diff options
Diffstat (limited to 'contrib/zkt/examples/flat')
47 files changed, 3683 insertions, 0 deletions
diff --git a/contrib/zkt/examples/flat/dist.sh b/contrib/zkt/examples/flat/dist.sh new file mode 100755 index 0000000..c112f55 --- /dev/null +++ b/contrib/zkt/examples/flat/dist.sh @@ -0,0 +1,70 @@ +################################################################# +# +# @(#) dist.sh -- distribute and reload command for dnssec-signer +# +# (c) Jul 2008 Holger Zuleger hznet.de +# +# This shell script will be run by dnssec-signer as a distribution +# and reload command if: +# +# a) the dnssec.conf file parameter Distribute_Cmd: points +# to this file +# and +# b) the user running the dnssec-signer command is not +# root (uid==0) +# and +# c) the owner of this shell script is the same as the +# running user and the access rights don't allow writing +# for anyone except the owner +# or +# d) the group of this shell script is the same as the +# running user and the access rights don't allow writing +# for anyone except the group +# +################################################################# + +# set path to rndc and scp +PATH="/bin:/usr/bin:/usr/local/sbin" + +# remote server and directory +server=localhost # fqdn of remote name server +dir=/var/named # zone directory on remote name server + +progname=$0 +usage() +{ + echo "usage: $progname distribute|reload <domain> <path_to_zonefile> [<viewname>]" 1>&2 + test $# -gt 0 && echo $* 1>&2 + exit 1 +} + +if test $# -lt 3 +then + usage +fi +action="$1" +domain="$2" +zonefile="$3" +view="" +test $# -gt 3 && view="$4" + +case $action in +distribute) + if test -n "$view" + then + echo "scp $zonefile $server:$dir/$view/$domain/" + : scp $zonefile $server:$dir/$view/$domain/ + else + echo "scp $zonefile $server:$dir/$domain/" + : scp $zonefile $server:$dir/$domain/ + fi + ;; +reload) + echo "rndc $action $zone $view" + : rndc $action $zone $view + ;; +*) + usage "illegal action $action" + ;; +esac + diff --git a/contrib/zkt/examples/flat/dnssec.conf b/contrib/zkt/examples/flat/dnssec.conf new file mode 100644 index 0000000..2bd9c58 --- /dev/null +++ b/contrib/zkt/examples/flat/dnssec.conf @@ -0,0 +1,41 @@ +# +# @(#) dnssec.conf vT0.96 (c) Feb 2005 - May 2008 Holger Zuleger hznet.de +# + +# dnssec-zkt options +Zonedir: "." +Recursive: True +PrintTime: False +PrintAge: True +LeftJustify: False + +# zone specific values +ResignInterval: 2d # (172800 seconds) +Sigvalidity: 6d # (518400 seconds) +Max_TTL: 8h # (28800 seconds) +Propagation: 5m # (300 seconds) +KEY_TTL: 1h # (3600 seconds) +Serialformat: incremental + +# signing key parameters +KSK_lifetime: 60d # (5184000 seconds) +KSK_algo: RSASHA1 # (Algorithm ID 5) +KSK_bits: 1300 +KSK_randfile: "/dev/urandom" +ZSK_lifetime: 2w # (1209600 seconds) +ZSK_algo: RSASHA1 # (Algorithm ID 5) +ZSK_bits: 512 +ZSK_randfile: "/dev/urandom" + +# dnssec-signer options +LogFile: "zkt.log" +LogLevel: debug +SyslogFacility: USER +SyslogLevel: notice +VerboseLog: 2 +Keyfile: "dnskey.db" +Zonefile: "zone.db" +KeySetDir: "../keysets" +DLV_Domain: "" +Sig_Pseudorand: True +Distribute_Cmd: "./dist.sh" diff --git a/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+003+42138.key b/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+003+42138.key new file mode 100644 index 0000000..6a64c44 --- /dev/null +++ b/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+003+42138.key @@ -0,0 +1,3 @@ +;% generationtime=20080609224426 +;% lifetime=60d +dyn.example.net. IN DNSKEY 257 3 3 CNtFdVrUUJ9MPDyzGoPm+tSKUgnX4bble5+VNGd4RjwWpEDj8RhEAhQ7 LybJzr0wtHXT2Q/KS55xARkUtcH2TVO/ayMupa30pM38rd8uF38sm+AB KLEvCbPjaLZyW+s10di8nLp1aAxKFFfAEfXkIhl3Wm5g9CvjrMlrxAOf Ny/jtz4v+asIr6/d992V80G9wMKMvTMQoCr4Sp9s2JubW79i4RBVWgHH JMmtyqq+SqEkPhZvsTuo2sXgIH9vRS3XgfkGtw/KyTUM29bhZ2eB+Ldq +bggp1gbBDiSsxZPjxciizI/mCzXWbq8BdfZ6LsddMjAolJwCtaPCD4e 4infmw+YSxjGau+YGgI0Cc0uItzQmNNpSoejM3IWGV+SN/YuPJIzw8wi xDfO6kCNiPsW45Fvq31148cAvUvwiqYPQ3fONeOTdQjsJWLLdLTApVEH 10kjAGfa30Tm92lQhhG5ovWrWCMbFlw4Lbvlon+X2snWPNut0a1Pz4Wd clDcmNU8dxi1lFvGbcJ0E4qBoJVBIzDh4HX1 diff --git a/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+003+42138.private b/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+003+42138.private new file mode 100644 index 0000000..4f7ec3d --- /dev/null +++ b/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+003+42138.private @@ -0,0 +1,7 @@ +Private-key-format: v1.2 +Algorithm: 3 (DSA) +Prime(p): 4bble5+VNGd4RjwWpEDj8RhEAhQ7LybJzr0wtHXT2Q/KS55xARkUtcH2TVO/ayMupa30pM38rd8uF38sm+ABKLEvCbPjaLZyW+s10di8nLp1aAxKFFfAEfXkIhl3Wm5g9CvjrMlrxAOfNy/jtz4v+asIr6/d992V80G9wMKMvTM= +Subprime(q): 20V1WtRQn0w8PLMag+b61IpSCdc= +Base(g): EKAq+EqfbNibm1u/YuEQVVoBxyTJrcqqvkqhJD4Wb7E7qNrF4CB/b0Ut14H5BrcPysk1DNvW4Wdngfi3avm4IKdYGwQ4krMWT48XIosyP5gs11m6vAXX2ei7HXTIwKJScArWjwg+HuIp35sPmEsYxmrvmBoCNAnNLiLc0JjTaUo= +Private_value(x): xY/GSk3U4oHIsvUiAs/9/n+6ttk= +Public_value(y): h6MzchYZX5I39i48kjPDzCLEN87qQI2I+xbjkW+rfXXjxwC9S/CKpg9Dd84145N1COwlYst0tMClUQfXSSMAZ9rfROb3aVCGEbmi9atYIxsWXDgtu+Wif5faydY8263RrU/PhZ1yUNyY1Tx3GLWUW8ZtwnQTioGglUEjMOHgdfU= diff --git a/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+005+01355.key b/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+005+01355.key new file mode 100644 index 0000000..d129398 --- /dev/null +++ b/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+005+01355.key @@ -0,0 +1,3 @@ +;% generationtime=20080609224426 +;% lifetime=14d +dyn.example.net. IN DNSKEY 256 3 5 BQEAAAAB1hmOomNafbJ3H76e8V4qmFvlFWQuIkM+jbh+s79ZpErpCR7w BS5TswdoTeglX9UjP0D6hLmHfTcsdHQLLeMidQ== diff --git a/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+005+01355.private b/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+005+01355.private new file mode 100644 index 0000000..3692946 --- /dev/null +++ b/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+005+01355.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: 1hmOomNafbJ3H76e8V4qmFvlFWQuIkM+jbh+s79ZpErpCR7wBS5TswdoTeglX9UjP0D6hLmHfTcsdHQLLeMidQ== +PublicExponent: AQAAAAE= +PrivateExponent: dAiTob6wk4h5l6frfh49NAzd3RBsVRxqqCsMao52fJvlK06wmOb9PkqOaEMTDroJEGgN6zD/sWcGPK7nYwDMHQ== +Prime1: 731n5xPK9UQqQsQtattcC4MxtL6+OP1CyLy8e2tsd/8= +Prime2: 5NwPUBy32o2zzpw4TDH3omB6yk0fmFItJx4ek3RaBYs= +Exponent1: jzq6en2c8SwS5uQwY3/vFY549HMSTxP58kyS/GJ9hqE= +Exponent2: y52KLCquniy3EwUypKRkPZPftjBoqZkXeQLXSk4b850= +Coefficient: vHnxG4D4n+IKETXrutOFT+iREDDcfj6GpYubIP/goZc= diff --git a/contrib/zkt/examples/flat/dyn.example.net./dnskey.db b/contrib/zkt/examples/flat/dyn.example.net./dnskey.db new file mode 100644 index 0000000..e0f978e --- /dev/null +++ b/contrib/zkt/examples/flat/dyn.example.net./dnskey.db @@ -0,0 +1,29 @@ +; +; !!! Don't edit this file by hand. +; !!! It will be generated by dnssec-signer. +; +; Last generation time Jun 12 2008 18:28:38 +; + +; *** List of Key Signing Keys *** +; dyn.example.net. tag=42138 algo=DSA generated Jun 10 2008 00:44:26 +dyn.example.net. 14400 IN DNSKEY 257 3 3 ( + CNtFdVrUUJ9MPDyzGoPm+tSKUgnX4bble5+VNGd4RjwWpEDj8RhEAhQ7 + LybJzr0wtHXT2Q/KS55xARkUtcH2TVO/ayMupa30pM38rd8uF38sm+AB + KLEvCbPjaLZyW+s10di8nLp1aAxKFFfAEfXkIhl3Wm5g9CvjrMlrxAOf + Ny/jtz4v+asIr6/d992V80G9wMKMvTMQoCr4Sp9s2JubW79i4RBVWgHH + JMmtyqq+SqEkPhZvsTuo2sXgIH9vRS3XgfkGtw/KyTUM29bhZ2eB+Ldq + +bggp1gbBDiSsxZPjxciizI/mCzXWbq8BdfZ6LsddMjAolJwCtaPCD4e + 4infmw+YSxjGau+YGgI0Cc0uItzQmNNpSoejM3IWGV+SN/YuPJIzw8wi + xDfO6kCNiPsW45Fvq31148cAvUvwiqYPQ3fONeOTdQjsJWLLdLTApVEH + 10kjAGfa30Tm92lQhhG5ovWrWCMbFlw4Lbvlon+X2snWPNut0a1Pz4Wd + clDcmNU8dxi1lFvGbcJ0E4qBoJVBIzDh4HX1 + ) ; key id = 42138 + +; *** List of Zone Signing Keys *** +; dyn.example.net. tag=1355 algo=RSASHA1 generated Jun 10 2008 00:44:26 +dyn.example.net. 14400 IN DNSKEY 256 3 5 ( + BQEAAAAB1hmOomNafbJ3H76e8V4qmFvlFWQuIkM+jbh+s79ZpErpCR7w + BS5TswdoTeglX9UjP0D6hLmHfTcsdHQLLeMidQ== + ) ; key id = 1355 + diff --git a/contrib/zkt/examples/flat/dyn.example.net./dnssec.conf b/contrib/zkt/examples/flat/dyn.example.net./dnssec.conf new file mode 100644 index 0000000..0998fda --- /dev/null +++ b/contrib/zkt/examples/flat/dyn.example.net./dnssec.conf @@ -0,0 +1,5 @@ +# signing key parameters +KSK_lifetime: 60d # (5184000 seconds) +KSK_algo: DSA +KSK_bits: 1024 +KSK_randfile: "/dev/urandom" diff --git a/contrib/zkt/examples/flat/dyn.example.net./dsset-dyn.example.net. b/contrib/zkt/examples/flat/dyn.example.net./dsset-dyn.example.net. new file mode 100644 index 0000000..f94666a --- /dev/null +++ b/contrib/zkt/examples/flat/dyn.example.net./dsset-dyn.example.net. @@ -0,0 +1,2 @@ +dyn.example.net. IN DS 42138 3 1 0F49FCDB683D1903F69B6779DB55CA3472974879 +dyn.example.net. IN DS 42138 3 2 94AC94BFE3AFA17F7485F5F741274074FF2E26A360D776D8884F2689 CCED34C6 diff --git a/contrib/zkt/examples/flat/dyn.example.net./keyset-dyn.example.net. b/contrib/zkt/examples/flat/dyn.example.net./keyset-dyn.example.net. new file mode 100644 index 0000000..002217b --- /dev/null +++ b/contrib/zkt/examples/flat/dyn.example.net./keyset-dyn.example.net. @@ -0,0 +1,18 @@ +$ORIGIN . +dyn.example.net 7200 IN DNSKEY 257 3 3 ( + CNtFdVrUUJ9MPDyzGoPm+tSKUgnX4bble5+V + NGd4RjwWpEDj8RhEAhQ7LybJzr0wtHXT2Q/K + S55xARkUtcH2TVO/ayMupa30pM38rd8uF38s + m+ABKLEvCbPjaLZyW+s10di8nLp1aAxKFFfA + EfXkIhl3Wm5g9CvjrMlrxAOfNy/jtz4v+asI + r6/d992V80G9wMKMvTMQoCr4Sp9s2JubW79i + 4RBVWgHHJMmtyqq+SqEkPhZvsTuo2sXgIH9v + RS3XgfkGtw/KyTUM29bhZ2eB+Ldq+bggp1gb + BDiSsxZPjxciizI/mCzXWbq8BdfZ6LsddMjA + olJwCtaPCD4e4infmw+YSxjGau+YGgI0Cc0u + ItzQmNNpSoejM3IWGV+SN/YuPJIzw8wixDfO + 6kCNiPsW45Fvq31148cAvUvwiqYPQ3fONeOT + dQjsJWLLdLTApVEH10kjAGfa30Tm92lQhhG5 + ovWrWCMbFlw4Lbvlon+X2snWPNut0a1Pz4Wd + clDcmNU8dxi1lFvGbcJ0E4qBoJVBIzDh4HX1 + ) ; key id = 42138 diff --git a/contrib/zkt/examples/flat/dyn.example.net./zone.db b/contrib/zkt/examples/flat/dyn.example.net./zone.db new file mode 100644 index 0000000..ee557b8 --- /dev/null +++ b/contrib/zkt/examples/flat/dyn.example.net./zone.db @@ -0,0 +1,136 @@ +; File written on Thu Jun 12 18:28:34 2008 +; dnssec_signzone version 9.5.0 +dyn.example.net. 7200 IN SOA ns1.example.net. hostmaster.example.net. ( + 7 ; serial + 43200 ; refresh (12 hours) + 1800 ; retry (30 minutes) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 7200 RRSIG SOA 5 3 7200 20080622152834 ( + 20080612152834 1355 dyn.example.net. + h8oKA1I7aC378Cll7LdhM2XZzrtsoxOdPaas + SMAd5Ok2zobl8i4nTpxUzmJE27U+yEeOJkf+ + SXgsy934gAaYLw== ) + 7200 NS ns1.example.net. + 7200 NS ns2.example.net. + 7200 RRSIG NS 5 3 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + xuEEg3kN7hAVIwdQ8l8lmeEzNhrtz5Ow1PQK + Sm3KTIxXI8RLcqZgc4pMlCWq+gWwxekvxJwz + lU0C+J4VPkA8pA== ) + 7200 NSEC localhost.dyn.example.net. NS SOA RRSIG NSEC DNSKEY + 7200 RRSIG NSEC 5 3 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + XFDBfmcN874qUtNsGwD9Ir0QAzjYMw3BI40I + HFEOkTBJouhQ8RBpR6YqgWpkLqg1khvES5DH + +6XuqA8u/xPmbw== ) + 3600 DNSKEY 256 3 5 ( + BQEAAAAB1hmOomNafbJ3H76e8V4qmFvlFWQu + IkM+jbh+s79ZpErpCR7wBS5TswdoTeglX9Uj + P0D6hLmHfTcsdHQLLeMidQ== + ) ; key id = 1355 + 3600 DNSKEY 257 3 3 ( + CNtFdVrUUJ9MPDyzGoPm+tSKUgnX4bble5+V + NGd4RjwWpEDj8RhEAhQ7LybJzr0wtHXT2Q/K + S55xARkUtcH2TVO/ayMupa30pM38rd8uF38s + m+ABKLEvCbPjaLZyW+s10di8nLp1aAxKFFfA + EfXkIhl3Wm5g9CvjrMlrxAOfNy/jtz4v+asI + r6/d992V80G9wMKMvTMQoCr4Sp9s2JubW79i + 4RBVWgHHJMmtyqq+SqEkPhZvsTuo2sXgIH9v + RS3XgfkGtw/KyTUM29bhZ2eB+Ldq+bggp1gb + BDiSsxZPjxciizI/mCzXWbq8BdfZ6LsddMjA + olJwCtaPCD4e4infmw+YSxjGau+YGgI0Cc0u + ItzQmNNpSoejM3IWGV+SN/YuPJIzw8wixDfO + 6kCNiPsW45Fvq31148cAvUvwiqYPQ3fONeOT + dQjsJWLLdLTApVEH10kjAGfa30Tm92lQhhG5 + ovWrWCMbFlw4Lbvlon+X2snWPNut0a1Pz4Wd + clDcmNU8dxi1lFvGbcJ0E4qBoJVBIzDh4HX1 + ) ; key id = 42138 + 3600 RRSIG DNSKEY 3 3 3600 20080615214426 ( + 20080609214426 42138 dyn.example.net. + CIIuZ4cbwEWxoPGO6KDcLRO4Z3y0i2VhXy+5 + 1X+nmHSkpcKJrUty/wY= ) + 3600 RRSIG DNSKEY 5 3 3600 20080615214426 ( + 20080609214426 1355 dyn.example.net. + xGL6ZjA7v2RjPj7BnYjCvsgMRm/Z94j4c5K4 + 7twJsUZ0AO/mURIpdbCigDfFJuK2fy/8X4Vi + 9K8P4EgCcj52Jw== ) +localhost.dyn.example.net. 7200 IN A 127.0.0.1 + 7200 RRSIG A 5 4 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + s+RvcycC8aAYgRcR5qBdVXhpRxBMTFS5Q0Pk + FN7OAdfmJ/3nV7+ehu0eOZ2ZjO2Pm4ZFcSM1 + Sm1ttNxSTe2M8A== ) + 7200 NSEC ns1.dyn.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 4 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + ZhXlmS/WJPbIiXwLKzNFOxw7RU3owfTA8vEM + +/SDZO/7+aVSj5IgbsUs3qLAuFrMN8BFEAWt + AqArf+M3STbO9g== ) +ns1.dyn.example.net. 7200 IN A 1.0.0.5 + 7200 RRSIG A 5 4 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + gPY1vUcxdWRJ1YbFMg/8rgoPZwta6rFrxQZl + KbyBNctNmlbXxeynP6j3qjwq9dydzbNt+sjO + TdWtXSZIlU2JKQ== ) + 7200 AAAA 2001:db8::53 + 7200 RRSIG AAAA 5 4 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + Y/PZmvaKPq4CqDvdG7eA2sxlnCPeNKHkZOB4 + eDvK1x+q/WfTs3BDd3+g4zlG5nMC+NRSlXeO + Q4Pxd2rI9ud1hA== ) + 7200 NSEC ns2.dyn.example.net. A AAAA RRSIG NSEC + 7200 RRSIG NSEC 5 4 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + pLgxecgjqGdhVmCcUl59FljWsnC4bjkslUdt + 0etzeGD1SNGUqhFcW10EgZE4Y9pXwvLvw68R + sj80tqtN0NHi/Q== ) +ns2.dyn.example.net. 7200 IN A 1.2.0.6 + 7200 RRSIG A 5 4 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + pHtJzfj0HU/AkLE70xT0UG8M/Gvvsia61TnC + UrxR/61uQk1X4Vy2+oPA14Yb2QJ7ZHG5D1cn + LrVtjyQbfimbOA== ) + 7200 NSEC x.dyn.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 4 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + vjPL9Mb6oUyg9y8m+BpVpTRpac9+WJxu8FHd + Xv4xk67NN+L+Zpukm0D8LSOrk4hZk0X5JkLD + Pz/gpH280yQJFA== ) +x.dyn.example.net. 7200 IN A 1.2.3.4 + 7200 RRSIG A 5 4 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + tFyv0gmTKt8/IXdH9VA1H1ymBQ8EIviN2xbC + P8vzWZbay3Az2GPObYmaHKb1dm+Sq1dQUJsb + jn6fdB+T2Zs9Pw== ) + 7200 NSEC y.dyn.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 4 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + bWhiuA+4V86k/bfw7XQ7qDHwxTwbTyN+2gu5 + MeYQA/WeHdb+3QUOYr6aERRJlbD4q431d4f7 + 0sIwBMHOsDjTSA== ) +y.dyn.example.net. 7200 IN A 1.2.3.5 + 7200 RRSIG A 5 4 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + KQbZCcMcXWwGUyHyubt0VRhrpgiOel/0rQpF + 18PyCNIAUIdRra1+Tj12ZaCBT2x5fu+/rtki + qA5CzWo8HIPwmA== ) + 7200 NSEC z.dyn.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 4 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + e/zPTQ1WxvSJymZ/QSyPYFRYpc8gScTbwfXY + mSyhQGyn1FjfLodAvyicNYbKF/oxR7IaXKLn + lO6C9gQ+Iu9wyw== ) +z.dyn.example.net. 7200 IN A 1.2.3.6 + 7200 RRSIG A 5 4 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + hv9KA2BS+b97KSebN4h/nrP8cU4FUASHdsZj + E2GMTf1aV3gpUyPf8LizKhLbUo/LF0bO3CpJ + rWBT4VggwE8blQ== ) + 7200 NSEC dyn.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 4 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + r8f5dzQcdnn8gvr0jiExt/n4IUCVKID9Nahx + XMDPLrA7ZH7omol+hKz6wlumYmjphlP2mHUU + TNZYnWKCkD3hAQ== ) diff --git a/contrib/zkt/examples/flat/dyn.example.net./zone.db.dsigned b/contrib/zkt/examples/flat/dyn.example.net./zone.db.dsigned new file mode 100644 index 0000000..9e4c5c8 --- /dev/null +++ b/contrib/zkt/examples/flat/dyn.example.net./zone.db.dsigned @@ -0,0 +1,136 @@ +; File written on Thu Jun 12 18:28:39 2008 +; dnssec_signzone version 9.5.0 +dyn.example.net. 7200 IN SOA ns1.example.net. hostmaster.example.net. ( + 8 ; serial + 43200 ; refresh (12 hours) + 1800 ; retry (30 minutes) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 7200 RRSIG SOA 5 3 7200 20080622152838 ( + 20080612152838 1355 dyn.example.net. + GXyAKsmJ3D+pFic86kQxw+ASoAeGwuGj2rY+ + fby0HR5ud3i/Iq857ZlluDbQbg1EKZuar0l5 + e7HwrB59bxKAuw== ) + 7200 NS ns1.example.net. + 7200 NS ns2.example.net. + 7200 RRSIG NS 5 3 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + xuEEg3kN7hAVIwdQ8l8lmeEzNhrtz5Ow1PQK + Sm3KTIxXI8RLcqZgc4pMlCWq+gWwxekvxJwz + lU0C+J4VPkA8pA== ) + 7200 NSEC localhost.dyn.example.net. NS SOA RRSIG NSEC DNSKEY + 7200 RRSIG NSEC 5 3 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + XFDBfmcN874qUtNsGwD9Ir0QAzjYMw3BI40I + HFEOkTBJouhQ8RBpR6YqgWpkLqg1khvES5DH + +6XuqA8u/xPmbw== ) + 3600 DNSKEY 256 3 5 ( + BQEAAAAB1hmOomNafbJ3H76e8V4qmFvlFWQu + IkM+jbh+s79ZpErpCR7wBS5TswdoTeglX9Uj + P0D6hLmHfTcsdHQLLeMidQ== + ) ; key id = 1355 + 3600 DNSKEY 257 3 3 ( + CNtFdVrUUJ9MPDyzGoPm+tSKUgnX4bble5+V + NGd4RjwWpEDj8RhEAhQ7LybJzr0wtHXT2Q/K + S55xARkUtcH2TVO/ayMupa30pM38rd8uF38s + m+ABKLEvCbPjaLZyW+s10di8nLp1aAxKFFfA + EfXkIhl3Wm5g9CvjrMlrxAOfNy/jtz4v+asI + r6/d992V80G9wMKMvTMQoCr4Sp9s2JubW79i + 4RBVWgHHJMmtyqq+SqEkPhZvsTuo2sXgIH9v + RS3XgfkGtw/KyTUM29bhZ2eB+Ldq+bggp1gb + BDiSsxZPjxciizI/mCzXWbq8BdfZ6LsddMjA + olJwCtaPCD4e4infmw+YSxjGau+YGgI0Cc0u + ItzQmNNpSoejM3IWGV+SN/YuPJIzw8wixDfO + 6kCNiPsW45Fvq31148cAvUvwiqYPQ3fONeOT + dQjsJWLLdLTApVEH10kjAGfa30Tm92lQhhG5 + ovWrWCMbFlw4Lbvlon+X2snWPNut0a1Pz4Wd + clDcmNU8dxi1lFvGbcJ0E4qBoJVBIzDh4HX1 + ) ; key id = 42138 + 3600 RRSIG DNSKEY 3 3 3600 20080615214426 ( + 20080609214426 42138 dyn.example.net. + CIIuZ4cbwEWxoPGO6KDcLRO4Z3y0i2VhXy+5 + 1X+nmHSkpcKJrUty/wY= ) + 3600 RRSIG DNSKEY 5 3 3600 20080615214426 ( + 20080609214426 1355 dyn.example.net. + xGL6ZjA7v2RjPj7BnYjCvsgMRm/Z94j4c5K4 + 7twJsUZ0AO/mURIpdbCigDfFJuK2fy/8X4Vi + 9K8P4EgCcj52Jw== ) +localhost.dyn.example.net. 7200 IN A 127.0.0.1 + 7200 RRSIG A 5 4 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + s+RvcycC8aAYgRcR5qBdVXhpRxBMTFS5Q0Pk + FN7OAdfmJ/3nV7+ehu0eOZ2ZjO2Pm4ZFcSM1 + Sm1ttNxSTe2M8A== ) + 7200 NSEC ns1.dyn.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 4 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + ZhXlmS/WJPbIiXwLKzNFOxw7RU3owfTA8vEM + +/SDZO/7+aVSj5IgbsUs3qLAuFrMN8BFEAWt + AqArf+M3STbO9g== ) +ns1.dyn.example.net. 7200 IN A 1.0.0.5 + 7200 RRSIG A 5 4 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + gPY1vUcxdWRJ1YbFMg/8rgoPZwta6rFrxQZl + KbyBNctNmlbXxeynP6j3qjwq9dydzbNt+sjO + TdWtXSZIlU2JKQ== ) + 7200 AAAA 2001:db8::53 + 7200 RRSIG AAAA 5 4 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + Y/PZmvaKPq4CqDvdG7eA2sxlnCPeNKHkZOB4 + eDvK1x+q/WfTs3BDd3+g4zlG5nMC+NRSlXeO + Q4Pxd2rI9ud1hA== ) + 7200 NSEC ns2.dyn.example.net. A AAAA RRSIG NSEC + 7200 RRSIG NSEC 5 4 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + pLgxecgjqGdhVmCcUl59FljWsnC4bjkslUdt + 0etzeGD1SNGUqhFcW10EgZE4Y9pXwvLvw68R + sj80tqtN0NHi/Q== ) +ns2.dyn.example.net. 7200 IN A 1.2.0.6 + 7200 RRSIG A 5 4 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + pHtJzfj0HU/AkLE70xT0UG8M/Gvvsia61TnC + UrxR/61uQk1X4Vy2+oPA14Yb2QJ7ZHG5D1cn + LrVtjyQbfimbOA== ) + 7200 NSEC x.dyn.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 4 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + vjPL9Mb6oUyg9y8m+BpVpTRpac9+WJxu8FHd + Xv4xk67NN+L+Zpukm0D8LSOrk4hZk0X5JkLD + Pz/gpH280yQJFA== ) +x.dyn.example.net. 7200 IN A 1.2.3.4 + 7200 RRSIG A 5 4 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + tFyv0gmTKt8/IXdH9VA1H1ymBQ8EIviN2xbC + P8vzWZbay3Az2GPObYmaHKb1dm+Sq1dQUJsb + jn6fdB+T2Zs9Pw== ) + 7200 NSEC y.dyn.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 4 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + bWhiuA+4V86k/bfw7XQ7qDHwxTwbTyN+2gu5 + MeYQA/WeHdb+3QUOYr6aERRJlbD4q431d4f7 + 0sIwBMHOsDjTSA== ) +y.dyn.example.net. 7200 IN A 1.2.3.5 + 7200 RRSIG A 5 4 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + KQbZCcMcXWwGUyHyubt0VRhrpgiOel/0rQpF + 18PyCNIAUIdRra1+Tj12ZaCBT2x5fu+/rtki + qA5CzWo8HIPwmA== ) + 7200 NSEC z.dyn.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 4 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + e/zPTQ1WxvSJymZ/QSyPYFRYpc8gScTbwfXY + mSyhQGyn1FjfLodAvyicNYbKF/oxR7IaXKLn + lO6C9gQ+Iu9wyw== ) +z.dyn.example.net. 7200 IN A 1.2.3.6 + 7200 RRSIG A 5 4 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + hv9KA2BS+b97KSebN4h/nrP8cU4FUASHdsZj + E2GMTf1aV3gpUyPf8LizKhLbUo/LF0bO3CpJ + rWBT4VggwE8blQ== ) + 7200 NSEC dyn.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 4 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + r8f5dzQcdnn8gvr0jiExt/n4IUCVKID9Nahx + XMDPLrA7ZH7omol+hKz6wlumYmjphlP2mHUU + TNZYnWKCkD3hAQ== ) diff --git a/contrib/zkt/examples/flat/dyn.example.net./zone.org b/contrib/zkt/examples/flat/dyn.example.net./zone.org new file mode 100644 index 0000000..c536fc8 --- /dev/null +++ b/contrib/zkt/examples/flat/dyn.example.net./zone.org @@ -0,0 +1,30 @@ +;----------------------------------------------------------------- +; +; @(#) dyn.example.net/zone.org +; +;----------------------------------------------------------------- + +$TTL 7200 + +@ IN SOA ns1.example.net. hostmaster.example.net. ( + 1 ; Serial + 43200 ; Refresh + 1800 ; Retry + 2W ; Expire + 7200 ) ; Minimum + + IN NS ns1.example.net. + IN NS ns2.example.net. + +ns1 IN A 1.0.0.5 + IN AAAA 2001:db8::53 +ns2 IN A 1.2.0.6 + +localhost IN A 127.0.0.1 + +x IN A 1.2.3.4 +y IN A 1.2.3.5 +z IN A 1.2.3.6 + +$INCLUDE dnskey.db + diff --git a/contrib/zkt/examples/flat/example.net./Kexample.net.+005+01764.key b/contrib/zkt/examples/flat/example.net./Kexample.net.+005+01764.key new file mode 100644 index 0000000..bd273d3 --- /dev/null +++ b/contrib/zkt/examples/flat/example.net./Kexample.net.+005+01764.key @@ -0,0 +1,3 @@ +;% generationtime=20080506212634 +;% lifetime=60d +example.net. IN DNSKEY 257 3 5 BQEAAAABDUi2uSUlDjESbnrnY5wd8+pXxhYVY4wCi2UVjhcehvIb2bF8 VJH2Q9/0ubQR1vQ2VJhsGUj3A7bdTfbMETPxKkZaDpc9lCYrm0z5HDrs lyx4bSb4JX/iCyhgYZXrTVb9WyLXjUtmDUktDjZgsyVshFHVJShBUSj+ YpnfQkndGViDAbJRycXDYEF1hCNmTK3KsR1JS9dXMKI3WidH+B9rLlBU 8w== diff --git a/contrib/zkt/examples/flat/example.net./Kexample.net.+005+01764.published b/contrib/zkt/examples/flat/example.net./Kexample.net.+005+01764.published new file mode 100644 index 0000000..42b8b80 --- /dev/null +++ b/contrib/zkt/examples/flat/example.net./Kexample.net.+005+01764.published @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: DUi2uSUlDjESbnrnY5wd8+pXxhYVY4wCi2UVjhcehvIb2bF8VJH2Q9/0ubQR1vQ2VJhsGUj3A7bdTfbMETPxKkZaDpc9lCYrm0z5HDrslyx4bSb4JX/iCyhgYZXrTVb9WyLXjUtmDUktDjZgsyVshFHVJShBUSj+YpnfQkndGViDAbJRycXDYEF1hCNmTK3KsR1JS9dXMKI3WidH+B9rLlBU8w== +PublicExponent: AQAAAAE= +PrivateExponent: AzPR74ljfqsl7qB92XeCowR3igYQrN59a2Z8VGB1PegjagkBltDzudzYyDKpvqdigjeFLL54f1MN5JCPo4J2Q6Ij49LAQ5GsXiEd/FWlwR+UztOcW/uZ3W6DNIwuMbSY7ruZmpv/zVPpyeY1PVXgCsJlX2Zj/Wt8QHASHp5rUugGQSPQfVSQ/mBdDXMZw2tEb3b10quziCmKuHegopRYeuNXwQ== +Prime1: A+5jXfxmP0Mfnjr4m8BPrPkDyokgFXZB3dXibxeZqp4ypcwpXeO0xTf1FjSZeIOi2RJOzpym914IYa3wPx4zbxmsGeozr1hTIWE+6Xuz0qjE0w== +Prime2: A2EOffOaSvEoTUf/0dF8Z9/dYxIrE9HBbXRjgrlPc+WoG57lCkjxe/KO5Eclg9o5nrTFcsxpsjrdxOAcIcyTIHsXW8YgxDAb1mFJ0V6tBsabYQ== +Exponent1: vmRAN3zHGTV28Oj4gslB/xA58sDyieCkDrpGaGChsPo7yUPOEeZQ8ep/FDnQoZLhLCn6XkKcN4D99Yo3JxVECBJOHZp8HrFsfF9BzpXk2yH9 +Exponent2: Aj8x3YdZJ0/KzwX2m6G2qZ5WktmkDITa+XHxvSashqlBm2niBCRFN5kNQNhkIO5ZAFWKEPuHSB5BZWTzgj8jeB8mRoYtbPlJom4KbNtCiZ6BYQ== +Coefficient: A87WfUPUBfYDuSAu6kcHLAyr0OnqoXnMeXSgyq28CJXdh3Vg39Al8me07wWeRDjMzfpZGdKEhxyvVIS8WhY3du0FYoGI5YhJMqaYq3XjwLfpsQ== diff --git a/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41151.key b/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41151.key new file mode 100644 index 0000000..d72baa9 --- /dev/null +++ b/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41151.key @@ -0,0 +1,3 @@ +;% generationtime=20080420205422 +;% lifetime=60d +example.net. IN DNSKEY 257 3 5 BQEAAAABDAnSCbSyScZdP2M6OQTbTGvZRD5avmDYgAwXv0EsnNautYn7 kzDGwY3oVTXWDTdII+syK0pt0unjUn2ActoXtyFzIk61VRKDroANM9/W O0PO/y50vNIGMJUL1TiMR6jCp23eSxQ39/1A+BeiU+fMjoJK0/Yc7hbM HWwD8myU0IEX8R2iVUTXNPNbmUV2M836Eu5SRLIVTc7P4vjKT1YYVnoQ qw== diff --git a/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41151.private b/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41151.private new file mode 100644 index 0000000..554cd12 --- /dev/null +++ b/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41151.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: DAnSCbSyScZdP2M6OQTbTGvZRD5avmDYgAwXv0EsnNautYn7kzDGwY3oVTXWDTdII+syK0pt0unjUn2ActoXtyFzIk61VRKDroANM9/WO0PO/y50vNIGMJUL1TiMR6jCp23eSxQ39/1A+BeiU+fMjoJK0/Yc7hbMHWwD8myU0IEX8R2iVUTXNPNbmUV2M836Eu5SRLIVTc7P4vjKT1YYVnoQqw== +PublicExponent: AQAAAAE= +PrivateExponent: CJPcx+j7bWxMzKCl395v2PxQRYc/YurHU25oJL9i+B/bkxC8sRzSrTe4rRW61vhtAE3R6+CGz1336igirbEWKjHbPyBg42QHu2OCHWcKv4jq8k9yvtYGb9rKVvSUj4HAfZolr130loWW+CNp5soQQcJG0qxP+YkdI/Z+GDQ9kDbn80+r3wtCtVzjhoq0RoUSH3UnKUbs+DvacQmvepMLcM3PgQ== +Prime1: A413lN4gpI+7Imn2Krm4CGyRCBoNwFa2PSr1ZQN195W5enKVZAkKg+49G7hoduMgjW2RAzwoJp0/4cGPx5nugSv93QT/mTMhYupL9KdGKcYUIQ== +Prime2: A2N7TbYY1Q67CsoqHPvogKEP0XtlN421eF+88Yu/YnAZ3Ikd1nMad7rO1bVWptabsNuw0JFkpOmrS3u/GvaWmKCNGBlGjF/XlKr8Bh63V/zLSw== +Exponent1: Aa0C6ssN8NTZIKsoGJEJLVbb9uB48nXtaMq2FxFARogrnmY0Gi/n8AWFc+ulPvAzJhhrjWF3VW38GcuPe3Ss8l3fpAbAexEnrJHOXxKLlOgmwQ== +Exponent2: j78LKeDXSgTL5WmsffdJHSRe32GfaX6SgTF0BKzKVRuNIiOf7vHjzkDn4gdcTsMLTSNVp/Zj4vkWMkfJNq+AqosHpBFvhmd+boUG4Xde4jSp +Coefficient: A1RWhKCgowdNAWs9OF3Q5CBBzC2Fq6O0CspJJD3cmNTEQVbxEbzSWyW7S1NsBgp+6de/HQ72IFtEAL9ChSy6pXWx27PGK6wE89rGbfaJ9Y2gzQ== diff --git a/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41300.key b/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41300.key new file mode 100644 index 0000000..235a5df --- /dev/null +++ b/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41300.key @@ -0,0 +1,3 @@ +;% generationtime=20080721221039 +;% lifetime=14d +example.net. IN DNSKEY 256 3 5 BQEAAAABz+XkYpKYKuMPi7jA8Y/qfzDuGKdGVadO1kBAK6UnrK+WbxP3 LjoOtWm13QuS8fHsuZipXs2ouT2S9dhdEArKfw== diff --git a/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41300.private b/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41300.private new file mode 100644 index 0000000..b5041c0 --- /dev/null +++ b/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41300.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: z+XkYpKYKuMPi7jA8Y/qfzDuGKdGVadO1kBAK6UnrK+WbxP3LjoOtWm13QuS8fHsuZipXs2ouT2S9dhdEArKfw== +PublicExponent: AQAAAAE= +PrivateExponent: MF8+pDySZKCy1bZvgH9me1xf6cMd7V7FYgIWqRTSGuGpRWdtnIoltaBWjj2UlCshJYiwT0Y5g3obAsorqBC3wQ== +Prime1: 6M83fhmfDJmatbG+texk1m/E7Aj8yOTLommXQYC/18M= +Prime2: 5JtrNfEt434OYY/aIFo+LpKQ4YHmni1IODDoP9sHkpU= +Exponent1: nCZRKBmE9YucwPIw6E1yLiAJ87fqm9IGNLez0kmtV+0= +Exponent2: 4rEtpIoEBRymA2/iJbg+UmyCd1MKp5Mx4WhFTv1KOS0= +Coefficient: v0eWAC3cl0XllkeNGaq5thp02OnHsxVU8Xwtss3dCMw= diff --git a/contrib/zkt/examples/flat/example.net./dnskey.db b/contrib/zkt/examples/flat/example.net./dnskey.db new file mode 100644 index 0000000..6bd2ba0 --- /dev/null +++ b/contrib/zkt/examples/flat/example.net./dnskey.db @@ -0,0 +1,33 @@ +; +; !!! Don't edit this file by hand. +; !!! It will be generated by dnssec-signer. +; +; Last generation time Jul 31 2008 00:25:53 +; + +; *** List of Key Signing Keys *** +; example.net. tag=1764 algo=RSASHA1 generated Jun 19 2008 00:32:22 +example.net. 3600 IN DNSKEY 257 3 5 ( + BQEAAAABDUi2uSUlDjESbnrnY5wd8+pXxhYVY4wCi2UVjhcehvIb2bF8 + VJH2Q9/0ubQR1vQ2VJhsGUj3A7bdTfbMETPxKkZaDpc9lCYrm0z5HDrs + lyx4bSb4JX/iCyhgYZXrTVb9WyLXjUtmDUktDjZgsyVshFHVJShBUSj+ + YpnfQkndGViDAbJRycXDYEF1hCNmTK3KsR1JS9dXMKI3WidH+B9rLlBU + 8w== + ) ; key id = 1764 + +; example.net. tag=41151 algo=RSASHA1 generated Jun 19 2008 00:32:22 +example.net. 3600 IN DNSKEY 257 3 5 ( + BQEAAAABDAnSCbSyScZdP2M6OQTbTGvZRD5avmDYgAwXv0EsnNautYn7 + kzDGwY3oVTXWDTdII+syK0pt0unjUn2ActoXtyFzIk61VRKDroANM9/W + O0PO/y50vNIGMJUL1TiMR6jCp23eSxQ39/1A+BeiU+fMjoJK0/Yc7hbM + HWwD8myU0IEX8R2iVUTXNPNbmUV2M836Eu5SRLIVTc7P4vjKT1YYVnoQ + qw== + ) ; key id = 41151 + +; *** List of Zone Signing Keys *** +; example.net. tag=41300 algo=RSASHA1 generated Jul 24 2008 00:13:57 +example.net. 3600 IN DNSKEY 256 3 5 ( + BQEAAAABz+XkYpKYKuMPi7jA8Y/qfzDuGKdGVadO1kBAK6UnrK+WbxP3 + LjoOtWm13QuS8fHsuZipXs2ouT2S9dhdEArKfw== + ) ; key id = 41300 + diff --git a/contrib/zkt/examples/flat/example.net./dsset-example.net. b/contrib/zkt/examples/flat/example.net./dsset-example.net. new file mode 100644 index 0000000..d4a01ed --- /dev/null +++ b/contrib/zkt/examples/flat/example.net./dsset-example.net. @@ -0,0 +1,4 @@ +example.net. IN DS 1764 5 1 A6F060DDE8DE45CA7FD1C21E2F39C477F214795F +example.net. IN DS 1764 5 2 B7109245C60ACEDD1630E145477FDF574D5BD9CABE530AAC6D7192DB 7FBFAA3F +example.net. IN DS 41151 5 1 BBB692EA07571E412F9385A618C1CAD9BFC1469A +example.net. IN DS 41151 5 2 4D22B44C3DC09BD9EEADFFB917EFCE8E45F22E89FF0C096CD14F4405 CA1CAE3F diff --git a/contrib/zkt/examples/flat/example.net./kexample.net.+005+14829.key b/contrib/zkt/examples/flat/example.net./kexample.net.