+nmHSkpcKJrUty/wY= )
+ 3600 RRSIG DNSKEY 5 3 3600 20080615214426 (
+ 20080609214426 1355 dyn.example.net.
+ xGL6ZjA7v2RjPj7BnYjCvsgMRm/Z94j4c5K4
+ 7twJsUZ0AO/mURIpdbCigDfFJuK2fy/8X4Vi
+ 9K8P4EgCcj52Jw== )
+localhost.dyn.example.net. 7200 IN A 127.0.0.1
+ 7200 RRSIG A 5 4 7200 20080615214426 (
+ 20080609214426 1355 dyn.example.net.
+ s+RvcycC8aAYgRcR5qBdVXhpRxBMTFS5Q0Pk
+ FN7OAdfmJ/3nV7+ehu0eOZ2ZjO2Pm4ZFcSM1
+ Sm1ttNxSTe2M8A== )
+ 7200 NSEC ns1.dyn.example.net. A RRSIG NSEC
+ 7200 RRSIG NSEC 5 4 7200 20080615214426 (
+ 20080609214426 1355 dyn.example.net.
+ ZhXlmS/WJPbIiXwLKzNFOxw7RU3owfTA8vEM
+ +/SDZO/7+aVSj5IgbsUs3qLAuFrMN8BFEAWt
+ AqArf+M3STbO9g== )
+ns1.dyn.example.net. 7200 IN A 1.0.0.5
+ 7200 RRSIG A 5 4 7200 20080615214426 (
+ 20080609214426 1355 dyn.example.net.
+ gPY1vUcxdWRJ1YbFMg/8rgoPZwta6rFrxQZl
+ KbyBNctNmlbXxeynP6j3qjwq9dydzbNt+sjO
+ TdWtXSZIlU2JKQ== )
+ 7200 AAAA 2001:db8::53
+ 7200 RRSIG AAAA 5 4 7200 20080615214426 (
+ 20080609214426 1355 dyn.example.net.
+ Y/PZmvaKPq4CqDvdG7eA2sxlnCPeNKHkZOB4
+ eDvK1x+q/WfTs3BDd3+g4zlG5nMC+NRSlXeO
+ Q4Pxd2rI9ud1hA== )
+ 7200 NSEC ns2.dyn.example.net. A AAAA RRSIG NSEC
+ 7200 RRSIG NSEC 5 4 7200 20080615214426 (
+ 20080609214426 1355 dyn.example.net.
+ pLgxecgjqGdhVmCcUl59FljWsnC4bjkslUdt
+ 0etzeGD1SNGUqhFcW10EgZE4Y9pXwvLvw68R
+ sj80tqtN0NHi/Q== )
+ns2.dyn.example.net. 7200 IN A 1.2.0.6
+ 7200 RRSIG A 5 4 7200 20080615214426 (
+ 20080609214426 1355 dyn.example.net.
+ pHtJzfj0HU/AkLE70xT0UG8M/Gvvsia61TnC
+ UrxR/61uQk1X4Vy2+oPA14Yb2QJ7ZHG5D1cn
+ LrVtjyQbfimbOA== )
+ 7200 NSEC x.dyn.example.net. A RRSIG NSEC
+ 7200 RRSIG NSEC 5 4 7200 20080615214426 (
+ 20080609214426 1355 dyn.example.net.
+ vjPL9Mb6oUyg9y8m+BpVpTRpac9+WJxu8FHd
+ Xv4xk67NN+L+Zpukm0D8LSOrk4hZk0X5JkLD
+ Pz/gpH280yQJFA== )
+x.dyn.example.net. 7200 IN A 1.2.3.4
+ 7200 RRSIG A 5 4 7200 20080615214426 (
+ 20080609214426 1355 dyn.example.net.
+ tFyv0gmTKt8/IXdH9VA1H1ymBQ8EIviN2xbC
+ P8vzWZbay3Az2GPObYmaHKb1dm+Sq1dQUJsb
+ jn6fdB+T2Zs9Pw== )
+ 7200 NSEC y.dyn.example.net. A RRSIG NSEC
+ 7200 RRSIG NSEC 5 4 7200 20080615214426 (
+ 20080609214426 1355 dyn.example.net.
+ bWhiuA+4V86k/bfw7XQ7qDHwxTwbTyN+2gu5
+ MeYQA/WeHdb+3QUOYr6aERRJlbD4q431d4f7
+ 0sIwBMHOsDjTSA== )
+y.dyn.example.net. 7200 IN A 1.2.3.5
+ 7200 RRSIG A 5 4 7200 20080615214426 (
+ 20080609214426 1355 dyn.example.net.
+ KQbZCcMcXWwGUyHyubt0VRhrpgiOel/0rQpF
+ 18PyCNIAUIdRra1+Tj12ZaCBT2x5fu+/rtki
+ qA5CzWo8HIPwmA== )
+ 7200 NSEC z.dyn.example.net. A RRSIG NSEC
+ 7200 RRSIG NSEC 5 4 7200 20080615214426 (
+ 20080609214426 1355 dyn.example.net.
+ e/zPTQ1WxvSJymZ/QSyPYFRYpc8gScTbwfXY
+ mSyhQGyn1FjfLodAvyicNYbKF/oxR7IaXKLn
+ lO6C9gQ+Iu9wyw== )
+z.dyn.example.net. 7200 IN A 1.2.3.6
+ 7200 RRSIG A 5 4 7200 20080615214426 (
+ 20080609214426 1355 dyn.example.net.
+ hv9KA2BS+b97KSebN4h/nrP8cU4FUASHdsZj
+ E2GMTf1aV3gpUyPf8LizKhLbUo/LF0bO3CpJ
+ rWBT4VggwE8blQ== )
+ 7200 NSEC dyn.example.net. A RRSIG NSEC
+ 7200 RRSIG NSEC 5 4 7200 20080615214426 (
+ 20080609214426 1355 dyn.example.net.
+ r8f5dzQcdnn8gvr0jiExt/n4IUCVKID9Nahx
+ XMDPLrA7ZH7omol+hKz6wlumYmjphlP2mHUU
+ TNZYnWKCkD3hAQ== )
diff --git a/contrib/zkt/examples/flat/dyn.example.net./zone.org b/contrib/zkt/examples/flat/dyn.example.net./zone.org
new file mode 100644
index 0000000..c536fc8
--- /dev/null
+++ b/contrib/zkt/examples/flat/dyn.example.net./zone.org
@@ -0,0 +1,30 @@
+;-----------------------------------------------------------------
+;
+; @(#) dyn.example.net/zone.org
+;
+;-----------------------------------------------------------------
+
+$TTL 7200
+
+@ IN SOA ns1.example.net. hostmaster.example.net. (
+ 1 ; Serial
+ 43200 ; Refresh
+ 1800 ; Retry
+ 2W ; Expire
+ 7200 ) ; Minimum
+
+ IN NS ns1.example.net.
+ IN NS ns2.example.net.
+
+ns1 IN A 1.0.0.5
+ IN AAAA 2001:db8::53
+ns2 IN A 1.2.0.6
+
+localhost IN A 127.0.0.1
+
+x IN A 1.2.3.4
+y IN A 1.2.3.5
+z IN A 1.2.3.6
+
+$INCLUDE dnskey.db
+
diff --git a/contrib/zkt/examples/flat/example.net./Kexample.net.+005+01764.key b/contrib/zkt/examples/flat/example.net./Kexample.net.+005+01764.key
new file mode 100644
index 0000000..bd273d3
--- /dev/null
+++ b/contrib/zkt/examples/flat/example.net./Kexample.net.+005+01764.key
@@ -0,0 +1,3 @@
+;% generationtime=20080506212634
+;% lifetime=60d
+example.net. IN DNSKEY 257 3 5 BQEAAAABDUi2uSUlDjESbnrnY5wd8+pXxhYVY4wCi2UVjhcehvIb2bF8 VJH2Q9/0ubQR1vQ2VJhsGUj3A7bdTfbMETPxKkZaDpc9lCYrm0z5HDrs lyx4bSb4JX/iCyhgYZXrTVb9WyLXjUtmDUktDjZgsyVshFHVJShBUSj+ YpnfQkndGViDAbJRycXDYEF1hCNmTK3KsR1JS9dXMKI3WidH+B9rLlBU 8w==
diff --git a/contrib/zkt/examples/flat/example.net./Kexample.net.+005+01764.published b/contrib/zkt/examples/flat/example.net./Kexample.net.+005+01764.published
new file mode 100644
index 0000000..42b8b80
--- /dev/null
+++ b/contrib/zkt/examples/flat/example.net./Kexample.net.+005+01764.published
@@ -0,0 +1,10 @@
+Private-key-format: v1.2
+Algorithm: 5 (RSASHA1)
+Modulus: DUi2uSUlDjESbnrnY5wd8+pXxhYVY4wCi2UVjhcehvIb2bF8VJH2Q9/0ubQR1vQ2VJhsGUj3A7bdTfbMETPxKkZaDpc9lCYrm0z5HDrslyx4bSb4JX/iCyhgYZXrTVb9WyLXjUtmDUktDjZgsyVshFHVJShBUSj+YpnfQkndGViDAbJRycXDYEF1hCNmTK3KsR1JS9dXMKI3WidH+B9rLlBU8w==
+PublicExponent: AQAAAAE=
+PrivateExponent: AzPR74ljfqsl7qB92XeCowR3igYQrN59a2Z8VGB1PegjagkBltDzudzYyDKpvqdigjeFLL54f1MN5JCPo4J2Q6Ij49LAQ5GsXiEd/FWlwR+UztOcW/uZ3W6DNIwuMbSY7ruZmpv/zVPpyeY1PVXgCsJlX2Zj/Wt8QHASHp5rUugGQSPQfVSQ/mBdDXMZw2tEb3b10quziCmKuHegopRYeuNXwQ==
+Prime1: A+5jXfxmP0Mfnjr4m8BPrPkDyokgFXZB3dXibxeZqp4ypcwpXeO0xTf1FjSZeIOi2RJOzpym914IYa3wPx4zbxmsGeozr1hTIWE+6Xuz0qjE0w==
+Prime2: A2EOffOaSvEoTUf/0dF8Z9/dYxIrE9HBbXRjgrlPc+WoG57lCkjxe/KO5Eclg9o5nrTFcsxpsjrdxOAcIcyTIHsXW8YgxDAb1mFJ0V6tBsabYQ==
+Exponent1: vmRAN3zHGTV28Oj4gslB/xA58sDyieCkDrpGaGChsPo7yUPOEeZQ8ep/FDnQoZLhLCn6XkKcN4D99Yo3JxVECBJOHZp8HrFsfF9BzpXk2yH9
+Exponent2: Aj8x3YdZJ0/KzwX2m6G2qZ5WktmkDITa+XHxvSashqlBm2niBCRFN5kNQNhkIO5ZAFWKEPuHSB5BZWTzgj8jeB8mRoYtbPlJom4KbNtCiZ6BYQ==
+Coefficient: A87WfUPUBfYDuSAu6kcHLAyr0OnqoXnMeXSgyq28CJXdh3Vg39Al8me07wWeRDjMzfpZGdKEhxyvVIS8WhY3du0FYoGI5YhJMqaYq3XjwLfpsQ==
diff --git a/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41151.key b/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41151.key
new file mode 100644
index 0000000..d72baa9
--- /dev/null
+++ b/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41151.key
@@ -0,0 +1,3 @@
+;% generationtime=20080420205422
+;% lifetime=60d
+example.net. IN DNSKEY 257 3 5 BQEAAAABDAnSCbSyScZdP2M6OQTbTGvZRD5avmDYgAwXv0EsnNautYn7 kzDGwY3oVTXWDTdII+syK0pt0unjUn2ActoXtyFzIk61VRKDroANM9/W O0PO/y50vNIGMJUL1TiMR6jCp23eSxQ39/1A+BeiU+fMjoJK0/Yc7hbM HWwD8myU0IEX8R2iVUTXNPNbmUV2M836Eu5SRLIVTc7P4vjKT1YYVnoQ qw==
diff --git a/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41151.private b/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41151.private
new file mode 100644
index 0000000..554cd12
--- /dev/null
+++ b/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41151.private
@@ -0,0 +1,10 @@
+Private-key-format: v1.2
+Algorithm: 5 (RSASHA1)
+Modulus: DAnSCbSyScZdP2M6OQTbTGvZRD5avmDYgAwXv0EsnNautYn7kzDGwY3oVTXWDTdII+syK0pt0unjUn2ActoXtyFzIk61VRKDroANM9/WO0PO/y50vNIGMJUL1TiMR6jCp23eSxQ39/1A+BeiU+fMjoJK0/Yc7hbMHWwD8myU0IEX8R2iVUTXNPNbmUV2M836Eu5SRLIVTc7P4vjKT1YYVnoQqw==
+PublicExponent: AQAAAAE=
+PrivateExponent: CJPcx+j7bWxMzKCl395v2PxQRYc/YurHU25oJL9i+B/bkxC8sRzSrTe4rRW61vhtAE3R6+CGz1336igirbEWKjHbPyBg42QHu2OCHWcKv4jq8k9yvtYGb9rKVvSUj4HAfZolr130loWW+CNp5soQQcJG0qxP+YkdI/Z+GDQ9kDbn80+r3wtCtVzjhoq0RoUSH3UnKUbs+DvacQmvepMLcM3PgQ==
+Prime1: A413lN4gpI+7Imn2Krm4CGyRCBoNwFa2PSr1ZQN195W5enKVZAkKg+49G7hoduMgjW2RAzwoJp0/4cGPx5nugSv93QT/mTMhYupL9KdGKcYUIQ==
+Prime2: A2N7TbYY1Q67CsoqHPvogKEP0XtlN421eF+88Yu/YnAZ3Ikd1nMad7rO1bVWptabsNuw0JFkpOmrS3u/GvaWmKCNGBlGjF/XlKr8Bh63V/zLSw==
+Exponent1: Aa0C6ssN8NTZIKsoGJEJLVbb9uB48nXtaMq2FxFARogrnmY0Gi/n8AWFc+ulPvAzJhhrjWF3VW38GcuPe3Ss8l3fpAbAexEnrJHOXxKLlOgmwQ==
+Exponent2: j78LKeDXSgTL5WmsffdJHSRe32GfaX6SgTF0BKzKVRuNIiOf7vHjzkDn4gdcTsMLTSNVp/Zj4vkWMkfJNq+AqosHpBFvhmd+boUG4Xde4jSp
+Coefficient: A1RWhKCgowdNAWs9OF3Q5CBBzC2Fq6O0CspJJD3cmNTEQVbxEbzSWyW7S1NsBgp+6de/HQ72IFtEAL9ChSy6pXWx27PGK6wE89rGbfaJ9Y2gzQ==
diff --git a/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41300.key b/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41300.key
new file mode 100644
index 0000000..235a5df
--- /dev/null
+++ b/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41300.key
@@ -0,0 +1,3 @@
+;% generationtime=20080721221039
+;% lifetime=14d
+example.net. IN DNSKEY 256 3 5 BQEAAAABz+XkYpKYKuMPi7jA8Y/qfzDuGKdGVadO1kBAK6UnrK+WbxP3 LjoOtWm13QuS8fHsuZipXs2ouT2S9dhdEArKfw==
diff --git a/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41300.private b/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41300.private
new file mode 100644
index 0000000..b5041c0
--- /dev/null
+++ b/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41300.private
@@ -0,0 +1,10 @@
+Private-key-format: v1.2
+Algorithm: 5 (RSASHA1)
+Modulus: z+XkYpKYKuMPi7jA8Y/qfzDuGKdGVadO1kBAK6UnrK+WbxP3LjoOtWm13QuS8fHsuZipXs2ouT2S9dhdEArKfw==
+PublicExponent: AQAAAAE=
+PrivateExponent: MF8+pDySZKCy1bZvgH9me1xf6cMd7V7FYgIWqRTSGuGpRWdtnIoltaBWjj2UlCshJYiwT0Y5g3obAsorqBC3wQ==
+Prime1: 6M83fhmfDJmatbG+texk1m/E7Aj8yOTLommXQYC/18M=
+Prime2: 5JtrNfEt434OYY/aIFo+LpKQ4YHmni1IODDoP9sHkpU=
+Exponent1: nCZRKBmE9YucwPIw6E1yLiAJ87fqm9IGNLez0kmtV+0=
+Exponent2: 4rEtpIoEBRymA2/iJbg+UmyCd1MKp5Mx4WhFTv1KOS0=
+Coefficient: v0eWAC3cl0XllkeNGaq5thp02OnHsxVU8Xwtss3dCMw=
diff --git a/contrib/zkt/examples/flat/example.net./dnskey.db b/contrib/zkt/examples/flat/example.net./dnskey.db
new file mode 100644
index 0000000..6bd2ba0
--- /dev/null
+++ b/contrib/zkt/examples/flat/example.net./dnskey.db
@@ -0,0 +1,33 @@
+;
+; !!! Don't edit this file by hand.
+; !!! It will be generated by dnssec-signer.
+;
+; Last generation time Jul 31 2008 00:25:53
+;
+
+; *** List of Key Signing Keys ***
+; example.net. tag=1764 algo=RSASHA1 generated Jun 19 2008 00:32:22
+example.net. 3600 IN DNSKEY 257 3 5 (
+ BQEAAAABDUi2uSUlDjESbnrnY5wd8+pXxhYVY4wCi2UVjhcehvIb2bF8
+ VJH2Q9/0ubQR1vQ2VJhsGUj3A7bdTfbMETPxKkZaDpc9lCYrm0z5HDrs
+ lyx4bSb4JX/iCyhgYZXrTVb9WyLXjUtmDUktDjZgsyVshFHVJShBUSj+
+ YpnfQkndGViDAbJRycXDYEF1hCNmTK3KsR1JS9dXMKI3WidH+B9rLlBU
+ 8w==
+ ) ; key id = 1764
+
+; example.net. tag=41151 algo=RSASHA1 generated Jun 19 2008 00:32:22
+example.net. 3600 IN DNSKEY 257 3 5 (
+ BQEAAAABDAnSCbSyScZdP2M6OQTbTGvZRD5avmDYgAwXv0EsnNautYn7
+ kzDGwY3oVTXWDTdII+syK0pt0unjUn2ActoXtyFzIk61VRKDroANM9/W
+ O0PO/y50vNIGMJUL1TiMR6jCp23eSxQ39/1A+BeiU+fMjoJK0/Yc7hbM
+ HWwD8myU0IEX8R2iVUTXNPNbmUV2M836Eu5SRLIVTc7P4vjKT1YYVnoQ
+ qw==
+ ) ; key id = 41151
+
+; *** List of Zone Signing Keys ***
+; example.net. tag=41300 algo=RSASHA1 generated Jul 24 2008 00:13:57
+example.net. 3600 IN DNSKEY 256 3 5 (
+ BQEAAAABz+XkYpKYKuMPi7jA8Y/qfzDuGKdGVadO1kBAK6UnrK+WbxP3
+ LjoOtWm13QuS8fHsuZipXs2ouT2S9dhdEArKfw==
+ ) ; key id = 41300
+
diff --git a/contrib/zkt/examples/flat/example.net./dsset-example.net. b/contrib/zkt/examples/flat/example.net./dsset-example.net.
new file mode 100644
index 0000000..d4a01ed
--- /dev/null
+++ b/contrib/zkt/examples/flat/example.net./dsset-example.net.
@@ -0,0 +1,4 @@
+example.net. IN DS 1764 5 1 A6F060DDE8DE45CA7FD1C21E2F39C477F214795F
+example.net. IN DS 1764 5 2 B7109245C60ACEDD1630E145477FDF574D5BD9CABE530AAC6D7192DB 7FBFAA3F
+example.net. IN DS 41151 5 1 BBB692EA07571E412F9385A618C1CAD9BFC1469A
+example.net. IN DS 41151 5 2 4D22B44C3DC09BD9EEADFFB917EFCE8E45F22E89FF0C096CD14F4405 CA1CAE3F
diff --git a/contrib/zkt/examples/flat/example.net./kexample.net.+005+14829.key b/contrib/zkt/examples/flat/example.net./kexample.net.+005+14829.key
new file mode 100644
index 0000000..fdf427b
--- /dev/null
+++ b/contrib/zkt/examples/flat/example.net./kexample.net.+005+14829.key
@@ -0,0 +1,4 @@
+;% generationtime=20080415164557
+;% lifetime=20d
+;% expirationtime=20080506212633
+example.net. IN DNSKEY 385 3 5 BQEAAAABCrDt76ODmeteohszxggclH3vAXO/NXOnXjOzIivP5LaUL4/U uAtafg5JXypl/nCUVap9FG0K1ebCCBCMJaPCoi7pIgD5EgFzHPnxZo2w GvtmWYwK3MaBP4U8YzwpVbGpJIBAW+IZyM89LD6b2cvkJL5YEviPNfMp rMTLo7BOMVjMBpG2IuULOHq7dzyIe/ym/RXKuuYc5AVtHCBBfGKU/Wzn 0Q==
diff --git a/contrib/zkt/examples/flat/example.net./kexample.net.+005+14829.private b/contrib/zkt/examples/flat/example.net./kexample.net.+005+14829.private
new file mode 100644
index 0000000..1018561
--- /dev/null
+++ b/contrib/zkt/examples/flat/example.net./kexample.net.+005+14829.private
@@ -0,0 +1,10 @@
+Private-key-format: v1.2
+Algorithm: 5 (RSASHA1)
+Modulus: CrDt76ODmeteohszxggclH3vAXO/NXOnXjOzIivP5LaUL4/UuAtafg5JXypl/nCUVap9FG0K1ebCCBCMJaPCoi7pIgD5EgFzHPnxZo2wGvtmWYwK3MaBP4U8YzwpVbGpJIBAW+IZyM89LD6b2cvkJL5YEviPNfMprMTLo7BOMVjMBpG2IuULOHq7dzyIe/ym/RXKuuYc5AVtHCBBfGKU/Wzn0Q==
+PublicExponent: AQAAAAE=
+PrivateExponent: CWC6hC61oQC954Dcu2Z0NNmLk6Wnr33yh7VCuT7kh5fSOgA6Fm0qQgH+nvW2sv9fpy8JB4WBaa/CnysKkLwjDBFcWkrMw7wDR0KAiixe8bjXCZUy95x2t3B/o23jQtS/ejJgaSSOJFioRcPoT5sv9mm6QCe3ir3g9+3n4COrzf0DY1oGfDLzuhrYDT/AM5MuEjSamlblTPHHsKlI3UCl+AHDLQ==
+Prime1: A3ZcDeyxt/SDgmgg4Yk7v66MbFU4GWreYp4/MYhEDsE4jA0cqEY28cAoN8FyPCB1H1t10IVqOs7/LSKrWdXMUKUv57DPMHJp539Wx2HYLmVIfw==
+Prime2: AxZ8J01/Sbij24nloiVsDJdjFTAVApr4S6n/QRdBkWumQTLexnQ1ErcTEVc3Fn0po04ZToIO5JNINrWNdAuNiaHYLuiD4pkkHuSAmTajbVsnrw==
+Exponent1: Iw7WPWd3zZeJ/b3zQcQtSosUXUWFy430aEsQWimMnibFm+qOVpsjhRkTHW/yZp227Y4sVb/ZhzCZWFGr6qWe0sdHIv5Yx6SkvIxv4rUiHdOL
+Exponent2: AhiPWhKq+Iyy/HRZuWpIAalUZ7yE7FeHWFQYQLocatTCnY91VsgNxRLXRwcci6mflhIVoLBDHJal7x4SCRq0Xbze5PeMlMUhsDQdCT+QYTgCRw==
+Coefficient: Auw2b1lPzp3gWxpnDNZWeuiwGcWTd9fNfN/4kBrCbulFngYTNVBpqathFqdwtojYXHfM2HZDKHqmZVZgON+FfxvauGvTDWO6MTBxUleeBlLmcg==
diff --git a/contrib/zkt/examples/flat/example.net./keyset-example.net. b/contrib/zkt/examples/flat/example.net./keyset-example.net.
new file mode 100644
index 0000000..c832578
--- /dev/null
+++ b/contrib/zkt/examples/flat/example.net./keyset-example.net.
@@ -0,0 +1,19 @@
+$ORIGIN .
+example.net 7200 IN DNSKEY 257 3 5 (
+ BQEAAAABDAnSCbSyScZdP2M6OQTbTGvZRD5a
+ vmDYgAwXv0EsnNautYn7kzDGwY3oVTXWDTdI
+ I+syK0pt0unjUn2ActoXtyFzIk61VRKDroAN
+ M9/WO0PO/y50vNIGMJUL1TiMR6jCp23eSxQ3
+ 9/1A+BeiU+fMjoJK0/Yc7hbMHWwD8myU0IEX
+ 8R2iVUTXNPNbmUV2M836Eu5SRLIVTc7P4vjK
+ T1YYVnoQqw==
+ ) ; key id = 41151
+ 7200 IN DNSKEY 257 3 5 (
+ BQEAAAABDUi2uSUlDjESbnrnY5wd8+pXxhYV
+ Y4wCi2UVjhcehvIb2bF8VJH2Q9/0ubQR1vQ2
+ VJhsGUj3A7bdTfbMETPxKkZaDpc9lCYrm0z5
+ HDrslyx4bSb4JX/iCyhgYZXrTVb9WyLXjUtm
+ DUktDjZgsyVshFHVJShBUSj+YpnfQkndGViD
+ AbJRycXDYEF1hCNmTK3KsR1JS9dXMKI3WidH
+ +B9rLlBU8w==
+ ) ; key id = 1764
diff --git a/contrib/zkt/examples/flat/example.net./zone.db b/contrib/zkt/examples/flat/example.net./zone.db
new file mode 100644
index 0000000..42ad067
--- /dev/null
+++ b/contrib/zkt/examples/flat/example.net./zone.db
@@ -0,0 +1,43 @@
+;-----------------------------------------------------------------
+;
+; @(#) example.net/zone.db
+;
+;-----------------------------------------------------------------
+
+$TTL 7200
+
+; Be sure that the serial number below is left
+; justified in a field of at least 10 chars!!
+; 0123456789;
+; It's also possible to use the date form e.g. 2005040101
+@ IN SOA ns1.example.net. hostmaster.example.net. (
+ 306 ; Serial
+ 43200 ; Refresh
+ 1800 ; Retry
+ 2W ; Expire
+ 7200 ) ; Minimum
+
+ IN NS ns1.example.net.
+ IN NS ns2.example.net.
+
+ns1 IN A 1.0.0.5
+ IN AAAA 2001:db8::53
+ns2 IN A 1.2.0.6
+
+localhost IN A 127.0.0.1
+
+a IN A 1.2.3.1
+b IN MX 10 a
+;c IN A 1.2.3.2
+d IN A 1.2.3.3
+ IN AAAA 2001:0db8::3
+
+; Delegation to secure zone; The DS resource record will
+; be added by dnssec-signzone automatically if the
+; keyset-sub.example.net file is present (run dnssec-signzone
+; with option -g or use the dnssec-signer tool) ;-)
+sub IN NS ns1.example.net.
+
+; this file will have all the zone keys
+$INCLUDE dnskey.db
+
diff --git a/contrib/zkt/examples/flat/example.net./zone.db.signed b/contrib/zkt/examples/flat/example.net./zone.db.signed
new file mode 100644
index 0000000..b10d122
--- /dev/null
+++ b/contrib/zkt/examples/flat/example.net./zone.db.signed
@@ -0,0 +1,166 @@
+; File written on Thu Jul 31 00:25:53 2008
+; dnssec_signzone version 9.5.1b1
+example.net. 7200 IN SOA ns1.example.net. hostmaster.example.net. (
+ 306 ; serial
+ 43200 ; refresh (12 hours)
+ 1800 ; retry (30 minutes)
+ 1209600 ; expire (2 weeks)
+ 7200 ; minimum (2 hours)
+ )
+ 7200 RRSIG SOA 5 2 7200 20080805212553 (
+ 20080730212553 41300 example.net.
+ eRpET793mGv1lKjHoaL/woHNxqFx8mFg1LlT
+ x3ISMuUH7BJCHI4urjNMIJCOKwTeDsstlmvt
+ llflqikDp8uLmQ== )
+ 7200 NS ns1.example.net.
+ 7200 NS ns2.example.net.
+ 7200 RRSIG NS 5 2 7200 20080805212553 (
+ 20080730212553 41300 example.net.
+ t7lt/MCYy2plJXQXeZFapUjzkhtYi0NIa4/i
+ sJInZYv78nT2981zrlYCX5UKswGy6VAchtgu
+ WDdVL5V3nirNiA== )
+ 7200 NSEC a.example.net. NS SOA RRSIG NSEC DNSKEY
+ 7200 RRSIG NSEC 5 2 7200 20080805212553 (
+ 20080730212553 41300 example.net.
+ TNq3FKjB7brjHQDD1vReNNddof1UmsAOdioU
+ vL1alQJa1zXVpL9Yl2NUbtuV3kKVpxxLAZM4
+ 8fjJ1uPzW3KVJQ== )
+ 3600 DNSKEY 256 3 5 (
+ BQEAAAABz+XkYpKYKuMPi7jA8Y/qfzDuGKdG
+ VadO1kBAK6UnrK+WbxP3LjoOtWm13QuS8fHs
+ uZipXs2ouT2S9dhdEArKfw==
+ ) ; key id = 41300
+ 3600 DNSKEY 257 3 5 (
+ BQEAAAABDAnSCbSyScZdP2M6OQTbTGvZRD5a
+ vmDYgAwXv0EsnNautYn7kzDGwY3oVTXWDTdI
+ I+syK0pt0unjUn2ActoXtyFzIk61VRKDroAN
+ M9/WO0PO/y50vNIGMJUL1TiMR6jCp23eSxQ3
+ 9/1A+BeiU+fMjoJK0/Yc7hbMHWwD8myU0IEX
+ 8R2iVUTXNPNbmUV2M836Eu5SRLIVTc7P4vjK
+ T1YYVnoQqw==
+ ) ; key id = 41151
+ 3600 DNSKEY 257 3 5 (
+ BQEAAAABDUi2uSUlDjESbnrnY5wd8+pXxhYV
+ Y4wCi2UVjhcehvIb2bF8VJH2Q9/0ubQR1vQ2
+ VJhsGUj3A7bdTfbMETPxKkZaDpc9lCYrm0z5
+ HDrslyx4bSb4JX/iCyhgYZXrTVb9WyLXjUtm
+ DUktDjZgsyVshFHVJShBUSj+YpnfQkndGViD
+ AbJRycXDYEF1hCNmTK3KsR1JS9dXMKI3WidH
+ +B9rLlBU8w==
+ ) ; key id = 1764
+ 3600 RRSIG DNSKEY 5 2 3600 20080805212553 (
+ 20080730212553 41151 example.net.
