121 files changed, 5614 insertions, 0 deletions

diff --git a/contrib/zkt/examples/dnskey.db b/contrib/zkt/examples/dnskey.db
new file mode 100644
index 0000000..2822e6a
--- /dev/null
+++ b/contrib/zkt/examples/dnskey.db
@@ -0,0 +1,24 @@
+;
+;	!!! Don't edit this file by hand.
+;	!!! It will be generated by dnssec-signer.
+;
+;	 Last generation time Jun 24 2008 09:58:34
+;
+
+;  ***  List of Key Signing Keys  ***
+; example.net.  tag=31674  algo=RSASHA1  generated Jun 24 2008 09:58:34
+example.net. 14400 IN DNSKEY  257 3 5 (
+			BQEAAAABC23icFZAD3DFBLoEw7DWKl8Hig7azmEbpXHYyAV98l+QQaTA
+			b98Ob3YbrVJ9IU8E0KBFb5iYpHobxowPsI8FjUH2oL/7PfhtN1E3NlL6
+			Uhbo8Umf6H0UULEsUTlTT8dnX+ikjAr8bN71YJP7BXlszezsFHuMEspN
+			dOPyMr93230+R2KTEzC2H4CQzSRIr5xXSIq8kkrJ3miGjTyj5awvXfJ+
+			eQ==
+		) ; key id = 31674
+
+; ***  List of Zone Signing Keys  ***
+; example.net.  tag=33755  algo=RSASHA1  generated Jun 24 2008 09:58:34
+example.net. 14400 IN DNSKEY  256 3 5 (
+			BQEAAAABzN8pvZb5GSy8AozXt4L8HK/x59TQjh9IaZS+mIyyuHDX2iaF
+			UigOqHixIJtDLD1r/MfelgJ/Mh6+vCu+XmMQuw==
+		) ; key id = 33755
+
diff --git a/contrib/zkt/examples/dnssec-signer.sh b/contrib/zkt/examples/dnssec-signer.sh
new file mode 100755
index 0000000..ee4bfc0
--- /dev/null
+++ b/contrib/zkt/examples/dnssec-signer.sh
@@ -0,0 +1,12 @@
+#!/bin/sh
+#
+#	Shell script to start the dnssec-signer
+#	command out of the example directory
+#
+
+if test ! -f dnssec.conf
+then
+	echo Please start this skript out of the flat or hierarchical sub directory
+	exit 1
+fi
+ZKT_CONFFILE=`pwd`/dnssec.conf ../../dnssec-signer "$@"
diff --git a/contrib/zkt/examples/dnssec-zkt.sh b/contrib/zkt/examples/dnssec-zkt.sh
new file mode 100755
index 0000000..f3976ce
--- /dev/null
+++ b/contrib/zkt/examples/dnssec-zkt.sh
@@ -0,0 +1,12 @@
+#!/bin/sh
+#
+#	Shell script to start the dnssec-zkt command
+#	out of the example directory
+#
+
+if test ! -f dnssec.conf
+then
+	echo Please start this skript out of the flat or hierarchical sub directory
+	exit 1
+fi
+ZKT_CONFFILE=`pwd`/dnssec.conf ../../dnssec-zkt "$@"
diff --git a/contrib/zkt/examples/flat/dist.sh b/contrib/zkt/examples/flat/dist.sh
new file mode 100755
index 0000000..c112f55
--- /dev/null
+++ b/contrib/zkt/examples/flat/dist.sh
@@ -0,0 +1,70 @@
+#################################################################
+#
+#	@(#) dist.sh -- distribute and reload command for dnssec-signer
+#
+#	(c) Jul 2008 Holger Zuleger  hznet.de
+#
+#	This shell script will be run by dnssec-signer as a distribution
+#	and reload command if:
+#
+#		a) the dnssec.conf file parameter Distribute_Cmd: points
+#		   to this file
+#	and
+#		b) the user running the dnssec-signer command is not
+#		   root (uid==0)
+#	and
+#		c) the owner of this shell script is the same as the
+#		   running user and the access rights don't allow writing
+#		   for anyone except the owner
+#	or
+#		d) the group of this shell script is the same as the
+#		   running user and the access rights don't allow writing
+#		   for anyone except the group
+#
+#################################################################
+
+# set path to rndc and scp
+PATH="/bin:/usr/bin:/usr/local/sbin"
+
+# remote server and directory
+server=localhost	# fqdn of remote name server
+dir=/var/named		# zone directory on remote name server
+
+progname=$0
+usage()
+{
+	echo "usage: $progname distribute|reload <domain> <path_to_zonefile> [<viewname>]" 1>&2
+	test $# -gt 0 && echo $* 1>&2
+	exit 1
+}
+
+if test $# -lt 3
+then
+	usage
+fi
+action="$1"
+domain="$2"
+zonefile="$3"
+view=""
+test $# -gt 3 && view="$4"
+
+case $action in
+distribute)
+	if test -n "$view"
+	then
+		echo "scp $zonefile $server:$dir/$view/$domain/"
+		: scp $zonefile $server:$dir/$view/$domain/
+	else
+		echo "scp $zonefile $server:$dir/$domain/"
+		: scp $zonefile $server:$dir/$domain/
+	fi
+	;;
+reload)
+	echo "rndc $action $zone $view"
+	: rndc $action $zone $view
+	;;
+*)
+	usage "illegal action $action"
+	;;
+esac
+
diff --git a/contrib/zkt/examples/flat/dnssec.conf b/contrib/zkt/examples/flat/dnssec.conf
new file mode 100644
index 0000000..2bd9c58
--- /dev/null
+++ b/contrib/zkt/examples/flat/dnssec.conf
@@ -0,0 +1,41 @@
+#   
+#   	@(#) dnssec.conf vT0.96 (c) Feb 2005 - May 2008 Holger Zuleger hznet.de
+#   
+
+#   dnssec-zkt options
+Zonedir:	"."
+Recursive:	True
+PrintTime:	False
+PrintAge:	True
+LeftJustify:	False
+
+#   zone specific values
+ResignInterval:	2d	# (172800 seconds)
+Sigvalidity:	6d	# (518400 seconds)
+Max_TTL:	8h	# (28800 seconds)
+Propagation:	5m	# (300 seconds)
+KEY_TTL:	1h	# (3600 seconds)
+Serialformat:	incremental
+
+#   signing key parameters
+KSK_lifetime:	60d	# (5184000 seconds)
+KSK_algo:	RSASHA1	# (Algorithm ID 5)
+KSK_bits:	1300
+KSK_randfile:	"/dev/urandom"
+ZSK_lifetime:	2w	# (1209600 seconds)
+ZSK_algo:	RSASHA1	# (Algorithm ID 5)
+ZSK_bits:	512
+ZSK_randfile:	"/dev/urandom"
+
+#   dnssec-signer options
+LogFile:	"zkt.log"
+LogLevel:	debug
+SyslogFacility:	USER
+SyslogLevel:	notice
+VerboseLog:	2
+Keyfile:	"dnskey.db"
+Zonefile:	"zone.db"
+KeySetDir:	"../keysets"
+DLV_Domain:	""
+Sig_Pseudorand:	True
+Distribute_Cmd:	"./dist.sh"
diff --git a/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+003+42138.key b/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+003+42138.key
new file mode 100644
index 0000000..6a64c44
--- /dev/null
+++ b/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+003+42138.key
@@ -0,0 +1,3 @@
+;%	generationtime=20080609224426
+;%	lifetime=60d
+dyn.example.net. IN DNSKEY  257 3 3 CNtFdVrUUJ9MPDyzGoPm+tSKUgnX4bble5+VNGd4RjwWpEDj8RhEAhQ7 LybJzr0wtHXT2Q/KS55xARkUtcH2TVO/ayMupa30pM38rd8uF38sm+AB KLEvCbPjaLZyW+s10di8nLp1aAxKFFfAEfXkIhl3Wm5g9CvjrMlrxAOf Ny/jtz4v+asIr6/d992V80G9wMKMvTMQoCr4Sp9s2JubW79i4RBVWgHH JMmtyqq+SqEkPhZvsTuo2sXgIH9vRS3XgfkGtw/KyTUM29bhZ2eB+Ldq +bggp1gbBDiSsxZPjxciizI/mCzXWbq8BdfZ6LsddMjAolJwCtaPCD4e 4infmw+YSxjGau+YGgI0Cc0uItzQmNNpSoejM3IWGV+SN/YuPJIzw8wi xDfO6kCNiPsW45Fvq31148cAvUvwiqYPQ3fONeOTdQjsJWLLdLTApVEH 10kjAGfa30Tm92lQhhG5ovWrWCMbFlw4Lbvlon+X2snWPNut0a1Pz4Wd clDcmNU8dxi1lFvGbcJ0E4qBoJVBIzDh4HX1
diff --git a/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+003+42138.private b/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+003+42138.private
new file mode 100644
index 0000000..4f7ec3d
--- /dev/null
+++ b/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+003+42138.private
@@ -0,0 +1,7 @@
+Private-key-format: v1.2
+Algorithm: 3 (DSA)
+Prime(p): 4bble5+VNGd4RjwWpEDj8RhEAhQ7LybJzr0wtHXT2Q/KS55xARkUtcH2TVO/ayMupa30pM38rd8uF38sm+ABKLEvCbPjaLZyW+s10di8nLp1aAxKFFfAEfXkIhl3Wm5g9CvjrMlrxAOfNy/jtz4v+asIr6/d992V80G9wMKMvTM=
+Subprime(q): 20V1WtRQn0w8PLMag+b61IpSCdc=
+Base(g): EKAq+EqfbNibm1u/YuEQVVoBxyTJrcqqvkqhJD4Wb7E7qNrF4CB/b0Ut14H5BrcPysk1DNvW4Wdngfi3avm4IKdYGwQ4krMWT48XIosyP5gs11m6vAXX2ei7HXTIwKJScArWjwg+HuIp35sPmEsYxmrvmBoCNAnNLiLc0JjTaUo=
+Private_value(x): xY/GSk3U4oHIsvUiAs/9/n+6ttk=
+Public_value(y): h6MzchYZX5I39i48kjPDzCLEN87qQI2I+xbjkW+rfXXjxwC9S/CKpg9Dd84145N1COwlYst0tMClUQfXSSMAZ9rfROb3aVCGEbmi9atYIxsWXDgtu+Wif5faydY8263RrU/PhZ1yUNyY1Tx3GLWUW8ZtwnQTioGglUEjMOHgdfU=
diff --git a/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+005+01355.key b/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+005+01355.key
new file mode 100644
index 0000000..d129398
--- /dev/null
+++ b/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+005+01355.key
@@ -0,0 +1,3 @@
+;%	generationtime=20080609224426
+;%	lifetime=14d
+dyn.example.net. IN DNSKEY  256 3 5 BQEAAAAB1hmOomNafbJ3H76e8V4qmFvlFWQuIkM+jbh+s79ZpErpCR7w BS5TswdoTeglX9UjP0D6hLmHfTcsdHQLLeMidQ==
diff --git a/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+005+01355.private b/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+005+01355.private
new file mode 100644
index 0000000..3692946
--- /dev/null
+++ b/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+005+01355.private
@@ -0,0 +1,10 @@
+Private-key-format: v1.2
+Algorithm: 5 (RSASHA1)
+Modulus: 1hmOomNafbJ3H76e8V4qmFvlFWQuIkM+jbh+s79ZpErpCR7wBS5TswdoTeglX9UjP0D6hLmHfTcsdHQLLeMidQ==
+PublicExponent: AQAAAAE=
+PrivateExponent: dAiTob6wk4h5l6frfh49NAzd3RBsVRxqqCsMao52fJvlK06wmOb9PkqOaEMTDroJEGgN6zD/sWcGPK7nYwDMHQ==
+Prime1: 731n5xPK9UQqQsQtattcC4MxtL6+OP1CyLy8e2tsd/8=
+Prime2: 5NwPUBy32o2zzpw4TDH3omB6yk0fmFItJx4ek3RaBYs=
+Exponent1: jzq6en2c8SwS5uQwY3/vFY549HMSTxP58kyS/GJ9hqE=
+Exponent2: y52KLCquniy3EwUypKRkPZPftjBoqZkXeQLXSk4b850=
+Coefficient: vHnxG4D4n+IKETXrutOFT+iREDDcfj6GpYubIP/goZc=
diff --git a/contrib/zkt/examples/flat/dyn.example.net./dnskey.db b/contrib/zkt/examples/flat/dyn.example.net./dnskey.db
new file mode 100644
index 0000000..e0f978e
--- /dev/null
+++ b/contrib/zkt/examples/flat/dyn.example.net./dnskey.db
@@ -0,0 +1,29 @@
+;
+;	!!! Don't edit this file by hand.
+;	!!! It will be generated by dnssec-signer.
+;
+;	 Last generation time Jun 12 2008 18:28:38
+;
+
+;  ***  List of Key Signing Keys  ***
+; dyn.example.net.  tag=42138  algo=DSA  generated Jun 10 2008 00:44:26
+dyn.example.net. 14400 IN DNSKEY  257 3 3 (
+			CNtFdVrUUJ9MPDyzGoPm+tSKUgnX4bble5+VNGd4RjwWpEDj8RhEAhQ7
+			LybJzr0wtHXT2Q/KS55xARkUtcH2TVO/ayMupa30pM38rd8uF38sm+AB
+			KLEvCbPjaLZyW+s10di8nLp1aAxKFFfAEfXkIhl3Wm5g9CvjrMlrxAOf
+			Ny/jtz4v+asIr6/d992V80G9wMKMvTMQoCr4Sp9s2JubW79i4RBVWgHH
+			JMmtyqq+SqEkPhZvsTuo2sXgIH9vRS3XgfkGtw/KyTUM29bhZ2eB+Ldq
+			+bggp1gbBDiSsxZPjxciizI/mCzXWbq8BdfZ6LsddMjAolJwCtaPCD4e
+			4infmw+YSxjGau+YGgI0Cc0uItzQmNNpSoejM3IWGV+SN/YuPJIzw8wi
+			xDfO6kCNiPsW45Fvq31148cAvUvwiqYPQ3fONeOTdQjsJWLLdLTApVEH
+			10kjAGfa30Tm92lQhhG5ovWrWCMbFlw4Lbvlon+X2snWPNut0a1Pz4Wd
+			clDcmNU8dxi1lFvGbcJ0E4qBoJVBIzDh4HX1
+		) ; key id = 42138
+
+; ***  List of Zone Signing Keys  ***
+; dyn.example.net.  tag=1355  algo=RSASHA1  generated Jun 10 2008 00:44:26
+dyn.example.net. 14400 IN DNSKEY  256 3 5 (
+			BQEAAAAB1hmOomNafbJ3H76e8V4qmFvlFWQuIkM+jbh+s79ZpErpCR7w
+			BS5TswdoTeglX9UjP0D6hLmHfTcsdHQLLeMidQ==
+		) ; key id = 1355
+
diff --git a/contrib/zkt/examples/flat/dyn.example.net./dnssec.conf b/contrib/zkt/examples/flat/dyn.example.net./dnssec.conf
new file mode 100644
index 0000000..0998fda
--- /dev/null
+++ b/contrib/zkt/examples/flat/dyn.example.net./dnssec.conf
@@ -0,0 +1,5 @@
+#   signing key parameters
+KSK_lifetime:	60d	# (5184000 seconds)
+KSK_algo:	DSA
+KSK_bits:	1024
+KSK_randfile:	"/dev/urandom"
diff --git a/contrib/zkt/examples/flat/dyn.example.net./dsset-dyn.example.net. b/contrib/zkt/examples/flat/dyn.example.net./dsset-dyn.example.net.
new file mode 100644
index 0000000..f94666a
--- /dev/null
+++ b/contrib/zkt/examples/flat/dyn.example.net./dsset-dyn.example.net.
@@ -0,0 +1,2 @@
+dyn.example.net.	IN DS 42138 3 1 0F49FCDB683D1903F69B6779DB55CA3472974879
+dyn.example.net.	IN DS 42138 3 2 94AC94BFE3AFA17F7485F5F741274074FF2E26A360D776D8884F2689 CCED34C6
diff --git a/contrib/zkt/examples/flat/dyn.example.net./keyset-dyn.example.net. b/contrib/zkt/examples/flat/dyn.example.net./keyset-dyn.example.net.
new file mode 100644
index 0000000..002217b
--- /dev/null
+++ b/contrib/zkt/examples/flat/dyn.example.net./keyset-dyn.example.net.
@@ -0,0 +1,18 @@
+$ORIGIN .
+dyn.example.net		7200	IN DNSKEY 257 3 3 (
+					CNtFdVrUUJ9MPDyzGoPm+tSKUgnX4bble5+V
+					NGd4RjwWpEDj8RhEAhQ7LybJzr0wtHXT2Q/K
+					S55xARkUtcH2TVO/ayMupa30pM38rd8uF38s
+					m+ABKLEvCbPjaLZyW+s10di8nLp1aAxKFFfA
+					EfXkIhl3Wm5g9CvjrMlrxAOfNy/jtz4v+asI
+					r6/d992V80G9wMKMvTMQoCr4Sp9s2JubW79i
+					4RBVWgHHJMmtyqq+SqEkPhZvsTuo2sXgIH9v
+					RS3XgfkGtw/KyTUM29bhZ2eB+Ldq+bggp1gb
+					BDiSsxZPjxciizI/mCzXWbq8BdfZ6LsddMjA
+					olJwCtaPCD4e4infmw+YSxjGau+YGgI0Cc0u
+					ItzQmNNpSoejM3IWGV+SN/YuPJIzw8wixDfO
+					6kCNiPsW45Fvq31148cAvUvwiqYPQ3fONeOT
+					dQjsJWLLdLTApVEH10kjAGfa30Tm92lQhhG5
+					ovWrWCMbFlw4Lbvlon+X2snWPNut0a1Pz4Wd
+					clDcmNU8dxi1lFvGbcJ0E4qBoJVBIzDh4HX1
+					) ; key id = 42138
diff --git a/contrib/zkt/examples/flat/dyn.example.net./zone.db b/contrib/zkt/examples/flat/dyn.example.net./zone.db
new file mode 100644
index 0000000..ee557b8
--- /dev/null
+++ b/contrib/zkt/examples/flat/dyn.example.net./zone.db
@@ -0,0 +1,136 @@
+; File written on Thu Jun 12 18:28:34 2008
+; dnssec_signzone version 9.5.0
+dyn.example.net.	7200	IN SOA	ns1.example.net. hostmaster.example.net. (
+					7          ; serial
+					43200      ; refresh (12 hours)
+					1800       ; retry (30 minutes)
+					1209600    ; expire (2 weeks)
+					7200       ; minimum (2 hours)
+					)
+			7200	RRSIG	SOA 5 3 7200 20080622152834 (
+					20080612152834 1355 dyn.example.net.
+					h8oKA1I7aC378Cll7LdhM2XZzrtsoxOdPaas
+					SMAd5Ok2zobl8i4nTpxUzmJE27U+yEeOJkf+
+					SXgsy934gAaYLw== )
+			7200	NS	ns1.example.net.
+			7200	NS	ns2.example.net.
+			7200	RRSIG	NS 5 3 7200 20080615214426 (
+					20080609214426 1355 dyn.example.net.
+					xuEEg3kN7hAVIwdQ8l8lmeEzNhrtz5Ow1PQK
+					Sm3KTIxXI8RLcqZgc4pMlCWq+gWwxekvxJwz
+					lU0C+J4VPkA8pA== )
+			7200	NSEC	localhost.dyn.example.net. NS SOA RRSIG NSEC DNSKEY
+			7200	RRSIG	NSEC 5 3 7200 20080615214426 (
+					20080609214426 1355 dyn.example.net.
+					XFDBfmcN874qUtNsGwD9Ir0QAzjYMw3BI40I
+					HFEOkTBJouhQ8RBpR6YqgWpkLqg1khvES5DH
+					+6XuqA8u/xPmbw== )
+			3600	DNSKEY	256 3 5 (
+					BQEAAAAB1hmOomNafbJ3H76e8V4qmFvlFWQu
+					IkM+jbh+s79ZpErpCR7wBS5TswdoTeglX9Uj
+					P0D6hLmHfTcsdHQLLeMidQ==
+					) ; key id = 1355
+			3600	DNSKEY	257 3 3 (
+					CNtFdVrUUJ9MPDyzGoPm+tSKUgnX4bble5+V
+					NGd4RjwWpEDj8RhEAhQ7LybJzr0wtHXT2Q/K
+					S55xARkUtcH2TVO/ayMupa30pM38rd8uF38s
+					m+ABKLEvCbPjaLZyW+s10di8nLp1aAxKFFfA
+					EfXkIhl3Wm5g9CvjrMlrxAOfNy/jtz4v+asI
+					r6/d992V80G9wMKMvTMQoCr4Sp9s2JubW79i
+					4RBVWgHHJMmtyqq+SqEkPhZvsTuo2sXgIH9v
+					RS3XgfkGtw/KyTUM29bhZ2eB+Ldq+bggp1gb
+					BDiSsxZPjxciizI/mCzXWbq8BdfZ6LsddMjA
+					olJwCtaPCD4e4infmw+YSxjGau+YGgI0Cc0u
+					ItzQmNNpSoejM3IWGV+SN/YuPJIzw8wixDfO
+					6kCNiPsW45Fvq31148cAvUvwiqYPQ3fONeOT
+					dQjsJWLLdLTApVEH10kjAGfa30Tm92lQhhG5
+					ovWrWCMbFlw4Lbvlon+X2snWPNut0a1Pz4Wd
+					clDcmNU8dxi1lFvGbcJ0E4qBoJVBIzDh4HX1
+					) ; key id = 42138
+			3600	RRSIG	DNSKEY 3 3 3600 20080615214426 (
+					20080609214426 42138 dyn.example.net.
+					CIIuZ4cbwEWxoPGO6KDcLRO4Z3y0i2VhXy+5
+					1X+nmHSkpcKJrUty/wY= )
+			3600	RRSIG	DNSKEY 5 3 3600 20080615214426 (
+					20080609214426 1355 dyn.example.net.
+					xGL6ZjA7v2RjPj7BnYjCvsgMRm/Z94j4c5K4
+					7twJsUZ0AO/mURIpdbCigDfFJuK2fy/8X4Vi
+					9K8P4EgCcj52Jw== )
+localhost.dyn.example.net. 7200	IN A	127.0.0.1
+			7200	RRSIG	A 5 4 7200 20080615214426 (
+					20080609214426 1355 dyn.example.net.
+					s+RvcycC8aAYgRcR5qBdVXhpRxBMTFS5Q0Pk
+					FN7OAdfmJ/3nV7+ehu0eOZ2ZjO2Pm4ZFcSM1
+					Sm1ttNxSTe2M8A== )
+			7200	NSEC	ns1.dyn.example.net. A RRSIG NSEC
+			7200	RRSIG	NSEC 5 4 7200 20080615214426 (
+					20080609214426 1355 dyn.example.net.
+					ZhXlmS/WJPbIiXwLKzNFOxw7RU3owfTA8vEM
+					+/SDZO/7+aVSj5IgbsUs3qLAuFrMN8BFEAWt
+					AqArf+M3STbO9g== )
+ns1.dyn.example.net.	7200	IN A	1.0.0.5
+			7200	RRSIG	A 5 4 7200 20080615214426 (
+					20080609214426 1355 dyn.example.net.
+					gPY1vUcxdWRJ1YbFMg/8rgoPZwta6rFrxQZl
+					KbyBNctNmlbXxeynP6j3qjwq9dydzbNt+sjO
+					TdWtXSZIlU2JKQ== )
+			7200	AAAA	2001:db8::53
+			7200	RRSIG	AAAA 5 4 7200 20080615214426 (
+					20080609214426 1355 dyn.example.net.
+					Y/PZmvaKPq4CqDvdG7eA2sxlnCPeNKHkZOB4
+					eDvK1x+q/WfTs3BDd3+g4zlG5nMC+NRSlXeO
+					Q4Pxd2rI9ud1hA== )
+			7200	NSEC	ns2.dyn.example.net. A AAAA RRSIG NSEC
+			7200	RRSIG	NSEC 5 4 7200 20080615214426 (
+					20080609214426 1355 dyn.example.net.
+					pLgxecgjqGdhVmCcUl59FljWsnC4bjkslUdt
+					0etzeGD1SNGUqhFcW10EgZE4Y9pXwvLvw68R
+					sj80tqtN0NHi/Q== )
+ns2.dyn.example.net.	7200	IN A	1.2.0.6
+			7200	RRSIG	A 5 4 7200 20080615214426 (
+					20080609214426 1355 dyn.example.net.
+					pHtJzfj0HU/AkLE70xT0UG8M/Gvvsia61TnC
+					UrxR/61uQk1X4Vy2+oPA14Yb2QJ7ZHG5D1cn
+					LrVtjyQbfimbOA== )
+			7200	NSEC	x.dyn.example.net. A RRSIG NSEC
+			7200	RRSIG	NSEC 5 4 7200 20080615214426 (
+					20080609214426 1355 dyn.example.net.
+					vjPL9Mb6oUyg9y8m+BpVpTRpac9+WJxu8FHd
+					Xv4xk67NN+L+Zpukm0D8LSOrk4hZk0X5JkLD
+					Pz/gpH280yQJFA== )
+x.dyn.example.net.	7200	IN A	1.2.3.4
+			7200	RRSIG	A 5 4 7200 20080615214426 (
+					20080609214426 1355 dyn.example.net.
+					tFyv0gmTKt8/IXdH9VA1H1ymBQ8EIviN2xbC
+					P8vzWZbay3Az2GPObYmaHKb1dm+Sq1dQUJsb
+					jn6fdB+T2Zs9Pw== )
+			7200	NSEC	y.dyn.example.net. A RRSIG NSEC
+			7200	RRSIG	NSEC 5 4 7200 20080615214426 (
+					20080609214426 1355 dyn.example.net.
+					bWhiuA+4V86k/bfw7XQ7qDHwxTwbTyN+2gu5
+					MeYQA/WeHdb+3QUOYr6aERRJlbD4q431d4f7
+					0sIwBMHOsDjTSA== )
+y.dyn.example.net.	7200	IN A	1.2.3.5
+			7200	RRSIG	A 5 4 7200 20080615214426 (
+					20080609214426 1355 dyn.example.net.
+					KQbZCcMcXWwGUyHyubt0VRhrpgiOel/0rQpF
+					18PyCNIAUIdRra1+Tj12ZaCBT2x5fu+/rtki
+					qA5CzWo8HIPwmA== )
+			7200	NSEC	z.dyn.example.net. A RRSIG NSEC
+			7200	RRSIG	NSEC 5 4 7200 20080615214426 (
+					20080609214426 1355 dyn.example.net.
+					e/zPTQ1WxvSJymZ/QSyPYFRYpc8gScTbwfXY
+					mSyhQGyn1FjfLodAvyicNYbKF/oxR7IaXKLn
+					lO6C9gQ+Iu9wyw== )
+z.dyn.example.net.	7200	IN A	1.2.3.6
+			7200	RRSIG	A 5 4 7200 20080615214426 (
+					20080609214426 1355 dyn.example.net.
+					hv9KA2BS+b97KSebN4h/nrP8cU4FUASHdsZj
+					E2GMTf1aV3gpUyPf8LizKhLbUo/LF0bO3CpJ
+					rWBT4VggwE8blQ== )
+			7200	NSEC	dyn.example.net. A RRSIG NSEC
+			7200	RRSIG	NSEC 5 4 7200 20080615214426 (
+					20080609214426 1355 dyn.example.net.
+					r8f5dzQcdnn8gvr0jiExt/n4IUCVKID9Nahx
+					XMDPLrA7ZH7omol+hKz6wlumYmjphlP2mHUU
+					TNZYnWKCkD3hAQ== )
diff --git a/contrib/zkt/examples/flat/dyn.example.net./zone.db.dsigned b/contrib/zkt/examples/flat/dyn.example.net./zone.db.dsigned
new file mode 100644
index 0000000..9e4c5c8
--- /dev/null
+++ b/contrib/zkt/examples/flat/dyn.example.net./zone.db.dsigned
@@ -0,0 +1,136 @@
+; File written on Thu Jun 12 18:28:39 2008
+; dnssec_signzone version 9.5.0
+dyn.example.net.	7200	IN SOA	ns1.example.net. hostmaster.example.net. (
+					8          ; serial
+					43200      ; refresh (12 hours)
+					1800       ; retry (30 minutes)
+					1209600    ; expire (2 weeks)
+					7200       ; minimum (2 hours)
+					)
+			7200	RRSIG	SOA 5 3 7200 20080622152838 (
+					20080612152838 1355 dyn.example.net.
+					GXyAKsmJ3D+pFic86kQxw+ASoAeGwuGj2rY+
+					fby0HR5ud3i/Iq857ZlluDbQbg1EKZuar0l5
+					e7HwrB59bxKAuw== )
+			7200	NS	ns1.example.net.
+			7200	NS	ns2.example.net.
+			7200	RRSIG	NS 5 3 7200 20080615214426 (
+					20080609214426 1355 dyn.example.net.
+					xuEEg3kN7hAVIwdQ8l8lmeEzNhrtz5Ow1PQK
+					Sm3KTIxXI8RLcqZgc4pMlCWq+gWwxekvxJwz
+					lU0C+J4VPkA8pA== )
+			7200	NSEC	localhost.dyn.example.net. NS SOA RRSIG NSEC DNSKEY
+			7200	RRSIG	NSEC 5 3 7200 20080615214426 (
+					20080609214426 1355 dyn.example.net.
+					XFDBfmcN874qUtNsGwD9Ir0QAzjYMw3BI40I
+					HFEOkTBJouhQ8RBpR6YqgWpkLqg1khvES5DH
+					+6XuqA8u/xPmbw== )
+			3600	DNSKEY	256 3 5 (
+					BQEAAAAB1hmOomNafbJ3H76e8V4qmFvlFWQu
+					IkM+jbh+s79ZpErpCR7wBS5TswdoTeglX9Uj
+					P0D6hLmHfTcsdHQLLeMidQ==
+					) ; key id = 1355
+			3600	DNSKEY	257 3 3 (
+					CNtFdVrUUJ9MPDyzGoPm+tSKUgnX4bble5+V
+					NGd4RjwWpEDj8RhEAhQ7LybJzr0wtHXT2Q/K
+					S55xARkUtcH2TVO/ayMupa30pM38rd8uF38s
+					m+ABKLEvCbPjaLZyW+s10di8nLp1aAxKFFfA
+					EfXkIhl3Wm5g9CvjrMlrxAOfNy/jtz4v+asI
+					r6/d992V80G9wMKMvTMQoCr4Sp9s2JubW79i
+					4RBVWgHHJMmtyqq+SqEkPhZvsTuo2sXgIH9v
+					RS3XgfkGtw/KyTUM29bhZ2eB+Ldq+bggp1gb
+					BDiSsxZPjxciizI/mCzXWbq8BdfZ6LsddMjA
+					olJwCtaPCD4e4infmw+YSxjGau+YGgI0Cc0u
+					ItzQmNNpSoejM3IWGV+SN/YuPJIzw8wixDfO
+					6kCNiPsW45Fvq31148cAvUvwiqYPQ3fONeOT
+					dQjsJWLLdLTApVEH10kjAGfa30Tm92lQhhG5
+					ovWrWCMbFlw4Lbvlon+X2snWPNut0a1Pz4Wd
+					clDcmNU8dxi1lFvGbcJ0E4qBoJVBIzDh4HX1
+					) ; key id = 42138
+			3600	RRSIG	DNSKEY 3 3 3600 20080615214426 (
+					20080609214426 42138 dyn.example.net.
+					CIIuZ4cbwEWxoPGO6KDcLRO4Z3y0i2VhXy+5
+					1X+nmHSkpcKJrUty/wY= )
+			3600	RRSIG	DNSKEY 5 3 3600 20080615214426 (
+					20080609214426 1355 dyn.example.net.
+					xGL6ZjA7v2RjPj7BnYjCvsgMRm/Z94j4c5K4
+					7twJsUZ0AO/mURIpdbCigDfFJuK2fy/8X4Vi
+					9K8P4EgCcj52Jw== )
+localhost.dyn.example.net. 7200	IN A	127.0.0.1
+			7200	RRSIG	A 5 4 7200 20080615214426 (
+					20080609214426 1355 dyn.example.net.
+					s+RvcycC8aAYgRcR5qBdVXhpRxBMTFS5Q0Pk
+					FN7OAdfmJ/3nV7+ehu0eOZ2ZjO2Pm4ZFcSM1
+					Sm1ttNxSTe2M8A== )
+			7200	NSEC	ns1.dyn.example.net. A RRSIG NSEC
+			7200	RRSIG	NSEC 5 4 7200 20080615214426 (
+					20080609214426 1355 dyn.example.net.
+					ZhXlmS/WJPbIiXwLKzNFOxw7RU3owfTA8vEM
+					+/SDZO/7+aVSj5IgbsUs3qLAuFrMN8BFEAWt
+					AqArf+M3STbO9g== )
+ns1.dyn.example.net.	7200	IN A	1.0.0.5
+			7200	RRSIG	A 5 4 7200 20080615214426 (
+					20080609214426 1355 dyn.example.net.
+					gPY1vUcxdWRJ1YbFMg/8rgoPZwta6rFrxQZl
+					KbyBNctNmlbXxeynP6j3qjwq9dydzbNt+sjO
+					TdWtXSZIlU2JKQ== )
+			7200	AAAA	2001:db8::53
+			7200	RRSIG	AAAA 5 4 7200 20080615214426 (
+					20080609214426 1355 dyn.example.net.
+					Y/PZmvaKPq4CqDvdG7eA2sxlnCPeNKHkZOB4
+					eDvK1x+q/WfTs3BDd3+g4zlG5nMC+NRSlXeO
+					Q4Pxd2rI9ud1hA== )
+			7200	NSEC	ns2.dyn.example.net. A AAAA RRSIG NSEC
+			7200	RRSIG	NSEC 5 4 7200 20080615214426 (
+					20080609214426 1355 dyn.example.net.
+					pLgxecgjqGdhVmCcUl59FljWsnC4bjkslUdt
+					0etzeGD1SNGUqhFcW10EgZE4Y9pXwvLvw68R
+					sj80tqtN0NHi/Q== )
+ns2.dyn.example.net.	7200	IN A	1.2.0.6
+			7200	RRSIG	A 5 4 7200 20080615214426 (
+					20080609214426 1355 dyn.example.net.
+					pHtJzfj0HU/AkLE70xT0UG8M/Gvvsia61TnC
+					UrxR/61uQk1X4Vy2+oPA14Yb2QJ7ZHG5D1cn
+					LrVtjyQbfimbOA== )
+			7200	NSEC	x.dyn.example.net. A RRSIG NSEC
+			7200	RRSIG	NSEC 5 4 7200 20080615214426 (
+					20080609214426 1355 dyn.example.net.
+					vjPL9Mb6oUyg9y8m+BpVpTRpac9+WJxu8FHd
+					Xv4xk67NN+L+Zpukm0D8LSOrk4hZk0X5JkLD
+					Pz/gpH280yQJFA== )
+x.dyn.example.net.	7200	IN A	1.2.3.4
+			7200	RRSIG	A 5 4 7200 20080615214426 (
+					20080609214426 1355 dyn.example.net.
+					tFyv0gmTKt8/IXdH9VA1H1ymBQ8EIviN2xbC
+					P8vzWZbay3Az2GPObYmaHKb1dm+Sq1dQUJsb
+					jn6fdB+T2Zs9Pw== )
+			7200	NSEC	y.dyn.example.net. A RRSIG NSEC
+			7200	RRSIG	NSEC 5 4 7200 20080615214426 (
+					20080609214426 1355 dyn.example.net.
+					bWhiuA+4V86k/bfw7XQ7qDHwxTwbTyN+2gu5
+					MeYQA/WeHdb+3QUOYr6aERRJlbD4q431d4f7
+					0sIwBMHOsDjTSA== )
+y.dyn.example.net.	7200	IN A	1.2.3.5
+			7200	RRSIG	A 5 4 7200 20080615214426 (
+					20080609214426 1355 dyn.example.net.
+					KQbZCcMcXWwGUyHyubt0VRhrpgiOel/0rQpF
+					18PyCNIAUIdRra1+Tj12ZaCBT2x5fu+/rtki
+					qA5CzWo8HIPwmA== )
+			7200	NSEC	z.dyn.example.net. A RRSIG NSEC
+			7200	RRSIG	NSEC 5 4 7200 20080615214426 (
+					20080609214426 1355 dyn.example.net.
+					e/zPTQ1WxvSJymZ/QSyPYFRYpc8gScTbwfXY
+					mSyhQGyn1FjfLodAvyicNYbKF/oxR7IaXKLn
+					lO6C9gQ+Iu9wyw== )
+z.dyn.example.net.	7200	IN A	1.2.3.6
+			7200	RRSIG	A 5 4 7200 20080615214426 (
+					20080609214426 1355 dyn.example.net.
+					hv9KA2BS+b97KSebN4h/nrP8cU4FUASHdsZj
+					E2GMTf1aV3gpUyPf8LizKhLbUo/LF0bO3CpJ
+					rWBT4VggwE8blQ== )
+			7200	NSEC	dyn.example.net. A RRSIG NSEC
+			7200	RRSIG	NSEC 5 4 7200 20080615214426 (
+					20080609214426 1355 dyn.example.net.
+					r8f5dzQcdnn8gvr0jiExt/n4IUCVKID9Nahx
+					XMDPLrA7ZH7omol+hKz6wlumYmjphlP2mHUU
+					TNZYnWKCkD3hAQ== )
diff --git a/contrib/zkt/examples/flat/dyn.example.net./zone.org b/contrib/zkt/examples/flat/dyn.example.net./zone.org
new file mode 100644
index 0000000..c536fc8
--- /dev/null
+++ b/contrib/zkt/examples/flat/dyn.example.net./zone.org
@@ -0,0 +1,30 @@
+;-----------------------------------------------------------------
+;
+;       @(#)    dyn.example.net/zone.org
+;
+;-----------------------------------------------------------------
+
+$TTL	7200
+
+@	IN SOA	ns1.example.net. hostmaster.example.net.  (
+				1       ; Serial	
+				43200	; Refresh
+				1800	; Retry
+				2W	; Expire
+				7200 )	; Minimum
+
+		IN  NS		ns1.example.net.
+		IN  NS		ns2.example.net.