+005+14829.key new file mode 100644 index 0000000..fdf427b --- /dev/null +++ b/contrib/zkt/examples/flat/example.net./kexample.net.+005+14829.key @@ -0,0 +1,4 @@ +;% generationtime=20080415164557 +;% lifetime=20d +;% expirationtime=20080506212633 +example.net. IN DNSKEY 385 3 5 BQEAAAABCrDt76ODmeteohszxggclH3vAXO/NXOnXjOzIivP5LaUL4/U uAtafg5JXypl/nCUVap9FG0K1ebCCBCMJaPCoi7pIgD5EgFzHPnxZo2w GvtmWYwK3MaBP4U8YzwpVbGpJIBAW+IZyM89LD6b2cvkJL5YEviPNfMp rMTLo7BOMVjMBpG2IuULOHq7dzyIe/ym/RXKuuYc5AVtHCBBfGKU/Wzn 0Q== diff --git a/contrib/zkt/examples/flat/example.net./kexample.net.+005+14829.private b/contrib/zkt/examples/flat/example.net./kexample.net.+005+14829.private new file mode 100644 index 0000000..1018561 --- /dev/null +++ b/contrib/zkt/examples/flat/example.net./kexample.net.+005+14829.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: CrDt76ODmeteohszxggclH3vAXO/NXOnXjOzIivP5LaUL4/UuAtafg5JXypl/nCUVap9FG0K1ebCCBCMJaPCoi7pIgD5EgFzHPnxZo2wGvtmWYwK3MaBP4U8YzwpVbGpJIBAW+IZyM89LD6b2cvkJL5YEviPNfMprMTLo7BOMVjMBpG2IuULOHq7dzyIe/ym/RXKuuYc5AVtHCBBfGKU/Wzn0Q== +PublicExponent: AQAAAAE= +PrivateExponent: CWC6hC61oQC954Dcu2Z0NNmLk6Wnr33yh7VCuT7kh5fSOgA6Fm0qQgH+nvW2sv9fpy8JB4WBaa/CnysKkLwjDBFcWkrMw7wDR0KAiixe8bjXCZUy95x2t3B/o23jQtS/ejJgaSSOJFioRcPoT5sv9mm6QCe3ir3g9+3n4COrzf0DY1oGfDLzuhrYDT/AM5MuEjSamlblTPHHsKlI3UCl+AHDLQ== +Prime1: A3ZcDeyxt/SDgmgg4Yk7v66MbFU4GWreYp4/MYhEDsE4jA0cqEY28cAoN8FyPCB1H1t10IVqOs7/LSKrWdXMUKUv57DPMHJp539Wx2HYLmVIfw== +Prime2: AxZ8J01/Sbij24nloiVsDJdjFTAVApr4S6n/QRdBkWumQTLexnQ1ErcTEVc3Fn0po04ZToIO5JNINrWNdAuNiaHYLuiD4pkkHuSAmTajbVsnrw== +Exponent1: Iw7WPWd3zZeJ/b3zQcQtSosUXUWFy430aEsQWimMnibFm+qOVpsjhRkTHW/yZp227Y4sVb/ZhzCZWFGr6qWe0sdHIv5Yx6SkvIxv4rUiHdOL +Exponent2: AhiPWhKq+Iyy/HRZuWpIAalUZ7yE7FeHWFQYQLocatTCnY91VsgNxRLXRwcci6mflhIVoLBDHJal7x4SCRq0Xbze5PeMlMUhsDQdCT+QYTgCRw== +Coefficient: Auw2b1lPzp3gWxpnDNZWeuiwGcWTd9fNfN/4kBrCbulFngYTNVBpqathFqdwtojYXHfM2HZDKHqmZVZgON+FfxvauGvTDWO6MTBxUleeBlLmcg== diff --git a/contrib/zkt/examples/flat/example.net./keyset-example.net. b/contrib/zkt/examples/flat/example.net./keyset-example.net. new file mode 100644 index 0000000..c832578 --- /dev/null +++ b/contrib/zkt/examples/flat/example.net./keyset-example.net. @@ -0,0 +1,19 @@ +$ORIGIN . +example.net 7200 IN DNSKEY 257 3 5 ( + BQEAAAABDAnSCbSyScZdP2M6OQTbTGvZRD5a + vmDYgAwXv0EsnNautYn7kzDGwY3oVTXWDTdI + I+syK0pt0unjUn2ActoXtyFzIk61VRKDroAN + M9/WO0PO/y50vNIGMJUL1TiMR6jCp23eSxQ3 + 9/1A+BeiU+fMjoJK0/Yc7hbMHWwD8myU0IEX + 8R2iVUTXNPNbmUV2M836Eu5SRLIVTc7P4vjK + T1YYVnoQqw== + ) ; key id = 41151 + 7200 IN DNSKEY 257 3 5 ( + BQEAAAABDUi2uSUlDjESbnrnY5wd8+pXxhYV + Y4wCi2UVjhcehvIb2bF8VJH2Q9/0ubQR1vQ2 + VJhsGUj3A7bdTfbMETPxKkZaDpc9lCYrm0z5 + HDrslyx4bSb4JX/iCyhgYZXrTVb9WyLXjUtm + DUktDjZgsyVshFHVJShBUSj+YpnfQkndGViD + AbJRycXDYEF1hCNmTK3KsR1JS9dXMKI3WidH + +B9rLlBU8w== + ) ; key id = 1764 diff --git a/contrib/zkt/examples/flat/example.net./zone.db b/contrib/zkt/examples/flat/example.net./zone.db new file mode 100644 index 0000000..42ad067 --- /dev/null +++ b/contrib/zkt/examples/flat/example.net./zone.db @@ -0,0 +1,43 @@ +;----------------------------------------------------------------- +; +; @(#) example.net/zone.db +; +;----------------------------------------------------------------- + +$TTL 7200 + +; Be sure that the serial number below is left +; justified in a field of at least 10 chars!! +; 0123456789; +; It's also possible to use the date form e.g. 2005040101 +@ IN SOA ns1.example.net. hostmaster.example.net. ( + 306 ; Serial + 43200 ; Refresh + 1800 ; Retry + 2W ; Expire + 7200 ) ; Minimum + + IN NS ns1.example.net. + IN NS ns2.example.net. + +ns1 IN A 1.0.0.5 + IN AAAA 2001:db8::53 +ns2 IN A 1.2.0.6 + +localhost IN A 127.0.0.1 + +a IN A 1.2.3.1 +b IN MX 10 a +;c IN A 1.2.3.2 +d IN A 1.2.3.3 + IN AAAA 2001:0db8::3 + +; Delegation to secure zone; The DS resource record will +; be added by dnssec-signzone automatically if the +; keyset-sub.example.net file is present (run dnssec-signzone +; with option -g or use the dnssec-signer tool) ;-) +sub IN NS ns1.example.net. + +; this file will have all the zone keys +$INCLUDE dnskey.db + diff --git a/contrib/zkt/examples/flat/example.net./zone.db.signed b/contrib/zkt/examples/flat/example.net./zone.db.signed new file mode 100644 index 0000000..b10d122 --- /dev/null +++ b/contrib/zkt/examples/flat/example.net./zone.db.signed @@ -0,0 +1,166 @@ +; File written on Thu Jul 31 00:25:53 2008 +; dnssec_signzone version 9.5.1b1 +example.net. 7200 IN SOA ns1.example.net. hostmaster.example.net. ( + 306 ; serial + 43200 ; refresh (12 hours) + 1800 ; retry (30 minutes) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 7200 RRSIG SOA 5 2 7200 20080805212553 ( + 20080730212553 41300 example.net. + eRpET793mGv1lKjHoaL/woHNxqFx8mFg1LlT + x3ISMuUH7BJCHI4urjNMIJCOKwTeDsstlmvt + llflqikDp8uLmQ== ) + 7200 NS ns1.example.net. + 7200 NS ns2.example.net. + 7200 RRSIG NS 5 2 7200 20080805212553 ( + 20080730212553 41300 example.net. + t7lt/MCYy2plJXQXeZFapUjzkhtYi0NIa4/i + sJInZYv78nT2981zrlYCX5UKswGy6VAchtgu + WDdVL5V3nirNiA== ) + 7200 NSEC a.example.net. NS SOA RRSIG NSEC DNSKEY + 7200 RRSIG NSEC 5 2 7200 20080805212553 ( + 20080730212553 41300 example.net. + TNq3FKjB7brjHQDD1vReNNddof1UmsAOdioU + vL1alQJa1zXVpL9Yl2NUbtuV3kKVpxxLAZM4 + 8fjJ1uPzW3KVJQ== ) + 3600 DNSKEY 256 3 5 ( + BQEAAAABz+XkYpKYKuMPi7jA8Y/qfzDuGKdG + VadO1kBAK6UnrK+WbxP3LjoOtWm13QuS8fHs + uZipXs2ouT2S9dhdEArKfw== + ) ; key id = 41300 + 3600 DNSKEY 257 3 5 ( + BQEAAAABDAnSCbSyScZdP2M6OQTbTGvZRD5a + vmDYgAwXv0EsnNautYn7kzDGwY3oVTXWDTdI + I+syK0pt0unjUn2ActoXtyFzIk61VRKDroAN + M9/WO0PO/y50vNIGMJUL1TiMR6jCp23eSxQ3 + 9/1A+BeiU+fMjoJK0/Yc7hbMHWwD8myU0IEX + 8R2iVUTXNPNbmUV2M836Eu5SRLIVTc7P4vjK + T1YYVnoQqw== + ) ; key id = 41151 + 3600 DNSKEY 257 3 5 ( + BQEAAAABDUi2uSUlDjESbnrnY5wd8+pXxhYV + Y4wCi2UVjhcehvIb2bF8VJH2Q9/0ubQR1vQ2 + VJhsGUj3A7bdTfbMETPxKkZaDpc9lCYrm0z5 + HDrslyx4bSb4JX/iCyhgYZXrTVb9WyLXjUtm + DUktDjZgsyVshFHVJShBUSj+YpnfQkndGViD + AbJRycXDYEF1hCNmTK3KsR1JS9dXMKI3WidH + +B9rLlBU8w== + ) ; key id = 1764 + 3600 RRSIG DNSKEY 5 2 3600 20080805212553 ( + 20080730212553 41151 example.net. + AoLzL97D0rw8R5leKTNH7XuKyLPUdmX2nmfb + Q9RV9mV1mcM7cV37C8nNp1xNqY91frjCiUtd + PjFa95U2B1ZVU6j2CgWzPLRidRTU/aKJy2MZ + dwkAx4P6MGXemCwi5xGY1JLP3WTtdW1ERBjE + tgOT8mOOA8pDk+1S2zUAGbT4WGLx09hf16n+ + b9YR+mNVyEyJ8qJGvWm6U8niyhHOZWFj6QkL + Tw== ) + 3600 RRSIG DNSKEY 5 2 3600 20080805212553 ( + 20080730212553 41300 example.net. + up151hyvd84qGvWxziVwgzuLHvZ9os27gqSU + hMeplk+Q2coXShZ219zSQKfZHRYRQF0Hujwi + FSHnJW5dlBhMow== ) +a.example.net. 7200 IN A 1.2.3.1 + 7200 RRSIG A 5 3 7200 20080805212553 ( + 20080730212553 41300 example.net. + EOJulnvULgDyx+WXIPkkoAcBot3lKKIHplAM + aa2K3QIXak75/IxCh+K/yUpqgsbeU0wHJakd + vo0cFjkPvCCrHA== ) + 7200 NSEC b.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20080805212553 ( + 20080730212553 41300 example.net. + Vb+ZkjqQ+TzXmhsVEE1490F6O3Mww5z0GiO/ + 1CtMb+qfUNS0RavmHVnm5rBYs3WyQmG04vQr + 2MS4wJguPpznEg== ) +b.example.net. 7200 IN MX 10 a.example.net. + 7200 RRSIG MX 5 3 7200 20080805212553 ( + 20080730212553 41300 example.net. + RG6GDR1HAKQeG6TaWbIlp97FYZSp8Xf7ySxi + Q+OJaPw209RmlNFySWt/HQ6XiwPQ3OJUU9KJ + V1VbEaZnFVXu2Q== ) + 7200 NSEC d.example.net. MX RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20080805212553 ( + 20080730212553 41300 example.net. + MxxrqKlQWoN1PgC6g/VkzTQYRFZpeJfjtm9L + jbnNPVNUJoRFA2knURkrTB4nmQc6k9bms9Na + G1yt/jdFB699yg== ) +d.example.net. 7200 IN A 1.2.3.3 + 7200 RRSIG A 5 3 7200 20080805212553 ( + 20080730212553 41300 example.net. + LHAxOSR8B+5D4nPxGn3zr4w8E+sSffCRbiqS + 8Giafiugn+FKRRO+QrCBytSF/YBmwfuz7uQF + Xqk7op11oye7fA== ) + 7200 AAAA 2001:db8::3 + 7200 RRSIG AAAA 5 3 7200 20080805212553 ( + 20080730212553 41300 example.net. + VkBfSCLQGwOsCdzJTCgNenXpIHQ1OfOHhqib + 2UHf/kPtCRxONFQUcKfTC10XSbnOJ7oWcyVC + sJOAIxxNQOefZg== ) + 7200 NSEC localhost.example.net. A AAAA RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20080805212553 ( + 20080730212553 41300 example.net. + e9HXw+0oV/wa8dobs1lstE68JgCzdlmnGUAh + /0878kn5nyoLBaFEW3u6LU1E1YY277Ox2jZD + X51lgVvrlOsMaw== ) +localhost.example.net. 7200 IN A 127.0.0.1 + 7200 RRSIG A 5 3 7200 20080805212553 ( + 20080730212553 41300 example.net. + cx0NJFy0/RjCjhlU1X3S0na2q9hMyHmvFLhv + zLk+LqSaK1rHW4GNCCsGlNxQIb9uJjQJuUq1 + U9ZdHxUEqeRRtQ== ) + 7200 NSEC ns1.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20080805212553 ( + 20080730212553 41300 example.net. + nDPwYL/05NLxkY4iuyzH8ASiBq8FcY0uNQAg + F+bjdtm1xt1uyqTROl5JQ1P3SUb/EuoxCMII + hS9tIVb0spHDuQ== ) +ns1.example.net. 7200 IN A 1.0.0.5 + 7200 RRSIG A 5 3 7200 20080805212553 ( + 20080730212553 41300 example.net. + swMfIxbBfSCr4ACCa3dJ8d0gtoHD7Z0L0sTp + TFEZ9miQFFN9zxKHGRpk6fBjkiMI3bSAMbtM + bBUOTYWJIMT50g== ) + 7200 AAAA 2001:db8::53 + 7200 RRSIG AAAA 5 3 7200 20080805212553 ( + 20080730212553 41300 example.net. + w+weJuOzg5fQ15RGdNQ/7Gf4DxkcKq4Drx0l + CZ16TKV3/fR8ROCzIP9HulPsNJtEFK+J+CbM + 5P5ZMXieZrh+xQ== ) + 7200 NSEC ns2.example.net. A AAAA RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20080805212553 ( + 20080730212553 41300 example.net. + xe9q0umSSgBNQ5H0yLSQ9tONsw2hORQpxMGT + rrfxEcPm86SLMM40dithZQeajNucRlmuadKX + HREpYT/DVVBT0A== ) +ns2.example.net. 7200 IN A 1.2.0.6 + 7200 RRSIG A 5 3 7200 20080805212553 ( + 20080730212553 41300 example.net. + gOU5QjhdfwBBNHi5uQOs53GoxU7eiSt9I/yk + 06EzlFU2gJ+1cmhYKqrSZM7XC7/c5I61AZDS + 2LaOiuqMIPm8Hw== ) + 7200 NSEC sub.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20080805212553 ( + 20080730212553 41300 example.net. + dT90BIfl/AJ6gVSbrU0TiOacE5ZffS4N4B5+ + HQzwNup6HfL7ZwBEO/vhKJjSgwd+Oetfc76+ + /l+dJFZ8FtdZTA== ) +sub.example.net. 7200 IN NS ns1.example.net. + 7200 DS 54876 5 1 ( + CAB6127E303A8A8D7D5A29AE05DB60F4C506 + 0B10 ) + 7200 DS 54876 5 2 ( + 7C8CAF1844479F3600213173BB5D1E2A4414 + 3D63B6E0B3E10D8C5310ADF84D30 ) + 7200 RRSIG DS 5 3 7200 20080805212553 ( + 20080730212553 41300 example.net. + DjNb5DNaKyPMWJgfiLxXbw/BhuxxKd58tHv+ + TQqrp6STx8jZRWNsigEh4QTyx8lyYcAPaYEt + X6JnkVWr89s82A== ) + 7200 NSEC example.net. NS DS RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20080805212553 ( + 20080730212553 41300 example.net. + kDm+cYjtem6aZSTTsLdSQZnJJVfASXdIsrom + fViO1QIHNSZodbtWT9cqMvhMhmQ1rO5GVRGg + KaG0bEo8TpOAUw== ) diff --git a/contrib/zkt/examples/flat/keysets/dlvset-sub.example.net. b/contrib/zkt/examples/flat/keysets/dlvset-sub.example.net. new file mode 100644 index 0000000..8e00719 --- /dev/null +++ b/contrib/zkt/examples/flat/keysets/dlvset-sub.example.net. @@ -0,0 +1,2 @@ +sub.example.net.dlv.trusted-keys.de. IN DLV 54876 5 1 CAB6127E303A8A8D7D5A29AE05DB60F4C5060B10 +sub.example.net.dlv.trusted-keys.de. IN DLV 54876 5 2 7C8CAF1844479F3600213173BB5D1E2A44143D63B6E0B3E10D8C5310 ADF84D30 diff --git a/contrib/zkt/examples/flat/keysets/dsset-dyn.example.net. b/contrib/zkt/examples/flat/keysets/dsset-dyn.example.net. new file mode 100644 index 0000000..f94666a --- /dev/null +++ b/contrib/zkt/examples/flat/keysets/dsset-dyn.example.net. @@ -0,0 +1,2 @@ +dyn.example.net. IN DS 42138 3 1 0F49FCDB683D1903F69B6779DB55CA3472974879 +dyn.example.net. IN DS 42138 3 2 94AC94BFE3AFA17F7485F5F741274074FF2E26A360D776D8884F2689 CCED34C6 diff --git a/contrib/zkt/examples/flat/keysets/dsset-example.net. b/contrib/zkt/examples/flat/keysets/dsset-example.net. new file mode 100644 index 0000000..d4a01ed --- /dev/null +++ b/contrib/zkt/examples/flat/keysets/dsset-example.net. @@ -0,0 +1,4 @@ +example.net. IN DS 1764 5 1 A6F060DDE8DE45CA7FD1C21E2F39C477F214795F +example.net. IN DS 1764 5 2 B7109245C60ACEDD1630E145477FDF574D5BD9CABE530AAC6D7192DB 7FBFAA3F +example.net. IN DS 41151 5 1 BBB692EA07571E412F9385A618C1CAD9BFC1469A +example.net. IN DS 41151 5 2 4D22B44C3DC09BD9EEADFFB917EFCE8E45F22E89FF0C096CD14F4405 CA1CAE3F diff --git a/contrib/zkt/examples/flat/keysets/dsset-sub.example.net. b/contrib/zkt/examples/flat/keysets/dsset-sub.example.net. new file mode 100644 index 0000000..9bed62a --- /dev/null +++ b/contrib/zkt/examples/flat/keysets/dsset-sub.example.net. @@ -0,0 +1,2 @@ +sub.example.net. IN DS 54876 5 1 CAB6127E303A8A8D7D5A29AE05DB60F4C5060B10 +sub.example.net. IN DS 54876 5 2 7C8CAF1844479F3600213173BB5D1E2A44143D63B6E0B3E10D8C5310 ADF84D30 diff --git a/contrib/zkt/examples/flat/keysets/keyset-dyn.example.net. b/contrib/zkt/examples/flat/keysets/keyset-dyn.example.net. new file mode 100644 index 0000000..002217b --- /dev/null +++ b/contrib/zkt/examples/flat/keysets/keyset-dyn.example.net. @@ -0,0 +1,18 @@ +$ORIGIN . +dyn.example.net 7200 IN DNSKEY 257 3 3 ( + CNtFdVrUUJ9MPDyzGoPm+tSKUgnX4bble5+V + NGd4RjwWpEDj8RhEAhQ7LybJzr0wtHXT2Q/K + S55xARkUtcH2TVO/ayMupa30pM38rd8uF38s + m+ABKLEvCbPjaLZyW+s10di8nLp1aAxKFFfA + EfXkIhl3Wm5g9CvjrMlrxAOfNy/jtz4v+asI + r6/d992V80G9wMKMvTMQoCr4Sp9s2JubW79i + 4RBVWgHHJMmtyqq+SqEkPhZvsTuo2sXgIH9v + RS3XgfkGtw/KyTUM29bhZ2eB+Ldq+bggp1gb + BDiSsxZPjxciizI/mCzXWbq8BdfZ6LsddMjA + olJwCtaPCD4e4infmw+YSxjGau+YGgI0Cc0u + ItzQmNNpSoejM3IWGV+SN/YuPJIzw8wixDfO + 6kCNiPsW45Fvq31148cAvUvwiqYPQ3fONeOT + dQjsJWLLdLTApVEH10kjAGfa30Tm92lQhhG5 + ovWrWCMbFlw4Lbvlon+X2snWPNut0a1Pz4Wd + clDcmNU8dxi1lFvGbcJ0E4qBoJVBIzDh4HX1 + ) ; key id = 42138 diff --git a/contrib/zkt/examples/flat/keysets/keyset-example.net. b/contrib/zkt/examples/flat/keysets/keyset-example.net. new file mode 100644 index 0000000..c832578 --- /dev/null +++ b/contrib/zkt/examples/flat/keysets/keyset-example.net. @@ -0,0 +1,19 @@ +$ORIGIN . +example.net 7200 IN DNSKEY 257 3 5 ( + BQEAAAABDAnSCbSyScZdP2M6OQTbTGvZRD5a + vmDYgAwXv0EsnNautYn7kzDGwY3oVTXWDTdI + I+syK0pt0unjUn2ActoXtyFzIk61VRKDroAN + M9/WO0PO/y50vNIGMJUL1TiMR6jCp23eSxQ3 + 9/1A+BeiU+fMjoJK0/Yc7hbMHWwD8myU0IEX + 8R2iVUTXNPNbmUV2M836Eu5SRLIVTc7P4vjK + T1YYVnoQqw== + ) ; key id = 41151 + 7200 IN DNSKEY 257 3 5 ( + BQEAAAABDUi2uSUlDjESbnrnY5wd8+pXxhYV + Y4wCi2UVjhcehvIb2bF8VJH2Q9/0ubQR1vQ2 + VJhsGUj3A7bdTfbMETPxKkZaDpc9lCYrm0z5 + HDrslyx4bSb4JX/iCyhgYZXrTVb9WyLXjUtm + DUktDjZgsyVshFHVJShBUSj+YpnfQkndGViD + AbJRycXDYEF1hCNmTK3KsR1JS9dXMKI3WidH + +B9rLlBU8w== + ) ; key id = 1764 diff --git a/contrib/zkt/examples/flat/keysets/keyset-sub.example.net. b/contrib/zkt/examples/flat/keysets/keyset-sub.example.net. new file mode 100644 index 0000000..77aacd6 --- /dev/null +++ b/contrib/zkt/examples/flat/keysets/keyset-sub.example.net. @@ -0,0 +1,8 @@ +$ORIGIN . +sub.example.net 7200 IN DNSKEY 257 3 5 ( + AQOjGNN0/hLA20+W2qo0sktVActYKf1Opnx+ + bmkWSrsmJHMBHlT8hL507pGTmDoyH0Ae9+3M + ZSTBL1S+HhA12B0htiTp8IbtN/gZOBbwD36c + BpPe72uDQoUy/TdSn1HLtoqUSMTB+saqCTZW + CfIEqcbHRn0T6PhgqLyCvLzbZ/avYw== + ) ; key id = 54876 diff --git a/contrib/zkt/examples/flat/named.conf b/contrib/zkt/examples/flat/named.conf new file mode 100644 index 0000000..0e8551c --- /dev/null +++ b/contrib/zkt/examples/flat/named.conf @@ -0,0 +1,99 @@ +/***************************************************************** +** +** #(@) named.conf (c) 6. May 2004 (hoz) +** +*****************************************************************/ + +/***************************************************************** +** logging options +*****************************************************************/ +logging { + channel "named-log" { + file "/var/log/named" versions 3 size 2m; + print-time yes; + print-category yes; + print-severity yes; + severity info; + }; + channel "resolver-log" { + file "/var/log/named"; + print-time yes; + print-category yes; + print-severity yes; + severity debug 1; + }; + channel "dnssec-log" { +# file "/var/log/named-dnssec" ; + file "/var/log/named" ; + print-time yes; + print-category yes; + print-severity yes; + severity debug 3; + }; + category "dnssec" { "dnssec-log"; }; + category "default" { "named-log"; }; + category "resolver" { "resolver-log"; }; + category "client" { "resolver-log"; }; + category "queries" { "resolver-log"; }; +}; + +/***************************************************************** +** name server options +*****************************************************************/ +options { + directory "."; + + dump-file "/var/log/named_dump.db"; + statistics-file "/var/log/named.stats"; + + listen-on-v6 { any; }; + + query-source address * port 53; + transfer-source * port 53; + notify-source * port 53; + + recursion yes; + dnssec-enable yes; + edns-udp-size 4096; + +# dnssec-lookaside "." trust-anchor "trusted-keys.de."; + + querylog yes; + +}; + +/***************************************************************** +** include shared secrets... +*****************************************************************/ +/** for control sessions ... **/ +controls { + inet 127.0.0.1 + allow { localhost; }; + inet ::1 + allow { localhost; }; +}; + +/***************************************************************** +** ... and trusted_keys +*****************************************************************/ +# include "trusted-keys.conf" ; + +/***************************************************************** +** root server hints and required 127 stuff +*****************************************************************/ +zone "." in { + type hint; + file "root.hint"; +}; + +zone "localhost" in { + type master; + file "localhost.zone"; +}; + +zone "0.0.127.in-addr.ARPA" in { + type master; + file "127.0.0.zone"; +}; + +include "zone.conf"; diff --git a/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+04254.key b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+04254.key new file mode 100644 index 0000000..a255a7b --- /dev/null +++ b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+04254.key @@ -0,0 +1,3 @@ +;% generationtime=20080725213107 +;% lifetime=3d +sub.example.net. IN DNSKEY 256 3 1 BQEAAAAB4Z/siqZTvCFKzaOrB8+HHTlR9is+/+/Sem6gxhZt/vpWkNMy aSpAT8LjR7nNHr9vNYsJ2KCQtY2dUFjT5BCeqQ== diff --git a/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+04254.private b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+04254.private new file mode 100644 index 0000000..e636e05 --- /dev/null +++ b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+04254.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 1 (RSA) +Modulus: 4Z/siqZTvCFKzaOrB8+HHTlR9is+/+/Sem6gxhZt/vpWkNMyaSpAT8LjR7nNHr9vNYsJ2KCQtY2dUFjT5BCeqQ== +PublicExponent: AQAAAAE= +PrivateExponent: fcaPYDDCumWIaPKV7FY0JB/PofSCo8amWw5u+eXFxh149WE5PeXYOOS2+x41keA5Z1PhYme4Ma5rcCMRN7n+sQ== +Prime1: /RbDZdmt2zlsChJiLR+Brweas6L1jnzUsJFm78HlSnM= +Prime2: 5DhKYbovzYbkIFhp1b9lt22+ymAU8LOGvFXdfb1y33M= +Exponent1: yw61YMxuJGzEAgxVmlAm6oEH0WaaJ5T1PvZGut1xCU0= +Exponent2: wYNtwOUtI0UQWQF1ZCBiVsquBIkPvI5eR2GQypHaK08= +Coefficient: NqkVvrZjnJ/jVWDEykJ2XYuslJOIJPi1+7+sTUyBhPU= diff --git a/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+56744.key b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+56744.key new file mode 100644 index 0000000..4e7c3e5 --- /dev/null +++ b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+56744.key @@ -0,0 +1,3 @@ +;% generationtime=20080730222553 +;% lifetime=3d +sub.example.net. IN DNSKEY 256 3 1 BQEAAAABxZS/DJA1BUdYVj5cOmMMnA5W/SHlkb4sEZkca3uIqV4gTzgv guftN+M1ZgwyPwarn7DQR1Eb92uW3ALxwN2o6w== diff --git a/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+56744.published b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+56744.published new file mode 100644 index 0000000..2a3ae65 --- /dev/null +++ b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+56744.published @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 1 (RSA) +Modulus: xZS/DJA1BUdYVj5cOmMMnA5W/SHlkb4sEZkca3uIqV4gTzgvguftN+M1ZgwyPwarn7DQR1Eb92uW3ALxwN2o6w== +PublicExponent: AQAAAAE= +PrivateExponent: aSglUr7DxsGNZMOhyoyN6W0xGps+JGfI3ErXbewlvflVSFSHrA19x0OafvR6eFzqmzKKGIyZBJkYT5NHqKIG6Q== +Prime1: 4yqINEZm3xDdHGyv31umolirJtS4X2teORhzWDE/r6U= +Prime2: 3qjiidKP41FSrOsXXgkj3XBi+OAH0cpVBZxCuP+ykU8= +Exponent1: p8nyeR3ldgpw7A6tebr6okucM6324S5LPOWlC8ygxp0= +Exponent2: a1qTrKaBO6pN7UI/mHimSYLoevjQBWeX8jB0tmG0NIc= +Coefficient: NB2eeh6Z+a9qMf1w5UY2z9ME+ZyYtvRbYZSkedB4Q4Y= diff --git a/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+005+54876.key b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+005+54876.key new file mode 100644 index 0000000..21098f8 --- /dev/null +++ b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+005+54876.key @@ -0,0 +1 @@ +sub.example.net. IN DNSKEY 257 3 5 AQOjGNN0/hLA20+W2qo0sktVActYKf1Opnx+bmkWSrsmJHMBHlT8hL50 7pGTmDoyH0Ae9+3MZSTBL1S+HhA12B0htiTp8IbtN/gZOBbwD36cBpPe 72uDQoUy/TdSn1HLtoqUSMTB+saqCTZWCfIEqcbHRn0T6PhgqLyCvLzb Z/avYw== diff --git a/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+005+54876.private b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+005+54876.private new file mode 100644 index 0000000..ad5b363 --- /dev/null +++ b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+005+54876.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: oxjTdP4SwNtPltqqNLJLVQHLWCn9TqZ8fm5pFkq7JiRzAR5U/IS+dO6Rk5g6Mh9AHvftzGUkwS9Uvh4QNdgdIbYk6fCG7Tf4GTgW8A9+nAaT3u9rg0KFMv03Up9Ry7aKlEjEwfrGqgk2VgnyBKnGx0Z9E+j4YKi8gry822f2r2M= +PublicExponent: Aw== +PrivateExponent: bLs3o1QMgJI1DzxxeHbc41aHkBv+NG79qZ7wuYcnbsL3VhQ4qFh++J8Lt7rRdr+AFKVJMu4YgMo4fr61eTq+FWije4t8PrILH6qzNdwCqOLsQYyKRUODTPsE+2BU6TZVBsBOBPlpJP9hTBj1DCoUTE6y8Evkkmf4C4Y6U7frF/s= +Prime1: 1t2pJC/eQzdhrLR4qHlaaT6vPmBC+7eNPg8zjdZDA03TKMd/V4kw6XtB6QYQZRi/CXg7JjoLr3dpUgyMY0l8tw== +Prime2: wlIHexyw6bAIC1WmnQFESPLNXjvYYYiyRqCmAPwq4b02/4g7LR/BoKkh+3xiBY+VxvhwUOd5XVEIIVjRcMyOtQ== +Exponent1: jz5wwsqULM+WcyL7GvuRm38ffurXUnpeKV93s+QsrN6MxdpU5QYgm6eBRgQK7hB/W6V8xCaydPpGNrMIQjD9zw== +Exponent2: gYwE/L3LRnVasjkZvgDYMKHePtKQQQXMLxXEAKgcln4kqlrSHhUrwHDBUlLsA7UOhKWgNe+mPjYFa5CLoIhfIw== +Coefficient: DWng17udd0Q2STNt5gshQ6PjNQxEQmQMnCwltkosf8rJhl/rQuYULz0elnWhADcMBDYw7Y6Kb7xjpL4FdR0YnA== diff --git a/contrib/zkt/examples/flat/sub.example.net./dlvset-sub.example.net. b/contrib/zkt/examples/flat/sub.example.net./dlvset-sub.example.net. new file mode 100644 index 0000000..8e00719 --- /dev/null +++ b/contrib/zkt/examples/flat/sub.example.net./dlvset-sub.example.net. @@ -0,0 +1,2 @@ +sub.example.net.dlv.trusted-keys.de. IN DLV 54876 5 1 CAB6127E303A8A8D7D5A29AE05DB60F4C5060B10 +sub.example.net.dlv.trusted-keys.de. IN DLV 54876 5 2 7C8CAF1844479F3600213173BB5D1E2A44143D63B6E0B3E10D8C5310 ADF84D30 diff --git a/contrib/zkt/examples/flat/sub.example.net./dnskey.db b/contrib/zkt/examples/flat/sub.example.net./dnskey.db new file mode 100644 index 0000000..396e7d3 --- /dev/null +++ b/contrib/zkt/examples/flat/sub.example.net./dnskey.db @@ -0,0 +1,29 @@ +; +; !!! Don't edit this file by hand. +; !!! It will be generated by dnssec-signer. +; +; Last generation time Jul 31 2008 13:19:17 +; + +; *** List of Key Signing Keys *** +; sub.example.net. tag=54876 algo=RSASHA1 generated Jun 19 2008 00:32:22 +sub.example.net. 3600 IN DNSKEY 257 3 5 ( + AQOjGNN0/hLA20+W2qo0sktVActYKf1Opnx+bmkWSrsmJHMBHlT8hL50 + 7pGTmDoyH0Ae9+3MZSTBL1S+HhA12B0htiTp8IbtN/gZOBbwD36cBpPe + 72uDQoUy/TdSn1HLtoqUSMTB+saqCTZWCfIEqcbHRn0T6PhgqLyCvLzb + Z/avYw== + ) ; key id = 54876 + +; *** List of Zone Signing Keys *** +; sub.example.net. tag=4254 algo=RSAMD5 generated Jul 31 2008 00:25:52 +sub.example.net. 3600 IN DNSKEY 256 3 1 ( + BQEAAAAB4Z/siqZTvCFKzaOrB8+HHTlR9is+/+/Sem6gxhZt/vpWkNMy + aSpAT8LjR7nNHr9vNYsJ2KCQtY2dUFjT5BCeqQ== + ) ; key id = 4254 + +; sub.example.net. tag=56744 algo=RSAMD5 generated Jul 31 2008 00:25:53 +sub.example.net. 3600 IN DNSKEY 256 3 1 ( + BQEAAAABxZS/DJA1BUdYVj5cOmMMnA5W/SHlkb4sEZkca3uIqV4gTzgv + guftN+M1ZgwyPwarn7DQR1Eb92uW3ALxwN2o6w== + ) ; key id = 56744 + diff --git a/contrib/zkt/examples/flat/sub.example.net./dnssec.conf b/contrib/zkt/examples/flat/sub.example.net./dnssec.conf new file mode 100644 index 0000000..4a045ad --- /dev/null +++ b/contrib/zkt/examples/flat/sub.example.net./dnssec.conf @@ -0,0 +1,14 @@ + +resigninterval 1d +sigvalidity 2d +max_ttl 90s + +Serialformat: unixtime +ksk_algo RSASHA1 +ksk_bits 1024 + +zsk_lifetime 3d +zsk_algo RSAMD5 +zsk_bits 512 + +dlv_domain "dlv.trusted-keys.de" diff --git a/contrib/zkt/examples/flat/sub.example.net./zone.db b/contrib/zkt/examples/flat/sub.example.net./zone.db new file mode 100644 index 0000000..c9ec01e --- /dev/null +++ b/contrib/zkt/examples/flat/sub.example.net./zone.db @@ -0,0 +1,25 @@ +;----------------------------------------------------------------- +; +; @(#) sec.example.net/zone.db +; +;----------------------------------------------------------------- + +$TTL 7200 + +@ IN SOA ns1.example.net. hostmaster.example.net. ( + 0 ; Serial + 86400 ; Refresh (RIPE recommendation if NOTIFY is used) + 1800 ; Retry + 2W ; Expire + 7200 ) ; Minimum + + + IN NS ns1.example.net. + +$INCLUDE dnskey.db + +localhost IN A 127.0.0.1 + +a IN A 1.2.3.4 +b IN A 1.2.3.5 +c IN A 1.2.3.6 diff --git a/contrib/zkt/examples/flat/sub.example.net./zone.db.signed b/contrib/zkt/examples/flat/sub.example.net./zone.db.signed new file mode 100644 index 0000000..0560d2b --- /dev/null +++ b/contrib/zkt/examples/flat/sub.example.net./zone.db.signed @@ -0,0 +1,103 @@ +; File written on Thu Jul 31 13:19:17 2008 +; dnssec_signzone version 9.5.1b1 +sub.example.net. 7200 IN SOA ns1.example.net. hostmaster.example.net. ( + 1217503157 ; serial + 86400 ; refresh (1 day) + 1800 ; retry (30 minutes) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 7200 RRSIG SOA 1 3 7200 20080802101917 ( + 20080731101917 4254 sub.example.net. + pAevIprv5lPMcSSR4l0cGzaYTY2pG3HsT6z9 + RkSwssWSyyMxRqgYCuR2gErA1THGJNPlT8Qa + 9bvrMVOXpd0Q1g== ) + 7200 NS ns1.example.net. + 7200 RRSIG NS 1 3 7200 20080802101917 ( + 20080731101917 4254 sub.example.net. + zB0f/bN5fvezT404pT+ArKVIW2QHKzTC2osb + k2sUpJiuhKtdJBx1kfBNmyaIuFaZsLtWacJn + 1S/A2bV4S3No7Q== ) + 7200 NSEC a.sub.example.net. NS SOA RRSIG NSEC DNSKEY + 7200 RRSIG NSEC 1 3 7200 20080802101917 ( + 20080731101917 4254 sub.example.net. + ElgI6LCNWdDWM3OKh4vNDN9EiSns1bpnmOPK + TmAPb/tStfHfmNOuwBleW6irtDexizZcZFl8 + feRHQBEYFpgvhA== ) + 3600 DNSKEY 256 3 1 ( + BQEAAAABxZS/DJA1BUdYVj5cOmMMnA5W/SHl + kb4sEZkca3uIqV4gTzgvguftN+M1ZgwyPwar + n7DQR1Eb92uW3ALxwN2o6w== + ) ; key id = 56744 + 3600 DNSKEY 256 3 1 ( + BQEAAAAB4Z/siqZTvCFKzaOrB8+HHTlR9is+ + /+/Sem6gxhZt/vpWkNMyaSpAT8LjR7nNHr9v + NYsJ2KCQtY2dUFjT5BCeqQ== + ) ; key id = 4254 + 3600 DNSKEY 257 3 5 ( + AQOjGNN0/hLA20+W2qo0sktVActYKf1Opnx+ + bmkWSrsmJHMBHlT8hL507pGTmDoyH0Ae9+3M + ZSTBL1S+HhA12B0htiTp8IbtN/gZOBbwD36c + BpPe72uDQoUy/TdSn1HLtoqUSMTB+saqCTZW + CfIEqcbHRn0T6PhgqLyCvLzbZ/avYw== + ) ; key id = 54876 + 3600 RRSIG DNSKEY 1 3 3600 20080802101917 ( + 20080731101917 4254 sub.example.net. + ASLViHuAWYqnzkZ4i6eywTuKvHyk93xsQBba + 4VjRCKc93KzvkWUA6SgOcwGvuRuAGCGb60VT + UW2clZMFj/Fy6g== ) + 3600 RRSIG DNSKEY 5 3 3600 20080802101917 ( + 20080731101917 54876 sub.example.net. + B2w2YAkeV2vx159FnG+B/H36Vnx8L1WwHt3E + 0YV1yYj2s5ZV6B6Gq34Ahm6y+zs7TsVxeYpO + OCoYCck/D+ehpuHOzZRR7xS2Rz/xLIvfASAK + 7NT/aIOlNPWH6I1J3ZAwhfAwF680KEFHPksv + oFMHe/OpIq7x/a4NdMn3yIWbFtg= ) +a.sub.example.net. 7200 IN A 1.2.3.4 + 7200 RRSIG A 1 4 7200 20080802101917 ( + 20080731101917 4254 sub.example.net. + 1bTDrFSMIV8H8HTfEFQiG7dqYGr3a8UvK5fQ + owoh0VJuG4+DCUZU8edUSwnzMW8Yza4Ev0j+ + M4ESPnoKxli7YQ== ) + 7200 NSEC b.sub.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 1 4 7200 20080802101917 ( + 20080731101917 4254 sub.example.net. + nmJGbJWWaChlNmTTk5TgWEYRETeSJFiCoYHv + USKfEwLn13LfKk/lRZJarWIkDh7mxoismPOt + 2ODgeGLhUTap7A== ) +b.sub.example.net. 7200 IN A 1.2.3.5 + 7200 RRSIG A 1 4 7200 20080802101917 ( + 20080731101917 4254 sub.example.net. + ojTCQ+aB8WClC7ncJsVGaN5RY6lczR7/Q0uz + bydmXQBjGUdF/GsuJvhR26mVbPzJNmF7uDNN + S0Et3ivWZSAVOg== ) + 7200 NSEC c.sub.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 1 4 7200 20080802101917 ( + 20080731101917 4254 sub.example.net. + a6adIifDPjibbLme8dVzcKymxSARsIs2pz7B + jHXl0NCH9tmPBc/cBnjHxnSaes3QVDeok04k + +SzjVQtJfxUDsA== ) +c.sub.example.net. 7200 IN A 1.2.3.6 + 7200 RRSIG A 1 4 7200 20080802101917 ( + 20080731101917 4254 sub.example.net. + ZeYTG7C6eEXhcHaBS4oIcwWGA5NayJs9aqhb + eWLRoZ75LxgIxhMQYU6A22PQf+zIWLADd0ID + z5HLpC+KbfpJxw== ) + 7200 NSEC localhost.sub.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 1 4 7200 20080802101917 ( + 20080731101917 4254 sub.example.net. + IypmujoPBPhfEJqJdst5ZBazYfrr5l8nzrIh + a6xQYUDcw8aI96rVxn0pjeeiGBHuge2HbAAh + 4AnYjZlHjfe+MA== ) +localhost.sub.example.net. 7200 IN A 127.0.0.1 + 7200 RRSIG A 1 4 7200 20080802101917 ( + 20080731101917 4254 sub.example.net. + o8kEv5q2Xus/jL8w8gB/M3VSvz7eTP67u38T + X+JO2yRn7W8gIxPo46yYfgr3qB7WXYD8jB8Y + vw4b+pdoWMi0+g== ) + 7200 NSEC sub.