diff options
Diffstat (limited to 'contrib/zkt/examples/views')
34 files changed, 923 insertions, 0 deletions
diff --git a/contrib/zkt/examples/views/dnssec-extern.conf b/contrib/zkt/examples/views/dnssec-extern.conf new file mode 100644 index 0000000..728dcc9 --- /dev/null +++ b/contrib/zkt/examples/views/dnssec-extern.conf @@ -0,0 +1,39 @@ +# +# @(#) dnssec.conf vT0.96 (c) Feb 2005 - May 2008 Holger Zuleger hznet.de +# + +# dnssec-zkt options +Zonedir: "extern" +Recursive: True +PrintTime: False +PrintAge: True +LeftJustify: False + +# zone specific values +ResignInterval: 1w # (604800 seconds) +Sigvalidity: 10d # (864000 seconds) +Max_TTL: 8h # (28800 seconds) +Propagation: 5m # (300 seconds) +KEY_TTL: 1h # (3600 seconds) +Serialformat: unixtime + +# signing key parameters +KSK_lifetime: 1y # (31536000 seconds) +KSK_algo: RSASHA1 # (Algorithm ID 5) +KSK_bits: 1300 +KSK_randfile: "/dev/urandom" +ZSK_lifetime: 30d # (2592000 seconds) +ZSK_algo: RSASHA1 # (Algorithm ID 5) +ZSK_bits: 512 +ZSK_randfile: "/dev/urandom" + +# dnssec-signer options +LogFile: "zkt-ext.log" +LogLevel: "debug" +SyslogFacility: "none" +SyslogLevel: "notice" +VerboseLog: 2 +Keyfile: "dnskey.db" +Zonefile: "zone.db" +DLV_Domain: "" +Sig_Pseudorand: True diff --git a/contrib/zkt/examples/views/dnssec-intern.conf b/contrib/zkt/examples/views/dnssec-intern.conf new file mode 100644 index 0000000..d49fc94 --- /dev/null +++ b/contrib/zkt/examples/views/dnssec-intern.conf @@ -0,0 +1,39 @@ +# +# @(#) dnssec.conf vT0.96 (c) Feb 2005 - May 2008 Holger Zuleger hznet.de +# + +# dnssec-zkt options +Zonedir: "intern" +Recursive: True +PrintTime: False +PrintAge: True +LeftJustify: False + +# zone specific values +ResignInterval: 5h # (18000 seconds) +Sigvalidity: 1d # (86400 seconds) +Max_TTL: 30m # (1800 seconds) +Propagation: 1m # (60 seconds) +KEY_TTL: 30m # (1800 seconds) +Serialformat: unixtime + +# signing key parameters +KSK_lifetime: 1y # (31536000 seconds) +KSK_algo: RSASHA1 # (Algorithm ID 5) +KSK_bits: 1300 +KSK_randfile: "/dev/urandom" +ZSK_lifetime: 30d # (2592000 seconds) +ZSK_algo: RSASHA1 # (Algorithm ID 5) +ZSK_bits: 512 +ZSK_randfile: "/dev/urandom" + +# dnssec-signer options +LogFile: "zkt-int.log" +LogLevel: "debug" +SyslogFacility: "none" +SyslogLevel: "notice" +VerboseLog: 2 +Keyfile: "dnskey.db" +Zonefile: "zone.db" +DLV_Domain: "" +Sig_Pseudorand: True diff --git a/contrib/zkt/examples/views/dnssec-signer-extern b/contrib/zkt/examples/views/dnssec-signer-extern new file mode 100755 index 0000000..910e82a --- /dev/null +++ b/contrib/zkt/examples/views/dnssec-signer-extern @@ -0,0 +1,7 @@ +#!/bin/sh +# +# Shell script to start the dnssec-signer +# command out of the view directory +# + +ZKT_CONFFILE=`pwd`/dnssec.conf ../../dnssec-signer -V extern "$@" diff --git a/contrib/zkt/examples/views/dnssec-signer-intern b/contrib/zkt/examples/views/dnssec-signer-intern new file mode 100755 index 0000000..915ed15 --- /dev/null +++ b/contrib/zkt/examples/views/dnssec-signer-intern @@ -0,0 +1,7 @@ +#!/bin/sh +# +# Shell script to start the dnssec-signer +# command out of the view directory +# + +ZKT_CONFFILE=`pwd`/dnssec.conf ../../dnssec-signer -V intern "$@" diff --git a/contrib/zkt/examples/views/dnssec-zkt-extern b/contrib/zkt/examples/views/dnssec-zkt-extern new file mode 100755 index 0000000..129b4e1 --- /dev/null +++ b/contrib/zkt/examples/views/dnssec-zkt-extern @@ -0,0 +1,7 @@ +#!/bin/sh +# +# Shell script to start the dnssec-zkt command +# out of the view directory +# + +ZKT_CONFFILE=`pwd`/dnssec.conf ../../dnssec-zkt --view extern "$@" diff --git a/contrib/zkt/examples/views/dnssec-zkt-intern b/contrib/zkt/examples/views/dnssec-zkt-intern new file mode 100755 index 0000000..1836840 --- /dev/null +++ b/contrib/zkt/examples/views/dnssec-zkt-intern @@ -0,0 +1,7 @@ +#!/bin/sh +# +# Shell script to start the dnssec-zkt command +# out of the view directory +# + +ZKT_CONFFILE=`pwd`/dnssec.conf ../../dnssec-zkt --view intern "$@" diff --git a/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+10367.key b/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+10367.key new file mode 100644 index 0000000..54ba934 --- /dev/null +++ b/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+10367.key @@ -0,0 +1,3 @@ +;% generationtime=20080609231143 +;% lifetime=30d +example.net. IN DNSKEY 256 3 5 BQEAAAAB3U9DMT6BkywYADO+5p0lG4VFLLzNvJUMaOc++HqN2N1sKSX4 ZTf2V5gtamPZ/1kMrg8gYImKCl6n3K37EjXYBw== diff --git a/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+10367.published b/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+10367.published new file mode 100644 index 0000000..7240075 --- /dev/null +++ b/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+10367.published @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: 3U9DMT6BkywYADO+5p0lG4VFLLzNvJUMaOc++HqN2N1sKSX4ZTf2V5gtamPZ/1kMrg8gYImKCl6n3K37EjXYBw== +PublicExponent: AQAAAAE= +PrivateExponent: Q3TKb2j5AMk4wn9q5vvgtEy7o1VAhCvv/Nw3QRpXi7xGeHb7WJHj2ia2I44vQQk9fB+Kck1M8KNRMgYt0d0xCQ== +Prime1: 7l4yn7VYrTSOaZu+lubsFvE+JB7asyYyymAEQeod2p0= +Prime2: 7a4LEAmrtZTI/PHjdk/Ij/hbpDmtOe1H0lnWTVG+GfM= +Exponent1: DTpyBBW39+d9b8LqCo7hJf5KQ3oVw9tdnUuHNstGZd0= +Exponent2: b+aBbhRPr/a9ZCNM2JTjZJrrSebtMQCy1GcE33o64HM= +Coefficient: UdvxnKd2GL6In82yHG40rU35WTZ2SUYQ+1mfz3DQqnE= diff --git a/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+23553.key b/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+23553.key new file mode 100644 index 0000000..ec11dcb --- /dev/null +++ b/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+23553.key @@ -0,0 +1 @@ +example.net. IN DNSKEY 257 3 5 BQEAAAABDEEycfY6uqWNTpQO8ygi9xms6NOFYGhCjijN109fVGJ4KDnI ZtLhoFrOKru9rZn+pyqurlyZG4vESg0BMty6xljVDlr/TegDYFTN19mQ uwvlasJhZPv9pjROPqQGnqLaw3O4OKCY9HgTTPdXK1hQ4Mg2rNU4SM2T u5ki91f5AQqiXF8KYMics0mwVvpj5C2YTDvE9SafLrce68JM6DaiC6E1 sQ== diff --git a/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+23553.private b/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+23553.private new file mode 100644 index 0000000..ea29447 --- /dev/null +++ b/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+23553.