+ AoLzL97D0rw8R5leKTNH7XuKyLPUdmX2nmfb
+ Q9RV9mV1mcM7cV37C8nNp1xNqY91frjCiUtd
+ PjFa95U2B1ZVU6j2CgWzPLRidRTU/aKJy2MZ
+ dwkAx4P6MGXemCwi5xGY1JLP3WTtdW1ERBjE
+ tgOT8mOOA8pDk+1S2zUAGbT4WGLx09hf16n+
+ b9YR+mNVyEyJ8qJGvWm6U8niyhHOZWFj6QkL
+ Tw== )
+ 3600 RRSIG DNSKEY 5 2 3600 20080805212553 (
+ 20080730212553 41300 example.net.
+ up151hyvd84qGvWxziVwgzuLHvZ9os27gqSU
+ hMeplk+Q2coXShZ219zSQKfZHRYRQF0Hujwi
+ FSHnJW5dlBhMow== )
+a.example.net. 7200 IN A 1.2.3.1
+ 7200 RRSIG A 5 3 7200 20080805212553 (
+ 20080730212553 41300 example.net.
+ EOJulnvULgDyx+WXIPkkoAcBot3lKKIHplAM
+ aa2K3QIXak75/IxCh+K/yUpqgsbeU0wHJakd
+ vo0cFjkPvCCrHA== )
+ 7200 NSEC b.example.net. A RRSIG NSEC
+ 7200 RRSIG NSEC 5 3 7200 20080805212553 (
+ 20080730212553 41300 example.net.
+ Vb+ZkjqQ+TzXmhsVEE1490F6O3Mww5z0GiO/
+ 1CtMb+qfUNS0RavmHVnm5rBYs3WyQmG04vQr
+ 2MS4wJguPpznEg== )
+b.example.net. 7200 IN MX 10 a.example.net.
+ 7200 RRSIG MX 5 3 7200 20080805212553 (
+ 20080730212553 41300 example.net.
+ RG6GDR1HAKQeG6TaWbIlp97FYZSp8Xf7ySxi
+ Q+OJaPw209RmlNFySWt/HQ6XiwPQ3OJUU9KJ
+ V1VbEaZnFVXu2Q== )
+ 7200 NSEC d.example.net. MX RRSIG NSEC
+ 7200 RRSIG NSEC 5 3 7200 20080805212553 (
+ 20080730212553 41300 example.net.
+ MxxrqKlQWoN1PgC6g/VkzTQYRFZpeJfjtm9L
+ jbnNPVNUJoRFA2knURkrTB4nmQc6k9bms9Na
+ G1yt/jdFB699yg== )
+d.example.net. 7200 IN A 1.2.3.3
+ 7200 RRSIG A 5 3 7200 20080805212553 (
+ 20080730212553 41300 example.net.
+ LHAxOSR8B+5D4nPxGn3zr4w8E+sSffCRbiqS
+ 8Giafiugn+FKRRO+QrCBytSF/YBmwfuz7uQF
+ Xqk7op11oye7fA== )
+ 7200 AAAA 2001:db8::3
+ 7200 RRSIG AAAA 5 3 7200 20080805212553 (
+ 20080730212553 41300 example.net.
+ VkBfSCLQGwOsCdzJTCgNenXpIHQ1OfOHhqib
+ 2UHf/kPtCRxONFQUcKfTC10XSbnOJ7oWcyVC
+ sJOAIxxNQOefZg== )
+ 7200 NSEC localhost.example.net. A AAAA RRSIG NSEC
+ 7200 RRSIG NSEC 5 3 7200 20080805212553 (
+ 20080730212553 41300 example.net.
+ e9HXw+0oV/wa8dobs1lstE68JgCzdlmnGUAh
+ /0878kn5nyoLBaFEW3u6LU1E1YY277Ox2jZD
+ X51lgVvrlOsMaw== )
+localhost.example.net. 7200 IN A 127.0.0.1
+ 7200 RRSIG A 5 3 7200 20080805212553 (
+ 20080730212553 41300 example.net.
+ cx0NJFy0/RjCjhlU1X3S0na2q9hMyHmvFLhv
+ zLk+LqSaK1rHW4GNCCsGlNxQIb9uJjQJuUq1
+ U9ZdHxUEqeRRtQ== )
+ 7200 NSEC ns1.example.net. A RRSIG NSEC
+ 7200 RRSIG NSEC 5 3 7200 20080805212553 (
+ 20080730212553 41300 example.net.
+ nDPwYL/05NLxkY4iuyzH8ASiBq8FcY0uNQAg
+ F+bjdtm1xt1uyqTROl5JQ1P3SUb/EuoxCMII
+ hS9tIVb0spHDuQ== )
+ns1.example.net. 7200 IN A 1.0.0.5
+ 7200 RRSIG A 5 3 7200 20080805212553 (
+ 20080730212553 41300 example.net.
+ swMfIxbBfSCr4ACCa3dJ8d0gtoHD7Z0L0sTp
+ TFEZ9miQFFN9zxKHGRpk6fBjkiMI3bSAMbtM
+ bBUOTYWJIMT50g== )
+ 7200 AAAA 2001:db8::53
+ 7200 RRSIG AAAA 5 3 7200 20080805212553 (
+ 20080730212553 41300 example.net.
+ w+weJuOzg5fQ15RGdNQ/7Gf4DxkcKq4Drx0l
+ CZ16TKV3/fR8ROCzIP9HulPsNJtEFK+J+CbM
+ 5P5ZMXieZrh+xQ== )
+ 7200 NSEC ns2.example.net. A AAAA RRSIG NSEC
+ 7200 RRSIG NSEC 5 3 7200 20080805212553 (
+ 20080730212553 41300 example.net.
+ xe9q0umSSgBNQ5H0yLSQ9tONsw2hORQpxMGT
+ rrfxEcPm86SLMM40dithZQeajNucRlmuadKX
+ HREpYT/DVVBT0A== )
+ns2.example.net. 7200 IN A 1.2.0.6
+ 7200 RRSIG A 5 3 7200 20080805212553 (
+ 20080730212553 41300 example.net.
+ gOU5QjhdfwBBNHi5uQOs53GoxU7eiSt9I/yk
+ 06EzlFU2gJ+1cmhYKqrSZM7XC7/c5I61AZDS
+ 2LaOiuqMIPm8Hw== )
+ 7200 NSEC sub.example.net. A RRSIG NSEC
+ 7200 RRSIG NSEC 5 3 7200 20080805212553 (
+ 20080730212553 41300 example.net.
+ dT90BIfl/AJ6gVSbrU0TiOacE5ZffS4N4B5+
+ HQzwNup6HfL7ZwBEO/vhKJjSgwd+Oetfc76+
+ /l+dJFZ8FtdZTA== )
+sub.example.net. 7200 IN NS ns1.example.net.
+ 7200 DS 54876 5 1 (
+ CAB6127E303A8A8D7D5A29AE05DB60F4C506
+ 0B10 )
+ 7200 DS 54876 5 2 (
+ 7C8CAF1844479F3600213173BB5D1E2A4414
+ 3D63B6E0B3E10D8C5310ADF84D30 )
+ 7200 RRSIG DS 5 3 7200 20080805212553 (
+ 20080730212553 41300 example.net.
+ DjNb5DNaKyPMWJgfiLxXbw/BhuxxKd58tHv+
+ TQqrp6STx8jZRWNsigEh4QTyx8lyYcAPaYEt
+ X6JnkVWr89s82A== )
+ 7200 NSEC example.net. NS DS RRSIG NSEC
+ 7200 RRSIG NSEC 5 3 7200 20080805212553 (
+ 20080730212553 41300 example.net.
+ kDm+cYjtem6aZSTTsLdSQZnJJVfASXdIsrom
+ fViO1QIHNSZodbtWT9cqMvhMhmQ1rO5GVRGg
+ KaG0bEo8TpOAUw== )
diff --git a/contrib/zkt/examples/flat/keysets/dlvset-sub.example.net. b/contrib/zkt/examples/flat/keysets/dlvset-sub.example.net.
new file mode 100644
index 0000000..8e00719
--- /dev/null
+++ b/contrib/zkt/examples/flat/keysets/dlvset-sub.example.net.
@@ -0,0 +1,2 @@
+sub.example.net.dlv.trusted-keys.de. IN DLV 54876 5 1 CAB6127E303A8A8D7D5A29AE05DB60F4C5060B10
+sub.example.net.dlv.trusted-keys.de. IN DLV 54876 5 2 7C8CAF1844479F3600213173BB5D1E2A44143D63B6E0B3E10D8C5310 ADF84D30
diff --git a/contrib/zkt/examples/flat/keysets/dsset-dyn.example.net. b/contrib/zkt/examples/flat/keysets/dsset-dyn.example.net.
new file mode 100644
index 0000000..f94666a
--- /dev/null
+++ b/contrib/zkt/examples/flat/keysets/dsset-dyn.example.net.
@@ -0,0 +1,2 @@
+dyn.example.net. IN DS 42138 3 1 0F49FCDB683D1903F69B6779DB55CA3472974879
+dyn.example.net. IN DS 42138 3 2 94AC94BFE3AFA17F7485F5F741274074FF2E26A360D776D8884F2689 CCED34C6
diff --git a/contrib/zkt/examples/flat/keysets/dsset-example.net. b/contrib/zkt/examples/flat/keysets/dsset-example.net.
new file mode 100644
index 0000000..d4a01ed
--- /dev/null
+++ b/contrib/zkt/examples/flat/keysets/dsset-example.net.
@@ -0,0 +1,4 @@
+example.net. IN DS 1764 5 1 A6F060DDE8DE45CA7FD1C21E2F39C477F214795F
+example.net. IN DS 1764 5 2 B7109245C60ACEDD1630E145477FDF574D5BD9CABE530AAC6D7192DB 7FBFAA3F
+example.net. IN DS 41151 5 1 BBB692EA07571E412F9385A618C1CAD9BFC1469A
+example.net. IN DS 41151 5 2 4D22B44C3DC09BD9EEADFFB917EFCE8E45F22E89FF0C096CD14F4405 CA1CAE3F
diff --git a/contrib/zkt/examples/flat/keysets/dsset-sub.example.net. b/contrib/zkt/examples/flat/keysets/dsset-sub.example.net.
new file mode 100644
index 0000000..9bed62a
--- /dev/null
+++ b/contrib/zkt/examples/flat/keysets/dsset-sub.example.net.
@@ -0,0 +1,2 @@
+sub.example.net. IN DS 54876 5 1 CAB6127E303A8A8D7D5A29AE05DB60F4C5060B10
+sub.example.net. IN DS 54876 5 2 7C8CAF1844479F3600213173BB5D1E2A44143D63B6E0B3E10D8C5310 ADF84D30
diff --git a/contrib/zkt/examples/flat/keysets/keyset-dyn.example.net. b/contrib/zkt/examples/flat/keysets/keyset-dyn.example.net.
new file mode 100644
index 0000000..002217b
--- /dev/null
+++ b/contrib/zkt/examples/flat/keysets/keyset-dyn.example.net.
@@ -0,0 +1,18 @@
+$ORIGIN .
+dyn.example.net 7200 IN DNSKEY 257 3 3 (
+ CNtFdVrUUJ9MPDyzGoPm+tSKUgnX4bble5+V
+ NGd4RjwWpEDj8RhEAhQ7LybJzr0wtHXT2Q/K
+ S55xARkUtcH2TVO/ayMupa30pM38rd8uF38s
+ m+ABKLEvCbPjaLZyW+s10di8nLp1aAxKFFfA
+ EfXkIhl3Wm5g9CvjrMlrxAOfNy/jtz4v+asI
+ r6/d992V80G9wMKMvTMQoCr4Sp9s2JubW79i
+ 4RBVWgHHJMmtyqq+SqEkPhZvsTuo2sXgIH9v
+ RS3XgfkGtw/KyTUM29bhZ2eB+Ldq+bggp1gb
+ BDiSsxZPjxciizI/mCzXWbq8BdfZ6LsddMjA
+ olJwCtaPCD4e4infmw+YSxjGau+YGgI0Cc0u
+ ItzQmNNpSoejM3IWGV+SN/YuPJIzw8wixDfO
+ 6kCNiPsW45Fvq31148cAvUvwiqYPQ3fONeOT
+ dQjsJWLLdLTApVEH10kjAGfa30Tm92lQhhG5
+ ovWrWCMbFlw4Lbvlon+X2snWPNut0a1Pz4Wd
+ clDcmNU8dxi1lFvGbcJ0E4qBoJVBIzDh4HX1
+ ) ; key id = 42138
diff --git a/contrib/zkt/examples/flat/keysets/keyset-example.net. b/contrib/zkt/examples/flat/keysets/keyset-example.net.
new file mode 100644
index 0000000..c832578
--- /dev/null
+++ b/contrib/zkt/examples/flat/keysets/keyset-example.net.
@@ -0,0 +1,19 @@
+$ORIGIN .
+example.net 7200 IN DNSKEY 257 3 5 (
+ BQEAAAABDAnSCbSyScZdP2M6OQTbTGvZRD5a
+ vmDYgAwXv0EsnNautYn7kzDGwY3oVTXWDTdI
+ I+syK0pt0unjUn2ActoXtyFzIk61VRKDroAN
+ M9/WO0PO/y50vNIGMJUL1TiMR6jCp23eSxQ3
+ 9/1A+BeiU+fMjoJK0/Yc7hbMHWwD8myU0IEX
+ 8R2iVUTXNPNbmUV2M836Eu5SRLIVTc7P4vjK
+ T1YYVnoQqw==
+ ) ; key id = 41151
+ 7200 IN DNSKEY 257 3 5 (
+ BQEAAAABDUi2uSUlDjESbnrnY5wd8+pXxhYV
+ Y4wCi2UVjhcehvIb2bF8VJH2Q9/0ubQR1vQ2
+ VJhsGUj3A7bdTfbMETPxKkZaDpc9lCYrm0z5
+ HDrslyx4bSb4JX/iCyhgYZXrTVb9WyLXjUtm
+ DUktDjZgsyVshFHVJShBUSj+YpnfQkndGViD
+ AbJRycXDYEF1hCNmTK3KsR1JS9dXMKI3WidH
+ +B9rLlBU8w==
+ ) ; key id = 1764
diff --git a/contrib/zkt/examples/flat/keysets/keyset-sub.example.net. b/contrib/zkt/examples/flat/keysets/keyset-sub.example.net.
new file mode 100644
index 0000000..77aacd6
--- /dev/null
+++ b/contrib/zkt/examples/flat/keysets/keyset-sub.example.net.
@@ -0,0 +1,8 @@
+$ORIGIN .
+sub.example.net 7200 IN DNSKEY 257 3 5 (
+ AQOjGNN0/hLA20+W2qo0sktVActYKf1Opnx+
+ bmkWSrsmJHMBHlT8hL507pGTmDoyH0Ae9+3M
+ ZSTBL1S+HhA12B0htiTp8IbtN/gZOBbwD36c
+ BpPe72uDQoUy/TdSn1HLtoqUSMTB+saqCTZW
+ CfIEqcbHRn0T6PhgqLyCvLzbZ/avYw==
+ ) ; key id = 54876
diff --git a/contrib/zkt/examples/flat/named.conf b/contrib/zkt/examples/flat/named.conf
new file mode 100644
index 0000000..0e8551c
--- /dev/null
+++ b/contrib/zkt/examples/flat/named.conf
@@ -0,0 +1,99 @@
+/*****************************************************************
+**
+** #(@) named.conf (c) 6. May 2004 (hoz)
+**
+*****************************************************************/
+
+/*****************************************************************
+** logging options
+*****************************************************************/
+logging {
+ channel "named-log" {
+ file "/var/log/named" versions 3 size 2m;
+ print-time yes;
+ print-category yes;
+ print-severity yes;
+ severity info;
+ };
+ channel "resolver-log" {
+ file "/var/log/named";
+ print-time yes;
+ print-category yes;
+ print-severity yes;
+ severity debug 1;
+ };
+ channel "dnssec-log" {
+# file "/var/log/named-dnssec" ;
+ file "/var/log/named" ;
+ print-time yes;
+ print-category yes;
+ print-severity yes;
+ severity debug 3;
+ };
+ category "dnssec" { "dnssec-log"; };
+ category "default" { "named-log"; };
+ category "resolver" { "resolver-log"; };
+ category "client" { "resolver-log"; };
+ category "queries" { "resolver-log"; };
+};
+
+/*****************************************************************
+** name server options
+*****************************************************************/
+options {
+ directory ".";
+
+ dump-file "/var/log/named_dump.db";
+ statistics-file "/var/log/named.stats";
+
+ listen-on-v6 { any; };
+
+ query-source address * port 53;
+ transfer-source * port 53;
+ notify-source * port 53;
+
+ recursion yes;
+ dnssec-enable yes;
+ edns-udp-size 4096;
+
+# dnssec-lookaside "." trust-anchor "trusted-keys.de.";
+
+ querylog yes;
+
+};
+
+/*****************************************************************
+** include shared secrets...
+*****************************************************************/
+/** for control sessions ... **/
+controls {
+ inet 127.0.0.1
+ allow { localhost; };
+ inet ::1
+ allow { localhost; };
+};
+
+/*****************************************************************
+** ... and trusted_keys
+*****************************************************************/
+# include "trusted-keys.conf" ;
+
+/*****************************************************************
+** root server hints and required 127 stuff
+*****************************************************************/
+zone "." in {
+ type hint;
+ file "root.hint";
+};
+
+zone "localhost" in {
+ type master;
+ file "localhost.zone";
+};
+
+zone "0.0.127.in-addr.ARPA" in {
+ type master;
+ file "127.0.0.zone";
+};
+
+include "zone.conf";
diff --git a/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+04254.key b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+04254.key
new file mode 100644
index 0000000..a255a7b
--- /dev/null
+++ b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+04254.key
@@ -0,0 +1,3 @@
+;% generationtime=20080725213107
+;% lifetime=3d
+sub.example.net. IN DNSKEY 256 3 1 BQEAAAAB4Z/siqZTvCFKzaOrB8+HHTlR9is+/+/Sem6gxhZt/vpWkNMy aSpAT8LjR7nNHr9vNYsJ2KCQtY2dUFjT5BCeqQ==
diff --git a/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+04254.private b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+04254.private
new file mode 100644
index 0000000..e636e05
--- /dev/null
+++ b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+04254.private
@@ -0,0 +1,10 @@
+Private-key-format: v1.2
+Algorithm: 1 (RSA)
+Modulus: 4Z/siqZTvCFKzaOrB8+HHTlR9is+/+/Sem6gxhZt/vpWkNMyaSpAT8LjR7nNHr9vNYsJ2KCQtY2dUFjT5BCeqQ==
+PublicExponent: AQAAAAE=
+PrivateExponent: fcaPYDDCumWIaPKV7FY0JB/PofSCo8amWw5u+eXFxh149WE5PeXYOOS2+x41keA5Z1PhYme4Ma5rcCMRN7n+sQ==
+Prime1: /RbDZdmt2zlsChJiLR+Brweas6L1jnzUsJFm78HlSnM=
+Prime2: 5DhKYbovzYbkIFhp1b9lt22+ymAU8LOGvFXdfb1y33M=
+Exponent1: yw61YMxuJGzEAgxVmlAm6oEH0WaaJ5T1PvZGut1xCU0=
+Exponent2: wYNtwOUtI0UQWQF1ZCBiVsquBIkPvI5eR2GQypHaK08=
+Coefficient: NqkVvrZjnJ/jVWDEykJ2XYuslJOIJPi1+7+sTUyBhPU=
diff --git a/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+56744.key b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+56744.key
new file mode 100644
index 0000000..4e7c3e5
--- /dev/null
+++ b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+56744.key
@@ -0,0 +1,3 @@
+;% generationtime=20080730222553
+;% lifetime=3d
+sub.example.net. IN DNSKEY 256 3 1 BQEAAAABxZS/DJA1BUdYVj5cOmMMnA5W/SHlkb4sEZkca3uIqV4gTzgv guftN+M1ZgwyPwarn7DQR1Eb92uW3ALxwN2o6w==
diff --git a/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+56744.published b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+56744.published
new file mode 100644
index 0000000..2a3ae65
--- /dev/null
+++ b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+56744.published
@@ -0,0 +1,10 @@
+Private-key-format: v1.2
+Algorithm: 1 (RSA)
+Modulus: xZS/DJA1BUdYVj5cOmMMnA5W/SHlkb4sEZkca3uIqV4gTzgvguftN+M1ZgwyPwarn7DQR1Eb92uW3ALxwN2o6w==
+PublicExponent: AQAAAAE=
+PrivateExponent: aSglUr7DxsGNZMOhyoyN6W0xGps+JGfI3ErXbewlvflVSFSHrA19x0OafvR6eFzqmzKKGIyZBJkYT5NHqKIG6Q==
+Prime1: 4yqINEZm3xDdHGyv31umolirJtS4X2teORhzWDE/r6U=
+Prime2: 3qjiidKP41FSrOsXXgkj3XBi+OAH0cpVBZxCuP+ykU8=
+Exponent1: p8nyeR3ldgpw7A6tebr6okucM6324S5LPOWlC8ygxp0=
+Exponent2: a1qTrKaBO6pN7UI/mHimSYLoevjQBWeX8jB0tmG0NIc=
+Coefficient: NB2eeh6Z+a9qMf1w5UY2z9ME+ZyYtvRbYZSkedB4Q4Y=
diff --git a/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+005+54876.key b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+005+54876.key
new file mode 100644
index 0000000..21098f8
--- /dev/null
+++ b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+005+54876.key
@@ -0,0 +1 @@
+sub.example.net. IN DNSKEY 257 3 5 AQOjGNN0/hLA20+W2qo0sktVActYKf1Opnx+bmkWSrsmJHMBHlT8hL50 7pGTmDoyH0Ae9+3MZSTBL1S+HhA12B0htiTp8IbtN/gZOBbwD36cBpPe 72uDQoUy/TdSn1HLtoqUSMTB+saqCTZWCfIEqcbHRn0T6PhgqLyCvLzb Z/avYw==
diff --git a/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+005+54876.private b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+005+54876.private
new file mode 100644
index 0000000..ad5b363
--- /dev/null
+++ b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+005+54876.private
@@ -0,0 +1,10 @@
+Private-key-format: v1.2
+Algorithm: 5 (RSASHA1)
+Modulus: oxjTdP4SwNtPltqqNLJLVQHLWCn9TqZ8fm5pFkq7JiRzAR5U/IS+dO6Rk5g6Mh9AHvftzGUkwS9Uvh4QNdgdIbYk6fCG7Tf4GTgW8A9+nAaT3u9rg0KFMv03Up9Ry7aKlEjEwfrGqgk2VgnyBKnGx0Z9E+j4YKi8gry822f2r2M=
+PublicExponent: Aw==
+PrivateExponent: bLs3o1QMgJI1DzxxeHbc41aHkBv+NG79qZ7wuYcnbsL3VhQ4qFh++J8Lt7rRdr+AFKVJMu4YgMo4fr61eTq+FWije4t8PrILH6qzNdwCqOLsQYyKRUODTPsE+2BU6TZVBsBOBPlpJP9hTBj1DCoUTE6y8Evkkmf4C4Y6U7frF/s=
+Prime1: 1t2pJC/eQzdhrLR4qHlaaT6vPmBC+7eNPg8zjdZDA03TKMd/V4kw6XtB6QYQZRi/CXg7JjoLr3dpUgyMY0l8tw==
+Prime2: wlIHexyw6bAIC1WmnQFESPLNXjvYYYiyRqCmAPwq4b02/4g7LR/BoKkh+3xiBY+VxvhwUOd5XVEIIVjRcMyOtQ==
+Exponent1: jz5wwsqULM+WcyL7GvuRm38ffurXUnpeKV93s+QsrN6MxdpU5QYgm6eBRgQK7hB/W6V8xCaydPpGNrMIQjD9zw==
+Exponent2: gYwE/L3LRnVasjkZvgDYMKHePtKQQQXMLxXEAKgcln4kqlrSHhUrwHDBUlLsA7UOhKWgNe+mPjYFa5CLoIhfIw==
+Coefficient: DWng17udd0Q2STNt5gshQ6PjNQxEQmQMnCwltkosf8rJhl/rQuYULz0elnWhADcMBDYw7Y6Kb7xjpL4FdR0YnA==
diff --git a/contrib/zkt/examples/flat/sub.example.net./dlvset-sub.example.net. b/contrib/zkt/examples/flat/sub.example.net./dlvset-sub.example.net.
new file mode 100644
index 0000000..8e00719
--- /dev/null
+++ b/contrib/zkt/examples/flat/sub.example.net./dlvset-sub.example.net.
@@ -0,0 +1,2 @@
+sub.example.net.dlv.trusted-keys.de. IN DLV 54876 5 1 CAB6127E303A8A8D7D5A29AE05DB60F4C5060B10
+sub.example.net.dlv.trusted-keys.de. IN DLV 54876 5 2 7C8CAF1844479F3600213173BB5D1E2A44143D63B6E0B3E10D8C5310 ADF84D30
diff --git a/contrib/zkt/examples/flat/sub.example.net./dnskey.db b/contrib/zkt/examples/flat/sub.example.net./dnskey.db
new file mode 100644
index 0000000..396e7d3
--- /dev/null
+++ b/contrib/zkt/examples/flat/sub.example.net./dnskey.db
@@ -0,0 +1,29 @@
+;
+; !!! Don't edit this file by hand.
+; !!! It will be generated by dnssec-signer.
+;
+; Last generation time Jul 31 2008 13:19:17
+;
+
+; *** List of Key Signing Keys ***
+; sub.example.net. tag=54876 algo=RSASHA1 generated Jun 19 2008 00:32:22
+sub.example.net. 3600 IN DNSKEY 257 3 5 (
+ AQOjGNN0/hLA20+W2qo0sktVActYKf1Opnx+bmkWSrsmJHMBHlT8hL50
+ 7pGTmDoyH0Ae9+3MZSTBL1S+HhA12B0htiTp8IbtN/gZOBbwD36cBpPe
+ 72uDQoUy/TdSn1HLtoqUSMTB+saqCTZWCfIEqcbHRn0T6PhgqLyCvLzb
+ Z/avYw==
+ ) ; key id = 54876
+
+; *** List of Zone Signing Keys ***
+; sub.example.net. tag=4254 algo=RSAMD5 generated Jul 31 2008 00:25:52
+sub.example.net. 3600 IN DNSKEY 256 3 1 (
+ BQEAAAAB4Z/siqZTvCFKzaOrB8+HHTlR9is+/+/Sem6gxhZt/vpWkNMy
+ aSpAT8LjR7nNHr9vNYsJ2KCQtY2dUFjT5BCeqQ==
+ ) ; key id = 4254
+
+; sub.example.net. tag=56744 algo=RSAMD5 generated Jul 31 2008 00:25:53
+sub.example.net. 3600 IN DNSKEY 256 3 1 (
+ BQEAAAABxZS/DJA1BUdYVj5cOmMMnA5W/SHlkb4sEZkca3uIqV4gTzgv
+ guftN+M1ZgwyPwarn7DQR1Eb92uW3ALxwN2o6w==
+ ) ; key id = 56744
+
diff --git a/contrib/zkt/examples/flat/sub.example.net./dnssec.conf b/contrib/zkt/examples/flat/sub.example.net./dnssec.conf
new file mode 100644
index 0000000..4a045ad
--- /dev/null
+++ b/contrib/zkt/examples/flat/sub.example.net./dnssec.conf
@@ -0,0 +1,14 @@
+
+resigninterval 1d
+sigvalidity 2d
+max_ttl 90s
+
+Serialformat: unixtime
+ksk_algo RSASHA1
+ksk_bits 1024
+
+zsk_lifetime 3d
+zsk_algo RSAMD5
+zsk_bits 512
+
+dlv_domain "dlv.trusted-keys.de"
diff --git a/contrib/zkt/examples/flat/sub.example.net./zone.db b/contrib/zkt/examples/flat/sub.example.net./zone.db
new file mode 100644
index 0000000..c9ec01e
--- /dev/null
+++ b/contrib/zkt/examples/flat/sub.example.net./zone.db
@@ -0,0 +1,25 @@
+;-----------------------------------------------------------------
+;
+; @(#) sec.example.net/zone.db
+;
+;-----------------------------------------------------------------
+
+$TTL 7200
+
+@ IN SOA ns1.example.net. hostmaster.example.net. (
+ 0 ; Serial
+ 86400 ; Refresh (RIPE recommendation if NOTIFY is used)
+ 1800 ; Retry
+ 2W ; Expire
+ 7200 ) ; Minimum
+
+
+ IN NS ns1.example.net.
+
+$INCLUDE dnskey.db
+
+localhost IN A 127.0.0.1
+
+a IN A 1.2.3.4
+b IN A 1.2.3.5
+c IN A 1.2.3.6
diff --git a/contrib/zkt/examples/flat/sub.example.net./zone.db.signed b/contrib/zkt/examples/flat/sub.example.net./zone.db.signed
new file mode 100644
index 0000000..0560d2b
--- /dev/null
+++ b/contrib/zkt/examples/flat/sub.example.net./zone.db.signed
@@ -0,0 +1,103 @@
+; File written on Thu Jul 31 13:19:17 2008
+; dnssec_signzone version 9.5.1b1
+sub.example.net. 7200 IN SOA ns1.example.net. hostmaster.example.net. (
+ 1217503157 ; serial
+ 86400 ; refresh (1 day)
+ 1800 ; retry (30 minutes)
+ 1209600 ; expire (2 weeks)
+ 7200 ; minimum (2 hours)
+ )
+ 7200 RRSIG SOA 1 3 7200 20080802101917 (
+ 20080731101917 4254 sub.example.net.