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 1 4 7200 20080802101917 ( + 20080731101917 4254 sub.example.net. + XbQQpoL8oV9kgpIKHyX2KoCmtMm2Wub1lVu9 + PP0RM4QO5bpWls0ify3KgNiAg0g6qV86UQIr + SgFnqsd6YTxxpw== ) diff --git a/contrib/zkt/examples/flat/zkt.log b/contrib/zkt/examples/flat/zkt.log new file mode 100644 index 0000000..9276f94 --- /dev/null +++ b/contrib/zkt/examples/flat/zkt.log @@ -0,0 +1,2501 @@ +2008-06-10 00:36:45.086: warning: zone "sub.example.net.": lifetime of key signing key 54876 exceeded +2008-06-10 00:37:09.073: warning: zone "sub.example.net.": lifetime of key signing key 54876 exceeded +2008-06-10 00:37:09.074: error: zone "example.net.": couldn't increment serialno in file ./example.net./zone.db: not enough space left for serialno +2008-06-10 00:37:24.586: warning: zone "sub.example.net.": lifetime of key signing key 54876 exceeded +2008-06-10 00:37:24.588: error: zone "example.net.": couldn't increment serialno in file ./example.net./zone.db: not enough space left for serialno +2008-06-10 00:38:02.499: warning: zone "sub.example.net.": lifetime of key signing key 54876 exceeded +2008-06-10 00:38:14.016: warning: zone "sub.example.net.": lifetime of key signing key 54876 exceeded +2008-06-10 00:38:14.018: error: zone "example.net.": couldn't increment serialno in file ./example.net./zone.db: couldn't find serialnumber in zone file +2008-06-10 00:38:40.235: warning: zone "sub.example.net.": lifetime of key signing key 54876 exceeded +2008-06-10 00:38:40.236: error: zone "example.net.": couldn't increment serialno in file ./example.net./zone.db: unexpected end of file +2008-06-10 00:38:49.975: warning: zone "sub.example.net.": lifetime of key signing key 54876 exceeded +2008-06-11 13:47:16.909: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded () +2008-06-11 13:51:06.959: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded -16781202() +2008-06-11 13:54:29.680: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded (27w5d5h30m5s) +2008-06-11 13:56:36.990: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w5d5h32m12s +2008-06-11 22:39:48.053: notice: running as ../../dnssec-signer -v -v +2008-06-11 22:39:48.056: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w5d14h15m24s +2008-06-11 22:39:48.056: notice: "sub.example.net.": lifetime of zone signing key 44833 exceeded since 2h30m54s: ZSK rollover done +2008-06-11 22:39:48.143: notice: "sub.example.net.": re-signing triggered: New zone key +2008-06-11 22:39:48.617: notice: end of run: 0 errors occured +2008-06-11 22:41:14.103: notice: running as ../../dnssec-signer -v -v +2008-06-11 22:41:14.106: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w5d14h16m50s +2008-06-11 22:41:14.106: notice: end of run: 0 errors occured +2008-06-11 22:48:18.445: notice: running as ../../dnssec-signer -v -v +2008-06-11 22:48:18.448: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w5d14h23m54s +2008-06-11 22:48:18.448: notice: "sub.example.net.": re-signing triggered: New zone key +2008-06-11 22:48:19.087: notice: end of run: 0 errors occured +2008-06-11 22:56:53.295: notice: running as ../../dnssec-signer -v -v +2008-06-11 22:56:53.297: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w5d14h32m29s +2008-06-11 22:56:53.297: notice: end of run: 0 errors occured +2008-06-11 23:01:41.451: notice: running as ../../dnssec-signer -v -v +2008-06-11 23:01:41.454: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w5d14h37m17s +2008-06-11 23:01:41.454: notice: end of run: 0 errors occured +2008-06-11 23:04:25.909: notice: running as ../../dnssec-signer -c dnssec.conf -v -v +2008-06-11 23:04:25.911: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w5d14h40m1s +2008-06-11 23:04:25.911: notice: end of run: 0 errors occured +2008-06-12 13:06:54.007: notice: running as ../../dnssec-signer -v -v +2008-06-12 13:06:54.055: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d4h42m30s +2008-06-12 13:06:54.056: notice: end of run: 0 errors occured +2008-06-12 13:07:45.126: notice: running as ../../dnssec-signer -v -v +2008-06-12 13:07:45.129: debug: parsing zone "sub.example.net." in dir "./sub.example.net." + +2008-06-12 13:07:45.129: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d4h43m21s +2008-06-12 13:07:45.130: debug: parsing zone "example.net." in dir "./example.net." + +2008-06-12 13:07:45.130: notice: end of run: 0 errors occured +2008-06-12 13:22:02.251: notice: running as ../../dnssec-signer -v -v +2008-06-12 13:22:02.253: debug: parsing zone "sub.example.net." in dir "./sub.example.net." + +2008-06-12 13:22:02.253: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d4h57m38s +2008-06-12 13:22:02.253: debug: parsing zone "example.net." in dir "./example.net." + +2008-06-12 13:22:02.253: notice: end of run: 0 errors occured +2008-06-12 13:24:37.956: notice: running as ../../dnssec-signer -v -v +2008-06-12 13:24:37.958: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-06-12 13:24:37.958: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d5h13s +2008-06-12 13:24:37.958: debug: parsing zone "example.net." in dir "./example.net." +2008-06-12 13:24:37.958: notice: end of run: 0 errors occured +2008-06-12 13:25:32.993: notice: running as ../../dnssec-signer --config-option verboselog: 0; -v -v +2008-06-12 13:25:32.997: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d5h1m8s +2008-06-12 13:25:32.997: notice: end of run: 0 errors occured +2008-06-12 13:26:49.861: notice: running as ../../dnssec-signer -O verboselog: 0; -v -v +2008-06-12 13:26:49.864: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d5h2m25s +2008-06-12 13:26:49.864: notice: end of run: 0 errors occured +2008-06-12 16:28:01.977: notice: running as ../../dnssec-signer --config-option verboselog: 0; -v -v +2008-06-12 16:28:01.979: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h3m37s +2008-06-12 16:28:01.979: notice: end of run: 0 errors occured +2008-06-12 16:28:13.626: notice: running as ../../dnssec-signer --config-option verboselog: 0; -v +2008-06-12 16:28:13.629: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h3m49s +2008-06-12 16:28:13.630: notice: end of run: 0 errors occured +2008-06-12 16:28:30.318: notice: running as ../../dnssec-signer --config-option verboselog: 0; -v -v +2008-06-12 16:28:30.320: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h4m6s +2008-06-12 16:28:30.320: notice: end of run: 0 errors occured +2008-06-12 16:34:06.968: notice: running as ../../dnssec-signer -v -v +2008-06-12 16:34:06.971: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-06-12 16:34:06.971: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h9m42s +2008-06-12 16:34:06.972: debug: parsing zone "example.net." in dir "./example.net." +2008-06-12 16:34:06.972: notice: end of run: 0 errors occured +2008-06-12 16:34:15.816: notice: running as ../../dnssec-signer +2008-06-12 16:34:15.818: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-06-12 16:34:15.818: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h9m51s +2008-06-12 16:34:15.818: debug: parsing zone "example.net." in dir "./example.net." +2008-06-12 16:34:15.818: notice: end of run: 0 errors occured +2008-06-12 16:35:27.777: notice: running as ../../dnssec-signer --config-option verboselog: 0; -v -v +2008-06-12 16:35:27.780: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h11m3s +2008-06-12 16:35:27.780: notice: end of run: 0 errors occured +2008-06-12 16:44:56.266: notice: running as ../../dnssec-signer -v -v +2008-06-12 16:44:56.269: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-06-12 16:44:56.269: debug: ->ksk5011status returns 0 +2008-06-12 16:44:56.269: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h20m32s +2008-06-12 16:44:56.269: debug: Re-signing not necessary! +2008-06-12 16:44:56.269: debug: parsing zone "example.net." in dir "./example.net." +2008-06-12 16:44:56.269: debug: ->ksk5011status returns 2 +2008-06-12 16:44:56.269: debug: Re-signing not necessary! +2008-06-12 16:44:56.270: notice: end of run: 0 errors occured +2008-06-12 16:49:23.380: notice: running as ../../dnssec-signer -v -v +2008-06-12 16:49:23.385: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-06-12 16:49:23.385: debug: ->ksk5011status returns 0 +2008-06-12 16:49:23.386: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h24m59s +2008-06-12 16:49:23.386: debug: Re-signing not necessary! +2008-06-12 16:49:23.386: debug: parsing zone "example.net." in dir "./example.net." +2008-06-12 16:49:23.386: debug: ->ksk5011status returns 2 +2008-06-12 16:49:23.386: debug: Re-signing not necessary! +2008-06-12 16:49:23.386: notice: end of run: 0 errors occured +2008-06-12 16:49:28.284: notice: running as ../../dnssec-signer -r -v -v +2008-06-12 16:49:28.288: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-06-12 16:49:28.288: debug: ->ksk5011status returns 0 +2008-06-12 16:49:28.288: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h25m4s +2008-06-12 16:49:28.288: debug: Re-signing not necessary! +2008-06-12 16:49:28.288: debug: parsing zone "example.net." in dir "./example.net." +2008-06-12 16:49:28.288: debug: ->ksk5011status returns 2 +2008-06-12 16:49:28.288: debug: Re-signing not necessary! +2008-06-12 16:49:28.288: notice: end of run: 0 errors occured +2008-06-12 16:49:32.079: notice: running as ../../dnssec-signer -f -v -v +2008-06-12 16:49:32.081: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-06-12 16:49:32.081: debug: ->ksk5011status returns 0 +2008-06-12 16:49:32.081: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h25m8s +2008-06-12 16:49:32.082: debug: Re-signing necessary: Option -f +2008-06-12 16:49:32.082: notice: "sub.example.net.": re-signing triggered: Option -f +2008-06-12 16:49:32.082: debug: Writing key file "./sub.example.net./dnskey.db" +2008-06-12 16:49:32.082: debug: Signing zone "sub.example.net." +2008-06-12 16:49:32.082: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o sub.example.net. -e +172800 -g -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-06-12 16:49:32.222: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-06-12 16:49:32.222: debug: Signing completed after 0s. +2008-06-12 16:49:32.222: debug: +2008-06-12 16:49:32.222: debug: parsing zone "example.net." in dir "./example.net." +2008-06-12 16:49:32.222: debug: ->ksk5011status returns 2 +2008-06-12 16:49:32.223: debug: Re-signing necessary: Option -f +2008-06-12 16:49:32.223: notice: "example.net.": re-signing triggered: Option -f +2008-06-12 16:49:32.223: debug: Writing key file "./example.net./dnskey.db" +2008-06-12 16:49:32.223: debug: Incrementing serial number in file "./example.net./zone.db" +2008-06-12 16:49:32.223: debug: Signing zone "example.net." +2008-06-12 16:49:32.223: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o example.net. -e +518400 -g zone.db K*.private" +2008-06-12 16:49:32.335: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-06-12 16:49:32.335: debug: Signing completed after 0s. +2008-06-12 16:49:32.335: debug: +2008-06-12 16:49:32.335: notice: end of run: 0 errors occured +2008-06-12 17:02:15.076: notice: running as ../../dnssec-signer -f -v -v +2008-06-12 17:02:15.078: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-06-12 17:02:15.078: debug: Check RFC5011 status +2008-06-12 17:02:15.078: debug: ->ksk5011status returns 0 +2008-06-12 17:02:15.078: debug: Check ksk status +2008-06-12 17:02:15.078: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h37m51s +2008-06-12 17:02:15.078: debug: Re-signing necessary: Option -f +2008-06-12 17:02:15.078: notice: "sub.example.net.": re-signing triggered: Option -f +2008-06-12 17:02:15.078: debug: Writing key file "./sub.example.net./dnskey.db" +2008-06-12 17:02:15.079: debug: Signing zone "sub.example.net." +2008-06-12 17:02:15.079: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o sub.example.net. -e +172800 -g -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-06-12 17:02:15.254: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-06-12 17:02:15.254: debug: Signing completed after 0s. +2008-06-12 17:02:15.254: debug: +2008-06-12 17:02:15.254: debug: parsing zone "example.net." in dir "./example.net." +2008-06-12 17:02:15.255: debug: Check RFC5011 status +2008-06-12 17:02:15.255: debug: ->ksk5011status returns 2 +2008-06-12 17:02:15.255: debug: Re-signing necessary: Option -f +2008-06-12 17:02:15.255: notice: "example.net.": re-signing triggered: Option -f +2008-06-12 17:02:15.255: debug: Writing key file "./example.net./dnskey.db" +2008-06-12 17:02:15.255: debug: Incrementing serial number in file "./example.net./zone.db" +2008-06-12 17:02:15.255: debug: Signing zone "example.net." +2008-06-12 17:02:15.255: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o example.net. -e +518400 -g zone.db K*.private" +2008-06-12 17:02:15.368: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-06-12 17:02:15.368: debug: Signing completed after 0s. +2008-06-12 17:02:15.368: debug: +2008-06-12 17:02:15.368: notice: end of run: 0 errors occured +2008-06-12 17:43:50.388: notice: running as ../../dnssec-signer -f -f +2008-06-12 17:43:50.390: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-06-12 17:43:50.390: debug: Check RFC5011 status +2008-06-12 17:43:50.390: debug: ->ksk5011status returns 0 +2008-06-12 17:43:50.390: debug: Check ksk status +2008-06-12 17:43:50.390: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d9h19m26s +2008-06-12 17:43:50.390: debug: Re-signing necessary: Option -f +2008-06-12 17:43:50.390: notice: "sub.example.net.": re-signing triggered: Option -f +2008-06-12 17:43:50.390: debug: Writing key file "./sub.example.net./dnskey.db" +2008-06-12 17:43:50.390: debug: Signing zone "sub.example.net." +2008-06-12 17:43:50.390: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o sub.example.net. -e +172800 -g -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-06-12 17:43:50.533: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-06-12 17:43:50.533: debug: Signing completed after 0s. +2008-06-12 17:43:50.533: debug: +2008-06-12 17:43:50.533: debug: parsing zone "example.net." in dir "./example.net." +2008-06-12 17:43:50.533: debug: Check RFC5011 status +2008-06-12 17:43:50.533: debug: ->ksk5011status returns 2 +2008-06-12 17:43:50.533: debug: Re-signing necessary: Option -f +2008-06-12 17:43:50.533: notice: "example.net.": re-signing triggered: Option -f +2008-06-12 17:43:50.533: debug: Writing key file "./example.net./dnskey.db" +2008-06-12 17:43:50.534: debug: Incrementing serial number in file "./example.net./zone.db" +2008-06-12 17:43:50.534: debug: Signing zone "example.net." +2008-06-12 17:43:50.534: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o example.net. -e +518400 -g zone.db K*.private" +2008-06-12 17:43:50.645: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-06-12 17:43:50.645: debug: Signing completed after 0s. +2008-06-12 17:43:50.645: debug: +2008-06-12 17:43:50.645: notice: end of run: 0 errors occured +2008-06-12 17:49:43.188: notice: running as ../../dnssec-signer -O verboselog: 2 -v -v +2008-06-12 17:49:43.190: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-06-12 17:49:43.190: debug: Check RFC5011 status +2008-06-12 17:49:43.190: debug: ->ksk5011status returns 0 +2008-06-12 17:49:43.190: debug: Check ksk status +2008-06-12 17:49:43.190: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d9h25m19s +2008-06-12 17:49:43.190: debug: Re-signing not necessary! +2008-06-12 17:49:43.190: debug: parsing zone "example.net." in dir "./example.net." +2008-06-12 17:49:43.190: debug: Check RFC5011 status +2008-06-12 17:49:43.190: debug: ->ksk5011status returns 2 +2008-06-12 17:49:43.190: debug: Re-signing not necessary! +2008-06-12 17:49:43.190: notice: end of run: 0 errors occured +2008-06-12 17:50:09.325: notice: running as ../../dnssec-signer -v -v +2008-06-12 17:50:09.327: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-06-12 17:50:09.327: debug: Check RFC5011 status +2008-06-12 17:50:09.327: debug: ->ksk5011status returns 0 +2008-06-12 17:50:09.327: debug: Check ksk status +2008-06-12 17:50:09.327: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d9h25m45s +2008-06-12 17:50:09.327: debug: Re-signing not necessary! +2008-06-12 17:50:09.327: debug: parsing zone "example.net." in dir "./example.net." +2008-06-12 17:50:09.327: debug: Check RFC5011 status +2008-06-12 17:50:09.327: debug: ->ksk5011status returns 2 +2008-06-12 17:50:09.327: debug: Re-signing not necessary! +2008-06-12 17:50:09.327: notice: end of run: 0 errors occured +2008-06-12 17:52:29.309: notice: running as ../../dnssec-signer -v -v +2008-06-12 17:52:29.311: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-06-12 17:52:29.312: debug: Check RFC5011 status +2008-06-12 17:52:29.312: debug: ->ksk5011status returns 0 +2008-06-12 17:52:29.312: debug: Check ksk status +2008-06-12 17:52:29.312: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d9h28m5s +2008-06-12 17:52:29.312: debug: Re-signing not necessary! +2008-06-12 17:52:29.312: debug: parsing zone "example.net." in dir "./example.net." +2008-06-12 17:52:29.313: debug: Check RFC5011 status +2008-06-12 17:52:29.313: debug: ->ksk5011status returns 2 +2008-06-12 17:52:29.313: debug: Re-signing not necessary! +2008-06-12 17:52:29.313: notice: end of run: 0 errors occured +2008-06-12 18:24:57.405: notice: running as ../../dnssec-signer -v -v +2008-06-12 18:24:57.409: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-06-12 18:24:57.409: debug: Check RFC5011 status +2008-06-12 18:24:57.409: debug: ->ksk5011status returns 0 +2008-06-12 18:24:57.409: debug: Check ksk status +2008-06-12 18:24:57.409: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d10h33s +2008-06-12 18:24:57.409: debug: Re-signing not necessary! +2008-06-12 18:24:57.409: debug: parsing zone "example.net." in dir "./example.net." +2008-06-12 18:24:57.409: debug: Check RFC5011 status +2008-06-12 18:24:57.409: debug: ->ksk5011status returns 2 +2008-06-12 18:24:57.410: debug: Re-signing not necessary! +2008-06-12 18:24:57.410: notice: end of run: 0 errors occured +2008-06-16 23:12:32.309: notice: +2008-06-16 23:12:32.309: notice: running as ../../dnssec-signer -v -v +2008-06-16 23:12:32.654: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-06-16 23:12:32.654: debug: Check RFC5011 status +2008-06-16 23:12:32.654: debug: ->ksk5011status returns 0 +2008-06-16 23:12:32.654: debug: Check ksk status +2008-06-16 23:12:32.654: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 28w3d14h48m8s +2008-06-16 23:12:32.654: debug: Lifetime(259200 +/-150 sec) of active key 44833 exceeded (433964 sec) +2008-06-16 23:12:32.654: debug: ->depreciate it +2008-06-16 23:12:32.654: debug: ->activate pre-publish key 55267 +2008-06-16 23:12:32.654: notice: "sub.example.net.": lifetime of zone signing key 55267 exceeded since 2d32m44s: ZSK rollover done +2008-06-16 23:12:32.654: debug: New pre-publish key needed +2008-06-16 23:12:32.790: debug: ->creating new pre-publish key 56149 +2008-06-16 23:12:32.791: debug: Re-signing necessary: New zone key +2008-06-16 23:12:32.791: notice: "sub.example.net.": re-signing triggered: New zone key +2008-06-16 23:12:32.791: debug: Writing key file "./sub.example.net./dnskey.db" +2008-06-16 23:12:32.792: debug: Signing zone "sub.example.net." +2008-06-16 23:12:32.792: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o sub.example.net. -e +172800 -g -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-06-16 23:12:33.022: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-06-16 23:12:33.022: debug: Signing completed after 1s. +2008-06-16 23:12:33.022: debug: +2008-06-16 23:12:33.023: debug: parsing zone "example.net." in dir "./example.net." +2008-06-16 23:12:33.023: debug: Check RFC5011 status +2008-06-16 23:12:33.023: debug: ->ksk5011status returns 2 +2008-06-16 23:12:33.023: debug: Re-signing necessary: re-signing interval (2d) reached +2008-06-16 23:12:33.023: notice: "example.net.": re-signing triggered: re-signing interval (2d) reached +2008-06-16 23:12:33.023: debug: Writing key file "./example.net./dnskey.db" +2008-06-16 23:12:33.024: debug: Incrementing serial number in file "./example.net./zone.db" +2008-06-16 23:12:33.024: debug: Signing zone "example.net." +2008-06-16 23:12:33.024: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o example.net. -e +518400 -g zone.db K*.private" +2008-06-16 23:12:33.169: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-06-16 23:12:33.170: debug: Signing completed after 0s. +2008-06-16 23:12:33.170: debug: +2008-06-16 23:12:33.170: notice: end of run: 0 errors occured +2008-06-16 23:13:24.119: notice: ===> running as ../../dnssec-signer -v -v <=== +2008-06-16 23:13:24.121: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-06-16 23:13:24.121: debug: Check RFC5011 status +2008-06-16 23:13:24.121: debug: ->ksk5011status returns 0 +2008-06-16 23:13:24.121: debug: Check ksk status +2008-06-16 23:13:24.121: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 28w3d14h49m +2008-06-16 23:13:24.121: debug: Re-signing not necessary! +2008-06-16 23:13:24.121: debug: parsing zone "example.net." in dir "./example.net." +2008-06-16 23:13:24.121: debug: Check RFC5011 status +2008-06-16 23:13:24.121: debug: ->ksk5011status returns 2 +2008-06-16 23:13:24.121: debug: Re-signing not necessary! +2008-06-16 23:13:24.121: notice: end of run: 0 errors occured +2008-06-16 23:13:56.970: notice: =====> running as ../../dnssec-signer -v -v <===== +2008-06-16 23:13:56.972: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-06-16 23:13:56.972: debug: Check RFC5011 status +2008-06-16 23:13:56.972: debug: ->ksk5011status returns 0 +2008-06-16 23:13:56.972: debug: Check ksk status +2008-06-16 23:13:56.973: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 28w3d14h49m32s +2008-06-16 23:13:56.973: debug: Re-signing not necessary! +2008-06-16 23:13:56.973: debug: parsing zone "example.net." in dir "./example.net." +2008-06-16 23:13:56.973: debug: Check RFC5011 status +2008-06-16 23:13:56.973: debug: ->ksk5011status returns 2 +2008-06-16 23:13:56.973: debug: Re-signing not necessary! +2008-06-16 23:13:56.973: notice: end of run: 0 errors occured +2008-06-16 23:15:16.980: notice: ------------------------------------------------------------ +2008-06-16 23:15:16.982: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-06-16 23:15:16.982: debug: Check RFC5011 status +2008-06-16 23:15:16.982: debug: ->ksk5011status returns 0 +2008-06-16 23:15:16.982: debug: Check ksk status +2008-06-16 23:15:16.982: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 28w3d14h50m52s +2008-06-16 23:15:16.982: debug: Re-signing not necessary! +2008-06-16 23:15:16.982: debug: parsing zone "example.net." in dir "./example.net." +2008-06-16 23:15:16.982: debug: Check RFC5011 status +2008-06-16 23:15:16.982: debug: ->ksk5011status returns 2 +2008-06-16 23:15:16.982: debug: Re-signing not necessary! +2008-06-16 23:15:16.983: notice: end of run: 0 errors occured +2008-06-16 23:18:48.101: notice: ------------------------------------------------------------ +2008-06-16 23:18:48.101: notice: running as ../../dnssec-signer -v -v +2008-06-16 23:18:48.103: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-06-16 23:18:48.103: debug: Check RFC5011 status +2008-06-16 23:18:48.103: debug: ->ksk5011status returns 0 +2008-06-16 23:18:48.103: debug: Check ksk status +2008-06-16 23:18:48.103: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 28w3d14h54m24s +2008-06-16 23:18:48.103: debug: Re-signing not necessary! +2008-06-16 23:18:48.103: debug: +2008-06-16 23:18:48.103: debug: parsing zone "example.net." in dir "./example.net." +2008-06-16 23:18:48.104: debug: Check RFC5011 status +2008-06-16 23:18:48.104: debug: ->ksk5011status returns 2 +2008-06-16 23:18:48.104: debug: Re-signing not necessary! +2008-06-16 23:18:48.104: debug: +2008-06-16 23:18:48.104: notice: end of run: 0 errors occured +2008-06-24 14:55:16.347: notice: ------------------------------------------------------------ +2008-06-24 14:55:16.347: notice: running ../../dnssec-signer -v -v +2008-06-24 14:55:16.349: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-06-24 14:55:16.349: debug: Check RFC5011 status +2008-06-24 14:55:16.349: debug: ->ksk5011status returns 0 +2008-06-24 14:55:16.349: debug: Check ksk status +2008-06-24 14:55:16.349: debug: Lifetime(390 sec) of depreciated key 44833 exceeded (483774 sec) +2008-06-24 14:55:16.350: debug: ->remove it +2008-06-24 14:55:16.350: debug: Lifetime(259200 +/-150 sec) of active key 55267 exceeded (483774 sec) +2008-06-24 14:55:16.350: debug: ->depreciate it +2008-06-24 14:55:16.350: debug: ->activate pre-publish key 56149 +2008-06-24 14:55:16.350: notice: "sub.example.net.": lifetime of zone signing key 55267 exceeded: ZSK rollover done +2008-06-24 14:55:16.350: notice: "sub.example.net.": lifetime of zone signing key 56149 exceeded since 2d14h22m54s: ZSK rollover deferred: waiting for pre-publish key +2008-06-24 14:55:16.350: debug: New pre-publish key needed +2008-06-24 14:55:16.532: debug: ->creating new pre-publish key 2338 +2008-06-24 14:55:16.532: debug: Re-signing necessary: New zone key +2008-06-24 14:55:16.533: notice: "sub.example.net.": re-signing triggered: New zone key +2008-06-24 14:55:16.533: debug: Writing key file "./sub.example.net./dnskey.db" +2008-06-24 14:55:16.533: debug: Signing zone "sub.example.net." +2008-06-24 14:55:16.533: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o sub.example.net. -e +172800 -g -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-06-24 14:55:16.776: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-06-24 14:55:16.776: debug: Signing completed after 0s. +2008-06-24 14:55:16.776: debug: +2008-06-24 14:55:16.776: debug: parsing zone "example.net." in dir "./example.net." +2008-06-24 14:55:16.776: debug: Check RFC5011 status +2008-06-24 14:55:16.776: debug: ->ksk5011status returns 2 +2008-06-24 14:55:16.776: debug: Re-signing necessary: re-signing interval (2d) reached +2008-06-24 14:55:16.776: notice: "example.net.": re-signing triggered: re-signing interval (2d) reached +2008-06-24 14:55:16.776: debug: Writing key file "./example.net./dnskey.db" +2008-06-24 14:55:16.777: debug: Incrementing serial number in file "./example.net./zone.db" +2008-06-24 14:55:16.777: debug: Signing zone "example.net." +2008-06-24 14:55:16.777: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o example.net. -e +518400 -g zone.db K*.private" +2008-06-24 14:55:16.922: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-06-24 14:55:16.922: debug: Signing completed after 0s. +2008-06-24 14:55:16.922: debug: +2008-06-24 14:55:16.922: notice: end of run: 0 errors occured +2008-06-24 14:57:56.093: notice: ------------------------------------------------------------ +2008-06-24 14:57:56.094: notice: running ../../dnssec-signer -v -v +2008-06-24 14:57:56.096: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-06-24 14:57:56.096: debug: Check RFC5011 status +2008-06-24 14:57:56.096: debug: ->ksk5011status returns 0 +2008-06-24 14:57:56.096: debug: Check ksk status +2008-06-24 14:57:56.097: debug: Re-signing not necessary! +2008-06-24 14:57:56.097: debug: +2008-06-24 14:57:56.097: debug: parsing zone "example.net." in dir "./example.net." +2008-06-24 14:57:56.097: debug: Check RFC5011 status +2008-06-24 14:57:56.097: debug: ->ksk5011status returns 2 +2008-06-24 14:57:56.097: debug: Re-signing not necessary! +2008-06-24 14:57:56.097: debug: +2008-06-24 14:57:56.098: notice: end of run: 0 errors occured +2008-06-24 23:26:12.632: notice: ------------------------------------------------------------ +2008-06-24 23:26:12.632: notice: running ../../dnssec-signer -v -v +2008-06-24 23:26:12.648: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-06-24 23:26:12.648: debug: Check RFC5011 status +2008-06-24 23:26:12.648: debug: ->ksk5011status returns 0 +2008-06-24 23:26:12.648: debug: Check ksk status +2008-06-24 23:26:12.648: debug: Lifetime(390 sec) of depreciated key 55267 exceeded (30656 sec) +2008-06-24 23:26:12.648: debug: ->remove