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: DEEycfY6uqWNTpQO8ygi9xms6NOFYGhCjijN109fVGJ4KDnIZtLhoFrOKru9rZn+pyqurlyZG4vESg0BMty6xljVDlr/TegDYFTN19mQuwvlasJhZPv9pjROPqQGnqLaw3O4OKCY9HgTTPdXK1hQ4Mg2rNU4SM2Tu5ki91f5AQqiXF8KYMics0mwVvpj5C2YTDvE9SafLrce68JM6DaiC6E1sQ== +PublicExponent: AQAAAAE= +PrivateExponent: A3ZXTF8afjlxddgO/sDxotc0XLBMa3sNrXhCpdFzeDV1HszZbz1lP8rrZjA1wQgSo56DjiGRKTsHjAAm4xN1lGYKBZuVF4U3uiWie2PhJStt7kckNduKOfV9Nofow5Jh8I2lXKqcOJ8Qd+EJYIsajdBoGQ72PGGfDaHphbN/mW13n59PlilMF4RRRybcMA6jTAOfvIcv5Mes3+ADh0TktHdHQQ== +Prime1: A+SKyrgtNzGVpAXPQysMQ9O/10B/+nhy6//1F5Epxihyuln+d2euh+TjVneojx4D2JUflDUSD5BQAdflDb+KiBXdQjBEmqfWwY+INwSQzv4M5Q== +Prime2: AyXovkiIs7ywIRS6FfRolMMUeh3yeYNtCVAvLB6EC2MiNCzfkDOFB7rpmUkZR8HYUWuz1hQfR781RDO81Sp3RIpSyL7SwOqkpMZyaSgK/GKE3Q== +Exponent1: D1vC405mkcUVfno92EuBXomRiOG7VeSyjwofgCpa0JKR6J2BThdCGrcVbq68ucIddn+cbkD8JsZB3k4aeDYFxm6d1En1Z2C1cVHrzCFi2zFV +Exponent2: N+iliM1Qp3spcsR06kXImb/N4FosHrZkXtcbRIMWhV8NBcyqLDIfGlNluaiztv4rf6Kn2UyVeiGC822nqZHcW5PiXJnBEWs9AC4Di1QzZh0h +Coefficient: AtZ4sYqGgyB5kfdcQBBlIkPbsRRNKrUVAsZkjabdZTQa+ox6tYnlVjh7BgPMHJlj/Z4VTRJ5rfAUPnB4ZwO/r1eAJLd+vxjJb9M7DaGMc+RqQA== diff --git a/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+35744.key b/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+35744.key new file mode 100644 index 0000000..1809a93 --- /dev/null +++ b/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+35744.key @@ -0,0 +1,4 @@ +;% generationtime=20071217224527 +;% lifetime=30 +;% expiretime=20080116224527 +example.net. IN DNSKEY 256 3 5 BQEAAAABsQvn4MXvSlbajLPMJdGnczsX/Zw5yYSeERYtaO2Wxi+kHz6w iAyKkbBYFUGtmbPJ6JFt+4f9KnNPi1txiBg76Q== diff --git a/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+35744.private b/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+35744.private new file mode 100644 index 0000000..ca789eb --- /dev/null +++ b/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+35744.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: sQvn4MXvSlbajLPMJdGnczsX/Zw5yYSeERYtaO2Wxi+kHz6wiAyKkbBYFUGtmbPJ6JFt+4f9KnNPi1txiBg76Q== +PublicExponent: AQAAAAE= +PrivateExponent: fZs/S7/pOPP1C9Jjdb7KhnbfiLfCIXdc7d8LDWmm7d9rL2kZK77WMp+o5WRQhoIDDQPAdv+phoIdFEIiXKLN8Q== +Prime1: 6NEgG3Z86nn9fNjG+3E9OqF/7oaCvrVnb1XogalZgr0= +Prime2: wq0aosO1mWXo38HuxO5JiR2mX/9LWjxxqwK6I9gnJp0= +Exponent1: ZvI2y//PImr1OqeVLoWfFHop2iorgT4+SYiz1Gw9FME= +Exponent2: TBUeoolmnFcOfWO6T1v0S6za7LEib2H1Pgt95UvDA40= +Coefficient: eHmKka0EVRfjDfEpcwRp5nZ36ZHfLxuKF5tGQ1YclBI= diff --git a/contrib/zkt/examples/views/extern/example.net./dnskey.db b/contrib/zkt/examples/views/extern/example.net./dnskey.db new file mode 100644 index 0000000..d46eff9 --- /dev/null +++ b/contrib/zkt/examples/views/extern/example.net./dnskey.db @@ -0,0 +1,30 @@ +; +; !!! Don't edit this file by hand. +; !!! It will be generated by dnssec-signer. +; +; Last generation time Jun 12 2008 17:56:05 +; + +; *** List of Key Signing Keys *** +; example.net. tag=23553 algo=RSASHA1 generated Nov 20 2007 12:49:04 +example.net. 3600 IN DNSKEY 257 3 5 ( + BQEAAAABDEEycfY6uqWNTpQO8ygi9xms6NOFYGhCjijN109fVGJ4KDnI + ZtLhoFrOKru9rZn+pyqurlyZG4vESg0BMty6xljVDlr/TegDYFTN19mQ + uwvlasJhZPv9pjROPqQGnqLaw3O4OKCY9HgTTPdXK1hQ4Mg2rNU4SM2T + u5ki91f5AQqiXF8KYMics0mwVvpj5C2YTDvE9SafLrce68JM6DaiC6E1 + sQ== + ) ; key id = 23553 + +; *** List of Zone Signing Keys *** +; example.net. tag=35744 algo=RSASHA1 generated Jun 10 2008 01:11:43 +example.net. 3600 IN DNSKEY 256 3 5 ( + BQEAAAABsQvn4MXvSlbajLPMJdGnczsX/Zw5yYSeERYtaO2Wxi+kHz6w + iAyKkbBYFUGtmbPJ6JFt+4f9KnNPi1txiBg76Q== + ) ; key id = 35744 + +; example.net. tag=10367 algo=RSASHA1 generated Jun 10 2008 01:11:43 +example.net. 3600 IN DNSKEY 256 3 5 ( + BQEAAAAB3U9DMT6BkywYADO+5p0lG4VFLLzNvJUMaOc++HqN2N1sKSX4 + ZTf2V5gtamPZ/1kMrg8gYImKCl6n3K37EjXYBw== + ) ; key id = 10367 + diff --git a/contrib/zkt/examples/views/extern/example.net./dsset-example.net. b/contrib/zkt/examples/views/extern/example.net./dsset-example.net. new file mode 100644 index 0000000..cbcd3d0 --- /dev/null +++ b/contrib/zkt/examples/views/extern/example.net./dsset-example.net. @@ -0,0 +1,2 @@ +example.net. IN DS 23553 5 1 A1A6D06CB84D619730F605AEF2A6DD4148DD9D5B +example.net. IN DS 23553 5 2 B0DCAB8A32C230495CEC1FD61CEC03849450909CA6636FD9BC53D1B3 3B4F3A2D diff --git a/contrib/zkt/examples/views/extern/example.net./keyset-example.net. b/contrib/zkt/examples/views/extern/example.net./keyset-example.net. new file mode 100644 index 0000000..b845245 --- /dev/null +++ b/contrib/zkt/examples/views/extern/example.net./keyset-example.net. @@ -0,0 +1,10 @@ +$ORIGIN . +example.net 7200 IN DNSKEY 257 3 5 ( + BQEAAAABDEEycfY6uqWNTpQO8ygi9xms6NOF + YGhCjijN109fVGJ4KDnIZtLhoFrOKru9rZn+ + pyqurlyZG4vESg0BMty6xljVDlr/TegDYFTN + 19mQuwvlasJhZPv9pjROPqQGnqLaw3O4OKCY + 9HgTTPdXK1hQ4Mg2rNU4SM2Tu5ki91f5AQqi + XF8KYMics0mwVvpj5C2YTDvE9SafLrce68JM + 6DaiC6E1sQ== + ) ; key id = 23553 diff --git a/contrib/zkt/examples/views/extern/example.net./zone.db b/contrib/zkt/examples/views/extern/example.net./zone.db new file mode 100644 index 0000000..4c72928 --- /dev/null +++ b/contrib/zkt/examples/views/extern/example.net./zone.db @@ -0,0 +1,33 @@ +;----------------------------------------------------------------- +; +; @(#) extern/example.net/zone.db +; +;----------------------------------------------------------------- + +$TTL 7200 + +@ IN SOA ns1.example.net. hostmaster.example.net. ( + 0 ; Serial + 43200 ; Refresh + 1800 ; Retry + 2W ; Expire + 7200 ) ; Minimum + + IN NS ns1.example.net. + IN NS ns2.example.net. + +ns1 IN A 1.0.0.5 + IN AAAA 2001:db8::53 +ns2 IN A 1.2.0.6 + +localhost IN A 127.0.0.1 + +; Delegation to secure zone; The DS resource record will +; be added by dnssec-signzone automatically if the +; keyset-sub.example.net file is present (run dnssec-signzone +; with option -g or use the dnssec-signer tool) ;-) +sub IN NS ns1.example.net. + +; this file will have all the zone keys +$INCLUDE dnskey.db + diff --git a/contrib/zkt/examples/views/extern/example.net./zone.db.signed b/contrib/zkt/examples/views/extern/example.net./zone.db.signed new file mode 100644 index 0000000..c0e2801 --- /dev/null +++ b/contrib/zkt/examples/views/extern/example.net./zone.db.signed @@ -0,0 +1,109 @@ +; File written on Thu Jun 12 17:56:06 2008 +; dnssec_signzone version 9.5.0 +example.net. 7200 IN SOA ns1.example.net. hostmaster.example.net. ( + 1213286165 ; serial + 43200 ; refresh (12 hours) + 1800 ; retry (30 minutes) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 