+ pAevIprv5lPMcSSR4l0cGzaYTY2pG3HsT6z9
+ RkSwssWSyyMxRqgYCuR2gErA1THGJNPlT8Qa
+ 9bvrMVOXpd0Q1g== )
+ 7200 NS ns1.example.net.
+ 7200 RRSIG NS 1 3 7200 20080802101917 (
+ 20080731101917 4254 sub.example.net.
+ zB0f/bN5fvezT404pT+ArKVIW2QHKzTC2osb
+ k2sUpJiuhKtdJBx1kfBNmyaIuFaZsLtWacJn
+ 1S/A2bV4S3No7Q== )
+ 7200 NSEC a.sub.example.net. NS SOA RRSIG NSEC DNSKEY
+ 7200 RRSIG NSEC 1 3 7200 20080802101917 (
+ 20080731101917 4254 sub.example.net.
+ ElgI6LCNWdDWM3OKh4vNDN9EiSns1bpnmOPK
+ TmAPb/tStfHfmNOuwBleW6irtDexizZcZFl8
+ feRHQBEYFpgvhA== )
+ 3600 DNSKEY 256 3 1 (
+ BQEAAAABxZS/DJA1BUdYVj5cOmMMnA5W/SHl
+ kb4sEZkca3uIqV4gTzgvguftN+M1ZgwyPwar
+ n7DQR1Eb92uW3ALxwN2o6w==
+ ) ; key id = 56744
+ 3600 DNSKEY 256 3 1 (
+ BQEAAAAB4Z/siqZTvCFKzaOrB8+HHTlR9is+
+ /+/Sem6gxhZt/vpWkNMyaSpAT8LjR7nNHr9v
+ NYsJ2KCQtY2dUFjT5BCeqQ==
+ ) ; key id = 4254
+ 3600 DNSKEY 257 3 5 (
+ AQOjGNN0/hLA20+W2qo0sktVActYKf1Opnx+
+ bmkWSrsmJHMBHlT8hL507pGTmDoyH0Ae9+3M
+ ZSTBL1S+HhA12B0htiTp8IbtN/gZOBbwD36c
+ BpPe72uDQoUy/TdSn1HLtoqUSMTB+saqCTZW
+ CfIEqcbHRn0T6PhgqLyCvLzbZ/avYw==
+ ) ; key id = 54876
+ 3600 RRSIG DNSKEY 1 3 3600 20080802101917 (
+ 20080731101917 4254 sub.example.net.
+ ASLViHuAWYqnzkZ4i6eywTuKvHyk93xsQBba
+ 4VjRCKc93KzvkWUA6SgOcwGvuRuAGCGb60VT
+ UW2clZMFj/Fy6g== )
+ 3600 RRSIG DNSKEY 5 3 3600 20080802101917 (
+ 20080731101917 54876 sub.example.net.
+ B2w2YAkeV2vx159FnG+B/H36Vnx8L1WwHt3E
+ 0YV1yYj2s5ZV6B6Gq34Ahm6y+zs7TsVxeYpO
+ OCoYCck/D+ehpuHOzZRR7xS2Rz/xLIvfASAK
+ 7NT/aIOlNPWH6I1J3ZAwhfAwF680KEFHPksv
+ oFMHe/OpIq7x/a4NdMn3yIWbFtg= )
+a.sub.example.net. 7200 IN A 1.2.3.4
+ 7200 RRSIG A 1 4 7200 20080802101917 (
+ 20080731101917 4254 sub.example.net.
+ 1bTDrFSMIV8H8HTfEFQiG7dqYGr3a8UvK5fQ
+ owoh0VJuG4+DCUZU8edUSwnzMW8Yza4Ev0j+
+ M4ESPnoKxli7YQ== )
+ 7200 NSEC b.sub.example.net. A RRSIG NSEC
+ 7200 RRSIG NSEC 1 4 7200 20080802101917 (
+ 20080731101917 4254 sub.example.net.
+ nmJGbJWWaChlNmTTk5TgWEYRETeSJFiCoYHv
+ USKfEwLn13LfKk/lRZJarWIkDh7mxoismPOt
+ 2ODgeGLhUTap7A== )
+b.sub.example.net. 7200 IN A 1.2.3.5
+ 7200 RRSIG A 1 4 7200 20080802101917 (
+ 20080731101917 4254 sub.example.net.
+ ojTCQ+aB8WClC7ncJsVGaN5RY6lczR7/Q0uz
+ bydmXQBjGUdF/GsuJvhR26mVbPzJNmF7uDNN
+ S0Et3ivWZSAVOg== )
+ 7200 NSEC c.sub.example.net. A RRSIG NSEC
+ 7200 RRSIG NSEC 1 4 7200 20080802101917 (
+ 20080731101917 4254 sub.example.net.
+ a6adIifDPjibbLme8dVzcKymxSARsIs2pz7B
+ jHXl0NCH9tmPBc/cBnjHxnSaes3QVDeok04k
+ +SzjVQtJfxUDsA== )
+c.sub.example.net. 7200 IN A 1.2.3.6
+ 7200 RRSIG A 1 4 7200 20080802101917 (
+ 20080731101917 4254 sub.example.net.
+ ZeYTG7C6eEXhcHaBS4oIcwWGA5NayJs9aqhb
+ eWLRoZ75LxgIxhMQYU6A22PQf+zIWLADd0ID
+ z5HLpC+KbfpJxw== )
+ 7200 NSEC localhost.sub.example.net. A RRSIG NSEC
+ 7200 RRSIG NSEC 1 4 7200 20080802101917 (
+ 20080731101917 4254 sub.example.net.
+ IypmujoPBPhfEJqJdst5ZBazYfrr5l8nzrIh
+ a6xQYUDcw8aI96rVxn0pjeeiGBHuge2HbAAh
+ 4AnYjZlHjfe+MA== )
+localhost.sub.example.net. 7200 IN A 127.0.0.1
+ 7200 RRSIG A 1 4 7200 20080802101917 (
+ 20080731101917 4254 sub.example.net.
+ o8kEv5q2Xus/jL8w8gB/M3VSvz7eTP67u38T
+ X+JO2yRn7W8gIxPo46yYfgr3qB7WXYD8jB8Y
+ vw4b+pdoWMi0+g== )
+ 7200 NSEC sub.example.net. A RRSIG NSEC
+ 7200 RRSIG NSEC 1 4 7200 20080802101917 (
+ 20080731101917 4254 sub.example.net.
+ XbQQpoL8oV9kgpIKHyX2KoCmtMm2Wub1lVu9
+ PP0RM4QO5bpWls0ify3KgNiAg0g6qV86UQIr
+ SgFnqsd6YTxxpw== )
diff --git a/contrib/zkt/examples/flat/zkt.log b/contrib/zkt/examples/flat/zkt.log
new file mode 100644
index 0000000..9276f94
--- /dev/null
+++ b/contrib/zkt/examples/flat/zkt.log
@@ -0,0 +1,2501 @@
+2008-06-10 00:36:45.086: warning: zone "sub.example.net.": lifetime of key signing key 54876 exceeded
+2008-06-10 00:37:09.073: warning: zone "sub.example.net.": lifetime of key signing key 54876 exceeded
+2008-06-10 00:37:09.074: error: zone "example.net.": couldn't increment serialno in file ./example.net./zone.db: not enough space left for serialno
+2008-06-10 00:37:24.586: warning: zone "sub.example.net.": lifetime of key signing key 54876 exceeded
+2008-06-10 00:37:24.588: error: zone "example.net.": couldn't increment serialno in file ./example.net./zone.db: not enough space left for serialno
+2008-06-10 00:38:02.499: warning: zone "sub.example.net.": lifetime of key signing key 54876 exceeded
+2008-06-10 00:38:14.016: warning: zone "sub.example.net.": lifetime of key signing key 54876 exceeded
+2008-06-10 00:38:14.018: error: zone "example.net.": couldn't increment serialno in file ./example.net./zone.db: couldn't find serialnumber in zone file
+2008-06-10 00:38:40.235: warning: zone "sub.example.net.": lifetime of key signing key 54876 exceeded
+2008-06-10 00:38:40.236: error: zone "example.net.": couldn't increment serialno in file ./example.net./zone.db: unexpected end of file
+2008-06-10 00:38:49.975: warning: zone "sub.example.net.": lifetime of key signing key 54876 exceeded
+2008-06-11 13:47:16.909: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded ()
+2008-06-11 13:51:06.959: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded -16781202()
+2008-06-11 13:54:29.680: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded (27w5d5h30m5s)
+2008-06-11 13:56:36.990: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w5d5h32m12s
+2008-06-11 22:39:48.053: notice: running as ../../dnssec-signer -v -v
+2008-06-11 22:39:48.056: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w5d14h15m24s
+2008-06-11 22:39:48.056: notice: "sub.example.net.": lifetime of zone signing key 44833 exceeded since 2h30m54s: ZSK rollover done
+2008-06-11 22:39:48.143: notice: "sub.example.net.": re-signing triggered: New zone key
+2008-06-11 22:39:48.617: notice: end of run: 0 errors occured
+2008-06-11 22:41:14.103: notice: running as ../../dnssec-signer -v -v
+2008-06-11 22:41:14.106: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w5d14h16m50s
+2008-06-11 22:41:14.106: notice: end of run: 0 errors occured
+2008-06-11 22:48:18.445: notice: running as ../../dnssec-signer -v -v
+2008-06-11 22:48:18.448: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w5d14h23m54s
+2008-06-11 22:48:18.448: notice: "sub.example.net.": re-signing triggered: New zone key
+2008-06-11 22:48:19.087: notice: end of run: 0 errors occured
+2008-06-11 22:56:53.295: notice: running as ../../dnssec-signer -v -v
+2008-06-11 22:56:53.297: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w5d14h32m29s
+2008-06-11 22:56:53.297: notice: end of run: 0 errors occured
+2008-06-11 23:01:41.451: notice: running as ../../dnssec-signer -v -v
+2008-06-11 23:01:41.454: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w5d14h37m17s
+2008-06-11 23:01:41.454: notice: end of run: 0 errors occured
+2008-06-11 23:04:25.909: notice: running as ../../dnssec-signer -c dnssec.conf -v -v
+2008-06-11 23:04:25.911: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w5d14h40m1s
+2008-06-11 23:04:25.911: notice: end of run: 0 errors occured
+2008-06-12 13:06:54.007: notice: running as ../../dnssec-signer -v -v
+2008-06-12 13:06:54.055: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d4h42m30s
+2008-06-12 13:06:54.056: notice: end of run: 0 errors occured
+2008-06-12 13:07:45.126: notice: running as ../../dnssec-signer -v -v
+2008-06-12 13:07:45.129: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+
+2008-06-12 13:07:45.129: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d4h43m21s
+2008-06-12 13:07:45.130: debug: parsing zone "example.net." in dir "./example.net."
+
+2008-06-12 13:07:45.130: notice: end of run: 0 errors occured
+2008-06-12 13:22:02.251: notice: running as ../../dnssec-signer -v -v
+2008-06-12 13:22:02.253: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+
+2008-06-12 13:22:02.253: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d4h57m38s
+2008-06-12 13:22:02.253: debug: parsing zone "example.net." in dir "./example.net."
+
+2008-06-12 13:22:02.253: notice: end of run: 0 errors occured
+2008-06-12 13:24:37.956: notice: running as ../../dnssec-signer -v -v
+2008-06-12 13:24:37.958: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-06-12 13:24:37.958: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d5h13s
+2008-06-12 13:24:37.958: debug: parsing zone "example.net." in dir "./example.net."
+2008-06-12 13:24:37.958: notice: end of run: 0 errors occured
+2008-06-12 13:25:32.993: notice: running as ../../dnssec-signer --config-option verboselog: 0; -v -v
+2008-06-12 13:25:32.997: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d5h1m8s
+2008-06-12 13:25:32.997: notice: end of run: 0 errors occured
+2008-06-12 13:26:49.861: notice: running as ../../dnssec-signer -O verboselog: 0; -v -v
+2008-06-12 13:26:49.864: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d5h2m25s
+2008-06-12 13:26:49.864: notice: end of run: 0 errors occured
+2008-06-12 16:28:01.977: notice: running as ../../dnssec-signer --config-option verboselog: 0; -v -v
+2008-06-12 16:28:01.979: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h3m37s
+2008-06-12 16:28:01.979: notice: end of run: 0 errors occured
+2008-06-12 16:28:13.626: notice: running as ../../dnssec-signer --config-option verboselog: 0; -v
+2008-06-12 16:28:13.629: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h3m49s
+2008-06-12 16:28:13.630: notice: end of run: 0 errors occured
+2008-06-12 16:28:30.318: notice: running as ../../dnssec-signer --config-option verboselog: 0; -v -v
+2008-06-12 16:28:30.320: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h4m6s
+2008-06-12 16:28:30.320: notice: end of run: 0 errors occured
+2008-06-12 16:34:06.968: notice: running as ../../dnssec-signer -v -v
+2008-06-12 16:34:06.971: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-06-12 16:34:06.971: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h9m42s
+2008-06-12 16:34:06.972: debug: parsing zone "example.net." in dir "./example.net."
+2008-06-12 16:34:06.972: notice: end of run: 0 errors occured
+2008-06-12 16:34:15.816: notice: running as ../../dnssec-signer
+2008-06-12 16:34:15.818: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-06-12 16:34:15.818: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h9m51s
+2008-06-12 16:34:15.818: debug: parsing zone "example.net." in dir "./example.net."
+2008-06-12 16:34:15.818: notice: end of run: 0 errors occured
+2008-06-12 16:35:27.777: notice: running as ../../dnssec-signer --config-option verboselog: 0; -v -v
+2008-06-12 16:35:27.780: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h11m3s
+2008-06-12 16:35:27.780: notice: end of run: 0 errors occured
+2008-06-12 16:44:56.266: notice: running as ../../dnssec-signer -v -v
+2008-06-12 16:44:56.269: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-06-12 16:44:56.269: debug: ->ksk5011status returns 0
+2008-06-12 16:44:56.269: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h20m32s
+2008-06-12 16:44:56.269: debug: Re-signing not necessary!
+2008-06-12 16:44:56.269: debug: parsing zone "example.net." in dir "./example.net."
+2008-06-12 16:44:56.269: debug: ->ksk5011status returns 2
+2008-06-12 16:44:56.269: debug: Re-signing not necessary!
+2008-06-12 16:44:56.270: notice: end of run: 0 errors occured
+2008-06-12 16:49:23.380: notice: running as ../../dnssec-signer -v -v
+2008-06-12 16:49:23.385: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-06-12 16:49:23.385: debug: ->ksk5011status returns 0
+2008-06-12 16:49:23.386: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h24m59s
+2008-06-12 16:49:23.386: debug: Re-signing not necessary!
+2008-06-12 16:49:23.386: debug: parsing zone "example.net." in dir "./example.net."
+2008-06-12 16:49:23.386: debug: ->ksk5011status returns 2
+2008-06-12 16:49:23.386: debug: Re-signing not necessary!
+2008-06-12 16:49:23.386: notice: end of run: 0 errors occured
+2008-06-12 16:49:28.284: notice: running as ../../dnssec-signer -r -v -v
+2008-06-12 16:49:28.288: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-06-12 16:49:28.288: debug: ->ksk5011status returns 0
+2008-06-12 16:49:28.288: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h25m4s
+2008-06-12 16:49:28.288: debug: Re-signing not necessary!
+2008-06-12 16:49:28.288: debug: parsing zone "example.net." in dir "./example.net."
+2008-06-12 16:49:28.288: debug: ->ksk5011status returns 2
+2008-06-12 16:49:28.288: debug: Re-signing not necessary!
+2008-06-12 16:49:28.288: notice: end of run: 0 errors occured
+2008-06-12 16:49:32.079: notice: running as ../../dnssec-signer -f -v -v
+2008-06-12 16:49:32.081: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-06-12 16:49:32.081: debug: ->ksk5011status returns 0
+2008-06-12 16:49:32.081: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h25m8s
+2008-06-12 16:49:32.082: debug: Re-signing necessary: Option -f
+2008-06-12 16:49:32.082: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-06-12 16:49:32.082: debug: Writing key file "./sub.example.net./dnskey.db"
+2008-06-12 16:49:32.082: debug: Signing zone "sub.example.net."
+2008-06-12 16:49:32.082: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o sub.example.net. -e +172800 -g -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-06-12 16:49:32.222: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-06-12 16:49:32.222: debug: Signing completed after 0s.
+2008-06-12 16:49:32.222: debug:
+2008-06-12 16:49:32.222: debug: parsing zone "example.net." in dir "./example.net."
+2008-06-12 16:49:32.222: debug: ->ksk5011status returns 2
+2008-06-12 16:49:32.223: debug: Re-signing necessary: Option -f
+2008-06-12 16:49:32.223: notice: "example.net.": re-signing triggered: Option -f
+2008-06-12 16:49:32.223: debug: Writing key file "./example.net./dnskey.db"
+2008-06-12 16:49:32.223: debug: Incrementing serial number in file "./example.net./zone.db"
+2008-06-12 16:49:32.223: debug: Signing zone "example.net."
+2008-06-12 16:49:32.223: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o example.net. -e +518400 -g zone.db K*.private"
+2008-06-12 16:49:32.335: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-06-12 16:49:32.335: debug: Signing completed after 0s.
+2008-06-12 16:49:32.335: debug:
+2008-06-12 16:49:32.335: notice: end of run: 0 errors occured
+2008-06-12 17:02:15.076: notice: running as ../../dnssec-signer -f -v -v
+2008-06-12 17:02:15.078: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-06-12 17:02:15.078: debug: Check RFC5011 status
+2008-06-12 17:02:15.078: debug: ->ksk5011status returns 0
+2008-06-12 17:02:15.078: debug: Check ksk status
+2008-06-12 17:02:15.078: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h37m51s
+2008-06-12 17:02:15.078: debug: Re-signing necessary: Option -f
+2008-06-12 17:02:15.078: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-06-12 17:02:15.078: debug: Writing key file "./sub.example.net./dnskey.db"
+2008-06-12 17:02:15.079: debug: Signing zone "sub.example.net."
+2008-06-12 17:02:15.079: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o sub.example.net. -e +172800 -g -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-06-12 17:02:15.254: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-06-12 17:02:15.254: debug: Signing completed after 0s.
+2008-06-12 17:02:15.254: debug:
+2008-06-12 17:02:15.254: debug: parsing zone "example.net." in dir "./example.net."
+2008-06-12 17:02:15.255: debug: Check RFC5011 status
+2008-06-12 17:02:15.255: debug: ->ksk5011status returns 2
+2008-06-12 17:02:15.255: debug: Re-signing necessary: Option -f
+2008-06-12 17:02:15.255: notice: "example.net.": re-signing triggered: Option -f
+2008-06-12 17:02:15.255: debug: Writing key file "./example.net./dnskey.db"
+2008-06-12 17:02:15.255: debug: Incrementing serial number in file "./example.net./zone.db"
+2008-06-12 17:02:15.255: debug: Signing zone "example.net."
+2008-06-12 17:02:15.255: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o example.net. -e +518400 -g zone.db K*.private"
+2008-06-12 17:02:15.368: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-06-12 17:02:15.368: debug: Signing completed after 0s.
+2008-06-12 17:02:15.368: debug:
+2008-06-12 17:02:15.368: notice: end of run: 0 errors occured
+2008-06-12 17:43:50.388: notice: running as ../../dnssec-signer -f -f
+2008-06-12 17:43:50.390: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-06-12 17:43:50.390: debug: Check RFC5011 status
+2008-06-12 17:43:50.390: debug: ->ksk5011status returns 0
+2008-06-12 17:43:50.390: debug: Check ksk status
+2008-06-12 17:43:50.390: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d9h19m26s
+2008-06-12 17:43:50.390: debug: Re-signing necessary: Option -f
+2008-06-12 17:43:50.390: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-06-12 17:43:50.390: debug: Writing key file "./sub.example.net./dnskey.db"
+2008-06-12 17:43:50.390: debug: Signing zone "sub.example.net."
+2008-06-12 17:43:50.390: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o sub.example.net. -e +172800 -g -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-06-12 17:43:50.533: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-06-12 17:43:50.533: debug: Signing completed after 0s.
+2008-06-12 17:43:50.533: debug:
+2008-06-12 17:43:50.533: debug: parsing zone "example.net." in dir "./example.net."
+2008-06-12 17:43:50.533: debug: Check RFC5011 status
+2008-06-12 17:43:50.533: debug: ->ksk5011status returns 2
+2008-06-12 17:43:50.533: debug: Re-signing necessary: Option -f
+2008-06-12 17:43:50.533: notice: "example.net.": re-signing triggered: Option -f
+2008-06-12 17:43:50.533: debug: Writing key file "./example.net./dnskey.db"
+2008-06-12 17:43:50.534: debug: Incrementing serial number in file "./example.net./zone.db"
+2008-06-12 17:43:50.534: debug: Signing zone "example.net."
+2008-06-12 17:43:50.534: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o example.net. -e +518400 -g zone.db K*.private"
+2008-06-12 17:43:50.645: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-06-12 17:43:50.645: debug: Signing completed after 0s.
+2008-06-12 17:43:50.645: debug:
+2008-06-12 17:43:50.645: notice: end of run: 0 errors occured
+2008-06-12 17:49:43.188: notice: running as ../../dnssec-signer -O verboselog: 2 -v -v
+2008-06-12 17:49:43.190: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-06-12 17:49:43.190: debug: Check RFC5011 status
+2008-06-12 17:49:43.190: debug: ->ksk5011status returns 0
+2008-06-12 17:49:43.190: debug: Check ksk status
+2008-06-12 17:49:43.190: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d9h25m19s
+2008-06-12 17:49:43.190: debug: Re-signing not necessary!
+2008-06-12 17:49:43.190: debug: parsing zone "example.net." in dir "./example.net."
+2008-06-12 17:49:43.190: debug: Check RFC5011 status
+2008-06-12 17:49:43.190: debug: ->ksk5011status returns 2
+2008-06-12 17:49:43.190: debug: Re-signing not necessary!
+2008-06-12 17:49:43.190: notice: end of run: 0 errors occured
+2008-06-12 17:50:09.325: notice: running as ../../dnssec-signer -v -v
+2008-06-12 17:50:09.327: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-06-12 17:50:09.327: debug: Check RFC5011 status
+2008-06-12 17:50:09.327: debug: ->ksk5011status returns 0
+2008-06-12 17:50:09.327: debug: Check ksk status
+2008-06-12 17:50:09.327: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d9h25m45s
+2008-06-12 17:50:09.327: debug: Re-signing not necessary!
+2008-06-12 17:50:09.327: debug: parsing zone "example.net." in dir "./example.net."
+2008-06-12 17:50:09.327: debug: Check RFC5011 status
+2008-06-12 17:50:09.327: debug: ->ksk5011status returns 2
+2008-06-12 17:50:09.327: debug: Re-signing not necessary!
+2008-06-12 17:50:09.327: notice: end of run: 0 errors occured
+2008-06-12 17:52:29.309: notice: running as ../../dnssec-signer -v -v
+2008-06-12 17:52:29.311: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-06-12 17:52:29.312: debug: Check RFC5011 status
+2008-06-12 17:52:29.312: debug: ->ksk5011status returns 0
+2008-06-12 17:52:29.312: debug: Check ksk status
+2008-06-12 17:52:29.312: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d9h28m5s
+2008-06-12 17:52:29.312: debug: Re-signing not necessary!
+2008-06-12 17:52:29.312: debug: parsing zone "example.net." in dir "./example.net."
+2008-06-12 17:52:29.313: debug: Check RFC5011 status
+2008-06-12 17:52:29.313: debug: ->ksk5011status returns 2
+2008-06-12 17:52:29.313: debug: Re-signing not necessary!
+2008-06-12 17:52:29.313: notice: end of run: 0 errors occured
+2008-06-12 18:24:57.405: notice: running as ../../dnssec-signer -v -v
+2008-06-12 18:24:57.409: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-06-12 18:24:57.409: debug: Check RFC5011 status
+2008-06-12 18:24:57.409: debug: ->ksk5011status returns 0
+2008-06-12 18:24:57.409: debug: Check ksk status
+2008-06-12 18:24:57.409: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d10h33s
+2008-06-12 18:24:57.409: debug: Re-signing not necessary!
+2008-06-12 18:24:57.409: debug: parsing zone "example.net." in dir "./example.net."
+2008-06-12 18:24:57.409: debug: Check RFC5011 status
+2008-06-12 18:24:57.409: debug: ->ksk5011status returns 2
+2008-06-12 18:24:57.410: debug: Re-signing not necessary!
+2008-06-12 18:24:57.410: notice: end of run: 0 errors occured
+2008-06-16 23:12:32.309: notice:
+2008-06-16 23:12:32.309: notice: running as ../../dnssec-signer -v -v
+2008-06-16 23:12:32.654: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-06-16 23:12:32.654: debug: Check RFC5011 status
+2008-06-16 23:12:32.654: debug: ->ksk5011status returns 0
+2008-06-16 23:12:32.654: debug: Check ksk status
+2008-06-16 23:12:32.654: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 28w3d14h48m8s
+2008-06-16 23:12:32.654: debug: Lifetime(259200 +/-150 sec) of active key 44833 exceeded (433964 sec)
+2008-06-16 23:12:32.654: debug: ->depreciate it
+2008-06-16 23:12:32.654: debug: ->activate pre-publish key 55267
+2008-06-16 23:12:32.654: notice: "sub.example.net.": lifetime of zone signing key 55267 exceeded since 2d32m44s: ZSK rollover done
+2008-06-16 23:12:32.654: debug: New pre-publish key needed
+2008-06-16 23:12:32.790: debug: ->creating new pre-publish key 56149
+2008-06-16 23:12:32.791: debug: Re-signing necessary: New zone key
+2008-06-16 23:12:32.791: notice: "sub.example.net.": re-signing triggered: New zone key
+2008-06-16 23:12:32.791: debug: Writing key file "./sub.example.net./dnskey.db"
+2008-06-16 23:12:32.792: debug: Signing zone "sub.example.net."
+2008-06-16 23:12:32.792: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o sub.example.net. -e +172800 -g -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-06-16 23:12:33.022: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-06-16 23:12:33.022: debug: Signing completed after 1s.
+2008-06-16 23:12:33.022: debug:
+2008-06-16 23:12:33.023: debug: parsing zone "example.net." in dir "./example.net."
+2008-06-16 23:12:33.023: debug: Check RFC5011 status
+2008-06-16 23:12:33.023: debug: ->ksk5011status returns 2
+2008-06-16 23:12:33.023: debug: Re-signing necessary: re-signing interval (2d) reached
+2008-06-16 23:12:33.023: notice: "example.net.": re-signing triggered: re-signing interval (2d) reached
+2008-06-16 23:12:33.023: debug: Writing key file "./example.net./dnskey.db"
+2008-06-16 23:12:33.024: debug: Incrementing serial number in file "./example.net./zone.db"
+2008-06-16 23:12:33.024: debug: Signing zone "example.net."
+2008-06-16 23:12:33.024: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o example.net. -e +518400 -g zone.db K*.private"
+2008-06-16 23:12:33.169: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-06-16 23:12:33.170: debug: Signing completed after 0s.
+2008-06-16 23:12:33.170: debug:
+2008-06-16 23:12:33.170: notice: end of run: 0 errors occured
+2008-06-16 23:13:24.119: notice: ===> running as ../../dnssec-signer -v -v <===
+2008-06-16 23:13:24.121: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-06-16 23:13:24.121: debug: Check RFC5011 status
+2008-06-16 23:13:24.121: debug: ->ksk5011status returns 0
+2008-06-16 23:13:24.121: debug: Check ksk status
+2008-06-16 23:13:24.121: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 28w3d14h49m
+2008-06-16 23:13:24.121: debug: Re-signing not necessary!
+2008-06-16 23:13:24.121: debug: parsing zone "example.net." in dir "./example.net."
+2008-06-16 23:13:24.121: debug: Check RFC5011 status
+2008-06-16 23:13:24.121: debug: ->ksk5011status returns 2
+2008-06-16 23:13:24.121: debug: Re-signing not necessary!
+2008-06-16 23:13:24.121: notice: end of run: 0 errors occured
+2008-06-16 23:13:56.970: notice: =====> running as ../../dnssec-signer -v -v <=====
+2008-06-16 23:13:56.972: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-06-16 23:13:56.972: debug: Check RFC5011 status
+2008-06-16 23:13:56.972: debug: ->ksk5011status returns 0
+2008-06-16 23:13:56.972: debug: Check ksk status
+2008-06-16 23:13:56.973: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 28w3d14h49m32s
+2008-06-16 23:13:56.973: debug: Re-signing not necessary!
+2008-06-16 23:13:56.973: debug: parsing zone "example.net." in dir "./example.net."
+2008-06-16 23:13:56.973: debug: Check RFC5011 status
+2008-06-16 23:13:56.973: debug: ->ksk5011status returns 2
+2008-06-16 23:13:56.973: debug: Re-signing not necessary!
+2008-06-16 23:13:56.973: notice: end of run: 0 errors occured
+2008-06-16 23:15:16.980: notice: ------------------------------------------------------------
+2008-06-16 23:15:16.982: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-06-16 23:15:16.982: debug: Check RFC5011 status
+2008-06-16 23:15:16.982: debug: ->ksk5011status returns 0
+2008-06-16 23:15:16.982: debug: Check ksk status
+2008-06-16 23:15:16.982: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 28w3d14h50m52s
+2008-06-16 23:15:16.982: debug: Re-signing not necessary!
+2008-06-16 23:15:16.982: debug: parsing zone "example.net." in dir "./example.net."
+2008-06-16 23:15:16.982: debug: Check RFC5011 status
+2008-06-16 23:15:16.982: debug: ->ksk5011status returns 2
+2008-06-16 23:15:16.982: debug: Re-signing not necessary!
+2008-06-16 23:15:16.983: notice: end of run: 0 errors occured
+2008-06-16 23:18:48.101: notice: ------------------------------------------------------------
+2008-06-16 23:18:48.101: notice: running as ../../dnssec-signer -v -v
+2008-06-16 23:18:48.103: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-06-16 23:18:48.103: debug: Check RFC5011 status
+2008-06-16 23:18:48.103: debug: ->ksk5011status returns 0
+2008-06-16 23:18:48.103: debug: Check ksk status
+2008-06-16 23:18:48.103: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 28w3d14h54m24s
+2008-06-16 23:18:48.103: debug: Re-signing not necessary!