+
+ns1		IN  A		1.0.0.5
+		IN  AAAA	2001:db8::53
+ns2		IN  A		1.2.0.6
+
+localhost	IN  A		127.0.0.1
+
+x		IN  A	1.2.3.4
+y		IN  A	1.2.3.5
+z		IN  A	1.2.3.6
+
+$INCLUDE dnskey.db
+
diff --git a/contrib/zkt/examples/flat/example.net./Kexample.net.+005+01764.key b/contrib/zkt/examples/flat/example.net./Kexample.net.+005+01764.key
new file mode 100644
index 0000000..bd273d3
--- /dev/null
+++ b/contrib/zkt/examples/flat/example.net./Kexample.net.+005+01764.key
@@ -0,0 +1,3 @@
+;%	generationtime=20080506212634
+;%	lifetime=60d
+example.net. IN DNSKEY  257 3 5 BQEAAAABDUi2uSUlDjESbnrnY5wd8+pXxhYVY4wCi2UVjhcehvIb2bF8 VJH2Q9/0ubQR1vQ2VJhsGUj3A7bdTfbMETPxKkZaDpc9lCYrm0z5HDrs lyx4bSb4JX/iCyhgYZXrTVb9WyLXjUtmDUktDjZgsyVshFHVJShBUSj+ YpnfQkndGViDAbJRycXDYEF1hCNmTK3KsR1JS9dXMKI3WidH+B9rLlBU 8w==
diff --git a/contrib/zkt/examples/flat/example.net./Kexample.net.+005+01764.published b/contrib/zkt/examples/flat/example.net./Kexample.net.+005+01764.published
new file mode 100644
index 0000000..42b8b80
--- /dev/null
+++ b/contrib/zkt/examples/flat/example.net./Kexample.net.+005+01764.published
@@ -0,0 +1,10 @@
+Private-key-format: v1.2
+Algorithm: 5 (RSASHA1)
+Modulus: DUi2uSUlDjESbnrnY5wd8+pXxhYVY4wCi2UVjhcehvIb2bF8VJH2Q9/0ubQR1vQ2VJhsGUj3A7bdTfbMETPxKkZaDpc9lCYrm0z5HDrslyx4bSb4JX/iCyhgYZXrTVb9WyLXjUtmDUktDjZgsyVshFHVJShBUSj+YpnfQkndGViDAbJRycXDYEF1hCNmTK3KsR1JS9dXMKI3WidH+B9rLlBU8w==
+PublicExponent: AQAAAAE=
+PrivateExponent: AzPR74ljfqsl7qB92XeCowR3igYQrN59a2Z8VGB1PegjagkBltDzudzYyDKpvqdigjeFLL54f1MN5JCPo4J2Q6Ij49LAQ5GsXiEd/FWlwR+UztOcW/uZ3W6DNIwuMbSY7ruZmpv/zVPpyeY1PVXgCsJlX2Zj/Wt8QHASHp5rUugGQSPQfVSQ/mBdDXMZw2tEb3b10quziCmKuHegopRYeuNXwQ==
+Prime1: A+5jXfxmP0Mfnjr4m8BPrPkDyokgFXZB3dXibxeZqp4ypcwpXeO0xTf1FjSZeIOi2RJOzpym914IYa3wPx4zbxmsGeozr1hTIWE+6Xuz0qjE0w==
+Prime2: A2EOffOaSvEoTUf/0dF8Z9/dYxIrE9HBbXRjgrlPc+WoG57lCkjxe/KO5Eclg9o5nrTFcsxpsjrdxOAcIcyTIHsXW8YgxDAb1mFJ0V6tBsabYQ==
+Exponent1: vmRAN3zHGTV28Oj4gslB/xA58sDyieCkDrpGaGChsPo7yUPOEeZQ8ep/FDnQoZLhLCn6XkKcN4D99Yo3JxVECBJOHZp8HrFsfF9BzpXk2yH9
+Exponent2: Aj8x3YdZJ0/KzwX2m6G2qZ5WktmkDITa+XHxvSashqlBm2niBCRFN5kNQNhkIO5ZAFWKEPuHSB5BZWTzgj8jeB8mRoYtbPlJom4KbNtCiZ6BYQ==
+Coefficient: A87WfUPUBfYDuSAu6kcHLAyr0OnqoXnMeXSgyq28CJXdh3Vg39Al8me07wWeRDjMzfpZGdKEhxyvVIS8WhY3du0FYoGI5YhJMqaYq3XjwLfpsQ==
diff --git a/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41151.key b/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41151.key
new file mode 100644
index 0000000..d72baa9
--- /dev/null
+++ b/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41151.key
@@ -0,0 +1,3 @@
+;%	generationtime=20080420205422
+;%	lifetime=60d
+example.net. IN DNSKEY  257 3 5 BQEAAAABDAnSCbSyScZdP2M6OQTbTGvZRD5avmDYgAwXv0EsnNautYn7 kzDGwY3oVTXWDTdII+syK0pt0unjUn2ActoXtyFzIk61VRKDroANM9/W O0PO/y50vNIGMJUL1TiMR6jCp23eSxQ39/1A+BeiU+fMjoJK0/Yc7hbM HWwD8myU0IEX8R2iVUTXNPNbmUV2M836Eu5SRLIVTc7P4vjKT1YYVnoQ qw==
diff --git a/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41151.private b/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41151.private
new file mode 100644
index 0000000..554cd12
--- /dev/null
+++ b/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41151.private
@@ -0,0 +1,10 @@
+Private-key-format: v1.2
+Algorithm: 5 (RSASHA1)
+Modulus: DAnSCbSyScZdP2M6OQTbTGvZRD5avmDYgAwXv0EsnNautYn7kzDGwY3oVTXWDTdII+syK0pt0unjUn2ActoXtyFzIk61VRKDroANM9/WO0PO/y50vNIGMJUL1TiMR6jCp23eSxQ39/1A+BeiU+fMjoJK0/Yc7hbMHWwD8myU0IEX8R2iVUTXNPNbmUV2M836Eu5SRLIVTc7P4vjKT1YYVnoQqw==
+PublicExponent: AQAAAAE=
+PrivateExponent: CJPcx+j7bWxMzKCl395v2PxQRYc/YurHU25oJL9i+B/bkxC8sRzSrTe4rRW61vhtAE3R6+CGz1336igirbEWKjHbPyBg42QHu2OCHWcKv4jq8k9yvtYGb9rKVvSUj4HAfZolr130loWW+CNp5soQQcJG0qxP+YkdI/Z+GDQ9kDbn80+r3wtCtVzjhoq0RoUSH3UnKUbs+DvacQmvepMLcM3PgQ==
+Prime1: A413lN4gpI+7Imn2Krm4CGyRCBoNwFa2PSr1ZQN195W5enKVZAkKg+49G7hoduMgjW2RAzwoJp0/4cGPx5nugSv93QT/mTMhYupL9KdGKcYUIQ==
+Prime2: A2N7TbYY1Q67CsoqHPvogKEP0XtlN421eF+88Yu/YnAZ3Ikd1nMad7rO1bVWptabsNuw0JFkpOmrS3u/GvaWmKCNGBlGjF/XlKr8Bh63V/zLSw==
+Exponent1: Aa0C6ssN8NTZIKsoGJEJLVbb9uB48nXtaMq2FxFARogrnmY0Gi/n8AWFc+ulPvAzJhhrjWF3VW38GcuPe3Ss8l3fpAbAexEnrJHOXxKLlOgmwQ==
+Exponent2: j78LKeDXSgTL5WmsffdJHSRe32GfaX6SgTF0BKzKVRuNIiOf7vHjzkDn4gdcTsMLTSNVp/Zj4vkWMkfJNq+AqosHpBFvhmd+boUG4Xde4jSp
+Coefficient: A1RWhKCgowdNAWs9OF3Q5CBBzC2Fq6O0CspJJD3cmNTEQVbxEbzSWyW7S1NsBgp+6de/HQ72IFtEAL9ChSy6pXWx27PGK6wE89rGbfaJ9Y2gzQ==
diff --git a/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41300.key b/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41300.key
new file mode 100644
index 0000000..235a5df
--- /dev/null
+++ b/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41300.key
@@ -0,0 +1,3 @@
+;%	generationtime=20080721221039
+;%	lifetime=14d
+example.net. IN DNSKEY  256 3 5 BQEAAAABz+XkYpKYKuMPi7jA8Y/qfzDuGKdGVadO1kBAK6UnrK+WbxP3 LjoOtWm13QuS8fHsuZipXs2ouT2S9dhdEArKfw==
diff --git a/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41300.private b/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41300.private
new file mode 100644
index 0000000..b5041c0
--- /dev/null
+++ b/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41300.private
@@ -0,0 +1,10 @@
+Private-key-format: v1.2
+Algorithm: 5 (RSASHA1)
+Modulus: z+XkYpKYKuMPi7jA8Y/qfzDuGKdGVadO1kBAK6UnrK+WbxP3LjoOtWm13QuS8fHsuZipXs2ouT2S9dhdEArKfw==
+PublicExponent: AQAAAAE=
+PrivateExponent: MF8+pDySZKCy1bZvgH9me1xf6cMd7V7FYgIWqRTSGuGpRWdtnIoltaBWjj2UlCshJYiwT0Y5g3obAsorqBC3wQ==
+Prime1: 6M83fhmfDJmatbG+texk1m/E7Aj8yOTLommXQYC/18M=
+Prime2: 5JtrNfEt434OYY/aIFo+LpKQ4YHmni1IODDoP9sHkpU=
+Exponent1: nCZRKBmE9YucwPIw6E1yLiAJ87fqm9IGNLez0kmtV+0=
+Exponent2: 4rEtpIoEBRymA2/iJbg+UmyCd1MKp5Mx4WhFTv1KOS0=
+Coefficient: v0eWAC3cl0XllkeNGaq5thp02OnHsxVU8Xwtss3dCMw=
diff --git a/contrib/zkt/examples/flat/example.net./dnskey.db b/contrib/zkt/examples/flat/example.net./dnskey.db
new file mode 100644
index 0000000..6bd2ba0
--- /dev/null
+++ b/contrib/zkt/examples/flat/example.net./dnskey.db
@@ -0,0 +1,33 @@
+;
+;	!!! Don't edit this file by hand.
+;	!!! It will be generated by dnssec-signer.
+;
+;	 Last generation time Jul 31 2008 00:25:53
+;
+
+;  ***  List of Key Signing Keys  ***
+; example.net.  tag=1764  algo=RSASHA1  generated Jun 19 2008 00:32:22
+example.net. 3600 IN DNSKEY  257 3 5 (
+			BQEAAAABDUi2uSUlDjESbnrnY5wd8+pXxhYVY4wCi2UVjhcehvIb2bF8
+			VJH2Q9/0ubQR1vQ2VJhsGUj3A7bdTfbMETPxKkZaDpc9lCYrm0z5HDrs
+			lyx4bSb4JX/iCyhgYZXrTVb9WyLXjUtmDUktDjZgsyVshFHVJShBUSj+
+			YpnfQkndGViDAbJRycXDYEF1hCNmTK3KsR1JS9dXMKI3WidH+B9rLlBU
+			8w==
+		) ; key id = 1764
+
+; example.net.  tag=41151  algo=RSASHA1  generated Jun 19 2008 00:32:22
+example.net. 3600 IN DNSKEY  257 3 5 (
+			BQEAAAABDAnSCbSyScZdP2M6OQTbTGvZRD5avmDYgAwXv0EsnNautYn7
+			kzDGwY3oVTXWDTdII+syK0pt0unjUn2ActoXtyFzIk61VRKDroANM9/W
+			O0PO/y50vNIGMJUL1TiMR6jCp23eSxQ39/1A+BeiU+fMjoJK0/Yc7hbM
+			HWwD8myU0IEX8R2iVUTXNPNbmUV2M836Eu5SRLIVTc7P4vjKT1YYVnoQ
+			qw==
+		) ; key id = 41151
+
+; ***  List of Zone Signing Keys  ***
+; example.net.  tag=41300  algo=RSASHA1  generated Jul 24 2008 00:13:57
+example.net. 3600 IN DNSKEY  256 3 5 (
+			BQEAAAABz+XkYpKYKuMPi7jA8Y/qfzDuGKdGVadO1kBAK6UnrK+WbxP3
+			LjoOtWm13QuS8fHsuZipXs2ouT2S9dhdEArKfw==
+		) ; key id = 41300
+
diff --git a/contrib/zkt/examples/flat/example.net./dsset-example.net. b/contrib/zkt/examples/flat/example.net./dsset-example.net.
new file mode 100644
index 0000000..d4a01ed
--- /dev/null
+++ b/contrib/zkt/examples/flat/example.net./dsset-example.net.
@@ -0,0 +1,4 @@
+example.net.		IN DS 1764 5 1 A6F060DDE8DE45CA7FD1C21E2F39C477F214795F
+example.net.		IN DS 1764 5 2 B7109245C60ACEDD1630E145477FDF574D5BD9CABE530AAC6D7192DB 7FBFAA3F
+example.net.		IN DS 41151 5 1 BBB692EA07571E412F9385A618C1CAD9BFC1469A
+example.net.		IN DS 41151 5 2 4D22B44C3DC09BD9EEADFFB917EFCE8E45F22E89FF0C096CD14F4405 CA1CAE3F
diff --git a/contrib/zkt/examples/flat/example.net./kexample.net.+005+14829.key b/contrib/zkt/examples/flat/example.net./kexample.net.+005+14829.key
new file mode 100644
index 0000000..fdf427b
--- /dev/null
+++ b/contrib/zkt/examples/flat/example.net./kexample.net.+005+14829.key
@@ -0,0 +1,4 @@
+;%	generationtime=20080415164557
+;%	lifetime=20d
+;%	expirationtime=20080506212633
+example.net. IN DNSKEY  385 3 5 BQEAAAABCrDt76ODmeteohszxggclH3vAXO/NXOnXjOzIivP5LaUL4/U uAtafg5JXypl/nCUVap9FG0K1ebCCBCMJaPCoi7pIgD5EgFzHPnxZo2w GvtmWYwK3MaBP4U8YzwpVbGpJIBAW+IZyM89LD6b2cvkJL5YEviPNfMp rMTLo7BOMVjMBpG2IuULOHq7dzyIe/ym/RXKuuYc5AVtHCBBfGKU/Wzn 0Q==
diff --git a/contrib/zkt/examples/flat/example.net./kexample.net.+005+14829.private b/contrib/zkt/examples/flat/example.net./kexample.net.+005+14829.private
new file mode 100644
index 0000000..1018561
--- /dev/null
+++ b/contrib/zkt/examples/flat/example.net./kexample.net.+005+14829.private
@@ -0,0 +1,10 @@
+Private-key-format: v1.2
+Algorithm: 5 (RSASHA1)
+Modulus: CrDt76ODmeteohszxggclH3vAXO/NXOnXjOzIivP5LaUL4/UuAtafg5JXypl/nCUVap9FG0K1ebCCBCMJaPCoi7pIgD5EgFzHPnxZo2wGvtmWYwK3MaBP4U8YzwpVbGpJIBAW+IZyM89LD6b2cvkJL5YEviPNfMprMTLo7BOMVjMBpG2IuULOHq7dzyIe/ym/RXKuuYc5AVtHCBBfGKU/Wzn0Q==
+PublicExponent: AQAAAAE=
+PrivateExponent: CWC6hC61oQC954Dcu2Z0NNmLk6Wnr33yh7VCuT7kh5fSOgA6Fm0qQgH+nvW2sv9fpy8JB4WBaa/CnysKkLwjDBFcWkrMw7wDR0KAiixe8bjXCZUy95x2t3B/o23jQtS/ejJgaSSOJFioRcPoT5sv9mm6QCe3ir3g9+3n4COrzf0DY1oGfDLzuhrYDT/AM5MuEjSamlblTPHHsKlI3UCl+AHDLQ==
+Prime1: A3ZcDeyxt/SDgmgg4Yk7v66MbFU4GWreYp4/MYhEDsE4jA0cqEY28cAoN8FyPCB1H1t10IVqOs7/LSKrWdXMUKUv57DPMHJp539Wx2HYLmVIfw==
+Prime2: AxZ8J01/Sbij24nloiVsDJdjFTAVApr4S6n/QRdBkWumQTLexnQ1ErcTEVc3Fn0po04ZToIO5JNINrWNdAuNiaHYLuiD4pkkHuSAmTajbVsnrw==
+Exponent1: Iw7WPWd3zZeJ/b3zQcQtSosUXUWFy430aEsQWimMnibFm+qOVpsjhRkTHW/yZp227Y4sVb/ZhzCZWFGr6qWe0sdHIv5Yx6SkvIxv4rUiHdOL
+Exponent2: AhiPWhKq+Iyy/HRZuWpIAalUZ7yE7FeHWFQYQLocatTCnY91VsgNxRLXRwcci6mflhIVoLBDHJal7x4SCRq0Xbze5PeMlMUhsDQdCT+QYTgCRw==
+Coefficient: Auw2b1lPzp3gWxpnDNZWeuiwGcWTd9fNfN/4kBrCbulFngYTNVBpqathFqdwtojYXHfM2HZDKHqmZVZgON+FfxvauGvTDWO6MTBxUleeBlLmcg==
diff --git a/contrib/zkt/examples/flat/example.net./keyset-example.net. b/contrib/zkt/examples/flat/example.net./keyset-example.net.
new file mode 100644
index 0000000..c832578
--- /dev/null
+++ b/contrib/zkt/examples/flat/example.net./keyset-example.net.
@@ -0,0 +1,19 @@
+$ORIGIN .
+example.net		7200	IN DNSKEY 257 3 5 (
+					BQEAAAABDAnSCbSyScZdP2M6OQTbTGvZRD5a
+					vmDYgAwXv0EsnNautYn7kzDGwY3oVTXWDTdI
+					I+syK0pt0unjUn2ActoXtyFzIk61VRKDroAN
+					M9/WO0PO/y50vNIGMJUL1TiMR6jCp23eSxQ3
+					9/1A+BeiU+fMjoJK0/Yc7hbMHWwD8myU0IEX
+					8R2iVUTXNPNbmUV2M836Eu5SRLIVTc7P4vjK
+					T1YYVnoQqw==
+					) ; key id = 41151
+			7200	IN DNSKEY 257 3 5 (
+					BQEAAAABDUi2uSUlDjESbnrnY5wd8+pXxhYV
+					Y4wCi2UVjhcehvIb2bF8VJH2Q9/0ubQR1vQ2
+					VJhsGUj3A7bdTfbMETPxKkZaDpc9lCYrm0z5
+					HDrslyx4bSb4JX/iCyhgYZXrTVb9WyLXjUtm
+					DUktDjZgsyVshFHVJShBUSj+YpnfQkndGViD
+					AbJRycXDYEF1hCNmTK3KsR1JS9dXMKI3WidH
+					+B9rLlBU8w==
+					) ; key id = 1764
diff --git a/contrib/zkt/examples/flat/example.net./zone.db b/contrib/zkt/examples/flat/example.net./zone.db
new file mode 100644
index 0000000..42ad067
--- /dev/null
+++ b/contrib/zkt/examples/flat/example.net./zone.db
@@ -0,0 +1,43 @@
+;-----------------------------------------------------------------
+;
+;       @(#)    example.net/zone.db
+;
+;-----------------------------------------------------------------
+
+$TTL	7200
+
+;	Be sure that the serial number below is left
+;	justified in a field of at least 10 chars!!
+;				0123456789;
+;	It's also possible to use the date form e.g. 2005040101
+@	IN SOA	ns1.example.net. hostmaster.example.net.  (
+				306       ; Serial	
+				43200	; Refresh
+				1800	; Retry
+				2W	; Expire
+				7200 )	; Minimum
+
+		IN  NS		ns1.example.net.
+		IN  NS		ns2.example.net.
+
+ns1		IN  A		1.0.0.5
+		IN  AAAA	2001:db8::53
+ns2		IN  A		1.2.0.6
+
+localhost	IN  A		127.0.0.1
+
+a		IN  A		1.2.3.1
+b		IN  MX		10 a
+;c		IN  A		1.2.3.2
+d		IN  A		1.2.3.3
+		IN  AAAA	2001:0db8::3
+
+; Delegation to secure zone; The DS resource record will
+; be added by dnssec-signzone automatically if the
+; keyset-sub.example.net file is present (run dnssec-signzone
+; with option -g or use the dnssec-signer tool) ;-)
+sub		IN NS      ns1.example.net.
+
+; this file will have all the zone keys
+$INCLUDE dnskey.db
+
diff --git a/contrib/zkt/examples/flat/example.net./zone.db.signed b/contrib/zkt/examples/flat/example.net./zone.db.signed
new file mode 100644
index 0000000..b10d122
--- /dev/null
+++ b/contrib/zkt/examples/flat/example.net./zone.db.signed
@@ -0,0 +1,166 @@
+; File written on Thu Jul 31 00:25:53 2008
+; dnssec_signzone version 9.5.1b1
+example.net.		7200	IN SOA	ns1.example.net. hostmaster.example.net. (
+					306        ; serial
+					43200      ; refresh (12 hours)
+					1800       ; retry (30 minutes)
+					1209600    ; expire (2 weeks)
+					7200       ; minimum (2 hours)
+					)
+			7200	RRSIG	SOA 5 2 7200 20080805212553 (
+					20080730212553 41300 example.net.
+					eRpET793mGv1lKjHoaL/woHNxqFx8mFg1LlT
+					x3ISMuUH7BJCHI4urjNMIJCOKwTeDsstlmvt
+					llflqikDp8uLmQ== )
+			7200	NS	ns1.example.net.
+			7200	NS	ns2.example.net.
+			7200	RRSIG	NS 5 2 7200 20080805212553 (
+					20080730212553 41300 example.net.
+					t7lt/MCYy2plJXQXeZFapUjzkhtYi0NIa4/i
+					sJInZYv78nT2981zrlYCX5UKswGy6VAchtgu
+					WDdVL5V3nirNiA== )
+			7200	NSEC	a.example.net. NS SOA RRSIG NSEC DNSKEY
+			7200	RRSIG	NSEC 5 2 7200 20080805212553 (
+					20080730212553 41300 example.net.
+					TNq3FKjB7brjHQDD1vReNNddof1UmsAOdioU
+					vL1alQJa1zXVpL9Yl2NUbtuV3kKVpxxLAZM4
+					8fjJ1uPzW3KVJQ== )
+			3600	DNSKEY	256 3 5 (
+					BQEAAAABz+XkYpKYKuMPi7jA8Y/qfzDuGKdG
+					VadO1kBAK6UnrK+WbxP3LjoOtWm13QuS8fHs
+					uZipXs2ouT2S9dhdEArKfw==
+					) ; key id = 41300
+			3600	DNSKEY	257 3 5 (
+					BQEAAAABDAnSCbSyScZdP2M6OQTbTGvZRD5a
+					vmDYgAwXv0EsnNautYn7kzDGwY3oVTXWDTdI
+					I+syK0pt0unjUn2ActoXtyFzIk61VRKDroAN
+					M9/WO0PO/y50vNIGMJUL1TiMR6jCp23eSxQ3
+					9/1A+BeiU+fMjoJK0/Yc7hbMHWwD8myU0IEX
+					8R2iVUTXNPNbmUV2M836Eu5SRLIVTc7P4vjK
+					T1YYVnoQqw==
+					) ; key id = 41151
+			3600	DNSKEY	257 3 5 (
+					BQEAAAABDUi2uSUlDjESbnrnY5wd8+pXxhYV
+					Y4wCi2UVjhcehvIb2bF8VJH2Q9/0ubQR1vQ2
+					VJhsGUj3A7bdTfbMETPxKkZaDpc9lCYrm0z5
+					HDrslyx4bSb4JX/iCyhgYZXrTVb9WyLXjUtm
+					DUktDjZgsyVshFHVJShBUSj+YpnfQkndGViD
+					AbJRycXDYEF1hCNmTK3KsR1JS9dXMKI3WidH
+					+B9rLlBU8w==
+					) ; key id = 1764
+			3600	RRSIG	DNSKEY 5 2 3600 20080805212553 (
+					20080730212553 41151 example.net.
+					AoLzL97D0rw8R5leKTNH7XuKyLPUdmX2nmfb
+					Q9RV9mV1mcM7cV37C8nNp1xNqY91frjCiUtd
+					PjFa95U2B1ZVU6j2CgWzPLRidRTU/aKJy2MZ
+					dwkAx4P6MGXemCwi5xGY1JLP3WTtdW1ERBjE
+					tgOT8mOOA8pDk+1S2zUAGbT4WGLx09hf16n+
+					b9YR+mNVyEyJ8qJGvWm6U8niyhHOZWFj6QkL
+					Tw== )
+			3600	RRSIG	DNSKEY 5 2 3600 20080805212553 (
+					20080730212553 41300 example.net.
+					up151hyvd84qGvWxziVwgzuLHvZ9os27gqSU
+					hMeplk+Q2coXShZ219zSQKfZHRYRQF0Hujwi
+					FSHnJW5dlBhMow== )
+a.example.net.		7200	IN A	1.2.3.1
+			7200	RRSIG	A 5 3 7200 20080805212553 (
+					20080730212553 41300 example.net.
+					EOJulnvULgDyx+WXIPkkoAcBot3lKKIHplAM
+					aa2K3QIXak75/IxCh+K/yUpqgsbeU0wHJakd
+					vo0cFjkPvCCrHA== )
+			7200	NSEC	b.example.net. A RRSIG NSEC
+			7200	RRSIG	NSEC 5 3 7200 20080805212553 (
+					20080730212553 41300 example.net.
+					Vb+ZkjqQ+TzXmhsVEE1490F6O3Mww5z0GiO/
+					1CtMb+qfUNS0RavmHVnm5rBYs3WyQmG04vQr
+					2MS4wJguPpznEg== )
+b.example.net.		7200	IN MX	10 a.example.net.
+			7200	RRSIG	MX 5 3 7200 20080805212553 (
+					20080730212553 41300 example.net.
+					RG6GDR1HAKQeG6TaWbIlp97FYZSp8Xf7ySxi
+					Q+OJaPw209RmlNFySWt/HQ6XiwPQ3OJUU9KJ
+					V1VbEaZnFVXu2Q== )
+			7200	NSEC	d.example.net. MX RRSIG NSEC
+			7200	RRSIG	NSEC 5 3 7200 20080805212553 (
+					20080730212553 41300 example.net.
+					MxxrqKlQWoN1PgC6g/VkzTQYRFZpeJfjtm9L
+					jbnNPVNUJoRFA2knURkrTB4nmQc6k9bms9Na
+					G1yt/jdFB699yg== )
+d.example.net.		7200	IN A	1.2.3.3
+			7200	RRSIG	A 5 3 7200 20080805212553 (
+					20080730212553 41300 example.net.
+					LHAxOSR8B+5D4nPxGn3zr4w8E+sSffCRbiqS
+					8Giafiugn+FKRRO+QrCBytSF/YBmwfuz7uQF
+					Xqk7op11oye7fA== )
+			7200	AAAA	2001:db8::3
+			7200	RRSIG	AAAA 5 3 7200 20080805212553 (
+					20080730212553 41300 example.net.
+					VkBfSCLQGwOsCdzJTCgNenXpIHQ1OfOHhqib
+					2UHf/kPtCRxONFQUcKfTC10XSbnOJ7oWcyVC
+					sJOAIxxNQOefZg== )
+			7200	NSEC	localhost.example.net. A AAAA RRSIG NSEC
+			7200	RRSIG	NSEC 5 3 7200 20080805212553 (
+					20080730212553 41300 example.net.
+					e9HXw+0oV/wa8dobs1lstE68JgCzdlmnGUAh
+					/0878kn5nyoLBaFEW3u6LU1E1YY277Ox2jZD
+					X51lgVvrlOsMaw== )
+localhost.example.net.	7200	IN A	127.0.0.1
+			7200	RRSIG	A 5 3 7200 20080805212553 (
+					20080730212553 41300 example.net.
+					cx0NJFy0/RjCjhlU1X3S0na2q9hMyHmvFLhv
+					zLk+LqSaK1rHW4GNCCsGlNxQIb9uJjQJuUq1
+					U9ZdHxUEqeRRtQ== )
+			7200	NSEC	ns1.example.net. A RRSIG NSEC
+			7200	RRSIG	NSEC 5 3 7200 20080805212553 (
+					20080730212553 41300 example.net.
+					nDPwYL/05NLxkY4iuyzH8ASiBq8FcY0uNQAg
+					F+bjdtm1xt1uyqTROl5JQ1P3SUb/EuoxCMII
+					hS9tIVb0spHDuQ== )
+ns1.example.net.	7200	IN A	1.0.0.5
+			7200	RRSIG	A 5 3 7200 20080805212553 (
+					20080730212553 41300 example.net.
+					swMfIxbBfSCr4ACCa3dJ8d0gtoHD7Z0L0sTp
+					TFEZ9miQFFN9zxKHGRpk6fBjkiMI3bSAMbtM
+					bBUOTYWJIMT50g== )
+			7200	AAAA	2001:db8::53
+			7200	RRSIG	AAAA 5 3 7200 20080805212553 (
+					20080730212553 41300 example.net.
+					w+weJuOzg5fQ15RGdNQ/7Gf4DxkcKq4Drx0l
+					CZ16TKV3/fR8ROCzIP9HulPsNJtEFK+J+CbM
+					5P5ZMXieZrh+xQ== )
+			7200	NSEC	ns2.example.net. A AAAA RRSIG NSEC
+			7200	RRSIG	NSEC 5 3 7200 20080805212553 (
+					20080730212553 41300 example.net.
+					xe9q0umSSgBNQ5H0yLSQ9tONsw2hORQpxMGT
+					rrfxEcPm86SLMM40dithZQeajNucRlmuadKX
+					HREpYT/DVVBT0A== )
+ns2.example.net.	7200	IN A	1.2.0.6
+			7200	RRSIG	A 5 3 7200 20080805212553 (
+					20080730212553 41300 example.net.
+					gOU5QjhdfwBBNHi5uQOs53GoxU7eiSt9I/yk
+					06EzlFU2gJ+1cmhYKqrSZM7XC7/c5I61AZDS
+					2LaOiuqMIPm8Hw== )
+			7200	NSEC	sub.example.net. A RRSIG NSEC
+			7200	RRSIG	NSEC 5 3 7200 20080805212553 (
+					20080730212553 41300 example.net.
+					dT90BIfl/AJ6gVSbrU0TiOacE5ZffS4N4B5+
+					HQzwNup6HfL7ZwBEO/vhKJjSgwd+Oetfc76+
+					/l+dJFZ8FtdZTA== )
+sub.example.net.	7200	IN NS	ns1.example.net.
+			7200	DS	54876 5 1 (
+					CAB6127E303A8A8D7D5A29AE05DB60F4C506
+					0B10 )
+			7200	DS	54876 5 2 (
+					7C8CAF1844479F3600213173BB5D1E2A4414
+					3D63B6E0B3E10D8C5310ADF84D30 )
+			7200	RRSIG	DS 5 3 7200 20080805212553 (
+					20080730212553 41300 example.net.
+					DjNb5DNaKyPMWJgfiLxXbw/BhuxxKd58tHv+
+					TQqrp6STx8jZRWNsigEh4QTyx8lyYcAPaYEt
+					X6JnkVWr89s82A== )
+			7200	NSEC	example.net. NS DS RRSIG NSEC
+			7200	RRSIG	NSEC 5 3 7200 20080805212553 (
+					20080730212553 41300 example.net.
+					kDm+cYjtem6aZSTTsLdSQZnJJVfASXdIsrom
+					fViO1QIHNSZodbtWT9cqMvhMhmQ1rO5GVRGg
+					KaG0bEo8TpOAUw== )
diff --git a/contrib/zkt/examples/flat/keysets/dlvset-sub.example.net. b/contrib/zkt/examples/flat/keysets/dlvset-sub.example.net.
new file mode 100644
index 0000000..8e00719
--- /dev/null
+++ b/contrib/zkt/examples/flat/keysets/dlvset-sub.example.net.
@@ -0,0 +1,2 @@
+sub.example.net.dlv.trusted-keys.de. IN	DLV 54876 5 1 CAB6127E303A8A8D7D5A29AE05DB60F4C5060B10
+sub.example.net.dlv.trusted-keys.de. IN	DLV 54876 5 2 7C8CAF1844479F3600213173BB5D1E2A44143D63B6E0B3E10D8C5310 ADF84D30
diff --git a/contrib/zkt/examples/flat/keysets/dsset-dyn.example.net. b/contrib/zkt/examples/flat/keysets/dsset-dyn.example.net.
new file mode 100644
index 0000000..f94666a
--- /dev/null
+++ b/contrib/zkt/examples/flat/keysets/dsset-dyn.example.net.
@@ -0,0 +1,2 @@
+dyn.example.net.	IN DS 42138 3 1 0F49FCDB683D1903F69B6779DB55CA3472974879
+dyn.example.net.	IN DS 42138 3 2 94AC94BFE3AFA17F7485F5F741274074FF2E26A360D776D8884F2689 CCED34C6
diff --git a/contrib/zkt/examples/flat/keysets/dsset-example.net. b/contrib/zkt/examples/flat/keysets/dsset-example.net.
new file mode 100644
index 0000000..d4a01ed
--- /dev/null
+++ b/contrib/zkt/examples/flat/keysets/dsset-example.net.
@@ -0,0 +1,4 @@
+example.net.		IN DS 1764 5 1 A6F060DDE8DE45CA7FD1C21E2F39C477F214795F
+example.net.		IN DS 1764 5 2 B7109245C60ACEDD1630E145477FDF574D5BD9CABE530AAC6D7192DB 7FBFAA3F
+example.net.		IN DS 41151 5 1 BBB692EA07571E412F9385A618C1CAD9BFC1469A
+example.net.		IN DS 41151 5 2 4D22B44C3DC09BD9EEADFFB917EFCE8E45F22E89FF0C096CD14F4405 CA1CAE3F
diff --git a/contrib/zkt/examples/flat/keysets/dsset-sub.example.net. b/contrib/zkt/examples/flat/keysets/dsset-sub.example.net.
new file mode 100644
index 0000000..9bed62a
--- /dev/null
+++ b/contrib/zkt/examples/flat/keysets/dsset-sub.example.net.
@@ -0,0 +1,2 @@
+sub.example.net.	IN DS 54876 5 1 CAB6127E303A8A8D7D5A29AE05DB60F4C5060B10
+sub.example.net.	IN DS 54876 5 2 7C8CAF1844479F3600213173BB5D1E2A44143D63B6E0B3E10D8C5310 ADF84D30
diff --git a/contrib/zkt/examples/flat/keysets/keyset-dyn.example.net. b/contrib/zkt/examples/flat/keysets/keyset-dyn.example.net.
new file mode 100644
index 0000000..002217b
--- /dev/null
+++ b/contrib/zkt/examples/flat/keysets/keyset-dyn.example.net.
@@ -0,0 +1,18 @@
+$ORIGIN .
+dyn.example.net		7200	IN DNSKEY 257 3 3 (
+					CNtFdVrUUJ9MPDyzGoPm+tSKUgnX4bble5+V
+					NGd4RjwWpEDj8RhEAhQ7LybJzr0wtHXT2Q/K
+					S55xARkUtcH2TVO/ayMupa30pM38rd8uF38s
+					m+ABKLEvCbPjaLZyW+s10di8nLp1aAxKFFfA
+					EfXkIhl3Wm5g9CvjrMlrxAOfNy/jtz4v+asI
+					r6/d992V80G9wMKMvTMQoCr4Sp9s2JubW79i
+					4RBVWgHHJMmtyqq+SqEkPhZvsTuo2sXgIH9v
+					RS3XgfkGtw/KyTUM29bhZ2eB+Ldq+bggp1gb
+					BDiSsxZPjxciizI/mCzXWbq8BdfZ6LsddMjA
+					olJwCtaPCD4e4infmw+YSxjGau+YGgI0Cc0u
+					ItzQmNNpSoejM3IWGV+SN/YuPJIzw8wixDfO
+					6kCNiPsW45Fvq31148cAvUvwiqYPQ3fONeOT
+					dQjsJWLLdLTApVEH10kjAGfa30Tm92lQhhG5
+					ovWrWCMbFlw4Lbvlon+X2snWPNut0a1Pz4Wd
+					clDcmNU8dxi1lFvGbcJ0E4qBoJVBIzDh4HX1
+					) ; key id = 42138
diff --git a/contrib/zkt/examples/flat/keysets/keyset-example.net. b/contrib/zkt/examples/flat/keysets/keyset-example.net.
new file mode 100644
index 0000000..c832578
--- /dev/null
+++ b/contrib/zkt/examples/flat/keysets/keyset-example.net.
@@ -0,0 +1,19 @@
+$ORIGIN .
+example.net		7200	IN DNSKEY 257 3 5 (
+					BQEAAAABDAnSCbSyScZdP2M6OQTbTGvZRD5a
+					vmDYgAwXv0EsnNautYn7kzDGwY3oVTXWDTdI
+					I+syK0pt0unjUn2ActoXtyFzIk61VRKDroAN
+					M9/WO0PO/y50vNIGMJUL1TiMR6jCp23eSxQ3
+					9/1A+BeiU+fMjoJK0/Yc7hbMHWwD8myU0IEX
+					8R2iVUTXNPNbmUV2M836Eu5SRLIVTc7P4vjK
+					T1YYVnoQqw==
+					) ; key id = 41151
+			7200	IN DNSKEY 257 3 5 (
+					BQEAAAABDUi2uSUlDjESbnrnY5wd8+pXxhYV
+					Y4wCi2UVjhcehvIb2bF8VJH2Q9/0ubQR1vQ2
+					VJhsGUj3A7bdTfbMETPxKkZaDpc9lCYrm0z5
+					HDrslyx4bSb4JX/iCyhgYZXrTVb9WyLXjUtm
+					DUktDjZgsyVshFHVJShBUSj+YpnfQkndGViD
+					AbJRycXDYEF1hCNmTK3KsR1JS9dXMKI3WidH
+					+B9rLlBU8w==
+					) ; key id = 1764
diff --git a/contrib/zkt/examples/flat/keysets/keyset-sub.example.net. b/contrib/zkt/examples/flat/keysets/keyset-sub.example.net.
new file mode 100644
index 0000000..77aacd6
--- /dev/null
+++ b/contrib/zkt/examples/flat/keysets/keyset-sub.example.net.
@@ -0,0 +1,8 @@
+$ORIGIN .
+sub.example.net		7200	IN DNSKEY 257 3 5 (
+					AQOjGNN0/hLA20+W2qo0sktVActYKf1Opnx+
+					bmkWSrsmJHMBHlT8hL507pGTmDoyH0Ae9+3M
+					ZSTBL1S+HhA12B0htiTp8IbtN/gZOBbwD36c
+					BpPe72uDQoUy/TdSn1HLtoqUSMTB+saqCTZW
+					CfIEqcbHRn0T6PhgqLyCvLzbZ/avYw==
+					) ; key id = 54876
diff --git a/contrib/zkt/examples/flat/named.conf b/contrib/zkt/examples/flat/named.conf
new file mode 100644
index 0000000..0e8551c
--- /dev/null
+++ b/contrib/zkt/examples/flat/named.conf
@@ -0,0 +1,99 @@
+/*****************************************************************
+**
+**      #(@)    named.conf	(c) 6. May 2004 (hoz)
+**
+*****************************************************************/
+
+/*****************************************************************
+**      logging options
+*****************************************************************/
+logging {
+        channel "named-log" {
+                file "/var/log/named" versions 3 size 2m;
+                print-time yes;
+                print-category yes;
+                print-severity yes;
+                severity info;
+        };
+        channel "resolver-log" {
+                file "/var/log/named";
+                print-time yes;
+                print-category yes;
+                print-severity yes;
+                severity debug 1;
+        };
+        channel "dnssec-log" {
+#                file "/var/log/named-dnssec" ;
+                file "/var/log/named" ;
+                print-time yes;
+                print-category yes;
+                print-severity yes;
+                severity debug 3;
+        };
+        category "dnssec" { "dnssec-log"; };
+        category "default" { "named-log"; };
+        category "resolver" { "resolver-log"; };
+        category "client" { "resolver-log"; };
+        category "queries" { "resolver-log"; };
+};
+
+/*****************************************************************
+**      name server options
+*****************************************************************/
+options {
+	directory ".";
+
+	dump-file "/var/log/named_dump.db";
+	statistics-file "/var/log/named.stats";
+
+	listen-on-v6 { any; };
+
+	query-source address * port 53;
+	transfer-source * port 53;
+	notify-source * port 53;
+
+	recursion yes;
+	dnssec-enable yes;
+	edns-udp-size 4096;
+
+#	dnssec-lookaside "." trust-anchor "trusted-keys.de.";
+
+	querylog yes;
+
+};
+
+/*****************************************************************
+**      include shared secrets...