7200 RRSIG SOA 5 2 7200 20080622145605 ( + 20080612145605 35744 example.net. + iSF46kemTmJ62ipRyAzcVF0zlND4ZXdMSzAg + wGLfXN1xlgt0IwB8ypP1OjDyUx+YwBpbMlJt + tFsswvYaZtP11Q== ) + 7200 NS ns1.example.net. + 7200 NS ns2.example.net. + 7200 RRSIG NS 5 2 7200 20080622145605 ( + 20080612145605 35744 example.net. + fmC9BXzFcy6TRXixIHk51TYTetGd69YcRguc + VlqTalvPJTJ99nKkRS5HdP2CZPJqv9bHOmSO + yQibjS4TA5Pr3g== ) + 7200 NSEC localhost.example.net. NS SOA RRSIG NSEC DNSKEY + 7200 RRSIG NSEC 5 2 7200 20080622145605 ( + 20080612145605 35744 example.net. + kimcFA1awlsIou/66y2XLByBWKc2e7Wm8vis + Pz/i0NS4NFoe+oSKIeIjUorWOSf5AkpxxntV + 91i/sxof6bc61w== ) + 3600 DNSKEY 256 3 5 ( + BQEAAAABsQvn4MXvSlbajLPMJdGnczsX/Zw5 + yYSeERYtaO2Wxi+kHz6wiAyKkbBYFUGtmbPJ + 6JFt+4f9KnNPi1txiBg76Q== + ) ; key id = 35744 + 3600 DNSKEY 256 3 5 ( + BQEAAAAB3U9DMT6BkywYADO+5p0lG4VFLLzN + vJUMaOc++HqN2N1sKSX4ZTf2V5gtamPZ/1kM + rg8gYImKCl6n3K37EjXYBw== + ) ; key id = 10367 + 3600 DNSKEY 257 3 5 ( + BQEAAAABDEEycfY6uqWNTpQO8ygi9xms6NOF + YGhCjijN109fVGJ4KDnIZtLhoFrOKru9rZn+ + pyqurlyZG4vESg0BMty6xljVDlr/TegDYFTN + 19mQuwvlasJhZPv9pjROPqQGnqLaw3O4OKCY + 9HgTTPdXK1hQ4Mg2rNU4SM2Tu5ki91f5AQqi + XF8KYMics0mwVvpj5C2YTDvE9SafLrce68JM + 6DaiC6E1sQ== + ) ; key id = 23553 + 3600 RRSIG DNSKEY 5 2 3600 20080622145605 ( + 20080612145605 23553 example.net. + Bfg8AMvj3OmC7E5aMCfotsdL4eJ+hPqtH30E + +aGEJojZNgfhnSKZrolMJa5fij4oZ+Fp8U+a + V73egxkrYI+NnddGRVium+vT6NDVknYl6hx0 + kgKmZ8oYMulF8CCmTaw6WXswIX0j/7e17Qtw + ZjbkWZagIXWotE5t0qel3doAQ37ZUaKMMAoc + SRgJ8s+w7OZ86f1kWyGNdhYeF8yY3AraSx7h + fg== ) + 3600 RRSIG DNSKEY 5 2 3600 20080622145605 ( + 20080612145605 35744 example.net. + SrsmKW7eB+zWA+8j2DvlDktthDusinJP4QKV + ihsJN1Gq8fTcHsFX2+3EJLyGZfhKyW7Q5Z1W + dIM4sjx78Zjh5Q== ) +localhost.example.net. 7200 IN A 127.0.0.1 + 7200 RRSIG A 5 3 7200 20080622145605 ( + 20080612145605 35744 example.net. + DUWSV0Wj/h1U4idKUoDLB+NXgj8M9et1E8BP + X0lhAu4CMrPhsiFU1NN+N3bhC16u7S+xxeEI + N/c7vC223ejn8A== ) + 7200 NSEC ns1.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20080622145605 ( + 20080612145605 35744 example.net. + qQ7FB0+O9Ve88VblRspGAm28JXurNAQ23HX9 + rkmbFLL/Z7Xp7xO2899oJZrgHl3CWLcKRBV+ + P50QYwYXET3byw== ) +ns1.example.net. 7200 IN A 1.0.0.5 + 7200 RRSIG A 5 3 7200 20080622145605 ( + 20080612145605 35744 example.net. + qv8y5gEQg/5BpSTMoZvwW6AAzMIxT34ds4VK + QQ9ScfVYOwtKigsaFmr8Zs97R946rl5vh/cs + w8uw5x6/1ECflg== ) + 7200 AAAA 2001:db8::53 + 7200 RRSIG AAAA 5 3 7200 20080622145605 ( + 20080612145605 35744 example.net. + T5MtLR9ZY0e6PKk+nU9cjRpSAWaccH2bGjzI + aYEvKRFcLQ0QPDww8gBZNimYL+BYfCSysyXz + LNjR7KqYQxrXmg== ) + 7200 NSEC ns2.example.net. A AAAA RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20080622145605 ( + 20080612145605 35744 example.net. + IlRZWwLVtf7oalaLBCMbqH4pxgqCJ7f0wQzO + ftS2jhMGVez+q7SgO8Vpw5f+vhNiSWe6noiN + ogRV1rxohxDyCw== ) +ns2.example.net. 7200 IN A 1.2.0.6 + 7200 RRSIG A 5 3 7200 20080622145605 ( + 20080612145605 35744 example.net. + NR3Nkw9U12uZcZs8ChTY+u3a0QisLV/5okqR + Cy1Jpg8YkEzBJ0nEdxoGX6WUtnb0u5Kjxea1 + iTZYEXffLBchmw== ) + 7200 NSEC sub.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20080622145605 ( + 20080612145605 35744 example.net. + eM1ckSfeiEg6pV8JxJEEkDeDo04i1iblO6a1 + pWydc4IGMH0vaCuGHvLlfCmSOZK7TWMFSLJN + SqabEFO1114AyQ== ) +sub.example.net. 7200 IN NS ns1.example.net. + 7200 NSEC example.net. NS RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20080622145605 ( + 20080612145605 35744 example.net. + nwfqNjzYHKtWWsJgoiM9ZQFY9UKHMS6pkyNB + ISgm6pTLeG9QXuwf9vTrtfvhPYAp5DRz96AT + db/3/DXIwUnMnA== ) diff --git a/contrib/zkt/examples/views/extern/zkt-ext.log b/contrib/zkt/examples/views/extern/zkt-ext.log new file mode 100644 index 0000000..04fa4fb --- /dev/null +++ b/contrib/zkt/examples/views/extern/zkt-ext.log @@ -0,0 +1,28 @@ +2008-06-12 17:59:04.194: notice: running as ../../dnssec-signer -V extern -v -v +2008-06-12 17:59:04.195: debug: parsing zone "example.net." in dir "extern/example.net." +2008-06-12 17:59:04.196: debug: Check RFC5011 status +2008-06-12 17:59:04.196: debug: ->ksk5011status returns 0 +2008-06-12 17:59:04.196: debug: Check ksk status +2008-06-12 17:59:04.196: debug: Re-signing not necessary! +2008-06-12 17:59:04.196: notice: end of run: 0 errors occured +2008-06-12 17:59:17.435: notice: running as ../../dnssec-signer -V extern -v -v +2008-06-12 17:59:17.436: debug: parsing zone "example.net." in dir "extern/example.net." +2008-06-12 17:59:17.436: debug: Check RFC5011 status +2008-06-12 17:59:17.436: debug: ->ksk5011status returns 0 +2008-06-12 17:59:17.436: debug: Check ksk status +2008-06-12 17:59:17.436: debug: Re-signing not necessary! +2008-06-12 17:59:17.436: notice: end of run: 0 errors occured +2008-06-12 18:00:07.818: notice: running as ../../dnssec-signer -V extern -v -v +2008-06-12 18:00:07.819: debug: parsing zone "example.net." in dir "extern/example.net." +2008-06-12 18:00:07.819: debug: Check RFC5011 status +2008-06-12 18:00:07.819: debug: ->ksk5011status returns 0 +2008-06-12 18:00:07.819: debug: Check ksk status +2008-06-12 18:00:07.819: debug: Re-signing not necessary! +2008-06-12 18:00:07.819: notice: end of run: 0 errors occured +2008-06-12 18:00:39.019: notice: running as ../../dnssec-signer -V extern -v -v +2008-06-12 18:00:39.020: debug: parsing zone "example.net." in dir "extern/example.net." +2008-06-12 18:00:39.020: debug: Check RFC5011 status +2008-06-12 18:00:39.020: debug: ->ksk5011status returns 0 +2008-06-12 18:00:39.020: debug: Check ksk status +2008-06-12 18:00:39.020: debug: Re-signing not necessary! +2008-06-12 18:00:39.020: notice: end of run: 0 errors occured diff --git a/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+00126.key b/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+00126.key new file mode 100644 index 0000000..316e4cf --- /dev/null +++ b/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+00126.key @@ -0,0 +1 @@ +example.net. IN DNSKEY 257 3 5 BQEAAAABC+JLXRgWPqqGe0cta8CR95tz7PkkgRDlXyxESD+XkpVDkJ3W ey/1Lh7083Ve1WmIuUAo3N4d7HjLgrFVZxiumGGRz/aV3s01OFFS5JqI wF9BTNrNPGLPzzbBaQMHErO88HIbbg4sot7e6bSrtpAEf23MhZ3qZJC9 +nN+DknmsgTE6EpK6ZyUrZc64/0K68EWhtk1gf95NQEzTD4QgrOD6IYq Lw== diff --git a/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+00126.private b/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+00126.private new file mode 100644 index 0000000..96e1ff6 --- /dev/null +++ b/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+00126.