+2008-06-16 23:18:48.103: debug:
+2008-06-16 23:18:48.103: debug: parsing zone "example.net." in dir "./example.net."
+2008-06-16 23:18:48.104: debug: Check RFC5011 status
+2008-06-16 23:18:48.104: debug: ->ksk5011status returns 2
+2008-06-16 23:18:48.104: debug: Re-signing not necessary!
+2008-06-16 23:18:48.104: debug:
+2008-06-16 23:18:48.104: notice: end of run: 0 errors occured
+2008-06-24 14:55:16.347: notice: ------------------------------------------------------------
+2008-06-24 14:55:16.347: notice: running ../../dnssec-signer -v -v
+2008-06-24 14:55:16.349: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-06-24 14:55:16.349: debug: Check RFC5011 status
+2008-06-24 14:55:16.349: debug: ->ksk5011status returns 0
+2008-06-24 14:55:16.349: debug: Check ksk status
+2008-06-24 14:55:16.349: debug: Lifetime(390 sec) of depreciated key 44833 exceeded (483774 sec)
+2008-06-24 14:55:16.350: debug: ->remove it
+2008-06-24 14:55:16.350: debug: Lifetime(259200 +/-150 sec) of active key 55267 exceeded (483774 sec)
+2008-06-24 14:55:16.350: debug: ->depreciate it
+2008-06-24 14:55:16.350: debug: ->activate pre-publish key 56149
+2008-06-24 14:55:16.350: notice: "sub.example.net.": lifetime of zone signing key 55267 exceeded: ZSK rollover done
+2008-06-24 14:55:16.350: notice: "sub.example.net.": lifetime of zone signing key 56149 exceeded since 2d14h22m54s: ZSK rollover deferred: waiting for pre-publish key
+2008-06-24 14:55:16.350: debug: New pre-publish key needed
+2008-06-24 14:55:16.532: debug: ->creating new pre-publish key 2338
+2008-06-24 14:55:16.532: debug: Re-signing necessary: New zone key
+2008-06-24 14:55:16.533: notice: "sub.example.net.": re-signing triggered: New zone key
+2008-06-24 14:55:16.533: debug: Writing key file "./sub.example.net./dnskey.db"
+2008-06-24 14:55:16.533: debug: Signing zone "sub.example.net."
+2008-06-24 14:55:16.533: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o sub.example.net. -e +172800 -g -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-06-24 14:55:16.776: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-06-24 14:55:16.776: debug: Signing completed after 0s.
+2008-06-24 14:55:16.776: debug:
+2008-06-24 14:55:16.776: debug: parsing zone "example.net." in dir "./example.net."
+2008-06-24 14:55:16.776: debug: Check RFC5011 status
+2008-06-24 14:55:16.776: debug: ->ksk5011status returns 2
+2008-06-24 14:55:16.776: debug: Re-signing necessary: re-signing interval (2d) reached
+2008-06-24 14:55:16.776: notice: "example.net.": re-signing triggered: re-signing interval (2d) reached
+2008-06-24 14:55:16.776: debug: Writing key file "./example.net./dnskey.db"
+2008-06-24 14:55:16.777: debug: Incrementing serial number in file "./example.net./zone.db"
+2008-06-24 14:55:16.777: debug: Signing zone "example.net."
+2008-06-24 14:55:16.777: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o example.net. -e +518400 -g zone.db K*.private"
+2008-06-24 14:55:16.922: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-06-24 14:55:16.922: debug: Signing completed after 0s.
+2008-06-24 14:55:16.922: debug:
+2008-06-24 14:55:16.922: notice: end of run: 0 errors occured
+2008-06-24 14:57:56.093: notice: ------------------------------------------------------------
+2008-06-24 14:57:56.094: notice: running ../../dnssec-signer -v -v
+2008-06-24 14:57:56.096: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-06-24 14:57:56.096: debug: Check RFC5011 status
+2008-06-24 14:57:56.096: debug: ->ksk5011status returns 0
+2008-06-24 14:57:56.096: debug: Check ksk status
+2008-06-24 14:57:56.097: debug: Re-signing not necessary!
+2008-06-24 14:57:56.097: debug:
+2008-06-24 14:57:56.097: debug: parsing zone "example.net." in dir "./example.net."
+2008-06-24 14:57:56.097: debug: Check RFC5011 status
+2008-06-24 14:57:56.097: debug: ->ksk5011status returns 2
+2008-06-24 14:57:56.097: debug: Re-signing not necessary!
+2008-06-24 14:57:56.097: debug:
+2008-06-24 14:57:56.098: notice: end of run: 0 errors occured
+2008-06-24 23:26:12.632: notice: ------------------------------------------------------------
+2008-06-24 23:26:12.632: notice: running ../../dnssec-signer -v -v
+2008-06-24 23:26:12.648: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-06-24 23:26:12.648: debug: Check RFC5011 status
+2008-06-24 23:26:12.648: debug: ->ksk5011status returns 0
+2008-06-24 23:26:12.648: debug: Check ksk status
+2008-06-24 23:26:12.648: debug: Lifetime(390 sec) of depreciated key 55267 exceeded (30656 sec)
+2008-06-24 23:26:12.648: debug: ->remove it
+2008-06-24 23:26:12.648: debug: Re-signing necessary: New zone key
+2008-06-24 23:26:12.649: notice: "sub.example.net.": re-signing triggered: New zone key
+2008-06-24 23:26:12.649: debug: Writing key file "./sub.example.net./dnskey.db"
+2008-06-24 23:26:12.655: debug: Signing zone "sub.example.net."
+2008-06-24 23:26:12.655: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o sub.example.net. -e +172800 -g -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-06-24 23:26:13.030: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-06-24 23:26:13.030: debug: Signing completed after 1s.
+2008-06-24 23:26:13.030: debug:
+2008-06-24 23:26:13.030: debug: parsing zone "example.net." in dir "./example.net."
+2008-06-24 23:26:13.030: debug: Check RFC5011 status
+2008-06-24 23:26:13.030: debug: ->ksk5011status returns 2
+2008-06-24 23:26:13.030: debug: Re-signing not necessary!
+2008-06-24 23:26:13.030: debug:
+2008-06-24 23:26:13.030: notice: end of run: 0 errors occured
+2008-07-08 00:53:55.013: notice: ------------------------------------------------------------
+2008-07-08 00:53:55.013: notice: running ../../dnssec-signer -v -v
+2008-07-08 00:53:55.015: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-08 00:53:55.015: debug: Check RFC5011 status
+2008-07-08 00:53:55.015: debug: ->ksk5011status returns 0
+2008-07-08 00:53:55.015: debug: Check KSK status
+2008-07-08 00:53:55.015: debug: Check ZSK status
+2008-07-08 00:53:55.015: debug: Lifetime(259200 +/-150 sec) of active key 56149 exceeded (1159119 sec)
+2008-07-08 00:53:55.015: debug: ->depreciate it
+2008-07-08 00:53:55.015: debug: ->activate pre-publish key 2338
+2008-07-08 00:53:55.018: notice: "sub.example.net.": lifetime of zone signing key 56149 exceeded: ZSK rollover done
+2008-07-08 00:53:55.018: debug: New pre-publish key needed
+2008-07-08 00:53:55.547: debug: ->creating new pre-publish key 9198
+2008-07-08 00:53:55.547: info: "sub.example.net.": new pre-publish key 9198 created
+2008-07-08 00:53:55.547: debug: Re-signing necessary: New zone key
+2008-07-08 00:53:55.548: notice: "sub.example.net.": re-signing triggered: New zone key
+2008-07-08 00:53:55.548: debug: Writing key file "./sub.example.net./dnskey.db"
+2008-07-08 00:53:55.578: debug: Signing zone "sub.example.net."
+2008-07-08 00:53:55.578: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-08 00:53:55.708: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-08 00:53:55.708: debug: Signing completed after 0s.
+2008-07-08 00:53:55.708: debug:
+2008-07-08 00:53:55.708: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-08 00:53:55.708: debug: Check RFC5011 status
+2008-07-08 00:53:55.708: debug: ->ksk5011status returns 2
+2008-07-08 00:53:55.708: debug: Check ZSK status
+2008-07-08 00:53:55.708: debug: Lifetime(1209600 +/-150 sec) of active key 14939 exceeded (1642893 sec)
+2008-07-08 00:53:55.708: debug: ->waiting for pre-publish key
+2008-07-08 00:53:55.708: notice: "example.net.": lifetime of zone signing key 14939 exceeded since 5d21m33s: ZSK rollover deferred: waiting for pre-publish key
+2008-07-08 00:53:55.708: debug: New pre-publish key needed
+2008-07-08 00:53:55.747: debug: ->creating new pre-publish key 16682
+2008-07-08 00:53:55.747: info: "example.net.": new pre-publish key 16682 created
+2008-07-08 00:53:55.747: debug: Re-signing necessary: New zone key
+2008-07-08 00:53:55.747: notice: "example.net.": re-signing triggered: New zone key
+2008-07-08 00:53:55.747: debug: Writing key file "./example.net./dnskey.db"
+2008-07-08 00:53:55.748: debug: Incrementing serial number in file "./example.net./zone.db"
+2008-07-08 00:53:55.748: debug: Signing zone "example.net."
+2008-07-08 00:53:55.748: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
+2008-07-08 00:53:55.899: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-08 00:53:55.899: debug: Signing completed after 0s.
+2008-07-08 00:53:55.899: debug:
+2008-07-08 00:53:55.899: notice: end of run: 0 errors occured
+2008-07-08 00:53:57.597: notice: ------------------------------------------------------------
+2008-07-08 00:53:57.597: notice: running ../../dnssec-signer -v -v
+2008-07-08 00:53:57.599: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-08 00:53:57.599: debug: Check RFC5011 status
+2008-07-08 00:53:57.599: debug: ->ksk5011status returns 0
+2008-07-08 00:53:57.599: debug: Check KSK status
+2008-07-08 00:53:57.599: debug: Check ZSK status
+2008-07-08 00:53:57.599: debug: Re-signing not necessary!
+2008-07-08 00:53:57.599: debug: Check if there is a parent file to copy
+2008-07-08 00:53:57.599: debug:
+2008-07-08 00:53:57.599: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-08 00:53:57.599: debug: Check RFC5011 status
+2008-07-08 00:53:57.599: debug: ->ksk5011status returns 2
+2008-07-08 00:53:57.599: debug: Check ZSK status
+2008-07-08 00:53:57.599: debug: Lifetime(1209600 +/-150 sec) of active key 14939 exceeded (1642895 sec)
+2008-07-08 00:53:57.599: debug: ->waiting for pre-publish key
+2008-07-08 00:53:57.600: notice: "example.net.": lifetime of zone signing key 14939 exceeded since 5d21m35s: ZSK rollover deferred: waiting for pre-publish key
+2008-07-08 00:53:57.600: debug: Re-signing not necessary!
+2008-07-08 00:53:57.600: debug: Check if there is a parent file to copy
+2008-07-08 00:53:57.600: debug:
+2008-07-08 00:53:57.600: notice: end of run: 0 errors occured
+2008-07-08 20:28:20.476: notice: ------------------------------------------------------------
+2008-07-08 20:28:20.476: notice: running ../../dnssec-signer -v -v -N named.conf
+2008-07-08 20:28:20.476: debug: parsing zone "sub.example.net." in dir "././sub.example.net."
+2008-07-08 20:28:20.476: debug: Check RFC5011 status
+2008-07-08 20:28:20.476: debug: ->ksk5011status returns 0
+2008-07-08 20:28:20.476: debug: Check KSK status
+2008-07-08 20:28:20.476: debug: Check ZSK status
+2008-07-08 20:28:20.476: debug: Lifetime(390 sec) of depreciated key 56149 exceeded (70465 sec)
+2008-07-08 20:28:20.476: info: "sub.example.net.": removed old ZSK 56149
+
+2008-07-08 20:28:20.656: debug: ->remove it
+2008-07-08 20:28:20.656: debug: Re-signing necessary: New zone key
+2008-07-08 20:28:20.656: notice: "sub.example.net.": re-signing triggered: New zone key
+2008-07-08 20:28:20.656: debug: Writing key file "././sub.example.net./dnskey.db"
+2008-07-08 20:28:20.656: debug: Signing zone "sub.example.net."
+2008-07-08 20:28:20.656: debug: Run cmd "cd ././sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-08 20:28:20.990: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-08 20:28:20.990: debug: Signing completed after 0s.
+2008-07-08 20:28:20.990: debug:
+2008-07-08 20:28:20.990: debug: parsing zone "example.net." in dir "././example.net."
+2008-07-08 20:28:20.990: debug: Check RFC5011 status
+2008-07-08 20:28:20.990: debug: ->ksk5011status returns 2
+2008-07-08 20:28:20.990: debug: Check ZSK status
+2008-07-08 20:28:20.990: debug: Lifetime(1209600 +/-150 sec) of active key 14939 exceeded (1713358 sec)
+2008-07-08 20:28:20.990: debug: ->depreciate it
+2008-07-08 20:28:20.990: debug: ->activate pre-publish key 16682
+2008-07-08 20:28:20.990: notice: "example.net.": lifetime of zone signing key 14939 exceeded: ZSK rollover done
+2008-07-08 20:28:20.990: debug: Re-signing necessary: New zone key
+2008-07-08 20:28:20.990: notice: "example.net.": re-signing triggered: New zone key
+2008-07-08 20:28:20.990: debug: Writing key file "././example.net./dnskey.db"
+2008-07-08 20:28:20.991: debug: Incrementing serial number in file "././example.net./zone.db"
+2008-07-08 20:28:20.991: debug: Signing zone "example.net."
+2008-07-08 20:28:20.991: debug: Run cmd "cd ././example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
+2008-07-08 20:28:21.112: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-08 20:28:21.112: debug: Signing completed after 1s.
+2008-07-08 20:28:21.112: debug:
+2008-07-08 20:28:21.113: notice: end of run: 0 errors occured
+2008-07-08 20:32:23.121: notice: ------------------------------------------------------------
+2008-07-08 20:32:23.121: notice: running ../../dnssec-signer -v -v
+2008-07-08 20:32:23.123: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-08 20:32:23.123: debug: Check RFC5011 status
+2008-07-08 20:32:23.124: debug: ->ksk5011status returns 0
+2008-07-08 20:32:23.124: debug: Check KSK status
+2008-07-08 20:32:23.124: debug: Check ZSK status
+2008-07-08 20:32:23.124: debug: Re-signing not necessary!
+2008-07-08 20:32:23.124: debug: Check if there is a parent file to copy
+2008-07-08 20:32:23.124: debug:
+2008-07-08 20:32:23.124: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-08 20:32:23.124: debug: Check RFC5011 status
+2008-07-08 20:32:23.124: debug: ->ksk5011status returns 2
+2008-07-08 20:32:23.124: debug: Check ZSK status
+2008-07-08 20:32:23.124: debug: Re-signing not necessary!
+2008-07-08 20:32:23.124: debug: Check if there is a parent file to copy
+2008-07-08 20:32:23.124: debug:
+2008-07-08 20:32:23.124: notice: end of run: 0 errors occured
+2008-07-08 20:32:30.246: notice: ------------------------------------------------------------
+2008-07-08 20:32:30.246: notice: running ../../dnssec-signer -v -v -N named.conf
+2008-07-08 20:32:30.246: debug: parsing zone "sub.example.net." in dir "././sub.example.net."
+2008-07-08 20:32:30.246: debug: Check RFC5011 status
+2008-07-08 20:32:30.246: debug: ->ksk5011status returns 0
+2008-07-08 20:32:30.246: debug: Check KSK status
+2008-07-08 20:32:30.246: debug: Check ZSK status
+2008-07-08 20:32:30.246: debug: Re-signing not necessary!
+2008-07-08 20:32:30.246: debug: Check if there is a parent file to copy
+2008-07-08 20:32:30.246: debug:
+2008-07-08 20:32:30.246: debug: parsing zone "example.net." in dir "././example.net."
+2008-07-08 20:32:30.246: debug: Check RFC5011 status
+2008-07-08 20:32:30.246: debug: ->ksk5011status returns 2
+2008-07-08 20:32:30.247: debug: Check ZSK status
+2008-07-08 20:32:30.247: debug: Re-signing not necessary!
+2008-07-08 20:32:30.247: debug: Check if there is a parent file to copy
+2008-07-08 20:32:30.247: debug:
+2008-07-08 20:32:30.247: notice: end of run: 0 errors occured
+2008-07-08 20:35:51.512: notice: ------------------------------------------------------------
+2008-07-08 20:35:51.512: notice: running ../../dnssec-signer -v -v -N named.conf
+2008-07-08 20:35:51.512: debug: parsing zone "sub.example.net." in dir "././sub.example.net."
+2008-07-08 20:35:51.512: debug: Check RFC5011 status
+2008-07-08 20:35:51.512: debug: ->ksk5011status returns 0
+2008-07-08 20:35:51.513: debug: Check KSK status
+2008-07-08 20:35:51.513: debug: Check ZSK status
+2008-07-08 20:35:51.513: debug: Re-signing not necessary!
+2008-07-08 20:35:51.513: debug: Check if there is a parent file to copy
+2008-07-08 20:35:51.513: debug:
+2008-07-08 20:35:51.513: debug: parsing zone "example.net." in dir "././example.net."
+2008-07-08 20:35:51.513: debug: Check RFC5011 status
+2008-07-08 20:35:51.513: debug: ->ksk5011status returns 2
+2008-07-08 20:35:51.513: debug: Check ZSK status
+2008-07-08 20:35:51.513: debug: Re-signing not necessary!
+2008-07-08 20:35:51.513: debug: Check if there is a parent file to copy
+2008-07-08 20:35:51.513: debug:
+2008-07-08 20:35:51.513: notice: end of run: 0 errors occured
+2008-07-08 20:37:16.569: notice: ------------------------------------------------------------
+2008-07-08 20:37:16.569: notice: running ../../dnssec-signer -v -v -N named.conf
+2008-07-08 20:37:16.569: debug: parsing zone "sub.example.net." in dir "././sub.example.net."
+2008-07-08 20:37:16.569: debug: Check RFC5011 status
+2008-07-08 20:37:16.569: debug: ->ksk5011status returns 0
+2008-07-08 20:37:16.570: debug: Check KSK status
+2008-07-08 20:37:16.570: debug: Check ZSK status
+2008-07-08 20:37:16.570: debug: Re-signing not necessary!
+2008-07-08 20:37:16.570: debug: Check if there is a parent file to copy
+2008-07-08 20:37:16.570: debug:
+2008-07-08 20:37:16.570: debug: parsing zone "example.net." in dir "././example.net."
+2008-07-08 20:37:16.570: debug: Check RFC5011 status
+2008-07-08 20:37:16.570: debug: ->ksk5011status returns 2
+2008-07-08 20:37:16.570: debug: Check ZSK status
+2008-07-08 20:37:16.570: debug: Re-signing not necessary!
+2008-07-08 20:37:16.570: debug: Check if there is a parent file to copy
+2008-07-08 20:37:16.570: debug:
+2008-07-08 20:37:16.570: notice: end of run: 0 errors occured
+2008-07-08 20:37:29.134: notice: ------------------------------------------------------------
+2008-07-08 20:37:29.134: notice: running ../../dnssec-signer -v -v
+2008-07-08 20:37:29.137: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-08 20:37:29.137: debug: Check RFC5011 status
+2008-07-08 20:37:29.137: debug: ->ksk5011status returns 0
+2008-07-08 20:37:29.137: debug: Check KSK status
+2008-07-08 20:37:29.137: debug: Check ZSK status
+2008-07-08 20:37:29.137: debug: Re-signing not necessary!
+2008-07-08 20:37:29.138: debug: Check if there is a parent file to copy
+2008-07-08 20:37:29.138: debug:
+2008-07-08 20:37:29.138: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-08 20:37:29.138: debug: Check RFC5011 status
+2008-07-08 20:37:29.138: debug: ->ksk5011status returns 2
+2008-07-08 20:37:29.138: debug: Check ZSK status
+2008-07-08 20:37:29.138: debug: Re-signing not necessary!
+2008-07-08 20:37:29.139: debug: Check if there is a parent file to copy
+2008-07-08 20:37:29.139: debug:
+2008-07-08 20:37:29.139: notice: end of run: 0 errors occured
+2008-07-08 20:39:39.895: notice: ------------------------------------------------------------
+2008-07-08 20:39:39.895: notice: running ../../dnssec-signer -N named.conf -v -v
+2008-07-08 20:39:39.895: debug: parsing zone "sub.example.net." in dir "././sub.example.net."
+2008-07-08 20:39:39.895: debug: Check RFC5011 status
+2008-07-08 20:39:39.895: debug: ->ksk5011status returns 0
+2008-07-08 20:39:39.895: debug: Check KSK status
+2008-07-08 20:39:39.895: debug: Check ZSK status
+2008-07-08 20:39:39.895: debug: Re-signing not necessary!
+2008-07-08 20:39:39.895: debug: Check if there is a parent file to copy
+2008-07-08 20:39:39.895: debug:
+2008-07-08 20:39:39.895: debug: parsing zone "example.net." in dir "././example.net."
+2008-07-08 20:39:39.895: debug: Check RFC5011 status
+2008-07-08 20:39:39.895: debug: ->ksk5011status returns 2
+2008-07-08 20:39:39.895: debug: Check ZSK status
+2008-07-08 20:39:39.895: debug: Re-signing not necessary!
+2008-07-08 20:39:39.895: debug: Check if there is a parent file to copy
+2008-07-08 20:39:39.895: debug:
+2008-07-08 20:39:39.895: notice: end of run: 0 errors occured
+2008-07-08 20:42:54.377: notice: ------------------------------------------------------------
+2008-07-08 20:42:54.377: notice: running ../../dnssec-signer -v -v -D .
+2008-07-08 20:42:54.377: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-08 20:42:54.377: debug: Check RFC5011 status
+2008-07-08 20:42:54.377: debug: ->ksk5011status returns 0
+2008-07-08 20:42:54.377: debug: Check KSK status
+2008-07-08 20:42:54.377: debug: Check ZSK status
+2008-07-08 20:42:54.377: debug: Re-signing not necessary!
+2008-07-08 20:42:54.377: debug: Check if there is a parent file to copy
+2008-07-08 20:42:54.377: debug:
+2008-07-08 20:42:54.377: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-08 20:42:54.378: debug: Check RFC5011 status
+2008-07-08 20:42:54.378: debug: ->ksk5011status returns 2
+2008-07-08 20:42:54.378: debug: Check ZSK status
+2008-07-08 20:42:54.378: debug: Re-signing not necessary!
+2008-07-08 20:42:54.378: debug: Check if there is a parent file to copy
+2008-07-08 20:42:54.378: debug:
+2008-07-08 20:42:54.378: notice: end of run: 0 errors occured
+2008-07-08 20:53:40.414: notice: ------------------------------------------------------------
+2008-07-08 20:53:40.414: notice: running ../../dnssec-signer -v -v -D .
+2008-07-08 20:53:40.417: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-08 20:53:40.417: debug: Check RFC5011 status
+2008-07-08 20:53:40.417: debug: ->ksk5011status returns 0
+2008-07-08 20:53:40.417: debug: Check KSK status
+2008-07-08 20:53:40.417: debug: Check ZSK status
+2008-07-08 20:53:40.417: debug: Re-signing not necessary!
+2008-07-08 20:53:40.417: debug: Check if there is a parent file to copy
+2008-07-08 20:53:40.417: debug:
+2008-07-08 20:53:40.417: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-08 20:53:40.417: debug: Check RFC5011 status
+2008-07-08 20:53:40.417: debug: ->ksk5011status returns 2
+2008-07-08 20:53:40.417: debug: Check ZSK status
+2008-07-08 20:53:40.417: debug: Re-signing not necessary!
+2008-07-08 20:53:40.418: debug: Check if there is a parent file to copy
+2008-07-08 20:53:40.418: debug:
+2008-07-08 20:53:40.418: notice: end of run: 0 errors occured
+2008-07-08 20:53:49.488: notice: ------------------------------------------------------------
+2008-07-08 20:53:49.488: notice: running ../../dnssec-signer -v -v -N named.conf
+2008-07-08 20:53:49.490: debug: parsing zone "sub.example.net." in dir "././sub.example.net."
+2008-07-08 20:53:49.490: debug: Check RFC5011 status
+2008-07-08 20:53:49.490: debug: ->ksk5011status returns 0
+2008-07-08 20:53:49.491: debug: Check KSK status
+2008-07-08 20:53:49.491: debug: Check ZSK status
+2008-07-08 20:53:49.491: debug: Re-signing not necessary!
+2008-07-08 20:53:49.491: debug: Check if there is a parent file to copy
+2008-07-08 20:53:49.491: debug:
+2008-07-08 20:53:49.491: debug: parsing zone "example.net." in dir "././example.net."
+2008-07-08 20:53:49.492: debug: Check RFC5011 status
+2008-07-08 20:53:49.492: debug: ->ksk5011status returns 2
+2008-07-08 20:53:49.492: debug: Check ZSK status
+2008-07-08 20:53:49.492: debug: Re-signing not necessary!
+2008-07-08 20:53:49.492: debug: Check if there is a parent file to copy
+2008-07-08 20:53:49.492: debug:
+2008-07-08 20:53:49.492: notice: end of run: 0 errors occured
+2008-07-09 00:42:08.103: notice: ------------------------------------------------------------
+2008-07-09 00:42:08.103: notice: running ../../dnssec-signer -v -v
+2008-07-09 00:42:08.106: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-09 00:42:08.106: debug: Check RFC5011 status
+2008-07-09 00:42:08.106: debug: ->ksk5011status returns 0
+2008-07-09 00:42:08.106: debug: Check KSK status
+2008-07-09 00:42:08.106: debug: ksk_rollover
+2008-07-09 00:42:08.106: debug: Check ZSK status
+2008-07-09 00:42:08.106: debug: Re-signing not necessary!
+2008-07-09 00:42:08.106: debug: Check if there is a parent file to copy
+2008-07-09 00:42:08.106: debug:
+2008-07-09 00:42:08.106: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-09 00:42:08.106: debug: Check RFC5011 status
+2008-07-09 00:42:08.106: debug: ->ksk5011status returns 2
+2008-07-09 00:42:08.106: debug: Check ZSK status
+2008-07-09 00:42:08.106: debug: Re-signing not necessary!
+2008-07-09 00:42:08.106: debug: Check if there is a parent file to copy
+2008-07-09 00:42:08.106: debug:
+2008-07-09 00:42:08.106: notice: end of run: 0 errors occured
+2008-07-09 00:45:19.663: notice: ------------------------------------------------------------
+2008-07-09 00:45:19.663: notice: running ../../dnssec-signer -v -v
+2008-07-09 00:45:19.665: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-09 00:45:19.665: debug: Check RFC5011 status
+2008-07-09 00:45:19.665: debug: ->ksk5011status returns 0
+2008-07-09 00:45:19.665: debug: Check KSK status
+2008-07-09 00:45:19.665: debug: Check ZSK status
+2008-07-09 00:45:19.665: debug: Re-signing not necessary!
+2008-07-09 00:45:19.665: debug: Check if there is a parent file to copy
+2008-07-09 00:45:19.665: debug:
+2008-07-09 00:45:19.665: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-09 00:45:19.665: debug: Check RFC5011 status
+2008-07-09 00:45:19.665: debug: ->ksk5011status returns 2
+2008-07-09 00:45:19.665: debug: Check ZSK status
+2008-07-09 00:45:19.665: debug: Re-signing not necessary!
+2008-07-09 00:45:19.665: debug: Check if there is a parent file to copy
+2008-07-09 00:45:19.665: debug:
+2008-07-09 00:45:19.665: notice: end of run: 0 errors occured
+2008-07-09 23:46:12.682: notice: ------------------------------------------------------------
+2008-07-09 23:46:12.682: notice: running ../../dnssec-signer -v -v -D /home/hoz/named/dnssec-signer/zkt-0.97/examples/flat/
+2008-07-09 23:46:12.702: debug: parsing zone "sub.example.net." in dir "/home/hoz/named/dnssec-signer/zkt-0.97/examples/flat/sub.example.net."
+2008-07-09 23:46:12.702: debug: Check RFC5011 status
+2008-07-09 23:46:12.702: debug: ->ksk5011status returns 0
+2008-07-09 23:46:12.702: debug: Check KSK status
+2008-07-09 23:46:12.702: debug: Check ZSK status
+2008-07-09 23:46:12.702: debug: Re-signing necessary: re-signing interval (1d) reached
+2008-07-09 23:46:12.702: notice: "sub.example.net.": re-signing triggered: re-signing interval (1d) reached
+2008-07-09 23:46:12.702: debug: Writing key file "/home/hoz/named/dnssec-signer/zkt-0.97/examples/flat/sub.example.net./dnskey.db"
+2008-07-09 23:46:12.702: debug: Signing zone "sub.example.net."
+2008-07-09 23:46:12.702: debug: Run cmd "cd /home/hoz/named/dnssec-signer/zkt-0.97/examples/flat/sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-09 23:46:13.222: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-09 23:46:13.222: debug: Signing completed after 1s.
+2008-07-09 23:46:13.222: debug:
+2008-07-09 23:46:13.222: debug: parsing zone "example.net." in dir "/home/hoz/named/dnssec-signer/zkt-0.97/examples/flat/example.net."
+2008-07-09 23:46:13.222: debug: Check RFC5011 status
+2008-07-09 23:46:13.222: debug: ->ksk5011status returns 2
+2008-07-09 23:46:13.222: debug: Check ZSK status
+2008-07-09 23:46:13.222: debug: Lifetime(29100 sec) of depreciated key 14939 exceeded (98273 sec)
+2008-07-09 23:46:13.222: info: "example.net.": removed old ZSK 14939
+
+2008-07-09 23:46:13.222: debug: ->remove it
+2008-07-09 23:46:13.222: debug: Re-signing necessary: New zone key
+2008-07-09 23:46:13.222: notice: "example.net.": re-signing triggered: New zone key
+2008-07-09 23:46:13.222: debug: Writing key file "/home/hoz/named/dnssec-signer/zkt-0.97/examples/flat/example.net./dnskey.db"
+2008-07-09 23:46:13.223: debug: Incrementing serial number in file "/home/hoz/named/dnssec-signer/zkt-0.97/examples/flat/example.net./zone.db"
+2008-07-09 23:46:13.223: debug: Signing zone "example.net."