+*****************************************************************/
+/**      for control sessions ...	**/
+controls {
+ 	inet 127.0.0.1 
+ 		allow { localhost; };
+ 	inet ::1 
+ 		allow { localhost; };
+};
+
+/*****************************************************************
+**      ... and trusted_keys
+*****************************************************************/
+# include "trusted-keys.conf" ;
+
+/*****************************************************************
+**      root server hints and required 127 stuff
+*****************************************************************/
+zone "." in {
+	type hint;
+	file "root.hint";
+};
+
+zone "localhost" in {
+	type master;
+	file "localhost.zone";
+};
+
+zone "0.0.127.in-addr.ARPA" in {
+	type master;
+	file "127.0.0.zone";
+};
+
+include "zone.conf";
diff --git a/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+04254.key b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+04254.key
new file mode 100644
index 0000000..a255a7b
--- /dev/null
+++ b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+04254.key
@@ -0,0 +1,3 @@
+;%	generationtime=20080725213107
+;%	lifetime=3d
+sub.example.net. IN DNSKEY  256 3 1 BQEAAAAB4Z/siqZTvCFKzaOrB8+HHTlR9is+/+/Sem6gxhZt/vpWkNMy aSpAT8LjR7nNHr9vNYsJ2KCQtY2dUFjT5BCeqQ==
diff --git a/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+04254.private b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+04254.private
new file mode 100644
index 0000000..e636e05
--- /dev/null
+++ b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+04254.private
@@ -0,0 +1,10 @@
+Private-key-format: v1.2
+Algorithm: 1 (RSA)
+Modulus: 4Z/siqZTvCFKzaOrB8+HHTlR9is+/+/Sem6gxhZt/vpWkNMyaSpAT8LjR7nNHr9vNYsJ2KCQtY2dUFjT5BCeqQ==
+PublicExponent: AQAAAAE=
+PrivateExponent: fcaPYDDCumWIaPKV7FY0JB/PofSCo8amWw5u+eXFxh149WE5PeXYOOS2+x41keA5Z1PhYme4Ma5rcCMRN7n+sQ==
+Prime1: /RbDZdmt2zlsChJiLR+Brweas6L1jnzUsJFm78HlSnM=
+Prime2: 5DhKYbovzYbkIFhp1b9lt22+ymAU8LOGvFXdfb1y33M=
+Exponent1: yw61YMxuJGzEAgxVmlAm6oEH0WaaJ5T1PvZGut1xCU0=
+Exponent2: wYNtwOUtI0UQWQF1ZCBiVsquBIkPvI5eR2GQypHaK08=
+Coefficient: NqkVvrZjnJ/jVWDEykJ2XYuslJOIJPi1+7+sTUyBhPU=
diff --git a/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+56744.key b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+56744.key
new file mode 100644
index 0000000..4e7c3e5
--- /dev/null
+++ b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+56744.key
@@ -0,0 +1,3 @@
+;%	generationtime=20080730222553
+;%	lifetime=3d
+sub.example.net. IN DNSKEY  256 3 1 BQEAAAABxZS/DJA1BUdYVj5cOmMMnA5W/SHlkb4sEZkca3uIqV4gTzgv guftN+M1ZgwyPwarn7DQR1Eb92uW3ALxwN2o6w==
diff --git a/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+56744.published b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+56744.published
new file mode 100644
index 0000000..2a3ae65
--- /dev/null
+++ b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+56744.published
@@ -0,0 +1,10 @@
+Private-key-format: v1.2
+Algorithm: 1 (RSA)
+Modulus: xZS/DJA1BUdYVj5cOmMMnA5W/SHlkb4sEZkca3uIqV4gTzgvguftN+M1ZgwyPwarn7DQR1Eb92uW3ALxwN2o6w==
+PublicExponent: AQAAAAE=
+PrivateExponent: aSglUr7DxsGNZMOhyoyN6W0xGps+JGfI3ErXbewlvflVSFSHrA19x0OafvR6eFzqmzKKGIyZBJkYT5NHqKIG6Q==
+Prime1: 4yqINEZm3xDdHGyv31umolirJtS4X2teORhzWDE/r6U=
+Prime2: 3qjiidKP41FSrOsXXgkj3XBi+OAH0cpVBZxCuP+ykU8=
+Exponent1: p8nyeR3ldgpw7A6tebr6okucM6324S5LPOWlC8ygxp0=
+Exponent2: a1qTrKaBO6pN7UI/mHimSYLoevjQBWeX8jB0tmG0NIc=
+Coefficient: NB2eeh6Z+a9qMf1w5UY2z9ME+ZyYtvRbYZSkedB4Q4Y=
diff --git a/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+005+54876.key b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+005+54876.key
new file mode 100644
index 0000000..21098f8
--- /dev/null
+++ b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+005+54876.key
@@ -0,0 +1 @@
+sub.example.net. IN DNSKEY 257 3 5 AQOjGNN0/hLA20+W2qo0sktVActYKf1Opnx+bmkWSrsmJHMBHlT8hL50 7pGTmDoyH0Ae9+3MZSTBL1S+HhA12B0htiTp8IbtN/gZOBbwD36cBpPe 72uDQoUy/TdSn1HLtoqUSMTB+saqCTZWCfIEqcbHRn0T6PhgqLyCvLzb Z/avYw==
diff --git a/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+005+54876.private b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+005+54876.private
new file mode 100644
index 0000000..ad5b363
--- /dev/null
+++ b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+005+54876.private
@@ -0,0 +1,10 @@
+Private-key-format: v1.2
+Algorithm: 5 (RSASHA1)
+Modulus: oxjTdP4SwNtPltqqNLJLVQHLWCn9TqZ8fm5pFkq7JiRzAR5U/IS+dO6Rk5g6Mh9AHvftzGUkwS9Uvh4QNdgdIbYk6fCG7Tf4GTgW8A9+nAaT3u9rg0KFMv03Up9Ry7aKlEjEwfrGqgk2VgnyBKnGx0Z9E+j4YKi8gry822f2r2M=
+PublicExponent: Aw==
+PrivateExponent: bLs3o1QMgJI1DzxxeHbc41aHkBv+NG79qZ7wuYcnbsL3VhQ4qFh++J8Lt7rRdr+AFKVJMu4YgMo4fr61eTq+FWije4t8PrILH6qzNdwCqOLsQYyKRUODTPsE+2BU6TZVBsBOBPlpJP9hTBj1DCoUTE6y8Evkkmf4C4Y6U7frF/s=
+Prime1: 1t2pJC/eQzdhrLR4qHlaaT6vPmBC+7eNPg8zjdZDA03TKMd/V4kw6XtB6QYQZRi/CXg7JjoLr3dpUgyMY0l8tw==
+Prime2: wlIHexyw6bAIC1WmnQFESPLNXjvYYYiyRqCmAPwq4b02/4g7LR/BoKkh+3xiBY+VxvhwUOd5XVEIIVjRcMyOtQ==
+Exponent1: jz5wwsqULM+WcyL7GvuRm38ffurXUnpeKV93s+QsrN6MxdpU5QYgm6eBRgQK7hB/W6V8xCaydPpGNrMIQjD9zw==
+Exponent2: gYwE/L3LRnVasjkZvgDYMKHePtKQQQXMLxXEAKgcln4kqlrSHhUrwHDBUlLsA7UOhKWgNe+mPjYFa5CLoIhfIw==
+Coefficient: DWng17udd0Q2STNt5gshQ6PjNQxEQmQMnCwltkosf8rJhl/rQuYULz0elnWhADcMBDYw7Y6Kb7xjpL4FdR0YnA==
diff --git a/contrib/zkt/examples/flat/sub.example.net./dlvset-sub.example.net. b/contrib/zkt/examples/flat/sub.example.net./dlvset-sub.example.net.
new file mode 100644
index 0000000..8e00719
--- /dev/null
+++ b/contrib/zkt/examples/flat/sub.example.net./dlvset-sub.example.net.
@@ -0,0 +1,2 @@
+sub.example.net.dlv.trusted-keys.de. IN	DLV 54876 5 1 CAB6127E303A8A8D7D5A29AE05DB60F4C5060B10
+sub.example.net.dlv.trusted-keys.de. IN	DLV 54876 5 2 7C8CAF1844479F3600213173BB5D1E2A44143D63B6E0B3E10D8C5310 ADF84D30
diff --git a/contrib/zkt/examples/flat/sub.example.net./dnskey.db b/contrib/zkt/examples/flat/sub.example.net./dnskey.db
new file mode 100644
index 0000000..396e7d3
--- /dev/null
+++ b/contrib/zkt/examples/flat/sub.example.net./dnskey.db
@@ -0,0 +1,29 @@
+;
+;	!!! Don't edit this file by hand.
+;	!!! It will be generated by dnssec-signer.
+;
+;	 Last generation time Jul 31 2008 13:19:17
+;
+
+;  ***  List of Key Signing Keys  ***
+; sub.example.net.  tag=54876  algo=RSASHA1  generated Jun 19 2008 00:32:22
+sub.example.net. 3600 IN DNSKEY  257 3 5 (
+			AQOjGNN0/hLA20+W2qo0sktVActYKf1Opnx+bmkWSrsmJHMBHlT8hL50
+			7pGTmDoyH0Ae9+3MZSTBL1S+HhA12B0htiTp8IbtN/gZOBbwD36cBpPe
+			72uDQoUy/TdSn1HLtoqUSMTB+saqCTZWCfIEqcbHRn0T6PhgqLyCvLzb
+			Z/avYw==
+		) ; key id = 54876
+
+; ***  List of Zone Signing Keys  ***
+; sub.example.net.  tag=4254  algo=RSAMD5  generated Jul 31 2008 00:25:52
+sub.example.net. 3600 IN DNSKEY  256 3 1 (
+			BQEAAAAB4Z/siqZTvCFKzaOrB8+HHTlR9is+/+/Sem6gxhZt/vpWkNMy
+			aSpAT8LjR7nNHr9vNYsJ2KCQtY2dUFjT5BCeqQ==
+		) ; key id = 4254
+
+; sub.example.net.  tag=56744  algo=RSAMD5  generated Jul 31 2008 00:25:53
+sub.example.net. 3600 IN DNSKEY  256 3 1 (
+			BQEAAAABxZS/DJA1BUdYVj5cOmMMnA5W/SHlkb4sEZkca3uIqV4gTzgv
+			guftN+M1ZgwyPwarn7DQR1Eb92uW3ALxwN2o6w==
+		) ; key id = 56744
+
diff --git a/contrib/zkt/examples/flat/sub.example.net./dnssec.conf b/contrib/zkt/examples/flat/sub.example.net./dnssec.conf
new file mode 100644
index 0000000..4a045ad
--- /dev/null
+++ b/contrib/zkt/examples/flat/sub.example.net./dnssec.conf
@@ -0,0 +1,14 @@
+
+resigninterval	1d
+sigvalidity 	2d
+max_ttl 	90s
+
+Serialformat:	unixtime
+ksk_algo 	RSASHA1
+ksk_bits 	1024
+
+zsk_lifetime 	3d
+zsk_algo 	RSAMD5
+zsk_bits 	512
+
+dlv_domain	"dlv.trusted-keys.de"
diff --git a/contrib/zkt/examples/flat/sub.example.net./zone.db b/contrib/zkt/examples/flat/sub.example.net./zone.db
new file mode 100644
index 0000000..c9ec01e
--- /dev/null
+++ b/contrib/zkt/examples/flat/sub.example.net./zone.db
@@ -0,0 +1,25 @@
+;-----------------------------------------------------------------
+;
+;       @(#)    sec.example.net/zone.db
+;
+;-----------------------------------------------------------------
+
+$TTL 7200
+
+@ 	IN SOA	ns1.example.net. hostmaster.example.net.  (
+				0	; Serial
+				86400	; Refresh	(RIPE recommendation if NOTIFY is used)
+				1800	; Retry
+				2W	; Expire
+				7200 )	; Minimum
+
+
+		IN  NS		ns1.example.net.
+
+$INCLUDE dnskey.db
+
+localhost	IN  A		127.0.0.1
+
+a		IN  A		1.2.3.4
+b		IN  A		1.2.3.5
+c		IN  A		1.2.3.6
diff --git a/contrib/zkt/examples/flat/sub.example.net./zone.db.signed b/contrib/zkt/examples/flat/sub.example.net./zone.db.signed
new file mode 100644
index 0000000..0560d2b
--- /dev/null
+++ b/contrib/zkt/examples/flat/sub.example.net./zone.db.signed
@@ -0,0 +1,103 @@
+; File written on Thu Jul 31 13:19:17 2008
+; dnssec_signzone version 9.5.1b1
+sub.example.net.	7200	IN SOA	ns1.example.net. hostmaster.example.net. (
+					1217503157 ; serial
+					86400      ; refresh (1 day)
+					1800       ; retry (30 minutes)
+					1209600    ; expire (2 weeks)
+					7200       ; minimum (2 hours)
+					)
+			7200	RRSIG	SOA 1 3 7200 20080802101917 (
+					20080731101917 4254 sub.example.net.
+					pAevIprv5lPMcSSR4l0cGzaYTY2pG3HsT6z9
+					RkSwssWSyyMxRqgYCuR2gErA1THGJNPlT8Qa
+					9bvrMVOXpd0Q1g== )
+			7200	NS	ns1.example.net.
+			7200	RRSIG	NS 1 3 7200 20080802101917 (
+					20080731101917 4254 sub.example.net.
+					zB0f/bN5fvezT404pT+ArKVIW2QHKzTC2osb
+					k2sUpJiuhKtdJBx1kfBNmyaIuFaZsLtWacJn
+					1S/A2bV4S3No7Q== )
+			7200	NSEC	a.sub.example.net. NS SOA RRSIG NSEC DNSKEY
+			7200	RRSIG	NSEC 1 3 7200 20080802101917 (
+					20080731101917 4254 sub.example.net.
+					ElgI6LCNWdDWM3OKh4vNDN9EiSns1bpnmOPK
+					TmAPb/tStfHfmNOuwBleW6irtDexizZcZFl8
+					feRHQBEYFpgvhA== )
+			3600	DNSKEY	256 3 1 (
+					BQEAAAABxZS/DJA1BUdYVj5cOmMMnA5W/SHl
+					kb4sEZkca3uIqV4gTzgvguftN+M1ZgwyPwar
+					n7DQR1Eb92uW3ALxwN2o6w==
+					) ; key id = 56744
+			3600	DNSKEY	256 3 1 (
+					BQEAAAAB4Z/siqZTvCFKzaOrB8+HHTlR9is+
+					/+/Sem6gxhZt/vpWkNMyaSpAT8LjR7nNHr9v
+					NYsJ2KCQtY2dUFjT5BCeqQ==
+					) ; key id = 4254
+			3600	DNSKEY	257 3 5 (
+					AQOjGNN0/hLA20+W2qo0sktVActYKf1Opnx+
+					bmkWSrsmJHMBHlT8hL507pGTmDoyH0Ae9+3M
+					ZSTBL1S+HhA12B0htiTp8IbtN/gZOBbwD36c
+					BpPe72uDQoUy/TdSn1HLtoqUSMTB+saqCTZW
+					CfIEqcbHRn0T6PhgqLyCvLzbZ/avYw==
+					) ; key id = 54876
+			3600	RRSIG	DNSKEY 1 3 3600 20080802101917 (
+					20080731101917 4254 sub.example.net.
+					ASLViHuAWYqnzkZ4i6eywTuKvHyk93xsQBba
+					4VjRCKc93KzvkWUA6SgOcwGvuRuAGCGb60VT
+					UW2clZMFj/Fy6g== )
+			3600	RRSIG	DNSKEY 5 3 3600 20080802101917 (
+					20080731101917 54876 sub.example.net.
+					B2w2YAkeV2vx159FnG+B/H36Vnx8L1WwHt3E
+					0YV1yYj2s5ZV6B6Gq34Ahm6y+zs7TsVxeYpO
+					OCoYCck/D+ehpuHOzZRR7xS2Rz/xLIvfASAK
+					7NT/aIOlNPWH6I1J3ZAwhfAwF680KEFHPksv
+					oFMHe/OpIq7x/a4NdMn3yIWbFtg= )
+a.sub.example.net.	7200	IN A	1.2.3.4
+			7200	RRSIG	A 1 4 7200 20080802101917 (
+					20080731101917 4254 sub.example.net.
+					1bTDrFSMIV8H8HTfEFQiG7dqYGr3a8UvK5fQ
+					owoh0VJuG4+DCUZU8edUSwnzMW8Yza4Ev0j+
+					M4ESPnoKxli7YQ== )
+			7200	NSEC	b.sub.example.net. A RRSIG NSEC
+			7200	RRSIG	NSEC 1 4 7200 20080802101917 (
+					20080731101917 4254 sub.example.net.
+					nmJGbJWWaChlNmTTk5TgWEYRETeSJFiCoYHv
+					USKfEwLn13LfKk/lRZJarWIkDh7mxoismPOt
+					2ODgeGLhUTap7A== )
+b.sub.example.net.	7200	IN A	1.2.3.5
+			7200	RRSIG	A 1 4 7200 20080802101917 (
+					20080731101917 4254 sub.example.net.
+					ojTCQ+aB8WClC7ncJsVGaN5RY6lczR7/Q0uz
+					bydmXQBjGUdF/GsuJvhR26mVbPzJNmF7uDNN
+					S0Et3ivWZSAVOg== )
+			7200	NSEC	c.sub.example.net. A RRSIG NSEC
+			7200	RRSIG	NSEC 1 4 7200 20080802101917 (
+					20080731101917 4254 sub.example.net.
+					a6adIifDPjibbLme8dVzcKymxSARsIs2pz7B
+					jHXl0NCH9tmPBc/cBnjHxnSaes3QVDeok04k
+					+SzjVQtJfxUDsA== )
+c.sub.example.net.	7200	IN A	1.2.3.6
+			7200	RRSIG	A 1 4 7200 20080802101917 (
+					20080731101917 4254 sub.example.net.
+					ZeYTG7C6eEXhcHaBS4oIcwWGA5NayJs9aqhb
+					eWLRoZ75LxgIxhMQYU6A22PQf+zIWLADd0ID
+					z5HLpC+KbfpJxw== )
+			7200	NSEC	localhost.sub.example.net. A RRSIG NSEC
+			7200	RRSIG	NSEC 1 4 7200 20080802101917 (
+					20080731101917 4254 sub.example.net.
+					IypmujoPBPhfEJqJdst5ZBazYfrr5l8nzrIh
+					a6xQYUDcw8aI96rVxn0pjeeiGBHuge2HbAAh
+					4AnYjZlHjfe+MA== )
+localhost.sub.example.net. 7200	IN A	127.0.0.1
+			7200	RRSIG	A 1 4 7200 20080802101917 (
+					20080731101917 4254 sub.example.net.
+					o8kEv5q2Xus/jL8w8gB/M3VSvz7eTP67u38T
+					X+JO2yRn7W8gIxPo46yYfgr3qB7WXYD8jB8Y
+					vw4b+pdoWMi0+g== )
+			7200	NSEC	sub.example.net. A RRSIG NSEC
+			7200	RRSIG	NSEC 1 4 7200 20080802101917 (
+					20080731101917 4254 sub.example.net.
+					XbQQpoL8oV9kgpIKHyX2KoCmtMm2Wub1lVu9
+					PP0RM4QO5bpWls0ify3KgNiAg0g6qV86UQIr
+					SgFnqsd6YTxxpw== )
diff --git a/contrib/zkt/examples/flat/zkt.log b/contrib/zkt/examples/flat/zkt.log
new file mode 100644
index 0000000..9276f94
--- /dev/null
+++ b/contrib/zkt/examples/flat/zkt.log
@@ -0,0 +1,2501 @@
+2008-06-10 00:36:45.086: warning: zone "sub.example.net.": lifetime of key signing key 54876 exceeded
+2008-06-10 00:37:09.073: warning: zone "sub.example.net.": lifetime of key signing key 54876 exceeded
+2008-06-10 00:37:09.074: error: zone "example.net.": couldn't increment serialno in file ./example.net./zone.db: not enough space left for serialno
+2008-06-10 00:37:24.586: warning: zone "sub.example.net.": lifetime of key signing key 54876 exceeded
+2008-06-10 00:37:24.588: error: zone "example.net.": couldn't increment serialno in file ./example.net./zone.db: not enough space left for serialno
+2008-06-10 00:38:02.499: warning: zone "sub.example.net.": lifetime of key signing key 54876 exceeded
+2008-06-10 00:38:14.016: warning: zone "sub.example.net.": lifetime of key signing key 54876 exceeded
+2008-06-10 00:38:14.018: error: zone "example.net.": couldn't increment serialno in file ./example.net./zone.db: couldn't find serialnumber in zone file
+2008-06-10 00:38:40.235: warning: zone "sub.example.net.": lifetime of key signing key 54876 exceeded
+2008-06-10 00:38:40.236: error: zone "example.net.": couldn't increment serialno in file ./example.net./zone.db: unexpected end of file
+2008-06-10 00:38:49.975: warning: zone "sub.example.net.": lifetime of key signing key 54876 exceeded
+2008-06-11 13:47:16.909: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded ()
+2008-06-11 13:51:06.959: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded -16781202()
+2008-06-11 13:54:29.680: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded (27w5d5h30m5s)
+2008-06-11 13:56:36.990: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w5d5h32m12s
+2008-06-11 22:39:48.053: notice: running as ../../dnssec-signer -v -v
+2008-06-11 22:39:48.056: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w5d14h15m24s
+2008-06-11 22:39:48.056: notice: "sub.example.net.": lifetime of zone signing key 44833 exceeded since 2h30m54s: ZSK rollover done
+2008-06-11 22:39:48.143: notice: "sub.example.net.": re-signing triggered: New zone key
+2008-06-11 22:39:48.617: notice: end of run: 0 errors occured
+2008-06-11 22:41:14.103: notice: running as ../../dnssec-signer -v -v
+2008-06-11 22:41:14.106: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w5d14h16m50s
+2008-06-11 22:41:14.106: notice: end of run: 0 errors occured
+2008-06-11 22:48:18.445: notice: running as ../../dnssec-signer -v -v
+2008-06-11 22:48:18.448: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w5d14h23m54s
+2008-06-11 22:48:18.448: notice: "sub.example.net.": re-signing triggered: New zone key
+2008-06-11 22:48:19.087: notice: end of run: 0 errors occured
+2008-06-11 22:56:53.295: notice: running as ../../dnssec-signer -v -v
+2008-06-11 22:56:53.297: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w5d14h32m29s
+2008-06-11 22:56:53.297: notice: end of run: 0 errors occured
+2008-06-11 23:01:41.451: notice: running as ../../dnssec-signer -v -v
+2008-06-11 23:01:41.454: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w5d14h37m17s
+2008-06-11 23:01:41.454: notice: end of run: 0 errors occured
+2008-06-11 23:04:25.909: notice: running as ../../dnssec-signer -c dnssec.conf -v -v
+2008-06-11 23:04:25.911: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w5d14h40m1s
+2008-06-11 23:04:25.911: notice: end of run: 0 errors occured
+2008-06-12 13:06:54.007: notice: running as ../../dnssec-signer -v -v
+2008-06-12 13:06:54.055: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d4h42m30s
+2008-06-12 13:06:54.056: notice: end of run: 0 errors occured
+2008-06-12 13:07:45.126: notice: running as ../../dnssec-signer -v -v
+2008-06-12 13:07:45.129: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+
+2008-06-12 13:07:45.129: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d4h43m21s
+2008-06-12 13:07:45.130: debug: parsing zone "example.net." in dir "./example.net."
+
+2008-06-12 13:07:45.130: notice: end of run: 0 errors occured
+2008-06-12 13:22:02.251: notice: running as ../../dnssec-signer -v -v
+2008-06-12 13:22:02.253: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+
+2008-06-12 13:22:02.253: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d4h57m38s
+2008-06-12 13:22:02.253: debug: parsing zone "example.net." in dir "./example.net."
+
+2008-06-12 13:22:02.253: notice: end of run: 0 errors occured
+2008-06-12 13:24:37.956: notice: running as ../../dnssec-signer -v -v
+2008-06-12 13:24:37.958: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-06-12 13:24:37.958: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d5h13s
+2008-06-12 13:24:37.958: debug: parsing zone "example.net." in dir "./example.net."
+2008-06-12 13:24:37.958: notice: end of run: 0 errors occured
+2008-06-12 13:25:32.993: notice: running as ../../dnssec-signer --config-option verboselog: 0; -v -v
+2008-06-12 13:25:32.997: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d5h1m8s
+2008-06-12 13:25:32.997: notice: end of run: 0 errors occured
+2008-06-12 13:26:49.861: notice: running as ../../dnssec-signer -O verboselog: 0; -v -v
+2008-06-12 13:26:49.864: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d5h2m25s
+2008-06-12 13:26:49.864: notice: end of run: 0 errors occured
+2008-06-12 16:28:01.977: notice: running as ../../dnssec-signer --config-option verboselog: 0; -v -v
+2008-06-12 16:28:01.979: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h3m37s
+2008-06-12 16:28:01.979: notice: end of run: 0 errors occured
+2008-06-12 16:28:13.626: notice: running as ../../dnssec-signer --config-option verboselog: 0; -v
+2008-06-12 16:28:13.629: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h3m49s
+2008-06-12 16:28:13.630: notice: end of run: 0 errors occured
+2008-06-12 16:28:30.318: notice: running as ../../dnssec-signer --config-option verboselog: 0; -v -v
+2008-06-12 16:28:30.320: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h4m6s
+2008-06-12 16:28:30.320: notice: end of run: 0 errors occured
+2008-06-12 16:34:06.968: notice: running as ../../dnssec-signer -v -v
+2008-06-12 16:34:06.971: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-06-12 16:34:06.971: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h9m42s
+2008-06-12 16:34:06.972: debug: parsing zone "example.net." in dir "./example.net."
+2008-06-12 16:34:06.972: notice: end of run: 0 errors occured
+2008-06-12 16:34:15.816: notice: running as ../../dnssec-signer
+2008-06-12 16:34:15.818: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-06-12 16:34:15.818: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h9m51s
+2008-06-12 16:34:15.818: debug: parsing zone "example.net." in dir "./example.net."
+2008-06-12 16:34:15.818: notice: end of run: 0 errors occured
+2008-06-12 16:35:27.777: notice: running as ../../dnssec-signer --config-option verboselog: 0; -v -v
+2008-06-12 16:35:27.780: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h11m3s
+2008-06-12 16:35:27.780: notice: end of run: 0 errors occured
+2008-06-12 16:44:56.266: notice: running as ../../dnssec-signer -v -v
+2008-06-12 16:44:56.269: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-06-12 16:44:56.269: debug: 		->ksk5011status returns 0
+2008-06-12 16:44:56.269: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h20m32s
+2008-06-12 16:44:56.269: debug: 	Re-signing not necessary!
+2008-06-12 16:44:56.269: debug: parsing zone "example.net." in dir "./example.net."
+2008-06-12 16:44:56.269: debug: 		->ksk5011status returns 2
+2008-06-12 16:44:56.269: debug: 	Re-signing not necessary!
+2008-06-12 16:44:56.270: notice: end of run: 0 errors occured
+2008-06-12 16:49:23.380: notice: running as ../../dnssec-signer -v -v
+2008-06-12 16:49:23.385: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-06-12 16:49:23.385: debug: 		->ksk5011status returns 0
+2008-06-12 16:49:23.386: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h24m59s
+2008-06-12 16:49:23.386: debug: 	Re-signing not necessary!
+2008-06-12 16:49:23.386: debug: parsing zone "example.net." in dir "./example.net."
+2008-06-12 16:49:23.386: debug: 		->ksk5011status returns 2
+2008-06-12 16:49:23.386: debug: 	Re-signing not necessary!
+2008-06-12 16:49:23.386: notice: end of run: 0 errors occured
+2008-06-12 16:49:28.284: notice: running as ../../dnssec-signer -r -v -v
+2008-06-12 16:49:28.288: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-06-12 16:49:28.288: debug: 		->ksk5011status returns 0
+2008-06-12 16:49:28.288: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h25m4s
+2008-06-12 16:49:28.288: debug: 	Re-signing not necessary!
+2008-06-12 16:49:28.288: debug: parsing zone "example.net." in dir "./example.net."
+2008-06-12 16:49:28.288: debug: 		->ksk5011status returns 2
+2008-06-12 16:49:28.288: debug: 	Re-signing not necessary!
+2008-06-12 16:49:28.288: notice: end of run: 0 errors occured
+2008-06-12 16:49:32.079: notice: running as ../../dnssec-signer -f -v -v
+2008-06-12 16:49:32.081: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-06-12 16:49:32.081: debug: 		->ksk5011status returns 0
+2008-06-12 16:49:32.081: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h25m8s
+2008-06-12 16:49:32.082: debug: 	Re-signing necessary: Option -f
+2008-06-12 16:49:32.082: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-06-12 16:49:32.082: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-06-12 16:49:32.082: debug: 	Signing zone "sub.example.net."
+2008-06-12 16:49:32.082: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o sub.example.net. -e +172800 -g -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-06-12 16:49:32.222: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-06-12 16:49:32.222: debug: 	Signing completed after 0s.
+2008-06-12 16:49:32.222: debug: 
+2008-06-12 16:49:32.222: debug: parsing zone "example.net." in dir "./example.net."
+2008-06-12 16:49:32.222: debug: 		->ksk5011status returns 2
+2008-06-12 16:49:32.223: debug: 	Re-signing necessary: Option -f
+2008-06-12 16:49:32.223: notice: "example.net.": re-signing triggered: Option -f
+2008-06-12 16:49:32.223: debug: 	Writing key file "./example.net./dnskey.db"
+2008-06-12 16:49:32.223: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-06-12 16:49:32.223: debug: 	Signing zone "example.net."
+2008-06-12 16:49:32.223: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o example.net. -e +518400 -g  zone.db K*.private"
+2008-06-12 16:49:32.335: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-06-12 16:49:32.335: debug: 	Signing completed after 0s.
+2008-06-12 16:49:32.335: debug: 
+2008-06-12 16:49:32.335: notice: end of run: 0 errors occured
+2008-06-12 17:02:15.076: notice: running as ../../dnssec-signer -f -v -v
+2008-06-12 17:02:15.078: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-06-12 17:02:15.078: debug: 	Check RFC5011 status
+2008-06-12 17:02:15.078: debug: 		->ksk5011status returns 0
+2008-06-12 17:02:15.078: debug: 	Check ksk status
+2008-06-12 17:02:15.078: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h37m51s
+2008-06-12 17:02:15.078: debug: 	Re-signing necessary: Option -f
+2008-06-12 17:02:15.078: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-06-12 17:02:15.078: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-06-12 17:02:15.079: debug: 	Signing zone "sub.example.net."
+2008-06-12 17:02:15.079: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o sub.example.net. -e +172800 -g -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-06-12 17:02:15.254: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-06-12 17:02:15.254: debug: 	Signing completed after 0s.
+2008-06-12 17:02:15.254: debug: 
+2008-06-12 17:02:15.254: debug: parsing zone "example.net." in dir "./example.net."
+2008-06-12 17:02:15.255: debug: 	Check RFC5011 status
+2008-06-12 17:02:15.255: debug: 		->ksk5011status returns 2
+2008-06-12 17:02:15.255: debug: 	Re-signing necessary: Option -f
+2008-06-12 17:02:15.255: notice: "example.net.": re-signing triggered: Option -f
+2008-06-12 17:02:15.255: debug: 	Writing key file "./example.net./dnskey.db"
+2008-06-12 17:02:15.255: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-06-12 17:02:15.255: debug: 	Signing zone "example.net."
+2008-06-12 17:02:15.255: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o example.net. -e +518400 -g  zone.db K*.private"
+2008-06-12 17:02:15.368: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-06-12 17:02:15.368: debug: 	Signing completed after 0s.
+2008-06-12 17:02:15.368: debug: 
+2008-06-12 17:02:15.368: notice: end of run: 0 errors occured
+2008-06-12 17:43:50.388: notice: running as ../../dnssec-signer -f -f
+2008-06-12 17:43:50.390: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-06-12 17:43:50.390: debug: 	Check RFC5011 status
+2008-06-12 17:43:50.390: debug: 		->ksk5011status returns 0
+2008-06-12 17:43:50.390: debug: 	Check ksk status
+2008-06-12 17:43:50.390: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d9h19m26s
+2008-06-12 17:43:50.390: debug: 	Re-signing necessary: Option -f
+2008-06-12 17:43:50.390: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-06-12 17:43:50.390: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-06-12 17:43:50.390: debug: 	Signing zone "sub.example.net."
+2008-06-12 17:43:50.390: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o sub.example.net. -e +172800 -g -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-06-12 17:43:50.533: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-06-12 17:43:50.533: debug: 	Signing completed after 0s.
+2008-06-12 17:43:50.533: debug: 
+2008-06-12 17:43:50.533: debug: parsing zone "example.net." in dir "./example.net."
+2008-06-12 17:43:50.533: debug: 	Check RFC5011 status
+2008-06-12 17:43:50.533: debug: 		->ksk5011status returns 2
+2008-06-12 17:43:50.533: debug: 	Re-signing necessary: Option -f
+2008-06-12 17:43:50.533: notice: "example.net.": re-signing triggered: Option -f
+2008-06-12 17:43:50.533: debug: 	Writing key file "./example.net./dnskey.db"
+2008-06-12 17:43:50.534: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-06-12 17:43:50.534: debug: 	Signing zone "example.net."
+2008-06-12 17:43:50.534: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o example.net. -e +518400 -g  zone.db K*.private"
+2008-06-12 17:43:50.645: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-06-12 17:43:50.645: debug: 	Signing completed after 0s.
+2008-06-12 17:43:50.645: debug: 
+2008-06-12 17:43:50.645: notice: end of run: 0 errors occured
+2008-06-12 17:49:43.188: notice: running as ../../dnssec-signer -O verboselog: 2 -v -v
+2008-06-12 17:49:43.190: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-06-12 17:49:43.190: debug: 	Check RFC5011 status
+2008-06-12 17:49:43.190: debug: 		->ksk5011status returns 0
+2008-06-12 17:49:43.190: debug: 	Check ksk status
+2008-06-12 17:49:43.190: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d9h25m19s
+2008-06-12 17:49:43.190: debug: 	Re-signing not necessary!
+2008-06-12 17:49:43.190: debug: parsing zone "example.net." in dir "./example.net."
+2008-06-12 17:49:43.190: debug: 	Check RFC5011 status
+2008-06-12 17:49:43.190: debug: 		->ksk5011status returns 2
+2008-06-12 17:49:43.190: debug: 	Re-signing not necessary!
+2008-06-12 17:49:43.190: notice: end of run: 0 errors occured
+2008-06-12 17:50:09.325: notice: running as ../../dnssec-signer -v -v
+2008-06-12 17:50:09.327: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-06-12 17:50:09.327: debug: 	Check RFC5011 status
+2008-06-12 17:50:09.327: debug: 		->ksk5011status returns 0
+2008-06-12 17:50:09.327: debug: 	Check ksk status
+2008-06-12 17:50:09.327: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d9h25m45s
+2008-06-12 17:50:09.327: debug: 	Re-signing not necessary!
+2008-06-12 17:50:09.327: debug: parsing zone "example.net." in dir "./example.net."
+2008-06-12 17:50:09.327: debug: 	Check RFC5011 status
+2008-06-12 17:50:09.327: debug: 		->ksk5011status returns 2
+2008-06-12 17:50:09.327: debug: 	Re-signing not necessary!
+2008-06-12 17:50:09.327: notice: end of run: 0 errors occured
+2008-06-12 17:52:29.309: notice: running as ../../dnssec-signer -v -v
+2008-06-12 17:52:29.311: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-06-12 17:52:29.312: debug: 	Check RFC5011 status
+2008-06-12 17:52:29.312: debug: 		->ksk5011status returns 0
+2008-06-12 17:52:29.312: debug: 	Check ksk status
+2008-06-12 17:52:29.312: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d9h28m5s
+2008-06-12 17:52:29.312: debug: 	Re-signing not necessary!
+2008-06-12 17:52:29.312: debug: parsing zone "example.net." in dir "./example.net."
+2008-06-12 17:52:29.313: debug: 	Check RFC5011 status
+2008-06-12 17:52:29.313: debug: 		->ksk5011status returns 2
+2008-06-12 17:52:29.313: debug: 	Re-signing not necessary!
+2008-06-12 17:52:29.313: notice: end of run: 0 errors occured
+2008-06-12 18:24:57.405: notice: running as ../../dnssec-signer -v -v
+2008-06-12 18:24:57.409: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-06-12 18:24:57.409: debug: 	Check RFC5011 status
+2008-06-12 18:24:57.409: debug: 		->ksk5011status returns 0
+2008-06-12 18:24:57.409: debug: 	Check ksk status
+2008-06-12 18:24:57.409: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d10h33s
+2008-06-12 18:24:57.409: debug: 	Re-signing not necessary!
+2008-06-12 18:24:57.409: debug: parsing zone "example.net." in dir "./example.net."
+2008-06-12 18:24:57.409: debug: 	Check RFC5011 status
+2008-06-12 18:24:57.409: debug: 		->ksk5011status returns 2
+2008-06-12 18:24:57.410: debug: 	Re-signing not necessary!
+2008-06-12 18:24:57.410: notice: end of run: 0 errors occured
+2008-06-16 23:12:32.309: notice: 
+2008-06-16 23:12:32.309: notice:  running as ../../dnssec-signer -v -v 
+2008-06-16 23:12:32.654: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-06-16 23:12:32.654: debug: 	Check RFC5011 status
+2008-06-16 23:12:32.654: debug: 		->ksk5011status returns 0
+2008-06-16 23:12:32.654: debug: 	Check ksk status
+2008-06-16 23:12:32.654: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 28w3d14h48m8s
+2008-06-16 23:12:32.654: debug: 	Lifetime(259200 +/-150 sec) of active key 44833 exceeded (433964 sec)
+2008-06-16 23:12:32.654: debug: 		->depreciate it
+2008-06-16 23:12:32.654: debug: 		->activate pre-publish key 55267
+2008-06-16 23:12:32.654: notice: "sub.example.net.": lifetime of zone signing key 55267 exceeded since 2d32m44s: ZSK rollover done
+2008-06-16 23:12:32.654: debug: 	New pre-publish key needed
+2008-06-16 23:12:32.790: debug: 		->creating new pre-publish key 56149
+2008-06-16 23:12:32.791: debug: 	Re-signing necessary: New zone key
+2008-06-16 23:12:32.791: notice: "sub.example.net.": re-signing triggered: New zone key
+2008-06-16 23:12:32.791: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-06-16 23:12:32.792: debug: 	Signing zone "sub.example.net."