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: C+JLXRgWPqqGe0cta8CR95tz7PkkgRDlXyxESD+XkpVDkJ3Wey/1Lh7083Ve1WmIuUAo3N4d7HjLgrFVZxiumGGRz/aV3s01OFFS5JqIwF9BTNrNPGLPzzbBaQMHErO88HIbbg4sot7e6bSrtpAEf23MhZ3qZJC9+nN+DknmsgTE6EpK6ZyUrZc64/0K68EWhtk1gf95NQEzTD4QgrOD6IYqLw== +PublicExponent: AQAAAAE= +PrivateExponent: CF6/bss8OtQFdcjO6kJh9EamPFXAsaXFCdcYpHF55CU4H3jBuu7teLFEanvgm6M+wROYF0Yohiyb2aeSBdGLRIfTC9l3xfHD+XixuZVoNk6DqR1/8Wlxwu/a/hW9dq7pUXqDfTbzdZKR6SVRPa4MAdQ0p8aSF4S926NRqZC6E/anqhqNPSlBpxTs3TrRk+wY6u8wMXxPGNjJYoID8Y0Qau/H6Q== +Prime1: A50B7etEtQCDudL8+KBxU1/2sVT3ORMfoZPsOe+ZLFrwcOO9Iyrr6saymuD4QvcIHECdLUM5rsT1JBo87wgvVysibco7oVLxlIfsTcbM70l2Kw== +Prime2: A0n3+qM3ng3WAFzlpYRNUZpH/CW1pMq3nOHjx2olWwDxDZ4tAsUPKuW9n3kVZAR+4FkeUKn2ePR7xRtO3AzvA6QmZuZN6EHuLPlSKRufzeZ+DQ== +Exponent1: Hk5KY5PiXs6pf8T8rSvVs6PJqDX491R01ZDdAIDYjmhIUHKWQ2STAlPEpSAGXi+oqOo4dD1eJWgw36hT0JakjXU4aIvPoSdmVPMs8aod0NUh +Exponent2: AXKBZ5sYApCCj/0fGBTkmU6Zc89/ddQNrFm2lVLrwSTILHQWm/aXDvI+5icpF5kdrukVcNHUeCz1R/RTgeV4N9/qvr5YzbPWieqDNvpG1RcNRQ== +Coefficient: BZxK+fKwUNWoJ5huBqLsi8UMWgrCMqAfXvge4+Y4n4IL0VCU1UUEXZQEEeiATh0g52CuetOMej6FZ4QKbNryWg036ZKl81ataMGtDX/i/yZG diff --git a/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+05972.key b/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+05972.key new file mode 100644 index 0000000..8be3973 --- /dev/null +++ b/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+05972.key @@ -0,0 +1 @@ +example.net. IN DNSKEY 256 3 5 BQEAAAABsMIdQ+yt52Q/OR1s+QPj7SuBydYb11l0HC5kGIDp+JPQIQHx pyCWa/LaLgcvK3IA1HR8YaO3QXB2LAHEz5B/CQ== diff --git a/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+05972.private b/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+05972.private new file mode 100644 index 0000000..b519641 --- /dev/null +++ b/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+05972.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: sMIdQ+yt52Q/OR1s+QPj7SuBydYb11l0HC5kGIDp+JPQIQHxpyCWa/LaLgcvK3IA1HR8YaO3QXB2LAHEz5B/CQ== +PublicExponent: AQAAAAE= +PrivateExponent: fpWuYAOXJWdjMrZnI91hTi1wwuje4sKjDu8xvfnKvqKhr61QxK1gR9TB3mc2FM+Awivphb3xfi8+y2cacq9iUQ== +Prime1: 6DE1tFJXGIm2SW3fSwQymX7Zcw8VSIMWiHQPCqX1FA0= +Prime2: wuHS7u0I9aYOFkDAndfEVyDi8vOh96CcY/BuSvEZ6+0= +Exponent1: sn7RttKPap3cgw2sddmgwcuVSaEpwOswF/O42Ou3fMk= +Exponent2: LoJ305VksT7SWWR6bM5OybcdTm39PTZM0g3V2hOceK0= +Coefficient: SwRF9S9ICVeyeYw3djxbg7kUZjz5AkbHIgz9VeX4mzM= diff --git a/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+23375.key b/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+23375.key new file mode 100644 index 0000000..160110e --- /dev/null +++ b/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+23375.key @@ -0,0 +1,3 @@ +;% generationtime=20080612154545 +;% lifetime=30d +example.net. IN DNSKEY 256 3 5 BQEAAAABzbx90CiFrOSh0/BkiRQYRC4rHL0QQv96Qwy5/zuOa/3Zy9Lc TpbE13DtEAqOfVGSQ79S4WgKalFJxq6lSk0xrw== diff --git a/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+23375.published b/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+23375.published new file mode 100644 index 0000000..60e4316 --- /dev/null +++ b/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+23375.published @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: zbx90CiFrOSh0/BkiRQYRC4rHL0QQv96Qwy5/zuOa/3Zy9LcTpbE13DtEAqOfVGSQ79S4WgKalFJxq6lSk0xrw== +PublicExponent: AQAAAAE= +PrivateExponent: XZK4eHRUrFka7O0Q/RBuBG3iW8KFng5em4FnjCSBQpwSAvFzTBebqwfNSOcgqKihz8VzvKHxEd6BxVZRGI2dgQ== +Prime1: 8Jji5R57Y4ROxrO5EuEFjxL723VQ/Ym+4KYG+tM3bP8= +Prime2: 2uhGRdJU3UJvnPwx0gJGio6KmRBC6CmDqTMORhYrS1E= +Exponent1: cqVno4KLgMmKN5VPWaYA+pB5e55r6UEIaxqj6WMXATs= +Exponent2: EqSKzb/r02jmNCTv5aX7wHl+57LYR40rJvzgVTfh/tE= +Coefficient: 37ywfYlNFmtR/jZwoZBHNdIEy+C+jIeJ+fEepesSpoI= diff --git a/contrib/zkt/examples/views/intern/example.net./dnskey.db b/contrib/zkt/examples/views/intern/example.net./dnskey.db new file mode 100644 index 0000000..9e2c47f --- /dev/null +++ b/contrib/zkt/examples/views/intern/example.net./dnskey.db @@ -0,0 +1,30 @@ +; +; !!! Don't edit this file by hand. +; !!! It will be generated by dnssec-signer. +; +; Last generation time Jun 12 2008 18:13:43 +; + +; *** List of Key Signing Keys *** +; example.net. tag=126 algo=RSASHA1 generated Nov 20 2007 12:44:27 +example.net. 1800 IN DNSKEY 257 3 5 ( + BQEAAAABC+JLXRgWPqqGe0cta8CR95tz7PkkgRDlXyxESD+XkpVDkJ3W + ey/1Lh7083Ve1WmIuUAo3N4d7HjLgrFVZxiumGGRz/aV3s01OFFS5JqI + wF9BTNrNPGLPzzbBaQMHErO88HIbbg4sot7e6bSrtpAEf23MhZ3qZJC9 + +nN+DknmsgTE6EpK6ZyUrZc64/0K68EWhtk1gf95NQEzTD4QgrOD6IYq + Lw== + ) ; key id = 126 + +; *** List of Zone Signing Keys *** +; example.net. tag=5972 algo=RSASHA1 generated Nov 20 2007 12:44:27 +example.net. 1800 IN DNSKEY 256 3 5 ( + BQEAAAABsMIdQ+yt52Q/OR1s+QPj7SuBydYb11l0HC5kGIDp+JPQIQHx + pyCWa/LaLgcvK3IA1HR8YaO3QXB2LAHEz5B/CQ== + ) ; key id = 5972 + +; example.net. tag=23375 algo=RSASHA1 generated Jun 12 2008 17:45:45 +example.net. 1800 IN DNSKEY 256 3 5 ( + BQEAAAABzbx90CiFrOSh0/BkiRQYRC4rHL0QQv96Qwy5/zuOa/3Zy9Lc + TpbE13DtEAqOfVGSQ79S4WgKalFJxq6lSk0xrw== + ) ; key id = 23375 + diff --git a/contrib/zkt/examples/views/intern/example.net./dsset-example.net. b/contrib/zkt/examples/views/intern/example.net./dsset-example.net. new file mode 100644 index 0000000..b61c1b6 --- /dev/null +++ b/contrib/zkt/examples/views/intern/example.net./dsset-example.net. @@ -0,0 +1,2 @@ +example.net. IN DS 126 5 1 D32161DCFCA120944CB9C0394CBED1389FDB72CA +example.net. IN DS 126 5 2 351C6807B25E47223D7A6AA222291E8D7D7DDDA61D64CE839F937F22 47481FC9 diff --git a/contrib/zkt/examples/views/intern/example.net./keyset-example.net. b/contrib/zkt/examples/views/intern/example.net./keyset-example.net. new file mode 100644 index 0000000..0aa2c7d --- /dev/null +++ b/contrib/zkt/examples/views/intern/example.net./keyset-example.net. @@ -0,0 +1,10 @@ +$ORIGIN . +example.net 7200 IN DNSKEY 257 3 5 ( + BQEAAAABC+JLXRgWPqqGe0cta8CR95tz7Pkk + gRDlXyxESD+XkpVDkJ3Wey/1Lh7083Ve1WmI + uUAo3N4d7HjLgrFVZxiumGGRz/aV3s01OFFS + 5JqIwF9BTNrNPGLPzzbBaQMHErO88HIbbg4s + ot7e6bSrtpAEf23MhZ3qZJC9+nN+DknmsgTE + 6EpK6ZyUrZc64/0K68EWhtk1gf95NQEzTD4Q + grOD6IYqLw== + ) ; key id = 126 diff --git