+2008-07-09 23:46:13.223: debug: Run cmd "cd /home/hoz/named/dnssec-signer/zkt-0.97/examples/flat/example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
+2008-07-09 23:46:13.374: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-09 23:46:13.374: debug: Signing completed after 0s.
+2008-07-09 23:46:13.374: debug:
+2008-07-09 23:46:13.374: notice: end of run: 0 errors occured
+2008-07-15 00:21:04.641: notice: ------------------------------------------------------------
+2008-07-15 00:21:04.641: notice: running ../../dnssec-signer -r -v -v
+2008-07-15 00:21:05.071: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-15 00:21:05.071: debug: Check RFC5011 status
+2008-07-15 00:21:05.071: debug: ->ksk5011status returns 0
+2008-07-15 00:21:05.071: debug: Check KSK status
+2008-07-15 00:21:05.071: debug: Check ZSK status
+2008-07-15 00:21:05.071: debug: Lifetime(259200 +/-150 sec) of active key 2338 exceeded (602830 sec)
+2008-07-15 00:21:05.071: debug: ->depreciate it
+2008-07-15 00:21:05.072: debug: ->activate published key 9198
+2008-07-15 00:21:05.072: notice: "sub.example.net.": lifetime of zone signing key 2338 exceeded: ZSK rollover done
+2008-07-15 00:21:05.072: debug: New published key needed
+2008-07-15 00:21:05.128: debug: ->creating new published key 8397
+2008-07-15 00:21:05.128: info: "sub.example.net.": new published key 8397 created
+2008-07-15 00:21:05.128: debug: Re-signing necessary: New zone key
+2008-07-15 00:21:05.128: notice: "sub.example.net.": re-signing triggered: New zone key
+2008-07-15 00:21:05.129: debug: Writing key file "./sub.example.net./dnskey.db"
+2008-07-15 00:21:05.129: debug: Signing zone "sub.example.net."
+2008-07-15 00:21:05.129: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-15 00:21:05.274: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-15 00:21:05.274: debug: Signing completed after 0s.
+2008-07-15 00:21:05.274: notice: "sub.example.net.": distribution triggered
+2008-07-15 00:21:05.275: debug: Distribute zone "sub.example.net."
+2008-07-15 00:21:05.275: debug: Run cmd "./dist.sh reload sub.example.net."
+2008-07-15 00:21:05.279: debug:
+2008-07-15 00:21:05.279: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-15 00:21:05.279: debug: Check RFC5011 status
+2008-07-15 00:21:05.279: debug: ->ksk5011status returns 2
+2008-07-15 00:21:05.279: debug: Check ZSK status
+2008-07-15 00:21:05.279: debug: Re-signing necessary: re-signing interval (2d) reached
+2008-07-15 00:21:05.279: notice: "example.net.": re-signing triggered: re-signing interval (2d) reached
+2008-07-15 00:21:05.279: debug: Writing key file "./example.net./dnskey.db"
+2008-07-15 00:21:05.280: debug: Incrementing serial number in file "./example.net./zone.db"
+2008-07-15 00:21:05.280: debug: Signing zone "example.net."
+2008-07-15 00:21:05.280: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
+2008-07-15 00:21:05.418: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-15 00:21:05.419: debug: Signing completed after 0s.
+2008-07-15 00:21:05.419: notice: "example.net.": distribution triggered
+2008-07-15 00:21:05.419: debug: Distribute zone "example.net."
+2008-07-15 00:21:05.419: debug: Run cmd "./dist.sh reload example.net."
+2008-07-15 00:21:05.423: debug:
+2008-07-15 00:21:05.423: notice: end of run: 0 errors occured
+2008-07-15 00:21:18.128: notice: ------------------------------------------------------------
+2008-07-15 00:21:18.128: notice: running ../../dnssec-signer -r -v -v
+2008-07-15 00:21:18.130: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-15 00:21:18.130: debug: Check RFC5011 status
+2008-07-15 00:21:18.130: debug: ->ksk5011status returns 0
+2008-07-15 00:21:18.130: debug: Check KSK status
+2008-07-15 00:21:18.130: debug: Check ZSK status
+2008-07-15 00:21:18.130: debug: Re-signing not necessary!
+2008-07-15 00:21:18.130: debug: Check if there is a parent file to copy
+2008-07-15 00:21:18.130: debug:
+2008-07-15 00:21:18.130: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-15 00:21:18.131: debug: Check RFC5011 status
+2008-07-15 00:21:18.131: debug: ->ksk5011status returns 2
+2008-07-15 00:21:18.131: debug: Check ZSK status
+2008-07-15 00:21:18.131: debug: Re-signing not necessary!
+2008-07-15 00:21:18.131: debug: Check if there is a parent file to copy
+2008-07-15 00:21:18.131: debug:
+2008-07-15 00:21:18.131: notice: end of run: 0 errors occured
+2008-07-15 00:21:26.360: notice: ------------------------------------------------------------
+2008-07-15 00:21:26.360: notice: running ../../dnssec-signer -f -r -v -v
+2008-07-15 00:21:26.362: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-15 00:21:26.362: debug: Check RFC5011 status
+2008-07-15 00:21:26.362: debug: ->ksk5011status returns 0
+2008-07-15 00:21:26.362: debug: Check KSK status
+2008-07-15 00:21:26.362: debug: Check ZSK status
+2008-07-15 00:21:26.362: debug: Re-signing necessary: Option -f
+2008-07-15 00:21:26.362: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-15 00:21:26.362: debug: Writing key file "./sub.example.net./dnskey.db"
+2008-07-15 00:21:26.363: debug: Signing zone "sub.example.net."
+2008-07-15 00:21:26.363: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-15 00:21:26.978: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-15 00:21:26.978: debug: Signing completed after 0s.
+2008-07-15 00:21:26.978: notice: "sub.example.net.": distribution triggered
+2008-07-15 00:21:26.978: debug: Distribute zone "sub.example.net."
+2008-07-15 00:21:26.978: debug: Run cmd "./dist.sh reload sub.example.net."
+2008-07-15 00:21:26.983: debug:
+2008-07-15 00:21:26.983: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-15 00:21:26.983: debug: Check RFC5011 status
+2008-07-15 00:21:26.983: debug: ->ksk5011status returns 2
+2008-07-15 00:21:26.983: debug: Check ZSK status
+2008-07-15 00:21:26.983: debug: Re-signing necessary: Option -f
+2008-07-15 00:21:26.983: notice: "example.net.": re-signing triggered: Option -f
+2008-07-15 00:21:26.983: debug: Writing key file "./example.net./dnskey.db"
+2008-07-15 00:21:26.983: debug: Incrementing serial number in file "./example.net./zone.db"
+2008-07-15 00:21:26.983: debug: Signing zone "example.net."
+2008-07-15 00:21:26.983: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
+2008-07-15 00:21:27.122: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-15 00:21:27.122: debug: Signing completed after 1s.
+2008-07-15 00:21:27.122: notice: "example.net.": distribution triggered
+2008-07-15 00:21:27.122: debug: Distribute zone "example.net."
+2008-07-15 00:21:27.122: debug: Run cmd "./dist.sh reload example.net."
+2008-07-15 00:21:27.127: debug:
+2008-07-15 00:21:27.127: notice: end of run: 0 errors occured
+2008-07-15 00:21:52.947: notice: ------------------------------------------------------------
+2008-07-15 00:21:52.947: notice: running ../../dnssec-signer -f -r -v -v
+2008-07-15 00:21:52.951: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-15 00:21:52.951: debug: Check RFC5011 status
+2008-07-15 00:21:52.951: debug: ->ksk5011status returns 0
+2008-07-15 00:21:52.951: debug: Check KSK status
+2008-07-15 00:21:52.951: debug: Check ZSK status
+2008-07-15 00:21:52.951: debug: Re-signing necessary: Option -f
+2008-07-15 00:21:52.951: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-15 00:21:52.951: debug: Writing key file "./sub.example.net./dnskey.db"
+2008-07-15 00:21:52.952: debug: Signing zone "sub.example.net."
+2008-07-15 00:21:52.952: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-15 00:21:53.119: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-15 00:21:53.119: debug: Signing completed after 1s.
+2008-07-15 00:21:53.120: notice: "sub.example.net.": distribution triggered
+2008-07-15 00:21:53.120: debug: Distribute zone "sub.example.net."
+2008-07-15 00:21:53.120: debug: Run cmd "./dist.sh reload sub.example.net."
+2008-07-15 00:21:53.126: debug:
+2008-07-15 00:21:53.126: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-15 00:21:53.126: debug: Check RFC5011 status
+2008-07-15 00:21:53.126: debug: ->ksk5011status returns 2
+2008-07-15 00:21:53.126: debug: Check ZSK status
+2008-07-15 00:21:53.126: debug: Re-signing necessary: Option -f
+2008-07-15 00:21:53.126: notice: "example.net.": re-signing triggered: Option -f
+2008-07-15 00:21:53.126: debug: Writing key file "./example.net./dnskey.db"
+2008-07-15 00:21:53.126: debug: Incrementing serial number in file "./example.net./zone.db"
+2008-07-15 00:21:53.126: debug: Signing zone "example.net."
+2008-07-15 00:21:53.126: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
+2008-07-15 00:21:53.262: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-15 00:21:53.262: debug: Signing completed after 0s.
+2008-07-15 00:21:53.262: notice: "example.net.": distribution triggered
+2008-07-15 00:21:53.262: debug: Distribute zone "example.net."
+2008-07-15 00:21:53.262: debug: Run cmd "./dist.sh reload example.net."
+2008-07-15 00:21:53.268: debug:
+2008-07-15 00:21:53.268: notice: end of run: 0 errors occured
+2008-07-15 00:23:40.781: notice: ------------------------------------------------------------
+2008-07-15 00:23:40.781: notice: running ../../dnssec-signer -f -r -v -v
+2008-07-15 00:23:40.783: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-15 00:23:40.783: debug: Check RFC5011 status
+2008-07-15 00:23:40.783: debug: ->ksk5011status returns 0
+2008-07-15 00:23:40.783: debug: Check KSK status
+2008-07-15 00:23:40.783: debug: Check ZSK status
+2008-07-15 00:23:40.783: debug: Re-signing necessary: Option -f
+2008-07-15 00:23:40.783: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-15 00:23:40.783: debug: Writing key file "./sub.example.net./dnskey.db"
+2008-07-15 00:23:40.786: debug: Signing zone "sub.example.net."
+2008-07-15 00:23:40.786: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-15 00:23:41.281: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-15 00:23:41.281: debug: Signing completed after 1s.
+2008-07-15 00:23:41.281: notice: "sub.example.net.": distribution triggered
+2008-07-15 00:23:41.281: debug: Distribute zone "sub.example.net."
+2008-07-15 00:23:41.281: debug: Run cmd "./dist.sh reload sub.example.net."
+2008-07-15 00:23:41.287: debug:
+2008-07-15 00:23:41.287: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-15 00:23:41.287: debug: Check RFC5011 status
+2008-07-15 00:23:41.287: debug: ->ksk5011status returns 2
+2008-07-15 00:23:41.287: debug: Check ZSK status
+2008-07-15 00:23:41.287: debug: Re-signing necessary: Option -f
+2008-07-15 00:23:41.287: notice: "example.net.": re-signing triggered: Option -f
+2008-07-15 00:23:41.288: debug: Writing key file "./example.net./dnskey.db"
+2008-07-15 00:23:41.288: debug: Incrementing serial number in file "./example.net./zone.db"
+2008-07-15 00:23:41.288: debug: Signing zone "example.net."
+2008-07-15 00:23:41.289: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
+2008-07-15 00:23:41.561: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-15 00:23:41.561: debug: Signing completed after 0s.
+2008-07-15 00:23:41.561: notice: "example.net.": distribution triggered
+2008-07-15 00:23:41.561: debug: Distribute zone "example.net."
+2008-07-15 00:23:41.561: debug: Run cmd "./dist.sh reload example.net."
+2008-07-15 00:23:41.566: debug:
+2008-07-15 00:23:41.567: notice: end of run: 0 errors occured
+2008-07-15 00:31:10.917: notice: ------------------------------------------------------------
+2008-07-15 00:31:10.917: notice: running ../../dnssec-signer -f -r -v -v
+2008-07-15 00:31:10.923: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-15 00:31:10.923: debug: Check RFC5011 status
+2008-07-15 00:31:10.923: debug: ->ksk5011status returns 0
+2008-07-15 00:31:10.923: debug: Check KSK status
+2008-07-15 00:31:10.923: debug: Check ZSK status
+2008-07-15 00:31:10.923: debug: Lifetime(390 sec) of depreciated key 2338 exceeded (605 sec)
+2008-07-15 00:31:10.923: info: "sub.example.net.": removed old ZSK 2338
+
+2008-07-15 00:31:10.924: debug: ->remove it
+2008-07-15 00:31:10.924: debug: Re-signing necessary: Option -f
+2008-07-15 00:31:10.924: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-15 00:31:10.924: debug: Writing key file "./sub.example.net./dnskey.db"
+2008-07-15 00:31:11.347: debug: Signing zone "sub.example.net."
+2008-07-15 00:31:11.347: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-15 00:31:11.571: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-15 00:31:11.571: debug: Signing completed after 0s.
+2008-07-15 00:31:11.571: notice: "sub.example.net.": distribution triggered
+2008-07-15 00:31:11.571: debug: Distribute zone "sub.example.net."
+2008-07-15 00:31:11.571: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-15 00:31:11.579: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed :/sub.example.net."
+2008-07-15 00:31:11.579: debug:
+2008-07-15 00:31:11.580: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-15 00:31:11.580: debug: Check RFC5011 status
+2008-07-15 00:31:11.580: debug: ->ksk5011status returns 2
+2008-07-15 00:31:11.580: debug: Check ZSK status
+2008-07-15 00:31:11.580: debug: Re-signing necessary: Option -f
+2008-07-15 00:31:11.580: notice: "example.net.": re-signing triggered: Option -f
+2008-07-15 00:31:11.580: debug: Writing key file "./example.net./dnskey.db"
+2008-07-15 00:31:11.581: debug: Incrementing serial number in file "./example.net./zone.db"
+2008-07-15 00:31:11.581: debug: Signing zone "example.net."
+2008-07-15 00:31:11.581: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
+2008-07-15 00:31:11.698: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-15 00:31:11.698: debug: Signing completed after 0s.
+2008-07-15 00:31:11.698: notice: "example.net.": distribution triggered
+2008-07-15 00:31:11.698: debug: Distribute zone "example.net."
+2008-07-15 00:31:11.698: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
+2008-07-15 00:31:11.704: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed :/example.net."
+2008-07-15 00:31:11.704: debug:
+2008-07-15 00:31:11.704: notice: end of run: 0 errors occured
+2008-07-15 00:32:00.676: notice: ------------------------------------------------------------
+2008-07-15 00:32:00.676: notice: running ../../dnssec-signer -f -r -v -v
+2008-07-15 00:32:00.678: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-15 00:32:00.678: debug: Check RFC5011 status
+2008-07-15 00:32:00.678: debug: ->ksk5011status returns 0
+2008-07-15 00:32:00.678: debug: Check KSK status
+2008-07-15 00:32:00.678: debug: Check ZSK status
+2008-07-15 00:32:00.678: debug: Re-signing necessary: Option -f
+2008-07-15 00:32:00.678: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-15 00:32:00.678: debug: Writing key file "./sub.example.net./dnskey.db"
+2008-07-15 00:32:00.679: debug: Signing zone "sub.example.net."
+2008-07-15 00:32:00.679: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-15 00:32:01.282: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-15 00:32:01.282: debug: Signing completed after 1s.
+2008-07-15 00:32:01.282: notice: "sub.example.net.": distribution triggered
+2008-07-15 00:32:01.282: debug: Distribute zone "sub.example.net."
+2008-07-15 00:32:01.282: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-15 00:32:01.289: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/sub.example.net."
+2008-07-15 00:32:01.289: debug:
+2008-07-15 00:32:01.289: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-15 00:32:01.289: debug: Check RFC5011 status
+2008-07-15 00:32:01.289: debug: ->ksk5011status returns 2
+2008-07-15 00:32:01.289: debug: Check ZSK status
+2008-07-15 00:32:01.290: debug: Re-signing necessary: Option -f
+2008-07-15 00:32:01.290: notice: "example.net.": re-signing triggered: Option -f
+2008-07-15 00:32:01.290: debug: Writing key file "./example.net./dnskey.db"
+2008-07-15 00:32:01.291: debug: Incrementing serial number in file "./example.net./zone.db"
+2008-07-15 00:32:01.291: debug: Signing zone "example.net."
+2008-07-15 00:32:01.291: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
+2008-07-15 00:32:01.405: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-15 00:32:01.405: debug: Signing completed after 0s.
+2008-07-15 00:32:01.406: notice: "example.net.": distribution triggered
+2008-07-15 00:32:01.406: debug: Distribute zone "example.net."
+2008-07-15 00:32:01.406: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
+2008-07-15 00:32:01.412: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/example.net."
+2008-07-15 00:32:01.412: debug:
+2008-07-15 00:32:01.412: notice: end of run: 0 errors occured
+2008-07-15 00:33:00.866: notice: ------------------------------------------------------------
+2008-07-15 00:33:00.867: notice: running ../../dnssec-signer -f -r -v -v
+2008-07-15 00:33:00.869: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-15 00:33:00.869: debug: Check RFC5011 status
+2008-07-15 00:33:00.869: debug: ->ksk5011status returns 0
+2008-07-15 00:33:00.869: debug: Check KSK status
+2008-07-15 00:33:00.869: debug: Check ZSK status
+2008-07-15 00:33:00.869: debug: Re-signing necessary: Option -f
+2008-07-15 00:33:00.870: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-15 00:33:00.870: debug: Writing key file "./sub.example.net./dnskey.db"
+2008-07-15 00:33:00.870: debug: Signing zone "sub.example.net."
+2008-07-15 00:33:00.870: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-15 00:33:01.531: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-15 00:33:01.531: debug: Signing completed after 1s.
+2008-07-15 00:33:01.531: notice: "sub.example.net.": distribution triggered
+2008-07-15 00:33:01.531: debug: Distribute zone "sub.example.net."
+2008-07-15 00:33:01.531: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-15 00:33:01.537: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net."
+2008-07-15 00:33:01.537: debug:
+2008-07-15 00:33:01.537: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-15 00:33:01.538: debug: Check RFC5011 status
+2008-07-15 00:33:01.538: debug: ->ksk5011status returns 2
+2008-07-15 00:33:01.538: debug: Check ZSK status
+2008-07-15 00:33:01.538: debug: Re-signing necessary: Option -f
+2008-07-15 00:33:01.538: notice: "example.net.": re-signing triggered: Option -f
+2008-07-15 00:33:01.538: debug: Writing key file "./example.net./dnskey.db"
+2008-07-15 00:33:01.539: debug: Incrementing serial number in file "./example.net./zone.db"
+2008-07-15 00:33:01.539: debug: Signing zone "example.net."
+2008-07-15 00:33:01.539: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
+2008-07-15 00:33:01.655: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-15 00:33:01.655: debug: Signing completed after 0s.
+2008-07-15 00:33:01.655: notice: "example.net.": distribution triggered
+2008-07-15 00:33:01.655: debug: Distribute zone "example.net."
+2008-07-15 00:33:01.656: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
+2008-07-15 00:33:01.661: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net."
+2008-07-15 00:33:01.662: debug:
+2008-07-15 00:33:01.662: notice: end of run: 0 errors occured
+2008-07-15 00:34:09.259: notice: ------------------------------------------------------------
+2008-07-15 00:34:09.259: notice: running ../../dnssec-signer -f -r -v -v
+2008-07-15 00:34:09.261: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-15 00:34:09.261: debug: Check RFC5011 status
+2008-07-15 00:34:09.261: debug: ->ksk5011status returns 0
+2008-07-15 00:34:09.261: debug: Check KSK status
+2008-07-15 00:34:09.261: debug: Check ZSK status
+2008-07-15 00:34:09.261: debug: Re-signing necessary: Option -f
+2008-07-15 00:34:09.261: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-15 00:34:09.261: debug: Writing key file "./sub.example.net./dnskey.db"
+2008-07-15 00:34:09.261: debug: Signing zone "sub.example.net."
+2008-07-15 00:34:09.261: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-15 00:34:10.245: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-15 00:34:10.245: debug: Signing completed after 1s.
+2008-07-15 00:34:10.245: notice: "sub.example.net.": distribution triggered
+2008-07-15 00:34:10.245: debug: Distribute zone "sub.example.net."
+2008-07-15 00:34:10.245: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-15 00:34:10.251: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./"
+2008-07-15 00:34:10.252: debug:
+2008-07-15 00:34:10.252: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-15 00:34:10.252: debug: Check RFC5011 status
+2008-07-15 00:34:10.252: debug: ->ksk5011status returns 2
+2008-07-15 00:34:10.252: debug: Check ZSK status
+2008-07-15 00:34:10.252: debug: Re-signing necessary: Option -f
+2008-07-15 00:34:10.252: notice: "example.net.": re-signing triggered: Option -f
+2008-07-15 00:34:10.252: debug: Writing key file "./example.net./dnskey.db"
+2008-07-15 00:34:10.252: debug: Incrementing serial number in file "./example.net./zone.db"
+2008-07-15 00:34:10.252: debug: Signing zone "example.net."
+2008-07-15 00:34:10.252: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
+2008-07-15 00:34:10.369: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-15 00:34:10.369: debug: Signing completed after 0s.
+2008-07-15 00:34:10.369: notice: "example.net.": distribution triggered
+2008-07-15 00:34:10.369: debug: Distribute zone "example.net."
+2008-07-15 00:34:10.369: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
+2008-07-15 00:34:10.375: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./"
+2008-07-15 00:34:10.375: debug:
+2008-07-15 00:34:10.375: notice: end of run: 0 errors occured
+2008-07-18 00:38:52.860: notice: ------------------------------------------------------------
+2008-07-18 00:38:52.860: notice: running ../../dnssec-signer -v -v
+2008-07-18 00:38:52.862: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-18 00:38:52.862: debug: Check RFC5011 status
+2008-07-18 00:38:52.862: debug: ->ksk5011status returns 0
+2008-07-18 00:38:52.862: debug: Check KSK status
+2008-07-18 00:38:52.862: debug: Check ZSK status
+2008-07-18 00:38:52.862: debug: Lifetime(259200 +/-150 sec) of active key 9198 exceeded (260267 sec)
+2008-07-18 00:38:52.862: debug: ->depreciate it
+2008-07-18 00:38:52.862: debug: ->activate published key 8397
+2008-07-18 00:38:52.862: notice: "sub.example.net.": lifetime of zone signing key 9198 exceeded: ZSK rollover done
+2008-07-18 00:38:52.862: debug: New published key needed
+2008-07-18 00:38:53.418: debug: ->creating new published key 31081
+2008-07-18 00:38:53.418: info: "sub.example.net.": new key 31081 generated for publishing
+2008-07-18 00:38:53.418: debug: Re-signing necessary: New zone key
+2008-07-18 00:38:53.418: notice: "sub.example.net.": re-signing triggered: New zone key
+2008-07-18 00:38:53.418: debug: Writing key file "./sub.example.net./dnskey.db"
+2008-07-18 00:38:53.419: debug: Signing zone "sub.example.net."
+2008-07-18 00:38:53.419: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-18 00:38:53.556: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-18 00:38:53.556: debug: Signing completed after 0s.
+2008-07-18 00:38:53.556: debug:
+2008-07-18 00:38:53.556: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-18 00:38:53.557: debug: Check RFC5011 status
+2008-07-18 00:38:53.557: debug: ->ksk5011status returns 2
+2008-07-18 00:38:53.557: debug: Check ZSK status
+2008-07-18 00:38:53.557: debug: Re-signing necessary: re-signing interval (2d) reached
+2008-07-18 00:38:53.557: notice: "example.net.": re-signing triggered: re-signing interval (2d) reached
+2008-07-18 00:38:53.557: debug: Writing key file "./example.net./dnskey.db"
+2008-07-18 00:38:53.558: debug: Incrementing serial number in file "./example.net./zone.db"
+2008-07-18 00:38:53.558: debug: Signing zone "example.net."
+2008-07-18 00:38:53.559: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
+2008-07-18 00:38:53.715: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-18 00:38:53.715: debug: Signing completed after 0s.
+2008-07-18 00:38:53.715: debug:
+2008-07-18 00:38:53.716: notice: end of run: 0 errors occured
+2008-07-18 00:39:29.824: notice: ------------------------------------------------------------
+2008-07-18 00:39:29.824: notice: running ../../dnssec-signer -r -v -v
+2008-07-18 00:39:29.827: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-18 00:39:29.827: debug: Check RFC5011 status
+2008-07-18 00:39:29.827: debug: ->ksk5011status returns 0
+2008-07-18 00:39:29.827: debug: Check KSK status
+2008-07-18 00:39:29.827: debug: Check ZSK status
+2008-07-18 00:39:29.827: debug: Re-signing not necessary!
+2008-07-18 00:39:29.827: debug: Check if there is a parent file to copy
+2008-07-18 00:39:29.827: debug:
+2008-07-18 00:39:29.827: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-18 00:39:29.827: debug: Check RFC5011 status
+2008-07-18 00:39:29.827: debug: ->ksk5011status returns 2
+2008-07-18 00:39:29.827: debug: Check ZSK status
+2008-07-18 00:39:29.827: debug: Re-signing not necessary!
+2008-07-18 00:39:29.827: debug: Check if there is a parent file to copy
+2008-07-18 00:39:29.827: debug:
+2008-07-18 00:39:29.828: notice: end of run: 0 errors occured
+2008-07-18 00:39:36.641: notice: ------------------------------------------------------------
+2008-07-18 00:39:36.641: notice: running ../../dnssec-signer -r -f -v -v
+2008-07-18 00:39:36.644: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-18 00:39:36.644: debug: Check RFC5011 status
+2008-07-18 00:39:36.644: debug: ->ksk5011status returns 0
+2008-07-18 00:39:36.644: debug: Check KSK status
+2008-07-18 00:39:36.644: debug: Check ZSK status
+2008-07-18 00:39:36.644: debug: Re-signing necessary: Option -f
+2008-07-18 00:39:36.644: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-18 00:39:36.644: debug: Writing key file "./sub.example.net./dnskey.db"
+2008-07-18 00:39:36.644: debug: Signing zone "sub.example.net."
+2008-07-18 00:39:36.644: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-18 00:39:37.144: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-18 00:39:37.144: debug: Signing completed after 1s.
+2008-07-18 00:39:37.144: notice: "sub.example.net.": distribution triggered
+2008-07-18 00:39:37.144: debug: Distribute zone "sub.example.net."
+2008-07-18 00:39:37.144: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-18 00:39:37.151: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./"
+2008-07-18 00:39:37.151: debug:
+2008-07-18 00:39:37.151: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-18 00:39:37.151: debug: Check RFC5011 status
+2008-07-18 00:39:37.151: debug: ->ksk5011status returns 2
+2008-07-18 00:39:37.151: debug: Check ZSK status
+2008-07-18 00:39:37.151: debug: Re-signing necessary: Option -f
+2008-07-18 00:39:37.151: notice: "example.net.": re-signing triggered: Option -f
+2008-07-18 00:39:37.151: debug: Writing key file "./example.net./dnskey.db"
+2008-07-18 00:39:37.152: debug: Incrementing serial number in file "./example.net./zone.db"
+2008-07-18 00:39:37.152: debug: Signing zone "example.net."
+2008-07-18 00:39:37.152: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
+2008-07-18 00:39:37.313: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-18 00:39:37.313: debug: Signing completed after 0s.
+2008-07-18 00:39:37.313: notice: "example.net.": distribution triggered
+2008-07-18 00:39:37.313: debug: Distribute zone "example.net."
+2008-07-18 00:39:37.313: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
+2008-07-18 00:39:37.319: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./"
+2008-07-18 00:39:37.319: debug:
+2008-07-18 00:39:37.319: notice: end of run: 0 errors occured
+2008-07-18 00:42:39.912: notice: ------------------------------------------------------------
+2008-07-18 00:42:39.912: notice: running ../../dnssec-signer -v -v
+2008-07-18 00:42:39.914: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-18 00:42:39.914: debug: Check RFC5011 status
+2008-07-18 00:42:39.914: debug: ->ksk5011status returns 0
+2008-07-18 00:42:39.914: debug: Check KSK status
+2008-07-18 00:42:39.914: debug: Check ZSK status
+2008-07-18 00:42:39.914: debug: Re-signing not necessary!
+2008-07-18 00:42:39.914: debug: Check if there is a parent file to copy
+2008-07-18 00:42:39.914: debug:
+2008-07-18 00:42:39.914: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-18 00:42:39.914: debug: Check RFC5011 status
+2008-07-18 00:42:39.914: debug: ->ksk5011status returns 2
+2008-07-18 00:42:39.914: debug: Check ZSK status
+2008-07-18 00:42:39.914: debug: Re-signing not necessary!