+2008-06-16 23:12:32.792: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o sub.example.net. -e +172800 -g -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-06-16 23:12:33.022: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-06-16 23:12:33.022: debug: 	Signing completed after 1s.
+2008-06-16 23:12:33.022: debug: 
+2008-06-16 23:12:33.023: debug: parsing zone "example.net." in dir "./example.net."
+2008-06-16 23:12:33.023: debug: 	Check RFC5011 status
+2008-06-16 23:12:33.023: debug: 		->ksk5011status returns 2
+2008-06-16 23:12:33.023: debug: 	Re-signing necessary: re-signing interval (2d) reached
+2008-06-16 23:12:33.023: notice: "example.net.": re-signing triggered: re-signing interval (2d) reached
+2008-06-16 23:12:33.023: debug: 	Writing key file "./example.net./dnskey.db"
+2008-06-16 23:12:33.024: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-06-16 23:12:33.024: debug: 	Signing zone "example.net."
+2008-06-16 23:12:33.024: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o example.net. -e +518400 -g  zone.db K*.private"
+2008-06-16 23:12:33.169: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-06-16 23:12:33.170: debug: 	Signing completed after 0s.
+2008-06-16 23:12:33.170: debug: 
+2008-06-16 23:12:33.170: notice: end of run: 0 errors occured
+2008-06-16 23:13:24.119: notice: ===> running as ../../dnssec-signer -v -v <===
+2008-06-16 23:13:24.121: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-06-16 23:13:24.121: debug: 	Check RFC5011 status
+2008-06-16 23:13:24.121: debug: 		->ksk5011status returns 0
+2008-06-16 23:13:24.121: debug: 	Check ksk status
+2008-06-16 23:13:24.121: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 28w3d14h49m
+2008-06-16 23:13:24.121: debug: 	Re-signing not necessary!
+2008-06-16 23:13:24.121: debug: parsing zone "example.net." in dir "./example.net."
+2008-06-16 23:13:24.121: debug: 	Check RFC5011 status
+2008-06-16 23:13:24.121: debug: 		->ksk5011status returns 2
+2008-06-16 23:13:24.121: debug: 	Re-signing not necessary!
+2008-06-16 23:13:24.121: notice: end of run: 0 errors occured
+2008-06-16 23:13:56.970: notice: =====> running as ../../dnssec-signer -v -v <=====
+2008-06-16 23:13:56.972: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-06-16 23:13:56.972: debug: 	Check RFC5011 status
+2008-06-16 23:13:56.972: debug: 		->ksk5011status returns 0
+2008-06-16 23:13:56.972: debug: 	Check ksk status
+2008-06-16 23:13:56.973: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 28w3d14h49m32s
+2008-06-16 23:13:56.973: debug: 	Re-signing not necessary!
+2008-06-16 23:13:56.973: debug: parsing zone "example.net." in dir "./example.net."
+2008-06-16 23:13:56.973: debug: 	Check RFC5011 status
+2008-06-16 23:13:56.973: debug: 		->ksk5011status returns 2
+2008-06-16 23:13:56.973: debug: 	Re-signing not necessary!
+2008-06-16 23:13:56.973: notice: end of run: 0 errors occured
+2008-06-16 23:15:16.980: notice: ------------------------------------------------------------
+2008-06-16 23:15:16.982: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-06-16 23:15:16.982: debug: 	Check RFC5011 status
+2008-06-16 23:15:16.982: debug: 		->ksk5011status returns 0
+2008-06-16 23:15:16.982: debug: 	Check ksk status
+2008-06-16 23:15:16.982: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 28w3d14h50m52s
+2008-06-16 23:15:16.982: debug: 	Re-signing not necessary!
+2008-06-16 23:15:16.982: debug: parsing zone "example.net." in dir "./example.net."
+2008-06-16 23:15:16.982: debug: 	Check RFC5011 status
+2008-06-16 23:15:16.982: debug: 		->ksk5011status returns 2
+2008-06-16 23:15:16.982: debug: 	Re-signing not necessary!
+2008-06-16 23:15:16.983: notice: end of run: 0 errors occured
+2008-06-16 23:18:48.101: notice: ------------------------------------------------------------
+2008-06-16 23:18:48.101: notice:  running as ../../dnssec-signer -v -v 
+2008-06-16 23:18:48.103: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-06-16 23:18:48.103: debug: 	Check RFC5011 status
+2008-06-16 23:18:48.103: debug: 		->ksk5011status returns 0
+2008-06-16 23:18:48.103: debug: 	Check ksk status
+2008-06-16 23:18:48.103: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 28w3d14h54m24s
+2008-06-16 23:18:48.103: debug: 	Re-signing not necessary!
+2008-06-16 23:18:48.103: debug: 
+2008-06-16 23:18:48.103: debug: parsing zone "example.net." in dir "./example.net."
+2008-06-16 23:18:48.104: debug: 	Check RFC5011 status
+2008-06-16 23:18:48.104: debug: 		->ksk5011status returns 2
+2008-06-16 23:18:48.104: debug: 	Re-signing not necessary!
+2008-06-16 23:18:48.104: debug: 
+2008-06-16 23:18:48.104: notice: end of run: 0 errors occured
+2008-06-24 14:55:16.347: notice: ------------------------------------------------------------
+2008-06-24 14:55:16.347: notice: running ../../dnssec-signer -v -v 
+2008-06-24 14:55:16.349: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-06-24 14:55:16.349: debug: 	Check RFC5011 status
+2008-06-24 14:55:16.349: debug: 		->ksk5011status returns 0
+2008-06-24 14:55:16.349: debug: 	Check ksk status
+2008-06-24 14:55:16.349: debug: 	Lifetime(390 sec) of depreciated key 44833 exceeded (483774 sec)
+2008-06-24 14:55:16.350: debug: 		->remove it
+2008-06-24 14:55:16.350: debug: 	Lifetime(259200 +/-150 sec) of active key 55267 exceeded (483774 sec)
+2008-06-24 14:55:16.350: debug: 		->depreciate it
+2008-06-24 14:55:16.350: debug: 		->activate pre-publish key 56149
+2008-06-24 14:55:16.350: notice: "sub.example.net.": lifetime of zone signing key 55267 exceeded: ZSK rollover done
+2008-06-24 14:55:16.350: notice: "sub.example.net.": lifetime of zone signing key 56149 exceeded since 2d14h22m54s: ZSK rollover deferred: waiting for pre-publish key
+2008-06-24 14:55:16.350: debug: 	New pre-publish key needed
+2008-06-24 14:55:16.532: debug: 		->creating new pre-publish key 2338
+2008-06-24 14:55:16.532: debug: 	Re-signing necessary: New zone key
+2008-06-24 14:55:16.533: notice: "sub.example.net.": re-signing triggered: New zone key
+2008-06-24 14:55:16.533: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-06-24 14:55:16.533: debug: 	Signing zone "sub.example.net."
+2008-06-24 14:55:16.533: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -p -d ../keysets -o sub.example.net. -e +172800 -g -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-06-24 14:55:16.776: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-06-24 14:55:16.776: debug: 	Signing completed after 0s.
+2008-06-24 14:55:16.776: debug: 
+2008-06-24 14:55:16.776: debug: parsing zone "example.net." in dir "./example.net."
+2008-06-24 14:55:16.776: debug: 	Check RFC5011 status
+2008-06-24 14:55:16.776: debug: 		->ksk5011status returns 2
+2008-06-24 14:55:16.776: debug: 	Re-signing necessary: re-signing interval (2d) reached
+2008-06-24 14:55:16.776: notice: "example.net.": re-signing triggered: re-signing interval (2d) reached
+2008-06-24 14:55:16.776: debug: 	Writing key file "./example.net./dnskey.db"
+2008-06-24 14:55:16.777: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-06-24 14:55:16.777: debug: 	Signing zone "example.net."
+2008-06-24 14:55:16.777: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -p -d ../keysets -o example.net. -e +518400 -g  zone.db K*.private"
+2008-06-24 14:55:16.922: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-06-24 14:55:16.922: debug: 	Signing completed after 0s.
+2008-06-24 14:55:16.922: debug: 
+2008-06-24 14:55:16.922: notice: end of run: 0 errors occured
+2008-06-24 14:57:56.093: notice: ------------------------------------------------------------
+2008-06-24 14:57:56.094: notice: running ../../dnssec-signer -v -v 
+2008-06-24 14:57:56.096: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-06-24 14:57:56.096: debug: 	Check RFC5011 status
+2008-06-24 14:57:56.096: debug: 		->ksk5011status returns 0
+2008-06-24 14:57:56.096: debug: 	Check ksk status
+2008-06-24 14:57:56.097: debug: 	Re-signing not necessary!
+2008-06-24 14:57:56.097: debug: 
+2008-06-24 14:57:56.097: debug: parsing zone "example.net." in dir "./example.net."
+2008-06-24 14:57:56.097: debug: 	Check RFC5011 status
+2008-06-24 14:57:56.097: debug: 		->ksk5011status returns 2
+2008-06-24 14:57:56.097: debug: 	Re-signing not necessary!
+2008-06-24 14:57:56.097: debug: 
+2008-06-24 14:57:56.098: notice: end of run: 0 errors occured
+2008-06-24 23:26:12.632: notice: ------------------------------------------------------------
+2008-06-24 23:26:12.632: notice: running ../../dnssec-signer -v -v 
+2008-06-24 23:26:12.648: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-06-24 23:26:12.648: debug: 	Check RFC5011 status
+2008-06-24 23:26:12.648: debug: 		->ksk5011status returns 0
+2008-06-24 23:26:12.648: debug: 	Check ksk status
+2008-06-24 23:26:12.648: debug: 	Lifetime(390 sec) of depreciated key 55267 exceeded (30656 sec)
+2008-06-24 23:26:12.648: debug: 		->remove it
+2008-06-24 23:26:12.648: debug: 	Re-signing necessary: New zone key
+2008-06-24 23:26:12.649: notice: "sub.example.net.": re-signing triggered: New zone key
+2008-06-24 23:26:12.649: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-06-24 23:26:12.655: debug: 	Signing zone "sub.example.net."
+2008-06-24 23:26:12.655: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -p -d ../keysets -o sub.example.net. -e +172800 -g -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-06-24 23:26:13.030: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-06-24 23:26:13.030: debug: 	Signing completed after 1s.
+2008-06-24 23:26:13.030: debug: 
+2008-06-24 23:26:13.030: debug: parsing zone "example.net." in dir "./example.net."
+2008-06-24 23:26:13.030: debug: 	Check RFC5011 status
+2008-06-24 23:26:13.030: debug: 		->ksk5011status returns 2
+2008-06-24 23:26:13.030: debug: 	Re-signing not necessary!
+2008-06-24 23:26:13.030: debug: 
+2008-06-24 23:26:13.030: notice: end of run: 0 errors occured
+2008-07-08 00:53:55.013: notice: ------------------------------------------------------------
+2008-07-08 00:53:55.013: notice: running ../../dnssec-signer -v -v 
+2008-07-08 00:53:55.015: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-08 00:53:55.015: debug: 	Check RFC5011 status
+2008-07-08 00:53:55.015: debug: 		->ksk5011status returns 0
+2008-07-08 00:53:55.015: debug: 	Check KSK status
+2008-07-08 00:53:55.015: debug: 	Check ZSK status
+2008-07-08 00:53:55.015: debug: 	Lifetime(259200 +/-150 sec) of active key 56149 exceeded (1159119 sec)
+2008-07-08 00:53:55.015: debug: 		->depreciate it
+2008-07-08 00:53:55.015: debug: 		->activate pre-publish key 2338
+2008-07-08 00:53:55.018: notice: "sub.example.net.": lifetime of zone signing key 56149 exceeded: ZSK rollover done
+2008-07-08 00:53:55.018: debug: 	New pre-publish key needed
+2008-07-08 00:53:55.547: debug: 		->creating new pre-publish key 9198
+2008-07-08 00:53:55.547: info: "sub.example.net.": new pre-publish key 9198 created
+2008-07-08 00:53:55.547: debug: 	Re-signing necessary: New zone key
+2008-07-08 00:53:55.548: notice: "sub.example.net.": re-signing triggered: New zone key
+2008-07-08 00:53:55.548: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-08 00:53:55.578: debug: 	Signing zone "sub.example.net."
+2008-07-08 00:53:55.578: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-08 00:53:55.708: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-08 00:53:55.708: debug: 	Signing completed after 0s.
+2008-07-08 00:53:55.708: debug: 
+2008-07-08 00:53:55.708: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-08 00:53:55.708: debug: 	Check RFC5011 status
+2008-07-08 00:53:55.708: debug: 		->ksk5011status returns 2
+2008-07-08 00:53:55.708: debug: 	Check ZSK status
+2008-07-08 00:53:55.708: debug: 	Lifetime(1209600 +/-150 sec) of active key 14939 exceeded (1642893 sec)
+2008-07-08 00:53:55.708: debug: 		->waiting for pre-publish key
+2008-07-08 00:53:55.708: notice: "example.net.": lifetime of zone signing key 14939 exceeded since 5d21m33s: ZSK rollover deferred: waiting for pre-publish key
+2008-07-08 00:53:55.708: debug: 	New pre-publish key needed
+2008-07-08 00:53:55.747: debug: 		->creating new pre-publish key 16682
+2008-07-08 00:53:55.747: info: "example.net.": new pre-publish key 16682 created
+2008-07-08 00:53:55.747: debug: 	Re-signing necessary: New zone key
+2008-07-08 00:53:55.747: notice: "example.net.": re-signing triggered: New zone key
+2008-07-08 00:53:55.747: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-08 00:53:55.748: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-08 00:53:55.748: debug: 	Signing zone "example.net."
+2008-07-08 00:53:55.748: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-08 00:53:55.899: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-08 00:53:55.899: debug: 	Signing completed after 0s.
+2008-07-08 00:53:55.899: debug: 
+2008-07-08 00:53:55.899: notice: end of run: 0 errors occured
+2008-07-08 00:53:57.597: notice: ------------------------------------------------------------
+2008-07-08 00:53:57.597: notice: running ../../dnssec-signer -v -v 
+2008-07-08 00:53:57.599: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-08 00:53:57.599: debug: 	Check RFC5011 status
+2008-07-08 00:53:57.599: debug: 		->ksk5011status returns 0
+2008-07-08 00:53:57.599: debug: 	Check KSK status
+2008-07-08 00:53:57.599: debug: 	Check ZSK status
+2008-07-08 00:53:57.599: debug: 	Re-signing not necessary!
+2008-07-08 00:53:57.599: debug: 	Check if there is a parent file to copy
+2008-07-08 00:53:57.599: debug: 
+2008-07-08 00:53:57.599: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-08 00:53:57.599: debug: 	Check RFC5011 status
+2008-07-08 00:53:57.599: debug: 		->ksk5011status returns 2
+2008-07-08 00:53:57.599: debug: 	Check ZSK status
+2008-07-08 00:53:57.599: debug: 	Lifetime(1209600 +/-150 sec) of active key 14939 exceeded (1642895 sec)
+2008-07-08 00:53:57.599: debug: 		->waiting for pre-publish key
+2008-07-08 00:53:57.600: notice: "example.net.": lifetime of zone signing key 14939 exceeded since 5d21m35s: ZSK rollover deferred: waiting for pre-publish key
+2008-07-08 00:53:57.600: debug: 	Re-signing not necessary!
+2008-07-08 00:53:57.600: debug: 	Check if there is a parent file to copy
+2008-07-08 00:53:57.600: debug: 
+2008-07-08 00:53:57.600: notice: end of run: 0 errors occured
+2008-07-08 20:28:20.476: notice: ------------------------------------------------------------
+2008-07-08 20:28:20.476: notice: running ../../dnssec-signer -v -v -N named.conf 
+2008-07-08 20:28:20.476: debug: parsing zone "sub.example.net." in dir "././sub.example.net."
+2008-07-08 20:28:20.476: debug: 	Check RFC5011 status
+2008-07-08 20:28:20.476: debug: 		->ksk5011status returns 0
+2008-07-08 20:28:20.476: debug: 	Check KSK status
+2008-07-08 20:28:20.476: debug: 	Check ZSK status
+2008-07-08 20:28:20.476: debug: 	Lifetime(390 sec) of depreciated key 56149 exceeded (70465 sec)
+2008-07-08 20:28:20.476: info: "sub.example.net.": removed old ZSK 56149
+
+2008-07-08 20:28:20.656: debug: 		->remove it
+2008-07-08 20:28:20.656: debug: 	Re-signing necessary: New zone key
+2008-07-08 20:28:20.656: notice: "sub.example.net.": re-signing triggered: New zone key
+2008-07-08 20:28:20.656: debug: 	Writing key file "././sub.example.net./dnskey.db"
+2008-07-08 20:28:20.656: debug: 	Signing zone "sub.example.net."
+2008-07-08 20:28:20.656: debug: 	  Run cmd "cd ././sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-08 20:28:20.990: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-08 20:28:20.990: debug: 	Signing completed after 0s.
+2008-07-08 20:28:20.990: debug: 
+2008-07-08 20:28:20.990: debug: parsing zone "example.net." in dir "././example.net."
+2008-07-08 20:28:20.990: debug: 	Check RFC5011 status
+2008-07-08 20:28:20.990: debug: 		->ksk5011status returns 2
+2008-07-08 20:28:20.990: debug: 	Check ZSK status
+2008-07-08 20:28:20.990: debug: 	Lifetime(1209600 +/-150 sec) of active key 14939 exceeded (1713358 sec)
+2008-07-08 20:28:20.990: debug: 		->depreciate it
+2008-07-08 20:28:20.990: debug: 		->activate pre-publish key 16682
+2008-07-08 20:28:20.990: notice: "example.net.": lifetime of zone signing key 14939 exceeded: ZSK rollover done
+2008-07-08 20:28:20.990: debug: 	Re-signing necessary: New zone key
+2008-07-08 20:28:20.990: notice: "example.net.": re-signing triggered: New zone key
+2008-07-08 20:28:20.990: debug: 	Writing key file "././example.net./dnskey.db"
+2008-07-08 20:28:20.991: debug: 	Incrementing serial number in file "././example.net./zone.db"
+2008-07-08 20:28:20.991: debug: 	Signing zone "example.net."
+2008-07-08 20:28:20.991: debug: 	  Run cmd "cd ././example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-08 20:28:21.112: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-08 20:28:21.112: debug: 	Signing completed after 1s.
+2008-07-08 20:28:21.112: debug: 
+2008-07-08 20:28:21.113: notice: end of run: 0 errors occured
+2008-07-08 20:32:23.121: notice: ------------------------------------------------------------
+2008-07-08 20:32:23.121: notice: running ../../dnssec-signer -v -v 
+2008-07-08 20:32:23.123: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-08 20:32:23.123: debug: 	Check RFC5011 status
+2008-07-08 20:32:23.124: debug: 		->ksk5011status returns 0
+2008-07-08 20:32:23.124: debug: 	Check KSK status
+2008-07-08 20:32:23.124: debug: 	Check ZSK status
+2008-07-08 20:32:23.124: debug: 	Re-signing not necessary!
+2008-07-08 20:32:23.124: debug: 	Check if there is a parent file to copy
+2008-07-08 20:32:23.124: debug: 
+2008-07-08 20:32:23.124: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-08 20:32:23.124: debug: 	Check RFC5011 status
+2008-07-08 20:32:23.124: debug: 		->ksk5011status returns 2
+2008-07-08 20:32:23.124: debug: 	Check ZSK status
+2008-07-08 20:32:23.124: debug: 	Re-signing not necessary!
+2008-07-08 20:32:23.124: debug: 	Check if there is a parent file to copy
+2008-07-08 20:32:23.124: debug: 
+2008-07-08 20:32:23.124: notice: end of run: 0 errors occured
+2008-07-08 20:32:30.246: notice: ------------------------------------------------------------
+2008-07-08 20:32:30.246: notice: running ../../dnssec-signer -v -v -N named.conf 
+2008-07-08 20:32:30.246: debug: parsing zone "sub.example.net." in dir "././sub.example.net."
+2008-07-08 20:32:30.246: debug: 	Check RFC5011 status
+2008-07-08 20:32:30.246: debug: 		->ksk5011status returns 0
+2008-07-08 20:32:30.246: debug: 	Check KSK status
+2008-07-08 20:32:30.246: debug: 	Check ZSK status
+2008-07-08 20:32:30.246: debug: 	Re-signing not necessary!
+2008-07-08 20:32:30.246: debug: 	Check if there is a parent file to copy
+2008-07-08 20:32:30.246: debug: 
+2008-07-08 20:32:30.246: debug: parsing zone "example.net." in dir "././example.net."
+2008-07-08 20:32:30.246: debug: 	Check RFC5011 status
+2008-07-08 20:32:30.246: debug: 		->ksk5011status returns 2
+2008-07-08 20:32:30.247: debug: 	Check ZSK status
+2008-07-08 20:32:30.247: debug: 	Re-signing not necessary!
+2008-07-08 20:32:30.247: debug: 	Check if there is a parent file to copy
+2008-07-08 20:32:30.247: debug: 
+2008-07-08 20:32:30.247: notice: end of run: 0 errors occured
+2008-07-08 20:35:51.512: notice: ------------------------------------------------------------
+2008-07-08 20:35:51.512: notice: running ../../dnssec-signer -v -v -N named.conf 
+2008-07-08 20:35:51.512: debug: parsing zone "sub.example.net." in dir "././sub.example.net."
+2008-07-08 20:35:51.512: debug: 	Check RFC5011 status
+2008-07-08 20:35:51.512: debug: 		->ksk5011status returns 0
+2008-07-08 20:35:51.513: debug: 	Check KSK status
+2008-07-08 20:35:51.513: debug: 	Check ZSK status
+2008-07-08 20:35:51.513: debug: 	Re-signing not necessary!
+2008-07-08 20:35:51.513: debug: 	Check if there is a parent file to copy
+2008-07-08 20:35:51.513: debug: 
+2008-07-08 20:35:51.513: debug: parsing zone "example.net." in dir "././example.net."
+2008-07-08 20:35:51.513: debug: 	Check RFC5011 status
+2008-07-08 20:35:51.513: debug: 		->ksk5011status returns 2
+2008-07-08 20:35:51.513: debug: 	Check ZSK status
+2008-07-08 20:35:51.513: debug: 	Re-signing not necessary!
+2008-07-08 20:35:51.513: debug: 	Check if there is a parent file to copy
+2008-07-08 20:35:51.513: debug: 
+2008-07-08 20:35:51.513: notice: end of run: 0 errors occured
+2008-07-08 20:37:16.569: notice: ------------------------------------------------------------
+2008-07-08 20:37:16.569: notice: running ../../dnssec-signer -v -v -N named.conf 
+2008-07-08 20:37:16.569: debug: parsing zone "sub.example.net." in dir "././sub.example.net."
+2008-07-08 20:37:16.569: debug: 	Check RFC5011 status
+2008-07-08 20:37:16.569: debug: 		->ksk5011status returns 0
+2008-07-08 20:37:16.570: debug: 	Check KSK status
+2008-07-08 20:37:16.570: debug: 	Check ZSK status
+2008-07-08 20:37:16.570: debug: 	Re-signing not necessary!
+2008-07-08 20:37:16.570: debug: 	Check if there is a parent file to copy
+2008-07-08 20:37:16.570: debug: 
+2008-07-08 20:37:16.570: debug: parsing zone "example.net." in dir "././example.net."
+2008-07-08 20:37:16.570: debug: 	Check RFC5011 status
+2008-07-08 20:37:16.570: debug: 		->ksk5011status returns 2
+2008-07-08 20:37:16.570: debug: 	Check ZSK status
+2008-07-08 20:37:16.570: debug: 	Re-signing not necessary!
+2008-07-08 20:37:16.570: debug: 	Check if there is a parent file to copy
+2008-07-08 20:37:16.570: debug: 
+2008-07-08 20:37:16.570: notice: end of run: 0 errors occured
+2008-07-08 20:37:29.134: notice: ------------------------------------------------------------
+2008-07-08 20:37:29.134: notice: running ../../dnssec-signer -v -v 
+2008-07-08 20:37:29.137: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-08 20:37:29.137: debug: 	Check RFC5011 status
+2008-07-08 20:37:29.137: debug: 		->ksk5011status returns 0
+2008-07-08 20:37:29.137: debug: 	Check KSK status
+2008-07-08 20:37:29.137: debug: 	Check ZSK status
+2008-07-08 20:37:29.137: debug: 	Re-signing not necessary!
+2008-07-08 20:37:29.138: debug: 	Check if there is a parent file to copy
+2008-07-08 20:37:29.138: debug: 
+2008-07-08 20:37:29.138: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-08 20:37:29.138: debug: 	Check RFC5011 status
+2008-07-08 20:37:29.138: debug: 		->ksk5011status returns 2
+2008-07-08 20:37:29.138: debug: 	Check ZSK status
+2008-07-08 20:37:29.138: debug: 	Re-signing not necessary!
+2008-07-08 20:37:29.139: debug: 	Check if there is a parent file to copy
+2008-07-08 20:37:29.139: debug: 
+2008-07-08 20:37:29.139: notice: end of run: 0 errors occured
+2008-07-08 20:39:39.895: notice: ------------------------------------------------------------
+2008-07-08 20:39:39.895: notice: running ../../dnssec-signer -N named.conf -v -v 
+2008-07-08 20:39:39.895: debug: parsing zone "sub.example.net." in dir "././sub.example.net."
+2008-07-08 20:39:39.895: debug: 	Check RFC5011 status
+2008-07-08 20:39:39.895: debug: 		->ksk5011status returns 0
+2008-07-08 20:39:39.895: debug: 	Check KSK status
+2008-07-08 20:39:39.895: debug: 	Check ZSK status
+2008-07-08 20:39:39.895: debug: 	Re-signing not necessary!
+2008-07-08 20:39:39.895: debug: 	Check if there is a parent file to copy
+2008-07-08 20:39:39.895: debug: 
+2008-07-08 20:39:39.895: debug: parsing zone "example.net." in dir "././example.net."
+2008-07-08 20:39:39.895: debug: 	Check RFC5011 status
+2008-07-08 20:39:39.895: debug: 		->ksk5011status returns 2
+2008-07-08 20:39:39.895: debug: 	Check ZSK status
+2008-07-08 20:39:39.895: debug: 	Re-signing not necessary!
+2008-07-08 20:39:39.895: debug: 	Check if there is a parent file to copy
+2008-07-08 20:39:39.895: debug: 
+2008-07-08 20:39:39.895: notice: end of run: 0 errors occured
+2008-07-08 20:42:54.377: notice: ------------------------------------------------------------
+2008-07-08 20:42:54.377: notice: running ../../dnssec-signer -v -v -D . 
+2008-07-08 20:42:54.377: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-08 20:42:54.377: debug: 	Check RFC5011 status
+2008-07-08 20:42:54.377: debug: 		->ksk5011status returns 0
+2008-07-08 20:42:54.377: debug: 	Check KSK status
+2008-07-08 20:42:54.377: debug: 	Check ZSK status
+2008-07-08 20:42:54.377: debug: 	Re-signing not necessary!
+2008-07-08 20:42:54.377: debug: 	Check if there is a parent file to copy
+2008-07-08 20:42:54.377: debug: 
+2008-07-08 20:42:54.377: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-08 20:42:54.378: debug: 	Check RFC5011 status
+2008-07-08 20:42:54.378: debug: 		->ksk5011status returns 2
+2008-07-08 20:42:54.378: debug: 	Check ZSK status
+2008-07-08 20:42:54.378: debug: 	Re-signing not necessary!
+2008-07-08 20:42:54.378: debug: 	Check if there is a parent file to copy
+2008-07-08 20:42:54.378: debug: 
+2008-07-08 20:42:54.378: notice: end of run: 0 errors occured
+2008-07-08 20:53:40.414: notice: ------------------------------------------------------------
+2008-07-08 20:53:40.414: notice: running ../../dnssec-signer -v -v -D . 
+2008-07-08 20:53:40.417: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-08 20:53:40.417: debug: 	Check RFC5011 status
+2008-07-08 20:53:40.417: debug: 		->ksk5011status returns 0
+2008-07-08 20:53:40.417: debug: 	Check KSK status
+2008-07-08 20:53:40.417: debug: 	Check ZSK status
+2008-07-08 20:53:40.417: debug: 	Re-signing not necessary!
+2008-07-08 20:53:40.417: debug: 	Check if there is a parent file to copy
+2008-07-08 20:53:40.417: debug: 
+2008-07-08 20:53:40.417: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-08 20:53:40.417: debug: 	Check RFC5011 status
+2008-07-08 20:53:40.417: debug: 		->ksk5011status returns 2
+2008-07-08 20:53:40.417: debug: 	Check ZSK status
+2008-07-08 20:53:40.417: debug: 	Re-signing not necessary!
+2008-07-08 20:53:40.418: debug: 	Check if there is a parent file to copy
+2008-07-08 20:53:40.418: debug: 
+2008-07-08 20:53:40.418: notice: end of run: 0 errors occured
+2008-07-08 20:53:49.488: notice: ------------------------------------------------------------
+2008-07-08 20:53:49.488: notice: running ../../dnssec-signer -v -v -N named.conf 
+2008-07-08 20:53:49.490: debug: parsing zone "sub.example.net." in dir "././sub.example.net."
+2008-07-08 20:53:49.490: debug: 	Check RFC5011 status
+2008-07-08 20:53:49.490: debug: 		->ksk5011status returns 0
+2008-07-08 20:53:49.491: debug: 	Check KSK status
+2008-07-08 20:53:49.491: debug: 	Check ZSK status
+2008-07-08 20:53:49.491: debug: 	Re-signing not necessary!
+2008-07-08 20:53:49.491: debug: 	Check if there is a parent file to copy
+2008-07-08 20:53:49.491: debug: 
+2008-07-08 20:53:49.491: debug: parsing zone "example.net." in dir "././example.net."
+2008-07-08 20:53:49.492: debug: 	Check RFC5011 status
+2008-07-08 20:53:49.492: debug: 		->ksk5011status returns 2
+2008-07-08 20:53:49.492: debug: 	Check ZSK status
+2008-07-08 20:53:49.492: debug: 	Re-signing not necessary!
+2008-07-08 20:53:49.492: debug: 	Check if there is a parent file to copy
+2008-07-08 20:53:49.492: debug: 
+2008-07-08 20:53:49.492: notice: end of run: 0 errors occured
+2008-07-09 00:42:08.103: notice: ------------------------------------------------------------
+2008-07-09 00:42:08.103: notice: running ../../dnssec-signer -v -v 
+2008-07-09 00:42:08.106: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-09 00:42:08.106: debug: 	Check RFC5011 status
+2008-07-09 00:42:08.106: debug: 		->ksk5011status returns 0
+2008-07-09 00:42:08.106: debug: 	Check KSK status
+2008-07-09 00:42:08.106: debug: ksk_rollover
+2008-07-09 00:42:08.106: debug: 	Check ZSK status
+2008-07-09 00:42:08.106: debug: 	Re-signing not necessary!
+2008-07-09 00:42:08.106: debug: 	Check if there is a parent file to copy
+2008-07-09 00:42:08.106: debug: 
+2008-07-09 00:42:08.106: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-09 00:42:08.106: debug: 	Check RFC5011 status
+2008-07-09 00:42:08.106: debug: 		->ksk5011status returns 2
+2008-07-09 00:42:08.106: debug: 	Check ZSK status
+2008-07-09 00:42:08.106: debug: 	Re-signing not necessary!
+2008-07-09 00:42:08.106: debug: 	Check if there is a parent file to copy
+2008-07-09 00:42:08.106: debug: 
+2008-07-09 00:42:08.106: notice: end of run: 0 errors occured
+2008-07-09 00:45:19.663: notice: ------------------------------------------------------------
+2008-07-09 00:45:19.663: notice: running ../../dnssec-signer -v -v 
+2008-07-09 00:45:19.665: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-09 00:45:19.665: debug: 	Check RFC5011 status
+2008-07-09 00:45:19.665: debug: 		->ksk5011status returns 0
+2008-07-09 00:45:19.665: debug: 	Check KSK status
+2008-07-09 00:45:19.665: debug: 	Check ZSK status
+2008-07-09 00:45:19.665: debug: 	Re-signing not necessary!
+2008-07-09 00:45:19.665: debug: 	Check if there is a parent file to copy
+2008-07-09 00:45:19.665: debug: 
+2008-07-09 00:45:19.665: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-09 00:45:19.665: debug: 	Check RFC5011 status
+2008-07-09 00:45:19.665: debug: 		->ksk5011status returns 2
+2008-07-09 00:45:19.665: debug: 	Check ZSK status
+2008-07-09 00:45:19.665: debug: 	Re-signing not necessary!
+2008-07-09 00:45:19.665: debug: 	Check if there is a parent file to copy
+2008-07-09 00:45:19.665: debug: 
+2008-07-09 00:45:19.665: notice: end of run: 0 errors occured
+2008-07-09 23:46:12.682: notice: ------------------------------------------------------------
+2008-07-09 23:46:12.682: notice: running ../../dnssec-signer -v -v -D /home/hoz/named/dnssec-signer/zkt-0.97/examples/flat/ 
+2008-07-09 23:46:12.702: debug: parsing zone "sub.example.net." in dir "/home/hoz/named/dnssec-signer/zkt-0.97/examples/flat/sub.example.net."
+2008-07-09 23:46:12.702: debug: 	Check RFC5011 status
+2008-07-09 23:46:12.702: debug: 		->ksk5011status returns 0
+2008-07-09 23:46:12.702: debug: 	Check KSK status
+2008-07-09 23:46:12.702: debug: 	Check ZSK status
+2008-07-09 23:46:12.702: debug: 	Re-signing necessary: re-signing interval (1d) reached
+2008-07-09 23:46:12.702: notice: "sub.example.net.": re-signing triggered: re-signing interval (1d) reached
+2008-07-09 23:46:12.702: debug: 	Writing key file "/home/hoz/named/dnssec-signer/zkt-0.97/examples/flat/sub.example.net./dnskey.db"
+2008-07-09 23:46:12.702: debug: 	Signing zone "sub.example.net."
+2008-07-09 23:46:12.702: debug: 	  Run cmd "cd /home/hoz/named/dnssec-signer/zkt-0.97/examples/flat/sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-09 23:46:13.222: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-09 23:46:13.222: debug: 	Signing completed after 1s.
+2008-07-09 23:46:13.222: debug: 
+2008-07-09 23:46:13.222: debug: parsing zone "example.net." in dir "/home/hoz/named/dnssec-signer/zkt-0.97/examples/flat/example.net."
+2008-07-09 23:46:13.222: debug: 	Check RFC5011 status
+2008-07-09 23:46:13.222: debug: 		->ksk5011status returns 2
+2008-07-09 23:46:13.222: debug: 	Check ZSK status
+2008-07-09 23:46:13.222: debug: 	Lifetime(29100 sec) of depreciated key 14939 exceeded (98273 sec)
+2008-07-09 23:46:13.222: info: "example.net.": removed old ZSK 14939
+
+2008-07-09 23:46:13.222: debug: 		->remove it
+2008-07-09 23:46:13.222: debug: 	Re-signing necessary: New zone key
+2008-07-09 23:46:13.222: notice: "example.net.": re-signing triggered: New zone key
+2008-07-09 23:46:13.222: debug: 	Writing key file "/home/hoz/named/dnssec-signer/zkt-0.97/examples/flat/example.net./dnskey.db"
+2008-07-09 23:46:13.223: debug: 	Incrementing serial number in file "/home/hoz/named/dnssec-signer/zkt-0.97/examples/flat/example.net./zone.db"
+2008-07-09 23:46:13.223: debug: 	Signing zone "example.net."
+2008-07-09 23:46:13.223: debug: 	  Run cmd "cd /home/hoz/named/dnssec-signer/zkt-0.97/examples/flat/example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-09 23:46:13.374: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-09 23:46:13.374: debug: 	Signing completed after 0s.
+2008-07-09 23:46:13.374: debug: 
+2008-07-09 23:46:13.374: notice: end of run: 0 errors occured
+2008-07-15 00:21:04.641: notice: ------------------------------------------------------------
+2008-07-15 00:21:04.641: notice: running ../../dnssec-signer -r -v -v 
+2008-07-15 00:21:05.071: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-15 00:21:05.071: debug: 	Check RFC5011 status
+2008-07-15 00:21:05.071: debug: 		->ksk5011status returns 0
+2008-07-15 00:21:05.071: debug: 	Check KSK status
+2008-07-15 00:21:05.071: debug: 	Check ZSK status
+2008-07-15 00:21:05.071: debug: 	Lifetime(259200 +/-150 sec) of active key 2338 exceeded (602830 sec)
+2008-07-15 00:21:05.071: debug: 		->depreciate it
+2008-07-15 00:21:05.072: debug: 		->activate published key 9198
+2008-07-15 00:21:05.072: notice: "sub.example.net.": lifetime of zone signing key 2338 exceeded: ZSK rollover done
+2008-07-15 00:21:05.072: debug: 	New published key needed
+2008-07-15 00:21:05.128: debug: 		->creating new published key 8397
+2008-07-15 00:21:05.128: info: "sub.example.net.": new published key 8397 created
+2008-07-15 00:21:05.128: debug: 	Re-signing necessary: New zone key
+2008-07-15 00:21:05.128: notice: "sub.example.net.": re-signing triggered: New zone key
+2008-07-15 00:21:05.129: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-15 00:21:05.129: debug: 	Signing zone "sub.example.net."
+2008-07-15 00:21:05.129: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-15 00:21:05.274: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-15 00:21:05.274: debug: 	Signing completed after 0s.
+2008-07-15 00:21:05.274: notice: "sub.example.net.": distribution triggered
+2008-07-15 00:21:05.275: debug: 	Distribute zone "sub.example.net."
+2008-07-15 00:21:05.275: debug: 	  Run cmd "./dist.sh reload sub.example.net."
+2008-07-15 00:21:05.279: debug: 
+2008-07-15 00:21:05.279: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-15 00:21:05.279: debug: 	Check RFC5011 status
+2008-07-15 00:21:05.279: debug: 		->ksk5011status returns 2
+2008-07-15 00:21:05.279: debug: 	Check ZSK status
+2008-07-15 00:21:05.279: debug: 	Re-signing necessary: re-signing interval (2d) reached
+2008-07-15 00:21:05.279: notice: "example.net.": re-signing triggered: re-signing interval (2d) reached
+2008-07-15 00:21:05.279: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-15 00:21:05.280: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-15 00:21:05.280: debug: 	Signing zone "example.net."
+2008-07-15 00:21:05.280: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-15 00:21:05.418: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-15 00:21:05.419: debug: 	Signing completed after 0s.
+2008-07-15 00:21:05.419: notice: "example.net.": distribution triggered
+2008-07-15 00:21:05.419: debug: 	Distribute zone "example.net."
+2008-07-15 00:21:05.419: debug: 	  Run cmd "./dist.sh reload example.net."