a/contrib/zkt/examples/views/intern/example.net./zone.db b/contrib/zkt/examples/views/intern/example.net./zone.db new file mode 100644 index 0000000..d3e90f7 --- /dev/null +++ b/contrib/zkt/examples/views/intern/example.net./zone.db @@ -0,0 +1,33 @@ +;----------------------------------------------------------------- +; +; @(#) intern/example.net/zone.db +; +;----------------------------------------------------------------- + +$TTL 7200 + +@ IN SOA ns1.example.net. hostmaster.example.net. ( + 0 ; Serial + 43200 ; Refresh + 1800 ; Retry + 2W ; Expire + 7200 ) ; Minimum + + IN NS ns1.example.net. + IN NS ns2.example.net. + +ns1 IN A 192.168.1.53 + IN AAAA fd12:063c:cdbb::53 +ns2 IN A 10.1.2.3 + +localhost IN A 127.0.0.1 + +; Delegation to secure zone; The DS resource record will +; be added by dnssec-signzone automatically if the +; keyset-sub.example.net file is present (run dnssec-signzone +; with option -g or use the dnssec-signer tool) ;-) +sub IN NS ns1.example.net. + +; this file will have all the zone keys +$INCLUDE dnskey.db + diff --git a/contrib/zkt/examples/views/intern/example.net./zone.db.signed b/contrib/zkt/examples/views/intern/example.net./zone.db.signed new file mode 100644 index 0000000..88a42c6 --- /dev/null +++ b/contrib/zkt/examples/views/intern/example.net./zone.db.signed @@ -0,0 +1,109 @@ +; File written on Thu Jun 12 18:13:43 2008 +; dnssec_signzone version 9.5.0 +example.net. 7200 IN SOA ns1.example.net. hostmaster.example.net. ( + 1213287223 ; serial + 43200 ; refresh (12 hours) + 1800 ; retry (30 minutes) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 7200 RRSIG SOA 5 2 7200 20080613151343 ( + 20080612151343 5972 example.net. + Pc3wGwZm0n5gMs9lSHUiRG4EIpalC+UUJPwy + 2LwHbyFkzCdGQz2RDJeL6mRKS4Z+gmt3oNUV + aV3H0KfNq6ITLg== ) + 7200 NS ns1.example.net. + 7200 NS ns2.example.net. + 7200 RRSIG NS 5 2 7200 20080613151343 ( + 20080612151343 5972 example.net. + dUy23xqHx9shvAc20zW9uBOt8TnrI5ot31vS + Gas9s5ksxGZuQIIdpdYvbFtufp9jLfAQG98L + a6rQDFcnJ8xzng== ) + 7200 NSEC localhost.example.net. NS SOA RRSIG NSEC DNSKEY + 7200 RRSIG NSEC 5 2 7200 20080613151343 ( + 20080612151343 5972 example.net. + gWt7VDw60E1q7qS4+pkor6RR2Dfc1sshGHia + UEJBt9F4PiHux3ICJbyWQ2USBLJMzO+uR8GH + kt2inbyQytbPDQ== ) + 1800 DNSKEY 256 3 5 ( + BQEAAAABsMIdQ+yt52Q/OR1s+QPj7SuBydYb + 11l0HC5kGIDp+JPQIQHxpyCWa/LaLgcvK3IA + 1HR8YaO3QXB2LAHEz5B/CQ== + ) ; key id = 5972 + 1800 DNSKEY 256 3 5 ( + BQEAAAABzbx90CiFrOSh0/BkiRQYRC4rHL0Q + Qv96Qwy5/zuOa/3Zy9LcTpbE13DtEAqOfVGS + Q79S4WgKalFJxq6lSk0xrw== + ) ; key id = 23375 + 1800 DNSKEY 257 3 5 ( + BQEAAAABC+JLXRgWPqqGe0cta8CR95tz7Pkk + gRDlXyxESD+XkpVDkJ3Wey/1Lh7083Ve1WmI + uUAo3N4d7HjLgrFVZxiumGGRz/aV3s01OFFS + 5JqIwF9BTNrNPGLPzzbBaQMHErO88HIbbg4s + ot7e6bSrtpAEf23MhZ3qZJC9+nN+DknmsgTE + 6EpK6ZyUrZc64/0K68EWhtk1gf95NQEzTD4Q + grOD6IYqLw== + ) ; key id = 126 + 1800 RRSIG DNSKEY 5 2 1800 20080613151343 ( + 20080612151343 126 example.net. + CPj9rEcjTazkLm5yNpC4PatufPvKQdCkaIj9 + EKFgYUpPftfvhP1MzKcHnKraVq8jU995e1vU + WZ3ac9M4KRynUoYYj4/nMFwWQu/xC9yaUjj0 + XodXMEMlSjjN5BE/2Og3xzKJ9grim7riKClH + fixhNn6WGUXWT7TV1GKNnB7Ix/ZVCpzU4QAz + qr28rqTYvbmoowGXPf6OgafFdRQ6rdTRTzvK + xA== ) + 1800 RRSIG DNSKEY 5 2 1800 20080613151343 ( + 20080612151343 5972 example.net. + dOdjm4GD0nzgoMgRYl8HiEqi4nxP/ocB7n/N + WRKdU4Tuk7OYacr2Bd+tVa2bKLJZ9JmMQR8v + VDkzRjT4eONxuA== ) +localhost.example.net. 7200 IN A 127.0.0.1 + 7200 RRSIG A 5 3 7200 20080613151343 ( + 20080612151343 5972 example.net. + KRpkDBsuqC+WHv++YBsxW1rhkALl/LWyI24E + qJJevkm0+5tCmHgHa9WovZwDDMEn/tzxOaqi + rk8Mnbf6cYxSlw== ) + 7200 NSEC ns1.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20080613151343 ( + 20080612151343 5972 example.net. + GdpOVVyqa1nTaGFuN4ohqxnYs5yG+vGK9gK0 + Tt4aenChFAmcuIvhX7ZcdejXM8x+imttnKCp + Smho3kSGf9gQRQ== ) +ns1.example.net. 7200 IN A 192.168.1.53 + 7200 RRSIG A 5 3 7200 20080613151343 ( + 20080612151343 5972 example.net. + P4vZDd3DBZIEwk9mQWoR1qjqyFTNOvsp+yOt + z2OvdAjSnlVnYHC0lM0LY24RVTQlQPLRq75F + joAIP/0wvXihsA== ) + 7200 AAAA fd12:63c:cdbb::53 + 7200 RRSIG AAAA 5 3 7200 20080613151343 ( + 20080612151343 5972 example.net. + V04kA3VrzhcNfwCEXBpgKyu+eRFYGCIrXuty + XiRCHV2DCOlr9EBKGdXzpR8kUnpRZI2BuP17 + 2a3emgs9BHJJ6A== ) + 7200 NSEC ns2.example.net. A AAAA RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20080613151343 ( + 20080612151343 5972 example.net. + Y0DaMxmczQLNCtzKO/MA7Nvt4Rh3MdnEvcPJ + 48blsqd3UWGlRcHD/yx1NFV2JxBFSNTsAkBs + JFhw+nVeZJdHJA== ) +ns2.example.net. 7200 IN A 10.1.2.3 + 7200 RRSIG A 5 3 7200 20080613151343 ( + 20080612151343 5972 example.net. + GsvMGEozNeTjBPOuYM3thOZsQ+pPv7/8zQlj + FPnivBwkvkgrk+IyJxoh9xyTnVxd93mPY0Rv + Xsp5ITBTILSM6Q== ) + 7200 NSEC sub.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20080613151343 ( + 20080612151343 5972 example.net. + LYIa+Hhk4l6KnbT/QKS0Zqkfy8Ywpz8J9RLh + 9VqzxFcdXrJswV4o/5fbZCT33sBqzebggBVR + LYF/o0HVi5uzJA== ) +sub.example.net. 7200 IN NS ns1.example.net. + 7200 NSEC example.net. NS RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20080613151343 ( + 20080612151343 5972 example.net. + nkGsdegvupGxCOpr/8K6kY/0iZH1ZC8y5HwQ + 8Z3/aD0wJxaVK9iMjZ+jbIbQHg3Es5V0UYFR + RPdjTNk7YEC0Mg== ) diff --git a/contrib/zkt/examples/views/intern/zkt-int.log b/contrib/zkt/examples/views/intern/zkt-int.log new file mode 100644 index 0000000..0729139 --- /dev/null +++ b/contrib/zkt/examples/views/intern/zkt-int.log @@ -0,0 +1,169 @@ +2008-06-12 18:02:13.593: notice: running as ../../dnssec-signer -V intern -v -v +2008-06-12 18:02:13.594: debug: parsing zone "example.net." in dir "intern/example.net." +2008-06-12 18:02:13.594: debug: Check RFC5011 status +2008-06-12 18:02:13.595: debug: ->ksk5011status returns 0 +2008-06-12 18:02:13.595: debug: Check ksk status +2008-06-12 18:02:13.595: debug: Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17727466 sec) +2008-06-12 18:02:13.595: debug: ->waiting for pre-publish key +2008-06-12 18:02:13.595: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h17m46s: ZSK rollover deferred: waiting for pre-publish key +2008-06-12 18:02:13.595: debug: Re-signing necessary: Modified keys +2008-06-12 18:02:13.595: notice: "example.net.": re-signing triggered: Modified keys +2008-06-12 18:02:13.595: debug: Writing key file "intern/example.net./dnskey.db" +2008-06-12 18:02:13.596: debug: Signing zone "example.net." +2008-06-12 18:02:13.596: debug: Run cmd "cd intern/example.net.; /usr/local/sbin/dnssec-signzone -p -o example.net. -e +86400 -g -N unixtime zone.db K*.private" +2008-06-12 18:02:13.705: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-06-12 18:02:13.705: debug: Signing completed after 0s. +2008-06-12 18:02:13.705: debug: +2008-06-12 18:02:13.705: notice: end of run: 0 errors occured +2008-06-12 18:03:13.208: notice: running as ../../dnssec-signer -V intern -r -v -v +2008-06-12 18:03:13.209: debug: parsing zone "example.net." in dir "intern/example.net." +2008-06-12 18:03:13.209: debug: Check RFC5011 status +2008-06-12 18:03:13.209: debug: ->ksk5011status returns 0 +2008-06-12 18:03:13.209: debug: Check ksk status +2008-06-12 18:03:13.209: debug: Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17727526 sec) +2008-06-12 18:03:13.209: debug: ->waiting for pre-publish key +2008-06-12 18:03:13.209: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h18m46s: ZSK rollover deferred: waiting for pre-publish key +2008-06-12 18:03:13.209: debug: Re-signing not necessary! +2008-06-12 18:03:13.209: notice: end of run: 0 errors occured +2008-06-12 18:03:19.287: notice: running as ../../dnssec-signer -V intern -r -v -v +2008-06-12 18:03:19.288: debug: parsing zone "example.net." in dir "intern/example.net." +2008-06-12 18:03:19.288: debug: Check RFC5011 status +2008-06-12 18:03:19.289: debug: ->ksk5011status returns 0 +2008-06-12 18:03:19.289: debug: Check ksk status +2008-06-12 18:03:19.289: debug: Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17727532 sec) +2008-06-12 18:03:19.289: debug: ->waiting for pre-publish key +2008-06-12 18:03:19.289: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h18m52s: ZSK rollover deferred: waiting for pre-publish key +2008-06-12 18:03:19.289: debug: Re-signing not necessary! +2008-06-12 18:03:19.289: notice: end of run: 0 errors occured +2008-06-12 18:03:23.617: notice: running as ../../dnssec-signer -V intern -f -r -v -v +2008-06-12 18:03:23.618: debug: parsing zone "example.net." in dir "intern/example.net." +2008-06-12 18:03:23.618: debug: Check RFC5011 status +2008-06-12 18:03:23.618: debug: ->ksk5011status returns 0 +2008-06-12 18:03:23.618: debug: Check ksk status +2008-06-12 18:03:23.618: debug: Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17727536 sec) +2008-06-12 18:03:23.618: debug: ->waiting for pre-publish key +2008-06-12 18:03:23.618: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h18m56s: ZSK rollover deferred: waiting for pre-publish key +2008-06-12 18:03:23.618: debug: Re-signing necessary: Option -f +2008-06-12 18:03:23.618: notice: "example.net.": re-signing triggered: Option -f +2008-06-12 18:03:23.618: debug: Writing key file "intern/example.net./dnskey.db" +2008-06-12 18:03:23.619: debug: Signing zone "example.net." +2008-06-12 18:03:23.619: debug: Run cmd "cd intern/example.net.; /usr/local/sbin/dnssec-signzone -p -o example.net. -e +86400 -g -N unixtime zone.db K*.private" +2008-06-12 18:03:23.719: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-06-12 18:03:23.719: debug: Signing completed after 0s. +2008-06-12 18:03:23.720: notice: ""example.net." in view "intern"": reload triggered +2008-06-12 18:03:23.772: debug: +2008-06-12 18:03:23.772: notice: end of run: 0 errors occured +2008-06-12 18:05:39.532: notice: running as ../../dnssec-signer -V intern -f -r -v -v +2008-06-12 18:05:39.533: debug: parsing zone "example.net." in dir "intern/example.net." +2008-06-12 18:05:39.533: debug: Check RFC5011 status +2008-06-12 18:05:39.533: debug: ->ksk5011status returns 0 +2008-06-12 18:05:39.533: debug: Check ksk status +2008-06-12 18:05:39.533: debug: Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17727672 sec) +2008-06-12 18:05:39.533: debug: ->waiting for pre-publish key +2008-06-12 18:05:39.533: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h21m12s: ZSK rollover deferred: waiting for pre-publish key +2008-06-12 18:05:39.533: debug: Re-signing necessary: Option -f +2008-06-12 18:05:39.533: notice: "example.net.": re-signing triggered: Option -f +2008-06-12 18:05:39.533: debug: Writing key file "intern/example.net./dnskey.db" +2008-06-12 18:05:39.534: debug: Signing zone "example.net." +2008-06-12 18:05:39.534: debug: Run cmd "cd intern/example.net.; /usr/local/sbin/dnssec-signzone -p -o example.net. -e +86400 -g -N unixtime zone.db K*.private" +2008-06-12 18:05:39.629: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-06-12 18:05:39.630: debug: Signing completed after 0s. +2008-06-12 18:05:39.630: notice: ""example.net."": reload triggered +2008-06-12 18:05:39.640: debug: +2008-06-12 18:05:39.640: notice: end of run: 0 errors occured +2008-06-12 18:07:47.753: notice: running as ../../dnssec-signer -V intern -f -r -v -v +2008-06-12 18:07:47.754: debug: parsing zone "example.net." in dir "intern/example.net." +2008-06-12 18:07:47.754: debug: Check RFC5011 status +2008-06-12 18:07:47.754: debug: ->ksk5011status returns 0 +2008-06-12 18:07:47.754: debug: Check ksk status +2008-06-12 18:07:47.754: debug: Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17727800 sec) +2008-06-12 18:07:47.754: debug: ->waiting for pre-publish key +2008-06-12 18:07:47.754: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h23m20s: ZSK rollover deferred: waiting for pre-publish key +2008-06-12 18:07:47.754: debug: Re-signing necessary: Option -f +2008-06-12 18:07:47.754: notice: "example.net.": re-signing triggered: Option -f +2008-06-12 18:07:47.754: debug: Writing key file "intern/example.net./dnskey.db" +2008-06-12 18:07:47.754: debug: Signing zone "example.net." +2008-06-12 18:07:47.754: debug: Run cmd "cd intern/example.net.; /usr/local/sbin/dnssec-signzone -p -o example.net. -e +86400 -g -N unixtime zone.db K*.private" +2008-06-12 18:07:47.856: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-06-12 18:07:47.856: debug: Signing completed after 0s. +2008-06-12 18:07:47.856: notice: ""example.net."": reload triggered +2008-06-12 18:07:47.866: debug: +2008-06-12 18:07:47.867: notice: end of run: 0 errors occured +2008-06-12 18:10:57.978: notice: running as ../../dnssec-signer -V intern -f -r -v -v +2008-06-12 18:10:57.978: debug: parsing zone "example.net." in dir "intern/example.net." +2008-06-12 