+2008-07-18 00:42:39.914: debug: Check if there is a parent file to copy
+2008-07-18 00:42:39.914: debug:
+2008-07-18 00:42:39.914: notice: end of run: 0 errors occured
+2008-07-22 00:10:38.346: notice: ------------------------------------------------------------
+2008-07-22 00:10:38.346: notice: running ../../dnssec-signer -v -v
+2008-07-22 00:10:38.349: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-22 00:10:38.349: debug: Check RFC5011 status
+2008-07-22 00:10:38.349: debug: ->ksk5011status returns 0
+2008-07-22 00:10:38.349: debug: Check KSK status
+2008-07-22 00:10:38.349: debug: Check ZSK status
+2008-07-22 00:10:38.349: debug: Lifetime(390 sec) of depreciated key 9198 exceeded (343906 sec)
+2008-07-22 00:10:38.349: info: "sub.example.net.": removed old ZSK 9198
+
+2008-07-22 00:10:38.349: debug: ->remove it
+2008-07-22 00:10:38.349: debug: Lifetime(259200 +/-150 sec) of active key 8397 exceeded (343906 sec)
+2008-07-22 00:10:38.349: debug: ->depreciate it
+2008-07-22 00:10:38.349: debug: ->activate published key 31081
+2008-07-22 00:10:38.349: notice: "sub.example.net.": lifetime of zone signing key 8397 exceeded: ZSK rollover done
+2008-07-22 00:10:38.349: debug: New published key needed
+2008-07-22 00:10:38.870: debug: ->creating new published key 3615
+2008-07-22 00:10:38.870: info: "sub.example.net.": new key 3615 generated for publishing
+2008-07-22 00:10:38.870: debug: Re-signing necessary: New zone key
+2008-07-22 00:10:38.870: notice: "sub.example.net.": re-signing triggered: New zone key
+2008-07-22 00:10:38.870: debug: Writing key file "./sub.example.net./dnskey.db"
+2008-07-22 00:10:38.871: debug: Signing zone "sub.example.net."
+2008-07-22 00:10:38.871: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-22 00:10:39.208: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 00:10:39.208: debug: Signing completed after 1s.
+2008-07-22 00:10:39.208: debug:
+2008-07-22 00:10:39.208: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-22 00:10:39.208: debug: Check RFC5011 status
+2008-07-22 00:10:39.208: debug: ->ksk5011status returns 2
+2008-07-22 00:10:39.208: debug: Check ZSK status
+2008-07-22 00:10:39.208: debug: New published key needed
+2008-07-22 00:10:39.255: debug: ->creating new published key 41300
+2008-07-22 00:10:39.255: info: "example.net.": new key 41300 generated for publishing
+2008-07-22 00:10:39.255: debug: Re-signing necessary: New zone key
+2008-07-22 00:10:39.255: notice: "example.net.": re-signing triggered: New zone key
+2008-07-22 00:10:39.255: debug: Writing key file "./example.net./dnskey.db"
+2008-07-22 00:10:39.256: debug: Incrementing serial number in file "./example.net./zone.db"
+2008-07-22 00:10:39.256: debug: Signing zone "example.net."
+2008-07-22 00:10:39.256: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
+2008-07-22 00:10:39.414: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 00:10:39.414: debug: Signing completed after 0s.
+2008-07-22 00:10:39.414: debug:
+2008-07-22 00:10:39.414: notice: end of run: 0 errors occured
+2008-07-22 00:16:04.680: notice: ------------------------------------------------------------
+2008-07-22 00:16:04.680: notice: running ../../dnssec-signer -v -v
+2008-07-22 00:16:04.682: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-22 00:16:04.682: debug: Check RFC5011 status
+2008-07-22 00:16:04.682: debug: ->ksk5011status returns 0
+2008-07-22 00:16:04.683: debug: Check KSK status
+2008-07-22 00:16:04.683: debug: Check ZSK status
+2008-07-22 00:16:04.683: debug: Re-signing not necessary!
+2008-07-22 00:16:04.683: debug: Check if there is a parent file to copy
+2008-07-22 00:16:04.683: debug:
+2008-07-22 00:16:04.683: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-22 00:16:04.683: debug: Check RFC5011 status
+2008-07-22 00:16:04.683: debug: ->ksk5011status returns 2
+2008-07-22 00:16:04.684: debug: Check ZSK status
+2008-07-22 00:16:04.684: debug: Re-signing not necessary!
+2008-07-22 00:16:04.684: debug: Check if there is a parent file to copy
+2008-07-22 00:16:04.684: debug:
+2008-07-22 00:16:04.684: notice: end of run: 0 errors occured
+2008-07-22 00:16:09.309: notice: ------------------------------------------------------------
+2008-07-22 00:16:09.309: notice: running ../../dnssec-signer -r -v -v
+2008-07-22 00:16:09.311: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-22 00:16:09.311: debug: Check RFC5011 status
+2008-07-22 00:16:09.311: debug: ->ksk5011status returns 0
+2008-07-22 00:16:09.312: debug: Check KSK status
+2008-07-22 00:16:09.312: debug: Check ZSK status
+2008-07-22 00:16:09.312: debug: Re-signing not necessary!
+2008-07-22 00:16:09.312: debug: Check if there is a parent file to copy
+2008-07-22 00:16:09.312: debug:
+2008-07-22 00:16:09.312: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-22 00:16:09.312: debug: Check RFC5011 status
+2008-07-22 00:16:09.312: debug: ->ksk5011status returns 2
+2008-07-22 00:16:09.313: debug: Check ZSK status
+2008-07-22 00:16:09.313: debug: Re-signing not necessary!
+2008-07-22 00:16:09.313: debug: Check if there is a parent file to copy
+2008-07-22 00:16:09.313: debug:
+2008-07-22 00:16:09.313: notice: end of run: 0 errors occured
+2008-07-22 00:16:13.285: notice: ------------------------------------------------------------
+2008-07-22 00:16:13.285: notice: running ../../dnssec-signer -r -f -v -v
+2008-07-22 00:16:13.287: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-22 00:16:13.287: debug: Check RFC5011 status
+2008-07-22 00:16:13.287: debug: ->ksk5011status returns 0
+2008-07-22 00:16:13.287: debug: Check KSK status
+2008-07-22 00:16:13.287: debug: Check ZSK status
+2008-07-22 00:16:13.287: debug: Re-signing necessary: Option -f
+2008-07-22 00:16:13.287: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-22 00:16:13.287: debug: Writing key file "./sub.example.net./dnskey.db"
+2008-07-22 00:16:13.287: debug: Signing zone "sub.example.net."
+2008-07-22 00:16:13.287: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-22 00:16:13.822: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 00:16:13.822: debug: Signing completed after 0s.
+2008-07-22 00:16:13.822: notice: "sub.example.net.": distribution triggered
+2008-07-22 00:16:13.822: debug: Distribute zone "sub.example.net."
+2008-07-22 00:16:13.822: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-22 00:16:13.828: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./"
+2008-07-22 00:16:13.828: debug:
+2008-07-22 00:16:13.829: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-22 00:16:13.829: debug: Check RFC5011 status
+2008-07-22 00:16:13.829: debug: ->ksk5011status returns 2
+2008-07-22 00:16:13.829: debug: Check ZSK status
+2008-07-22 00:16:13.829: debug: Re-signing necessary: Option -f
+2008-07-22 00:16:13.829: notice: "example.net.": re-signing triggered: Option -f
+2008-07-22 00:16:13.829: debug: Writing key file "./example.net./dnskey.db"
+2008-07-22 00:16:13.830: debug: Incrementing serial number in file "./example.net./zone.db"
+2008-07-22 00:16:13.830: debug: Signing zone "example.net."
+2008-07-22 00:16:13.830: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
+2008-07-22 00:16:13.976: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 00:16:13.976: debug: Signing completed after 0s.
+2008-07-22 00:16:13.977: notice: "example.net.": distribution triggered
+2008-07-22 00:16:13.977: debug: Distribute zone "example.net."
+2008-07-22 00:16:13.977: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
+2008-07-22 00:16:13.983: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./"
+2008-07-22 00:16:13.983: debug:
+2008-07-22 00:16:13.983: notice: end of run: 0 errors occured
+2008-07-22 00:20:56.119: notice: ------------------------------------------------------------
+2008-07-22 00:20:56.119: notice: running ../../dnssec-signer -r -f -v -v
+2008-07-22 00:20:56.121: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-22 00:20:56.121: debug: Check RFC5011 status
+2008-07-22 00:20:56.121: debug: ->ksk5011status returns 0
+2008-07-22 00:20:56.121: debug: Check KSK status
+2008-07-22 00:20:56.121: debug: Check ZSK status
+2008-07-22 00:20:56.121: debug: Lifetime(390 sec) of depreciated key 8397 exceeded (618 sec)
+2008-07-22 00:20:56.121: info: "sub.example.net.": removed old ZSK 8397
+
+2008-07-22 00:20:56.122: debug: ->remove it
+2008-07-22 00:20:56.122: debug: Re-signing necessary: Option -f
+2008-07-22 00:20:56.122: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-22 00:20:56.122: debug: Writing key file "./sub.example.net./dnskey.db"
+2008-07-22 00:20:56.122: debug: Signing zone "sub.example.net."
+2008-07-22 00:20:56.122: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-22 00:20:56.627: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 00:20:56.627: debug: Signing completed after 0s.
+2008-07-22 00:20:56.627: notice: "sub.example.net.": distribution triggered
+2008-07-22 00:20:56.627: debug: Distribute zone "sub.example.net."
+2008-07-22 00:20:56.627: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-22 00:20:56.634: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./"
+2008-07-22 00:20:56.635: debug:
+2008-07-22 00:20:56.635: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-22 00:20:56.635: debug: Check RFC5011 status
+2008-07-22 00:20:56.635: debug: ->ksk5011status returns 2
+2008-07-22 00:20:56.635: debug: Check ZSK status
+2008-07-22 00:20:56.635: debug: Re-signing necessary: Option -f
+2008-07-22 00:20:56.635: notice: "example.net.": re-signing triggered: Option -f
+2008-07-22 00:20:56.635: debug: Writing key file "./example.net./dnskey.db"
+2008-07-22 00:20:56.636: debug: Incrementing serial number in file "./example.net./zone.db"
+2008-07-22 00:20:56.636: debug: Signing zone "example.net."
+2008-07-22 00:20:56.637: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
+2008-07-22 00:20:56.760: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 00:20:56.760: debug: Signing completed after 0s.
+2008-07-22 00:20:56.760: notice: "example.net.": distribution triggered
+2008-07-22 00:20:56.760: debug: Distribute zone "example.net."
+2008-07-22 00:20:56.760: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
+2008-07-22 00:20:56.768: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./"
+2008-07-22 00:20:56.769: debug:
+2008-07-22 00:20:56.769: notice: end of run: 0 errors occured
+2008-07-22 00:23:51.528: notice: ------------------------------------------------------------
+2008-07-22 00:23:51.528: notice: running ../../dnssec-signer -r -f -v -v
+2008-07-22 00:23:51.530: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-22 00:23:51.530: debug: Check RFC5011 status
+2008-07-22 00:23:51.530: debug: ->ksk5011status returns 0
+2008-07-22 00:23:51.531: debug: Check KSK status
+2008-07-22 00:23:51.531: debug: Check ZSK status
+2008-07-22 00:23:51.531: debug: Re-signing necessary: Option -f
+2008-07-22 00:23:51.531: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-22 00:23:51.531: debug: Writing key file "./sub.example.net./dnskey.db"
+2008-07-22 00:23:51.531: debug: Signing zone "sub.example.net."
+2008-07-22 00:23:51.532: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-22 00:23:52.042: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 00:23:52.042: debug: Signing completed after 1s.
+2008-07-22 00:23:52.042: notice: "sub.example.net.": distribution triggered
+2008-07-22 00:23:52.042: debug: Distribute zone "sub.example.net."
+2008-07-22 00:23:52.043: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-22 00:23:52.049: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./"
+2008-07-22 00:23:52.049: debug:
+2008-07-22 00:23:52.049: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-22 00:23:52.049: debug: Check RFC5011 status
+2008-07-22 00:23:52.049: debug: ->ksk5011status returns 2
+2008-07-22 00:23:52.049: debug: Check ZSK status
+2008-07-22 00:23:52.049: debug: Re-signing necessary: Option -f
+2008-07-22 00:23:52.049: notice: "example.net.": re-signing triggered: Option -f
+2008-07-22 00:23:52.049: debug: Writing key file "./example.net./dnskey.db"
+2008-07-22 00:23:52.050: debug: Incrementing serial number in file "./example.net./zone.db"
+2008-07-22 00:23:52.050: debug: Signing zone "example.net."
+2008-07-22 00:23:52.050: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
+2008-07-22 00:23:52.176: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 00:23:52.176: debug: Signing completed after 0s.
+2008-07-22 00:23:52.176: notice: "example.net.": distribution triggered
+2008-07-22 00:23:52.176: debug: Distribute zone "example.net."
+2008-07-22 00:23:52.176: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
+2008-07-22 00:23:52.185: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./"
+2008-07-22 00:23:52.185: debug:
+2008-07-22 00:23:52.185: notice: end of run: 0 errors occured
+2008-07-22 00:24:09.609: notice: ------------------------------------------------------------
+2008-07-22 00:24:09.609: notice: running ../../dnssec-signer -r -f -v -v
+2008-07-22 00:24:09.614: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-22 00:24:09.614: debug: Check RFC5011 status
+2008-07-22 00:24:09.614: debug: ->ksk5011status returns 0
+2008-07-22 00:24:09.614: debug: Check KSK status
+2008-07-22 00:24:09.614: debug: Check ZSK status
+2008-07-22 00:24:09.614: debug: Re-signing necessary: Option -f
+2008-07-22 00:24:09.614: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-22 00:24:09.614: debug: Writing key file "./sub.example.net./dnskey.db"
+2008-07-22 00:24:09.614: debug: Signing zone "sub.example.net."
+2008-07-22 00:24:09.614: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-22 00:24:10.692: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 00:24:10.692: debug: Signing completed after 1s.
+2008-07-22 00:24:10.692: notice: "sub.example.net.": distribution triggered
+2008-07-22 00:24:10.692: debug: Distribute zone "sub.example.net."
+2008-07-22 00:24:10.692: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-22 00:24:10.698: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./"
+2008-07-22 00:24:10.698: debug:
+2008-07-22 00:24:10.698: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-22 00:24:10.698: debug: Check RFC5011 status
+2008-07-22 00:24:10.698: debug: ->ksk5011status returns 2
+2008-07-22 00:24:10.698: debug: Check ZSK status
+2008-07-22 00:24:10.698: debug: Re-signing necessary: Option -f
+2008-07-22 00:24:10.698: notice: "example.net.": re-signing triggered: Option -f
+2008-07-22 00:24:10.698: debug: Writing key file "./example.net./dnskey.db"
+2008-07-22 00:24:10.699: debug: Incrementing serial number in file "./example.net./zone.db"
+2008-07-22 00:24:10.699: debug: Signing zone "example.net."
+2008-07-22 00:24:10.699: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
+2008-07-22 00:24:10.883: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 00:24:10.883: debug: Signing completed after 0s.
+2008-07-22 00:24:10.883: notice: "example.net.": distribution triggered
+2008-07-22 00:24:10.883: debug: Distribute zone "example.net."
+2008-07-22 00:24:10.883: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
+2008-07-22 00:24:10.889: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./"
+2008-07-22 00:24:10.889: debug:
+2008-07-22 00:24:10.889: notice: end of run: 0 errors occured
+2008-07-22 00:28:44.300: notice: ------------------------------------------------------------
+2008-07-22 00:28:44.300: notice: running ../../dnssec-signer -r -f -v -v
+2008-07-22 00:28:44.302: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-22 00:28:44.302: debug: Check RFC5011 status
+2008-07-22 00:28:44.302: debug: ->ksk5011status returns 0
+2008-07-22 00:28:44.302: debug: Check KSK status
+2008-07-22 00:28:44.302: debug: Check ZSK status
+2008-07-22 00:28:44.302: debug: Re-signing necessary: Option -f
+2008-07-22 00:28:44.302: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-22 00:28:44.302: debug: Writing key file "./sub.example.net./dnskey.db"
+2008-07-22 00:28:44.306: debug: Signing zone "sub.example.net."
+2008-07-22 00:28:44.306: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-22 00:28:44.898: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 00:28:44.898: debug: Signing completed after 0s.
+2008-07-22 00:28:44.898: notice: "sub.example.net.": distribution triggered
+2008-07-22 00:28:44.899: debug: Distribute zone "sub.example.net."
+2008-07-22 00:28:44.899: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-22 00:28:44.904: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./"
+2008-07-22 00:28:44.905: debug:
+2008-07-22 00:28:44.905: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-22 00:28:44.905: debug: Check RFC5011 status
+2008-07-22 00:28:44.905: debug: ->ksk5011status returns 2
+2008-07-22 00:28:44.905: debug: Check ZSK status
+2008-07-22 00:28:44.905: debug: Re-signing necessary: Option -f
+2008-07-22 00:28:44.905: notice: "example.net.": re-signing triggered: Option -f
+2008-07-22 00:28:44.905: debug: Writing key file "./example.net./dnskey.db"
+2008-07-22 00:28:44.906: debug: Incrementing serial number in file "./example.net./zone.db"
+2008-07-22 00:28:44.906: debug: Signing zone "example.net."
+2008-07-22 00:28:44.907: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
+2008-07-22 00:28:45.039: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 00:28:45.039: debug: Signing completed after 1s.
+2008-07-22 00:28:45.039: notice: "example.net.": distribution triggered
+2008-07-22 00:28:45.039: debug: Distribute zone "example.net."
+2008-07-22 00:28:45.040: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
+2008-07-22 00:28:45.046: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./"
+2008-07-22 00:28:45.046: debug:
+2008-07-22 00:28:45.046: notice: end of run: 0 errors occured
+2008-07-22 00:39:15.968: notice: ------------------------------------------------------------
+2008-07-22 00:39:15.968: notice: running ../../dnssec-signer -r -v -v
+2008-07-22 00:39:16.005: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-22 00:39:16.006: debug: Check RFC5011 status
+2008-07-22 00:39:16.006: debug: ->ksk5011status returns 0
+2008-07-22 00:39:16.006: debug: Check KSK status
+2008-07-22 00:39:16.006: debug: Check ZSK status
+2008-07-22 00:39:16.006: debug: Re-signing not necessary!
+2008-07-22 00:39:16.006: debug: Check if there is a parent file to copy
+2008-07-22 00:39:16.006: debug:
+2008-07-22 00:39:16.006: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-22 00:39:16.006: debug: Check RFC5011 status
+2008-07-22 00:39:16.006: debug: ->ksk5011status returns 2
+2008-07-22 00:39:16.007: debug: Check ZSK status
+2008-07-22 00:39:16.007: debug: Re-signing not necessary!
+2008-07-22 00:39:16.007: debug: Check if there is a parent file to copy
+2008-07-22 00:39:16.007: debug:
+2008-07-22 00:39:16.007: notice: end of run: 0 errors occured
+2008-07-22 00:39:31.578: notice: ------------------------------------------------------------
+2008-07-22 00:39:31.578: notice: running ../../dnssec-signer -r -f -v -v
+2008-07-22 00:39:31.580: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-22 00:39:31.580: debug: Check RFC5011 status
+2008-07-22 00:39:31.580: debug: ->ksk5011status returns 0
+2008-07-22 00:39:31.580: debug: Check KSK status
+2008-07-22 00:39:31.581: debug: Check ZSK status
+2008-07-22 00:39:31.581: debug: Re-signing necessary: Option -f
+2008-07-22 00:39:31.581: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-22 00:39:31.581: debug: Writing key file "./sub.example.net./dnskey.db"
+2008-07-22 00:39:31.581: debug: Signing zone "sub.example.net."
+2008-07-22 00:39:31.582: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-22 00:39:32.216: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 00:39:32.216: debug: Signing completed after 1s.
+2008-07-22 00:39:32.216: notice: "sub.example.net.": distribution triggered
+2008-07-22 00:39:32.216: debug: Distribute zone "sub.example.net."
+2008-07-22 00:39:32.217: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-22 00:39:32.223: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./"
+2008-07-22 00:39:32.223: debug:
+2008-07-22 00:39:32.223: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-22 00:39:32.223: debug: Check RFC5011 status
+2008-07-22 00:39:32.223: debug: ->ksk5011status returns 2
+2008-07-22 00:39:32.223: debug: Check ZSK status
+2008-07-22 00:39:32.223: debug: Re-signing necessary: Option -f
+2008-07-22 00:39:32.223: notice: "example.net.": re-signing triggered: Option -f
+2008-07-22 00:39:32.223: debug: Writing key file "./example.net./dnskey.db"
+2008-07-22 00:39:32.224: debug: Incrementing serial number in file "./example.net./zone.db"
+2008-07-22 00:39:32.224: debug: Signing zone "example.net."
+2008-07-22 00:39:32.225: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
+2008-07-22 00:39:32.360: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 00:39:32.361: debug: Signing completed after 0s.
+2008-07-22 00:39:32.361: notice: "example.net.": distribution triggered
+2008-07-22 00:39:32.361: debug: Distribute zone "example.net."
+2008-07-22 00:39:32.361: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
+2008-07-22 00:39:32.367: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./"
+2008-07-22 00:39:32.367: debug:
+2008-07-22 00:39:32.367: notice: end of run: 0 errors occured
+2008-07-22 00:41:53.710: notice: ------------------------------------------------------------
+2008-07-22 00:41:53.710: notice: running ../../dnssec-signer -r -f -v -v
+2008-07-22 00:41:53.712: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-22 00:41:53.712: debug: Check RFC5011 status
+2008-07-22 00:41:53.712: debug: ->ksk5011status returns 0
+2008-07-22 00:41:53.712: debug: Check KSK status
+2008-07-22 00:41:53.712: debug: Check ZSK status
+2008-07-22 00:41:53.712: debug: Re-signing necessary: Option -f
+2008-07-22 00:41:53.712: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-22 00:41:53.712: debug: Writing key file "./sub.example.net./dnskey.db"
+2008-07-22 00:41:53.712: debug: Signing zone "sub.example.net."
+2008-07-22 00:41:53.713: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-22 00:41:53.866: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 00:41:53.866: debug: Signing completed after 0s.
+2008-07-22 00:41:53.866: notice: "sub.example.net.": distribution triggered
+2008-07-22 00:41:53.866: debug: Distribute zone "sub.example.net."
+2008-07-22 00:41:53.867: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-22 00:41:53.873: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./"
+2008-07-22 00:41:53.873: debug:
+2008-07-22 00:41:53.873: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-22 00:41:53.873: debug: Check RFC5011 status
+2008-07-22 00:41:53.873: debug: ->ksk5011status returns 2
+2008-07-22 00:41:53.873: debug: Check ZSK status
+2008-07-22 00:41:53.873: debug: Re-signing necessary: Option -f
+2008-07-22 00:41:53.873: notice: "example.net.": re-signing triggered: Option -f
+2008-07-22 00:41:53.873: debug: Writing key file "./example.net./dnskey.db"
+2008-07-22 00:41:53.873: debug: Incrementing serial number in file "./example.net./zone.db"
+2008-07-22 00:41:53.873: debug: Signing zone "example.net."
+2008-07-22 00:41:53.873: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
+2008-07-22 00:41:53.989: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 00:41:53.989: debug: Signing completed after 0s.
+2008-07-22 00:41:53.989: notice: "example.net.": distribution triggered
+2008-07-22 00:41:53.989: debug: Distribute zone "example.net."
+2008-07-22 00:41:53.989: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
+2008-07-22 00:41:53.995: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./"
+2008-07-22 00:41:53.995: debug:
+2008-07-22 00:41:53.995: notice: end of run: 0 errors occured
+2008-07-22 00:45:46.509: notice: ------------------------------------------------------------
+2008-07-22 00:45:46.509: notice: running ../../dnssec-signer -r -f -v -v
+2008-07-22 00:45:46.511: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-22 00:45:46.512: debug: Check RFC5011 status
+2008-07-22 00:45:46.512: debug: ->ksk5011status returns 0
+2008-07-22 00:45:46.512: debug: Check KSK status
+2008-07-22 00:45:46.512: debug: Check ZSK status
+2008-07-22 00:45:46.512: debug: Re-signing necessary: Option -f
+2008-07-22 00:45:46.512: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-22 00:45:46.512: debug: Writing key file "./sub.example.net./dnskey.db"
+2008-07-22 00:45:46.513: debug: Signing zone "sub.example.net."
+2008-07-22 00:45:46.513: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-22 00:45:46.734: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 00:45:46.734: debug: Signing completed after 0s.
+2008-07-22 00:45:46.734: notice: "sub.example.net.": distribution triggered
+2008-07-22 00:45:46.734: debug: Distribute zone "sub.example.net."
+2008-07-22 00:45:46.734: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-22 00:45:46.740: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./"
+2008-07-22 00:45:46.740: debug:
+2008-07-22 00:45:46.740: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-22 00:45:46.740: debug: Check RFC5011 status
+2008-07-22 00:45:46.741: debug: ->ksk5011status returns 2
+2008-07-22 00:45:46.741: debug: Check ZSK status
+2008-07-22 00:45:46.741: debug: Re-signing necessary: Option -f
+2008-07-22 00:45:46.741: notice: "example.net.": re-signing triggered: Option -f
+2008-07-22 00:45:46.741: debug: Writing key file "./example.net./dnskey.db"
+2008-07-22 00:45:46.742: debug: Incrementing serial number in file "./example.net./zone.db"
+2008-07-22 00:45:46.742: debug: Signing zone "example.net."
+2008-07-22 00:45:46.742: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
+2008-07-22 00:45:47.013: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 00:45:47.013: debug: Signing completed after 1s.
+2008-07-22 00:45:47.013: notice: "example.net.": distribution triggered
+2008-07-22 00:45:47.013: debug: Distribute zone "example.net."
+2008-07-22 00:45:47.013: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
+2008-07-22 00:45:47.019: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./"
+2008-07-22 00:45:47.019: debug:
+2008-07-22 00:45:47.019: notice: end of run: 0 errors occured
+2008-07-22 00:48:02.761: notice: ------------------------------------------------------------
+2008-07-22 00:48:02.761: notice: running ../../dnssec-signer -r -f -v -v
+2008-07-22 00:48:02.763: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-22 00:48:02.763: debug: Check RFC5011 status
+2008-07-22 00:48:02.763: debug: ->ksk5011status returns 0
+2008-07-22 00:48:02.763: debug: Check KSK status
+2008-07-22 00:48:02.763: debug: Check ZSK status
+2008-07-22 00:48:02.763: debug: Re-signing necessary: Option -f
+2008-07-22 00:48:02.763: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-22 00:48:02.763: debug: Writing key file "./sub.example.net./dnskey.db"
+2008-07-22 00:48:02.763: debug: Signing zone "sub.example.net."
+2008-07-22 00:48:02.763: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-22 00:48:02.907: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 00:48:02.907: debug: Signing completed after 0s.
+2008-07-22 00:48:02.907: notice: "sub.example.net.": distribution triggered
+2008-07-22 00:48:02.907: debug: Distribute zone "sub.example.net."
+2008-07-22 00:48:02.907: debug:
+2008-07-22 00:48:02.907: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-22 00:48:02.907: debug: Check RFC5011 status
+2008-07-22 00:48:02.907: debug: ->ksk5011status returns 2
+2008-07-22 00:48:02.907: debug: Check ZSK status
+2008-07-22 00:48:02.907: debug: Re-signing necessary: Option -f
+2008-07-22 00:48:02.907: notice: "example.net.": re-signing triggered: Option -f
+2008-07-22 00:48:02.907: debug: Writing key file "./example.net./dnskey.db"
+2008-07-22 00:48:02.908: debug: Incrementing serial number in file "./example.net./zone.db"
+2008-07-22 00:48:02.908: debug: Signing zone "example.net."
+2008-07-22 00:48:02.908: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
+2008-07-22 00:48:03.029: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 00:48:03.029: debug: Signing completed after 1s.
+2008-07-22 00:48:03.029: notice: "example.net.": distribution triggered
+2008-07-22 00:48:03.029: debug: Distribute zone "example.net."
+2008-07-22 00:48:03.029: debug:
+2008-07-22 00:48:03.029: notice: end of run: 0 errors occured
+2008-07-22 00:48:56.098: notice: ------------------------------------------------------------
+2008-07-22 00:48:56.098: notice: running ../../dnssec-signer -r -f -v -v
+2008-07-22 00:48:56.100: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-22 00:48:56.101: debug: Check RFC5011 status
+2008-07-22 00:48:56.101: debug: ->ksk5011status returns 0
+2008-07-22 00:48:56.101: debug: Check KSK status
+2008-07-22 00:48:56.101: debug: Check ZSK status
+2008-07-22 00:48:56.101: debug: Re-signing necessary: Option -f
+2008-07-22 00:48:56.101: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-22 00:48:56.101: debug: Writing key file "./sub.example.net./dnskey.db"
+2008-07-22 00:48:56.102: debug: Signing zone "sub.example.net."
+2008-07-22 00:48:56.102: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-22 00:48:56.244: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 00:48:56.244: debug: Signing completed after 0s.
+2008-07-22 00:48:56.244: notice: "sub.example.net.": distribution triggered
+2008-07-22 00:48:56.244: debug: Distribute zone "sub.example.net."
+2008-07-22 00:48:56.245: debug:
+2008-07-22 00:48:56.245: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-22 00:48:56.245: debug: Check RFC5011 status
+2008-07-22 00:48:56.245: debug: ->ksk5011status returns 2
+2008-07-22 00:48:56.245: debug: Check ZSK status
+2008-07-22 00:48:56.245: debug: Re-signing necessary: Option -f
+2008-07-22 00:48:56.245: notice: "example.net.": re-signing triggered: Option -f
+2008-07-22 00:48:56.246: debug: Writing key file "./example.net./dnskey.db"
+2008-07-22 00:48:56.246: debug: Incrementing serial number in file "./example.net./zone.db"
+2008-07-22 00:48:56.246: debug: Signing zone "example.net."
+2008-07-22 00:48:56.247: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
+2008-07-22 00:48:56.367: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 00:48:56.367: debug: Signing completed after 0s.
+2008-07-22 00:48:56.367: notice: "example.net.": distribution triggered
+2008-07-22 00:48:56.367: debug: Distribute zone "example.net."
+2008-07-22 00:48:56.367: debug:
+2008-07-22 00:48:56.367: notice: end of run: 0 errors occured
+2008-07-22 08:07:30.993: notice: ------------------------------------------------------------
+2008-07-22 08:07:30.993: notice: running ../../dnssec-signer -r -f -v -v
+2008-07-22 08:07:30.995: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-22 08:07:30.995: debug: Check RFC5011 status
+2008-07-22 08:07:30.995: debug: ->ksk5011status returns 0
+2008-07-22 08:07:30.995: debug: Check KSK status
+2008-07-22 08:07:30.995: debug: Check ZSK status
+2008-07-22 08:07:30.995: debug: Re-signing necessary: Option -f
+2008-07-22 08:07:30.996: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-22 08:07:30.996: debug: Writing key file "./sub.example.net./dnskey.db"
+2008-07-22 08:07:30.996: debug: Signing zone "sub.example.net."