+2008-07-15 00:21:05.423: debug: 
+2008-07-15 00:21:05.423: notice: end of run: 0 errors occured
+2008-07-15 00:21:18.128: notice: ------------------------------------------------------------
+2008-07-15 00:21:18.128: notice: running ../../dnssec-signer -r -v -v 
+2008-07-15 00:21:18.130: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-15 00:21:18.130: debug: 	Check RFC5011 status
+2008-07-15 00:21:18.130: debug: 		->ksk5011status returns 0
+2008-07-15 00:21:18.130: debug: 	Check KSK status
+2008-07-15 00:21:18.130: debug: 	Check ZSK status
+2008-07-15 00:21:18.130: debug: 	Re-signing not necessary!
+2008-07-15 00:21:18.130: debug: 	Check if there is a parent file to copy
+2008-07-15 00:21:18.130: debug: 
+2008-07-15 00:21:18.130: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-15 00:21:18.131: debug: 	Check RFC5011 status
+2008-07-15 00:21:18.131: debug: 		->ksk5011status returns 2
+2008-07-15 00:21:18.131: debug: 	Check ZSK status
+2008-07-15 00:21:18.131: debug: 	Re-signing not necessary!
+2008-07-15 00:21:18.131: debug: 	Check if there is a parent file to copy
+2008-07-15 00:21:18.131: debug: 
+2008-07-15 00:21:18.131: notice: end of run: 0 errors occured
+2008-07-15 00:21:26.360: notice: ------------------------------------------------------------
+2008-07-15 00:21:26.360: notice: running ../../dnssec-signer -f -r -v -v 
+2008-07-15 00:21:26.362: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-15 00:21:26.362: debug: 	Check RFC5011 status
+2008-07-15 00:21:26.362: debug: 		->ksk5011status returns 0
+2008-07-15 00:21:26.362: debug: 	Check KSK status
+2008-07-15 00:21:26.362: debug: 	Check ZSK status
+2008-07-15 00:21:26.362: debug: 	Re-signing necessary: Option -f
+2008-07-15 00:21:26.362: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-15 00:21:26.362: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-15 00:21:26.363: debug: 	Signing zone "sub.example.net."
+2008-07-15 00:21:26.363: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-15 00:21:26.978: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-15 00:21:26.978: debug: 	Signing completed after 0s.
+2008-07-15 00:21:26.978: notice: "sub.example.net.": distribution triggered
+2008-07-15 00:21:26.978: debug: 	Distribute zone "sub.example.net."
+2008-07-15 00:21:26.978: debug: 	  Run cmd "./dist.sh reload sub.example.net."
+2008-07-15 00:21:26.983: debug: 
+2008-07-15 00:21:26.983: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-15 00:21:26.983: debug: 	Check RFC5011 status
+2008-07-15 00:21:26.983: debug: 		->ksk5011status returns 2
+2008-07-15 00:21:26.983: debug: 	Check ZSK status
+2008-07-15 00:21:26.983: debug: 	Re-signing necessary: Option -f
+2008-07-15 00:21:26.983: notice: "example.net.": re-signing triggered: Option -f
+2008-07-15 00:21:26.983: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-15 00:21:26.983: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-15 00:21:26.983: debug: 	Signing zone "example.net."
+2008-07-15 00:21:26.983: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-15 00:21:27.122: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-15 00:21:27.122: debug: 	Signing completed after 1s.
+2008-07-15 00:21:27.122: notice: "example.net.": distribution triggered
+2008-07-15 00:21:27.122: debug: 	Distribute zone "example.net."
+2008-07-15 00:21:27.122: debug: 	  Run cmd "./dist.sh reload example.net."
+2008-07-15 00:21:27.127: debug: 
+2008-07-15 00:21:27.127: notice: end of run: 0 errors occured
+2008-07-15 00:21:52.947: notice: ------------------------------------------------------------
+2008-07-15 00:21:52.947: notice: running ../../dnssec-signer -f -r -v -v 
+2008-07-15 00:21:52.951: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-15 00:21:52.951: debug: 	Check RFC5011 status
+2008-07-15 00:21:52.951: debug: 		->ksk5011status returns 0
+2008-07-15 00:21:52.951: debug: 	Check KSK status
+2008-07-15 00:21:52.951: debug: 	Check ZSK status
+2008-07-15 00:21:52.951: debug: 	Re-signing necessary: Option -f
+2008-07-15 00:21:52.951: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-15 00:21:52.951: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-15 00:21:52.952: debug: 	Signing zone "sub.example.net."
+2008-07-15 00:21:52.952: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-15 00:21:53.119: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-15 00:21:53.119: debug: 	Signing completed after 1s.
+2008-07-15 00:21:53.120: notice: "sub.example.net.": distribution triggered
+2008-07-15 00:21:53.120: debug: 	Distribute zone "sub.example.net."
+2008-07-15 00:21:53.120: debug: 	  Run cmd "./dist.sh reload sub.example.net."
+2008-07-15 00:21:53.126: debug: 
+2008-07-15 00:21:53.126: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-15 00:21:53.126: debug: 	Check RFC5011 status
+2008-07-15 00:21:53.126: debug: 		->ksk5011status returns 2
+2008-07-15 00:21:53.126: debug: 	Check ZSK status
+2008-07-15 00:21:53.126: debug: 	Re-signing necessary: Option -f
+2008-07-15 00:21:53.126: notice: "example.net.": re-signing triggered: Option -f
+2008-07-15 00:21:53.126: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-15 00:21:53.126: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-15 00:21:53.126: debug: 	Signing zone "example.net."
+2008-07-15 00:21:53.126: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-15 00:21:53.262: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-15 00:21:53.262: debug: 	Signing completed after 0s.
+2008-07-15 00:21:53.262: notice: "example.net.": distribution triggered
+2008-07-15 00:21:53.262: debug: 	Distribute zone "example.net."
+2008-07-15 00:21:53.262: debug: 	  Run cmd "./dist.sh reload example.net."
+2008-07-15 00:21:53.268: debug: 
+2008-07-15 00:21:53.268: notice: end of run: 0 errors occured
+2008-07-15 00:23:40.781: notice: ------------------------------------------------------------
+2008-07-15 00:23:40.781: notice: running ../../dnssec-signer -f -r -v -v 
+2008-07-15 00:23:40.783: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-15 00:23:40.783: debug: 	Check RFC5011 status
+2008-07-15 00:23:40.783: debug: 		->ksk5011status returns 0
+2008-07-15 00:23:40.783: debug: 	Check KSK status
+2008-07-15 00:23:40.783: debug: 	Check ZSK status
+2008-07-15 00:23:40.783: debug: 	Re-signing necessary: Option -f
+2008-07-15 00:23:40.783: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-15 00:23:40.783: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-15 00:23:40.786: debug: 	Signing zone "sub.example.net."
+2008-07-15 00:23:40.786: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-15 00:23:41.281: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-15 00:23:41.281: debug: 	Signing completed after 1s.
+2008-07-15 00:23:41.281: notice: "sub.example.net.": distribution triggered
+2008-07-15 00:23:41.281: debug: 	Distribute zone "sub.example.net."
+2008-07-15 00:23:41.281: debug: 	  Run cmd "./dist.sh reload sub.example.net."
+2008-07-15 00:23:41.287: debug: 
+2008-07-15 00:23:41.287: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-15 00:23:41.287: debug: 	Check RFC5011 status
+2008-07-15 00:23:41.287: debug: 		->ksk5011status returns 2
+2008-07-15 00:23:41.287: debug: 	Check ZSK status
+2008-07-15 00:23:41.287: debug: 	Re-signing necessary: Option -f
+2008-07-15 00:23:41.287: notice: "example.net.": re-signing triggered: Option -f
+2008-07-15 00:23:41.288: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-15 00:23:41.288: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-15 00:23:41.288: debug: 	Signing zone "example.net."
+2008-07-15 00:23:41.289: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-15 00:23:41.561: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-15 00:23:41.561: debug: 	Signing completed after 0s.
+2008-07-15 00:23:41.561: notice: "example.net.": distribution triggered
+2008-07-15 00:23:41.561: debug: 	Distribute zone "example.net."
+2008-07-15 00:23:41.561: debug: 	  Run cmd "./dist.sh reload example.net."
+2008-07-15 00:23:41.566: debug: 
+2008-07-15 00:23:41.567: notice: end of run: 0 errors occured
+2008-07-15 00:31:10.917: notice: ------------------------------------------------------------
+2008-07-15 00:31:10.917: notice: running ../../dnssec-signer -f -r -v -v 
+2008-07-15 00:31:10.923: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-15 00:31:10.923: debug: 	Check RFC5011 status
+2008-07-15 00:31:10.923: debug: 		->ksk5011status returns 0
+2008-07-15 00:31:10.923: debug: 	Check KSK status
+2008-07-15 00:31:10.923: debug: 	Check ZSK status
+2008-07-15 00:31:10.923: debug: 	Lifetime(390 sec) of depreciated key 2338 exceeded (605 sec)
+2008-07-15 00:31:10.923: info: "sub.example.net.": removed old ZSK 2338
+
+2008-07-15 00:31:10.924: debug: 		->remove it
+2008-07-15 00:31:10.924: debug: 	Re-signing necessary: Option -f
+2008-07-15 00:31:10.924: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-15 00:31:10.924: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-15 00:31:11.347: debug: 	Signing zone "sub.example.net."
+2008-07-15 00:31:11.347: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-15 00:31:11.571: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-15 00:31:11.571: debug: 	Signing completed after 0s.
+2008-07-15 00:31:11.571: notice: "sub.example.net.": distribution triggered
+2008-07-15 00:31:11.571: debug: 	Distribute zone "sub.example.net."
+2008-07-15 00:31:11.571: debug: 	  Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-15 00:31:11.579: debug: 	  ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed :/sub.example.net."
+2008-07-15 00:31:11.579: debug: 
+2008-07-15 00:31:11.580: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-15 00:31:11.580: debug: 	Check RFC5011 status
+2008-07-15 00:31:11.580: debug: 		->ksk5011status returns 2
+2008-07-15 00:31:11.580: debug: 	Check ZSK status
+2008-07-15 00:31:11.580: debug: 	Re-signing necessary: Option -f
+2008-07-15 00:31:11.580: notice: "example.net.": re-signing triggered: Option -f
+2008-07-15 00:31:11.580: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-15 00:31:11.581: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-15 00:31:11.581: debug: 	Signing zone "example.net."
+2008-07-15 00:31:11.581: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-15 00:31:11.698: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-15 00:31:11.698: debug: 	Signing completed after 0s.
+2008-07-15 00:31:11.698: notice: "example.net.": distribution triggered
+2008-07-15 00:31:11.698: debug: 	Distribute zone "example.net."
+2008-07-15 00:31:11.698: debug: 	  Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
+2008-07-15 00:31:11.704: debug: 	  ./dist.sh reload return: "scp ./example.net./zone.db.signed :/example.net."
+2008-07-15 00:31:11.704: debug: 
+2008-07-15 00:31:11.704: notice: end of run: 0 errors occured
+2008-07-15 00:32:00.676: notice: ------------------------------------------------------------
+2008-07-15 00:32:00.676: notice: running ../../dnssec-signer -f -r -v -v 
+2008-07-15 00:32:00.678: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-15 00:32:00.678: debug: 	Check RFC5011 status
+2008-07-15 00:32:00.678: debug: 		->ksk5011status returns 0
+2008-07-15 00:32:00.678: debug: 	Check KSK status
+2008-07-15 00:32:00.678: debug: 	Check ZSK status
+2008-07-15 00:32:00.678: debug: 	Re-signing necessary: Option -f
+2008-07-15 00:32:00.678: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-15 00:32:00.678: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-15 00:32:00.679: debug: 	Signing zone "sub.example.net."
+2008-07-15 00:32:00.679: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-15 00:32:01.282: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-15 00:32:01.282: debug: 	Signing completed after 1s.
+2008-07-15 00:32:01.282: notice: "sub.example.net.": distribution triggered
+2008-07-15 00:32:01.282: debug: 	Distribute zone "sub.example.net."
+2008-07-15 00:32:01.282: debug: 	  Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-15 00:32:01.289: debug: 	  ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/sub.example.net."
+2008-07-15 00:32:01.289: debug: 
+2008-07-15 00:32:01.289: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-15 00:32:01.289: debug: 	Check RFC5011 status
+2008-07-15 00:32:01.289: debug: 		->ksk5011status returns 2
+2008-07-15 00:32:01.289: debug: 	Check ZSK status
+2008-07-15 00:32:01.290: debug: 	Re-signing necessary: Option -f
+2008-07-15 00:32:01.290: notice: "example.net.": re-signing triggered: Option -f
+2008-07-15 00:32:01.290: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-15 00:32:01.291: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-15 00:32:01.291: debug: 	Signing zone "example.net."
+2008-07-15 00:32:01.291: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-15 00:32:01.405: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-15 00:32:01.405: debug: 	Signing completed after 0s.
+2008-07-15 00:32:01.406: notice: "example.net.": distribution triggered
+2008-07-15 00:32:01.406: debug: 	Distribute zone "example.net."
+2008-07-15 00:32:01.406: debug: 	  Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
+2008-07-15 00:32:01.412: debug: 	  ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/example.net."
+2008-07-15 00:32:01.412: debug: 
+2008-07-15 00:32:01.412: notice: end of run: 0 errors occured
+2008-07-15 00:33:00.866: notice: ------------------------------------------------------------
+2008-07-15 00:33:00.867: notice: running ../../dnssec-signer -f -r -v -v 
+2008-07-15 00:33:00.869: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-15 00:33:00.869: debug: 	Check RFC5011 status
+2008-07-15 00:33:00.869: debug: 		->ksk5011status returns 0
+2008-07-15 00:33:00.869: debug: 	Check KSK status
+2008-07-15 00:33:00.869: debug: 	Check ZSK status
+2008-07-15 00:33:00.869: debug: 	Re-signing necessary: Option -f
+2008-07-15 00:33:00.870: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-15 00:33:00.870: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-15 00:33:00.870: debug: 	Signing zone "sub.example.net."
+2008-07-15 00:33:00.870: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-15 00:33:01.531: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-15 00:33:01.531: debug: 	Signing completed after 1s.
+2008-07-15 00:33:01.531: notice: "sub.example.net.": distribution triggered
+2008-07-15 00:33:01.531: debug: 	Distribute zone "sub.example.net."
+2008-07-15 00:33:01.531: debug: 	  Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-15 00:33:01.537: debug: 	  ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net."
+2008-07-15 00:33:01.537: debug: 
+2008-07-15 00:33:01.537: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-15 00:33:01.538: debug: 	Check RFC5011 status
+2008-07-15 00:33:01.538: debug: 		->ksk5011status returns 2
+2008-07-15 00:33:01.538: debug: 	Check ZSK status
+2008-07-15 00:33:01.538: debug: 	Re-signing necessary: Option -f
+2008-07-15 00:33:01.538: notice: "example.net.": re-signing triggered: Option -f
+2008-07-15 00:33:01.538: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-15 00:33:01.539: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-15 00:33:01.539: debug: 	Signing zone "example.net."
+2008-07-15 00:33:01.539: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-15 00:33:01.655: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-15 00:33:01.655: debug: 	Signing completed after 0s.
+2008-07-15 00:33:01.655: notice: "example.net.": distribution triggered
+2008-07-15 00:33:01.655: debug: 	Distribute zone "example.net."
+2008-07-15 00:33:01.656: debug: 	  Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
+2008-07-15 00:33:01.661: debug: 	  ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net."
+2008-07-15 00:33:01.662: debug: 
+2008-07-15 00:33:01.662: notice: end of run: 0 errors occured
+2008-07-15 00:34:09.259: notice: ------------------------------------------------------------
+2008-07-15 00:34:09.259: notice: running ../../dnssec-signer -f -r -v -v 
+2008-07-15 00:34:09.261: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-15 00:34:09.261: debug: 	Check RFC5011 status
+2008-07-15 00:34:09.261: debug: 		->ksk5011status returns 0
+2008-07-15 00:34:09.261: debug: 	Check KSK status
+2008-07-15 00:34:09.261: debug: 	Check ZSK status
+2008-07-15 00:34:09.261: debug: 	Re-signing necessary: Option -f
+2008-07-15 00:34:09.261: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-15 00:34:09.261: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-15 00:34:09.261: debug: 	Signing zone "sub.example.net."
+2008-07-15 00:34:09.261: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-15 00:34:10.245: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-15 00:34:10.245: debug: 	Signing completed after 1s.
+2008-07-15 00:34:10.245: notice: "sub.example.net.": distribution triggered
+2008-07-15 00:34:10.245: debug: 	Distribute zone "sub.example.net."
+2008-07-15 00:34:10.245: debug: 	  Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-15 00:34:10.251: debug: 	  ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./"
+2008-07-15 00:34:10.252: debug: 
+2008-07-15 00:34:10.252: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-15 00:34:10.252: debug: 	Check RFC5011 status
+2008-07-15 00:34:10.252: debug: 		->ksk5011status returns 2
+2008-07-15 00:34:10.252: debug: 	Check ZSK status
+2008-07-15 00:34:10.252: debug: 	Re-signing necessary: Option -f
+2008-07-15 00:34:10.252: notice: "example.net.": re-signing triggered: Option -f
+2008-07-15 00:34:10.252: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-15 00:34:10.252: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-15 00:34:10.252: debug: 	Signing zone "example.net."
+2008-07-15 00:34:10.252: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-15 00:34:10.369: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-15 00:34:10.369: debug: 	Signing completed after 0s.
+2008-07-15 00:34:10.369: notice: "example.net.": distribution triggered
+2008-07-15 00:34:10.369: debug: 	Distribute zone "example.net."
+2008-07-15 00:34:10.369: debug: 	  Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
+2008-07-15 00:34:10.375: debug: 	  ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./"
+2008-07-15 00:34:10.375: debug: 
+2008-07-15 00:34:10.375: notice: end of run: 0 errors occured
+2008-07-18 00:38:52.860: notice: ------------------------------------------------------------
+2008-07-18 00:38:52.860: notice: running ../../dnssec-signer -v -v 
+2008-07-18 00:38:52.862: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-18 00:38:52.862: debug: 	Check RFC5011 status
+2008-07-18 00:38:52.862: debug: 		->ksk5011status returns 0
+2008-07-18 00:38:52.862: debug: 	Check KSK status
+2008-07-18 00:38:52.862: debug: 	Check ZSK status
+2008-07-18 00:38:52.862: debug: 	Lifetime(259200 +/-150 sec) of active key 9198 exceeded (260267 sec)
+2008-07-18 00:38:52.862: debug: 		->depreciate it
+2008-07-18 00:38:52.862: debug: 		->activate published key 8397
+2008-07-18 00:38:52.862: notice: "sub.example.net.": lifetime of zone signing key 9198 exceeded: ZSK rollover done
+2008-07-18 00:38:52.862: debug: 	New published key needed
+2008-07-18 00:38:53.418: debug: 		->creating new published key 31081
+2008-07-18 00:38:53.418: info: "sub.example.net.": new key 31081 generated for publishing
+2008-07-18 00:38:53.418: debug: 	Re-signing necessary: New zone key
+2008-07-18 00:38:53.418: notice: "sub.example.net.": re-signing triggered: New zone key
+2008-07-18 00:38:53.418: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-18 00:38:53.419: debug: 	Signing zone "sub.example.net."
+2008-07-18 00:38:53.419: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-18 00:38:53.556: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-18 00:38:53.556: debug: 	Signing completed after 0s.
+2008-07-18 00:38:53.556: debug: 
+2008-07-18 00:38:53.556: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-18 00:38:53.557: debug: 	Check RFC5011 status
+2008-07-18 00:38:53.557: debug: 		->ksk5011status returns 2
+2008-07-18 00:38:53.557: debug: 	Check ZSK status
+2008-07-18 00:38:53.557: debug: 	Re-signing necessary: re-signing interval (2d) reached
+2008-07-18 00:38:53.557: notice: "example.net.": re-signing triggered: re-signing interval (2d) reached
+2008-07-18 00:38:53.557: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-18 00:38:53.558: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-18 00:38:53.558: debug: 	Signing zone "example.net."
+2008-07-18 00:38:53.559: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-18 00:38:53.715: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-18 00:38:53.715: debug: 	Signing completed after 0s.
+2008-07-18 00:38:53.715: debug: 
+2008-07-18 00:38:53.716: notice: end of run: 0 errors occured
+2008-07-18 00:39:29.824: notice: ------------------------------------------------------------
+2008-07-18 00:39:29.824: notice: running ../../dnssec-signer -r -v -v 
+2008-07-18 00:39:29.827: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-18 00:39:29.827: debug: 	Check RFC5011 status
+2008-07-18 00:39:29.827: debug: 		->ksk5011status returns 0
+2008-07-18 00:39:29.827: debug: 	Check KSK status
+2008-07-18 00:39:29.827: debug: 	Check ZSK status
+2008-07-18 00:39:29.827: debug: 	Re-signing not necessary!
+2008-07-18 00:39:29.827: debug: 	Check if there is a parent file to copy
+2008-07-18 00:39:29.827: debug: 
+2008-07-18 00:39:29.827: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-18 00:39:29.827: debug: 	Check RFC5011 status
+2008-07-18 00:39:29.827: debug: 		->ksk5011status returns 2
+2008-07-18 00:39:29.827: debug: 	Check ZSK status
+2008-07-18 00:39:29.827: debug: 	Re-signing not necessary!
+2008-07-18 00:39:29.827: debug: 	Check if there is a parent file to copy
+2008-07-18 00:39:29.827: debug: 
+2008-07-18 00:39:29.828: notice: end of run: 0 errors occured
+2008-07-18 00:39:36.641: notice: ------------------------------------------------------------
+2008-07-18 00:39:36.641: notice: running ../../dnssec-signer -r -f -v -v 
+2008-07-18 00:39:36.644: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-18 00:39:36.644: debug: 	Check RFC5011 status
+2008-07-18 00:39:36.644: debug: 		->ksk5011status returns 0
+2008-07-18 00:39:36.644: debug: 	Check KSK status
+2008-07-18 00:39:36.644: debug: 	Check ZSK status
+2008-07-18 00:39:36.644: debug: 	Re-signing necessary: Option -f
+2008-07-18 00:39:36.644: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-18 00:39:36.644: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-18 00:39:36.644: debug: 	Signing zone "sub.example.net."
+2008-07-18 00:39:36.644: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-18 00:39:37.144: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-18 00:39:37.144: debug: 	Signing completed after 1s.
+2008-07-18 00:39:37.144: notice: "sub.example.net.": distribution triggered
+2008-07-18 00:39:37.144: debug: 	Distribute zone "sub.example.net."
+2008-07-18 00:39:37.144: debug: 	  Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-18 00:39:37.151: debug: 	  ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./"
+2008-07-18 00:39:37.151: debug: 
+2008-07-18 00:39:37.151: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-18 00:39:37.151: debug: 	Check RFC5011 status
+2008-07-18 00:39:37.151: debug: 		->ksk5011status returns 2
+2008-07-18 00:39:37.151: debug: 	Check ZSK status
+2008-07-18 00:39:37.151: debug: 	Re-signing necessary: Option -f
+2008-07-18 00:39:37.151: notice: "example.net.": re-signing triggered: Option -f
+2008-07-18 00:39:37.151: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-18 00:39:37.152: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-18 00:39:37.152: debug: 	Signing zone "example.net."
+2008-07-18 00:39:37.152: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-18 00:39:37.313: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-18 00:39:37.313: debug: 	Signing completed after 0s.
+2008-07-18 00:39:37.313: notice: "example.net.": distribution triggered
+2008-07-18 00:39:37.313: debug: 	Distribute zone "example.net."
+2008-07-18 00:39:37.313: debug: 	  Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
+2008-07-18 00:39:37.319: debug: 	  ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./"
+2008-07-18 00:39:37.319: debug: 
+2008-07-18 00:39:37.319: notice: end of run: 0 errors occured
+2008-07-18 00:42:39.912: notice: ------------------------------------------------------------
+2008-07-18 00:42:39.912: notice: running ../../dnssec-signer -v -v 
+2008-07-18 00:42:39.914: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-18 00:42:39.914: debug: 	Check RFC5011 status
+2008-07-18 00:42:39.914: debug: 		->ksk5011status returns 0
+2008-07-18 00:42:39.914: debug: 	Check KSK status
+2008-07-18 00:42:39.914: debug: 	Check ZSK status
+2008-07-18 00:42:39.914: debug: 	Re-signing not necessary!
+2008-07-18 00:42:39.914: debug: 	Check if there is a parent file to copy
+2008-07-18 00:42:39.914: debug: 
+2008-07-18 00:42:39.914: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-18 00:42:39.914: debug: 	Check RFC5011 status
+2008-07-18 00:42:39.914: debug: 		->ksk5011status returns 2
+2008-07-18 00:42:39.914: debug: 	Check ZSK status
+2008-07-18 00:42:39.914: debug: 	Re-signing not necessary!
+2008-07-18 00:42:39.914: debug: 	Check if there is a parent file to copy
+2008-07-18 00:42:39.914: debug: 
+2008-07-18 00:42:39.914: notice: end of run: 0 errors occured
+2008-07-22 00:10:38.346: notice: ------------------------------------------------------------
+2008-07-22 00:10:38.346: notice: running ../../dnssec-signer -v -v 
+2008-07-22 00:10:38.349: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-22 00:10:38.349: debug: 	Check RFC5011 status
+2008-07-22 00:10:38.349: debug: 		->ksk5011status returns 0
+2008-07-22 00:10:38.349: debug: 	Check KSK status
+2008-07-22 00:10:38.349: debug: 	Check ZSK status
+2008-07-22 00:10:38.349: debug: 	Lifetime(390 sec) of depreciated key 9198 exceeded (343906 sec)
+2008-07-22 00:10:38.349: info: "sub.example.net.": removed old ZSK 9198
+
+2008-07-22 00:10:38.349: debug: 		->remove it
+2008-07-22 00:10:38.349: debug: 	Lifetime(259200 +/-150 sec) of active key 8397 exceeded (343906 sec)
+2008-07-22 00:10:38.349: debug: 		->depreciate it
+2008-07-22 00:10:38.349: debug: 		->activate published key 31081
+2008-07-22 00:10:38.349: notice: "sub.example.net.": lifetime of zone signing key 8397 exceeded: ZSK rollover done
+2008-07-22 00:10:38.349: debug: 	New published key needed
+2008-07-22 00:10:38.870: debug: 		->creating new published key 3615
+2008-07-22 00:10:38.870: info: "sub.example.net.": new key 3615 generated for publishing
+2008-07-22 00:10:38.870: debug: 	Re-signing necessary: New zone key
+2008-07-22 00:10:38.870: notice: "sub.example.net.": re-signing triggered: New zone key
+2008-07-22 00:10:38.870: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-22 00:10:38.871: debug: 	Signing zone "sub.example.net."
+2008-07-22 00:10:38.871: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-22 00:10:39.208: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 00:10:39.208: debug: 	Signing completed after 1s.
+2008-07-22 00:10:39.208: debug: 
+2008-07-22 00:10:39.208: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-22 00:10:39.208: debug: 	Check RFC5011 status
+2008-07-22 00:10:39.208: debug: 		->ksk5011status returns 2
+2008-07-22 00:10:39.208: debug: 	Check ZSK status
+2008-07-22 00:10:39.208: debug: 	New published key needed
+2008-07-22 00:10:39.255: debug: 		->creating new published key 41300
+2008-07-22 00:10:39.255: info: "example.net.": new key 41300 generated for publishing
+2008-07-22 00:10:39.255: debug: 	Re-signing necessary: New zone key
+2008-07-22 00:10:39.255: notice: "example.net.": re-signing triggered: New zone key
+2008-07-22 00:10:39.255: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-22 00:10:39.256: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-22 00:10:39.256: debug: 	Signing zone "example.net."
+2008-07-22 00:10:39.256: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-22 00:10:39.414: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 00:10:39.414: debug: 	Signing completed after 0s.
+2008-07-22 00:10:39.414: debug: 
+2008-07-22 00:10:39.414: notice: end of run: 0 errors occured
+2008-07-22 00:16:04.680: notice: ------------------------------------------------------------
+2008-07-22 00:16:04.680: notice: running ../../dnssec-signer -v -v 
+2008-07-22 00:16:04.682: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-22 00:16:04.682: debug: 	Check RFC5011 status
+2008-07-22 00:16:04.682: debug: 		->ksk5011status returns 0
+2008-07-22 00:16:04.683: debug: 	Check KSK status
+2008-07-22 00:16:04.683: debug: 	Check ZSK status
+2008-07-22 00:16:04.683: debug: 	Re-signing not necessary!
+2008-07-22 00:16:04.683: debug: 	Check if there is a parent file to copy
+2008-07-22 00:16:04.683: debug: 
+2008-07-22 00:16:04.683: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-22 00:16:04.683: debug: 	Check RFC5011 status
+2008-07-22 00:16:04.683: debug: 		->ksk5011status returns 2
+2008-07-22 00:16:04.684: debug: 	Check ZSK status
+2008-07-22 00:16:04.684: debug: 	Re-signing not necessary!
+2008-07-22 00:16:04.684: debug: 	Check if there is a parent file to copy
+2008-07-22 00:16:04.684: debug: 
+2008-07-22 00:16:04.684: notice: end of run: 0 errors occured
+2008-07-22 00:16:09.309: notice: ------------------------------------------------------------
+2008-07-22 00:16:09.309: notice: running ../../dnssec-signer -r -v -v 
+2008-07-22 00:16:09.311: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-22 00:16:09.311: debug: 	Check RFC5011 status
+2008-07-22 00:16:09.311: debug: 		->ksk5011status returns 0
+2008-07-22 00:16:09.312: debug: 	Check KSK status
+2008-07-22 00:16:09.312: debug: 	Check ZSK status
+2008-07-22 00:16:09.312: debug: 	Re-signing not necessary!
+2008-07-22 00:16:09.312: debug: 	Check if there is a parent file to copy
+2008-07-22 00:16:09.312: debug: 
+2008-07-22 00:16:09.312: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-22 00:16:09.312: debug: 	Check RFC5011 status
+2008-07-22 00:16:09.312: debug: 		->ksk5011status returns 2
+2008-07-22 00:16:09.313: debug: 	Check ZSK status
+2008-07-22 00:16:09.313: debug: 	Re-signing not necessary!
+2008-07-22 00:16:09.313: debug: 	Check if there is a parent file to copy
+2008-07-22 00:16:09.313: debug: 
+2008-07-22 00:16:09.313: notice: end of run: 0 errors occured
+2008-07-22 00:16:13.285: notice: ------------------------------------------------------------
+2008-07-22 00:16:13.285: notice: running ../../dnssec-signer -r -f -v -v 
+2008-07-22 00:16:13.287: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-22 00:16:13.287: debug: 	Check RFC5011 status
+2008-07-22 00:16:13.287: debug: 		->ksk5011status returns 0
+2008-07-22 00:16:13.287: debug: 	Check KSK status
+2008-07-22 00:16:13.287: debug: 	Check ZSK status
+2008-07-22 00:16:13.287: debug: 	Re-signing necessary: Option -f
+2008-07-22 00:16:13.287: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-22 00:16:13.287: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-22 00:16:13.287: debug: 	Signing zone "sub.example.net."
+2008-07-22 00:16:13.287: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-22 00:16:13.822: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 00:16:13.822: debug: 	Signing completed after 0s.
+2008-07-22 00:16:13.822: notice: "sub.example.net.": distribution triggered
+2008-07-22 00:16:13.822: debug: 	Distribute zone "sub.example.net."
+2008-07-22 00:16:13.822: debug: 	  Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-22 00:16:13.828: debug: 	  ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./"
+2008-07-22 00:16:13.828: debug: 
+2008-07-22 00:16:13.829: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-22 00:16:13.829: debug: 	Check RFC5011 status
+2008-07-22 00:16:13.829: debug: 		->ksk5011status returns 2
+2008-07-22 00:16:13.829: debug: 	Check ZSK status
+2008-07-22 00:16:13.829: debug: 	Re-signing necessary: Option -f
+2008-07-22 00:16:13.829: notice: "example.net.": re-signing triggered: Option -f
+2008-07-22 00:16:13.829: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-22 00:16:13.830: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-22 00:16:13.830: debug: 	Signing zone "example.net."
+2008-07-22 00:16:13.830: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-22 00:16:13.976: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 00:16:13.976: debug: 	Signing completed after 0s.
+2008-07-22 00:16:13.977: notice: "example.net.": distribution triggered
+2008-07-22 00:16:13.977: debug: 	Distribute zone "example.net."
+2008-07-22 00:16:13.977: debug: 	  Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
+2008-07-22 00:16:13.983: debug: 	  ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./"
+2008-07-22 00:16:13.983: debug: 
+2008-07-22 00:16:13.983: notice: end of run: 0 errors occured
+2008-07-22 00:20:56.119: notice: ------------------------------------------------------------
+2008-07-22 00:20:56.119: notice: running ../../dnssec-signer -r -f -v -v 
+2008-07-22 00:20:56.121: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-22 00:20:56.121: debug: 	Check RFC5011 status
+2008-07-22 00:20:56.121: debug: 		->ksk5011status returns 0
+2008-07-22 00:20:56.121: debug: 	Check KSK status
+2008-07-22 00:20:56.121: debug: 	Check ZSK status
+2008-07-22 00:20:56.121: debug: 	Lifetime(390 sec) of depreciated key 8397 exceeded (618 sec)
+2008-07-22 00:20:56.121: info: "sub.example.net.": removed old ZSK 8397
+
+2008-07-22 00:20:56.122: debug: 		->remove it
+2008-07-22 00:20:56.122: debug: 	Re-signing necessary: Option -f
+2008-07-22 00:20:56.122: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-22 00:20:56.122: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-22 00:20:56.122: debug: 	Signing zone "sub.example.net."
+2008-07-22 00:20:56.122: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-22 00:20:56.627: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 00:20:56.627: debug: 	Signing completed after 0s.
+2008-07-22 00:20:56.627: notice: "sub.example.net.": distribution triggered
+2008-07-22 00:20:56.627: debug: 	Distribute zone "sub.example.net."
+2008-07-22 00:20:56.627: debug: 	  Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-22 00:20:56.634: debug: 	  ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./"
+2008-07-22 00:20:56.635: debug: 
+2008-07-22 00:20:56.635: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-22 00:20:56.635: debug: 	Check RFC5011 status
+2008-07-22 00:20:56.635: debug: 		->ksk5011status returns 2
+2008-07-22 00:20:56.635: debug: 	Check ZSK status
+2008-07-22 00:20:56.635: debug: 	Re-signing necessary: Option -f
+2008-07-22 00:20:56.635: notice: "example.net.": re-signing triggered: Option -f
+2008-07-22 00:20:56.635: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-22 00:20:56.636: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-22 00:20:56.636: debug: 	Signing zone "example.net."
+2008-07-22 00:20:56.637: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-22 00:20:56.760: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 00:20:56.760: debug: 	Signing completed after 0s.
+2008-07-22 00:20:56.760: notice: "example.net.": distribution triggered
+2008-07-22 00:20:56.760: debug: 	Distribute zone "example.net."
+2008-07-22 00:20:56.760: debug: 	  Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
+2008-07-22 00:20:56.768: debug: 	  ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./"
+2008-07-22 00:20:56.769: debug: 
+2008-07-22 00:20:56.769: notice: end of run: 0 errors occured
+2008-07-22 00:23:51.528: notice: ------------------------------------------------------------
+2008-07-22 00:23:51.528: notice: running ../../dnssec-signer -r -f -v -v 
+2008-07-22 00:23:51.530: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-22 00:23:51.530: debug: 	Check RFC5011 status
+2008-07-22 00:23:51.530: debug: 		->ksk5011status returns 0
+2008-07-22 00:23:51.531: debug: 	Check KSK status
+2008-07-22 00:23:51.531: debug: 	Check ZSK status
+2008-07-22 00:23:51.531: debug: 	Re-signing necessary: Option -f
+2008-07-22 00:23:51.531: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-22 00:23:51.531: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-22 00:23:51.531: debug: 	Signing zone "sub.example.net."
+2008-07-22 00:23:51.532: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-22 00:23:52.042: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 00:23:52.042: debug: 	Signing completed after 1s.
+2008-07-22 00:23:52.042: notice: "sub.example.net.": distribution triggered
+2008-07-22 00:23:52.042: debug: 	Distribute zone "sub.example.net."
+2008-07-22 00:23:52.043: debug: 	  Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-22 00:23:52.049: debug: 	  ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./"
+2008-07-22 00:23:52.049: debug: 
+2008-07-22 00:23:52.049: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-22 00:23:52.049: debug: 	Check RFC5011 status
+2008-07-22 00:23:52.049: debug: 		->ksk5011status returns 2
+2008-07-22 00:23:52.049: debug: 	Check ZSK status
+2008-07-22 00:23:52.049: debug: 	Re-signing necessary: Option -f
+2008-07-22 00:23:52.049: notice: "example.net.": re-signing triggered: Option -f
+2008-07-22 00:23:52.049: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-22 00:23:52.050: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-22 00:23:52.050: debug: 	Signing zone "example.net."
+2008-07-22 00:23:52.050: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-22 00:23:52.176: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 00:23:52.176: debug: 	Signing completed after 0s.
+2008-07-22 00:23:52.176: notice: "example.net.": distribution triggered
+2008-07-22 00:23:52.176: debug: 	Distribute zone "example.net."
+2008-07-22 00:23:52.176: debug: 	  Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
+2008-07-22 00:23:52.185: debug: 	  ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./"
+2008-07-22 00:23:52.185: debug: 
+2008-07-22 00:23:52.185: notice: end of run: 0 errors occured
+2008-07-22 00:24:09.609: notice: ------------------------------------------------------------
+2008-07-22 00:24:09.609: notice: running ../../dnssec-signer -r -f -v -v 
+2008-07-22 00:24:09.614: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-22 00:24:09.614: debug: 	Check RFC5011 status
+2008-07-22 00:24:09.614: debug: 		->ksk5011status returns 0
+2008-07-22 00:24:09.614: debug: 	Check KSK status
+2008-07-22 00:24:09.614: debug: 	Check ZSK status
+2008-07-22 00:24:09.614: debug: 	Re-signing necessary: Option -f
+2008-07-22 00:24:09.614: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-22 00:24:09.614: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-22 00:24:09.614: debug: 	Signing zone "sub.example.net."
+2008-07-22 00:24:09.614: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-22 00:24:10.692: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 00:24:10.692: debug: 	Signing completed after 1s.
+2008-07-22 00:24:10.692: notice: "sub.example.net.": distribution triggered
+2008-07-22 00:24:10.692: debug: 	Distribute zone "sub.example.net."
+2008-07-22 00:24:10.692: debug: 	  Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-22 00:24:10.698: debug: 	  ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./"
+2008-07-22 00:24:10.698: debug: 
+2008-07-22 00:24:10.698: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-22 00:24:10.698: debug: 	Check RFC5011 status
+2008-07-22 00:24:10.698: debug: 		->ksk5011status returns 2
+2008-07-22 00:24:10.698: debug: 	Check ZSK status
+2008-07-22 00:24:10.698: debug: 	Re-signing necessary: Option -f
+2008-07-22 00:24:10.698: notice: "example.net.": re-signing triggered: Option -f
+2008-07-22 00:24:10.698: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-22 00:24:10.699: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-22 00:24:10.699: debug: 	Signing zone "example.net."