18:10:57.978: debug: Check RFC5011 status +2008-06-12 18:10:57.978: debug: ->ksk5011status returns 0 +2008-06-12 18:10:57.978: debug: Check ksk status +2008-06-12 18:10:57.978: debug: Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17727990 sec) +2008-06-12 18:10:57.978: debug: ->waiting for pre-publish key +2008-06-12 18:10:57.978: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h26m30s: ZSK rollover deferred: waiting for pre-publish key +2008-06-12 18:10:57.978: debug: Re-signing necessary: Option -f +2008-06-12 18:10:57.978: notice: "example.net.": re-signing triggered: Option -f +2008-06-12 18:10:57.978: debug: Writing key file "intern/example.net./dnskey.db" +2008-06-12 18:10:57.979: debug: Signing zone "example.net." +2008-06-12 18:10:57.979: debug: Run cmd "cd intern/example.net.; /usr/local/sbin/dnssec-signzone -p -o example.net. -e +86400 -g -N unixtime zone.db K*.private" +2008-06-12 18:10:58.081: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-06-12 18:10:58.081: debug: Signing completed after 1s. +2008-06-12 18:10:58.081: notice: ""example.net." in view "intern"": reload triggered +2008-06-12 18:10:58.093: debug: +2008-06-12 18:10:58.093: notice: end of run: 0 errors occured +2008-06-12 18:13:29.511: notice: running as ../../dnssec-signer -V intern -f -r -v -v +2008-06-12 18:13:29.512: debug: parsing zone "example.net." in dir "intern/example.net." +2008-06-12 18:13:29.512: debug: Check RFC5011 status +2008-06-12 18:13:29.512: debug: ->ksk5011status returns 0 +2008-06-12 18:13:29.512: debug: Check ksk status +2008-06-12 18:13:29.512: debug: Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17728142 sec) +2008-06-12 18:13:29.512: debug: ->waiting for pre-publish key +2008-06-12 18:13:29.512: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h29m2s: ZSK rollover deferred: waiting for pre-publish key +2008-06-12 18:13:29.512: debug: Re-signing necessary: Option -f +2008-06-12 18:13:29.512: notice: "example.net.": re-signing triggered: Option -f +2008-06-12 18:13:29.512: debug: Writing key file "intern/example.net./dnskey.db" +2008-06-12 18:13:29.513: debug: Signing zone "example.net." +2008-06-12 18:13:29.513: debug: Run cmd "cd intern/example.net.; /usr/local/sbin/dnssec-signzone -p -o example.net. -e +86400 -g -N unixtime zone.db K*.private" +2008-06-12 18:13:29.612: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-06-12 18:13:29.612: debug: Signing completed after 0s. +2008-06-12 18:13:29.612: notice: ""example.net." in view "intern"": reload triggered +2008-06-12 18:13:29.612: debug: Reload zone "example.net." in view "intern" +2008-06-12 18:13:29.612: debug: Run cmd "/usr/local/sbin/rndc reload example.net. IN intern" +2008-06-12 18:13:29.623: debug: +2008-06-12 18:13:29.623: notice: end of run: 0 errors occured +2008-06-12 18:13:38.707: notice: running as ../../dnssec-signer -V intern -f -r -v +2008-06-12 18:13:38.708: debug: parsing zone "example.net." in dir "intern/example.net." +2008-06-12 18:13:38.709: debug: Check RFC5011 status +2008-06-12 18:13:38.709: debug: ->ksk5011status returns 0 +2008-06-12 18:13:38.709: debug: Check ksk status +2008-06-12 18:13:38.709: debug: Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17728151 sec) +2008-06-12 18:13:38.709: debug: ->waiting for pre-publish key +2008-06-12 18:13:38.709: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h29m11s: ZSK rollover deferred: waiting for pre-publish key +2008-06-12 18:13:38.709: debug: Re-signing necessary: Option -f +2008-06-12 18:13:38.709: notice: "example.net.": re-signing triggered: Option -f +2008-06-12 18:13:38.709: debug: Writing key file "intern/example.net./dnskey.db" +2008-06-12 18:13:38.710: debug: Signing zone "example.net." +2008-06-12 18:13:38.710: debug: Run cmd "cd intern/example.net.; /usr/local/sbin/dnssec-signzone -p -o example.net. -e +86400 -g -N unixtime zone.db K*.private" +2008-06-12 18:13:39.163: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-06-12 18:13:39.163: debug: Signing completed after 1s. +2008-06-12 18:13:39.163: notice: ""example.net." in view "intern"": reload triggered +2008-06-12 18:13:39.163: debug: Reload zone "example.net." in view "intern" +2008-06-12 18:13:39.163: debug: Run cmd "/usr/local/sbin/rndc reload example.net. IN intern" +2008-06-12 18:13:39.174: debug: +2008-06-12 18:13:39.174: notice: end of run: 0 errors occured +2008-06-12 18:13:43.163: notice: running as ../../dnssec-signer -V intern -f -r -v -v +2008-06-12 18:13:43.164: debug: parsing zone "example.net." in dir "intern/example.net." +2008-06-12 18:13:43.164: debug: Check RFC5011 status +2008-06-12 18:13:43.164: debug: ->ksk5011status returns 0 +2008-06-12 18:13:43.164: debug: Check ksk status +2008-06-12 18:13:43.164: debug: Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17728156 sec) +2008-06-12 18:13:43.164: debug: ->waiting for pre-publish key +2008-06-12 18:13:43.164: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h29m16s: ZSK rollover deferred: waiting for pre-publish key +2008-06-12 18:13:43.164: debug: Re-signing necessary: Option -f +2008-06-12 18:13:43.164: notice: "example.net.": re-signing triggered: Option -f +2008-06-12 18:13:43.164: debug: Writing key file "intern/example.net./dnskey.db" +2008-06-12 18:13:43.164: debug: Signing zone "example.net." +2008-06-12 18:13:43.164: debug: Run cmd "cd intern/example.net.; /usr/local/sbin/dnssec-signzone -p -o example.net. -e +86400 -g -N unixtime zone.db K*.private" +2008-06-12 18:13:43.262: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-06-12 18:13:43.262: debug: Signing completed after 0s. +2008-06-12 18:13:43.262: notice: ""example.net." in view "intern"": reload triggered +2008-06-12 18:13:43.262: debug: Reload zone "example.net." in view "intern" +2008-06-12 18:13:43.262: debug: Run cmd "/usr/local/sbin/rndc reload example.net. IN intern" +2008-06-12 18:13:43.273: debug: +2008-06-12 18:13:43.273: notice: end of run: 0 errors occured diff --git a/contrib/zkt/examples/views/named.conf b/contrib/zkt/examples/views/named.conf new file mode 100644 index 0000000..1ec3d13 --- /dev/null +++ b/contrib/zkt/examples/views/named.conf @@ -0,0 +1,97 @@ +/***************************************************************** +** +** #(@) named.conf (c) 6. May 2004 (hoz) +*****************************************************************/ + +/***************************************************************** +** logging options +*****************************************************************/ +logging { + channel "named-log" { + file "named.log"; + print-time yes; + print-category yes; + print-severity yes; + severity info; + }; + category "dnssec" { "named-log"; }; + category "edns-disabled" { "named-log"; }; + category "default" { "named-log"; }; +}; + +/***************************************************************** +** name server options +*****************************************************************/ +options { + directory "."; + + pid-file "named.pid"; + listen-on-v6 port 1053 { any; }; + listen-on port 1053 { any; }; + + empty-zones-enable no; + + port 1053; + query-source address * port 1053; + query-source-v6 address * port 1053; + transfer-source * port 53; + transfer-source-v6 * port 53; + use-alt-transfer-source no; + notify-source * port 53; + notify-source-v6 * port 53; + + recursion yes; + dnssec-enable yes; + dnssec-validation yes; /* required by BIND 9.4.0 */ + dnssec-accept-expired false; /* added since BIND 9.5.0 */ + edns-udp-size 1460; /* (M4) */ + max-udp-size 1460; /* (M5) */ + + # allow-query { localhost; }; /* default in 9.4.0 */ + # allow-query-cache { localhost; }; /* default in 9.4.0 */ + + dnssec-must-be-secure "." no; + + querylog yes; + + stats-server 127.0.0.1 port 8881; /* added since BIND 9.5.0 */ +}; + +/***************************************************************** +** view intern +*****************************************************************/ +view "intern" { + match-clients { 127.0.0.1; ::1; }; + recursion yes; + zone "." in { + type hint; + file "root.hint"; + }; + + zone "0.0.127.in-addr.arpa" in { + type master; + file "127.0.0.zone"; + }; + + zone "example.net" in { + type master; + file "intern/example.net./zone.db.signed"; + }; +}; + +/***************************************************************** +** view extern +*****************************************************************/ +view "extern" { + match-clients { any; }; + recursion no; + zone "." in { + type hint; + file "root.hint"; + }; + + zone "example.net" in { + type master; + file "extern/example.net./zone.db.signed"; + }; +}; diff --git a/contrib/zkt/examples/views/named.log b/contrib/zkt/examples/views/named.log new file mode 100644 index 0000000..15d5f7b --- /dev/null +++ b/contrib/zkt/examples/views/named.log @@ -0,0 +1,17 @@ +20-Nov-2007 17:12:58.092 general: critical: couldn't open pid file '/var/run/named.pid': Permission denied +20-Nov-2007 17:12:58.092 general: critical: exiting (due to early fatal error) +20-Nov-2007 17:20:24.941 general: critical: couldn't open pid file '/var/run/named.pid': Permission denied +20-Nov-2007 17:20:24.941 general: critical: exiting (due to early fatal error) +20-Nov-2007 17:28:22.686 general: critical: couldn't open pid file '/var/run/named.pid': Permission denied +20-Nov-2007 17:28:22.686 general: critical: exiting (due to early fatal error) +20-Nov-2007 17:40:12.389 general: error: zone 0.0.127.in-addr.arpa/IN/intern: loading from master file 127.0.0.zone failed: file not found +20-Nov-2007 17:40:12.391 general: info: zone example.net/IN/intern: loaded serial 1195574789 (signed) +20-Nov-2007 17:40:12.393 general: info: zone example.net/IN/extern: loaded serial 1195561217 (signed) +20-Nov-2007 17:40:12.393 general: notice: running +20-Nov-2007 17:40:12.393 notify: info: zone example.net/IN/intern: sending notifies (serial 1195574789) +20-Nov-2007 17:40:12.394 notify: info: zone example.net/IN/extern: sending notifies (serial 1195561217) +20-Nov-2007 19:07:04.016 general: info: shutting down +20-Nov-2007 19:07:04.017 network: info: no longer listening on ::#1053 +20-Nov-2007 19:07:04.017 network: info: no longer listening on 127.0.0.1#1053 +20-Nov-2007 19:07:04.017 network: info: no longer listening on 145.253.100.51#1053 +20-Nov-2007 19:07:04.020 general: notice: exiting diff --git a/contrib/zkt/examples/views/root.hint b/contrib/zkt/examples/views/root.hint new file mode 100644 index 0000000..2b5c167 --- /dev/null +++ b/contrib/zkt/examples/views/root.hint @@ -0,0 +1,45 @@ +; <<>> DiG 9.5.0a6 <<>> ns . @a.root-servers.net +;; global options: printcmd +;; Got answer: +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33355 +;; flags: qr aa rd; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 13 +;; WARNING: recursion requested but not available + +;; QUESTION SECTION: +;. IN NS + +;; ANSWER SECTION: +. 518400 IN NS H.ROOT-SERVERS.NET. +. 518400 IN NS I.ROOT-SERVERS.NET. +. 518400 IN NS J.ROOT-SERVERS.NET. +. 518400 IN NS K.ROOT-SERVERS.NET. +. 518400 IN NS L.ROOT-SERVERS.NET. +. 518400 IN NS M.ROOT-SERVERS.NET. +. 518400 IN NS A.ROOT-SERVERS.NET. +. 518400 IN NS B.ROOT-SERVERS.NET. +. 518400 IN NS C.ROOT-SERVERS.NET. +. 518400 IN NS D.ROOT-SERVERS.NET. +. 518400 IN NS E.ROOT-SERVERS.NET. +. 518400 IN NS F.ROOT-SERVERS.NET. +. 518400 IN NS G.ROOT-SERVERS.NET. + +;; ADDITIONAL SECTION: +A.ROOT-SERVERS.NET. 3600000 IN A 198.41.0.4 +B.ROOT-SERVERS.NET. 3600000 IN A 192.228.79.201 +C.ROOT-SERVERS.NET. 3600000 IN A 192.33.4.12 +D.ROOT-SERVERS.NET. 3600000 IN A 128.8.10.90 +E.ROOT-SERVERS.NET. 3600000 IN A 192.203.230.10 +F.ROOT-SERVERS.NET. 3600000 IN A 192.5.5.241 +G.ROOT-SERVERS.NET. 3600000 IN A 192.112.36.4 +H.ROOT-SERVERS.NET. 3600000 IN A 128.63.2.53 +I.ROOT-SERVERS.NET. 3600000 IN A 192.36.148.17 +J.ROOT-SERVERS.NET. 3600000 IN A 192.58.128.30 +K.ROOT-SERVERS.NET. 3600000 IN A 193.0.14.129 +L.ROOT-SERVERS.NET. 3600000 IN A 199.7.83.42 +M.ROOT-SERVERS.NET. 3600000 IN A 202.12.27.33 + +;; Query time: 114 msec +;; SERVER: 198.41.0.4#53(198.41.0.4) +;; WHEN: Mon Nov 5 07:28:00 2007 +;; MSG SIZE rcvd: 436 + diff --git a/contrib/zkt/examples/views/viewtest.sh b/contrib/zkt/examples/views/viewtest.sh new file mode 100755 index 0000000..f0a1754 --- /dev/null +++ b/contrib/zkt/examples/views/viewtest.sh @@ -0,0 +1,20 @@ + + +ZKT_CONFFILE=dnssec.conf +export ZKT_CONFFILE + +if true +then + echo "All internal keys:" + ./dnssec-zkt-intern + echo + + echo "All external keys:" + ./dnssec-zkt-extern + echo +fi + +echo "Sign both views" +./dnssec-signer-intern -v -v -f -r +echo +./dnssec-signer-extern -v -v |