it +2008-06-24 23:26:12.648: debug: Re-signing necessary: New zone key +2008-06-24 23:26:12.649: notice: "sub.example.net.": re-signing triggered: New zone key +2008-06-24 23:26:12.649: debug: Writing key file "./sub.example.net./dnskey.db" +2008-06-24 23:26:12.655: debug: Signing zone "sub.example.net." +2008-06-24 23:26:12.655: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o sub.example.net. -e +172800 -g -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-06-24 23:26:13.030: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-06-24 23:26:13.030: debug: Signing completed after 1s. +2008-06-24 23:26:13.030: debug: +2008-06-24 23:26:13.030: debug: parsing zone "example.net." in dir "./example.net." +2008-06-24 23:26:13.030: debug: Check RFC5011 status +2008-06-24 23:26:13.030: debug: ->ksk5011status returns 2 +2008-06-24 23:26:13.030: debug: Re-signing not necessary! +2008-06-24 23:26:13.030: debug: +2008-06-24 23:26:13.030: notice: end of run: 0 errors occured +2008-07-08 00:53:55.013: notice: ------------------------------------------------------------ +2008-07-08 00:53:55.013: notice: running ../../dnssec-signer -v -v +2008-07-08 00:53:55.015: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-08 00:53:55.015: debug: Check RFC5011 status +2008-07-08 00:53:55.015: debug: ->ksk5011status returns 0 +2008-07-08 00:53:55.015: debug: Check KSK status +2008-07-08 00:53:55.015: debug: Check ZSK status +2008-07-08 00:53:55.015: debug: Lifetime(259200 +/-150 sec) of active key 56149 exceeded (1159119 sec) +2008-07-08 00:53:55.015: debug: ->depreciate it +2008-07-08 00:53:55.015: debug: ->activate pre-publish key 2338 +2008-07-08 00:53:55.018: notice: "sub.example.net.": lifetime of zone signing key 56149 exceeded: ZSK rollover done +2008-07-08 00:53:55.018: debug: New pre-publish key needed +2008-07-08 00:53:55.547: debug: ->creating new pre-publish key 9198 +2008-07-08 00:53:55.547: info: "sub.example.net.": new pre-publish key 9198 created +2008-07-08 00:53:55.547: debug: Re-signing necessary: New zone key +2008-07-08 00:53:55.548: notice: "sub.example.net.": re-signing triggered: New zone key +2008-07-08 00:53:55.548: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-08 00:53:55.578: debug: Signing zone "sub.example.net." +2008-07-08 00:53:55.578: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-08 00:53:55.708: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-08 00:53:55.708: debug: Signing completed after 0s. +2008-07-08 00:53:55.708: debug: +2008-07-08 00:53:55.708: debug: parsing zone "example.net." in dir "./example.net." +2008-07-08 00:53:55.708: debug: Check RFC5011 status +2008-07-08 00:53:55.708: debug: ->ksk5011status returns 2 +2008-07-08 00:53:55.708: debug: Check ZSK status +2008-07-08 00:53:55.708: debug: Lifetime(1209600 +/-150 sec) of active key 14939 exceeded (1642893 sec) +2008-07-08 00:53:55.708: debug: ->waiting for pre-publish key +2008-07-08 00:53:55.708: notice: "example.net.": lifetime of zone signing key 14939 exceeded since 5d21m33s: ZSK rollover deferred: waiting for pre-publish key +2008-07-08 00:53:55.708: debug: New pre-publish key needed +2008-07-08 00:53:55.747: debug: ->creating new pre-publish key 16682 +2008-07-08 00:53:55.747: info: "example.net.": new pre-publish key 16682 created +2008-07-08 00:53:55.747: debug: Re-signing necessary: New zone key +2008-07-08 00:53:55.747: notice: "example.net.": re-signing triggered: New zone key +2008-07-08 00:53:55.747: debug: Writing key file "./example.net./dnskey.db" +2008-07-08 00:53:55.748: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-08 00:53:55.748: debug: Signing zone "example.net." +2008-07-08 00:53:55.748: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-08 00:53:55.899: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-08 00:53:55.899: debug: Signing completed after 0s. +2008-07-08 00:53:55.899: debug: +2008-07-08 00:53:55.899: notice: end of run: 0 errors occured +2008-07-08 00:53:57.597: notice: ------------------------------------------------------------ +2008-07-08 00:53:57.597: notice: running ../../dnssec-signer -v -v +2008-07-08 00:53:57.599: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-08 00:53:57.599: debug: Check RFC5011 status +2008-07-08 00:53:57.599: debug: ->ksk5011status returns 0 +2008-07-08 00:53:57.599: debug: Check KSK status +2008-07-08 00:53:57.599: debug: Check ZSK status +2008-07-08 00:53:57.599: debug: Re-signing not necessary! +2008-07-08 00:53:57.599: debug: Check if there is a parent file to copy +2008-07-08 00:53:57.599: debug: +2008-07-08 00:53:57.599: debug: parsing zone "example.net." in dir "./example.net." +2008-07-08 00:53:57.599: debug: Check RFC5011 status +2008-07-08 00:53:57.599: debug: ->ksk5011status returns 2 +2008-07-08 00:53:57.599: debug: Check ZSK status +2008-07-08 00:53:57.599: debug: Lifetime(1209600 +/-150 sec) of active key 14939 exceeded (1642895 sec) +2008-07-08 00:53:57.599: debug: ->waiting for pre-publish key +2008-07-08 00:53:57.600: notice: "example.net.": lifetime of zone signing key 14939 exceeded since 5d21m35s: ZSK rollover deferred: waiting for pre-publish key +2008-07-08 00:53:57.600: debug: Re-signing not necessary! +2008-07-08 00:53:57.600: debug: Check if there is a parent file to copy +2008-07-08 00:53:57.600: debug: +2008-07-08 00:53:57.600: notice: end of run: 0 errors occured +2008-07-08 20:28:20.476: notice: ------------------------------------------------------------ +2008-07-08 20:28:20.476: notice: running ../../dnssec-signer -v -v -N named.conf +2008-07-08 20:28:20.476: debug: parsing zone "sub.example.net." in dir "././sub.example.net." +2008-07-08 20:28:20.476: debug: Check RFC5011 status +2008-07-08 20:28:20.476: debug: ->ksk5011status returns 0 +2008-07-08 20:28:20.476: debug: Check KSK status +2008-07-08 20:28:20.476: debug: Check ZSK status +2008-07-08 20:28:20.476: debug: Lifetime(390 sec) of depreciated key 56149 exceeded (70465 sec) +2008-07-08 20:28:20.476: info: "sub.example.net.": removed old ZSK 56149 + +2008-07-08 20:28:20.656: debug: ->remove it +2008-07-08 20:28:20.656: debug: Re-signing necessary: New zone key +2008-07-08 20:28:20.656: notice: "sub.example.net.": re-signing triggered: New zone key +2008-07-08 20:28:20.656: debug: Writing key file "././sub.example.net./dnskey.db" +2008-07-08 20:28:20.656: debug: Signing zone "sub.example.net." +2008-07-08 20:28:20.656: debug: Run cmd "cd ././sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-08 20:28:20.990: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-08 20:28:20.990: debug: Signing completed after 0s. +2008-07-08 20:28:20.990: debug: +2008-07-08 20:28:20.990: debug: parsing zone "example.net." in dir "././example.net." +2008-07-08 20:28:20.990: debug: Check RFC5011 status +2008-07-08 20:28:20.990: debug: ->ksk5011status returns 2 +2008-07-08 20:28:20.990: debug: Check ZSK status +2008-07-08 20:28:20.990: debug: Lifetime(1209600 +/-150 sec) of active key 14939 exceeded (1713358 sec) +2008-07-08 20:28:20.990: debug: ->depreciate it +2008-07-08 20:28:20.990: debug: ->activate pre-publish key 16682 +2008-07-08 20:28:20.990: notice: "example.net.": lifetime of zone signing key 14939 exceeded: ZSK rollover done +2008-07-08 20:28:20.990: debug: Re-signing necessary: New zone key +2008-07-08 20:28:20.990: notice: "example.net.": re-signing triggered: New zone key +2008-07-08 20:28:20.990: debug: Writing key file "././example.net./dnskey.db" +2008-07-08 20:28:20.991: debug: Incrementing serial number in file "././example.net./zone.db" +2008-07-08 20:28:20.991: debug: Signing zone "example.net." +2008-07-08 20:28:20.991: debug: Run cmd "cd ././example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-08 20:28:21.112: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-08 20:28:21.112: debug: Signing completed after 1s. +2008-07-08 20:28:21.112: debug: +2008-07-08 20:28:21.113: notice: end of run: 0 errors occured +2008-07-08 20:32:23.121: notice: ------------------------------------------------------------ +2008-07-08 20:32:23.121: notice: running ../../dnssec-signer -v -v +2008-07-08 20:32:23.123: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-08 20:32:23.123: debug: Check RFC5011 status +2008-07-08 20:32:23.124: debug: ->ksk5011status returns 0 +2008-07-08 20:32:23.124: debug: Check KSK status +2008-07-08 20:32:23.124: debug: Check ZSK status +2008-07-08 20:32:23.124: debug: Re-signing not necessary! +2008-07-08 20:32:23.124: debug: Check if there is a parent file to copy +2008-07-08 20:32:23.124: debug: +2008-07-08 20:32:23.124: debug: parsing zone "example.net." in dir "./example.net." +2008-07-08 20:32:23.124: debug: Check RFC5011 status +2008-07-08 20:32:23.124: debug: ->ksk5011status returns 2 +2008-07-08 20:32:23.124: debug: Check ZSK status +2008-07-08 20:32:23.124: debug: Re-signing not necessary! +2008-07-08 20:32:23.124: debug: Check if there is a parent file to copy +2008-07-08 20:32:23.124: debug: +2008-07-08 20:32:23.124: notice: end of run: 0 errors occured +2008-07-08 20:32:30.246: notice: ------------------------------------------------------------ +2008-07-08 20:32:30.246: notice: running ../../dnssec-signer -v -v -N named.conf +2008-07-08 20:32:30.246: debug: parsing zone "sub.example.net." in dir "././sub.example.net." +2008-07-08 20:32:30.246: debug: Check RFC5011 status +2008-07-08 20:32:30.246: debug: ->ksk5011status returns 0 +2008-07-08 20:32:30.246: debug: Check KSK status +2008-07-08 20:32:30.246: debug: Check ZSK status +2008-07-08 20:32:30.246: debug: Re-signing not necessary! +2008-07-08 20:32:30.246: debug: Check if there is a parent file to copy +2008-07-08 20:32:30.246: debug: +2008-07-08 20:32:30.246: debug: parsing zone "example.net." in dir "././example.net." +2008-07-08 20:32:30.246: debug: Check RFC5011 status +2008-07-08 20:32:30.246: debug: ->ksk5011status returns 2 +2008-07-08 20:32:30.247: debug: Check ZSK status +2008-07-08 20:32:30.247: debug: Re-signing not necessary! +2008-07-08 20:32:30.247: debug: Check if there is a parent file to copy +2008-07-08 20:32:30.247: debug: +2008-07-08 20:32:30.247: notice: end of run: 0 errors occured +2008-07-08 20:35:51.512: notice: ------------------------------------------------------------ +2008-07-08 20:35:51.512: notice: running ../../dnssec-signer -v -v -N named.conf +2008-07-08 20:35:51.512: debug: parsing zone "sub.example.net." in dir "././sub.example.net." +2008-07-08 20:35:51.512: debug: Check RFC5011 status +2008-07-08 20:35:51.512: debug: ->ksk5011status returns 0 +2008-07-08 20:35:51.513: debug: Check KSK status +2008-07-08 20:35:51.513: debug: Check ZSK status +2008-07-08 20:35:51.513: debug: Re-signing not necessary! +2008-07-08 20:35:51.513: debug: Check if there is a parent file to copy +2008-07-08 20:35:51.513: debug: +2008-07-08 20:35:51.513: debug: parsing zone "example.net." in dir "././example.net." +2008-07-08 20:35:51.513: debug: Check RFC5011 status +2008-07-08 20:35:51.513: debug: ->ksk5011status returns 2 +2008-07-08 20:35:51.513: debug: Check ZSK status +2008-07-08 20:35:51.513: debug: Re-signing not necessary! +2008-07-08 20:35:51.513: debug: Check if there is a parent file to copy +2008-07-08 20:35:51.513: debug: +2008-07-08 20:35:51.513: notice: end of run: 0 errors occured +2008-07-08 20:37:16.569: notice: ------------------------------------------------------------ +2008-07-08 20:37:16.569: notice: running ../../dnssec-signer -v -v -N named.conf +2008-07-08 20:37:16.569: debug: parsing zone "sub.example.net." in dir "././sub.example.net." +2008-07-08 20:37:16.569: debug: Check RFC5011 status +2008-07-08 20:37:16.569: debug: ->ksk5011status returns 0 +2008-07-08 20:37:16.570: debug: Check KSK status +2008-07-08 20:37:16.570: debug: Check ZSK status +2008-07-08 20:37:16.570: debug: Re-signing not necessary! +2008-07-08 20:37:16.570: debug: Check if there is a parent file to copy +2008-07-08 20:37:16.570: debug: +2008-07-08 20:37:16.570: debug: parsing zone "example.net." in dir "././example.net." +2008-07-08 20:37:16.570: debug: Check RFC5011 status +2008-07-08 20:37:16.570: debug: ->ksk5011status returns 2 +2008-07-08 20:37:16.570: debug: Check ZSK status +2008-07-08 20:37:16.570: debug: Re-signing not necessary! +2008-07-08 20:37:16.570: debug: Check if there is a parent file to copy +2008-07-08 20:37:16.570: debug: +2008-07-08 20:37:16.570: notice: end of run: 0 errors occured +2008-07-08 20:37:29.134: notice: ------------------------------------------------------------ +2008-07-08 20:37:29.134: notice: running ../../dnssec-signer -v -v +2008-07-08 20:37:29.137: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-08 20:37:29.137: debug: Check RFC5011 status +2008-07-08 20:37:29.137: debug: ->ksk5011status returns 0 +2008-07-08 20:37:29.137: debug: Check KSK status +2008-07-08 20:37:29.137: debug: Check ZSK status +2008-07-08 20:37:29.137: debug: Re-signing not necessary! +2008-07-08 20:37:29.138: debug: Check if there is a parent file to copy +2008-07-08 20:37:29.138: debug: +2008-07-08 20:37:29.138: debug: parsing zone "example.net." in dir "./example.net." +2008-07-08 20:37:29.138: debug: Check RFC5011 status +2008-07-08 20:37:29.138: debug: ->ksk5011status returns 2 +2008-07-08 20:37:29.138: debug: Check ZSK status +2008-07-08 20:37:29.138: debug: Re-signing not necessary! +2008-07-08 20:37:29.139: debug: Check if there is a parent file to copy +2008-07-08 20:37:29.139: debug: +2008-07-08 20:37:29.139: notice: end of run: 0 errors occured +2008-07-08 20:39:39.895: notice: ------------------------------------------------------------ +2008-07-08 20:39:39.895: notice: running ../../dnssec-signer -N named.conf -v -v +2008-07-08 20:39:39.895: debug: parsing zone "sub.example.net." in dir "././sub.example.net." +2008-07-08 20:39:39.895: debug: Check RFC5011 status +2008-07-08 20:39:39.895: debug: ->ksk5011status returns 0 +2008-07-08 20:39:39.895: debug: Check KSK status +2008-07-08 20:39:39.895: debug: Check ZSK status +2008-07-08 20:39:39.895: debug: Re-signing not necessary! +2008-07-08 20:39:39.895: debug: Check if there is a parent file to copy +2008-07-08 20:39:39.895: debug: +2008-07-08 20:39:39.895: debug: parsing zone "example.net." in dir "././example.net." +2008-07-08 20:39:39.895: debug: Check RFC5011 status +2008-07-08 20:39:39.895: debug: ->ksk5011status returns 2 +2008-07-08 20:39:39.895: debug: Check ZSK status +2008-07-08 20:39:39.895: debug: Re-signing not necessary! +2008-07-08 20:39:39.895: debug: Check if there is a parent file to copy +2008-07-08 20:39:39.895: debug: +2008-07-08 20:39:39.895: notice: end of run: 0 errors occured +2008-07-08 20:42:54.377: notice: ------------------------------------------------------------ +2008-07-08 20:42:54.377: notice: running ../../dnssec-signer -v -v -D . +2008-07-08 20:42:54.377: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-08 20:42:54.377: debug: Check RFC5011 status +2008-07-08 20:42:54.377: debug: ->ksk5011status returns 0 +2008-07-08 20:42:54.377: debug: Check KSK status +2008-07-08 20:42:54.377: debug: Check ZSK status +2008-07-08 20:42:54.377: debug: Re-signing not necessary! +2008-07-08 20:42:54.377: debug: Check if there is a parent file to copy +2008-07-08 20:42:54.377: debug: +2008-07-08 20:42:54.377: debug: parsing zone "example.net." in dir "./example.net." +2008-07-08 20:42:54.378: debug: Check RFC5011 status +2008-07-08 20:42:54.378: debug: ->ksk5011status returns 2 +2008-07-08 20:42:54.378: debug: Check ZSK status +2008-07-08 20:42:54.378: debug: Re-signing not necessary! +2008-07-08 20:42:54.378: debug: Check if there is a parent file to copy +2008-07-08 20:42:54.378: debug: +2008-07-08 20:42:54.378: notice: end of run: 0 errors occured +2008-07-08 20:53:40.414: notice: ------------------------------------------------------------ +2008-07-08 20:53:40.414: notice: running ../../dnssec-signer -v -v -D . +2008-07-08 20:53:40.417: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-08 20:53:40.417: debug: Check RFC5011 status +2008-07-08 20:53:40.417: debug: ->ksk5011status returns 0 +2008-07-08 20:53:40.417: debug: Check KSK status +2008-07-08 20:53:40.417: debug: Check ZSK status +2008-07-08 20:53:40.417: debug: Re-signing not necessary! +2008-07-08 20:53:40.417: debug: Check if there is a parent file to copy +2008-07-08 20:53:40.417: debug: +2008-07-08 20:53:40.417: debug: parsing zone "example.net." in dir "./example.net." +2008-07-08 20:53:40.417: debug: Check RFC5011 status +2008-07-08 20:53:40.417: debug: ->ksk5011status returns 2 +2008-07-08 20:53:40.417: debug: Check ZSK status +2008-07-08 20:53:40.417: debug: Re-signing not necessary! +2008-07-08 20:53:40.418: debug: Check if there is a parent file to copy +2008-07-08 20:53:40.418: debug: +2008-07-08 20:53:40.418: notice: end of run: 0 errors occured +2008-07-08 20:53:49.488: notice: ------------------------------------------------------------ +2008-07-08 20:53:49.488: notice: running ../../dnssec-signer -v -v -N named.conf +2008-07-08 20:53:49.490: debug: parsing zone "sub.example.net." in dir "././sub.example.net." +2008-07-08 20:53:49.490: debug: Check RFC5011 status +2008-07-08 20:53:49.490: debug: ->ksk5011status returns 0 +2008-07-08 20:53:49.491: debug: Check KSK status +2008-07-08 20:53:49.491: debug: Check ZSK status +2008-07-08 20:53:49.491: debug: Re-signing not necessary! +2008-07-08 20:53:49.491: debug: Check if there is a parent file to copy +2008-07-08 20:53:49.491: debug: +2008-07-08 20:53:49.491: debug: parsing zone "example.net." in dir "././example.net." +2008-07-08 20:53:49.492: debug: Check RFC5011 status +2008-07-08 20:53:49.492: debug: ->ksk5011status returns 2 +2008-07-08 20:53:49.492: debug: Check ZSK status +2008-07-08 20:53:49.492: debug: Re-signing not necessary! +2008-07-08 20:53:49.492: debug: Check if there is a parent file to copy +2008-07-08 20:53:49.492: debug: +2008-07-08 20:53:49.492: notice: end of run: 0 errors occured +2008-07-09 00:42:08.103: notice: ------------------------------------------------------------ +2008-07-09 00:42:08.103: notice: running ../../dnssec-signer -v -v +2008-07-09 00:42:08.106: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-09 00:42:08.106: debug: Check RFC5011 status +2008-07-09 00:42:08.106: debug: ->ksk5011status returns 0 +2008-07-09 00:42:08.106: debug: Check KSK status +2008-07-09 00:42:08.106: debug: ksk_rollover +2008-07-09 00:42:08.106: debug: Check ZSK status +2008-07-09 00:42:08.106: debug: Re-signing not necessary! +2008-07-09 00:42:08.106: debug: Check if there is a parent file to copy +2008-07-09 00:42:08.106: debug: +2008-07-09 00:42:08.106: debug: parsing zone "example.net." in dir "./example.net." +2008-07-09 00:42:08.106: debug: Check RFC5011 status +2008-07-09 00:42:08.106: debug: ->ksk5011status returns 2 +2008-07-09 00:42:08.106: debug: Check ZSK status +2008-07-09 00:42:08.106: debug: Re-signing not necessary! +2008-07-09 00:42:08.106: debug: Check if there is a parent file to copy +2008-07-09 00:42:08.106: debug: +2008-07-09 00:42:08.106: notice: end of run: 0 errors occured +2008-07-09 00:45:19.663: notice: ------------------------------------------------------------ +2008-07-09 00:45:19.663: notice: running ../../dnssec-signer -v -v +2008-07-09 00:45:19.665: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-09 00:45:19.665: debug: Check RFC5011 status +2008-07-09 00:45:19.665: debug: ->ksk5011status returns 0 +2008-07-09 00:45:19.665: debug: Check KSK status +2008-07-09 00:45:19.665: debug: Check ZSK status +2008-07-09 00:45:19.665: debug: Re-signing not necessary! +2008-07-09 00:45:19.665: debug: Check if there is a parent file to copy +2008-07-09 00:45:19.665: debug: +2008-07-09 00:45:19.665: debug: parsing zone "example.net." in dir "./example.net." +2008-07-09 00:45:19.665: debug: Check RFC5011 status +2008-07-09 00:45:19.665: debug: ->ksk5011status returns 2 +2008-07-09 00:45:19.665: debug: Check ZSK status +2008-07-09 00:45:19.665: debug: Re-signing not necessary! +2008-07-09 00:45:19.665: debug: Check if there is a parent file to copy +2008-07-09 00:45:19.665: debug: +2008-07-09 00:45:19.665: notice: end of run: 0 errors occured +2008-07-09 23:46:12.682: notice: ------------------------------------------------------------ +2008-07-09 23:46:12.682: notice: running ../../dnssec-signer -v -v -D /home/hoz/named/dnssec-signer/zkt-0.97/examples/flat/ +2008-07-09 23:46:12.702: debug: parsing zone "sub.example.net." in dir "/home/hoz/named/dnssec-signer/zkt-0.97/examples/flat/sub.example.net." +2008-07-09 23:46:12.702: debug: Check RFC5011 status +2008-07-09 23:46:12.702: debug: ->ksk5011status returns 0 +2008-07-09 23:46:12.702: debug: Check KSK status +2008-07-09 23:46:12.702: debug: Check ZSK status +2008-07-09 23:46:12.702: debug: Re-signing necessary: re-signing interval (1d) reached +2008-07-09 23:46:12.702: notice: "sub.example.net.": re-signing triggered: re-signing interval (1d) reached +2008-07-09 23:46:12.702: debug: Writing key file "/home/hoz/named/dnssec-signer/zkt-0.97/examples/flat/sub.example.net./dnskey.db" +2008-07-09 23:46:12.702: debug: Signing zone "sub.example.net." +2008-07-09 23:46:12.702: debug: Run cmd "cd /home/hoz/named/dnssec-signer/zkt-0.97/examples/flat/sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-09 23:46:13.222: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-09 23:46:13.222: debug: Signing completed after 1s. +2008-07-09 23:46:13.222: debug: +2008-07-09 23:46:13.222: debug: parsing zone "example.net." in dir "/home/hoz/named/dnssec-signer/zkt-0.97/examples/flat/example.net." +2008-07-09 23:46:13.222: debug: Check RFC5011 status +2008-07-09 23:46:13.222: debug: ->ksk5011status returns 2 +2008-07-09 23:46:13.222: debug: Check ZSK status +2008-07-09 23:46:13.222: debug: Lifetime(29100 sec) of depreciated key 14939 exceeded (98273 sec) +2008-07-09 23:46:13.222: info: "example.net.": removed old ZSK 14939 + +2008-07-09 23:46:13.222: debug: ->remove it +2008-07-09 23:46:13.222: debug: Re-signing necessary: New zone key +2008-07-09 23:46:13.222: notice: "example.net.": re-signing triggered: New zone key +2008-07-09 23:46:13.222: debug: Writing key file "/home/hoz/named/dnssec-signer/zkt-0.97/examples/flat/example.net./dnskey.db" +2008-07-09 23:46:13.223: debug: Incrementing serial number in file "/home/hoz/named/dnssec-signer/zkt-0.97/examples/flat/example.net./zone.db" +2008-07-09 23:46:13.223: debug: Signing zone "example.net." +2008-07-09 23:46:13.223: debug: Run cmd "cd /home/hoz/named/dnssec-signer/zkt-0.97/examples/flat/example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-09 23:46:13.374: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-09 23:46:13.374: debug: Signing completed after 0s. +2008-07-09 23:46:13.374: debug: +2008-07-09 23:46:13.374: notice: end of run: 0 errors occured +2008-07-15 00:21:04.641: notice: ------------------------------------------------------------ +2008-07-15 00:21:04.641: notice: running ../../dnssec-signer -r -v -v +2008-07-15 00:21:05.071: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-15 00:21:05.071: debug: Check RFC5011 status +2008-07-15 00:21:05.071: debug: ->ksk5011status returns 0 +2008-07-15 00:21:05.071: debug: Check KSK status +2008-07-15 00:21:05.071: debug: Check ZSK status +2008-07-15 00:21:05.071: debug: Lifetime(259200 +/-150 sec) of active key 2338 exceeded (602830 sec) +2008-07-15 00:21:05.071: debug: ->depreciate it +2008-07-15 00:21:05.072: debug: ->activate published key 9198 +2008-07-15 00:21:05.072: notice: "sub.example.net.": lifetime of zone signing key 2338 exceeded: ZSK rollover done +2008-07-15 00:21:05.072: debug: New published key needed +2008-07-15 00:21:05.128: debug: ->creating new published key 8397 +2008-07-15 00:21:05.128: info: "sub.example.net.": new published key 8397 created +2008-07-15 00:21:05.128: debug: Re-signing necessary: New zone key +2008-07-15 00:21:05.128: notice: "sub.example.net.": re-signing triggered: New zone key +2008-07-15 00:21:05.129: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-15 00:21:05.129: debug: Signing zone "sub.example.net." +2008-07-15 00:21:05.129: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-15 00:21:05.274: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-15 00:21:05.274: debug: Signing completed after 0s. +2008-07-15 00:21:05.274: notice: "sub.example.net.": distribution triggered +2008-07-15 00:21:05.275: debug: Distribute zone "sub.example.net." +2008-07-15 00:21:05.275: debug: Run cmd "./dist.sh reload sub.example.net." +2008-07-15 00:21:05.279: debug: +2008-07-15 00:21:05.279: debug: parsing zone "example.net." in dir "./example.net." +2008-07-15 00:21:05.279: debug: Check RFC5011 status +2008-07-15 00:21:05.279: debug: ->ksk5011status returns 2 +2008-07-15 00:21:05.279: debug: Check ZSK status +2008-07-15 00:21:05.279: debug: Re-signing necessary: re-signing interval (2d) reached +2008-07-15 00:21:05.279: notice: "example.net.": re-signing triggered: re-signing interval (2d) reached +2008-07-15 00:21:05.279: debug: Writing key file "./example.net./dnskey.db" +2008-07-15 00:21:05.280: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-15 00:21:05.280: debug: Signing zone "example.net." +2008-07-15 00:21:05.280: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-15 00:21:05.418: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-15 00:21:05.419: debug: Signing completed after 0s. +2008-07-15 00:21:05.419: notice: "example.net.": distribution triggered +2008-07-15 00:21:05.419: debug: Distribute zone "example.net." +2008-07-15 00:21:05.419: debug: Run cmd "./dist.sh reload example.net." +2008-07-15 00:21:05.423: debug: +2008-07-15 00:21:05.423: notice: end of run: 0 errors occured +2008-07-15 00:21:18.128: notice: ------------------------------------------------------------ +2008-07-15 00:21:18.128: notice: running ../../dnssec-signer -r -v -v +2008-07-15 00:21:18.130: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-15 00:21:18.130: debug: Check RFC5011 status +2008-07-15 00:21:18.130: debug: ->ksk5011status returns 0 +2008-07-15 00:21:18.130: debug: Check KSK status +2008-07-15 00:21:18.130: debug: Check ZSK status +2008-07-15 00:21:18.130: debug: Re-signing not necessary! +2008-07-15 00:21:18.130: debug: Check if there is a parent file to copy +2008-07-15 00:21:18.130: debug: +2008-07-15 00:21:18.130: debug: parsing zone "example.net." in dir "./example.net." +2008-07-15 00:21:18.131: debug: Check RFC5011 status +2008-07-15 00:21:18.131: debug: ->ksk5011status returns 2 +2008-07-15 00:21:18.131: debug: Check ZSK status +2008-07-15 00:21:18.131: debug: Re-signing not necessary! +2008-07-15 00:21:18.131: debug: Check if there is a parent file to copy +2008-07-15 00:21:18.131: debug: +2008-07-15 00:21:18.131: notice: end of run: 0 errors occured +2008-07-15 00:21:26.360: notice: ------------------------------------------------------------ +2008-07-15 00:21:26.360: notice: running ../../dnssec-signer -f -r -v -v +2008-07-15 00:21:26.362: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-15 00:21:26.362: debug: Check RFC5011 status +2008-07-15 00:21:26.362: debug: ->ksk5011status returns 0 +2008-07-15 00:21:26.362: debug: Check KSK status +2008-07-15 00:21:26.362: debug: Check ZSK status +2008-07-15 00:21:26.362: debug: Re-signing necessary: Option -f +2008-07-15 00:21:26.362: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-15 00:21:26.362: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-15 00:21:26.363: debug: Signing zone "sub.example.net." +2008-07-15 00:21:26.363: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-15 00:21:26.978: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-15 00:21:26.978: debug: Signing completed after 0s. +2008-07-15 00:21:26.978: notice: "sub.example.net.": distribution triggered +2008-07-15 00:21:26.978: debug: Distribute zone "sub.example.net." +2008-07-15 00:21:26.978: debug: Run cmd "./dist.sh reload sub.example.net." +2008-07-15 00:21:26.983: debug: +2008-07-15 00:21:26.983: debug: parsing zone "example.net." in dir "./example.net." +2008-07-15 00:21:26.983: debug: Check RFC5011 status +2008-07-15 00:21:26.983: debug: ->ksk5011status returns 2 +2008-07-15 00:21:26.983: debug: Check