+2008-07-22 00:24:10.699: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-22 00:24:10.883: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 00:24:10.883: debug: 	Signing completed after 0s.
+2008-07-22 00:24:10.883: notice: "example.net.": distribution triggered
+2008-07-22 00:24:10.883: debug: 	Distribute zone "example.net."
+2008-07-22 00:24:10.883: debug: 	  Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
+2008-07-22 00:24:10.889: debug: 	  ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./"
+2008-07-22 00:24:10.889: debug: 
+2008-07-22 00:24:10.889: notice: end of run: 0 errors occured
+2008-07-22 00:28:44.300: notice: ------------------------------------------------------------
+2008-07-22 00:28:44.300: notice: running ../../dnssec-signer -r -f -v -v 
+2008-07-22 00:28:44.302: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-22 00:28:44.302: debug: 	Check RFC5011 status
+2008-07-22 00:28:44.302: debug: 		->ksk5011status returns 0
+2008-07-22 00:28:44.302: debug: 	Check KSK status
+2008-07-22 00:28:44.302: debug: 	Check ZSK status
+2008-07-22 00:28:44.302: debug: 	Re-signing necessary: Option -f
+2008-07-22 00:28:44.302: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-22 00:28:44.302: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-22 00:28:44.306: debug: 	Signing zone "sub.example.net."
+2008-07-22 00:28:44.306: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-22 00:28:44.898: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 00:28:44.898: debug: 	Signing completed after 0s.
+2008-07-22 00:28:44.898: notice: "sub.example.net.": distribution triggered
+2008-07-22 00:28:44.899: debug: 	Distribute zone "sub.example.net."
+2008-07-22 00:28:44.899: debug: 	  Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-22 00:28:44.904: debug: 	  ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./"
+2008-07-22 00:28:44.905: debug: 
+2008-07-22 00:28:44.905: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-22 00:28:44.905: debug: 	Check RFC5011 status
+2008-07-22 00:28:44.905: debug: 		->ksk5011status returns 2
+2008-07-22 00:28:44.905: debug: 	Check ZSK status
+2008-07-22 00:28:44.905: debug: 	Re-signing necessary: Option -f
+2008-07-22 00:28:44.905: notice: "example.net.": re-signing triggered: Option -f
+2008-07-22 00:28:44.905: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-22 00:28:44.906: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-22 00:28:44.906: debug: 	Signing zone "example.net."
+2008-07-22 00:28:44.907: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-22 00:28:45.039: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 00:28:45.039: debug: 	Signing completed after 1s.
+2008-07-22 00:28:45.039: notice: "example.net.": distribution triggered
+2008-07-22 00:28:45.039: debug: 	Distribute zone "example.net."
+2008-07-22 00:28:45.040: debug: 	  Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
+2008-07-22 00:28:45.046: debug: 	  ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./"
+2008-07-22 00:28:45.046: debug: 
+2008-07-22 00:28:45.046: notice: end of run: 0 errors occured
+2008-07-22 00:39:15.968: notice: ------------------------------------------------------------
+2008-07-22 00:39:15.968: notice: running ../../dnssec-signer -r -v -v 
+2008-07-22 00:39:16.005: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-22 00:39:16.006: debug: 	Check RFC5011 status
+2008-07-22 00:39:16.006: debug: 		->ksk5011status returns 0
+2008-07-22 00:39:16.006: debug: 	Check KSK status
+2008-07-22 00:39:16.006: debug: 	Check ZSK status
+2008-07-22 00:39:16.006: debug: 	Re-signing not necessary!
+2008-07-22 00:39:16.006: debug: 	Check if there is a parent file to copy
+2008-07-22 00:39:16.006: debug: 
+2008-07-22 00:39:16.006: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-22 00:39:16.006: debug: 	Check RFC5011 status
+2008-07-22 00:39:16.006: debug: 		->ksk5011status returns 2
+2008-07-22 00:39:16.007: debug: 	Check ZSK status
+2008-07-22 00:39:16.007: debug: 	Re-signing not necessary!
+2008-07-22 00:39:16.007: debug: 	Check if there is a parent file to copy
+2008-07-22 00:39:16.007: debug: 
+2008-07-22 00:39:16.007: notice: end of run: 0 errors occured
+2008-07-22 00:39:31.578: notice: ------------------------------------------------------------
+2008-07-22 00:39:31.578: notice: running ../../dnssec-signer -r -f -v -v 
+2008-07-22 00:39:31.580: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-22 00:39:31.580: debug: 	Check RFC5011 status
+2008-07-22 00:39:31.580: debug: 		->ksk5011status returns 0
+2008-07-22 00:39:31.580: debug: 	Check KSK status
+2008-07-22 00:39:31.581: debug: 	Check ZSK status
+2008-07-22 00:39:31.581: debug: 	Re-signing necessary: Option -f
+2008-07-22 00:39:31.581: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-22 00:39:31.581: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-22 00:39:31.581: debug: 	Signing zone "sub.example.net."
+2008-07-22 00:39:31.582: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-22 00:39:32.216: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 00:39:32.216: debug: 	Signing completed after 1s.
+2008-07-22 00:39:32.216: notice: "sub.example.net.": distribution triggered
+2008-07-22 00:39:32.216: debug: 	Distribute zone "sub.example.net."
+2008-07-22 00:39:32.217: debug: 	  Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-22 00:39:32.223: debug: 	  ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./"
+2008-07-22 00:39:32.223: debug: 
+2008-07-22 00:39:32.223: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-22 00:39:32.223: debug: 	Check RFC5011 status
+2008-07-22 00:39:32.223: debug: 		->ksk5011status returns 2
+2008-07-22 00:39:32.223: debug: 	Check ZSK status
+2008-07-22 00:39:32.223: debug: 	Re-signing necessary: Option -f
+2008-07-22 00:39:32.223: notice: "example.net.": re-signing triggered: Option -f
+2008-07-22 00:39:32.223: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-22 00:39:32.224: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-22 00:39:32.224: debug: 	Signing zone "example.net."
+2008-07-22 00:39:32.225: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-22 00:39:32.360: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 00:39:32.361: debug: 	Signing completed after 0s.
+2008-07-22 00:39:32.361: notice: "example.net.": distribution triggered
+2008-07-22 00:39:32.361: debug: 	Distribute zone "example.net."
+2008-07-22 00:39:32.361: debug: 	  Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
+2008-07-22 00:39:32.367: debug: 	  ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./"
+2008-07-22 00:39:32.367: debug: 
+2008-07-22 00:39:32.367: notice: end of run: 0 errors occured
+2008-07-22 00:41:53.710: notice: ------------------------------------------------------------
+2008-07-22 00:41:53.710: notice: running ../../dnssec-signer -r -f -v -v 
+2008-07-22 00:41:53.712: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-22 00:41:53.712: debug: 	Check RFC5011 status
+2008-07-22 00:41:53.712: debug: 		->ksk5011status returns 0
+2008-07-22 00:41:53.712: debug: 	Check KSK status
+2008-07-22 00:41:53.712: debug: 	Check ZSK status
+2008-07-22 00:41:53.712: debug: 	Re-signing necessary: Option -f
+2008-07-22 00:41:53.712: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-22 00:41:53.712: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-22 00:41:53.712: debug: 	Signing zone "sub.example.net."
+2008-07-22 00:41:53.713: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-22 00:41:53.866: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 00:41:53.866: debug: 	Signing completed after 0s.
+2008-07-22 00:41:53.866: notice: "sub.example.net.": distribution triggered
+2008-07-22 00:41:53.866: debug: 	Distribute zone "sub.example.net."
+2008-07-22 00:41:53.867: debug: 	  Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-22 00:41:53.873: debug: 	  ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./"
+2008-07-22 00:41:53.873: debug: 
+2008-07-22 00:41:53.873: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-22 00:41:53.873: debug: 	Check RFC5011 status
+2008-07-22 00:41:53.873: debug: 		->ksk5011status returns 2
+2008-07-22 00:41:53.873: debug: 	Check ZSK status
+2008-07-22 00:41:53.873: debug: 	Re-signing necessary: Option -f
+2008-07-22 00:41:53.873: notice: "example.net.": re-signing triggered: Option -f
+2008-07-22 00:41:53.873: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-22 00:41:53.873: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-22 00:41:53.873: debug: 	Signing zone "example.net."
+2008-07-22 00:41:53.873: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-22 00:41:53.989: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 00:41:53.989: debug: 	Signing completed after 0s.
+2008-07-22 00:41:53.989: notice: "example.net.": distribution triggered
+2008-07-22 00:41:53.989: debug: 	Distribute zone "example.net."
+2008-07-22 00:41:53.989: debug: 	  Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
+2008-07-22 00:41:53.995: debug: 	  ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./"
+2008-07-22 00:41:53.995: debug: 
+2008-07-22 00:41:53.995: notice: end of run: 0 errors occured
+2008-07-22 00:45:46.509: notice: ------------------------------------------------------------
+2008-07-22 00:45:46.509: notice: running ../../dnssec-signer -r -f -v -v 
+2008-07-22 00:45:46.511: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-22 00:45:46.512: debug: 	Check RFC5011 status
+2008-07-22 00:45:46.512: debug: 		->ksk5011status returns 0
+2008-07-22 00:45:46.512: debug: 	Check KSK status
+2008-07-22 00:45:46.512: debug: 	Check ZSK status
+2008-07-22 00:45:46.512: debug: 	Re-signing necessary: Option -f
+2008-07-22 00:45:46.512: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-22 00:45:46.512: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-22 00:45:46.513: debug: 	Signing zone "sub.example.net."
+2008-07-22 00:45:46.513: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-22 00:45:46.734: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 00:45:46.734: debug: 	Signing completed after 0s.
+2008-07-22 00:45:46.734: notice: "sub.example.net.": distribution triggered
+2008-07-22 00:45:46.734: debug: 	Distribute zone "sub.example.net."
+2008-07-22 00:45:46.734: debug: 	  Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-22 00:45:46.740: debug: 	  ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./"
+2008-07-22 00:45:46.740: debug: 
+2008-07-22 00:45:46.740: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-22 00:45:46.740: debug: 	Check RFC5011 status
+2008-07-22 00:45:46.741: debug: 		->ksk5011status returns 2
+2008-07-22 00:45:46.741: debug: 	Check ZSK status
+2008-07-22 00:45:46.741: debug: 	Re-signing necessary: Option -f
+2008-07-22 00:45:46.741: notice: "example.net.": re-signing triggered: Option -f
+2008-07-22 00:45:46.741: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-22 00:45:46.742: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-22 00:45:46.742: debug: 	Signing zone "example.net."
+2008-07-22 00:45:46.742: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-22 00:45:47.013: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 00:45:47.013: debug: 	Signing completed after 1s.
+2008-07-22 00:45:47.013: notice: "example.net.": distribution triggered
+2008-07-22 00:45:47.013: debug: 	Distribute zone "example.net."
+2008-07-22 00:45:47.013: debug: 	  Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
+2008-07-22 00:45:47.019: debug: 	  ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./"
+2008-07-22 00:45:47.019: debug: 
+2008-07-22 00:45:47.019: notice: end of run: 0 errors occured
+2008-07-22 00:48:02.761: notice: ------------------------------------------------------------
+2008-07-22 00:48:02.761: notice: running ../../dnssec-signer -r -f -v -v 
+2008-07-22 00:48:02.763: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-22 00:48:02.763: debug: 	Check RFC5011 status
+2008-07-22 00:48:02.763: debug: 		->ksk5011status returns 0
+2008-07-22 00:48:02.763: debug: 	Check KSK status
+2008-07-22 00:48:02.763: debug: 	Check ZSK status
+2008-07-22 00:48:02.763: debug: 	Re-signing necessary: Option -f
+2008-07-22 00:48:02.763: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-22 00:48:02.763: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-22 00:48:02.763: debug: 	Signing zone "sub.example.net."
+2008-07-22 00:48:02.763: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-22 00:48:02.907: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 00:48:02.907: debug: 	Signing completed after 0s.
+2008-07-22 00:48:02.907: notice: "sub.example.net.": distribution triggered
+2008-07-22 00:48:02.907: debug: 	Distribute zone "sub.example.net."
+2008-07-22 00:48:02.907: debug: 
+2008-07-22 00:48:02.907: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-22 00:48:02.907: debug: 	Check RFC5011 status
+2008-07-22 00:48:02.907: debug: 		->ksk5011status returns 2
+2008-07-22 00:48:02.907: debug: 	Check ZSK status
+2008-07-22 00:48:02.907: debug: 	Re-signing necessary: Option -f
+2008-07-22 00:48:02.907: notice: "example.net.": re-signing triggered: Option -f
+2008-07-22 00:48:02.907: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-22 00:48:02.908: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-22 00:48:02.908: debug: 	Signing zone "example.net."
+2008-07-22 00:48:02.908: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-22 00:48:03.029: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 00:48:03.029: debug: 	Signing completed after 1s.
+2008-07-22 00:48:03.029: notice: "example.net.": distribution triggered
+2008-07-22 00:48:03.029: debug: 	Distribute zone "example.net."
+2008-07-22 00:48:03.029: debug: 
+2008-07-22 00:48:03.029: notice: end of run: 0 errors occured
+2008-07-22 00:48:56.098: notice: ------------------------------------------------------------
+2008-07-22 00:48:56.098: notice: running ../../dnssec-signer -r -f -v -v 
+2008-07-22 00:48:56.100: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-22 00:48:56.101: debug: 	Check RFC5011 status
+2008-07-22 00:48:56.101: debug: 		->ksk5011status returns 0
+2008-07-22 00:48:56.101: debug: 	Check KSK status
+2008-07-22 00:48:56.101: debug: 	Check ZSK status
+2008-07-22 00:48:56.101: debug: 	Re-signing necessary: Option -f
+2008-07-22 00:48:56.101: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-22 00:48:56.101: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-22 00:48:56.102: debug: 	Signing zone "sub.example.net."
+2008-07-22 00:48:56.102: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-22 00:48:56.244: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 00:48:56.244: debug: 	Signing completed after 0s.
+2008-07-22 00:48:56.244: notice: "sub.example.net.": distribution triggered
+2008-07-22 00:48:56.244: debug: 	Distribute zone "sub.example.net."
+2008-07-22 00:48:56.245: debug: 
+2008-07-22 00:48:56.245: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-22 00:48:56.245: debug: 	Check RFC5011 status
+2008-07-22 00:48:56.245: debug: 		->ksk5011status returns 2
+2008-07-22 00:48:56.245: debug: 	Check ZSK status
+2008-07-22 00:48:56.245: debug: 	Re-signing necessary: Option -f
+2008-07-22 00:48:56.245: notice: "example.net.": re-signing triggered: Option -f
+2008-07-22 00:48:56.246: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-22 00:48:56.246: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-22 00:48:56.246: debug: 	Signing zone "example.net."
+2008-07-22 00:48:56.247: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-22 00:48:56.367: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 00:48:56.367: debug: 	Signing completed after 0s.
+2008-07-22 00:48:56.367: notice: "example.net.": distribution triggered
+2008-07-22 00:48:56.367: debug: 	Distribute zone "example.net."
+2008-07-22 00:48:56.367: debug: 
+2008-07-22 00:48:56.367: notice: end of run: 0 errors occured
+2008-07-22 08:07:30.993: notice: ------------------------------------------------------------
+2008-07-22 08:07:30.993: notice: running ../../dnssec-signer -r -f -v -v 
+2008-07-22 08:07:30.995: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-22 08:07:30.995: debug: 	Check RFC5011 status
+2008-07-22 08:07:30.995: debug: 		->ksk5011status returns 0
+2008-07-22 08:07:30.995: debug: 	Check KSK status
+2008-07-22 08:07:30.995: debug: 	Check ZSK status
+2008-07-22 08:07:30.995: debug: 	Re-signing necessary: Option -f
+2008-07-22 08:07:30.996: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-22 08:07:30.996: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-22 08:07:30.996: debug: 	Signing zone "sub.example.net."
+2008-07-22 08:07:30.996: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-22 08:07:31.454: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 08:07:31.454: debug: 	Signing completed after 1s.
+2008-07-22 08:07:31.454: notice: "sub.example.net.": distribution triggered
+2008-07-22 08:07:31.454: debug: 	Distribute zone "sub.example.net."
+2008-07-22 08:07:31.454: debug: 
+2008-07-22 08:07:31.454: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-22 08:07:31.454: debug: 	Check RFC5011 status
+2008-07-22 08:07:31.454: debug: 		->ksk5011status returns 2
+2008-07-22 08:07:31.454: debug: 	Check ZSK status
+2008-07-22 08:07:31.454: debug: 	Re-signing necessary: Option -f
+2008-07-22 08:07:31.454: notice: "example.net.": re-signing triggered: Option -f
+2008-07-22 08:07:31.454: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-22 08:07:31.454: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-22 08:07:31.454: debug: 	Signing zone "example.net."
+2008-07-22 08:07:31.455: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-22 08:07:31.588: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 08:07:31.589: debug: 	Signing completed after 0s.
+2008-07-22 08:07:31.589: notice: "example.net.": distribution triggered
+2008-07-22 08:07:31.589: debug: 	Distribute zone "example.net."
+2008-07-22 08:07:31.589: debug: 
+2008-07-22 08:07:31.589: notice: end of run: 0 errors occured
+2008-07-22 08:08:09.237: notice: ------------------------------------------------------------
+2008-07-22 08:08:09.237: notice: running ../../dnssec-signer -r -f -v -v 
+2008-07-22 08:08:09.239: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-22 08:08:09.239: debug: 	Check RFC5011 status
+2008-07-22 08:08:09.239: debug: 		->ksk5011status returns 0
+2008-07-22 08:08:09.239: debug: 	Check KSK status
+2008-07-22 08:08:09.239: debug: 	Check ZSK status
+2008-07-22 08:08:09.239: debug: 	Re-signing necessary: Option -f
+2008-07-22 08:08:09.239: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-22 08:08:09.239: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-22 08:08:09.240: debug: 	Signing zone "sub.example.net."
+2008-07-22 08:08:09.240: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-22 08:08:09.506: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 08:08:09.507: debug: 	Signing completed after 0s.
+2008-07-22 08:08:09.507: notice: "sub.example.net.": distribution triggered
+2008-07-22 08:08:09.507: debug: 	Distribute zone "sub.example.net."
+2008-07-22 08:10:10.328: notice: ------------------------------------------------------------
+2008-07-22 08:10:10.328: notice: running ../../dnssec-signer -r -f -v -v 
+2008-07-22 08:10:10.330: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-22 08:10:10.330: debug: 	Check RFC5011 status
+2008-07-22 08:10:10.330: debug: 		->ksk5011status returns 0
+2008-07-22 08:10:10.330: debug: 	Check KSK status
+2008-07-22 08:10:10.330: debug: 	Check ZSK status
+2008-07-22 08:10:10.330: debug: 	Re-signing necessary: Option -f
+2008-07-22 08:10:10.330: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-22 08:10:10.330: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-22 08:10:10.331: debug: 	Signing zone "sub.example.net."
+2008-07-22 08:10:10.331: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-22 08:10:10.950: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 08:10:10.950: debug: 	Signing completed after 0s.
+2008-07-22 08:10:10.950: notice: "sub.example.net.": distribution triggered
+2008-07-22 08:10:10.950: debug: 	Distribute zone "sub.example.net."
+2008-07-22 08:11:17.247: notice: ------------------------------------------------------------
+2008-07-22 08:11:17.247: notice: running ../../dnssec-signer -r -f -v -v 
+2008-07-22 08:11:17.249: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-22 08:11:17.250: debug: 	Check RFC5011 status
+2008-07-22 08:11:17.250: debug: 		->ksk5011status returns 0
+2008-07-22 08:11:17.250: debug: 	Check KSK status
+2008-07-22 08:11:17.250: debug: 	Check ZSK status
+2008-07-22 08:11:17.250: debug: 	Re-signing necessary: Option -f
+2008-07-22 08:11:17.250: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-22 08:11:17.250: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-22 08:11:17.251: debug: 	Signing zone "sub.example.net."
+2008-07-22 08:11:17.251: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-22 08:11:17.883: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 08:11:17.883: debug: 	Signing completed after 0s.
+2008-07-22 08:11:17.883: notice: "sub.example.net.": distribution triggered
+2008-07-22 08:11:17.883: debug: 	Distribute zone "sub.example.net."
+2008-07-22 08:11:17.883: debug: 
+2008-07-22 08:11:17.883: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-22 08:11:17.884: debug: 	Check RFC5011 status
+2008-07-22 08:11:17.884: debug: 		->ksk5011status returns 2
+2008-07-22 08:11:17.884: debug: 	Check ZSK status
+2008-07-22 08:11:17.884: debug: 	Re-signing necessary: Option -f
+2008-07-22 08:11:17.884: notice: "example.net.": re-signing triggered: Option -f
+2008-07-22 08:11:17.884: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-22 08:11:17.884: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-22 08:11:17.884: debug: 	Signing zone "example.net."
+2008-07-22 08:11:17.884: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-22 08:11:18.005: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 08:11:18.005: debug: 	Signing completed after 1s.
+2008-07-22 08:11:18.006: notice: "example.net.": distribution triggered
+2008-07-22 08:11:18.006: debug: 	Distribute zone "example.net."
+2008-07-22 08:11:18.006: debug: 
+2008-07-22 08:11:18.006: notice: end of run: 0 errors occured
+2008-07-24 00:13:56.493: notice: ------------------------------------------------------------
+2008-07-24 00:13:56.493: notice: running ../../dnssec-signer -v -v 
+2008-07-24 00:13:56.495: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-24 00:13:56.495: debug: 	Check RFC5011 status
+2008-07-24 00:13:56.495: debug: 		->ksk5011status returns 0
+2008-07-24 00:13:56.495: debug: 	Check KSK status
+2008-07-24 00:13:56.495: debug: 	Check ZSK status
+2008-07-24 00:13:56.495: debug: 	Re-signing necessary: re-signing interval (1d) reached
+2008-07-24 00:13:56.495: notice: "sub.example.net.": re-signing triggered: re-signing interval (1d) reached
+2008-07-24 00:13:56.495: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-24 00:13:56.495: debug: 	Signing zone "sub.example.net."
+2008-07-24 00:13:56.495: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-24 00:13:57.439: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 00:13:57.439: debug: 	Signing completed after 1s.
+2008-07-24 00:13:57.439: debug: 
+2008-07-24 00:13:57.439: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-24 00:13:57.439: debug: 	Check RFC5011 status
+2008-07-24 00:13:57.439: debug: 		->ksk5011status returns 2
+2008-07-24 00:13:57.439: debug: 	Check ZSK status
+2008-07-24 00:13:57.440: debug: 	Lifetime(1209600 +/-150 sec) of active key 16682 exceeded (1309537 sec)
+2008-07-24 00:13:57.440: debug: 		->depreciate it
+2008-07-24 00:13:57.440: debug: 		->activate published key 41300
+2008-07-24 00:13:57.440: notice: "example.net.": lifetime of zone signing key 16682 exceeded: ZSK rollover done
+2008-07-24 00:13:57.440: debug: 	Re-signing necessary: New zone key
+2008-07-24 00:13:57.440: notice: "example.net.": re-signing triggered: New zone key
+2008-07-24 00:13:57.441: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-24 00:13:57.441: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-24 00:13:57.441: debug: 	Signing zone "example.net."
+2008-07-24 00:13:57.442: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-24 00:13:57.562: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 00:13:57.562: debug: 	Signing completed after 0s.
+2008-07-24 00:13:57.562: debug: 
+2008-07-24 00:13:57.562: notice: end of run: 0 errors occured
+2008-07-24 00:14:08.862: notice: ------------------------------------------------------------
+2008-07-24 00:14:08.862: notice: running ../../dnssec-signer -r -v -v 
+2008-07-24 00:14:08.864: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-24 00:14:08.864: debug: 	Check RFC5011 status
+2008-07-24 00:14:08.864: debug: 		->ksk5011status returns 0
+2008-07-24 00:14:08.864: debug: 	Check KSK status
+2008-07-24 00:14:08.864: debug: 	Check ZSK status
+2008-07-24 00:14:08.864: debug: 	Re-signing not necessary!
+2008-07-24 00:14:08.864: debug: 	Check if there is a parent file to copy
+2008-07-24 00:14:08.864: debug: 
+2008-07-24 00:14:08.864: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-24 00:14:08.864: debug: 	Check RFC5011 status
+2008-07-24 00:14:08.864: debug: 		->ksk5011status returns 2
+2008-07-24 00:14:08.864: debug: 	Check ZSK status
+2008-07-24 00:14:08.864: debug: 	Re-signing not necessary!
+2008-07-24 00:14:08.864: debug: 	Check if there is a parent file to copy
+2008-07-24 00:14:08.864: debug: 
+2008-07-24 00:14:08.864: notice: end of run: 0 errors occured
+2008-07-24 00:14:12.963: notice: ------------------------------------------------------------
+2008-07-24 00:14:12.963: notice: running ../../dnssec-signer -r -f -v -v 
+2008-07-24 00:14:12.965: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-24 00:14:12.965: debug: 	Check RFC5011 status
+2008-07-24 00:14:12.965: debug: 		->ksk5011status returns 0
+2008-07-24 00:14:12.965: debug: 	Check KSK status
+2008-07-24 00:14:12.965: debug: 	Check ZSK status
+2008-07-24 00:14:12.965: debug: 	Re-signing necessary: Option -f
+2008-07-24 00:14:12.965: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-24 00:14:12.966: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-24 00:14:12.966: debug: 	Signing zone "sub.example.net."
+2008-07-24 00:14:12.966: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-24 00:14:13.488: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 00:14:13.488: debug: 	Signing completed after 1s.
+2008-07-24 00:14:13.488: error: exec of distribution command Ìö÷¿ forbidden due to strange file mode settings
+2008-07-24 00:14:13.488: debug: 
+2008-07-24 00:14:13.488: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-24 00:14:13.488: debug: 	Check RFC5011 status
+2008-07-24 00:14:13.488: debug: 		->ksk5011status returns 2
+2008-07-24 00:14:13.488: debug: 	Check ZSK status
+2008-07-24 00:14:13.488: debug: 	Re-signing necessary: Option -f
+2008-07-24 00:14:13.488: notice: "example.net.": re-signing triggered: Option -f
+2008-07-24 00:14:13.488: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-24 00:14:13.489: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-24 00:14:13.489: debug: 	Signing zone "example.net."
+2008-07-24 00:14:13.489: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-24 00:14:13.601: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 00:14:13.601: debug: 	Signing completed after 0s.
+2008-07-24 00:14:13.601: error: exec of distribution command Ìö÷¿ forbidden due to strange file mode settings
+2008-07-24 00:14:13.602: debug: 
+2008-07-24 00:14:13.602: notice: end of run: 2 errors occured
+2008-07-24 00:15:38.304: notice: ------------------------------------------------------------
+2008-07-24 00:15:38.304: notice: running ../../dnssec-signer -f -v -v 
+2008-07-24 00:15:38.306: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-24 00:15:38.306: debug: 	Check RFC5011 status
+2008-07-24 00:15:38.307: debug: 		->ksk5011status returns 0
+2008-07-24 00:15:38.307: debug: 	Check KSK status
+2008-07-24 00:15:38.307: debug: 	Check ZSK status
+2008-07-24 00:15:38.307: debug: 	Re-signing necessary: Option -f
+2008-07-24 00:15:38.307: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-24 00:15:38.307: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-24 00:15:38.308: debug: 	Signing zone "sub.example.net."
+2008-07-24 00:15:38.308: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-24 00:15:39.280: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 00:15:39.280: debug: 	Signing completed after 1s.
+2008-07-24 00:15:39.281: debug: 
+2008-07-24 00:15:39.281: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-24 00:15:39.281: debug: 	Check RFC5011 status
+2008-07-24 00:15:39.281: debug: 		->ksk5011status returns 2
+2008-07-24 00:15:39.281: debug: 	Check ZSK status
+2008-07-24 00:15:39.281: debug: 	Re-signing necessary: Option -f
+2008-07-24 00:15:39.281: notice: "example.net.": re-signing triggered: Option -f
+2008-07-24 00:15:39.281: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-24 00:15:39.282: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-24 00:15:39.282: debug: 	Signing zone "example.net."
+2008-07-24 00:15:39.282: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-24 00:15:39.402: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 00:15:39.402: debug: 	Signing completed after 0s.
+2008-07-24 00:15:39.403: debug: 
+2008-07-24 00:15:39.403: notice: end of run: 0 errors occured
+2008-07-24 00:18:59.568: notice: ------------------------------------------------------------
+2008-07-24 00:18:59.568: notice: running ../../dnssec-signer -r -f -v -v 
+2008-07-24 00:18:59.570: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-24 00:18:59.573: debug: 	Check RFC5011 status
+2008-07-24 00:18:59.573: debug: 		->ksk5011status returns 0
+2008-07-24 00:18:59.573: debug: 	Check KSK status
+2008-07-24 00:18:59.573: debug: 	Check ZSK status
+2008-07-24 00:18:59.573: debug: 	Re-signing necessary: Option -f
+2008-07-24 00:18:59.573: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-24 00:18:59.573: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-24 00:18:59.573: debug: 	Signing zone "sub.example.net."
+2008-07-24 00:18:59.573: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-24 00:19:00.167: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 00:19:00.167: debug: 	Signing completed after 1s.
+2008-07-24 00:19:00.168: error: exec of distribution command ./dist.sh forbidden due to strange file mode settings
+2008-07-24 00:19:00.168: debug: 
+2008-07-24 00:19:00.168: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-24 00:19:00.168: debug: 	Check RFC5011 status
+2008-07-24 00:19:00.168: debug: 		->ksk5011status returns 2
+2008-07-24 00:19:00.168: debug: 	Check ZSK status
+2008-07-24 00:19:00.168: debug: 	Re-signing necessary: Option -f
+2008-07-24 00:19:00.168: notice: "example.net.": re-signing triggered: Option -f
+2008-07-24 00:19:00.168: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-24 00:19:00.169: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-24 00:19:00.169: debug: 	Signing zone "example.net."
+2008-07-24 00:19:00.169: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-24 00:19:00.280: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 00:19:00.280: debug: 	Signing completed after 0s.
+2008-07-24 00:19:00.280: error: exec of distribution command ./dist.sh forbidden due to strange file mode settings
+2008-07-24 00:19:00.280: debug: 
+2008-07-24 00:19:00.280: notice: end of run: 2 errors occured
+2008-07-24 00:22:24.567: notice: ------------------------------------------------------------
+2008-07-24 00:22:24.567: notice: running ../../dnssec-signer -r -f -v -v 
+2008-07-24 00:22:24.569: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-24 00:22:24.569: debug: 	Check RFC5011 status
+2008-07-24 00:22:24.569: debug: 		->ksk5011status returns 0
+2008-07-24 00:22:24.569: debug: 	Check KSK status
+2008-07-24 00:22:24.570: debug: 	Check ZSK status
+2008-07-24 00:22:24.570: debug: 	Re-signing necessary: Option -f
+2008-07-24 00:22:24.570: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-24 00:22:24.570: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-24 00:22:24.570: debug: 	Signing zone "sub.example.net."
+2008-07-24 00:22:24.571: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-24 00:22:25.147: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 00:22:25.148: debug: 	Signing completed after 1s.
+2008-07-24 00:22:25.148: error: exec of distribution command ./dist.sh forbidden due to strange file mode settings
+2008-07-24 00:22:25.148: debug: 	not running distribution command ./dist.sh because of strange file mode settings
+2008-07-24 00:22:25.148: debug: 
+2008-07-24 00:22:25.148: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-24 00:22:25.148: debug: 	Check RFC5011 status
+2008-07-24 00:22:25.148: debug: 		->ksk5011status returns 2
+2008-07-24 00:22:25.148: debug: 	Check ZSK status
+2008-07-24 00:22:25.149: debug: 	Re-signing necessary: Option -f
+2008-07-24 00:22:25.149: notice: "example.net.": re-signing triggered: Option -f
+2008-07-24 00:22:25.149: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-24 00:22:25.150: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-24 00:22:25.150: debug: 	Signing zone "example.net."
+2008-07-24 00:22:25.150: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-24 00:22:25.271: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 00:22:25.271: debug: 	Signing completed after 0s.
+2008-07-24 00:22:25.271: error: exec of distribution command ./dist.sh forbidden due to strange file mode settings
+2008-07-24 00:22:25.271: debug: 	not running distribution command ./dist.sh because of strange file mode settings
+2008-07-24 00:22:25.271: debug: 
+2008-07-24 00:22:25.271: notice: end of run: 2 errors occured
+2008-07-24 00:23:08.907: notice: ------------------------------------------------------------
+2008-07-24 00:23:08.907: notice: running ../../dnssec-signer -r -f -v -v 
+2008-07-24 00:23:08.909: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-24 00:23:08.909: debug: 	Check RFC5011 status
+2008-07-24 00:23:08.909: debug: 		->ksk5011status returns 0
+2008-07-24 00:23:08.909: debug: 	Check KSK status
+2008-07-24 00:23:08.909: debug: 	Check ZSK status
+2008-07-24 00:23:08.909: debug: 	Re-signing necessary: Option -f
+2008-07-24 00:23:08.909: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-24 00:23:08.909: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-24 00:23:08.910: debug: 	Signing zone "sub.example.net."
+2008-07-24 00:23:08.910: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-24 00:23:09.510: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 00:23:09.510: debug: 	Signing completed after 1s.
+2008-07-24 00:23:09.511: notice: "sub.example.net.": distribution triggered
+2008-07-24 00:23:09.511: debug: 	Distribute zone "sub.example.net."
+2008-07-24 00:23:09.511: debug: 	  Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-24 00:23:09.517: debug: 	  ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./"
+2008-07-24 00:23:09.517: debug: 
+2008-07-24 00:23:09.517: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-24 00:23:09.517: debug: 	Check RFC5011 status
+2008-07-24 00:23:09.517: debug: 		->ksk5011status returns 2
+2008-07-24 00:23:09.517: debug: 	Check ZSK status
+2008-07-24 00:23:09.517: debug: 	Re-signing necessary: Option -f
+2008-07-24 00:23:09.517: notice: "example.net.": re-signing triggered: Option -f
+2008-07-24 00:23:09.517: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-24 00:23:09.518: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-24 00:23:09.518: debug: 	Signing zone "example.net."
+2008-07-24 00:23:09.518: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-24 00:23:09.633: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 00:23:09.633: debug: 	Signing completed after 0s.
+2008-07-24 00:23:09.634: notice: "example.net.": distribution triggered
+2008-07-24 00:23:09.634: debug: 	Distribute zone "example.net."
+2008-07-24 00:23:09.634: debug: 	  Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
+2008-07-24 00:23:09.640: debug: 	  ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./"
+2008-07-24 00:23:09.640: debug: 
+2008-07-24 00:23:09.640: notice: end of run: 0 errors occured
+2008-07-24 00:33:30.818: notice: ------------------------------------------------------------
+2008-07-24 00:33:30.818: notice: running ../../dnssec-signer -r -f -v -v 
+2008-07-24 00:33:30.820: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-24 00:33:30.820: debug: 	Check RFC5011 status
+2008-07-24 00:33:30.821: debug: 		->ksk5011status returns 0
+2008-07-24 00:33:30.821: debug: 	Check KSK status
+2008-07-24 00:33:30.821: debug: 	Check ZSK status
+2008-07-24 00:33:30.821: debug: 	Re-signing necessary: Option -f
+2008-07-24 00:33:30.821: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-24 00:33:30.821: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-24 00:33:30.822: debug: 	Signing zone "sub.example.net."
+2008-07-24 00:33:30.822: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-24 00:33:31.320: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 00:33:31.320: debug: 	Signing completed after 1s.
+2008-07-24 00:33:31.320: error: exec of distribution command ./dist.sh forbidden due to running as root
+2008-07-24 00:33:31.320: debug: 	Not running distribution command ./dist.sh as root
+2008-07-24 00:33:31.320: debug: 
+2008-07-24 00:33:31.320: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-24 00:33:31.320: debug: 	Check RFC5011 status
+2008-07-24 00:33:31.320: debug: 		->ksk5011status returns 2
+2008-07-24 00:33:31.320: debug: 	Check ZSK status
+2008-07-24 00:33:31.320: debug: 	Re-signing necessary: Option -f
+2008-07-24 00:33:31.320: notice: "example.net.": re-signing triggered: Option -f
+2008-07-24 00:33:31.320: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-24 00:33:31.321: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-24 00:33:31.321: debug: 	Signing zone "example.net."
+2008-07-24 00:33:31.321: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-24 00:33:31.443: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 00:33:31.443: debug: 	Signing completed after 0s.
+2008-07-24 00:33:31.443: error: exec of distribution command ./dist.sh forbidden due to running as root
+2008-07-24 00:33:31.443: debug: 	Not running distribution command ./dist.sh as root
+2008-07-24 00:33:31.443: debug: 
+2008-07-24 00:33:31.443: notice: end of run: 2 errors occured
+2008-07-24 23:21:55.189: notice: ------------------------------------------------------------
+2008-07-24 23:21:55.189: notice: running ../../dnssec-signer -r -v -v 
+2008-07-24 23:21:55.196: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-24 23:21:55.196: debug: 	Check RFC5011 status
+2008-07-24 23:21:55.196: debug: 		->not a rfc5011 zone, looking for a regular ksk rollover
+2008-07-24 23:21:55.196: debug: 	Check KSK status
+2008-07-24 23:21:55.196: debug: 	Check ZSK status
+2008-07-24 23:21:55.196: debug: 	Re-signing not necessary!
+2008-07-24 23:21:55.196: debug: 	Check if there is a parent file to copy
+2008-07-24 23:21:55.196: debug: 
+2008-07-24 23:21:55.196: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-24 23:21:55.196: debug: 	Check RFC5011 status
+2008-07-24 23:21:55.196: debug: 	Check ZSK status
+2008-07-24 23:21:55.196: debug: 	Lifetime(29100 sec) of depreciated key 16682 exceeded (83278 sec)
+2008-07-24 23:21:55.196: info: "example.net.": old ZSK 16682 removed
+2008-07-24 23:21:55.196: debug: 		->remove it
+2008-07-24 23:21:55.196: debug: 	Re-signing necessary: New zone key
+2008-07-24 23:21:55.197: notice: "example.net.": re-signing triggered: New zone key
+2008-07-24 23:21:55.197: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-24 23:21:55.197: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-24 23:21:55.197: debug: 	Signing zone "example.net."
+2008-07-24 23:21:55.197: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-24 23:21:55.873: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 23:21:55.873: debug: 	Signing completed after 0s.
+2008-07-24 23:21:55.873: debug: 	Distribution command ./dist.sh not run as root
+2008-07-24 23:21:55.873: error: exec of distribution command ./dist.sh suppressed because of security reasons
+2008-07-24 23:21:55.873: debug: 
+2008-07-24 23:21:55.874: notice: end of run: 1 error occured
+2008-07-24 23:23:06.278: notice: ------------------------------------------------------------
+2008-07-24 23:23:06.278: notice: running ../../dnssec-signer -r -v -v 
+2008-07-24 23:23:06.279: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-24 23:23:06.280: debug: 	Check RFC5011 status
+2008-07-24 23:23:06.280: debug: 		->not a rfc5011 zone, looking for a regular ksk rollover
+2008-07-24 23:23:06.280: debug: 	Check KSK status
+2008-07-24 23:23:06.280: debug: 	Check ZSK status
+2008-07-24 23:23:06.280: debug: 	Re-signing not necessary!