+2008-07-22 08:07:30.996: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-22 08:07:31.454: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 08:07:31.454: debug: Signing completed after 1s.
+2008-07-22 08:07:31.454: notice: "sub.example.net.": distribution triggered
+2008-07-22 08:07:31.454: debug: Distribute zone "sub.example.net."
+2008-07-22 08:07:31.454: debug:
+2008-07-22 08:07:31.454: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-22 08:07:31.454: debug: Check RFC5011 status
+2008-07-22 08:07:31.454: debug: ->ksk5011status returns 2
+2008-07-22 08:07:31.454: debug: Check ZSK status
+2008-07-22 08:07:31.454: debug: Re-signing necessary: Option -f
+2008-07-22 08:07:31.454: notice: "example.net.": re-signing triggered: Option -f
+2008-07-22 08:07:31.454: debug: Writing key file "./example.net./dnskey.db"
+2008-07-22 08:07:31.454: debug: Incrementing serial number in file "./example.net./zone.db"
+2008-07-22 08:07:31.454: debug: Signing zone "example.net."
+2008-07-22 08:07:31.455: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
+2008-07-22 08:07:31.588: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 08:07:31.589: debug: Signing completed after 0s.
+2008-07-22 08:07:31.589: notice: "example.net.": distribution triggered
+2008-07-22 08:07:31.589: debug: Distribute zone "example.net."
+2008-07-22 08:07:31.589: debug:
+2008-07-22 08:07:31.589: notice: end of run: 0 errors occured
+2008-07-22 08:08:09.237: notice: ------------------------------------------------------------
+2008-07-22 08:08:09.237: notice: running ../../dnssec-signer -r -f -v -v
+2008-07-22 08:08:09.239: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-22 08:08:09.239: debug: Check RFC5011 status
+2008-07-22 08:08:09.239: debug: ->ksk5011status returns 0
+2008-07-22 08:08:09.239: debug: Check KSK status
+2008-07-22 08:08:09.239: debug: Check ZSK status
+2008-07-22 08:08:09.239: debug: Re-signing necessary: Option -f
+2008-07-22 08:08:09.239: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-22 08:08:09.239: debug: Writing key file "./sub.example.net./dnskey.db"
+2008-07-22 08:08:09.240: debug: Signing zone "sub.example.net."
+2008-07-22 08:08:09.240: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-22 08:08:09.506: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 08:08:09.507: debug: Signing completed after 0s.
+2008-07-22 08:08:09.507: notice: "sub.example.net.": distribution triggered
+2008-07-22 08:08:09.507: debug: Distribute zone "sub.example.net."
+2008-07-22 08:10:10.328: notice: ------------------------------------------------------------
+2008-07-22 08:10:10.328: notice: running ../../dnssec-signer -r -f -v -v
+2008-07-22 08:10:10.330: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-22 08:10:10.330: debug: Check RFC5011 status
+2008-07-22 08:10:10.330: debug: ->ksk5011status returns 0
+2008-07-22 08:10:10.330: debug: Check KSK status
+2008-07-22 08:10:10.330: debug: Check ZSK status
+2008-07-22 08:10:10.330: debug: Re-signing necessary: Option -f
+2008-07-22 08:10:10.330: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-22 08:10:10.330: debug: Writing key file "./sub.example.net./dnskey.db"
+2008-07-22 08:10:10.331: debug: Signing zone "sub.example.net."
+2008-07-22 08:10:10.331: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-22 08:10:10.950: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 08:10:10.950: debug: Signing completed after 0s.
+2008-07-22 08:10:10.950: notice: "sub.example.net.": distribution triggered
+2008-07-22 08:10:10.950: debug: Distribute zone "sub.example.net."
+2008-07-22 08:11:17.247: notice: ------------------------------------------------------------
+2008-07-22 08:11:17.247: notice: running ../../dnssec-signer -r -f -v -v
+2008-07-22 08:11:17.249: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-22 08:11:17.250: debug: Check RFC5011 status
+2008-07-22 08:11:17.250: debug: ->ksk5011status returns 0
+2008-07-22 08:11:17.250: debug: Check KSK status
+2008-07-22 08:11:17.250: debug: Check ZSK status
+2008-07-22 08:11:17.250: debug: Re-signing necessary: Option -f
+2008-07-22 08:11:17.250: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-22 08:11:17.250: debug: Writing key file "./sub.example.net./dnskey.db"
+2008-07-22 08:11:17.251: debug: Signing zone "sub.example.net."
+2008-07-22 08:11:17.251: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-22 08:11:17.883: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 08:11:17.883: debug: Signing completed after 0s.
+2008-07-22 08:11:17.883: notice: "sub.example.net.": distribution triggered
+2008-07-22 08:11:17.883: debug: Distribute zone "sub.example.net."
+2008-07-22 08:11:17.883: debug:
+2008-07-22 08:11:17.883: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-22 08:11:17.884: debug: Check RFC5011 status
+2008-07-22 08:11:17.884: debug: ->ksk5011status returns 2
+2008-07-22 08:11:17.884: debug: Check ZSK status
+2008-07-22 08:11:17.884: debug: Re-signing necessary: Option -f
+2008-07-22 08:11:17.884: notice: "example.net.": re-signing triggered: Option -f
+2008-07-22 08:11:17.884: debug: Writing key file "./example.net./dnskey.db"
+2008-07-22 08:11:17.884: debug: Incrementing serial number in file "./example.net./zone.db"
+2008-07-22 08:11:17.884: debug: Signing zone "example.net."
+2008-07-22 08:11:17.884: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
+2008-07-22 08:11:18.005: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 08:11:18.005: debug: Signing completed after 1s.
+2008-07-22 08:11:18.006: notice: "example.net.": distribution triggered
+2008-07-22 08:11:18.006: debug: Distribute zone "example.net."
+2008-07-22 08:11:18.006: debug:
+2008-07-22 08:11:18.006: notice: end of run: 0 errors occured
+2008-07-24 00:13:56.493: notice: ------------------------------------------------------------
+2008-07-24 00:13:56.493: notice: running ../../dnssec-signer -v -v
+2008-07-24 00:13:56.495: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-24 00:13:56.495: debug: Check RFC5011 status
+2008-07-24 00:13:56.495: debug: ->ksk5011status returns 0
+2008-07-24 00:13:56.495: debug: Check KSK status
+2008-07-24 00:13:56.495: debug: Check ZSK status
+2008-07-24 00:13:56.495: debug: Re-signing necessary: re-signing interval (1d) reached
+2008-07-24 00:13:56.495: notice: "sub.example.net.": re-signing triggered: re-signing interval (1d) reached
+2008-07-24 00:13:56.495: debug: Writing key file "./sub.example.net./dnskey.db"
+2008-07-24 00:13:56.495: debug: Signing zone "sub.example.net."
+2008-07-24 00:13:56.495: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-24 00:13:57.439: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 00:13:57.439: debug: Signing completed after 1s.
+2008-07-24 00:13:57.439: debug:
+2008-07-24 00:13:57.439: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-24 00:13:57.439: debug: Check RFC5011 status
+2008-07-24 00:13:57.439: debug: ->ksk5011status returns 2
+2008-07-24 00:13:57.439: debug: Check ZSK status
+2008-07-24 00:13:57.440: debug: Lifetime(1209600 +/-150 sec) of active key 16682 exceeded (1309537 sec)
+2008-07-24 00:13:57.440: debug: ->depreciate it
+2008-07-24 00:13:57.440: debug: ->activate published key 41300
+2008-07-24 00:13:57.440: notice: "example.net.": lifetime of zone signing key 16682 exceeded: ZSK rollover done
+2008-07-24 00:13:57.440: debug: Re-signing necessary: New zone key
+2008-07-24 00:13:57.440: notice: "example.net.": re-signing triggered: New zone key
+2008-07-24 00:13:57.441: debug: Writing key file "./example.net./dnskey.db"
+2008-07-24 00:13:57.441: debug: Incrementing serial number in file "./example.net./zone.db"
+2008-07-24 00:13:57.441: debug: Signing zone "example.net."
+2008-07-24 00:13:57.442: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
+2008-07-24 00:13:57.562: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 00:13:57.562: debug: Signing completed after 0s.
+2008-07-24 00:13:57.562: debug:
+2008-07-24 00:13:57.562: notice: end of run: 0 errors occured
+2008-07-24 00:14:08.862: notice: ------------------------------------------------------------
+2008-07-24 00:14:08.862: notice: running ../../dnssec-signer -r -v -v
+2008-07-24 00:14:08.864: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-24 00:14:08.864: debug: Check RFC5011 status
+2008-07-24 00:14:08.864: debug: ->ksk5011status returns 0
+2008-07-24 00:14:08.864: debug: Check KSK status
+2008-07-24 00:14:08.864: debug: Check ZSK status
+2008-07-24 00:14:08.864: debug: Re-signing not necessary!
+2008-07-24 00:14:08.864: debug: Check if there is a parent file to copy
+2008-07-24 00:14:08.864: debug:
+2008-07-24 00:14:08.864: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-24 00:14:08.864: debug: Check RFC5011 status
+2008-07-24 00:14:08.864: debug: ->ksk5011status returns 2
+2008-07-24 00:14:08.864: debug: Check ZSK status
+2008-07-24 00:14:08.864: debug: Re-signing not necessary!
+2008-07-24 00:14:08.864: debug: Check if there is a parent file to copy
+2008-07-24 00:14:08.864: debug:
+2008-07-24 00:14:08.864: notice: end of run: 0 errors occured
+2008-07-24 00:14:12.963: notice: ------------------------------------------------------------
+2008-07-24 00:14:12.963: notice: running ../../dnssec-signer -r -f -v -v
+2008-07-24 00:14:12.965: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-24 00:14:12.965: debug: Check RFC5011 status
+2008-07-24 00:14:12.965: debug: ->ksk5011status returns 0
+2008-07-24 00:14:12.965: debug: Check KSK status
+2008-07-24 00:14:12.965: debug: Check ZSK status
+2008-07-24 00:14:12.965: debug: Re-signing necessary: Option -f
+2008-07-24 00:14:12.965: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-24 00:14:12.966: debug: Writing key file "./sub.example.net./dnskey.db"
+2008-07-24 00:14:12.966: debug: Signing zone "sub.example.net."
+2008-07-24 00:14:12.966: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-24 00:14:13.488: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 00:14:13.488: debug: Signing completed after 1s.
+2008-07-24 00:14:13.488: error: exec of distribution command Ìö÷¿ forbidden due to strange file mode settings
+2008-07-24 00:14:13.488: debug:
+2008-07-24 00:14:13.488: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-24 00:14:13.488: debug: Check RFC5011 status
+2008-07-24 00:14:13.488: debug: ->ksk5011status returns 2
+2008-07-24 00:14:13.488: debug: Check ZSK status
+2008-07-24 00:14:13.488: debug: Re-signing necessary: Option -f
+2008-07-24 00:14:13.488: notice: "example.net.": re-signing triggered: Option -f
+2008-07-24 00:14:13.488: debug: Writing key file "./example.net./dnskey.db"
+2008-07-24 00:14:13.489: debug: Incrementing serial number in file "./example.net./zone.db"
+2008-07-24 00:14:13.489: debug: Signing zone "example.net."
+2008-07-24 00:14:13.489: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
+2008-07-24 00:14:13.601: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 00:14:13.601: debug: Signing completed after 0s.
+2008-07-24 00:14:13.601: error: exec of distribution command Ìö÷¿ forbidden due to strange file mode settings
+2008-07-24 00:14:13.602: debug:
+2008-07-24 00:14:13.602: notice: end of run: 2 errors occured
+2008-07-24 00:15:38.304: notice: ------------------------------------------------------------
+2008-07-24 00:15:38.304: notice: running ../../dnssec-signer -f -v -v
+2008-07-24 00:15:38.306: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-24 00:15:38.306: debug: Check RFC5011 status
+2008-07-24 00:15:38.307: debug: ->ksk5011status returns 0
+2008-07-24 00:15:38.307: debug: Check KSK status
+2008-07-24 00:15:38.307: debug: Check ZSK status
+2008-07-24 00:15:38.307: debug: Re-signing necessary: Option -f
+2008-07-24 00:15:38.307: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-24 00:15:38.307: debug: Writing key file "./sub.example.net./dnskey.db"
+2008-07-24 00:15:38.308: debug: Signing zone "sub.example.net."
+2008-07-24 00:15:38.308: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-24 00:15:39.280: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 00:15:39.280: debug: Signing completed after 1s.
+2008-07-24 00:15:39.281: debug:
+2008-07-24 00:15:39.281: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-24 00:15:39.281: debug: Check RFC5011 status
+2008-07-24 00:15:39.281: debug: ->ksk5011status returns 2
+2008-07-24 00:15:39.281: debug: Check ZSK status
+2008-07-24 00:15:39.281: debug: Re-signing necessary: Option -f
+2008-07-24 00:15:39.281: notice: "example.net.": re-signing triggered: Option -f
+2008-07-24 00:15:39.281: debug: Writing key file "./example.net./dnskey.db"
+2008-07-24 00:15:39.282: debug: Incrementing serial number in file "./example.net./zone.db"
+2008-07-24 00:15:39.282: debug: Signing zone "example.net."
+2008-07-24 00:15:39.282: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
+2008-07-24 00:15:39.402: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 00:15:39.402: debug: Signing completed after 0s.
+2008-07-24 00:15:39.403: debug:
+2008-07-24 00:15:39.403: notice: end of run: 0 errors occured
+2008-07-24 00:18:59.568: notice: ------------------------------------------------------------
+2008-07-24 00:18:59.568: notice: running ../../dnssec-signer -r -f -v -v
+2008-07-24 00:18:59.570: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-24 00:18:59.573: debug: Check RFC5011 status
+2008-07-24 00:18:59.573: debug: ->ksk5011status returns 0
+2008-07-24 00:18:59.573: debug: Check KSK status
+2008-07-24 00:18:59.573: debug: Check ZSK status
+2008-07-24 00:18:59.573: debug: Re-signing necessary: Option -f
+2008-07-24 00:18:59.573: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-24 00:18:59.573: debug: Writing key file "./sub.example.net./dnskey.db"
+2008-07-24 00:18:59.573: debug: Signing zone "sub.example.net."
+2008-07-24 00:18:59.573: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-24 00:19:00.167: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 00:19:00.167: debug: Signing completed after 1s.
+2008-07-24 00:19:00.168: error: exec of distribution command ./dist.sh forbidden due to strange file mode settings
+2008-07-24 00:19:00.168: debug:
+2008-07-24 00:19:00.168: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-24 00:19:00.168: debug: Check RFC5011 status
+2008-07-24 00:19:00.168: debug: ->ksk5011status returns 2
+2008-07-24 00:19:00.168: debug: Check ZSK status
+2008-07-24 00:19:00.168: debug: Re-signing necessary: Option -f
+2008-07-24 00:19:00.168: notice: "example.net.": re-signing triggered: Option -f
+2008-07-24 00:19:00.168: debug: Writing key file "./example.net./dnskey.db"
+2008-07-24 00:19:00.169: debug: Incrementing serial number in file "./example.net./zone.db"
+2008-07-24 00:19:00.169: debug: Signing zone "example.net."
+2008-07-24 00:19:00.169: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
+2008-07-24 00:19:00.280: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 00:19:00.280: debug: Signing completed after 0s.
+2008-07-24 00:19:00.280: error: exec of distribution command ./dist.sh forbidden due to strange file mode settings
+2008-07-24 00:19:00.280: debug:
+2008-07-24 00:19:00.280: notice: end of run: 2 errors occured
+2008-07-24 00:22:24.567: notice: ------------------------------------------------------------
+2008-07-24 00:22:24.567: notice: running ../../dnssec-signer -r -f -v -v
+2008-07-24 00:22:24.569: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-24 00:22:24.569: debug: Check RFC5011 status
+2008-07-24 00:22:24.569: debug: ->ksk5011status returns 0
+2008-07-24 00:22:24.569: debug: Check KSK status
+2008-07-24 00:22:24.570: debug: Check ZSK status
+2008-07-24 00:22:24.570: debug: Re-signing necessary: Option -f
+2008-07-24 00:22:24.570: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-24 00:22:24.570: debug: Writing key file "./sub.example.net./dnskey.db"
+2008-07-24 00:22:24.570: debug: Signing zone "sub.example.net."
+2008-07-24 00:22:24.571: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-24 00:22:25.147: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 00:22:25.148: debug: Signing completed after 1s.
+2008-07-24 00:22:25.148: error: exec of distribution command ./dist.sh forbidden due to strange file mode settings
+2008-07-24 00:22:25.148: debug: not running distribution command ./dist.sh because of strange file mode settings
+2008-07-24 00:22:25.148: debug:
+2008-07-24 00:22:25.148: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-24 00:22:25.148: debug: Check RFC5011 status
+2008-07-24 00:22:25.148: debug: ->ksk5011status returns 2
+2008-07-24 00:22:25.148: debug: Check ZSK status
+2008-07-24 00:22:25.149: debug: Re-signing necessary: Option -f
+2008-07-24 00:22:25.149: notice: "example.net.": re-signing triggered: Option -f
+2008-07-24 00:22:25.149: debug: Writing key file "./example.net./dnskey.db"
+2008-07-24 00:22:25.150: debug: Incrementing serial number in file "./example.net./zone.db"
+2008-07-24 00:22:25.150: debug: Signing zone "example.net."
+2008-07-24 00:22:25.150: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
+2008-07-24 00:22:25.271: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 00:22:25.271: debug: Signing completed after 0s.
+2008-07-24 00:22:25.271: error: exec of distribution command ./dist.sh forbidden due to strange file mode settings
+2008-07-24 00:22:25.271: debug: not running distribution command ./dist.sh because of strange file mode settings
+2008-07-24 00:22:25.271: debug:
+2008-07-24 00:22:25.271: notice: end of run: 2 errors occured
+2008-07-24 00:23:08.907: notice: ------------------------------------------------------------
+2008-07-24 00:23:08.907: notice: running ../../dnssec-signer -r -f -v -v
+2008-07-24 00:23:08.909: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-24 00:23:08.909: debug: Check RFC5011 status
+2008-07-24 00:23:08.909: debug: ->ksk5011status returns 0
+2008-07-24 00:23:08.909: debug: Check KSK status
+2008-07-24 00:23:08.909: debug: Check ZSK status
+2008-07-24 00:23:08.909: debug: Re-signing necessary: Option -f
+2008-07-24 00:23:08.909: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-24 00:23:08.909: debug: Writing key file "./sub.example.net./dnskey.db"
+2008-07-24 00:23:08.910: debug: Signing zone "sub.example.net."
+2008-07-24 00:23:08.910: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-24 00:23:09.510: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 00:23:09.510: debug: Signing completed after 1s.
+2008-07-24 00:23:09.511: notice: "sub.example.net.": distribution triggered
+2008-07-24 00:23:09.511: debug: Distribute zone "sub.example.net."
+2008-07-24 00:23:09.511: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-24 00:23:09.517: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./"
+2008-07-24 00:23:09.517: debug:
+2008-07-24 00:23:09.517: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-24 00:23:09.517: debug: Check RFC5011 status
+2008-07-24 00:23:09.517: debug: ->ksk5011status returns 2
+2008-07-24 00:23:09.517: debug: Check ZSK status
+2008-07-24 00:23:09.517: debug: Re-signing necessary: Option -f
+2008-07-24 00:23:09.517: notice: "example.net.": re-signing triggered: Option -f
+2008-07-24 00:23:09.517: debug: Writing key file "./example.net./dnskey.db"
+2008-07-24 00:23:09.518: debug: Incrementing serial number in file "./example.net./zone.db"
+2008-07-24 00:23:09.518: debug: Signing zone "example.net."
+2008-07-24 00:23:09.518: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
+2008-07-24 00:23:09.633: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 00:23:09.633: debug: Signing completed after 0s.
+2008-07-24 00:23:09.634: notice: "example.net.": distribution triggered
+2008-07-24 00:23:09.634: debug: Distribute zone "example.net."
+2008-07-24 00:23:09.634: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
+2008-07-24 00:23:09.640: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./"
+2008-07-24 00:23:09.640: debug:
+2008-07-24 00:23:09.640: notice: end of run: 0 errors occured
+2008-07-24 00:33:30.818: notice: ------------------------------------------------------------
+2008-07-24 00:33:30.818: notice: running ../../dnssec-signer -r -f -v -v
+2008-07-24 00:33:30.820: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-24 00:33:30.820: debug: Check RFC5011 status
+2008-07-24 00:33:30.821: debug: ->ksk5011status returns 0
+2008-07-24 00:33:30.821: debug: Check KSK status
+2008-07-24 00:33:30.821: debug: Check ZSK status
+2008-07-24 00:33:30.821: debug: Re-signing necessary: Option -f
+2008-07-24 00:33:30.821: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-24 00:33:30.821: debug: Writing key file "./sub.example.net./dnskey.db"
+2008-07-24 00:33:30.822: debug: Signing zone "sub.example.net."
+2008-07-24 00:33:30.822: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-24 00:33:31.320: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 00:33:31.320: debug: Signing completed after 1s.
+2008-07-24 00:33:31.320: error: exec of distribution command ./dist.sh forbidden due to running as root
+2008-07-24 00:33:31.320: debug: Not running distribution command ./dist.sh as root
+2008-07-24 00:33:31.320: debug:
+2008-07-24 00:33:31.320: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-24 00:33:31.320: debug: Check RFC5011 status
+2008-07-24 00:33:31.320: debug: ->ksk5011status returns 2
+2008-07-24 00:33:31.320: debug: Check ZSK status
+2008-07-24 00:33:31.320: debug: Re-signing necessary: Option -f
+2008-07-24 00:33:31.320: notice: "example.net.": re-signing triggered: Option -f
+2008-07-24 00:33:31.320: debug: Writing key file "./example.net./dnskey.db"
+2008-07-24 00:33:31.321: debug: Incrementing serial number in file "./example.net./zone.db"
+2008-07-24 00:33:31.321: debug: Signing zone "example.net."
+2008-07-24 00:33:31.321: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
+2008-07-24 00:33:31.443: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 00:33:31.443: debug: Signing completed after 0s.
+2008-07-24 00:33:31.443: error: exec of distribution command ./dist.sh forbidden due to running as root
+2008-07-24 00:33:31.443: debug: Not running distribution command ./dist.sh as root
+2008-07-24 00:33:31.443: debug:
+2008-07-24 00:33:31.443: notice: end of run: 2 errors occured
+2008-07-24 23:21:55.189: notice: ------------------------------------------------------------
+2008-07-24 23:21:55.189: notice: running ../../dnssec-signer -r -v -v
+2008-07-24 23:21:55.196: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-24 23:21:55.196: debug: Check RFC5011 status
+2008-07-24 23:21:55.196: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
+2008-07-24 23:21:55.196: debug: Check KSK status
+2008-07-24 23:21:55.196: debug: Check ZSK status
+2008-07-24 23:21:55.196: debug: Re-signing not necessary!
+2008-07-24 23:21:55.196: debug: Check if there is a parent file to copy
+2008-07-24 23:21:55.196: debug:
+2008-07-24 23:21:55.196: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-24 23:21:55.196: debug: Check RFC5011 status
+2008-07-24 23:21:55.196: debug: Check ZSK status
+2008-07-24 23:21:55.196: debug: Lifetime(29100 sec) of depreciated key 16682 exceeded (83278 sec)
+2008-07-24 23:21:55.196: info: "example.net.": old ZSK 16682 removed
+2008-07-24 23:21:55.196: debug: ->remove it
+2008-07-24 23:21:55.196: debug: Re-signing necessary: New zone key
+2008-07-24 23:21:55.197: notice: "example.net.": re-signing triggered: New zone key
+2008-07-24 23:21:55.197: debug: Writing key file "./example.net./dnskey.db"
+2008-07-24 23:21:55.197: debug: Incrementing serial number in file "./example.net./zone.db"
+2008-07-24 23:21:55.197: debug: Signing zone "example.net."
+2008-07-24 23:21:55.197: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
+2008-07-24 23:21:55.873: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 23:21:55.873: debug: Signing completed after 0s.
+2008-07-24 23:21:55.873: debug: Distribution command ./dist.sh not run as root
+2008-07-24 23:21:55.873: error: exec of distribution command ./dist.sh suppressed because of security reasons
+2008-07-24 23:21:55.873: debug:
+2008-07-24 23:21:55.874: notice: end of run: 1 error occured
+2008-07-24 23:23:06.278: notice: ------------------------------------------------------------
+2008-07-24 23:23:06.278: notice: running ../../dnssec-signer -r -v -v
+2008-07-24 23:23:06.279: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-24 23:23:06.280: debug: Check RFC5011 status
+2008-07-24 23:23:06.280: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
+2008-07-24 23:23:06.280: debug: Check KSK status
+2008-07-24 23:23:06.280: debug: Check ZSK status
+2008-07-24 23:23:06.280: debug: Re-signing not necessary!
+2008-07-24 23:23:06.280: debug: Check if there is a parent file to copy
+2008-07-24 23:23:06.280: debug:
+2008-07-24 23:23:06.280: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-24 23:23:06.280: debug: Check RFC5011 status
+2008-07-24 23:23:06.280: debug: Check ZSK status
+2008-07-24 23:23:06.280: debug: Re-signing not necessary!
+2008-07-24 23:23:06.280: debug: Check if there is a parent file to copy
+2008-07-24 23:23:06.280: debug:
+2008-07-24 23:23:06.280: notice: end of run: 0 errors occured
+2008-07-24 23:25:21.930: notice: ------------------------------------------------------------
+2008-07-24 23:25:21.930: notice: running ../../dnssec-signer -r -v -v
+2008-07-24 23:25:21.932: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-24 23:25:21.932: debug: Check RFC5011 status
+2008-07-24 23:25:21.932: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
+2008-07-24 23:25:21.932: debug: Check KSK status
+2008-07-24 23:25:21.932: debug: Check ZSK status
+2008-07-24 23:25:21.932: debug: Re-signing not necessary!
+2008-07-24 23:25:21.932: debug: Check if there is a parent file to copy
+2008-07-24 23:25:21.932: debug:
+2008-07-24 23:25:21.932: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-24 23:25:21.932: debug: Check RFC5011 status
+2008-07-24 23:25:21.932: debug: Check ZSK status
+2008-07-24 23:25:21.932: debug: Re-signing not necessary!
+2008-07-24 23:25:21.932: debug: Check if there is a parent file to copy
+2008-07-24 23:25:21.932: debug:
+2008-07-24 23:25:21.932: notice: end of run: 0 errors occured
+2008-07-24 23:25:39.009: notice: ------------------------------------------------------------
+2008-07-24 23:25:39.009: notice: running ../../dnssec-signer -f -r -v -v
+2008-07-24 23:25:39.011: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-24 23:25:39.011: debug: Check RFC5011 status
+2008-07-24 23:25:39.011: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
+2008-07-24 23:25:39.011: debug: Check KSK status
+2008-07-24 23:25:39.011: debug: Check ZSK status
+2008-07-24 23:25:39.011: debug: Re-signing necessary: Option -f
+2008-07-24 23:25:39.011: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-24 23:25:39.011: debug: Writing key file "./sub.example.net./dnskey.db"
+2008-07-24 23:25:39.011: debug: Signing zone "sub.example.net."
+2008-07-24 23:25:39.012: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-24 23:25:39.591: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 23:25:39.591: debug: Signing completed after 0s.
+2008-07-24 23:25:39.591: debug: Distribution command ./dist.sh not run as root
+2008-07-24 23:25:39.591: error: exec of distribution command ./dist.sh suppressed because of security reasons
+2008-07-24 23:25:39.592: debug:
+2008-07-24 23:25:39.592: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-24 23:25:39.592: debug: Check RFC5011 status
+2008-07-24 23:25:39.592: debug: Check ZSK status
+2008-07-24 23:25:39.592: debug: Re-signing necessary: Option -f
+2008-07-24 23:25:39.592: notice: "example.net.": re-signing triggered: Option -f
+2008-07-24 23:25:39.592: debug: Writing key file "./example.net./dnskey.db"
+2008-07-24 23:25:39.592: debug: Incrementing serial number in file "./example.net./zone.db"
+2008-07-24 23:25:39.592: debug: Signing zone "example.net."
+2008-07-24 23:25:39.592: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
+2008-07-24 23:25:39.703: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 23:25:39.703: debug: Signing completed after 0s.
+2008-07-24 23:25:39.703: debug: Distribution command ./dist.sh not run as root
+2008-07-24 23:25:39.703: error: exec of distribution command ./dist.sh suppressed because of security reasons
+2008-07-24 23:25:39.703: debug:
+2008-07-24 23:25:39.703: notice: end of run: 2 errors occured
+2008-07-24 23:28:16.436: notice: ------------------------------------------------------------
+2008-07-24 23:28:16.436: notice: running ../../dnssec-signer -r -f -v -v
+2008-07-24 23:28:16.438: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-24 23:28:16.438: debug: Check RFC5011 status
+2008-07-24 23:28:16.438: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
+2008-07-24 23:28:16.438: debug: Check KSK status
+2008-07-24 23:28:16.438: debug: Check ZSK status
+2008-07-24 23:28:16.438: debug: Re-signing necessary: Option -f
+2008-07-24 23:28:16.438: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-24 23:28:16.438: debug: Writing key file "./sub.example.net./dnskey.db"
+2008-07-24 23:28:16.438: debug: Signing zone "sub.example.net."
+2008-07-24 23:28:16.439: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-24 23:28:17.008: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 23:28:17.008: debug: Signing completed after 1s.
+2008-07-24 23:28:17.009: notice: "sub.example.net.": distribution triggered
+2008-07-24 23:28:17.009: debug: Distribute zone "sub.example.net."