ZSK status +2008-07-15 00:21:26.983: debug: Re-signing necessary: Option -f +2008-07-15 00:21:26.983: notice: "example.net.": re-signing triggered: Option -f +2008-07-15 00:21:26.983: debug: Writing key file "./example.net./dnskey.db" +2008-07-15 00:21:26.983: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-15 00:21:26.983: debug: Signing zone "example.net." +2008-07-15 00:21:26.983: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-15 00:21:27.122: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-15 00:21:27.122: debug: Signing completed after 1s. +2008-07-15 00:21:27.122: notice: "example.net.": distribution triggered +2008-07-15 00:21:27.122: debug: Distribute zone "example.net." +2008-07-15 00:21:27.122: debug: Run cmd "./dist.sh reload example.net." +2008-07-15 00:21:27.127: debug: +2008-07-15 00:21:27.127: notice: end of run: 0 errors occured +2008-07-15 00:21:52.947: notice: ------------------------------------------------------------ +2008-07-15 00:21:52.947: notice: running ../../dnssec-signer -f -r -v -v +2008-07-15 00:21:52.951: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-15 00:21:52.951: debug: Check RFC5011 status +2008-07-15 00:21:52.951: debug: ->ksk5011status returns 0 +2008-07-15 00:21:52.951: debug: Check KSK status +2008-07-15 00:21:52.951: debug: Check ZSK status +2008-07-15 00:21:52.951: debug: Re-signing necessary: Option -f +2008-07-15 00:21:52.951: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-15 00:21:52.951: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-15 00:21:52.952: debug: Signing zone "sub.example.net." +2008-07-15 00:21:52.952: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-15 00:21:53.119: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-15 00:21:53.119: debug: Signing completed after 1s. +2008-07-15 00:21:53.120: notice: "sub.example.net.": distribution triggered +2008-07-15 00:21:53.120: debug: Distribute zone "sub.example.net." +2008-07-15 00:21:53.120: debug: Run cmd "./dist.sh reload sub.example.net." +2008-07-15 00:21:53.126: debug: +2008-07-15 00:21:53.126: debug: parsing zone "example.net." in dir "./example.net." +2008-07-15 00:21:53.126: debug: Check RFC5011 status +2008-07-15 00:21:53.126: debug: ->ksk5011status returns 2 +2008-07-15 00:21:53.126: debug: Check ZSK status +2008-07-15 00:21:53.126: debug: Re-signing necessary: Option -f +2008-07-15 00:21:53.126: notice: "example.net.": re-signing triggered: Option -f +2008-07-15 00:21:53.126: debug: Writing key file "./example.net./dnskey.db" +2008-07-15 00:21:53.126: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-15 00:21:53.126: debug: Signing zone "example.net." +2008-07-15 00:21:53.126: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-15 00:21:53.262: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-15 00:21:53.262: debug: Signing completed after 0s. +2008-07-15 00:21:53.262: notice: "example.net.": distribution triggered +2008-07-15 00:21:53.262: debug: Distribute zone "example.net." +2008-07-15 00:21:53.262: debug: Run cmd "./dist.sh reload example.net." +2008-07-15 00:21:53.268: debug: +2008-07-15 00:21:53.268: notice: end of run: 0 errors occured +2008-07-15 00:23:40.781: notice: ------------------------------------------------------------ +2008-07-15 00:23:40.781: notice: running ../../dnssec-signer -f -r -v -v +2008-07-15 00:23:40.783: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-15 00:23:40.783: debug: Check RFC5011 status +2008-07-15 00:23:40.783: debug: ->ksk5011status returns 0 +2008-07-15 00:23:40.783: debug: Check KSK status +2008-07-15 00:23:40.783: debug: Check ZSK status +2008-07-15 00:23:40.783: debug: Re-signing necessary: Option -f +2008-07-15 00:23:40.783: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-15 00:23:40.783: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-15 00:23:40.786: debug: Signing zone "sub.example.net." +2008-07-15 00:23:40.786: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-15 00:23:41.281: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-15 00:23:41.281: debug: Signing completed after 1s. +2008-07-15 00:23:41.281: notice: "sub.example.net.": distribution triggered +2008-07-15 00:23:41.281: debug: Distribute zone "sub.example.net." +2008-07-15 00:23:41.281: debug: Run cmd "./dist.sh reload sub.example.net." +2008-07-15 00:23:41.287: debug: +2008-07-15 00:23:41.287: debug: parsing zone "example.net." in dir "./example.net." +2008-07-15 00:23:41.287: debug: Check RFC5011 status +2008-07-15 00:23:41.287: debug: ->ksk5011status returns 2 +2008-07-15 00:23:41.287: debug: Check ZSK status +2008-07-15 00:23:41.287: debug: Re-signing necessary: Option -f +2008-07-15 00:23:41.287: notice: "example.net.": re-signing triggered: Option -f +2008-07-15 00:23:41.288: debug: Writing key file "./example.net./dnskey.db" +2008-07-15 00:23:41.288: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-15 00:23:41.288: debug: Signing zone "example.net." +2008-07-15 00:23:41.289: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-15 00:23:41.561: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-15 00:23:41.561: debug: Signing completed after 0s. +2008-07-15 00:23:41.561: notice: "example.net.": distribution triggered +2008-07-15 00:23:41.561: debug: Distribute zone "example.net." +2008-07-15 00:23:41.561: debug: Run cmd "./dist.sh reload example.net." +2008-07-15 00:23:41.566: debug: +2008-07-15 00:23:41.567: notice: end of run: 0 errors occured +2008-07-15 00:31:10.917: notice: ------------------------------------------------------------ +2008-07-15 00:31:10.917: notice: running ../../dnssec-signer -f -r -v -v +2008-07-15 00:31:10.923: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-15 00:31:10.923: debug: Check RFC5011 status +2008-07-15 00:31:10.923: debug: ->ksk5011status returns 0 +2008-07-15 00:31:10.923: debug: Check KSK status +2008-07-15 00:31:10.923: debug: Check ZSK status +2008-07-15 00:31:10.923: debug: Lifetime(390 sec) of depreciated key 2338 exceeded (605 sec) +2008-07-15 00:31:10.923: info: "sub.example.net.": removed old ZSK 2338 + +2008-07-15 00:31:10.924: debug: ->remove it +2008-07-15 00:31:10.924: debug: Re-signing necessary: Option -f +2008-07-15 00:31:10.924: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-15 00:31:10.924: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-15 00:31:11.347: debug: Signing zone "sub.example.net." +2008-07-15 00:31:11.347: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-15 00:31:11.571: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-15 00:31:11.571: debug: Signing completed after 0s. +2008-07-15 00:31:11.571: notice: "sub.example.net.": distribution triggered +2008-07-15 00:31:11.571: debug: Distribute zone "sub.example.net." +2008-07-15 00:31:11.571: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-15 00:31:11.579: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed :/sub.example.net." +2008-07-15 00:31:11.579: debug: +2008-07-15 00:31:11.580: debug: parsing zone "example.net." in dir "./example.net." +2008-07-15 00:31:11.580: debug: Check RFC5011 status +2008-07-15 00:31:11.580: debug: ->ksk5011status returns 2 +2008-07-15 00:31:11.580: debug: Check ZSK status +2008-07-15 00:31:11.580: debug: Re-signing necessary: Option -f +2008-07-15 00:31:11.580: notice: "example.net.": re-signing triggered: Option -f +2008-07-15 00:31:11.580: debug: Writing key file "./example.net./dnskey.db" +2008-07-15 00:31:11.581: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-15 00:31:11.581: debug: Signing zone "example.net." +2008-07-15 00:31:11.581: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-15 00:31:11.698: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-15 00:31:11.698: debug: Signing completed after 0s. +2008-07-15 00:31:11.698: notice: "example.net.": distribution triggered +2008-07-15 00:31:11.698: debug: Distribute zone "example.net." +2008-07-15 00:31:11.698: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" +2008-07-15 00:31:11.704: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed :/example.net." +2008-07-15 00:31:11.704: debug: +2008-07-15 00:31:11.704: notice: end of run: 0 errors occured +2008-07-15 00:32:00.676: notice: ------------------------------------------------------------ +2008-07-15 00:32:00.676: notice: running ../../dnssec-signer -f -r -v -v +2008-07-15 00:32:00.678: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-15 00:32:00.678: debug: Check RFC5011 status +2008-07-15 00:32:00.678: debug: ->ksk5011status returns 0 +2008-07-15 00:32:00.678: debug: Check KSK status +2008-07-15 00:32:00.678: debug: Check ZSK status +2008-07-15 00:32:00.678: debug: Re-signing necessary: Option -f +2008-07-15 00:32:00.678: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-15 00:32:00.678: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-15 00:32:00.679: debug: Signing zone "sub.example.net." +2008-07-15 00:32:00.679: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-15 00:32:01.282: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-15 00:32:01.282: debug: Signing completed after 1s. +2008-07-15 00:32:01.282: notice: "sub.example.net.": distribution triggered +2008-07-15 00:32:01.282: debug: Distribute zone "sub.example.net." +2008-07-15 00:32:01.282: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-15 00:32:01.289: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/sub.example.net." +2008-07-15 00:32:01.289: debug: +2008-07-15 00:32:01.289: debug: parsing zone "example.net." in dir "./example.net." +2008-07-15 00:32:01.289: debug: Check RFC5011 status +2008-07-15 00:32:01.289: debug: ->ksk5011status returns 2 +2008-07-15 00:32:01.289: debug: Check ZSK status +2008-07-15 00:32:01.290: debug: Re-signing necessary: Option -f +2008-07-15 00:32:01.290: notice: "example.net.": re-signing triggered: Option -f +2008-07-15 00:32:01.290: debug: Writing key file "./example.net./dnskey.db" +2008-07-15 00:32:01.291: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-15 00:32:01.291: debug: Signing zone "example.net." +2008-07-15 00:32:01.291: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-15 00:32:01.405: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-15 00:32:01.405: debug: Signing completed after 0s. +2008-07-15 00:32:01.406: notice: "example.net.": distribution triggered +2008-07-15 00:32:01.406: debug: Distribute zone "example.net." +2008-07-15 00:32:01.406: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" +2008-07-15 00:32:01.412: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/example.net." +2008-07-15 00:32:01.412: debug: +2008-07-15 00:32:01.412: notice: end of run: 0 errors occured +2008-07-15 00:33:00.866: notice: ------------------------------------------------------------ +2008-07-15 00:33:00.867: notice: running ../../dnssec-signer -f -r -v -v +2008-07-15 00:33:00.869: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-15 00:33:00.869: debug: Check RFC5011 status +2008-07-15 00:33:00.869: debug: ->ksk5011status returns 0 +2008-07-15 00:33:00.869: debug: Check KSK status +2008-07-15 00:33:00.869: debug: Check ZSK status +2008-07-15 00:33:00.869: debug: Re-signing necessary: Option -f +2008-07-15 00:33:00.870: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-15 00:33:00.870: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-15 00:33:00.870: debug: Signing zone "sub.example.net." +2008-07-15 00:33:00.870: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-15 00:33:01.531: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-15 00:33:01.531: debug: Signing completed after 1s. +2008-07-15 00:33:01.531: notice: "sub.example.net.": distribution triggered +2008-07-15 00:33:01.531: debug: Distribute zone "sub.example.net." +2008-07-15 00:33:01.531: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-15 00:33:01.537: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net." +2008-07-15 00:33:01.537: debug: +2008-07-15 00:33:01.537: debug: parsing zone "example.net." in dir "./example.net." +2008-07-15 00:33:01.538: debug: Check RFC5011 status +2008-07-15 00:33:01.538: debug: ->ksk5011status returns 2 +2008-07-15 00:33:01.538: debug: Check ZSK status +2008-07-15 00:33:01.538: debug: Re-signing necessary: Option -f +2008-07-15 00:33:01.538: notice: "example.net.": re-signing triggered: Option -f +2008-07-15 00:33:01.538: debug: Writing key file "./example.net./dnskey.db" +2008-07-15 00:33:01.539: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-15 00:33:01.539: debug: Signing zone "example.net." +2008-07-15 00:33:01.539: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-15 00:33:01.655: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-15 00:33:01.655: debug: Signing completed after 0s. +2008-07-15 00:33:01.655: notice: "example.net.": distribution triggered +2008-07-15 00:33:01.655: debug: Distribute zone "example.net." +2008-07-15 00:33:01.656: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" +2008-07-15 00:33:01.661: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net." +2008-07-15 00:33:01.662: debug: +2008-07-15 00:33:01.662: notice: end of run: 0 errors occured +2008-07-15 00:34:09.259: notice: ------------------------------------------------------------ +2008-07-15 00:34:09.259: notice: running ../../dnssec-signer -f -r -v -v +2008-07-15 00:34:09.261: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-15 00:34:09.261: debug: Check RFC5011 status +2008-07-15 00:34:09.261: debug: ->ksk5011status returns 0 +2008-07-15 00:34:09.261: debug: Check KSK status +2008-07-15 00:34:09.261: debug: Check ZSK status +2008-07-15 00:34:09.261: debug: Re-signing necessary: Option -f +2008-07-15 00:34:09.261: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-15 00:34:09.261: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-15 00:34:09.261: debug: Signing zone "sub.example.net." +2008-07-15 00:34:09.261: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-15 00:34:10.245: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-15 00:34:10.245: debug: Signing completed after 1s. +2008-07-15 00:34:10.245: notice: "sub.example.net.": distribution triggered +2008-07-15 00:34:10.245: debug: Distribute zone "sub.example.net." +2008-07-15 00:34:10.245: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-15 00:34:10.251: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./" +2008-07-15 00:34:10.252: debug: +2008-07-15 00:34:10.252: debug: parsing zone "example.net." in dir "./example.net." +2008-07-15 00:34:10.252: debug: Check RFC5011 status +2008-07-15 00:34:10.252: debug: ->ksk5011status returns 2 +2008-07-15 00:34:10.252: debug: Check ZSK status +2008-07-15 00:34:10.252: debug: Re-signing necessary: Option -f +2008-07-15 00:34:10.252: notice: "example.net.": re-signing triggered: Option -f +2008-07-15 00:34:10.252: debug: Writing key file "./example.net./dnskey.db" +2008-07-15 00:34:10.252: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-15 00:34:10.252: debug: Signing zone "example.net." +2008-07-15 00:34:10.252: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-15 00:34:10.369: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-15 00:34:10.369: debug: Signing completed after 0s. +2008-07-15 00:34:10.369: notice: "example.net.": distribution triggered +2008-07-15 00:34:10.369: debug: Distribute zone "example.net." +2008-07-15 00:34:10.369: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" +2008-07-15 00:34:10.375: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./" +2008-07-15 00:34:10.375: debug: +2008-07-15 00:34:10.375: notice: end of run: 0 errors occured +2008-07-18 00:38:52.860: notice: ------------------------------------------------------------ +2008-07-18 00:38:52.860: notice: running ../../dnssec-signer -v -v +2008-07-18 00:38:52.862: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-18 00:38:52.862: debug: Check RFC5011 status +2008-07-18 00:38:52.862: debug: ->ksk5011status returns 0 +2008-07-18 00:38:52.862: debug: Check KSK status +2008-07-18 00:38:52.862: debug: Check ZSK status +2008-07-18 00:38:52.862: debug: Lifetime(259200 +/-150 sec) of active key 9198 exceeded (260267 sec) +2008-07-18 00:38:52.862: debug: ->depreciate it +2008-07-18 00:38:52.862: debug: ->activate published key 8397 +2008-07-18 00:38:52.862: notice: "sub.example.net.": lifetime of zone signing key 9198 exceeded: ZSK rollover done +2008-07-18 00:38:52.862: debug: New published key needed +2008-07-18 00:38:53.418: debug: ->creating new published key 31081 +2008-07-18 00:38:53.418: info: "sub.example.net.": new key 31081 generated for publishing +2008-07-18 00:38:53.418: debug: Re-signing necessary: New zone key +2008-07-18 00:38:53.418: notice: "sub.example.net.": re-signing triggered: New zone key +2008-07-18 00:38:53.418: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-18 00:38:53.419: debug: Signing zone "sub.example.net." +2008-07-18 00:38:53.419: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-18 00:38:53.556: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-18 00:38:53.556: debug: Signing completed after 0s. +2008-07-18 00:38:53.556: debug: +2008-07-18 00:38:53.556: debug: parsing zone "example.net." in dir "./example.net." +2008-07-18 00:38:53.557: debug: Check RFC5011 status +2008-07-18 00:38:53.557: debug: ->ksk5011status returns 2 +2008-07-18 00:38:53.557: debug: Check ZSK status +2008-07-18 00:38:53.557: debug: Re-signing necessary: re-signing interval (2d) reached +2008-07-18 00:38:53.557: notice: "example.net.": re-signing triggered: re-signing interval (2d) reached +2008-07-18 00:38:53.557: debug: Writing key file "./example.net./dnskey.db" +2008-07-18 00:38:53.558: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-18 00:38:53.558: debug: Signing zone "example.net." +2008-07-18 00:38:53.559: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-18 00:38:53.715: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-18 00:38:53.715: debug: Signing completed after 0s. +2008-07-18 00:38:53.715: debug: +2008-07-18 00:38:53.716: notice: end of run: 0 errors occured +2008-07-18 00:39:29.824: notice: ------------------------------------------------------------ +2008-07-18 00:39:29.824: notice: running ../../dnssec-signer -r -v -v +2008-07-18 00:39:29.827: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-18 00:39:29.827: debug: Check RFC5011 status +2008-07-18 00:39:29.827: debug: ->ksk5011status returns 0 +2008-07-18 00:39:29.827: debug: Check KSK status +2008-07-18 00:39:29.827: debug: Check ZSK status +2008-07-18 00:39:29.827: debug: Re-signing not necessary! +2008-07-18 00:39:29.827: debug: Check if there is a parent file to copy +2008-07-18 00:39:29.827: debug: +2008-07-18 00:39:29.827: debug: parsing zone "example.net." in dir "./example.net." +2008-07-18 00:39:29.827: debug: Check RFC5011 status +2008-07-18 00:39:29.827: debug: ->ksk5011status returns 2 +2008-07-18 00:39:29.827: debug: Check ZSK status +2008-07-18 00:39:29.827: debug: Re-signing not necessary! +2008-07-18 00:39:29.827: debug: Check if there is a parent file to copy +2008-07-18 00:39:29.827: debug: +2008-07-18 00:39:29.828: notice: end of run: 0 errors occured +2008-07-18 00:39:36.641: notice: ------------------------------------------------------------ +2008-07-18 00:39:36.641: notice: running ../../dnssec-signer -r -f -v -v +2008-07-18 00:39:36.644: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-18 00:39:36.644: debug: Check RFC5011 status +2008-07-18 00:39:36.644: debug: ->ksk5011status returns 0 +2008-07-18 00:39:36.644: debug: Check KSK status +2008-07-18 00:39:36.644: debug: Check ZSK status +2008-07-18 00:39:36.644: debug: Re-signing necessary: Option -f +2008-07-18 00:39:36.644: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-18 00:39:36.644: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-18 00:39:36.644: debug: Signing zone "sub.example.net." +2008-07-18 00:39:36.644: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-18 00:39:37.144: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-18 00:39:37.144: debug: Signing completed after 1s. +2008-07-18 00:39:37.144: notice: "sub.example.net.": distribution triggered +2008-07-18 00:39:37.144: debug: Distribute zone "sub.example.net." +2008-07-18 00:39:37.144: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-18 00:39:37.151: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./" +2008-07-18 00:39:37.151: debug: +2008-07-18 00:39:37.151: debug: parsing zone "example.net." in dir "./example.net." +2008-07-18 00:39:37.151: debug: Check RFC5011 status +2008-07-18 00:39:37.151: debug: ->ksk5011status returns 2 +2008-07-18 00:39:37.151: debug: Check ZSK status +2008-07-18 00:39:37.151: debug: Re-signing necessary: Option -f +2008-07-18 00:39:37.151: notice: "example.net.": re-signing triggered: Option -f +2008-07-18 00:39:37.151: debug: Writing key file "./example.net./dnskey.db" +2008-07-18 00:39:37.152: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-18 00:39:37.152: debug: Signing zone "example.net." +2008-07-18 00:39:37.152: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-18 00:39:37.313: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-18 00:39:37.313: debug: Signing completed after 0s. +2008-07-18 00:39:37.313: notice: "example.net.": distribution triggered +2008-07-18 00:39:37.313: debug: Distribute zone "example.net." +2008-07-18 00:39:37.313: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" +2008-07-18 00:39:37.319: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./" +2008-07-18 00:39:37.319: debug: +2008-07-18 00:39:37.319: notice: end of run: 0 errors occured +2008-07-18 00:42:39.912: notice: ------------------------------------------------------------ +2008-07-18 00:42:39.912: notice: running ../../dnssec-signer -v -v +2008-07-18 00:42:39.914: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-18 00:42:39.914: debug: Check RFC5011 status +2008-07-18 00:42:39.914: debug: ->ksk5011status returns 0 +2008-07-18 00:42:39.914: debug: Check KSK status +2008-07-18 00:42:39.914: debug: Check ZSK status +2008-07-18 00:42:39.914: debug: Re-signing not necessary! +2008-07-18 00:42:39.914: debug: Check if there is a parent file to copy +2008-07-18 00:42:39.914: debug: +2008-07-18 00:42:39.914: debug: parsing zone "example.net." in dir "./example.net." +2008-07-18 00:42:39.914: debug: Check RFC5011 status +2008-07-18 00:42:39.914: debug: ->ksk5011status returns 2 +2008-07-18 00:42:39.914: debug: Check ZSK status +2008-07-18 00:42:39.914: debug: Re-signing not necessary! +2008-07-18 00:42:39.914: debug: Check if there is a parent file to copy +2008-07-18 00:42:39.914: debug: +2008-07-18 00:42:39.914: notice: end of run: 0 errors occured +2008-07-22 00:10:38.346: notice: ------------------------------------------------------------ +2008-07-22 00:10:38.346: notice: running ../../dnssec-signer -v -v +2008-07-22 00:10:38.349: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-22 00:10:38.349: debug: Check RFC5011 status +2008-07-22 00:10:38.349: debug: ->ksk5011status returns 0 +2008-07-22 00:10:38.349: debug: Check KSK status +2008-07-22 00:10:38.349: debug: Check ZSK status +2008-07-22 00:10:38.349: debug: Lifetime(390 sec) of depreciated key 9198 exceeded (343906 sec) +2008-07-22 00:10:38.349: info: "sub.example.net.": removed old ZSK 9198 + +2008-07-22 00:10:38.349: debug: ->remove it +2008-07-22 00:10:38.349: debug: Lifetime(259200 +/-150 sec) of active key 8397 exceeded (343906 sec) +2008-07-22 00:10:38.349: debug: ->depreciate it +2008-07-22 00:10:38.349: debug: ->activate published key 31081 +2008-07-22 00:10:38.349: notice: "sub.example.net.": lifetime of zone signing key 8397 exceeded: ZSK rollover done +2008-07-22 00:10:38.349: debug: New published key needed +2008-07-22 00:10:38.870: debug: ->creating new published key 3615 +2008-07-22 00:10:38.870: info: "sub.example.net.": new key 3615 generated for publishing +2008-07-22 00:10:38.870: debug: Re-signing necessary: New zone key +2008-07-22 00:10:38.870: notice: "sub.example.net.": re-signing triggered: New zone key +2008-07-22 00:10:38.870: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-22 00:10:38.871: debug: Signing zone "sub.example.net." +2008-07-22 00:10:38.871: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-22 00:10:39.208: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 00:10:39.208: debug: Signing completed after 1s. +2008-07-22 00:10:39.208: debug: +2008-07-22 00:10:39.208: debug: parsing zone "example.net." in dir "./example.net." +2008-07-22 00:10:39.208: debug: Check RFC5011 status +2008-07-22 00:10:39.208: debug: ->ksk5011status returns 2 +2008-07-22 00:10:39.208: debug: Check ZSK status +2008-07-22 00:10:39.208: debug: New published key needed +2008-07-22 00:10:39.255: debug: ->creating new published key 41300 +2008-07-22 00:10:39.255: info: "example.net.": new key 41300 generated for publishing +2008-07-22 00:10:39.255: debug: Re-signing necessary: New zone key +2008-07-22 00:10:39.255: notice: "example.net.": re-signing triggered: New zone key +2008-07-22 00:10:39.255: debug: Writing key file "./example.net./dnskey.db" +2008-07-22 00:10:39.256: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-22 00:10:39.256: debug: Signing zone "example.net." +2008-07-22 00:10:39.256: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-22 00:10:39.414: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 00:10:39.414: debug: Signing completed after 0s. +2008-07-22 00:10:39.414: debug: +2008-07-22 00:10:39.414: notice: end of run: 0 errors occured +2008-07-22 00:16:04.680: notice: ------------------------------------------------------------ +2008-07-22 00:16:04.680: notice: running ../../dnssec-signer -v -v +2008-07-22 00:16:04.682: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-22 00:16:04.682: debug: Check RFC5011 status +2008-07-22 00:16:04.682: debug: ->ksk5011status returns 0 +2008-07-22 00:16:04.683: debug: Check KSK status +2008-07-22 00:16:04.683: debug: Check ZSK status +2008-07-22 00:16:04.683: debug: Re-signing not necessary! +2008-07-22 00:16:04.683: debug: Check if there is a parent file to copy +2008-07-22 00:16:04.683: debug: +2008-07-22 00:16:04.683: debug: parsing zone "example.net." in dir "./example.net." +2008-07-22 00:16:04.683: debug: Check RFC5011 status +2008-07-22 00:16:04.683: debug: ->ksk5011status returns 2 +2008-07-22 00:16:04.684: debug: Check ZSK status +2008-07-22 00:16:04.684: debug: Re-signing not necessary! +2008-07-22 00:16:04.684: debug: Check if there is a parent file to copy +2008-07-22 00:16:04.684: debug: +2008-07-22 00:16:04.684: notice: end of run: 0 errors occured +2008-07-22 00:16:09.309: notice: ------------------------------------------------------------ +2008-07-22 00:16:09.309: notice: running ../../dnssec-signer -r -v -v +2008-07-22 00:16:09.311: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-22 00:16:09.311: debug: Check RFC5011 status +2008-07-22 00:16:09.311: debug: ->ksk5011status returns 0 +2008-07-22 00:16:09.312: debug: Check KSK status +2008-07-22 00:16:09.312: debug: Check ZSK status +2008-07-22 00:16:09.312: debug: Re-signing not necessary! +2008-07-22 00:16:09.312: debug: Check if there is a parent file to copy +2008-07-22 00:16:09.312: debug: +2008-07-22 00:16:09.312: debug: parsing zone "example.net." in dir "./example.net." +2008-07-22 00:16:09.312: debug: Check RFC5011 status +2008-07-22 00:16:09.312: debug: ->ksk5011status returns 2 +2008-07-22 00:16:09.313: debug: Check ZSK status +2008-07-22 00:16:09.313: debug: Re-signing not necessary! +2008-07-22 00:16:09.313: debug: Check if there is a parent file to copy +2008-07-22 00:16:09.313: debug: +2008-07-22 00:16:09.313: notice: end of run: 0 errors occured +2008-07-22 00:16:13.285: notice: ------------------------------------------------------------ +2008-07-22 00:16:13.285: notice: running ../../dnssec-signer -r -f -v -v +2008-07-22 00:16:13.287: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-22 00:16:13.287: debug: Check RFC5011 status +2008-07-22 00:16:13.287: debug: ->ksk5011status returns 0 +2008-07-22 00:16:13.287: debug: Check KSK status +2008-07-22 00:16:13.287: debug: Check ZSK status +2008-07-22 00:16:13.287: debug: Re-signing necessary: Option -f +2008-07-22 