+2008-07-24 23:23:06.280: debug: 	Check if there is a parent file to copy
+2008-07-24 23:23:06.280: debug: 
+2008-07-24 23:23:06.280: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-24 23:23:06.280: debug: 	Check RFC5011 status
+2008-07-24 23:23:06.280: debug: 	Check ZSK status
+2008-07-24 23:23:06.280: debug: 	Re-signing not necessary!
+2008-07-24 23:23:06.280: debug: 	Check if there is a parent file to copy
+2008-07-24 23:23:06.280: debug: 
+2008-07-24 23:23:06.280: notice: end of run: 0 errors occured
+2008-07-24 23:25:21.930: notice: ------------------------------------------------------------
+2008-07-24 23:25:21.930: notice: running ../../dnssec-signer -r -v -v 
+2008-07-24 23:25:21.932: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-24 23:25:21.932: debug: 	Check RFC5011 status
+2008-07-24 23:25:21.932: debug: 		->not a rfc5011 zone, looking for a regular ksk rollover
+2008-07-24 23:25:21.932: debug: 	Check KSK status
+2008-07-24 23:25:21.932: debug: 	Check ZSK status
+2008-07-24 23:25:21.932: debug: 	Re-signing not necessary!
+2008-07-24 23:25:21.932: debug: 	Check if there is a parent file to copy
+2008-07-24 23:25:21.932: debug: 
+2008-07-24 23:25:21.932: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-24 23:25:21.932: debug: 	Check RFC5011 status
+2008-07-24 23:25:21.932: debug: 	Check ZSK status
+2008-07-24 23:25:21.932: debug: 	Re-signing not necessary!
+2008-07-24 23:25:21.932: debug: 	Check if there is a parent file to copy
+2008-07-24 23:25:21.932: debug: 
+2008-07-24 23:25:21.932: notice: end of run: 0 errors occured
+2008-07-24 23:25:39.009: notice: ------------------------------------------------------------
+2008-07-24 23:25:39.009: notice: running ../../dnssec-signer -f -r -v -v 
+2008-07-24 23:25:39.011: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-24 23:25:39.011: debug: 	Check RFC5011 status
+2008-07-24 23:25:39.011: debug: 		->not a rfc5011 zone, looking for a regular ksk rollover
+2008-07-24 23:25:39.011: debug: 	Check KSK status
+2008-07-24 23:25:39.011: debug: 	Check ZSK status
+2008-07-24 23:25:39.011: debug: 	Re-signing necessary: Option -f
+2008-07-24 23:25:39.011: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-24 23:25:39.011: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-24 23:25:39.011: debug: 	Signing zone "sub.example.net."
+2008-07-24 23:25:39.012: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-24 23:25:39.591: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 23:25:39.591: debug: 	Signing completed after 0s.
+2008-07-24 23:25:39.591: debug: 	Distribution command ./dist.sh not run as root
+2008-07-24 23:25:39.591: error: exec of distribution command ./dist.sh suppressed because of security reasons
+2008-07-24 23:25:39.592: debug: 
+2008-07-24 23:25:39.592: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-24 23:25:39.592: debug: 	Check RFC5011 status
+2008-07-24 23:25:39.592: debug: 	Check ZSK status
+2008-07-24 23:25:39.592: debug: 	Re-signing necessary: Option -f
+2008-07-24 23:25:39.592: notice: "example.net.": re-signing triggered: Option -f
+2008-07-24 23:25:39.592: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-24 23:25:39.592: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-24 23:25:39.592: debug: 	Signing zone "example.net."
+2008-07-24 23:25:39.592: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-24 23:25:39.703: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 23:25:39.703: debug: 	Signing completed after 0s.
+2008-07-24 23:25:39.703: debug: 	Distribution command ./dist.sh not run as root
+2008-07-24 23:25:39.703: error: exec of distribution command ./dist.sh suppressed because of security reasons
+2008-07-24 23:25:39.703: debug: 
+2008-07-24 23:25:39.703: notice: end of run: 2 errors occured
+2008-07-24 23:28:16.436: notice: ------------------------------------------------------------
+2008-07-24 23:28:16.436: notice: running ../../dnssec-signer -r -f -v -v 
+2008-07-24 23:28:16.438: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-24 23:28:16.438: debug: 	Check RFC5011 status
+2008-07-24 23:28:16.438: debug: 		->not a rfc5011 zone, looking for a regular ksk rollover
+2008-07-24 23:28:16.438: debug: 	Check KSK status
+2008-07-24 23:28:16.438: debug: 	Check ZSK status
+2008-07-24 23:28:16.438: debug: 	Re-signing necessary: Option -f
+2008-07-24 23:28:16.438: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-24 23:28:16.438: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-24 23:28:16.438: debug: 	Signing zone "sub.example.net."
+2008-07-24 23:28:16.439: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-24 23:28:17.008: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 23:28:17.008: debug: 	Signing completed after 1s.
+2008-07-24 23:28:17.009: notice: "sub.example.net.": distribution triggered
+2008-07-24 23:28:17.009: debug: 	Distribute zone "sub.example.net."
+2008-07-24 23:28:17.009: debug: 	  Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-24 23:28:17.015: debug: 	  ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./"
+2008-07-24 23:28:17.015: debug: 
+2008-07-24 23:28:17.015: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-24 23:28:17.015: debug: 	Check RFC5011 status
+2008-07-24 23:28:17.015: debug: 	Check ZSK status
+2008-07-24 23:28:17.015: debug: 	Re-signing necessary: Option -f
+2008-07-24 23:28:17.015: notice: "example.net.": re-signing triggered: Option -f
+2008-07-24 23:28:17.015: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-24 23:28:17.016: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-24 23:28:17.016: debug: 	Signing zone "example.net."
+2008-07-24 23:28:17.016: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-24 23:28:17.132: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 23:28:17.132: debug: 	Signing completed after 0s.
+2008-07-24 23:28:17.132: notice: "example.net.": distribution triggered
+2008-07-24 23:28:17.132: debug: 	Distribute zone "example.net."
+2008-07-24 23:28:17.132: debug: 	  Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
+2008-07-24 23:28:17.138: debug: 	  ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./"
+2008-07-24 23:28:17.138: debug: 
+2008-07-24 23:28:17.138: notice: end of run: 0 errors occured
+2008-07-24 23:31:17.354: notice: ------------------------------------------------------------
+2008-07-24 23:31:17.354: notice: running ../../dnssec-signer -r -f -v -v 
+2008-07-24 23:31:17.364: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-24 23:31:17.364: debug: 	Check RFC5011 status
+2008-07-24 23:31:17.364: debug: 		->not a rfc5011 zone, looking for a regular ksk rollover
+2008-07-24 23:31:17.364: debug: 	Check KSK status
+2008-07-24 23:31:17.364: debug: 	Check ZSK status
+2008-07-24 23:31:17.364: debug: 	Re-signing necessary: Option -f
+2008-07-24 23:31:17.364: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-24 23:31:17.364: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-24 23:31:17.364: debug: 	Signing zone "sub.example.net."
+2008-07-24 23:31:17.364: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-24 23:31:18.032: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 23:31:18.032: debug: 	Signing completed after 1s.
+2008-07-24 23:31:18.032: notice: "sub.example.net.": distribution triggered
+2008-07-24 23:31:18.032: debug: 	Distribute zone "sub.example.net."
+2008-07-24 23:31:18.032: debug: 	  Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-24 23:31:18.039: debug: 	  ./dist.sh reload return: "rndc reload  "
+2008-07-24 23:31:18.039: debug: 
+2008-07-24 23:31:18.039: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-24 23:31:18.039: debug: 	Check RFC5011 status
+2008-07-24 23:31:18.039: debug: 	Check ZSK status
+2008-07-24 23:31:18.039: debug: 	Re-signing necessary: Option -f
+2008-07-24 23:31:18.039: notice: "example.net.": re-signing triggered: Option -f
+2008-07-24 23:31:18.039: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-24 23:31:18.040: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-24 23:31:18.040: debug: 	Signing zone "example.net."
+2008-07-24 23:31:18.040: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-24 23:31:18.155: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 23:31:18.155: debug: 	Signing completed after 0s.
+2008-07-24 23:31:18.155: notice: "example.net.": distribution triggered
+2008-07-24 23:31:18.155: debug: 	Distribute zone "example.net."
+2008-07-24 23:31:18.155: debug: 	  Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
+2008-07-24 23:31:18.161: debug: 	  ./dist.sh reload return: "rndc reload  "
+2008-07-24 23:31:18.161: debug: 
+2008-07-24 23:31:18.162: notice: end of run: 0 errors occured
+2008-07-24 23:31:28.467: notice: ------------------------------------------------------------
+2008-07-24 23:31:28.467: notice: running ../../dnssec-signer -r -f -v -v 
+2008-07-24 23:31:28.470: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-24 23:31:28.470: debug: 	Check RFC5011 status
+2008-07-24 23:31:28.470: debug: 		->not a rfc5011 zone, looking for a regular ksk rollover
+2008-07-24 23:31:28.470: debug: 	Check KSK status
+2008-07-24 23:31:28.470: debug: 	Check ZSK status
+2008-07-24 23:31:28.470: debug: 	Re-signing necessary: Option -f
+2008-07-24 23:31:28.470: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-24 23:31:28.470: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-24 23:31:28.471: debug: 	Signing zone "sub.example.net."
+2008-07-24 23:31:28.471: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-24 23:31:29.058: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 23:31:29.059: debug: 	Signing completed after 1s.
+2008-07-24 23:31:29.059: notice: "sub.example.net.": distribution triggered
+2008-07-24 23:31:29.059: debug: 	Distribute zone "sub.example.net."
+2008-07-24 23:31:29.059: debug: 	  Run cmd "./dist.sh distribute sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-24 23:31:29.066: debug: 	  ./dist.sh distribute return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./"
+2008-07-24 23:31:29.066: notice: scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./: distribution triggered
+2008-07-24 23:31:29.066: debug: 	Distribute zone scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./
+2008-07-24 23:31:29.066: debug: 	  Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-24 23:31:29.072: debug: 	  ./dist.sh reload return: "rndc reload  "
+2008-07-24 23:31:29.072: debug: 
+2008-07-24 23:31:29.073: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-24 23:31:29.073: debug: 	Check RFC5011 status
+2008-07-24 23:31:29.073: debug: 	Check ZSK status
+2008-07-24 23:31:29.073: debug: 	Re-signing necessary: Option -f
+2008-07-24 23:31:29.073: notice: "example.net.": re-signing triggered: Option -f
+2008-07-24 23:31:29.073: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-24 23:31:29.074: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-24 23:31:29.074: debug: 	Signing zone "example.net."
+2008-07-24 23:31:29.075: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-24 23:31:29.204: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 23:31:29.204: debug: 	Signing completed after 0s.
+2008-07-24 23:31:29.204: notice: "example.net.": distribution triggered
+2008-07-24 23:31:29.204: debug: 	Distribute zone "example.net."
+2008-07-24 23:31:29.205: debug: 	  Run cmd "./dist.sh distribute example.net. ./example.net./zone.db.signed"
+2008-07-24 23:31:29.211: debug: 	  ./dist.sh distribute return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./"
+2008-07-24 23:31:29.211: notice: scp ./example.net./zone.db.signed localhost:/var/named/example.net./: distribution triggered
+2008-07-24 23:31:29.211: debug: 	Distribute zone scp ./example.net./zone.db.signed localhost:/var/named/example.net./
+2008-07-24 23:31:29.211: debug: 	  Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
+2008-07-24 23:31:29.217: debug: 	  ./dist.sh reload return: "rndc reload  "
+2008-07-24 23:31:29.217: debug: 
+2008-07-24 23:31:29.217: notice: end of run: 0 errors occured
+2008-07-24 23:35:48.844: notice: ------------------------------------------------------------
+2008-07-24 23:35:48.844: notice: running ../../dnssec-signer -r -f -v -v 
+2008-07-24 23:35:48.846: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-24 23:35:48.846: debug: 	Check RFC5011 status
+2008-07-24 23:35:48.846: debug: 		->not a rfc5011 zone, looking for a regular ksk rollover
+2008-07-24 23:35:48.846: debug: 	Check KSK status
+2008-07-24 23:35:48.846: debug: 	Check ZSK status
+2008-07-24 23:35:48.846: debug: 	Re-signing necessary: Option -f
+2008-07-24 23:35:48.846: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-24 23:35:48.846: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-24 23:35:48.846: debug: 	Signing zone "sub.example.net."
+2008-07-24 23:35:48.846: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-24 23:35:49.455: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 23:35:49.455: debug: 	Signing completed after 1s.
+2008-07-24 23:35:49.455: notice: "sub.example.net.": distribution triggered
+2008-07-24 23:35:49.455: debug: 	Distribute zone "sub.example.net."
+2008-07-24 23:35:49.455: debug: 	  Run cmd "./dist.sh distribute sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-24 23:35:49.462: notice: "sub.example.net.": distribution triggered
+2008-07-24 23:35:49.462: debug: 	Distribute zone "sub.example.net."
+2008-07-24 23:35:49.462: debug: 	  ./dist.sh distribute return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./"
+2008-07-24 23:35:49.462: debug: 	  Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-24 23:35:49.468: notice: "sub.example.net.": reload triggered
+2008-07-24 23:35:49.468: debug: 	Reload zone "sub.example.net."
+2008-07-24 23:35:49.468: debug: 	  ./dist.sh reload return: "rndc reload  "
+2008-07-24 23:35:49.468: debug: 
+2008-07-24 23:35:49.468: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-24 23:35:49.468: debug: 	Check RFC5011 status
+2008-07-24 23:35:49.469: debug: 	Check ZSK status
+2008-07-24 23:35:49.469: debug: 	Re-signing necessary: Option -f
+2008-07-24 23:35:49.469: notice: "example.net.": re-signing triggered: Option -f
+2008-07-24 23:35:49.469: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-24 23:35:49.470: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-24 23:35:49.470: debug: 	Signing zone "example.net."
+2008-07-24 23:35:49.470: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-24 23:35:49.600: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 23:35:49.600: debug: 	Signing completed after 0s.
+2008-07-24 23:35:49.600: notice: "example.net.": distribution triggered
+2008-07-24 23:35:49.600: debug: 	Distribute zone "example.net."
+2008-07-24 23:35:49.600: debug: 	  Run cmd "./dist.sh distribute example.net. ./example.net./zone.db.signed"
+2008-07-24 23:35:49.606: notice: "example.net.": distribution triggered
+2008-07-24 23:35:49.606: debug: 	Distribute zone "example.net."
+2008-07-24 23:35:49.606: debug: 	  ./dist.sh distribute return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./"
+2008-07-24 23:35:49.606: debug: 	  Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
+2008-07-24 23:35:49.613: notice: "example.net.": reload triggered
+2008-07-24 23:35:49.613: debug: 	Reload zone "example.net."
+2008-07-24 23:35:49.613: debug: 	  ./dist.sh reload return: "rndc reload  "
+2008-07-24 23:35:49.613: debug: 
+2008-07-24 23:35:49.613: notice: end of run: 0 errors occured
+2008-07-24 23:37:41.081: notice: ------------------------------------------------------------
+2008-07-24 23:37:41.081: notice: running ../../dnssec-signer -r -f -v -v 
+2008-07-24 23:37:41.083: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-24 23:37:41.083: debug: 	Check RFC5011 status
+2008-07-24 23:37:41.083: debug: 		->not a rfc5011 zone, looking for a regular ksk rollover
+2008-07-24 23:37:41.083: debug: 	Check KSK status
+2008-07-24 23:37:41.083: debug: 	Check ZSK status
+2008-07-24 23:37:41.083: debug: 	Re-signing necessary: Option -f
+2008-07-24 23:37:41.083: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-24 23:37:41.083: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-24 23:37:41.084: debug: 	Signing zone "sub.example.net."
+2008-07-24 23:37:41.084: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-24 23:37:41.688: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 23:37:41.688: debug: 	Signing completed after 0s.
+2008-07-24 23:37:41.689: notice: "sub.example.net.": distribution triggered
+2008-07-24 23:37:41.689: debug: 	Distribute zone "sub.example.net."
+2008-07-24 23:37:41.689: debug: 	  Run cmd "./dist.sh distribute sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-24 23:37:41.695: debug: 	  ./dist.sh distribute return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./"
+2008-07-24 23:37:41.695: notice: "sub.example.net.": reload triggered
+2008-07-24 23:37:41.695: debug: 	Reload zone "sub.example.net."
+2008-07-24 23:37:41.695: debug: 	  Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-24 23:37:41.701: debug: 	  ./dist.sh reload return: "rndc reload  "
+2008-07-24 23:37:41.701: debug: 
+2008-07-24 23:37:41.701: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-24 23:37:41.701: debug: 	Check RFC5011 status
+2008-07-24 23:37:41.701: debug: 	Check ZSK status
+2008-07-24 23:37:41.701: debug: 	Re-signing necessary: Option -f
+2008-07-24 23:37:41.701: notice: "example.net.": re-signing triggered: Option -f
+2008-07-24 23:37:41.701: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-24 23:37:41.702: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-24 23:37:41.702: debug: 	Signing zone "example.net."
+2008-07-24 23:37:41.702: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-24 23:37:41.823: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 23:37:41.824: debug: 	Signing completed after 0s.
+2008-07-24 23:37:41.824: notice: "example.net.": distribution triggered
+2008-07-24 23:37:41.824: debug: 	Distribute zone "example.net."
+2008-07-24 23:37:41.824: debug: 	  Run cmd "./dist.sh distribute example.net. ./example.net./zone.db.signed"
+2008-07-24 23:37:41.830: debug: 	  ./dist.sh distribute return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./"
+2008-07-24 23:37:41.831: notice: "example.net.": reload triggered
+2008-07-24 23:37:41.831: debug: 	Reload zone "example.net."
+2008-07-24 23:37:41.831: debug: 	  Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
+2008-07-24 23:37:41.837: debug: 	  ./dist.sh reload return: "rndc reload  "
+2008-07-24 23:37:41.837: debug: 
+2008-07-24 23:37:41.837: notice: end of run: 0 errors occured
+2008-07-24 23:37:51.742: notice: ------------------------------------------------------------
+2008-07-24 23:37:51.742: notice: running ../../dnssec-signer -r -f -v 
+2008-07-24 23:37:51.744: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-24 23:37:51.744: debug: 	Check RFC5011 status
+2008-07-24 23:37:51.744: debug: 		->not a rfc5011 zone, looking for a regular ksk rollover
+2008-07-24 23:37:51.744: debug: 	Check KSK status
+2008-07-24 23:37:51.744: debug: 	Check ZSK status
+2008-07-24 23:37:51.744: debug: 	Re-signing necessary: Option -f
+2008-07-24 23:37:51.744: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-24 23:37:51.744: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-24 23:37:51.745: debug: 	Signing zone "sub.example.net."
+2008-07-24 23:37:51.745: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-24 23:37:52.263: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 23:37:52.264: debug: 	Signing completed after 1s.
+2008-07-24 23:37:52.264: notice: "sub.example.net.": distribution triggered
+2008-07-24 23:37:52.264: debug: 	Distribute zone "sub.example.net."
+2008-07-24 23:37:52.264: debug: 	  Run cmd "./dist.sh distribute sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-24 23:37:52.270: debug: 	  ./dist.sh distribute return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./"
+2008-07-24 23:37:52.271: notice: "sub.example.net.": reload triggered
+2008-07-24 23:37:52.271: debug: 	Reload zone "sub.example.net."
+2008-07-24 23:37:52.271: debug: 	  Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-24 23:37:52.276: debug: 	  ./dist.sh reload return: "rndc reload  "
+2008-07-24 23:37:52.277: debug: 
+2008-07-24 23:37:52.277: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-24 23:37:52.277: debug: 	Check RFC5011 status
+2008-07-24 23:37:52.277: debug: 	Check ZSK status
+2008-07-24 23:37:52.277: debug: 	Re-signing necessary: Option -f
+2008-07-24 23:37:52.277: notice: "example.net.": re-signing triggered: Option -f
+2008-07-24 23:37:52.277: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-24 23:37:52.277: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-24 23:37:52.277: debug: 	Signing zone "example.net."
+2008-07-24 23:37:52.277: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-24 23:37:52.397: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 23:37:52.398: debug: 	Signing completed after 0s.
+2008-07-24 23:37:52.398: notice: "example.net.": distribution triggered
+2008-07-24 23:37:52.398: debug: 	Distribute zone "example.net."
+2008-07-24 23:37:52.398: debug: 	  Run cmd "./dist.sh distribute example.net. ./example.net./zone.db.signed"
+2008-07-24 23:37:52.404: debug: 	  ./dist.sh distribute return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./"
+2008-07-24 23:37:52.404: notice: "example.net.": reload triggered
+2008-07-24 23:37:52.404: debug: 	Reload zone "example.net."
+2008-07-24 23:37:52.404: debug: 	  Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
+2008-07-24 23:37:52.410: debug: 	  ./dist.sh reload return: "rndc reload  "
+2008-07-24 23:37:52.410: debug: 
+2008-07-24 23:37:52.410: notice: end of run: 0 errors occured
+2008-07-24 23:44:51.717: notice: ------------------------------------------------------------
+2008-07-24 23:44:51.717: notice: running ../../dnssec-signer -n -r -f -v 
+2008-07-24 23:44:51.719: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-24 23:44:51.719: debug: 	Check RFC5011 status
+2008-07-24 23:44:51.719: debug: 		->not a rfc5011 zone, looking for a regular ksk rollover
+2008-07-24 23:44:51.719: debug: 	Check KSK status
+2008-07-24 23:44:51.720: debug: 	Check ZSK status
+2008-07-24 23:44:51.720: debug: 	Re-signing necessary: Option -f
+2008-07-24 23:44:51.720: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-24 23:44:51.720: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-24 23:44:51.720: debug: 	Signing zone "sub.example.net."
+2008-07-24 23:44:51.720: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-24 23:44:51.720: debug: 	  Cmd dnssec-signzone return: ""
+2008-07-24 23:44:51.720: debug: 	Signing completed after 0s.
+2008-07-24 23:44:51.721: notice: "sub.example.net.": distribution triggered
+2008-07-24 23:44:51.721: debug: 	Distribute zone "sub.example.net."
+2008-07-24 23:44:51.721: debug: 	  Run cmd "./dist.sh distribute sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-24 23:44:51.721: debug: 	  ./dist.sh distribute return: ""
+2008-07-24 23:44:51.721: notice: "sub.example.net.": reload triggered
+2008-07-24 23:44:51.721: debug: 	Reload zone "sub.example.net."
+2008-07-24 23:44:51.721: debug: 	  Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-24 23:44:51.721: debug: 	  ./dist.sh reload return: ""
+2008-07-24 23:44:51.721: debug: 
+2008-07-24 23:44:51.721: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-24 23:44:51.721: debug: 	Check RFC5011 status
+2008-07-24 23:44:51.721: debug: 	Check ZSK status
+2008-07-24 23:44:51.721: debug: 	Re-signing necessary: Option -f
+2008-07-24 23:44:51.722: notice: "example.net.": re-signing triggered: Option -f
+2008-07-24 23:44:51.722: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-24 23:44:51.722: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-24 23:44:51.722: notice: "example.net.": distribution triggered
+2008-07-24 23:44:51.722: debug: 	Distribute zone "example.net."
+2008-07-24 23:44:51.722: debug: 	  Run cmd "./dist.sh distribute example.net. ./example.net./zone.db.signed"
+2008-07-24 23:44:51.722: debug: 	  ./dist.sh distribute return: ""
+2008-07-24 23:44:51.722: notice: "example.net.": reload triggered
+2008-07-24 23:44:51.722: debug: 	Reload zone "example.net."
+2008-07-24 23:44:51.722: debug: 	  Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
+2008-07-24 23:44:51.722: debug: 	  ./dist.sh reload return: ""
+2008-07-24 23:44:51.723: debug: 
+2008-07-24 23:44:51.723: notice: end of run: 0 errors occured
+2008-07-24 23:44:57.039: notice: ------------------------------------------------------------
+2008-07-24 23:44:57.040: notice: running ../../dnssec-signer -n -r -f -v -v 
+2008-07-24 23:44:57.042: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-24 23:44:57.042: debug: 	Check RFC5011 status
+2008-07-24 23:44:57.042: debug: 		->not a rfc5011 zone, looking for a regular ksk rollover
+2008-07-24 23:44:57.042: debug: 	Check KSK status
+2008-07-24 23:44:57.042: debug: 	Check ZSK status
+2008-07-24 23:44:57.042: debug: 	Re-signing necessary: Option -f
+2008-07-24 23:44:57.042: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-24 23:44:57.042: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-24 23:44:57.042: debug: 	Signing zone "sub.example.net."
+2008-07-24 23:44:57.042: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-24 23:44:57.042: debug: 	  Cmd dnssec-signzone return: ""
+2008-07-24 23:44:57.042: debug: 	Signing completed after 0s.
+2008-07-24 23:44:57.042: notice: "sub.example.net.": distribution triggered
+2008-07-24 23:44:57.042: debug: 	Distribute zone "sub.example.net."
+2008-07-24 23:44:57.042: debug: 	  Run cmd "./dist.sh distribute sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-24 23:44:57.042: debug: 	  ./dist.sh distribute return: ""
+2008-07-24 23:44:57.043: notice: "sub.example.net.": reload triggered
+2008-07-24 23:44:57.043: debug: 	Reload zone "sub.example.net."
+2008-07-24 23:44:57.043: debug: 	  Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-24 23:44:57.043: debug: 	  ./dist.sh reload return: ""
+2008-07-24 23:44:57.043: debug: 
+2008-07-24 23:44:57.043: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-24 23:44:57.043: debug: 	Check RFC5011 status
+2008-07-24 23:44:57.043: debug: 	Check ZSK status
+2008-07-24 23:44:57.043: debug: 	Re-signing necessary: Option -f
+2008-07-24 23:44:57.043: notice: "example.net.": re-signing triggered: Option -f
+2008-07-24 23:44:57.043: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-24 23:44:57.043: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-24 23:44:57.043: notice: "example.net.": distribution triggered
+2008-07-24 23:44:57.043: debug: 	Distribute zone "example.net."
+2008-07-24 23:44:57.043: debug: 	  Run cmd "./dist.sh distribute example.net. ./example.net./zone.db.signed"
+2008-07-24 23:44:57.043: debug: 	  ./dist.sh distribute return: ""
+2008-07-24 23:44:57.043: notice: "example.net.": reload triggered
+2008-07-24 23:44:57.043: debug: 	Reload zone "example.net."
+2008-07-24 23:44:57.043: debug: 	  Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
+2008-07-24 23:44:57.043: debug: 	  ./dist.sh reload return: ""
+2008-07-24 23:44:57.043: debug: 
+2008-07-24 23:44:57.043: notice: end of run: 0 errors occured
+2008-07-25 23:31:07.235: notice: ------------------------------------------------------------
+2008-07-25 23:31:07.236: notice: running ../../dnssec-signer -v -v 
+2008-07-25 23:31:07.238: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-25 23:31:07.238: debug: 	Check RFC5011 status
+2008-07-25 23:31:07.238: debug: 		->not a rfc5011 zone, looking for a regular ksk rollover
+2008-07-25 23:31:07.238: debug: 	Check KSK status
+2008-07-25 23:31:07.238: debug: 	Check ZSK status
+2008-07-25 23:31:07.238: debug: 	Lifetime(259200 +/-150 sec) of active key 31081 exceeded (343229 sec)
+2008-07-25 23:31:07.239: debug: 		->depreciate it
+2008-07-25 23:31:07.239: debug: 		->activate published key 3615
+2008-07-25 23:31:07.239: notice: "sub.example.net.": lifetime of zone signing key 31081 exceeded: ZSK rollover done
+2008-07-25 23:31:07.239: debug: 	New published key needed
+2008-07-25 23:31:07.397: debug: 		->creating new published key 4254
+2008-07-25 23:31:07.397: info: "sub.example.net.": new key 4254 generated for publishing
+2008-07-25 23:31:07.397: debug: 	Re-signing necessary: New zone key
+2008-07-25 23:31:07.397: notice: "sub.example.net.": re-signing triggered: New zone key
+2008-07-25 23:31:07.398: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-25 23:31:07.398: debug: 	Signing zone "sub.example.net."
+2008-07-25 23:31:07.398: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-25 23:31:07.639: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-25 23:31:07.639: debug: 	Signing completed after 0s.
+2008-07-25 23:31:07.639: debug: 
+2008-07-25 23:31:07.639: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-25 23:31:07.639: debug: 	Check RFC5011 status
+2008-07-25 23:31:07.639: debug: 	Check ZSK status
+2008-07-25 23:31:07.639: debug: 	Re-signing necessary: Modified keys
+2008-07-25 23:31:07.639: notice: "example.net.": re-signing triggered: Modified keys
+2008-07-25 23:31:07.639: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-25 23:31:07.640: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-25 23:31:07.640: debug: 	Signing zone "example.net."
+2008-07-25 23:31:07.640: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-25 23:31:07.783: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-25 23:31:07.783: debug: 	Signing completed after 0s.
+2008-07-25 23:31:07.783: debug: 
+2008-07-25 23:31:07.783: notice: end of run: 0 errors occured
+2008-07-25 23:32:27.052: notice: ------------------------------------------------------------
+2008-07-25 23:32:27.052: notice: running ../../dnssec-signer -v -v 
+2008-07-25 23:32:27.054: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-25 23:32:27.054: debug: 	Check RFC5011 status
+2008-07-25 23:32:27.054: debug: 		->not a rfc5011 zone, looking for a regular ksk rollover
+2008-07-25 23:32:27.054: debug: 	Check KSK status
+2008-07-25 23:32:27.054: debug: 	Check ZSK status
+2008-07-25 23:32:27.054: debug: 	Re-signing not necessary!
+2008-07-25 23:32:27.054: debug: 	Check if there is a parent file to copy
+2008-07-25 23:32:27.054: debug: 
+2008-07-25 23:32:27.054: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-25 23:32:27.054: debug: 	Check RFC5011 status
+2008-07-25 23:32:27.054: debug: 	Check ZSK status
+2008-07-25 23:32:27.054: debug: 	Re-signing not necessary!
+2008-07-25 23:32:27.054: debug: 	Check if there is a parent file to copy
+2008-07-25 23:32:27.057: debug: 
+2008-07-25 23:32:27.057: notice: end of run: 0 errors occured
+2008-07-31 00:25:52.601: notice: ------------------------------------------------------------
+2008-07-31 00:25:52.601: notice: running ../../dnssec-signer -v -v 
+2008-07-31 00:25:52.604: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-31 00:25:52.604: debug: 	Check RFC5011 status
+2008-07-31 00:25:52.604: debug: 		->not a rfc5011 zone, looking for a regular ksk rollover
+2008-07-31 00:25:52.604: debug: 	Check KSK status
+2008-07-31 00:25:52.604: debug: 	Check ZSK status
+2008-07-31 00:25:52.604: debug: 	Lifetime(390 sec) of depreciated key 31081 exceeded (435285 sec)
+2008-07-31 00:25:52.604: info: "sub.example.net.": old ZSK 31081 removed
+2008-07-31 00:25:52.605: debug: 		->remove it
+2008-07-31 00:25:52.605: debug: 	Lifetime(259200 +/-150 sec) of active key 3615 exceeded (435285 sec)
+2008-07-31 00:25:52.605: debug: 		->depreciate it
+2008-07-31 00:25:52.605: debug: 		->activate published key 4254
+2008-07-31 00:25:52.605: notice: "sub.example.net.": lifetime of zone signing key 3615 exceeded: ZSK rollover done
+2008-07-31 00:25:52.605: debug: 	New key for publishing needed
+2008-07-31 00:25:53.128: debug: 		->creating new key 56744
+2008-07-31 00:25:53.128: info: "sub.example.net.": new key 56744 generated for publishing
+2008-07-31 00:25:53.128: debug: 	Re-signing necessary: New zone key
+2008-07-31 00:25:53.128: notice: "sub.example.net.": re-signing triggered: New zone key
+2008-07-31 00:25:53.128: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-31 00:25:53.128: debug: 	Signing zone "sub.example.net."
+2008-07-31 00:25:53.128: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-31 00:25:53.332: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-31 00:25:53.332: debug: 	Signing completed after 0s.
+2008-07-31 00:25:53.332: debug: 
+2008-07-31 00:25:53.332: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-31 00:25:53.332: debug: 	Check RFC5011 status
+2008-07-31 00:25:53.332: debug: 	Check ZSK status
+2008-07-31 00:25:53.332: debug: 	Re-signing necessary: re-signing interval (2d) reached
+2008-07-31 00:25:53.332: notice: "example.net.": re-signing triggered: re-signing interval (2d) reached
+2008-07-31 00:25:53.332: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-31 00:25:53.333: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-31 00:25:53.333: debug: 	Signing zone "example.net."
+2008-07-31 00:25:53.333: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-31 00:25:53.477: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-31 00:25:53.477: debug: 	Signing completed after 0s.
+2008-07-31 00:25:53.477: debug: 
+2008-07-31 00:25:53.477: notice: end of run: 0 errors occured
+2008-07-31 13:19:17.447: notice: ------------------------------------------------------------
+2008-07-31 13:19:17.447: notice: running ../../dnssec-signer -v -v 
+2008-07-31 13:19:17.449: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-31 13:19:17.449: debug: 	Check RFC5011 status
+2008-07-31 13:19:17.450: debug: 		->not a rfc5011 zone, looking for a regular ksk rollover
+2008-07-31 13:19:17.450: debug: 	Check KSK status
+2008-07-31 13:19:17.450: debug: 	Check ZSK status
+2008-07-31 13:19:17.450: debug: 	Lifetime(390 sec) of depreciated key 3615 exceeded (46405 sec)
+2008-07-31 13:19:17.450: info: "sub.example.net.": old ZSK 3615 removed
+2008-07-31 13:19:17.450: debug: 		->remove it
+2008-07-31 13:19:17.450: debug: 	Re-signing necessary: New zone key
+2008-07-31 13:19:17.451: notice: "sub.example.net.": re-signing triggered: New zone key
+2008-07-31 13:19:17.451: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-31 13:19:17.451: debug: 	Signing zone "sub.example.net."
+2008-07-31 13:19:17.451: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-31 13:19:17.943: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-31 13:19:17.944: debug: 	Signing completed after 0s.
+2008-07-31 13:19:17.944: debug: 
+2008-07-31 13:19:17.944: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-31 13:19:17.944: debug: 	Check RFC5011 status
+2008-07-31 13:19:17.944: debug: 	Check ZSK status
+2008-07-31 13:19:17.944: debug: 	Re-signing not necessary!