+2008-07-24 23:28:17.009: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-24 23:28:17.015: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./"
+2008-07-24 23:28:17.015: debug:
+2008-07-24 23:28:17.015: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-24 23:28:17.015: debug: Check RFC5011 status
+2008-07-24 23:28:17.015: debug: Check ZSK status
+2008-07-24 23:28:17.015: debug: Re-signing necessary: Option -f
+2008-07-24 23:28:17.015: notice: "example.net.": re-signing triggered: Option -f
+2008-07-24 23:28:17.015: debug: Writing key file "./example.net./dnskey.db"
+2008-07-24 23:28:17.016: debug: Incrementing serial number in file "./example.net./zone.db"
+2008-07-24 23:28:17.016: debug: Signing zone "example.net."
+2008-07-24 23:28:17.016: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
+2008-07-24 23:28:17.132: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 23:28:17.132: debug: Signing completed after 0s.
+2008-07-24 23:28:17.132: notice: "example.net.": distribution triggered
+2008-07-24 23:28:17.132: debug: Distribute zone "example.net."
+2008-07-24 23:28:17.132: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
+2008-07-24 23:28:17.138: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./"
+2008-07-24 23:28:17.138: debug:
+2008-07-24 23:28:17.138: notice: end of run: 0 errors occured
+2008-07-24 23:31:17.354: notice: ------------------------------------------------------------
+2008-07-24 23:31:17.354: notice: running ../../dnssec-signer -r -f -v -v
+2008-07-24 23:31:17.364: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-24 23:31:17.364: debug: Check RFC5011 status
+2008-07-24 23:31:17.364: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
+2008-07-24 23:31:17.364: debug: Check KSK status
+2008-07-24 23:31:17.364: debug: Check ZSK status
+2008-07-24 23:31:17.364: debug: Re-signing necessary: Option -f
+2008-07-24 23:31:17.364: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-24 23:31:17.364: debug: Writing key file "./sub.example.net./dnskey.db"
+2008-07-24 23:31:17.364: debug: Signing zone "sub.example.net."
+2008-07-24 23:31:17.364: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-24 23:31:18.032: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 23:31:18.032: debug: Signing completed after 1s.
+2008-07-24 23:31:18.032: notice: "sub.example.net.": distribution triggered
+2008-07-24 23:31:18.032: debug: Distribute zone "sub.example.net."
+2008-07-24 23:31:18.032: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-24 23:31:18.039: debug: ./dist.sh reload return: "rndc reload "
+2008-07-24 23:31:18.039: debug:
+2008-07-24 23:31:18.039: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-24 23:31:18.039: debug: Check RFC5011 status
+2008-07-24 23:31:18.039: debug: Check ZSK status
+2008-07-24 23:31:18.039: debug: Re-signing necessary: Option -f
+2008-07-24 23:31:18.039: notice: "example.net.": re-signing triggered: Option -f
+2008-07-24 23:31:18.039: debug: Writing key file "./example.net./dnskey.db"
+2008-07-24 23:31:18.040: debug: Incrementing serial number in file "./example.net./zone.db"
+2008-07-24 23:31:18.040: debug: Signing zone "example.net."
+2008-07-24 23:31:18.040: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
+2008-07-24 23:31:18.155: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 23:31:18.155: debug: Signing completed after 0s.
+2008-07-24 23:31:18.155: notice: "example.net.": distribution triggered
+2008-07-24 23:31:18.155: debug: Distribute zone "example.net."
+2008-07-24 23:31:18.155: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
+2008-07-24 23:31:18.161: debug: ./dist.sh reload return: "rndc reload "
+2008-07-24 23:31:18.161: debug:
+2008-07-24 23:31:18.162: notice: end of run: 0 errors occured
+2008-07-24 23:31:28.467: notice: ------------------------------------------------------------
+2008-07-24 23:31:28.467: notice: running ../../dnssec-signer -r -f -v -v
+2008-07-24 23:31:28.470: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-24 23:31:28.470: debug: Check RFC5011 status
+2008-07-24 23:31:28.470: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
+2008-07-24 23:31:28.470: debug: Check KSK status
+2008-07-24 23:31:28.470: debug: Check ZSK status
+2008-07-24 23:31:28.470: debug: Re-signing necessary: Option -f
+2008-07-24 23:31:28.470: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-24 23:31:28.470: debug: Writing key file "./sub.example.net./dnskey.db"
+2008-07-24 23:31:28.471: debug: Signing zone "sub.example.net."
+2008-07-24 23:31:28.471: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-24 23:31:29.058: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 23:31:29.059: debug: Signing completed after 1s.
+2008-07-24 23:31:29.059: notice: "sub.example.net.": distribution triggered
+2008-07-24 23:31:29.059: debug: Distribute zone "sub.example.net."
+2008-07-24 23:31:29.059: debug: Run cmd "./dist.sh distribute sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-24 23:31:29.066: debug: ./dist.sh distribute return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./"
+2008-07-24 23:31:29.066: notice: scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./: distribution triggered
+2008-07-24 23:31:29.066: debug: Distribute zone scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./
+2008-07-24 23:31:29.066: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-24 23:31:29.072: debug: ./dist.sh reload return: "rndc reload "
+2008-07-24 23:31:29.072: debug:
+2008-07-24 23:31:29.073: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-24 23:31:29.073: debug: Check RFC5011 status
+2008-07-24 23:31:29.073: debug: Check ZSK status
+2008-07-24 23:31:29.073: debug: Re-signing necessary: Option -f
+2008-07-24 23:31:29.073: notice: "example.net.": re-signing triggered: Option -f
+2008-07-24 23:31:29.073: debug: Writing key file "./example.net./dnskey.db"
+2008-07-24 23:31:29.074: debug: Incrementing serial number in file "./example.net./zone.db"
+2008-07-24 23:31:29.074: debug: Signing zone "example.net."
+2008-07-24 23:31:29.075: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
+2008-07-24 23:31:29.204: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 23:31:29.204: debug: Signing completed after 0s.
+2008-07-24 23:31:29.204: notice: "example.net.": distribution triggered
+2008-07-24 23:31:29.204: debug: Distribute zone "example.net."
+2008-07-24 23:31:29.205: debug: Run cmd "./dist.sh distribute example.net. ./example.net./zone.db.signed"
+2008-07-24 23:31:29.211: debug: ./dist.sh distribute return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./"
+2008-07-24 23:31:29.211: notice: scp ./example.net./zone.db.signed localhost:/var/named/example.net./: distribution triggered
+2008-07-24 23:31:29.211: debug: Distribute zone scp ./example.net./zone.db.signed localhost:/var/named/example.net./
+2008-07-24 23:31:29.211: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
+2008-07-24 23:31:29.217: debug: ./dist.sh reload return: "rndc reload "
+2008-07-24 23:31:29.217: debug:
+2008-07-24 23:31:29.217: notice: end of run: 0 errors occured
+2008-07-24 23:35:48.844: notice: ------------------------------------------------------------
+2008-07-24 23:35:48.844: notice: running ../../dnssec-signer -r -f -v -v
+2008-07-24 23:35:48.846: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-24 23:35:48.846: debug: Check RFC5011 status
+2008-07-24 23:35:48.846: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
+2008-07-24 23:35:48.846: debug: Check KSK status
+2008-07-24 23:35:48.846: debug: Check ZSK status
+2008-07-24 23:35:48.846: debug: Re-signing necessary: Option -f
+2008-07-24 23:35:48.846: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-24 23:35:48.846: debug: Writing key file "./sub.example.net./dnskey.db"
+2008-07-24 23:35:48.846: debug: Signing zone "sub.example.net."
+2008-07-24 23:35:48.846: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-24 23:35:49.455: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 23:35:49.455: debug: Signing completed after 1s.
+2008-07-24 23:35:49.455: notice: "sub.example.net.": distribution triggered
+2008-07-24 23:35:49.455: debug: Distribute zone "sub.example.net."
+2008-07-24 23:35:49.455: debug: Run cmd "./dist.sh distribute sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-24 23:35:49.462: notice: "sub.example.net.": distribution triggered
+2008-07-24 23:35:49.462: debug: Distribute zone "sub.example.net."
+2008-07-24 23:35:49.462: debug: ./dist.sh distribute return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./"
+2008-07-24 23:35:49.462: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-24 23:35:49.468: notice: "sub.example.net.": reload triggered
+2008-07-24 23:35:49.468: debug: Reload zone "sub.example.net."
+2008-07-24 23:35:49.468: debug: ./dist.sh reload return: "rndc reload "
+2008-07-24 23:35:49.468: debug:
+2008-07-24 23:35:49.468: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-24 23:35:49.468: debug: Check RFC5011 status
+2008-07-24 23:35:49.469: debug: Check ZSK status
+2008-07-24 23:35:49.469: debug: Re-signing necessary: Option -f
+2008-07-24 23:35:49.469: notice: "example.net.": re-signing triggered: Option -f
+2008-07-24 23:35:49.469: debug: Writing key file "./example.net./dnskey.db"
+2008-07-24 23:35:49.470: debug: Incrementing serial number in file "./example.net./zone.db"
+2008-07-24 23:35:49.470: debug: Signing zone "example.net."
+2008-07-24 23:35:49.470: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
+2008-07-24 23:35:49.600: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 23:35:49.600: debug: Signing completed after 0s.
+2008-07-24 23:35:49.600: notice: "example.net.": distribution triggered
+2008-07-24 23:35:49.600: debug: Distribute zone "example.net."
+2008-07-24 23:35:49.600: debug: Run cmd "./dist.sh distribute example.net. ./example.net./zone.db.signed"
+2008-07-24 23:35:49.606: notice: "example.net.": distribution triggered
+2008-07-24 23:35:49.606: debug: Distribute zone "example.net."
+2008-07-24 23:35:49.606: debug: ./dist.sh distribute return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./"
+2008-07-24 23:35:49.606: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
+2008-07-24 23:35:49.613: notice: "example.net.": reload triggered
+2008-07-24 23:35:49.613: debug: Reload zone "example.net."
+2008-07-24 23:35:49.613: debug: ./dist.sh reload return: "rndc reload "
+2008-07-24 23:35:49.613: debug:
+2008-07-24 23:35:49.613: notice: end of run: 0 errors occured
+2008-07-24 23:37:41.081: notice: ------------------------------------------------------------
+2008-07-24 23:37:41.081: notice: running ../../dnssec-signer -r -f -v -v
+2008-07-24 23:37:41.083: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-24 23:37:41.083: debug: Check RFC5011 status
+2008-07-24 23:37:41.083: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
+2008-07-24 23:37:41.083: debug: Check KSK status
+2008-07-24 23:37:41.083: debug: Check ZSK status
+2008-07-24 23:37:41.083: debug: Re-signing necessary: Option -f
+2008-07-24 23:37:41.083: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-24 23:37:41.083: debug: Writing key file "./sub.example.net./dnskey.db"
+2008-07-24 23:37:41.084: debug: Signing zone "sub.example.net."
+2008-07-24 23:37:41.084: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-24 23:37:41.688: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 23:37:41.688: debug: Signing completed after 0s.
+2008-07-24 23:37:41.689: notice: "sub.example.net.": distribution triggered
+2008-07-24 23:37:41.689: debug: Distribute zone "sub.example.net."
+2008-07-24 23:37:41.689: debug: Run cmd "./dist.sh distribute sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-24 23:37:41.695: debug: ./dist.sh distribute return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./"
+2008-07-24 23:37:41.695: notice: "sub.example.net.": reload triggered
+2008-07-24 23:37:41.695: debug: Reload zone "sub.example.net."
+2008-07-24 23:37:41.695: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-24 23:37:41.701: debug: ./dist.sh reload return: "rndc reload "
+2008-07-24 23:37:41.701: debug:
+2008-07-24 23:37:41.701: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-24 23:37:41.701: debug: Check RFC5011 status
+2008-07-24 23:37:41.701: debug: Check ZSK status
+2008-07-24 23:37:41.701: debug: Re-signing necessary: Option -f
+2008-07-24 23:37:41.701: notice: "example.net.": re-signing triggered: Option -f
+2008-07-24 23:37:41.701: debug: Writing key file "./example.net./dnskey.db"
+2008-07-24 23:37:41.702: debug: Incrementing serial number in file "./example.net./zone.db"
+2008-07-24 23:37:41.702: debug: Signing zone "example.net."
+2008-07-24 23:37:41.702: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
+2008-07-24 23:37:41.823: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 23:37:41.824: debug: Signing completed after 0s.
+2008-07-24 23:37:41.824: notice: "example.net.": distribution triggered
+2008-07-24 23:37:41.824: debug: Distribute zone "example.net."
+2008-07-24 23:37:41.824: debug: Run cmd "./dist.sh distribute example.net. ./example.net./zone.db.signed"
+2008-07-24 23:37:41.830: debug: ./dist.sh distribute return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./"
+2008-07-24 23:37:41.831: notice: "example.net.": reload triggered
+2008-07-24 23:37:41.831: debug: Reload zone "example.net."
+2008-07-24 23:37:41.831: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
+2008-07-24 23:37:41.837: debug: ./dist.sh reload return: "rndc reload "
+2008-07-24 23:37:41.837: debug:
+2008-07-24 23:37:41.837: notice: end of run: 0 errors occured
+2008-07-24 23:37:51.742: notice: ------------------------------------------------------------
+2008-07-24 23:37:51.742: notice: running ../../dnssec-signer -r -f -v
+2008-07-24 23:37:51.744: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-24 23:37:51.744: debug: Check RFC5011 status
+2008-07-24 23:37:51.744: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
+2008-07-24 23:37:51.744: debug: Check KSK status
+2008-07-24 23:37:51.744: debug: Check ZSK status
+2008-07-24 23:37:51.744: debug: Re-signing necessary: Option -f
+2008-07-24 23:37:51.744: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-24 23:37:51.744: debug: Writing key file "./sub.example.net./dnskey.db"
+2008-07-24 23:37:51.745: debug: Signing zone "sub.example.net."
+2008-07-24 23:37:51.745: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-24 23:37:52.263: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 23:37:52.264: debug: Signing completed after 1s.
+2008-07-24 23:37:52.264: notice: "sub.example.net.": distribution triggered
+2008-07-24 23:37:52.264: debug: Distribute zone "sub.example.net."
+2008-07-24 23:37:52.264: debug: Run cmd "./dist.sh distribute sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-24 23:37:52.270: debug: ./dist.sh distribute return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./"
+2008-07-24 23:37:52.271: notice: "sub.example.net.": reload triggered
+2008-07-24 23:37:52.271: debug: Reload zone "sub.example.net."
+2008-07-24 23:37:52.271: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-24 23:37:52.276: debug: ./dist.sh reload return: "rndc reload "
+2008-07-24 23:37:52.277: debug:
+2008-07-24 23:37:52.277: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-24 23:37:52.277: debug: Check RFC5011 status
+2008-07-24 23:37:52.277: debug: Check ZSK status
+2008-07-24 23:37:52.277: debug: Re-signing necessary: Option -f
+2008-07-24 23:37:52.277: notice: "example.net.": re-signing triggered: Option -f
+2008-07-24 23:37:52.277: debug: Writing key file "./example.net./dnskey.db"
+2008-07-24 23:37:52.277: debug: Incrementing serial number in file "./example.net./zone.db"
+2008-07-24 23:37:52.277: debug: Signing zone "example.net."
+2008-07-24 23:37:52.277: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
+2008-07-24 23:37:52.397: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 23:37:52.398: debug: Signing completed after 0s.
+2008-07-24 23:37:52.398: notice: "example.net.": distribution triggered
+2008-07-24 23:37:52.398: debug: Distribute zone "example.net."
+2008-07-24 23:37:52.398: debug: Run cmd "./dist.sh distribute example.net. ./example.net./zone.db.signed"
+2008-07-24 23:37:52.404: debug: ./dist.sh distribute return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./"
+2008-07-24 23:37:52.404: notice: "example.net.": reload triggered
+2008-07-24 23:37:52.404: debug: Reload zone "example.net."
+2008-07-24 23:37:52.404: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
+2008-07-24 23:37:52.410: debug: ./dist.sh reload return: "rndc reload "
+2008-07-24 23:37:52.410: debug:
+2008-07-24 23:37:52.410: notice: end of run: 0 errors occured
+2008-07-24 23:44:51.717: notice: ------------------------------------------------------------
+2008-07-24 23:44:51.717: notice: running ../../dnssec-signer -n -r -f -v
+2008-07-24 23:44:51.719: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-24 23:44:51.719: debug: Check RFC5011 status
+2008-07-24 23:44:51.719: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
+2008-07-24 23:44:51.719: debug: Check KSK status
+2008-07-24 23:44:51.720: debug: Check ZSK status
+2008-07-24 23:44:51.720: debug: Re-signing necessary: Option -f
+2008-07-24 23:44:51.720: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-24 23:44:51.720: debug: Writing key file "./sub.example.net./dnskey.db"
+2008-07-24 23:44:51.720: debug: Signing zone "sub.example.net."
+2008-07-24 23:44:51.720: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-24 23:44:51.720: debug: Cmd dnssec-signzone return: ""
+2008-07-24 23:44:51.720: debug: Signing completed after 0s.
+2008-07-24 23:44:51.721: notice: "sub.example.net.": distribution triggered
+2008-07-24 23:44:51.721: debug: Distribute zone "sub.example.net."
+2008-07-24 23:44:51.721: debug: Run cmd "./dist.sh distribute sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-24 23:44:51.721: debug: ./dist.sh distribute return: ""
+2008-07-24 23:44:51.721: notice: "sub.example.net.": reload triggered
+2008-07-24 23:44:51.721: debug: Reload zone "sub.example.net."
+2008-07-24 23:44:51.721: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-24 23:44:51.721: debug: ./dist.sh reload return: ""
+2008-07-24 23:44:51.721: debug:
+2008-07-24 23:44:51.721: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-24 23:44:51.721: debug: Check RFC5011 status
+2008-07-24 23:44:51.721: debug: Check ZSK status
+2008-07-24 23:44:51.721: debug: Re-signing necessary: Option -f
+2008-07-24 23:44:51.722: notice: "example.net.": re-signing triggered: Option -f
+2008-07-24 23:44:51.722: debug: Writing key file "./example.net./dnskey.db"
+2008-07-24 23:44:51.722: debug: Incrementing serial number in file "./example.net./zone.db"
+2008-07-24 23:44:51.722: notice: "example.net.": distribution triggered
+2008-07-24 23:44:51.722: debug: Distribute zone "example.net."
+2008-07-24 23:44:51.722: debug: Run cmd "./dist.sh distribute example.net. ./example.net./zone.db.signed"
+2008-07-24 23:44:51.722: debug: ./dist.sh distribute return: ""
+2008-07-24 23:44:51.722: notice: "example.net.": reload triggered
+2008-07-24 23:44:51.722: debug: Reload zone "example.net."
+2008-07-24 23:44:51.722: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
+2008-07-24 23:44:51.722: debug: ./dist.sh reload return: ""
+2008-07-24 23:44:51.723: debug:
+2008-07-24 23:44:51.723: notice: end of run: 0 errors occured
+2008-07-24 23:44:57.039: notice: ------------------------------------------------------------
+2008-07-24 23:44:57.040: notice: running ../../dnssec-signer -n -r -f -v -v
+2008-07-24 23:44:57.042: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-24 23:44:57.042: debug: Check RFC5011 status
+2008-07-24 23:44:57.042: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
+2008-07-24 23:44:57.042: debug: Check KSK status
+2008-07-24 23:44:57.042: debug: Check ZSK status
+2008-07-24 23:44:57.042: debug: Re-signing necessary: Option -f
+2008-07-24 23:44:57.042: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-24 23:44:57.042: debug: Writing key file "./sub.example.net./dnskey.db"
+2008-07-24 23:44:57.042: debug: Signing zone "sub.example.net."
+2008-07-24 23:44:57.042: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-24 23:44:57.042: debug: Cmd dnssec-signzone return: ""
+2008-07-24 23:44:57.042: debug: Signing completed after 0s.
+2008-07-24 23:44:57.042: notice: "sub.example.net.": distribution triggered
+2008-07-24 23:44:57.042: debug: Distribute zone "sub.example.net."
+2008-07-24 23:44:57.042: debug: Run cmd "./dist.sh distribute sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-24 23:44:57.042: debug: ./dist.sh distribute return: ""
+2008-07-24 23:44:57.043: notice: "sub.example.net.": reload triggered
+2008-07-24 23:44:57.043: debug: Reload zone "sub.example.net."
+2008-07-24 23:44:57.043: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-24 23:44:57.043: debug: ./dist.sh reload return: ""
+2008-07-24 23:44:57.043: debug:
+2008-07-24 23:44:57.043: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-24 23:44:57.043: debug: Check RFC5011 status
+2008-07-24 23:44:57.043: debug: Check ZSK status
+2008-07-24 23:44:57.043: debug: Re-signing necessary: Option -f
+2008-07-24 23:44:57.043: notice: "example.net.": re-signing triggered: Option -f
+2008-07-24 23:44:57.043: debug: Writing key file "./example.net./dnskey.db"
+2008-07-24 23:44:57.043: debug: Incrementing serial number in file "./example.net./zone.db"
+2008-07-24 23:44:57.043: notice: "example.net.": distribution triggered
+2008-07-24 23:44:57.043: debug: Distribute zone "example.net."
+2008-07-24 23:44:57.043: debug: Run cmd "./dist.sh distribute example.net. ./example.net./zone.db.signed"
+2008-07-24 23:44:57.043: debug: ./dist.sh distribute return: ""
+2008-07-24 23:44:57.043: notice: "example.net.": reload triggered
+2008-07-24 23:44:57.043: debug: Reload zone "example.net."
+2008-07-24 23:44:57.043: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
+2008-07-24 23:44:57.043: debug: ./dist.sh reload return: ""
+2008-07-24 23:44:57.043: debug:
+2008-07-24 23:44:57.043: notice: end of run: 0 errors occured
+2008-07-25 23:31:07.235: notice: ------------------------------------------------------------
+2008-07-25 23:31:07.236: notice: running ../../dnssec-signer -v -v
+2008-07-25 23:31:07.238: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-25 23:31:07.238: debug: Check RFC5011 status
+2008-07-25 23:31:07.238: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
+2008-07-25 23:31:07.238: debug: Check KSK status
+2008-07-25 23:31:07.238: debug: Check ZSK status
+2008-07-25 23:31:07.238: debug: Lifetime(259200 +/-150 sec) of active key 31081 exceeded (343229 sec)
+2008-07-25 23:31:07.239: debug: ->depreciate it
+2008-07-25 23:31:07.239: debug: ->activate published key 3615
+2008-07-25 23:31:07.239: notice: "sub.example.net.": lifetime of zone signing key 31081 exceeded: ZSK rollover done
+2008-07-25 23:31:07.239: debug: New published key needed
+2008-07-25 23:31:07.397: debug: ->creating new published key 4254
+2008-07-25 23:31:07.397: info: "sub.example.net.": new key 4254 generated for publishing
+2008-07-25 23:31:07.397: debug: Re-signing necessary: New zone key
+2008-07-25 23:31:07.397: notice: "sub.example.net.": re-signing triggered: New zone key
+2008-07-25 23:31:07.398: debug: Writing key file "./sub.example.net./dnskey.db"
+2008-07-25 23:31:07.398: debug: Signing zone "sub.example.net."
+2008-07-25 23:31:07.398: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-25 23:31:07.639: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-25 23:31:07.639: debug: Signing completed after 0s.
+2008-07-25 23:31:07.639: debug:
+2008-07-25 23:31:07.639: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-25 23:31:07.639: debug: Check RFC5011 status
+2008-07-25 23:31:07.639: debug: Check ZSK status
+2008-07-25 23:31:07.639: debug: Re-signing necessary: Modified keys
+2008-07-25 23:31:07.639: notice: "example.net.": re-signing triggered: Modified keys
+2008-07-25 23:31:07.639: debug: Writing key file "./example.net./dnskey.db"
+2008-07-25 23:31:07.640: debug: Incrementing serial number in file "./example.net./zone.db"
+2008-07-25 23:31:07.640: debug: Signing zone "example.net."
+2008-07-25 23:31:07.640: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
+2008-07-25 23:31:07.783: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-25 23:31:07.783: debug: Signing completed after 0s.
+2008-07-25 23:31:07.783: debug:
+2008-07-25 23:31:07.783: notice: end of run: 0 errors occured
+2008-07-25 23:32:27.052: notice: ------------------------------------------------------------
+2008-07-25 23:32:27.052: notice: running ../../dnssec-signer -v -v
+2008-07-25 23:32:27.054: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-25 23:32:27.054: debug: Check RFC5011 status
+2008-07-25 23:32:27.054: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
+2008-07-25 23:32:27.054: debug: Check KSK status
+2008-07-25 23:32:27.054: debug: Check ZSK status
+2008-07-25 23:32:27.054: debug: Re-signing not necessary!
+2008-07-25 23:32:27.054: debug: Check if there is a parent file to copy
+2008-07-25 23:32:27.054: debug:
+2008-07-25 23:32:27.054: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-25 23:32:27.054: debug: Check RFC5011 status
+2008-07-25 23:32:27.054: debug: Check ZSK status
+2008-07-25 23:32:27.054: debug: Re-signing not necessary!
+2008-07-25 23:32:27.054: debug: Check if there is a parent file to copy
+2008-07-25 23:32:27.057: debug:
+2008-07-25 23:32:27.057: notice: end of run: 0 errors occured
+2008-07-31 00:25:52.601: notice: ------------------------------------------------------------
+2008-07-31 00:25:52.601: notice: running ../../dnssec-signer -v -v
+2008-07-31 00:25:52.604: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-31 00:25:52.604: debug: Check RFC5011 status
+2008-07-31 00:25:52.604: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
+2008-07-31 00:25:52.604: debug: Check KSK status
+2008-07-31 00:25:52.604: debug: Check ZSK status
+2008-07-31 00:25:52.604: debug: Lifetime(390 sec) of depreciated key 31081 exceeded (435285 sec)
+2008-07-31 00:25:52.604: info: "sub.example.net.": old ZSK 31081 removed
+2008-07-31 00:25:52.605: debug: ->remove it
+2008-07-31 00:25:52.605: debug: Lifetime(259200 +/-150 sec) of active key 3615 exceeded (435285 sec)
+2008-07-31 00:25:52.605: debug: ->depreciate it
+2008-07-31 00:25:52.605: debug: ->activate published key 4254
+2008-07-31 00:25:52.605: notice: "sub.example.net.": lifetime of zone signing key 3615 exceeded: ZSK rollover done
+2008-07-31 00:25:52.605: debug: New key for publishing needed
+2008-07-31 00:25:53.128: debug: ->creating new key 56744
+2008-07-31 00:25:53.128: info: "sub.example.net.": new key 56744 generated for publishing
+2008-07-31 00:25:53.128: debug: Re-signing necessary: New zone key
+2008-07-31 00:25:53.128: notice: "sub.example.net.": re-signing triggered: New zone key
+2008-07-31 00:25:53.128: debug: Writing key file "./sub.example.net./dnskey.db"
+2008-07-31 00:25:53.128: debug: Signing zone "sub.example.net."
+2008-07-31 00:25:53.128: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-31 00:25:53.332: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-31 00:25:53.332: debug: Signing completed after 0s.
+2008-07-31 00:25:53.332: debug:
+2008-07-31 00:25:53.332: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-31 00:25:53.332: debug: Check RFC5011 status
+2008-07-31 00:25:53.332: debug: Check ZSK status
+2008-07-31 00:25:53.332: debug: Re-signing necessary: re-signing interval (2d) reached
+2008-07-31 00:25:53.332: notice: "example.net.": re-signing triggered: re-signing interval (2d) reached
+2008-07-31 00:25:53.332: debug: Writing key file "./example.net./dnskey.db"
+2008-07-31 00:25:53.333: debug: Incrementing serial number in file "./example.net./zone.db"
+2008-07-31 00:25:53.333: debug: Signing zone "example.net."
+2008-07-31 00:25:53.333: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
+2008-07-31 00:25:53.477: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-31 00:25:53.477: debug: Signing completed after 0s.
+2008-07-31 00:25:53.477: debug:
+2008-07-31 00:25:53.477: notice: end of run: 0 errors occured
+2008-07-31 13:19:17.447: notice: ------------------------------------------------------------
+2008-07-31 13:19:17.447: notice: running ../../dnssec-signer -v -v
+2008-07-31 13:19:17.449: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-31 13:19:17.449: debug: Check RFC5011 status
+2008-07-31 13:19:17.450: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
+2008-07-31 13:19:17.450: debug: Check KSK status
+2008-07-31 13:19:17.450: debug: Check ZSK status
+2008-07-31 13:19:17.450: debug: Lifetime(390 sec) of depreciated key 3615 exceeded (46405 sec)
+2008-07-31 13:19:17.450: info: "sub.example.net.": old ZSK 3615 removed
+2008-07-31 13:19:17.450: debug: ->remove it
+2008-07-31 13:19:17.450: debug: Re-signing necessary: New zone key
+2008-07-31 13:19:17.451: notice: "sub.example.net.": re-signing triggered: New zone key
+2008-07-31 13:19:17.451: debug: Writing key file "./sub.example.net./dnskey.db"
+2008-07-31 13:19:17.451: debug: Signing zone "sub.example.net."
+2008-07-31 13:19:17.451: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-31 13:19:17.943: debug: Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-31 13:19:17.944: debug: Signing completed after 0s.
+2008-07-31 13:19:17.944: debug:
+2008-07-31 13:19:17.944: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-31 13:19:17.944: debug: Check RFC5011 status
+2008-07-31 13:19:17.944: debug: Check ZSK status
+2008-07-31 13:19:17.944: debug: Re-signing not necessary!
+2008-07-31 13:19:17.944: debug: Check if there is a parent file to copy
+2008-07-31 13:19:17.944: debug:
+2008-07-31 13:19:17.945: notice: end of run: 0 errors occured
diff --git a/contrib/zkt/examples/flat/zone.conf b/contrib/zkt/examples/flat/zone.conf
new file mode 100644
index 0000000..0ccc7f6
--- /dev/null
+++ b/contrib/zkt/examples/flat/zone.conf
@@ -0,0 +1,10 @@
+
+zone "example.NET." in {
+ type master;
+ file "example.net./zone.db.signed";
+};
+
+zone "sub.example.NET." in {
+ type master;
+ file "sub.example.net./zone.db.signed";
+};
generated by cgit (git 2.34.1) at 2024-04-28 00:01:28 +0000