00:16:13.287: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-22 00:16:13.287: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-22 00:16:13.287: debug: Signing zone "sub.example.net." +2008-07-22 00:16:13.287: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-22 00:16:13.822: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 00:16:13.822: debug: Signing completed after 0s. +2008-07-22 00:16:13.822: notice: "sub.example.net.": distribution triggered +2008-07-22 00:16:13.822: debug: Distribute zone "sub.example.net." +2008-07-22 00:16:13.822: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-22 00:16:13.828: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./" +2008-07-22 00:16:13.828: debug: +2008-07-22 00:16:13.829: debug: parsing zone "example.net." in dir "./example.net." +2008-07-22 00:16:13.829: debug: Check RFC5011 status +2008-07-22 00:16:13.829: debug: ->ksk5011status returns 2 +2008-07-22 00:16:13.829: debug: Check ZSK status +2008-07-22 00:16:13.829: debug: Re-signing necessary: Option -f +2008-07-22 00:16:13.829: notice: "example.net.": re-signing triggered: Option -f +2008-07-22 00:16:13.829: debug: Writing key file "./example.net./dnskey.db" +2008-07-22 00:16:13.830: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-22 00:16:13.830: debug: Signing zone "example.net." +2008-07-22 00:16:13.830: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-22 00:16:13.976: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 00:16:13.976: debug: Signing completed after 0s. +2008-07-22 00:16:13.977: notice: "example.net.": distribution triggered +2008-07-22 00:16:13.977: debug: Distribute zone "example.net." +2008-07-22 00:16:13.977: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" +2008-07-22 00:16:13.983: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./" +2008-07-22 00:16:13.983: debug: +2008-07-22 00:16:13.983: notice: end of run: 0 errors occured +2008-07-22 00:20:56.119: notice: ------------------------------------------------------------ +2008-07-22 00:20:56.119: notice: running ../../dnssec-signer -r -f -v -v +2008-07-22 00:20:56.121: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-22 00:20:56.121: debug: Check RFC5011 status +2008-07-22 00:20:56.121: debug: ->ksk5011status returns 0 +2008-07-22 00:20:56.121: debug: Check KSK status +2008-07-22 00:20:56.121: debug: Check ZSK status +2008-07-22 00:20:56.121: debug: Lifetime(390 sec) of depreciated key 8397 exceeded (618 sec) +2008-07-22 00:20:56.121: info: "sub.example.net.": removed old ZSK 8397 + +2008-07-22 00:20:56.122: debug: ->remove it +2008-07-22 00:20:56.122: debug: Re-signing necessary: Option -f +2008-07-22 00:20:56.122: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-22 00:20:56.122: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-22 00:20:56.122: debug: Signing zone "sub.example.net." +2008-07-22 00:20:56.122: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-22 00:20:56.627: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 00:20:56.627: debug: Signing completed after 0s. +2008-07-22 00:20:56.627: notice: "sub.example.net.": distribution triggered +2008-07-22 00:20:56.627: debug: Distribute zone "sub.example.net." +2008-07-22 00:20:56.627: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-22 00:20:56.634: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./" +2008-07-22 00:20:56.635: debug: +2008-07-22 00:20:56.635: debug: parsing zone "example.net." in dir "./example.net." +2008-07-22 00:20:56.635: debug: Check RFC5011 status +2008-07-22 00:20:56.635: debug: ->ksk5011status returns 2 +2008-07-22 00:20:56.635: debug: Check ZSK status +2008-07-22 00:20:56.635: debug: Re-signing necessary: Option -f +2008-07-22 00:20:56.635: notice: "example.net.": re-signing triggered: Option -f +2008-07-22 00:20:56.635: debug: Writing key file "./example.net./dnskey.db" +2008-07-22 00:20:56.636: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-22 00:20:56.636: debug: Signing zone "example.net." +2008-07-22 00:20:56.637: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-22 00:20:56.760: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 00:20:56.760: debug: Signing completed after 0s. +2008-07-22 00:20:56.760: notice: "example.net.": distribution triggered +2008-07-22 00:20:56.760: debug: Distribute zone "example.net." +2008-07-22 00:20:56.760: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" +2008-07-22 00:20:56.768: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./" +2008-07-22 00:20:56.769: debug: +2008-07-22 00:20:56.769: notice: end of run: 0 errors occured +2008-07-22 00:23:51.528: notice: ------------------------------------------------------------ +2008-07-22 00:23:51.528: notice: running ../../dnssec-signer -r -f -v -v +2008-07-22 00:23:51.530: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-22 00:23:51.530: debug: Check RFC5011 status +2008-07-22 00:23:51.530: debug: ->ksk5011status returns 0 +2008-07-22 00:23:51.531: debug: Check KSK status +2008-07-22 00:23:51.531: debug: Check ZSK status +2008-07-22 00:23:51.531: debug: Re-signing necessary: Option -f +2008-07-22 00:23:51.531: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-22 00:23:51.531: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-22 00:23:51.531: debug: Signing zone "sub.example.net." +2008-07-22 00:23:51.532: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-22 00:23:52.042: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 00:23:52.042: debug: Signing completed after 1s. +2008-07-22 00:23:52.042: notice: "sub.example.net.": distribution triggered +2008-07-22 00:23:52.042: debug: Distribute zone "sub.example.net." +2008-07-22 00:23:52.043: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-22 00:23:52.049: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./" +2008-07-22 00:23:52.049: debug: +2008-07-22 00:23:52.049: debug: parsing zone "example.net." in dir "./example.net." +2008-07-22 00:23:52.049: debug: Check RFC5011 status +2008-07-22 00:23:52.049: debug: ->ksk5011status returns 2 +2008-07-22 00:23:52.049: debug: Check ZSK status +2008-07-22 00:23:52.049: debug: Re-signing necessary: Option -f +2008-07-22 00:23:52.049: notice: "example.net.": re-signing triggered: Option -f +2008-07-22 00:23:52.049: debug: Writing key file "./example.net./dnskey.db" +2008-07-22 00:23:52.050: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-22 00:23:52.050: debug: Signing zone "example.net." +2008-07-22 00:23:52.050: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-22 00:23:52.176: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 00:23:52.176: debug: Signing completed after 0s. +2008-07-22 00:23:52.176: notice: "example.net.": distribution triggered +2008-07-22 00:23:52.176: debug: Distribute zone "example.net." +2008-07-22 00:23:52.176: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" +2008-07-22 00:23:52.185: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./" +2008-07-22 00:23:52.185: debug: +2008-07-22 00:23:52.185: notice: end of run: 0 errors occured +2008-07-22 00:24:09.609: notice: ------------------------------------------------------------ +2008-07-22 00:24:09.609: notice: running ../../dnssec-signer -r -f -v -v +2008-07-22 00:24:09.614: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-22 00:24:09.614: debug: Check RFC5011 status +2008-07-22 00:24:09.614: debug: ->ksk5011status returns 0 +2008-07-22 00:24:09.614: debug: Check KSK status +2008-07-22 00:24:09.614: debug: Check ZSK status +2008-07-22 00:24:09.614: debug: Re-signing necessary: Option -f +2008-07-22 00:24:09.614: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-22 00:24:09.614: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-22 00:24:09.614: debug: Signing zone "sub.example.net." +2008-07-22 00:24:09.614: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-22 00:24:10.692: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 00:24:10.692: debug: Signing completed after 1s. +2008-07-22 00:24:10.692: notice: "sub.example.net.": distribution triggered +2008-07-22 00:24:10.692: debug: Distribute zone "sub.example.net." +2008-07-22 00:24:10.692: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-22 00:24:10.698: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./" +2008-07-22 00:24:10.698: debug: +2008-07-22 00:24:10.698: debug: parsing zone "example.net." in dir "./example.net." +2008-07-22 00:24:10.698: debug: Check RFC5011 status +2008-07-22 00:24:10.698: debug: ->ksk5011status returns 2 +2008-07-22 00:24:10.698: debug: Check ZSK status +2008-07-22 00:24:10.698: debug: Re-signing necessary: Option -f +2008-07-22 00:24:10.698: notice: "example.net.": re-signing triggered: Option -f +2008-07-22 00:24:10.698: debug: Writing key file "./example.net./dnskey.db" +2008-07-22 00:24:10.699: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-22 00:24:10.699: debug: Signing zone "example.net." +2008-07-22 00:24:10.699: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-22 00:24:10.883: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 00:24:10.883: debug: Signing completed after 0s. +2008-07-22 00:24:10.883: notice: "example.net.": distribution triggered +2008-07-22 00:24:10.883: debug: Distribute zone "example.net." +2008-07-22 00:24:10.883: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" +2008-07-22 00:24:10.889: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./" +2008-07-22 00:24:10.889: debug: +2008-07-22 00:24:10.889: notice: end of run: 0 errors occured +2008-07-22 00:28:44.300: notice: ------------------------------------------------------------ +2008-07-22 00:28:44.300: notice: running ../../dnssec-signer -r -f -v -v +2008-07-22 00:28:44.302: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-22 00:28:44.302: debug: Check RFC5011 status +2008-07-22 00:28:44.302: debug: ->ksk5011status returns 0 +2008-07-22 00:28:44.302: debug: Check KSK status +2008-07-22 00:28:44.302: debug: Check ZSK status +2008-07-22 00:28:44.302: debug: Re-signing necessary: Option -f +2008-07-22 00:28:44.302: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-22 00:28:44.302: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-22 00:28:44.306: debug: Signing zone "sub.example.net." +2008-07-22 00:28:44.306: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-22 00:28:44.898: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 00:28:44.898: debug: Signing completed after 0s. +2008-07-22 00:28:44.898: notice: "sub.example.net.": distribution triggered +2008-07-22 00:28:44.899: debug: Distribute zone "sub.example.net." +2008-07-22 00:28:44.899: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-22 00:28:44.904: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./" +2008-07-22 00:28:44.905: debug: +2008-07-22 00:28:44.905: debug: parsing zone "example.net." in dir "./example.net." +2008-07-22 00:28:44.905: debug: Check RFC5011 status +2008-07-22 00:28:44.905: debug: ->ksk5011status returns 2 +2008-07-22 00:28:44.905: debug: Check ZSK status +2008-07-22 00:28:44.905: debug: Re-signing necessary: Option -f +2008-07-22 00:28:44.905: notice: "example.net.": re-signing triggered: Option -f +2008-07-22 00:28:44.905: debug: Writing key file "./example.net./dnskey.db" +2008-07-22 00:28:44.906: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-22 00:28:44.906: debug: Signing zone "example.net." +2008-07-22 00:28:44.907: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-22 00:28:45.039: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 00:28:45.039: debug: Signing completed after 1s. +2008-07-22 00:28:45.039: notice: "example.net.": distribution triggered +2008-07-22 00:28:45.039: debug: Distribute zone "example.net." +2008-07-22 00:28:45.040: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" +2008-07-22 00:28:45.046: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./" +2008-07-22 00:28:45.046: debug: +2008-07-22 00:28:45.046: notice: end of run: 0 errors occured +2008-07-22 00:39:15.968: notice: ------------------------------------------------------------ +2008-07-22 00:39:15.968: notice: running ../../dnssec-signer -r -v -v +2008-07-22 00:39:16.005: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-22 00:39:16.006: debug: Check RFC5011 status +2008-07-22 00:39:16.006: debug: ->ksk5011status returns 0 +2008-07-22 00:39:16.006: debug: Check KSK status +2008-07-22 00:39:16.006: debug: Check ZSK status +2008-07-22 00:39:16.006: debug: Re-signing not necessary! +2008-07-22 00:39:16.006: debug: Check if there is a parent file to copy +2008-07-22 00:39:16.006: debug: +2008-07-22 00:39:16.006: debug: parsing zone "example.net." in dir "./example.net." +2008-07-22 00:39:16.006: debug: Check RFC5011 status +2008-07-22 00:39:16.006: debug: ->ksk5011status returns 2 +2008-07-22 00:39:16.007: debug: Check ZSK status +2008-07-22 00:39:16.007: debug: Re-signing not necessary! +2008-07-22 00:39:16.007: debug: Check if there is a parent file to copy +2008-07-22 00:39:16.007: debug: +2008-07-22 00:39:16.007: notice: end of run: 0 errors occured +2008-07-22 00:39:31.578: notice: ------------------------------------------------------------ +2008-07-22 00:39:31.578: notice: running ../../dnssec-signer -r -f -v -v +2008-07-22 00:39:31.580: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-22 00:39:31.580: debug: Check RFC5011 status +2008-07-22 00:39:31.580: debug: ->ksk5011status returns 0 +2008-07-22 00:39:31.580: debug: Check KSK status +2008-07-22 00:39:31.581: debug: Check ZSK status +2008-07-22 00:39:31.581: debug: Re-signing necessary: Option -f +2008-07-22 00:39:31.581: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-22 00:39:31.581: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-22 00:39:31.581: debug: Signing zone "sub.example.net." +2008-07-22 00:39:31.582: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-22 00:39:32.216: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 00:39:32.216: debug: Signing completed after 1s. +2008-07-22 00:39:32.216: notice: "sub.example.net.": distribution triggered +2008-07-22 00:39:32.216: debug: Distribute zone "sub.example.net." +2008-07-22 00:39:32.217: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-22 00:39:32.223: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./" +2008-07-22 00:39:32.223: debug: +2008-07-22 00:39:32.223: debug: parsing zone "example.net." in dir "./example.net." +2008-07-22 00:39:32.223: debug: Check RFC5011 status +2008-07-22 00:39:32.223: debug: ->ksk5011status returns 2 +2008-07-22 00:39:32.223: debug: Check ZSK status +2008-07-22 00:39:32.223: debug: Re-signing necessary: Option -f +2008-07-22 00:39:32.223: notice: "example.net.": re-signing triggered: Option -f +2008-07-22 00:39:32.223: debug: Writing key file "./example.net./dnskey.db" +2008-07-22 00:39:32.224: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-22 00:39:32.224: debug: Signing zone "example.net." +2008-07-22 00:39:32.225: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-22 00:39:32.360: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 00:39:32.361: debug: Signing completed after 0s. +2008-07-22 00:39:32.361: notice: "example.net.": distribution triggered +2008-07-22 00:39:32.361: debug: Distribute zone "example.net." +2008-07-22 00:39:32.361: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" +2008-07-22 00:39:32.367: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./" +2008-07-22 00:39:32.367: debug: +2008-07-22 00:39:32.367: notice: end of run: 0 errors occured +2008-07-22 00:41:53.710: notice: ------------------------------------------------------------ +2008-07-22 00:41:53.710: notice: running ../../dnssec-signer -r -f -v -v +2008-07-22 00:41:53.712: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-22 00:41:53.712: debug: Check RFC5011 status +2008-07-22 00:41:53.712: debug: ->ksk5011status returns 0 +2008-07-22 00:41:53.712: debug: Check KSK status +2008-07-22 00:41:53.712: debug: Check ZSK status +2008-07-22 00:41:53.712: debug: Re-signing necessary: Option -f +2008-07-22 00:41:53.712: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-22 00:41:53.712: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-22 00:41:53.712: debug: Signing zone "sub.example.net." +2008-07-22 00:41:53.713: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-22 00:41:53.866: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 00:41:53.866: debug: Signing completed after 0s. +2008-07-22 00:41:53.866: notice: "sub.example.net.": distribution triggered +2008-07-22 00:41:53.866: debug: Distribute zone "sub.example.net." +2008-07-22 00:41:53.867: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-22 00:41:53.873: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./" +2008-07-22 00:41:53.873: debug: +2008-07-22 00:41:53.873: debug: parsing zone "example.net." in dir "./example.net." +2008-07-22 00:41:53.873: debug: Check RFC5011 status +2008-07-22 00:41:53.873: debug: ->ksk5011status returns 2 +2008-07-22 00:41:53.873: debug: Check ZSK status +2008-07-22 00:41:53.873: debug: Re-signing necessary: Option -f +2008-07-22 00:41:53.873: notice: "example.net.": re-signing triggered: Option -f +2008-07-22 00:41:53.873: debug: Writing key file "./example.net./dnskey.db" +2008-07-22 00:41:53.873: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-22 00:41:53.873: debug: Signing zone "example.net." +2008-07-22 00:41:53.873: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-22 00:41:53.989: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 00:41:53.989: debug: Signing completed after 0s. +2008-07-22 00:41:53.989: notice: "example.net.": distribution triggered +2008-07-22 00:41:53.989: debug: Distribute zone "example.net." +2008-07-22 00:41:53.989: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" +2008-07-22 00:41:53.995: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./" +2008-07-22 00:41:53.995: debug: +2008-07-22 00:41:53.995: notice: end of run: 0 errors occured +2008-07-22 00:45:46.509: notice: ------------------------------------------------------------ +2008-07-22 00:45:46.509: notice: running ../../dnssec-signer -r -f -v -v +2008-07-22 00:45:46.511: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-22 00:45:46.512: debug: Check RFC5011 status +2008-07-22 00:45:46.512: debug: ->ksk5011status returns 0 +2008-07-22 00:45:46.512: debug: Check KSK status +2008-07-22 00:45:46.512: debug: Check ZSK status +2008-07-22 00:45:46.512: debug: Re-signing necessary: Option -f +2008-07-22 00:45:46.512: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-22 00:45:46.512: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-22 00:45:46.513: debug: Signing zone "sub.example.net." +2008-07-22 00:45:46.513: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-22 00:45:46.734: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 00:45:46.734: debug: Signing completed after 0s. +2008-07-22 00:45:46.734: notice: "sub.example.net.": distribution triggered +2008-07-22 00:45:46.734: debug: Distribute zone "sub.example.net." +2008-07-22 00:45:46.734: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-22 00:45:46.740: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./" +2008-07-22 00:45:46.740: debug: +2008-07-22 00:45:46.740: debug: parsing zone "example.net." in dir "./example.net." +2008-07-22 00:45:46.740: debug: Check RFC5011 status +2008-07-22 00:45:46.741: debug: ->ksk5011status returns 2 +2008-07-22 00:45:46.741: debug: Check ZSK status +2008-07-22 00:45:46.741: debug: Re-signing necessary: Option -f +2008-07-22 00:45:46.741: notice: "example.net.": re-signing triggered: Option -f +2008-07-22 00:45:46.741: debug: Writing key file "./example.net./dnskey.db" +2008-07-22 00:45:46.742: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-22 00:45:46.742: debug: Signing zone "example.net." +2008-07-22 00:45:46.742: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-22 00:45:47.013: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 00:45:47.013: debug: Signing completed after 1s. +2008-07-22 00:45:47.013: notice: "example.net.": distribution triggered +2008-07-22 00:45:47.013: debug: Distribute zone "example.net." +2008-07-22 00:45:47.013: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" +2008-07-22 00:45:47.019: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./" +2008-07-22 00:45:47.019: debug: +2008-07-22 00:45:47.019: notice: end of run: 0 errors occured +2008-07-22 00:48:02.761: notice: ------------------------------------------------------------ +2008-07-22 00:48:02.761: notice: running ../../dnssec-signer -r -f -v -v +2008-07-22 00:48:02.763: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-22 00:48:02.763: debug: Check RFC5011 status +2008-07-22 00:48:02.763: debug: ->ksk5011status returns 0 +2008-07-22 00:48:02.763: debug: Check KSK status +2008-07-22 00:48:02.763: debug: Check ZSK status +2008-07-22 00:48:02.763: debug: Re-signing necessary: Option -f +2008-07-22 00:48:02.763: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-22 00:48:02.763: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-22 00:48:02.763: debug: Signing zone "sub.example.net." +2008-07-22 00:48:02.763: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-22 00:48:02.907: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 00:48:02.907: debug: Signing completed after 0s. +2008-07-22 00:48:02.907: notice: "sub.example.net.": distribution triggered +2008-07-22 00:48:02.907: debug: Distribute zone "sub.example.net." +2008-07-22 00:48:02.907: debug: +2008-07-22 00:48:02.907: debug: parsing zone "example.net." in dir "./example.net." +2008-07-22 00:48:02.907: debug: Check RFC5011 status +2008-07-22 00:48:02.907: debug: ->ksk5011status returns 2 +2008-07-22 00:48:02.907: debug: Check ZSK status +2008-07-22 00:48:02.907: debug: Re-signing necessary: Option -f +2008-07-22 00:48:02.907: notice: "example.net.": re-signing triggered: Option -f +2008-07-22 00:48:02.907: debug: Writing key file "./example.net./dnskey.db" +2008-07-22 00:48:02.908: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-22 00:48:02.908: debug: Signing zone "example.net." +2008-07-22 00:48:02.908: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-22 00:48:03.029: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 00:48:03.029: debug: Signing completed after 1s. +2008-07-22 00:48:03.029: notice: "example.net.": distribution triggered +2008-07-22 00:48:03.029: debug: Distribute zone "example.net." +2008-07-22 00:48:03.029: debug: +2008-07-22 00:48:03.029: notice: end of run: 0 errors occured +2008-07-22 00:48:56.098: notice: ------------------------------------------------------------ +2008-07-22 00:48:56.098: notice: running ../../dnssec-signer -r -f -v -v +2008-07-22 00:48:56.100: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-22 00:48:56.101: debug: Check RFC5011 status +2008-07-22 00:48:56.101: debug: ->ksk5011status returns 0 +2008-07-22 00:48:56.101: debug: Check KSK status +2008-07-22 00:48:56.101: debug: Check ZSK status +2008-07-22 00:48:56.101: debug: Re-signing necessary: Option -f +2008-07-22 00:48:56.101: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-22 00:48:56.101: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-22 00:48:56.102: debug: Signing zone "sub.example.net." +2008-07-22 00:48:56.102: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-22 00:48:56.244: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 00:48:56.244: debug: Signing completed after 0s. +2008-07-22 00:48:56.244: notice: "sub.example.net.": distribution triggered +2008-07-22 00:48:56.244: debug: Distribute zone "sub.example.net." +2008-07-22 00:48:56.245: debug: +2008-07-22 00:48:56.245: debug: parsing zone "example.net." in dir "./example.net." +2008-07-22 00:48:56.245: debug: Check RFC5011 status +2008-07-22 00:48:56.245: debug: ->ksk5011status returns 2 +2008-07-22 00:48:56.245: debug: Check ZSK status +2008-07-22 00:48:56.245: debug: Re-signing necessary: Option -f +2008-07-22 00:48:56.245: notice: "example.net.": re-signing triggered: Option -f +2008-07-22 00:48:56.246: debug: Writing key file "./example.net./dnskey.db" +2008-07-22 00:48:56.246: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-22 00:48:56.246: debug: Signing zone "example.net." +2008-07-22 00:48:56.247: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-22 00:48:56.367: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 00:48:56.367: debug: Signing completed after 0s. +2008-07-22 00:48:56.367: notice: "example.net.": distribution triggered +2008-07-22 00:48:56.367: debug: Distribute zone "example.net." +2008-07-22 00:48:56.367: debug: +2008-07-22 00:48:56.367: notice: end of run: 0 errors occured +2008-07-22 08:07:30.993: notice: ------------------------------------------------------------ +2008-07-22 08:07:30.993: notice: running ../../dnssec-signer -r -f -v -v +2008-07-22 08:07:30.995: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-22 08:07:30.995: debug: Check RFC5011 status +2008-07-22 08:07:30.995: debug: ->ksk5011status returns 0 +2008-07-22 08:07:30.995: debug: Check KSK status +2008-07-22 08:07:30.995: debug: Check ZSK status +2008-07-22 08:07:30.995: debug: Re-signing necessary: Option -f +2008-07-22 08:07:30.996: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-22 08:07:30.996: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-22 08:07:30.996: debug: Signing zone "sub.example.net." +2008-07-22 08:07:30.996: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-22 08:07:31.454: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 08:07:31.454: debug: Signing completed after 1s. +2008-07-22 08:07:31.454: notice: "sub.example.net.": distribution triggered +2008-07-22 08:07:31.454: debug: Distribute zone "sub.example.net." +2008-07-22 08:07:31.454: debug: +2008-07-22 08:07:31.454: debug: parsing zone "example.net." in dir "./example.net." +2008-07-22 08:07:31.454: debug: Check RFC5011 status +2008-07-22 08:07:31.454: debug: ->ksk5011status returns 2 +2008-07-22 08:07:31.454: debug: Check ZSK status +2008-07-22 08:07:31.454: debug: Re-signing necessary: Option -f +2008-07-22 08:07:31.454: notice: "example.net.": re-signing triggered: Option -f +2008-07-22 08:07:31.454: debug: Writing key file "./example.net./dnskey.db" +2008-07-22 08:07:31.454: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-22 08:07:31.454: debug: Signing zone "example.net." +2008-07-22 08:07:31.455: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-22 08:07:31.588: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 08:07:31.589: debug: Signing completed after 0s. +2008-07-22 08:07:31.589: notice: "example.net.": distribution triggered +2008-07-22 08:07:31.589: debug: Distribute zone "example.net." +2008-07-22 08:07:31.589: debug: +2008-07-22 08:07:31.589: notice: end of run: 0 errors occured +2008-07-22 08:08:09.237: notice: ------------------------------------------------------------ +2008-07-22 08:08:09.237: notice: running ../../dnssec-signer -r -f -v -v +2008-07-22 08:08:09.239: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-22 08:08:09.239: debug: Check RFC5011 status +2008-07-22 08:08:09.239: debug: ->ksk5011status returns 0 +2008-07-22 08:08:09.239: debug: Check KSK status +2008-07-22 08:08:09.239: debug: Check ZSK status +2008-07-22 08:08:09.239: debug: Re-signing necessary: Option -f +2008-07-22 08:08:09.239: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-22 08:08:09.239: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-22 08:08:09.240: debug: Signing zone "sub.example.net." +2008-07-22 08:08:09.240: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-22 08:08:09.506: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 08:08:09.507: debug: Signing completed after 0s. +2008-07-22 08:08:09.507: notice: "sub.example.net.": distribution triggered +2008-07-22 08:08:09.507: debug: Distribute zone "sub.example.net." +2008-07-22 08:10:10.328: notice: ------------------------------------------------------------ +2008-07-22 08:10:10.328: notice: running ../../dnssec-signer -r -f -v -v +2008-07-22 08:10:10.330: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-22 08:10:10.330: debug: Check RFC5011 status +2008-07-22 08:10:10.330: debug: ->ksk5011status returns 0 +2008-07-22 08:10:10.330: debug: Check KSK status +2008-07-22 08:10:10.330: debug: Check ZSK status +2008-07-22 08:10:10.330: debug: Re-signing necessary: Option -f +2008-07-22 08:10:10.330: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-22 08:10:10.330: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-22 08:10:10.331: debug: Signing zone "sub.example.net." +2008-07-22 08:10:10.331: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-22 08:10:10.950: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 08:10:10.950: debug: Signing completed after 0s. +2008-07-22 08:10:10.950: notice: "sub.example.net.": distribution triggered +2008-07-22 08:10:10.950: debug: Distribute zone "sub.example.net." +2008-07-22 08:11:17.247: notice: ------------------------------------------------------------ +2008-07-22 08:11:17.247: notice: running ../../dnssec-signer -r -f -v -v +2008-07-22 08:11:17.249: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-22 08:11:17.250: debug: Check RFC5011 status +2008-07-22 08:11:17.250: debug: ->ksk5011status returns 0 +2008-07-22 08:11:17.250: debug: Check KSK status +2008-07-22 08:11:17.250: debug: Check ZSK status +2008-07-22 08:11:17.250: debug: Re-signing necessary: Option -f +2008-07-22 08:11:17.250: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-22 08:11:17.250: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-22 08:11:17.251: debug: Signing zone "sub.example.net." +2008-07-22 08:11:17.251: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-22 08:11:17.883: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 08:11:17.883: debug: Signing completed after 0s. +2008-07-22 08:11:17.883: notice: "sub.example.net.": distribution triggered +2008-07-22 08:11:17.883: debug: Distribute zone "sub.example.net." +2008-07-22 08:11:17.883: debug: +2008-07-22 08:11:17.883: debug: parsing zone "example.net." in dir "./example.net." +2008-07-22 08:11:17.884: debug: Check RFC5011 status +2008-07-22 08:11:17.884: debug: ->ksk5011status returns 2 +2008-07-22 08:11:17.884: debug: Check ZSK status +2008-07-22 08:11:17.884: debug: Re-signing necessary: Option -f +2008-07-22 08:11:17.884: notice: "example.net.": re-signing triggered: Option -f +2008-07-22 08:11:17.884: debug: Writing key file "./example.net./dnskey.db" +2008-07-22 08:11:17.884: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-22 08:11:17.884: debug: Signing zone "example.net." +2008-07-22 08:11:17.884: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-22 08:11:18.005: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 08:11:18.005: debug: Signing completed after 1s. +2008-07-22 08:11:18.006: notice: "example.net.": distribution triggered +2008-07-22 08:11:18.006: debug: Distribute zone "example.net." +2008-07-22 08:11:18.006: debug: +2008-07-22 08:11:18.006: notice: end of run: 0 errors occured +2008-07-24 00:13:56.493: notice: ------------------------------------------------------------ +2008-07-24 00:13:56.493: notice: running ../../dnssec-signer -v -v +2008-07-24 00:13:56.495: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-24 00:13:56.495: debug: Check RFC5011 status +2008-07-24 00:13:56.495: debug: ->ksk5011status returns 0 +2008-07-24 00:13:56.495: debug: Check KSK status +2008-07-24 00:13:56.495: debug: Check ZSK status +2008-07-24 00:13:56.495: debug: Re-signing necessary: re-signing interval (1d) reached +2008-07-24 00:13:56.495: notice: "sub.example.net.": re-signing triggered: re-signing interval (1d) reached +2008-07-24 00:13:56.495: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-24 00:13:56.495: debug: Signing zone "sub.example.net." +2008-07-24 00:13:56.495: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-24 00:13:57.439: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 00:13:57.439: debug: Signing completed after 1s. +2008-07-24 00:13:57.439: debug: +2008-07-24 00:13:57.439: debug: parsing zone "example.net." in dir "./example.net." +2008-07-24 00:13:57.439: debug: Check RFC5011 status +2008-07-24 00:13:57.439: debug: ->ksk5011status returns 2 +2008-07-24 00:13:57.439: debug: Check ZSK status +2008-07-24 00:13:57.440: debug: Lifetime(1209600 +/-150 sec) of active key 16682 exceeded (1309537 sec) +2008-07-24 00:13:57.440: debug: ->depreciate it +2008-07-24 00:13:57.440: debug: ->activate published key 41300 +2008-07-24 00:13:57.440: notice: "example.net.": lifetime of zone signing key 16682 exceeded: ZSK rollover done +2008-07-24 00:13:57.440: debug: Re-signing necessary: New zone key +2008-07-24 00:13:57.440: notice: "example.net.": re-signing triggered: New zone key +2008-07-24 00:13:57.441: debug: Writing key file "./example.net./dnskey.db" +2008-07-24 00:13:57.441: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-24 00:13:57.441: debug: Signing zone "example.net." +2008-07-24 00:13:57.442: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-24 00:13:57.562: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 00:13:57.562: debug: Signing completed after 0s. +2008-07-24 00:13:57.562: debug: +2008-07-24 00:13:57.562: notice: end of run: 0 errors occured +2008-07-24 00:14:08.862: notice: ------------------------------------------------------------ +2008-07-24 00:14:08.862: notice: running ../../dnssec-signer -r -v -v +2008-07-24 00:14:08.864: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-24 00:14:08.864: debug: Check RFC5011 status +2008-07-24 00:14:08.864: debug: ->ksk5011status returns 0 +2008-07-24 00:14:08.864: debug: Check KSK status +2008-07-24 00:14:08.864: debug: Check ZSK status +2008-07-24 00:14:08.864: debug: Re-signing not necessary! +2008-07-24 00:14:08.864: debug: Check if there is a parent file to copy +2008-07-24 00:14:08.864: debug: +2008-07-24 00:14:08.864: debug: parsing zone "example.net." in dir "./example.net." +2008-07-24 00:14:08.864: debug: Check RFC5011 status +2008-07-24 00:14:08.864: debug: ->ksk5011status returns 2 +2008-07-24 00:14:08.864: debug: Check ZSK status +2008-07-24 00:14:08.864: debug: Re-signing not necessary! +2008-07-24 00:14:08.864: debug: Check if there is a parent file to copy +2008-07-24 00:14:08.864: debug: +2008-07-24 00:14:08.864: notice: end of run: 0 errors occured +2008-07-24 00:14:12.963: notice: ------------------------------------------------------------ +2008-07-24 00:14:12.963: notice: running ../../dnssec-signer -r -f -v -v +2008-07-24 00:14:12.965: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-24 00:14:12.965: debug: Check RFC5011 status +2008-07-24 00:14:12.965: debug: ->ksk5011status returns 0 +2008-07-24 00:14:12.965: debug: Check KSK status +2008-07-24 00:14:12.965: debug: Check ZSK status +2008-07-24 00:14:12.965: debug: Re-signing necessary: Option -f +2008-07-24 00:14:12.965: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-24 00:14:12.966: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-24 00:14:12.966: debug: Signing zone "sub.example.net." +2008-07-24 00:14:12.966: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-24 00:14:13.488: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 00:14:13.488: debug: Signing completed after 1s. +2008-07-24 00:14:13.488: error: exec of distribution command Ìö÷¿ forbidden due to strange file mode settings +2008-07-24 00:14:13.488: debug: +2008-07-24 00:14:13.488: debug: parsing zone "example.net." in dir "./example.net." +2008-07-24 00:14:13.488: debug: Check RFC5011 status +2008-07-24 00:14:13.488: debug: ->ksk5011status returns 2 +2008-07-24 00:14:13.488: debug: Check ZSK status +2008-07-24 00:14:13.488: debug: Re-signing necessary: Option -f +2008-07-24 00:14:13.488: notice: "example.net.": re-signing triggered: Option -f +2008-07-24 00:14:13.488: debug: Writing key file "./example.net./dnskey.db" +2008-07-24 00:14:13.489: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-24 00:14:13.489: debug: Signing zone "example.net." +2008-07-24 00:14:13.489: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-24 00:14:13.601: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 00:14:13.601: debug: Signing completed after 0s. +2008-07-24 00:14:13.601: error: exec of distribution command Ìö÷¿ forbidden due to strange file mode settings +2008-07-24 00:14:13.602: debug: +2008-07-24 00:14:13.602: notice: end of run: 2 errors occured +2008-07-24 00:15:38.304: notice: ------------------------------------------------------------ +2008-07-24 00:15:38.304: notice: running ../../dnssec-signer -f -v -v +2008-07-24 00:15:38.306: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-24 00:15:38.306: debug: Check RFC5011 status +2008-07-24 00:15:38.307: debug: ->ksk5011status returns 0 +2008-07-24 00:15:38.307: debug: Check KSK status +2008-07-24 00:15:38.307: debug: Check ZSK status +2008-07-24 00:15:38.307: debug: Re-signing necessary: Option -f +2008-07-24 00:15:38.307: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-24 00:15:38.307: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-24 00:15:38.308: debug: Signing zone "sub.example.net." +2008-07-24 00:15:38.308: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-24 00:15:39.280: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 00:15:39.280: debug: Signing completed after 1s. +2008-07-24 00:15:39.281: debug: +2008-07-24 00:15:39.281: debug: parsing zone "example.net." in dir "./example.net." +2008-07-24 00:15:39.281: debug: Check RFC5011 status +2008-07-24 00:15:39.281: debug: ->ksk5011status returns 2 +2008-07-24 00:15:39.281: debug: Check ZSK status +2008-07-24 00:15:39.281: debug: Re-signing necessary: Option -f +2008-07-24 00:15:39.281: notice: "example.net.": re-signing triggered: Option -f +2008-07-24 00:15:39.281: debug: Writing key file "./example.net./dnskey.db" +2008-07-24 00:15:39.282: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-24 00:15:39.282: debug: Signing zone "example.net." +2008-07-24 00:15:39.282: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-24 00:15:39.402: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 00:15:39.402: debug: Signing completed after 0s. +2008-07-24 00:15:39.403: debug: +2008-07-24 00:15:39.403: notice: end of run: 0 errors occured +2008-07-24 00:18:59.568: notice: ------------------------------------------------------------ +2008-07-24 00:18:59.568: notice: running ../../dnssec-signer -r -f -v -v +2008-07-24 00:18:59.570: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-24 00:18:59.573: debug: Check RFC5011 status +2008-07-24 00:18:59.573: debug: ->ksk5011status returns 0 +2008-07-24 00:18:59.573: debug: Check KSK status +2008-07-24 00:18:59.573: debug: Check ZSK status +2008-07-24 00:18:59.573: debug: Re-signing necessary: Option -f +2008-07-24 00:18:59.573: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-24 00:18:59.573: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-24 00:18:59.573: debug: Signing zone "sub.example.net." +2008-07-24 00:18:59.573: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-24 00:19:00.167: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 00:19:00.167: debug: Signing completed after 1s. +2008-07-24 00:19:00.168: error: exec of distribution command ./dist.sh forbidden due to strange file mode settings +2008-07-24 00:19:00.168: debug: +2008-07-24 00:19:00.168: debug: parsing zone "example.net." in dir "./example.net." +2008-07-24 00:19:00.168: debug: Check RFC5011 status +2008-07-24 00:19:00.168: debug: ->ksk5011status returns 2 +2008-07-24 00:19:00.168: debug: Check ZSK status +2008-07-24 00:19:00.168: debug: Re-signing necessary: Option -f +2008-07-24 00:19:00.168: notice: "example.net.": re-signing triggered: Option -f +2008-07-24 00:19:00.168: debug: Writing key file "./example.net./dnskey.db" +2008-07-24 00:19:00.169: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-24 00:19:00.169: debug: Signing zone "example.net." +2008-07-24 00:19:00.169: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-24 00:19:00.280: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 00:19:00.280: debug: Signing completed after 0s. +2008-07-24 00:19:00.280: error: exec of distribution command ./dist.sh forbidden due to strange file mode settings +2008-07-24 00:19:00.280: debug: +2008-07-24 00:19:00.280: notice: end of run: 2 errors occured +2008-07-24 00:22:24.567: notice: ------------------------------------------------------------ +2008-07-24 00:22:24.567: notice: running ../../dnssec-signer -r -f -v -v +2008-07-24 00:22:24.569: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-24 00:22:24.569: debug: Check RFC5011 status +2008-07-24 00:22:24.569: debug: ->ksk5011status returns 0 +2008-07-24 00:22:24.569: debug: Check KSK status +2008-07-24 00:22:24.570: debug: Check ZSK status +2008-07-24 00:22:24.570: debug: Re-signing necessary: Option -f +2008-07-24 00:22:24.570: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-24 00:22:24.570: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-24 00:22:24.570: debug: Signing zone "sub.example.net." +2008-07-24 00:22:24.571: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-24 00:22:25.147: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 00:22:25.148: debug: Signing completed after 1s. +2008-07-24 00:22:25.148: error: exec of distribution command ./dist.sh forbidden due to strange file mode settings +2008-07-24 00:22:25.148: debug: not running distribution command ./dist.sh because of strange file mode settings +2008-07-24 00:22:25.148: debug: +2008-07-24 00:22:25.148: debug: parsing zone "example.net." in dir "./example.net." +2008-07-24 00:22:25.148: debug: Check RFC5011 status +2008-07-24 00:22:25.148: debug: ->ksk5011status returns 2 +2008-07-24 00:22:25.148: debug: Check ZSK status +2008-07-24 00:22:25.149: debug: Re-signing necessary: Option -f +2008-07-24 00:22:25.149: notice: "example.net.": re-signing triggered: Option -f +2008-07-24 00:22:25.149: debug: Writing key file "./example.net./dnskey.db" +2008-07-24 00:22:25.150: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-24 00:22:25.150: debug: Signing zone "example.net." +2008-07-24 00:22:25.150: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-24 00:22:25.271: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 00:22:25.271: debug: Signing completed after 0s. +2008-07-24 00:22:25.271: error: exec of distribution command ./dist.sh forbidden due to strange file mode settings +2008-07-24 00:22:25.271: debug: not running distribution command ./dist.sh because of strange file mode settings +2008-07-24 00:22:25.271: debug: +2008-07-24 00:22:25.271: notice: end of run: 2 errors occured +2008-07-24 00:23:08.907: notice: ------------------------------------------------------------ +2008-07-24 00:23:08.907: notice: running ../../dnssec-signer -r -f -v -v +2008-07-24 00:23:08.909: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-24 00:23:08.909: debug: Check RFC5011 status +2008-07-24 00:23:08.909: debug: ->ksk5011status returns 0 +2008-07-24 00:23:08.909: debug: Check KSK status +2008-07-24 00:23:08.909: debug: Check ZSK status +2008-07-24 00:23:08.909: debug: Re-signing necessary: Option -f +2008-07-24 00:23:08.909: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-24 00:23:08.909: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-24 00:23:08.910: debug: Signing zone "sub.example.net." +2008-07-24 00:23:08.910: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-24 00:23:09.510: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 00:23:09.510: debug: Signing completed after 1s. +2008-07-24 00:23:09.511: notice: "sub.example.net.": distribution triggered +2008-07-24 00:23:09.511: debug: Distribute zone "sub.example.net." +2008-07-24 00:23:09.511: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-24 00:23:09.517: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./" +2008-07-24 00:23:09.517: debug: +2008-07-24 00:23:09.517: debug: parsing zone "example.net." in dir "./example.net." +2008-07-24 00:23:09.517: debug: Check RFC5011 status +2008-07-24 00:23:09.517: debug: ->ksk5011status returns 2 +2008-07-24 00:23:09.517: debug: Check ZSK status +2008-07-24 00:23:09.517: debug: Re-signing necessary: Option -f +2008-07-24 00:23:09.517: notice: "example.net.": re-signing triggered: Option -f +2008-07-24 00:23:09.517: debug: Writing key file "./example.net./dnskey.db" +2008-07-24 00:23:09.518: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-24 00:23:09.518: debug: Signing zone "example.net." +2008-07-24 00:23:09.518: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-24 00:23:09.633: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 00:23:09.633: debug: Signing completed after 0s. +2008-07-24 00:23:09.634: notice: "example.net.": distribution triggered +2008-07-24 00:23:09.634: debug: Distribute zone "example.net." +2008-07-24 00:23:09.634: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" +2008-07-24 00:23:09.640: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./" +2008-07-24 00:23:09.640: debug: +2008-07-24 00:23:09.640: notice: end of run: 0 errors occured +2008-07-24 00:33:30.818: notice: ------------------------------------------------------------ +2008-07-24 00:33:30.818: notice: running ../../dnssec-signer -r -f -v -v +2008-07-24 00:33:30.820: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-24 00:33:30.820: debug: Check RFC5011 status +2008-07-24 00:33:30.821: debug: ->ksk5011status returns 0 +2008-07-24 00:33:30.821: debug: Check KSK status +2008-07-24 00:33:30.821: debug: Check ZSK status +2008-07-24 00:33:30.821: debug: Re-signing necessary: Option -f +2008-07-24 00:33:30.821: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-24 00:33:30.821: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-24 00:33:30.822: debug: Signing zone "sub.example.net." +2008-07-24 00:33:30.822: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-24 00:33:31.320: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 00:33:31.320: debug: Signing completed after 1s. +2008-07-24 00:33:31.320: error: exec of distribution command ./dist.sh forbidden due to running as root +2008-07-24 00:33:31.320: debug: Not running distribution command ./dist.sh as root +2008-07-24 00:33:31.320: debug: +2008-07-24 00:33:31.320: debug: parsing zone "example.net." in dir "./example.net." +2008-07-24 00:33:31.320: debug: Check RFC5011 status +2008-07-24 00:33:31.320: debug: ->ksk5011status returns 2 +2008-07-24 00:33:31.320: debug: Check ZSK status +2008-07-24 00:33:31.320: debug: Re-signing necessary: Option -f +2008-07-24 00:33:31.320: notice: "example.net.": re-signing triggered: Option -f +2008-07-24 00:33:31.320: debug: Writing key file "./example.net./dnskey.db" +2008-07-24 00:33:31.321: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-24 00:33:31.321: debug: Signing zone "example.net." +2008-07-24 00:33:31.321: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-24 00:33:31.443: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 00:33:31.443: debug: Signing completed after 0s. +2008-07-24 00:33:31.443: error: exec of distribution command ./dist.sh forbidden due to running as root +2008-07-24 00:33:31.443: debug: Not running distribution command ./dist.sh as root +2008-07-24 00:33:31.443: debug: +2008-07-24 00:33:31.443: notice: end of run: 2 errors occured +2008-07-24 23:21:55.189: notice: ------------------------------------------------------------ +2008-07-24 23:21:55.189: notice: running ../../dnssec-signer -r -v -v +2008-07-24 23:21:55.196: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-24 23:21:55.196: debug: Check RFC5011 status +2008-07-24 23:21:55.196: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2008-07-24 23:21:55.196: debug: Check KSK status +2008-07-24 23:21:55.196: debug: Check ZSK status +2008-07-24 23:21:55.196: debug: Re-signing not necessary! +2008-07-24 23:21:55.196: debug: Check if there is a parent file to copy +2008-07-24 23:21:55.196: debug: +2008-07-24 23:21:55.196: debug: parsing zone "example.net." in dir "./example.net." +2008-07-24 23:21:55.196: debug: Check RFC5011 status +2008-07-24 23:21:55.196: debug: Check ZSK status +2008-07-24 23:21:55.196: debug: Lifetime(29100 sec) of depreciated key 16682 exceeded (83278 sec) +2008-07-24 23:21:55.196: info: "example.net.": old ZSK 16682 removed +2008-07-24 23:21:55.196: debug: ->remove it +2008-07-24 23:21:55.196: debug: Re-signing necessary: New zone key +2008-07-24 23:21:55.197: notice: "example.net.": re-signing triggered: New zone key +2008-07-24 23:21:55.197: debug: Writing key file "./example.net./dnskey.db" +2008-07-24 23:21:55.197: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-24 23:21:55.197: debug: Signing zone "example.net." +2008-07-24 23:21:55.197: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-24 23:21:55.873: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 23:21:55.873: debug: Signing completed after 0s. +2008-07-24 23:21:55.873: debug: Distribution command ./dist.sh not run as root +2008-07-24 23:21:55.873: error: exec of distribution command ./dist.sh suppressed because of security reasons +2008-07-24 23:21:55.873: debug: +2008-07-24 23:21:55.874: notice: end of run: 1 error occured +2008-07-24 23:23:06.278: notice: ------------------------------------------------------------ +2008-07-24 23:23:06.278: notice: running ../../dnssec-signer -r -v -v +2008-07-24 23:23:06.279: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-24 23:23:06.280: debug: Check RFC5011 status +2008-07-24 23:23:06.280: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2008-07-24 23:23:06.280: debug: Check KSK status +2008-07-24 23:23:06.280: debug: Check ZSK status +2008-07-24 23:23:06.280: debug: Re-signing not necessary! +2008-07-24 23:23:06.280: debug: Check if there is a parent file to copy +2008-07-24 23:23:06.280: debug: +2008-07-24 23:23:06.280: debug: parsing zone "example.net." in dir "./example.net." +2008-07-24 23:23:06.280: debug: Check RFC5011 status +2008-07-24 23:23:06.280: debug: Check ZSK status +2008-07-24 23:23:06.280: debug: Re-signing not necessary! +2008-07-24 23:23:06.280: debug: Check if there is a parent file to copy +2008-07-24 23:23:06.280: debug: +2008-07-24 23:23:06.280: notice: end of run: 0 errors occured +2008-07-24 23:25:21.930: notice: ------------------------------------------------------------ +2008-07-24 23:25:21.930: notice: running ../../dnssec-signer -r -v -v +2008-07-24 23:25:21.932: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-24 23:25:21.932: debug: Check RFC5011 status +2008-07-24 23:25:21.932: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2008-07-24 23:25:21.932: debug: Check KSK status +2008-07-24 23:25:21.932: debug: Check ZSK status +2008-07-24 23:25:21.932: debug: Re-signing not necessary! +2008-07-24 23:25:21.932: debug: Check if there is a parent file to copy +2008-07-24 23:25:21.932: debug: +2008-07-24 23:25:21.932: debug: parsing zone "example.net." in dir "./example.net." +2008-07-24 23:25:21.932: debug: Check RFC5011 status +2008-07-24 23:25:21.932: debug: Check ZSK status +2008-07-24 23:25:21.932: debug: Re-signing not necessary! +2008-07-24 23:25:21.932: debug: Check if there is a parent file to copy +2008-07-24 23:25:21.932: debug: +2008-07-24 23:25:21.932: notice: end of run: 0 errors occured +2008-07-24 23:25:39.009: notice: ------------------------------------------------------------ +2008-07-24 23:25:39.009: notice: running ../../dnssec-signer -f -r -v -v +2008-07-24 23:25:39.011: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-24 23:25:39.011: debug: Check RFC5011 status +2008-07-24 23:25:39.011: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2008-07-24 23:25:39.011: debug: Check KSK status +2008-07-24 23:25:39.011: debug: Check ZSK status +2008-07-24 23:25:39.011: debug: Re-signing necessary: Option -f +2008-07-24 23:25:39.011: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-24 23:25:39.011: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-24 23:25:39.011: debug: Signing zone "sub.example.net." +2008-07-24 23:25:39.012: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-24 23:25:39.591: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 23:25:39.591: debug: Signing completed after 0s. +2008-07-24 23:25:39.591: debug: Distribution command ./dist.sh not run as root +2008-07-24 23:25:39.591: error: exec of distribution command ./dist.sh suppressed because of security reasons +2008-07-24 23:25:39.592: debug: +2008-07-24 23:25:39.592: debug: parsing zone "example.net." in dir "./example.net." +2008-07-24 23:25:39.592: debug: Check RFC5011 status +2008-07-24 23:25:39.592: debug: Check ZSK status +2008-07-24 23:25:39.592: debug: Re-signing necessary: Option -f +2008-07-24 23:25:39.592: notice: "example.net.": re-signing triggered: Option -f +2008-07-24 23:25:39.592: debug: Writing key file "./example.net./dnskey.db" +2008-07-24 23:25:39.592: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-24 23:25:39.592: debug: Signing zone "example.net." +2008-07-24 23:25:39.592: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-24 23:25:39.703: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 23:25:39.703: debug: Signing completed after 0s. +2008-07-24 23:25:39.703: debug: Distribution command ./dist.sh not run as root +2008-07-24 23:25:39.703: error: exec of distribution command ./dist.sh suppressed because of security reasons +2008-07-24 23:25:39.703: debug: +2008-07-24 23:25:39.703: notice: end of run: 2 errors occured +2008-07-24 23:28:16.436: notice: ------------------------------------------------------------ +2008-07-24 23:28:16.436: notice: running ../../dnssec-signer -r -f -v -v +2008-07-24 23:28:16.438: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-24 23:28:16.438: debug: Check RFC5011 status +2008-07-24 23:28:16.438: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2008-07-24 23:28:16.438: debug: Check KSK status +2008-07-24 23:28:16.438: debug: Check ZSK status +2008-07-24 23:28:16.438: debug: Re-signing necessary: Option -f +2008-07-24 23:28:16.438: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-24 23:28:16.438: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-24 23:28:16.438: debug: Signing zone "sub.example.net." +2008-07-24 23:28:16.439: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-24 23:28:17.008: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 23:28:17.008: debug: Signing completed after 1s. +2008-07-24 23:28:17.009: notice: "sub.example.net.": distribution triggered +2008-07-24 23:28:17.009: debug: Distribute zone "sub.example.net." +2008-07-24 23:28:17.009: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-24 23:28:17.015: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./" +2008-07-24 23:28:17.015: debug: +2008-07-24 23:28:17.015: debug: parsing zone "example.net." in dir "./example.net." +2008-07-24 23:28:17.015: debug: Check RFC5011 status +2008-07-24 23:28:17.015: debug: Check ZSK status +2008-07-24 23:28:17.015: debug: Re-signing necessary: Option -f +2008-07-24 23:28:17.015: notice: "example.net.": re-signing triggered: Option -f +2008-07-24 23:28:17.015: debug: Writing key file "./example.net./dnskey.db" +2008-07-24 23:28:17.016: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-24 23:28:17.016: debug: Signing zone "example.net." +2008-07-24 23:28:17.016: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-24 23:28:17.132: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 23:28:17.132: debug: Signing completed after 0s. +2008-07-24 23:28:17.132: notice: "example.net.": distribution triggered +2008-07-24 23:28:17.132: debug: Distribute zone "example.net." +2008-07-24 23:28:17.132: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" +2008-07-24 23:28:17.138: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./" +2008-07-24 23:28:17.138: debug: +2008-07-24 23:28:17.138: notice: end of run: 0 errors occured +2008-07-24 23:31:17.354: notice: ------------------------------------------------------------ +2008-07-24 23:31:17.354: notice: running ../../dnssec-signer -r -f -v -v +2008-07-24 23:31:17.364: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-24 23:31:17.364: debug: Check RFC5011 status +2008-07-24 23:31:17.364: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2008-07-24 23:31:17.364: debug: Check KSK status +2008-07-24 23:31:17.364: debug: Check ZSK status +2008-07-24 23:31:17.364: debug: Re-signing necessary: Option -f +2008-07-24 23:31:17.364: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-24 23:31:17.364: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-24 23:31:17.364: debug: Signing zone "sub.example.net." +2008-07-24 23:31:17.364: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-24 23:31:18.032: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 23:31:18.032: debug: Signing completed after 1s. +2008-07-24 23:31:18.032: notice: "sub.example.net.": distribution triggered +2008-07-24 23:31:18.032: debug: Distribute zone "sub.example.net." +2008-07-24 23:31:18.032: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-24 23:31:18.039: debug: ./dist.sh reload return: "rndc reload " +2008-07-24 23:31:18.039: debug: +2008-07-24 23:31:18.039: debug: parsing zone "example.net." in dir "./example.net." +2008-07-24 23:31:18.039: debug: Check RFC5011 status +2008-07-24 23:31:18.039: debug: Check ZSK status +2008-07-24 23:31:18.039: debug: Re-signing necessary: Option -f +2008-07-24 23:31:18.039: notice: "example.net.": re-signing triggered: Option -f +2008-07-24 23:31:18.039: debug: Writing key file "./example.net./dnskey.db" +2008-07-24 23:31:18.040: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-24 23:31:18.040: debug: Signing zone "example.net." +2008-07-24 23:31:18.040: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-24 23:31:18.155: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 23:31:18.155: debug: Signing completed after 0s. +2008-07-24 23:31:18.155: notice: "example.net.": distribution triggered +2008-07-24 23:31:18.155: debug: Distribute zone "example.net." +2008-07-24 23:31:18.155: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" +2008-07-24 23:31:18.161: debug: ./dist.sh reload return: "rndc reload " +2008-07-24 23:31:18.161: debug: +2008-07-24 23:31:18.162: notice: end of run: 0 errors occured +2008-07-24 23:31:28.467: notice: ------------------------------------------------------------ +2008-07-24 23:31:28.467: notice: running ../../dnssec-signer -r -f -v -v +2008-07-24 23:31:28.470: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-24 23:31:28.470: debug: Check RFC5011 status +2008-07-24 23:31:28.470: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2008-07-24 23:31:28.470: debug: Check KSK status +2008-07-24 23:31:28.470: debug: Check ZSK status +2008-07-24 23:31:28.470: debug: Re-signing necessary: Option -f +2008-07-24 23:31:28.470: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-24 23:31:28.470: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-24 23:31:28.471: debug: Signing zone "sub.example.net." +2008-07-24 23:31:28.471: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-24 23:31:29.058: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 23:31:29.059: debug: Signing completed after 1s. +2008-07-24 23:31:29.059: notice: "sub.example.net.": distribution triggered +2008-07-24 23:31:29.059: debug: Distribute zone "sub.example.net." +2008-07-24 23:31:29.059: debug: Run cmd "./dist.sh distribute sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-24 23:31:29.066: debug: ./dist.sh distribute return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./" +2008-07-24 23:31:29.066: notice: scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./: distribution triggered +2008-07-24 23:31:29.066: debug: Distribute zone scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./ +2008-07-24 23:31:29.066: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-24 23:31:29.072: debug: ./dist.sh reload return: "rndc reload " +2008-07-24 23:31:29.072: debug: +2008-07-24 23:31:29.073: debug: parsing zone "example.net." in dir "./example.net." +2008-07-24 23:31:29.073: debug: Check RFC5011 status +2008-07-24 23:31:29.073: debug: Check ZSK status +2008-07-24 23:31:29.073: debug: Re-signing necessary: Option -f +2008-07-24 23:31:29.073: notice: "example.net.": re-signing triggered: Option -f +2008-07-24 23:31:29.073: debug: Writing key file "./example.net./dnskey.db" +2008-07-24 23:31:29.074: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-24 23:31:29.074: debug: Signing zone "example.net." +2008-07-24 23:31:29.075: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-24 23:31:29.204: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 23:31:29.204: debug: Signing completed after 0s. +2008-07-24 23:31:29.204: notice: "example.net.": distribution triggered +2008-07-24 23:31:29.204: debug: Distribute zone "example.net." +2008-07-24 23:31:29.205: debug: Run cmd "./dist.sh distribute example.net. ./example.net./zone.db.signed" +2008-07-24 23:31:29.211: debug: ./dist.sh distribute return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./" +2008-07-24 23:31:29.211: notice: scp ./example.net./zone.db.signed localhost:/var/named/example.net./: distribution triggered +2008-07-24 23:31:29.211: debug: Distribute zone scp ./example.net./zone.db.signed localhost:/var/named/example.net./ +2008-07-24 23:31:29.211: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" +2008-07-24 23:31:29.217: debug: ./dist.sh reload return: "rndc reload " +2008-07-24 23:31:29.217: debug: +2008-07-24 23:31:29.217: notice: end of run: 0 errors occured +2008-07-24 23:35:48.844: notice: ------------------------------------------------------------ +2008-07-24 23:35:48.844: notice: running ../../dnssec-signer -r -f -v -v +2008-07-24 23:35:48.846: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-24 23:35:48.846: debug: Check RFC5011 status +2008-07-24 23:35:48.846: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2008-07-24 23:35:48.846: debug: Check KSK status +2008-07-24 23:35:48.846: debug: Check ZSK status +2008-07-24 23:35:48.846: debug: Re-signing necessary: Option -f +2008-07-24 23:35:48.846: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-24 23:35:48.846: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-24 23:35:48.846: debug: Signing zone "sub.example.net." +2008-07-24 23:35:48.846: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-24 23:35:49.455: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 23:35:49.455: debug: Signing completed after 1s. +2008-07-24 23:35:49.455: notice: "sub.example.net.": distribution triggered +2008-07-24 23:35:49.455: debug: Distribute zone "sub.example.net." +2008-07-24 23:35:49.455: debug: Run cmd "./dist.sh distribute sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-24 23:35:49.462: notice: "sub.example.net.": distribution triggered +2008-07-24 23:35:49.462: debug: Distribute zone "sub.example.net." +2008-07-24 23:35:49.462: debug: ./dist.sh distribute return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./" +2008-07-24 23:35:49.462: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-24 23:35:49.468: notice: "sub.example.net.": reload triggered +2008-07-24 23:35:49.468: debug: Reload zone "sub.example.net." +2008-07-24 23:35:49.468: debug: ./dist.sh reload return: "rndc reload " +2008-07-24 23:35:49.468: debug: +2008-07-24 23:35:49.468: debug: parsing zone "example.net." in dir "./example.net." +2008-07-24 23:35:49.468: debug: Check RFC5011 status +2008-07-24 23:35:49.469: debug: Check ZSK status +2008-07-24 23:35:49.469: debug: Re-signing necessary: Option -f +2008-07-24 23:35:49.469: notice: "example.net.": re-signing triggered: Option -f +2008-07-24 23:35:49.469: debug: Writing key file "./example.net./dnskey.db" +2008-07-24 23:35:49.470: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-24 23:35:49.470: debug: Signing zone "example.net." +2008-07-24 23:35:49.470: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-24 23:35:49.600: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 23:35:49.600: debug: Signing completed after 0s. +2008-07-24 23:35:49.600: notice: "example.net.": distribution triggered +2008-07-24 23:35:49.600: debug: Distribute zone "example.net." +2008-07-24 23:35:49.600: debug: Run cmd "./dist.sh distribute example.net. ./example.net./zone.db.signed" +2008-07-24 23:35:49.606: notice: "example.net.": distribution triggered +2008-07-24 23:35:49.606: debug: Distribute zone "example.net." +2008-07-24 23:35:49.606: debug: ./dist.sh distribute return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./" +2008-07-24 23:35:49.606: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" +2008-07-24 23:35:49.613: notice: "example.net.": reload triggered +2008-07-24 23:35:49.613: debug: Reload zone "example.net." +2008-07-24 23:35:49.613: debug: ./dist.sh reload return: "rndc reload " +2008-07-24 23:35:49.613: debug: +2008-07-24 23:35:49.613: notice: end of run: 0 errors occured +2008-07-24 23:37:41.081: notice: ------------------------------------------------------------ +2008-07-24 23:37:41.081: notice: running ../../dnssec-signer -r -f -v -v +2008-07-24 23:37:41.083: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-24 23:37:41.083: debug: Check RFC5011 status +2008-07-24 23:37:41.083: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2008-07-24 23:37:41.083: debug: Check KSK status +2008-07-24 23:37:41.083: debug: Check ZSK status +2008-07-24 23:37:41.083: debug: Re-signing necessary: Option -f +2008-07-24 23:37:41.083: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-24 23:37:41.083: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-24 23:37:41.084: debug: Signing zone "sub.example.net." +2008-07-24 23:37:41.084: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-24 23:37:41.688: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 23:37:41.688: debug: Signing completed after 0s. +2008-07-24 23:37:41.689: notice: "sub.example.net.": distribution triggered +2008-07-24 23:37:41.689: debug: Distribute zone "sub.example.net." +2008-07-24 23:37:41.689: debug: Run cmd "./dist.sh distribute sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-24 23:37:41.695: debug: ./dist.sh distribute return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./" +2008-07-24 23:37:41.695: notice: "sub.example.net.": reload triggered +2008-07-24 23:37:41.695: debug: Reload zone "sub.example.net." +2008-07-24 23:37:41.695: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-24 23:37:41.701: debug: ./dist.sh reload return: "rndc reload " +2008-07-24 23:37:41.701: debug: +2008-07-24 23:37:41.701: debug: parsing zone "example.net." in dir "./example.net." +2008-07-24 23:37:41.701: debug: Check RFC5011 status +2008-07-24 23:37:41.701: debug: Check ZSK status +2008-07-24 23:37:41.701: debug: Re-signing necessary: Option -f +2008-07-24 23:37:41.701: notice: "example.net.": re-signing triggered: Option -f +2008-07-24 23:37:41.701: debug: Writing key file "./example.net./dnskey.db" +2008-07-24 23:37:41.702: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-24 23:37:41.702: debug: Signing zone "example.net." +2008-07-24 23:37:41.702: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-24 23:37:41.823: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 23:37:41.824: debug: Signing completed after 0s. +2008-07-24 23:37:41.824: notice: "example.net.": distribution triggered +2008-07-24 23:37:41.824: debug: Distribute zone "example.net." +2008-07-24 23:37:41.824: debug: Run cmd "./dist.sh distribute example.net. ./example.net./zone.db.signed" +2008-07-24 23:37:41.830: debug: ./dist.sh distribute return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./" +2008-07-24 23:37:41.831: notice: "example.net.": reload triggered +2008-07-24 23:37:41.831: debug: Reload zone "example.net." +2008-07-24 23:37:41.831: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" +2008-07-24 23:37:41.837: debug: ./dist.sh reload return: "rndc reload " +2008-07-24 23:37:41.837: debug: +2008-07-24 23:37:41.837: notice: end of run: 0 errors occured +2008-07-24 23:37:51.742: notice: ------------------------------------------------------------ +2008-07-24 23:37:51.742: notice: running ../../dnssec-signer -r -f -v +2008-07-24 23:37:51.744: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-24 23:37:51.744: debug: Check RFC5011 status +2008-07-24 23:37:51.744: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2008-07-24 23:37:51.744: debug: Check KSK status +2008-07-24 23:37:51.744: debug: Check ZSK status +2008-07-24 23:37:51.744: debug: Re-signing necessary: Option -f +2008-07-24 23:37:51.744: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-24 23:37:51.744: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-24 23:37:51.745: debug: Signing zone "sub.example.net." +2008-07-24 23:37:51.745: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-24 23:37:52.263: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 23:37:52.264: debug: Signing completed after 1s. +2008-07-24 23:37:52.264: notice: "sub.example.net.": distribution triggered +2008-07-24 23:37:52.264: debug: Distribute zone "sub.example.net." +2008-07-24 23:37:52.264: debug: Run cmd "./dist.sh distribute sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-24 23:37:52.270: debug: ./dist.sh distribute return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./" +2008-07-24 23:37:52.271: notice: "sub.example.net.": reload triggered +2008-07-24 23:37:52.271: debug: Reload zone "sub.example.net." +2008-07-24 23:37:52.271: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-24 23:37:52.276: debug: ./dist.sh reload return: "rndc reload " +2008-07-24 23:37:52.277: debug: +2008-07-24 23:37:52.277: debug: parsing zone "example.net." in dir "./example.net." +2008-07-24 23:37:52.277: debug: Check RFC5011 status +2008-07-24 23:37:52.277: debug: Check ZSK status +2008-07-24 23:37:52.277: debug: Re-signing necessary: Option -f +2008-07-24 23:37:52.277: notice: "example.net.": re-signing triggered: Option -f +2008-07-24 23:37:52.277: debug: Writing key file "./example.net./dnskey.db" +2008-07-24 23:37:52.277: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-24 23:37:52.277: debug: Signing zone "example.net." +2008-07-24 23:37:52.277: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-24 23:37:52.397: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 23:37:52.398: debug: Signing completed after 0s. +2008-07-24 23:37:52.398: notice: "example.net.": distribution triggered +2008-07-24 23:37:52.398: debug: Distribute zone "example.net." +2008-07-24 23:37:52.398: debug: Run cmd "./dist.sh distribute example.net. ./example.net./zone.db.signed" +2008-07-24 23:37:52.404: debug: ./dist.sh distribute return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./" +2008-07-24 23:37:52.404: notice: "example.net.": reload triggered +2008-07-24 23:37:52.404: debug: Reload zone "example.net." +2008-07-24 23:37:52.404: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" +2008-07-24 23:37:52.410: debug: ./dist.sh reload return: "rndc reload " +2008-07-24 23:37:52.410: debug: +2008-07-24 23:37:52.410: notice: end of run: 0 errors occured +2008-07-24 23:44:51.717: notice: ------------------------------------------------------------ +2008-07-24 23:44:51.717: notice: running ../../dnssec-signer -n -r -f -v +2008-07-24 23:44:51.719: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-24 23:44:51.719: debug: Check RFC5011 status +2008-07-24 23:44:51.719: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2008-07-24 23:44:51.719: debug: Check KSK status +2008-07-24 23:44:51.720: debug: Check ZSK status +2008-07-24 23:44:51.720: debug: Re-signing necessary: Option -f +2008-07-24 23:44:51.720: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-24 23:44:51.720: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-24 23:44:51.720: debug: Signing zone "sub.example.net." +2008-07-24 23:44:51.720: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-24 23:44:51.720: debug: Cmd dnssec-signzone return: "" +2008-07-24 23:44:51.720: debug: Signing completed after 0s. +2008-07-24 23:44:51.721: notice: "sub.example.net.": distribution triggered +2008-07-24 23:44:51.721: debug: Distribute zone "sub.example.net." +2008-07-24 23:44:51.721: debug: Run cmd "./dist.sh distribute sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-24 23:44:51.721: debug: ./dist.sh distribute return: "" +2008-07-24 23:44:51.721: notice: "sub.example.net.": reload triggered +2008-07-24 23:44:51.721: debug: Reload zone "sub.example.net." +2008-07-24 23:44:51.721: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-24 23:44:51.721: debug: ./dist.sh reload return: "" +2008-07-24 23:44:51.721: debug: +2008-07-24 23:44:51.721: debug: parsing zone "example.net." in dir "./example.net." +2008-07-24 23:44:51.721: debug: Check RFC5011 status +2008-07-24 23:44:51.721: debug: Check ZSK status +2008-07-24 23:44:51.721: debug: Re-signing necessary: Option -f +2008-07-24 23:44:51.722: notice: "example.net.": re-signing triggered: Option -f +2008-07-24 23:44:51.722: debug: Writing key file "./example.net./dnskey.db" +2008-07-24 23:44:51.722: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-24 23:44:51.722: notice: "example.net.": distribution triggered +2008-07-24 23:44:51.722: debug: Distribute zone "example.net." +2008-07-24 23:44:51.722: debug: Run cmd "./dist.sh distribute example.net. ./example.net./zone.db.signed" +2008-07-24 23:44:51.722: debug: ./dist.sh distribute return: "" +2008-07-24 23:44:51.722: notice: "example.net.": reload triggered +2008-07-24 23:44:51.722: debug: Reload zone "example.net." +2008-07-24 23:44:51.722: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" +2008-07-24 23:44:51.722: debug: ./dist.sh reload return: "" +2008-07-24 23:44:51.723: debug: +2008-07-24 23:44:51.723: notice: end of run: 0 errors occured +2008-07-24 23:44:57.039: notice: ------------------------------------------------------------ +2008-07-24 23:44:57.040: notice: running ../../dnssec-signer -n -r -f -v -v +2008-07-24 23:44:57.042: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-24 23:44:57.042: debug: Check RFC5011 status +2008-07-24 23:44:57.042: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2008-07-24 23:44:57.042: debug: Check KSK status +2008-07-24 23:44:57.042: debug: Check ZSK status +2008-07-24 23:44:57.042: debug: Re-signing necessary: Option -f +2008-07-24 23:44:57.042: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-24 23:44:57.042: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-24 23:44:57.042: debug: Signing zone "sub.example.net." +2008-07-24 23:44:57.042: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-24 23:44:57.042: debug: Cmd dnssec-signzone return: "" +2008-07-24 23:44:57.042: debug: Signing completed after 0s. +2008-07-24 23:44:57.042: notice: "sub.example.net.": distribution triggered +2008-07-24 23:44:57.042: debug: Distribute zone "sub.example.net." +2008-07-24 23:44:57.042: debug: Run cmd "./dist.sh distribute sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-24 23:44:57.042: debug: ./dist.sh distribute return: "" +2008-07-24 23:44:57.043: notice: "sub.example.net.": reload triggered +2008-07-24 23:44:57.043: debug: Reload zone "sub.example.net." +2008-07-24 23:44:57.043: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-24 23:44:57.043: debug: ./dist.sh reload return: "" +2008-07-24 23:44:57.043: debug: +2008-07-24 23:44:57.043: debug: parsing zone "example.net." in dir "./example.net." +2008-07-24 23:44:57.043: debug: Check RFC5011 status +2008-07-24 23:44:57.043: debug: Check ZSK status +2008-07-24 23:44:57.043: debug: Re-signing necessary: Option -f +2008-07-24 23:44:57.043: notice: "example.net.": re-signing triggered: Option -f +2008-07-24 23:44:57.043: debug: Writing key file "./example.net./dnskey.db" +2008-07-24 23:44:57.043: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-24 23:44:57.043: notice: "example.net.": distribution triggered +2008-07-24 23:44:57.043: debug: Distribute zone "example.net." +2008-07-24 23:44:57.043: debug: Run cmd "./dist.sh distribute example.net. ./example.net./zone.db.signed" +2008-07-24 23:44:57.043: debug: ./dist.sh distribute return: "" +2008-07-24 23:44:57.043: notice: "example.net.": reload triggered +2008-07-24 23:44:57.043: debug: Reload zone "example.net." +2008-07-24 23:44:57.043: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" +2008-07-24 23:44:57.043: debug: ./dist.sh reload return: "" +2008-07-24 23:44:57.043: debug: +2008-07-24 23:44:57.043: notice: end of run: 0 errors occured +2008-07-25 23:31:07.235: notice: ------------------------------------------------------------ +2008-07-25 23:31:07.236: notice: running ../../dnssec-signer -v -v +2008-07-25 23:31:07.238: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-25 23:31:07.238: debug: Check RFC5011 status +2008-07-25 23:31:07.238: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2008-07-25 23:31:07.238: debug: Check KSK status +2008-07-25 23:31:07.238: debug: Check ZSK status +2008-07-25 23:31:07.238: debug: Lifetime(259200 +/-150 sec) of active key 31081 exceeded (343229 sec) +2008-07-25 23:31:07.239: debug: ->depreciate it +2008-07-25 23:31:07.239: debug: ->activate published key 3615 +2008-07-25 23:31:07.239: notice: "sub.example.net.": lifetime of zone signing key 31081 exceeded: ZSK rollover done +2008-07-25 23:31:07.239: debug: New published key needed +2008-07-25 23:31:07.397: debug: ->creating new published key 4254 +2008-07-25 23:31:07.397: info: "sub.example.net.": new key 4254 generated for publishing +2008-07-25 23:31:07.397: debug: Re-signing necessary: New zone key +2008-07-25 23:31:07.397: notice: "sub.example.net.": re-signing triggered: New zone key +2008-07-25 23:31:07.398: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-25 23:31:07.398: debug: Signing zone "sub.example.net." +2008-07-25 23:31:07.398: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-25 23:31:07.639: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-25 23:31:07.639: debug: Signing completed after 0s. +2008-07-25 23:31:07.639: debug: +2008-07-25 23:31:07.639: debug: parsing zone "example.net." in dir "./example.net." +2008-07-25 23:31:07.639: debug: Check RFC5011 status +2008-07-25 23:31:07.639: debug: Check ZSK status +2008-07-25 23:31:07.639: debug: Re-signing necessary: Modified keys +2008-07-25 23:31:07.639: notice: "example.net.": re-signing triggered: Modified keys +2008-07-25 23:31:07.639: debug: Writing key file "./example.net./dnskey.db" +2008-07-25 23:31:07.640: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-25 23:31:07.640: debug: Signing zone "example.net." +2008-07-25 23:31:07.640: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-25 23:31:07.783: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-25 23:31:07.783: debug: Signing completed after 0s. +2008-07-25 23:31:07.783: debug: +2008-07-25 23:31:07.783: notice: end of run: 0 errors occured +2008-07-25 23:32:27.052: notice: ------------------------------------------------------------ +2008-07-25 23:32:27.052: notice: running ../../dnssec-signer -v -v +2008-07-25 23:32:27.054: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-25 23:32:27.054: debug: Check RFC5011 status +2008-07-25 23:32:27.054: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2008-07-25 23:32:27.054: debug: Check KSK status +2008-07-25 23:32:27.054: debug: Check ZSK status +2008-07-25 23:32:27.054: debug: Re-signing not necessary! +2008-07-25 23:32:27.054: debug: Check if there is a parent file to copy +2008-07-25 23:32:27.054: debug: +2008-07-25 23:32:27.054: debug: parsing zone "example.net." in dir "./example.net." +2008-07-25 23:32:27.054: debug: Check RFC5011 status +2008-07-25 23:32:27.054: debug: Check ZSK status +2008-07-25 23:32:27.054: debug: Re-signing not necessary! +2008-07-25 23:32:27.054: debug: Check if there is a parent file to copy +2008-07-25 23:32:27.057: debug: +2008-07-25 23:32:27.057: notice: end of run: 0 errors occured +2008-07-31 00:25:52.601: notice: ------------------------------------------------------------ +2008-07-31 00:25:52.601: notice: running ../../dnssec-signer -v -v +2008-07-31 00:25:52.604: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-31 00:25:52.604: debug: Check RFC5011 status +2008-07-31 00:25:52.604: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2008-07-31 00:25:52.604: debug: Check KSK status +2008-07-31 00:25:52.604: debug: Check ZSK status +2008-07-31 00:25:52.604: debug: Lifetime(390 sec) of depreciated key 31081 exceeded (435285 sec) +2008-07-31 00:25:52.604: info: "sub.example.net.": old ZSK 31081 removed +2008-07-31 00:25:52.605: debug: ->remove it +2008-07-31 00:25:52.605: debug: Lifetime(259200 +/-150 sec) of active key 3615 exceeded (435285 sec) +2008-07-31 00:25:52.605: debug: ->depreciate it +2008-07-31 00:25:52.605: debug: ->activate published key 4254 +2008-07-31 00:25:52.605: notice: "sub.example.net.": lifetime of zone signing key 3615 exceeded: ZSK rollover done +2008-07-31 00:25:52.605: debug: New key for publishing needed +2008-07-31 00:25:53.128: debug: ->creating new key 56744 +2008-07-31 00:25:53.128: info: "sub.example.net.": new key 56744 generated for publishing +2008-07-31 00:25:53.128: debug: Re-signing necessary: New zone key +2008-07-31 00:25:53.128: notice: "sub.example.net.": re-signing triggered: New zone key +2008-07-31 00:25:53.128: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-31 00:25:53.128: debug: Signing zone "sub.example.net." +2008-07-31 00:25:53.128: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-31 00:25:53.332: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-31 00:25:53.332: debug: Signing completed after 0s. +2008-07-31 00:25:53.332: debug: +2008-07-31 00:25:53.332: debug: parsing zone "example.net." in dir "./example.net." +2008-07-31 00:25:53.332: debug: Check RFC5011 status +2008-07-31 00:25:53.332: debug: Check ZSK status +2008-07-31 00:25:53.332: debug: Re-signing necessary: re-signing interval (2d) reached +2008-07-31 00:25:53.332: notice: "example.net.": re-signing triggered: re-signing interval (2d) reached +2008-07-31 00:25:53.332: debug: Writing key file "./example.net./dnskey.db" +2008-07-31 00:25:53.333: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-31 00:25:53.333: debug: Signing zone "example.net." +2008-07-31 00:25:53.333: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-31 00:25:53.477: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-31 00:25:53.477: debug: Signing completed after 0s. +2008-07-31 00:25:53.477: debug: +2008-07-31 00:25:53.477: notice: end of run: 0 errors occured +2008-07-31 13:19:17.447: notice: ------------------------------------------------------------ +2008-07-31 13:19:17.447: notice: running ../../dnssec-signer -v -v +2008-07-31 13:19:17.449: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-31 13:19:17.449: debug: Check RFC5011 status +2008-07-31 13:19:17.450: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2008-07-31 13:19:17.450: debug: Check KSK status +2008-07-31 13:19:17.450: debug: Check ZSK status +2008-07-31 13:19:17.450: debug: Lifetime(390 sec) of depreciated key 3615 exceeded (46405 sec) +2008-07-31 13:19:17.450: info: "sub.example.net.": old ZSK 3615 removed +2008-07-31 13:19:17.450: debug: ->remove it +2008-07-31 13:19:17.450: debug: Re-signing necessary: New zone key +2008-07-31 13:19:17.451: notice: "sub.example.net.": re-signing triggered: New zone key +2008-07-31 13:19:17.451: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-31 13:19:17.451: debug: Signing zone "sub.example.net." +2008-07-31 13:19:17.451: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-31 13:19:17.943: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-31 13:19:17.944: debug: Signing completed after 0s. +2008-07-31 13:19:17.944: debug: +2008-07-31 13:19:17.944: debug: parsing zone "example.net." in dir "./example.net." +2008-07-31 13:19:17.944: debug: Check RFC5011 status +2008-07-31 13:19:17.944: debug: Check ZSK status +2008-07-31 13:19:17.944: debug: Re-signing not necessary! +2008-07-31 13:19:17.944: debug: Check if there is a parent file to copy +2008-07-31 13:19:17.944: debug: +2008-07-31 13:19:17.945: notice: end of run: 0 errors occured diff --git a/contrib/zkt/examples/flat/zone.conf b/contrib/zkt/examples/flat/zone.conf new file mode 100644 index 0000000..0ccc7f6 --- /dev/null +++ b/contrib/zkt/examples/flat/zone.conf @@ -0,0 +1,10 @@ + +zone "example.NET." in { + type master; + file "example.net./zone.db.signed"; +}; + +zone "sub.example.NET." in { + type master; + file "sub.example.net./zone.db.signed"; +}; |