+2008-07-31 13:19:17.944: debug: 	Check if there is a parent file to copy
+2008-07-31 13:19:17.944: debug: 
+2008-07-31 13:19:17.945: notice: end of run: 0 errors occured
diff --git a/contrib/zkt/examples/flat/zone.conf b/contrib/zkt/examples/flat/zone.conf
new file mode 100644
index 0000000..0ccc7f6
--- /dev/null
+++ b/contrib/zkt/examples/flat/zone.conf
@@ -0,0 +1,10 @@
+
+zone "example.NET." in {
+	type master;
+	file "example.net./zone.db.signed";
+};
+
+zone "sub.example.NET." in {
+	type master;
+	file "sub.example.net./zone.db.signed";
+};
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+11867.key b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+11867.key
new file mode 100644
index 0000000..a824208
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+11867.key
@@ -0,0 +1,3 @@
+;%	generationtime=20080717083652
+;%	lifetime=28d
+example.de. IN DNSKEY  256 3 5 BQEAAAAByN2rMrazHwh+sNOv8cBef3HUotAQTS9QW4Y5NjNuyYNraJBA OqV8KSaGQqIhkh0ZD0oIm2h0JowdyERZVj6ZZQ==
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+11867.published b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+11867.published
new file mode 100644
index 0000000..8703816
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+11867.published
@@ -0,0 +1,10 @@
+Private-key-format: v1.2
+Algorithm: 5 (RSASHA1)
+Modulus: yN2rMrazHwh+sNOv8cBef3HUotAQTS9QW4Y5NjNuyYNraJBAOqV8KSaGQqIhkh0ZD0oIm2h0JowdyERZVj6ZZQ==
+PublicExponent: AQAAAAE=
+PrivateExponent: PUJ1+zrJn3r8Z+GcNmxwyHaNeLivsjSiSoGZu2FnlJHgHV3Kq5ZL+d5jeGpbPyW6Bc5z+NpkqGPuz/DG9C6OhQ==
+Prime1: 8NWUn++L7p45k/tgcIoVKWe9Jgwtn4m8K8PkNQG1H4s=
+Prime2: 1YPE6Nw/KsuDHPkM6NAqtnMWugaG9kDq348eSTkhSM8=
+Exponent1: tF/x51phYle6xgqBLw3ixmkQJCSpCa3F51pb/zGieV0=
+Exponent2: PeU/PmlccGmtux9ZC9rEdu/xmMERXZri3QdBtCzYDLs=
+Coefficient: gMF5l8BpGn2VBO7XqZNTJWOkx1lBOytfBc4y6yh+Cn8=
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+17439.key b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+17439.key
new file mode 100644
index 0000000..1986117
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+17439.key
@@ -0,0 +1,4 @@
+;%	generationtime=20080506225722
+;%	lifetime=20d
+;%	expirationtime=20080711220959
+example.de. IN DNSKEY  385 3 5 BQEAAAABCyg92L7v21N3lc/gR07/2iLmvt6dUn1KKauLvmkRuT040XT+ Rd3Iq20iq6BqVPsPS+hCOTRA3xikTIn5YzmPLPutIRtjIodHhsrML4D9 Pp1dzgEDKWLam96v+E7KC0GGH/BI6/WelqeqjS5BjI4Gjv4roaTyDCi6 3oXwcMFDVwrSjws4A/5AGANka41Aky+UCGse6+64YmNP/QkSXDAeBZqw rw==
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+17439.private b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+17439.private
new file mode 100644
index 0000000..62b7ca4
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+17439.private
@@ -0,0 +1,10 @@
+Private-key-format: v1.2
+Algorithm: 5 (RSASHA1)
+Modulus: Cyg92L7v21N3lc/gR07/2iLmvt6dUn1KKauLvmkRuT040XT+Rd3Iq20iq6BqVPsPS+hCOTRA3xikTIn5YzmPLPutIRtjIodHhsrML4D9Pp1dzgEDKWLam96v+E7KC0GGH/BI6/WelqeqjS5BjI4Gjv4roaTyDCi63oXwcMFDVwrSjws4A/5AGANka41Aky+UCGse6+64YmNP/QkSXDAeBZqwrw==
+PublicExponent: AQAAAAE=
+PrivateExponent: CGYBtGSIMmSFoqnh6yYuoYlvTP2O7vkBdRrfkN43NwdlQVhco+wQO55QxCZNhCcbp2xau9IdejetNH0pQ3Zfg2Vllx78F8VMTMqkgw2HudWS/RahkMg+Hq6DBUaX/LYt90ToGyy5+FmyBm4fOV8FxJVrmTFMw4m7ULp3FgRcxmzS5zNjKYP2LKU/pYz0wFpyAr88DGNjChgwvRN/GE4obsoJgQ==
+Prime1: A18v8idXV3o9tpIzalTEpOeDX7OxKumhUsoDpPhOJf7XqHLS6hYoYwFbRObF23Zi/3kHiAoGffR1Dkd+ji3xZhFOSEcUDuikQ2jdzdY8NxbzQQ==
+Prime2: A08XMjIEpsViYvYB+ChuYxPbq7Z/eHtT/r5f8zS+nuEUwYAlKeq/i+U5sIydC1txv5XQuRPqpjtlZTClJ85BpS0GnSspG5PcY3OMwkA2smLX7w==
+Exponent1: AcLu8YM68M8LtP7Dr7vYI+vJK6RK5SN/mAnz4ALt53igCUB/iVrfvBWCHp7hEgkRZUQQoItbT9C6YXrC3G9DW+IldSP8vrtqYva4YDBD2X1LAQ==
+Exponent2: JdJVp3CAJPPcx0KiKDS8gHDiu22CBV2w1cycnXgwFmJl4aQkbTA7/xlgl15r3lByacAc19JreArqgCQRQV3bS7NG2PiQmzO26XkwCq+Kj7OJ
+Coefficient: i6sKgv2zpCvdY9fChryaf5nZyb4nFd2dG/vnjQScBz8YVw4LnfL/XqKIego0Ez6/KlL4AnvkcafzogJ+MtmBB7V4RXEyObcbR6M/MLGMhpL8
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+35672.key b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+35672.key
new file mode 100644
index 0000000..4836d51
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+35672.key
@@ -0,0 +1,3 @@
+;%	generationtime=20080608210458
+;%	lifetime=28d
+example.de. IN DNSKEY  256 3 5 BQEAAAABnRJdmY7dzRKi93pVkLToV5FK4Ffm8YnY0c6IHKcAmb5t8FLv pNijniIclCPXTpfio+HNa59a4UA8jTdJb+kT0w==
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+35672.private b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+35672.private
new file mode 100644
index 0000000..3b1b32e
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+35672.private
@@ -0,0 +1,10 @@
+Private-key-format: v1.2
+Algorithm: 5 (RSASHA1)
+Modulus: nRJdmY7dzRKi93pVkLToV5FK4Ffm8YnY0c6IHKcAmb5t8FLvpNijniIclCPXTpfio+HNa59a4UA8jTdJb+kT0w==
+PublicExponent: AQAAAAE=
+PrivateExponent: I2jMbjLfEzJ4iZHvXDTRZKM2/SXOLH9dTWkzH8zfbW+jzsKObfnt7/yJYaIHv0gQOvOAfQ46RutqryjQpLPtoQ==
+Prime1: 0TgZK52tc+JlhyG5229kjntpXP0enYcMqROdLM9lSoM=
+Prime2: wDFNEVHv0GDU7L7ZLPIuRewnHg9SHgSnQ+kOWDhZEHE=
+Exponent1: aVdC0HyDAG7bvUkwx468HhrL/00lGXQYvnxoKqV3/dU=
+Exponent2: quQ/NY7YkT3jYi649bQ9hsWDkaAoBf1FrIVPcf3FSXE=
+Coefficient: Td8UjaaoC44Qt0jCQ4uULI1YUQRNdPYH3024NghryrE=
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+41145.key b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+41145.key
new file mode 100644
index 0000000..3a636d4
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+41145.key
@@ -0,0 +1,3 @@
+;%	generationtime=20080608210458
+;%	lifetime=20d
+example.de. IN DNSKEY  257 3 5 BQEAAAABDrm5aXRPuZOmwT4nINnY2qXyXWLtutggFAJgBW5Ua7uzAR+7 r/DcOE7IfjnT5FQhbYXIuKy61uOEqPu1TYvDsGb1pseKSB4J0jmXDU9N tu9TDp6X6ZXE11+cFdATa4TPnsAUMSxVkLZanrbyACmcNr1gjT3dz6qI VBVPb5OnUldndbgtlOX3wcE0aR/MIsIjz1UQl/QoxbVclZVOUNdJQGb9 zQ==
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+41145.private b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+41145.private
new file mode 100644
index 0000000..b0466be
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+41145.private
@@ -0,0 +1,10 @@
+Private-key-format: v1.2
+Algorithm: 5 (RSASHA1)
+Modulus: Drm5aXRPuZOmwT4nINnY2qXyXWLtutggFAJgBW5Ua7uzAR+7r/DcOE7IfjnT5FQhbYXIuKy61uOEqPu1TYvDsGb1pseKSB4J0jmXDU9Ntu9TDp6X6ZXE11+cFdATa4TPnsAUMSxVkLZanrbyACmcNr1gjT3dz6qIVBVPb5OnUldndbgtlOX3wcE0aR/MIsIjz1UQl/QoxbVclZVOUNdJQGb9zQ==
+PublicExponent: AQAAAAE=
+PrivateExponent: AQM2fRAmc6coPLeTHAK1DCHOYCRPSjsHYXoOzwMzzdIpHschjfxka35UdNSGKYpqM9E+VTZmV96w9ZZK5recxYak/6F72ZYTIYtsWYqCkej18nzhpnlt4nASnRt0nsS9UVVwc1Y7QxqRtSVXEcgcbiW3lr0jq+PSBf/HjY9qOHV4ExXlz7KPYOWbJa1YLFnvGlMd/W7hmQvXNEfTvOwjKURV4Q==
+Prime1: A/0Yax4evJzC7VSw0Swt0KNM7gtIJ9nwzDCrTymulzKhu6Wgeu0veU9OAGDhv0Yfmn0kr1JLITpMu4uo3a5jfLb18yZEAyPphejZBA+wPIll+Q==
+Prime2: A7EcplBfPWZmeCeL6UnFz4h45nxi3jRfQT00k34Nu5aFt5v+ngExbatcoOMnEKZSq2SQKDQRTp6XBOiwPNB9mVaLmzl9k9tyX6JvkCBEDrM7dQ==
+Exponent1: AjoJbjmJarH7I4Zj5UPc9r0I5NtVgrAx4ZltcqPN07/1cBS2QAnZuMSLUvv8pkK+Lng9Wdy9c2FL0XjWY5Q+ORYj4ONGl9OWpi2zKqpTw4WgOQ==
+Exponent2: AZfFGuYsztbn6tHFUIdIeXfaFTYyVbSfCEUp2Uv8N75QMyyuT4dzAlkU2cfSg3oAefrlCKWqXtLv9XlOJ1hTeXZOz8jyYAyhvGWGoHmSbeaNKQ==
+Coefficient: AX6DKJRk0GXwCnkpfbn91myfZ2wgsUTXKjqasdlTqm3JL9Rtpq8J2MWPhexcSSz8DNa5LQlGduE1nh4eqqntnSNckD6CeImMdWgTNbQS3zV8Bw==
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+59244.key b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+59244.key
new file mode 100644
index 0000000..35d4c6a
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+59244.key
@@ -0,0 +1,3 @@
+;%	generationtime=20080711221000
+;%	lifetime=20d
+example.de. IN DNSKEY  257 3 5 BQEAAAABDfaBERX9p+FUi1OXYVig7zLCQFZoRYpwDDuLzBcC7k+G1+wW dftyA1vBm5HMpyq0OifT0Hsez4+H+0CIWHZP8oPCYfKrq+wM2EgMzDDO Yv+O1TQU4i3G+iONxB1RAwH/J2lA+U0zCbrdf0KLq/enNquchhPw4gCX 0RB9HC+TkpoPf2u7aKFcjlpw4C4uhDl1s6FpfdXe6NQWW6c+ONUcLAEt +w==
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+59244.published b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+59244.published
new file mode 100644
index 0000000..b7f28db
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+59244.published
@@ -0,0 +1,10 @@
+Private-key-format: v1.2
+Algorithm: 5 (RSASHA1)
+Modulus: DfaBERX9p+FUi1OXYVig7zLCQFZoRYpwDDuLzBcC7k+G1+wWdftyA1vBm5HMpyq0OifT0Hsez4+H+0CIWHZP8oPCYfKrq+wM2EgMzDDOYv+O1TQU4i3G+iONxB1RAwH/J2lA+U0zCbrdf0KLq/enNquchhPw4gCX0RB9HC+TkpoPf2u7aKFcjlpw4C4uhDl1s6FpfdXe6NQWW6c+ONUcLAEt+w==
+PublicExponent: AQAAAAE=
+PrivateExponent: /MDd0rAZf9mm/3cDi6TjTqeegMmnidhKYIzxyz1+quzwOA16L3jLf3ucWjz/BlEiOYh1CZbAroGRYqBAskys8u7FDinOQEP5cEn5NUyL5z0WebSCO+qnaqaQSokRs0oUx3+e9tJc9GhhmZIVNXQe4mYxfeYCl6KZS9CXe22y31PkvJ+SQIBh/I+SQnM4rbW012rKroAxdHfTvmalofx+Qb1h
+Prime1: A/5Pkk5UAGvEa06GrEcATMOjsxZ0BbgalPuJKLLTFzvtYhdlJY738oY0QfsHba9hEC+iiSwfjWYyNlH/7bcVqSFtbLJiJ0aUfvObj75qw4HjXQ==
+Prime2: A38aQzy3UrARKcwUqCiQrSOTM5P7xIDfbruW7ywmaWA1lXCvP3EJAal6MYs0pG2vx1cxVTIPva3Se26NkGaBqZw+RgHxmRmfgxvSoCfWXGZZNw==
+Exponent1: OvPYJBkVUbncb0mBtTe5uwa9RgGlCgW4ges93zf3UQuHGvAesUFNnMh6y9zi4vgyVNbz2KOSnA91onc9l42b6NwqRNbExGhDsMc8NQi16vnF
+Exponent2: AkkCNzHuGv3HaQ4MpRT/PLPA2UONseMBvJHWlgK+aO2xb6/7I09sPqKnJ4f6Bj5jL8efNZYHWsaN4l335V9lc5791opU+07LHHpULn2qVRpJYw==
+Coefficient: An94juF2F5cDtoMC6gwI5iaWDH/qxkeuZ62fnMFoMY18XO0/clTVfdW7XvXCOn1DQyDLDOYpxR5MfeDKkbxtGGYKABWBOWlyaS1A5D5wTQRJzw==
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./dnskey.db b/contrib/zkt/examples/hierarchical/de./example.de./dnskey.db
new file mode 100644
index 0000000..bd106bd
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de./example.de./dnskey.db
@@ -0,0 +1,48 @@
+;
+;	!!! Don't edit this file by hand.
+;	!!! It will be generated by dnssec-signer.
+;
+;	 Last generation time Jul 29 2008 12:44:06
+;
+
+;  ***  List of Key Signing Keys  ***
+; example.de.  tag=17439  algo=RSASHA1  generated Jun 19 2008 00:32:22
+example.de. 3600 IN DNSKEY  385 3 5 (
+			BQEAAAABCyg92L7v21N3lc/gR07/2iLmvt6dUn1KKauLvmkRuT040XT+
+			Rd3Iq20iq6BqVPsPS+hCOTRA3xikTIn5YzmPLPutIRtjIodHhsrML4D9
+			Pp1dzgEDKWLam96v+E7KC0GGH/BI6/WelqeqjS5BjI4Gjv4roaTyDCi6
+			3oXwcMFDVwrSjws4A/5AGANka41Aky+UCGse6+64YmNP/QkSXDAeBZqw
+			rw==
+		) ; key id = 17567 (original key id = 17439)
+
+; example.de.  tag=41145  algo=RSASHA1  generated Jul 12 2008 00:10:00
+example.de. 3600 IN DNSKEY  257 3 5 (
+			BQEAAAABDrm5aXRPuZOmwT4nINnY2qXyXWLtutggFAJgBW5Ua7uzAR+7
+			r/DcOE7IfjnT5FQhbYXIuKy61uOEqPu1TYvDsGb1pseKSB4J0jmXDU9N
+			tu9TDp6X6ZXE11+cFdATa4TPnsAUMSxVkLZanrbyACmcNr1gjT3dz6qI
+			VBVPb5OnUldndbgtlOX3wcE0aR/MIsIjz1UQl/QoxbVclZVOUNdJQGb9
+			zQ==
+		) ; key id = 41145
+
+; example.de.  tag=59244  algo=RSASHA1  generated Jul 12 2008 00:10:00
+example.de. 3600 IN DNSKEY  257 3 5 (
+			BQEAAAABDfaBERX9p+FUi1OXYVig7zLCQFZoRYpwDDuLzBcC7k+G1+wW
+			dftyA1vBm5HMpyq0OifT0Hsez4+H+0CIWHZP8oPCYfKrq+wM2EgMzDDO
+			Yv+O1TQU4i3G+iONxB1RAwH/J2lA+U0zCbrdf0KLq/enNquchhPw4gCX
+			0RB9HC+TkpoPf2u7aKFcjlpw4C4uhDl1s6FpfdXe6NQWW6c+ONUcLAEt
+			+w==
+		) ; key id = 59244
+
+; ***  List of Zone Signing Keys  ***
+; example.de.  tag=35672  algo=RSASHA1  generated Jul 17 2008 10:36:52
+example.de. 3600 IN DNSKEY  256 3 5 (
+			BQEAAAABnRJdmY7dzRKi93pVkLToV5FK4Ffm8YnY0c6IHKcAmb5t8FLv
+			pNijniIclCPXTpfio+HNa59a4UA8jTdJb+kT0w==
+		) ; key id = 35672
+
+; example.de.  tag=11867  algo=RSASHA1  generated Jul 17 2008 10:36:52
+example.de. 3600 IN DNSKEY  256 3 5 (
+			BQEAAAAByN2rMrazHwh+sNOv8cBef3HUotAQTS9QW4Y5NjNuyYNraJBA
+			OqV8KSaGQqIhkh0ZD0oIm2h0JowdyERZVj6ZZQ==
+		) ; key id = 11867
+
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./dsset-example.de. b/contrib/zkt/examples/hierarchical/de./example.de./dsset-example.de.
new file mode 100644
index 0000000..a2cb04a
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de./example.de./dsset-example.de.
@@ -0,0 +1,6 @@
+example.de.		IN DS 17567 5 1 D2AE03CF2A76AA0A28AE8593B3D96E497C6508E5
+example.de.		IN DS 17567 5 2 A9F2D82927721257F7C4325B402F664BBFE58780A786BB7B7188A0DB FD5D7008
+example.de.		IN DS 41145 5 1 8F18A5F2A59AEF518DBA5A0CD0F0E259DD0F8C05
+example.de.		IN DS 41145 5 2 BA5A78FB98E5A38554B4D73B32F15C4794AEE9E25934B3696B999451 A534102A
+example.de.		IN DS 59244 5 1 56F34A865AFA3A183D3C008490B94CB1D238BB9A
+example.de.		IN DS 59244 5 2 08C1BFC17C4634BE4A03A297D65E44CC8EB375B4027534541B7E0596 5E985313
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./keyset-example.de. b/contrib/zkt/examples/hierarchical/de./example.de./keyset-example.de.
new file mode 100644
index 0000000..2b40c68
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de./example.de./keyset-example.de.
@@ -0,0 +1,28 @@
+$ORIGIN .
+example.de		7200	IN DNSKEY 257 3 5 (
+					BQEAAAABDfaBERX9p+FUi1OXYVig7zLCQFZo
+					RYpwDDuLzBcC7k+G1+wWdftyA1vBm5HMpyq0
+					OifT0Hsez4+H+0CIWHZP8oPCYfKrq+wM2EgM
+					zDDOYv+O1TQU4i3G+iONxB1RAwH/J2lA+U0z
+					Cbrdf0KLq/enNquchhPw4gCX0RB9HC+TkpoP
+					f2u7aKFcjlpw4C4uhDl1s6FpfdXe6NQWW6c+
+					ONUcLAEt+w==
+					) ; key id = 59244
+			7200	IN DNSKEY 257 3 5 (
+					BQEAAAABDrm5aXRPuZOmwT4nINnY2qXyXWLt
+					utggFAJgBW5Ua7uzAR+7r/DcOE7IfjnT5FQh
+					bYXIuKy61uOEqPu1TYvDsGb1pseKSB4J0jmX
+					DU9Ntu9TDp6X6ZXE11+cFdATa4TPnsAUMSxV
+					kLZanrbyACmcNr1gjT3dz6qIVBVPb5OnUldn
+					dbgtlOX3wcE0aR/MIsIjz1UQl/QoxbVclZVO
+					UNdJQGb9zQ==
+					) ; key id = 41145
+			7200	IN DNSKEY 385 3 5 (
+					BQEAAAABCyg92L7v21N3lc/gR07/2iLmvt6d
+					Un1KKauLvmkRuT040XT+Rd3Iq20iq6BqVPsP
+					S+hCOTRA3xikTIn5YzmPLPutIRtjIodHhsrM
+					L4D9Pp1dzgEDKWLam96v+E7KC0GGH/BI6/We
+					lqeqjS5BjI4Gjv4roaTyDCi63oXwcMFDVwrS
+					jws4A/5AGANka41Aky+UCGse6+64YmNP/QkS
+					XDAeBZqwrw==
+					) ; key id = 17567
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./keyset-sub.example.de. b/contrib/zkt/examples/hierarchical/de./example.de./keyset-sub.example.de.
new file mode 100644
index 0000000..04ed33a
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de./example.de./keyset-sub.example.de.
@@ -0,0 +1,8 @@
+$ORIGIN .
+sub.example.de		7200	IN DNSKEY 257 3 5 (
+					BQEAAAABpL4/T8z6mCbTm46Y9+KJOgCAk+dG
+					HBoyg75N1f0lwYSZOLyyyOLWwDxlsfkb5Wwv
+					Z1ZG6NFmg/3o5N3Zd7TEkkvHZafRMrzHFicd
+					IMSvjmOWVBR0GsEb+reREu5X0sdZbqOuxT6C
+					kKoTXRpRZgU9ouus6W5bSWQAfdQIegTBBKk=
+					) ; key id = 40998
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+19793.key b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+19793.key
new file mode 100644
index 0000000..6b6aca1
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+19793.key
@@ -0,0 +1,3 @@
+;%	generationtime=20080729104405
+;%	lifetime=2d
+sub.example.de. IN DNSKEY  256 3 1 BQEAAAABny2+yO3erGn/4hCJyG031zbeZa91KPPsQRfqgx3eNgyaQjfD 7NTKuAfJjbSTbHnvXF008duYET+UU9+hS01RIw==
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+19793.private b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+19793.private
new file mode 100644
index 0000000..2377635
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+19793.private
@@ -0,0 +1,10 @@
+Private-key-format: v1.2
+Algorithm: 1 (RSA)
+Modulus: ny2+yO3erGn/4hCJyG031zbeZa91KPPsQRfqgx3eNgyaQjfD7NTKuAfJjbSTbHnvXF008duYET+UU9+hS01RIw==
+PublicExponent: AQAAAAE=
+PrivateExponent: njIKbIVXtg54r7CRULxKaNXpW0BUus3VYh/JBkMgd+runwCUtXUccG14jHrZ/H2M6Yx46EIYxebzoi0rStisAQ==
+Prime1: zsU5EgehqDuowoV/yRkMTDa/b3unK6hUy4AnqCpumtE=
+Prime2: xRPHnd4KuW4H4SueCLf3oduoTfOp6pl6cKdJyjooQbM=
+Exponent1: WbbHa11huZfttfhiiocYX0zKzy+2hTHb8vXBJ27mIcE=
+Exponent2: JrXRbJt0aQuZ7PEcBuYpcLp0d4WZFD0htANku1j9xHc=
+Coefficient: y0cK7SB3Usly0yku3wY50DpxX0k+qPu8HztqHeGCXpg=
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+51977.depreciated b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+51977.depreciated
new file mode 100644
index 0000000..934f630
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+51977.depreciated
@@ -0,0 +1,10 @@
+Private-key-format: v1.2
+Algorithm: 1 (RSA)
+Modulus: rPRVqWxFqCoVRrtQ8XYrbeogdBKBvEus359hPgFqYdGHvR1Kkyl8EhioksP/Tze5cGBHTSFCjIh+lGMPEssJCQ==
+PublicExponent: AQAAAAE=
+PrivateExponent: OGFXm5oxuztSyLrcmyhrWs14NTOKh745RZMjIUVyoem0SLRjkJWdqGlPnMsR+lmyVieKx6OhFTOZnbjRaeu2AQ==
+Prime1: 1epbg5Yr1USYkwGu9zV7AXpB74Wfu7I3WDzPabBFQ+k=
+Prime2: zvsD4Q/+PCmzXiRwsSlwZwtwpcSump1fuIve+REOCCE=
+Exponent1: kMpHQJed0XNHcNZ2hcEZ1/yG3Ex4MZbdJ9DsK2Rgosk=
+Exponent2: LEK4vqbV5lWlccULSqR0puA/1lFWmvRbS0yu7qp4OGE=
+Coefficient: gXEyODoVUSbHQP2mar5cwP3BDdi1LwDYVvdvKYEPIrw=
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+51977.key b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+51977.key
new file mode 100644
index 0000000..2c662a9
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+51977.key
@@ -0,0 +1,3 @@
+;%	generationtime=20080726213646
+;%	lifetime=2d
+sub.example.de. IN DNSKEY  256 3 1 BQEAAAABrPRVqWxFqCoVRrtQ8XYrbeogdBKBvEus359hPgFqYdGHvR1K kyl8EhioksP/Tze5cGBHTSFCjIh+lGMPEssJCQ==
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+55699.key b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+55699.key
new file mode 100644
index 0000000..3a0fcec
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+55699.key
@@ -0,0 +1,3 @@
+;%	generationtime=20080731111645
+;%	lifetime=2d
+sub.example.de. IN DNSKEY  256 3 1 BQEAAAABwutYROLC3W5wyq8jZEN7Fjgn2bLMoUAVJoteHeTZgfc11ekm /T+TEsR0L1Eazfc/MP+8X0OzdEl97NGOPtmT9w==
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+55699.published b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+55699.published
new file mode 100644
index 0000000..b45db1f
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+55699.published
@@ -0,0 +1,10 @@
+Private-key-format: v1.2
+Algorithm: 1 (RSA)
+Modulus: wutYROLC3W5wyq8jZEN7Fjgn2bLMoUAVJoteHeTZgfc11ekm/T+TEsR0L1Eazfc/MP+8X0OzdEl97NGOPtmT9w==
+PublicExponent: AQAAAAE=
+PrivateExponent: f7ufWzg6L93T6LUD9P4Enjv0YvfQoIAJwO3OLdaMTuvz7ehqy+FWuAzy4fQwBxr768pDWv/EZqpqPuDIifUCUQ==
+Prime1: 50l7b5UFq5ejhH7Y/ZTA03M0JMZiIQDrpJdWL89sn6M=
+Prime2: 178TrVx2Of4cF18K9sbgdrbQCL82IotrErwo5YAsb50=
+Exponent1: Gs/D3DZdG7gy9INcfyIBH8pOHkcITjxJQbEJotYtp48=
+Exponent2: xVkRB61kvgdvwcowk4UnL6FqBPi5p9Jk1AlNteSksMU=
+Coefficient: Z9dHWKQ4b7QgZt5kzJNs4gW4iZPvD2pdm31V0jEbPoA=
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+005+40998.key b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+005+40998.key
new file mode 100644
index 0000000..9c7c36c
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+005+40998.key
@@ -0,0 +1,3 @@
+;%	generationtime=20080726221746
+;%	lifetime=5d
+sub.example.de. IN DNSKEY  257 3 5 BQEAAAABpL4/T8z6mCbTm46Y9+KJOgCAk+dGHBoyg75N1f0lwYSZOLyy yOLWwDxlsfkb5WwvZ1ZG6NFmg/3o5N3Zd7TEkkvHZafRMrzHFicdIMSv jmOWVBR0GsEb+reREu5X0sdZbqOuxT6CkKoTXRpRZgU9ouus6W5bSWQA fdQIegTBBKk=
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+005+40998.private b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+005+40998.private
new file mode 100644
index 0000000..3e39f5a
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+005+40998.private
@@ -0,0 +1,10 @@
+Private-key-format: v1.2
+Algorithm: 5 (RSASHA1)
+Modulus: pL4/T8z6mCbTm46Y9+KJOgCAk+dGHBoyg75N1f0lwYSZOLyyyOLWwDxlsfkb5WwvZ1ZG6NFmg/3o5N3Zd7TEkkvHZafRMrzHFicdIMSvjmOWVBR0GsEb+reREu5X0sdZbqOuxT6CkKoTXRpRZgU9ouus6W5bSWQAfdQIegTBBKk=
+PublicExponent: AQAAAAE=
+PrivateExponent: CrFKdhkCOgyF27Jc4GPfo7A6v2q0OgRE2nBdkw7XFUEADEHSVLA6XYUm3AZmAOWxTmrGU8EK+76hfC22DjA6O0BljTNdxLB5cGRL2Dxey603jCIEVt/ahIqyb2STr0pWYEVc3qAKJL93iP4v5r7fJt157sJhQF8F5Zpqj24QvmE=
+Prime1: 1EpVvo011F2qgjesKSKplhqtvbmRPjTuhijb7531zIbxDzBF+lXCDyjt3Y/LrWS240t74vbZpo9FUZIETIf/FQ==
+Prime2: xqm8Bk18u2WJZ9uUr+/MMPKfh6OgAFqtBwFi81FFJ62kHGL9i8AcychE9tD5IRu74KLCGW+Vk87lyLOF3WU0RQ==
+Exponent1: JmLNa+QmMjHVDmAM833bF024/+NIyZgfNSDLnGXxTqYZ3PK/llLHIwBChLMKAQgFvt5PP0id1Nkc9N16xjkuFQ==
+Exponent2: rZW7rMmQxQQRHD8TKQTAhCX+31n8jnq7gW9dyVpjY85GDuQe6+3rox6xvsMfUzEOgXk1lgnm46FAIHOH6DhMuQ==
+Coefficient: MPoirwMUkLzLWeynO1Izy+lff70hnDnOcZEckS+Sy1TlUkk22uHBF4uNLkgoF26XqeKzK9pG1rCGfccfWTCayQ==
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./dlvset-sub.example.de. b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./dlvset-sub.example.de.
new file mode 100644
index 0000000..c392b9a
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./dlvset-sub.example.de.
@@ -0,0 +1,2 @@
+sub.example.de.dlv.trusted-keys.net. IN	DLV 40998 5 1 1414E9C46F367D787EEF2EC91E1FC66DD087AEAE
+sub.example.de.dlv.trusted-keys.net. IN	DLV 40998 5 2 6FE53984AB75C31A06778E9944F8CDB4790527D36BBD08CC1E90DA7A E32EEE5F
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./dnskey.db b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./dnskey.db
new file mode 100644
index 0000000..e922c18
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./dnskey.db
@@ -0,0 +1,35 @@
+;
+;	!!! Don't edit this file by hand.
+;	!!! It will be generated by dnssec-signer.
+;
+;	 Last generation time Jul 31 2008 13:16:45
+;
+
+;  ***  List of Key Signing Keys  ***
+; sub.example.de.  tag=40998  algo=RSASHA1  generated Jul 27 2008 00:17:46
+sub.example.de. 3600 IN DNSKEY  257 3 5 (
+			BQEAAAABpL4/T8z6mCbTm46Y9+KJOgCAk+dGHBoyg75N1f0lwYSZOLyy
+			yOLWwDxlsfkb5WwvZ1ZG6NFmg/3o5N3Zd7TEkkvHZafRMrzHFicdIMSv
+			jmOWVBR0GsEb+reREu5X0sdZbqOuxT6CkKoTXRpRZgU9ouus6W5bSWQA
+			fdQIegTBBKk=
+		) ; key id = 40998
+
+; ***  List of Zone Signing Keys  ***
+; sub.example.de.  tag=51977  algo=RSAMD5  generated Jul 29 2008 12:44:04
+sub.example.de. 3600 IN DNSKEY  256 3 1 (
+			BQEAAAABrPRVqWxFqCoVRrtQ8XYrbeogdBKBvEus359hPgFqYdGHvR1K
+			kyl8EhioksP/Tze5cGBHTSFCjIh+lGMPEssJCQ==
+		) ; key id = 51977
+
+; sub.example.de.  tag=19793  algo=RSAMD5  generated Jul 29 2008 12:44:05
+sub.example.de. 3600 IN DNSKEY  256 3 1 (
+			BQEAAAABny2+yO3erGn/4hCJyG031zbeZa91KPPsQRfqgx3eNgyaQjfD
+			7NTKuAfJjbSTbHnvXF008duYET+UU9+hS01RIw==
+		) ; key id = 19793
+
+; sub.example.de.  tag=55699  algo=RSAMD5  generated Jul 31 2008 13:16:45
+sub.example.de. 3600 IN DNSKEY  256 3 1 (
+			BQEAAAABwutYROLC3W5wyq8jZEN7Fjgn2bLMoUAVJoteHeTZgfc11ekm
+			/T+TEsR0L1Eazfc/MP+8X0OzdEl97NGOPtmT9w==
+		) ; key id = 55699
+
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./dnssec.conf b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./dnssec.conf
new file mode 100644
index 0000000..d7d33ca
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./dnssec.conf
@@ -0,0 +1,17 @@
+##
+##   dnssec-zkt v0.4 (c) Jan 2005 hoz <at> hznet <dot> de   ##
+##
+
+resigninterval	36h
+sigvalidity 	2d
+max_ttl 	90s
+
+ksk_lifetime 	5d
+ksk_algo 	RSASHA1
+ksk_bits 	1024
+
+zsk_lifetime 	2d
+zsk_algo 	RSAMD5
+zsk_bits 	512
+
+dlv_domain	"dlv.trusted-keys.net"
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./dsset-sub.example.de. b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./dsset-sub.example.de.
new file mode 100644
index 0000000..b8ec77b
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./dsset-sub.example.de.
@@ -0,0 +1,2 @@
+sub.example.de.		IN DS 40998 5 1 1414E9C46F367D787EEF2EC91E1FC66DD087AEAE
+sub.example.de.		IN DS 40998 5 2 6FE53984AB75C31A06778E9944F8CDB4790527D36BBD08CC1E90DA7A E32EEE5F
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./keyset-sub.example.de. b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./keyset-sub.example.de.
new file mode 100644
index 0000000..04ed33a
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./keyset-sub.example.de.
@@ -0,0 +1,8 @@
+$ORIGIN .
+sub.example.de		7200	IN DNSKEY 257 3 5 (
+					BQEAAAABpL4/T8z6mCbTm46Y9+KJOgCAk+dG
+					HBoyg75N1f0lwYSZOLyyyOLWwDxlsfkb5Wwv
+					Z1ZG6NFmg/3o5N3Zd7TEkkvHZafRMrzHFicd
+					IMSvjmOWVBR0GsEb+reREu5X0sdZbqOuxT6C
+					kKoTXRpRZgU9ouus6W5bSWQAfdQIegTBBKk=
+					) ; key id = 40998
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./zone.db b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./zone.db
new file mode 100644
index 0000000..05489a4
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./zone.db
@@ -0,0 +1,25 @@
+;-----------------------------------------------------------------
+;
+;       @(#)    sub.example.de/zone.db
+;
+;-----------------------------------------------------------------
+
+$TTL 7200
+
+@ 	IN SOA	ns1.example.de. hostmaster.example.de.  (
+				2008073101; Serial (up to 10 digits)
+				86400	; Refresh	(RIPE recommendation if NOTIFY is used)
+				1800	; Retry
+				2W	; Expire
+				7200 )	; Minimum
+
+
+		IN  NS		ns1.example.de.
+
+$INCLUDE dnskey.db
+
+localhost	IN  A		127.0.0.1
+
+a		IN  A		1.2.3.4
+b		IN  A		1.2.3.5
+c		IN  A		1.2.3.6
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./zone.db.signed b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./zone.db.signed
new file mode 100644
index 0000000..d607de5
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./zone.db.signed
@@ -0,0 +1,108 @@
+; File written on Thu Jul 31 13:16:45 2008
+; dnssec_signzone version 9.5.1b1
+sub.example.de.		7200	IN SOA	ns1.example.de. hostmaster.example.de. (
+					2008073101 ; serial
+					86400      ; refresh (1 day)
+					1800       ; retry (30 minutes)
+					1209600    ; expire (2 weeks)
+					7200       ; minimum (2 hours)
+					)
+			7200	RRSIG	SOA 1 3 7200 20080802100259 (
+					20080731101645 19793 sub.example.de.
+					d/lRqmf+AWENEHoKbG+ABspEFH0UEHsyue0o
+					DPPUzkAw/gZcHcwoCuf4AsbUYHz1HKyHjeUz
+					g2+AsH8mPZKGvg== )
+			7200	NS	ns1.example.de.
+			7200	RRSIG	NS 1 3 7200 20080802095409 (
+					20080731101645 19793 sub.example.de.
+					VoXeajFhxMQjwVXspcxBN/lfM1R6hc1fIVdV
+					HjWlw0RSeCL7fBOY54HOIWcu6jHegMrjuB9y
+					KTOgEwv3r8kOiw== )
+			7200	NSEC	a.sub.example.de. NS SOA RRSIG NSEC DNSKEY
+			7200	RRSIG	NSEC 1 3 7200 20080802095639 (
+					20080731101645 19793 sub.example.de.
+					cmhtmISCv2bbpBkgwyMuKNnlrNsJ3GViYUxT
+					lhQ8ASHjNH74mIuenBIGy+w3RxyDzoMk1w6Y
+					J0qpEvDF3FNvRQ== )
+			3600	DNSKEY	256 3 1 (
+					BQEAAAABny2+yO3erGn/4hCJyG031zbeZa91
+					KPPsQRfqgx3eNgyaQjfD7NTKuAfJjbSTbHnv
+					XF008duYET+UU9+hS01RIw==
+					) ; key id = 19793
+			3600	DNSKEY	256 3 1 (
+					BQEAAAABrPRVqWxFqCoVRrtQ8XYrbeogdBKB
+					vEus359hPgFqYdGHvR1Kkyl8EhioksP/Tze5
+					cGBHTSFCjIh+lGMPEssJCQ==
+					) ; key id = 51977
+			3600	DNSKEY	256 3 1 (
+					BQEAAAABwutYROLC3W5wyq8jZEN7Fjgn2bLM
+					oUAVJoteHeTZgfc11ekm/T+TEsR0L1Eazfc/
+					MP+8X0OzdEl97NGOPtmT9w==
+					) ; key id = 55699
+			3600	DNSKEY	257 3 5 (
+					BQEAAAABpL4/T8z6mCbTm46Y9+KJOgCAk+dG
+					HBoyg75N1f0lwYSZOLyyyOLWwDxlsfkb5Wwv
+					Z1ZG6NFmg/3o5N3Zd7TEkkvHZafRMrzHFicd
+					IMSvjmOWVBR0GsEb+reREu5X0sdZbqOuxT6C
+					kKoTXRpRZgU9ouus6W5bSWQAfdQIegTBBKk=
+					) ; key id = 40998
+			3600	RRSIG	DNSKEY 1 3 3600 20080802100935 (
+					20080731101645 19793 sub.example.de.
+					WU1UIuqpuCLRe/46p4u2eqEvKrfsBvKpzKmx
+					TLG2AX+AOxWhRH5CqZ1zDiKUd+Xu6ekGxB/g
+					ZOu0rsPqvux2PA== )
+			3600	RRSIG	DNSKEY 5 3 3600 20080802100334 (
+					20080731101645 40998 sub.example.de.
+					WW23Oq06HTSt5R/4Ds/nOl1n0Egsbf4bztB8
+					MZQAv6khorlDzmy3B4WPG1f79yuc26Zb6/Z9
+					QxNH0s68kp3X/eBR7FTEfHehsKaoRtaxldhz
+					V0VjOKI2iu4mhA6n/P0bAEhfxFxxde5tymP/
+					Od6//GN4UmNi9LCwWtLbGnF4Gpc= )
+a.sub.example.de.	7200	IN A	1.2.3.4
+			7200	RRSIG	A 1 4 7200 20080802095159 (
+					20080731101645 19793 sub.example.de.
+					LxVthdAkEiBec6khr63+rufhSwtByBNvff8e
+					HEG/m+yusTBVqVoUp987aabxqaeW5v6f4GaB
+					4iK4mspVH4Md7A== )
+			7200	NSEC	b.sub.example.de. A RRSIG NSEC
+			7200	RRSIG	NSEC 1 4 7200 20080802100843 (
+					20080731101645 19793 sub.example.de.
+					HEqR2LChtQD2AeGCBhCsCemP3kjwAGi3RIXu
+					UpklHVo44Yu+JINnO/jxZ61CtlvBaZ25dpjt
+					4ldl+d6z3bs4pQ== )
+b.sub.example.de.	7200	IN A	1.2.3.5
+			7200	RRSIG	A 1 4 7200 20080802095415 (
+					20080731101645 19793 sub.example.de.
+					eLTaD1maS++Py3rybVftMtz0V8QnJenAH6tQ
+					PIcoZElIaLt8DGfwJYPmIPJlhwNlyqJH7d2A
+					SDEWBEFsFCnMkg== )
+			7200	NSEC	c.sub.example.de. A RRSIG NSEC
+			7200	RRSIG	NSEC 1 4 7200 20080802094836 (
+					20080731101645 19793 sub.example.de.
+					nHvo1ValqHljlwCiPI51hdl0lnd5WiDIHbo7
+					MMxxZrYLNAP9ECK5DCzht9UrEGgIpI/MAvsU
+					7S7eIlt0jBSehg== )
+c.sub.example.de.	7200	IN A	1.2.3.6
+			7200	RRSIG	A 1 4 7200 20080802095037 (
+					20080731101645 19793 sub.example.de.
+					eVluthAz6YLAJWSaroRGuf5IsjhHoLz60Ot9
+					1KTnw9zAFU16H6vuQ/TIH7ZzHOT0CgdwawF5
+					V0L4MAkK76H00w== )
+			7200	NSEC	localhost.sub.example.de. A RRSIG NSEC
+			7200	RRSIG	NSEC 1 4 7200 20080802100135 (
+					20080731101645 19793 sub.example.de.
+					KRTIiVJPkQayfB8k6sIWyZPm6fqQAZbs8BQ4
+					jz/EGrHj3oFPRULUpLMKUdLFAp0kU0qRqCwl
+					Ull//CFV9J272A== )
+localhost.sub.example.de. 7200	IN A	127.0.0.1
+			7200	RRSIG	A 1 4 7200 20080802095833 (
+					20080731101645 19793 sub.example.de.
+					fXGLRIRCvK/Q9D+dQTia3HUe1xlVBwBL1vcY
+					wRWdvNQgXQnOkpGtcb9fjKXkPz34SirmyESh
+					8kYWUvV1kghBzA== )
+			7200	NSEC	sub.example.de. A RRSIG NSEC
+			7200	RRSIG	NSEC 1 4 7200 20080802101452 (
+					20080731101645 19793 sub.example.de.
+					EqI9jcbxtroVBCVrCLWezzcxNvwm2xl/1nCt
+					6Nogs3WvBPpMExUX2tWvpJMV14vpFSW2qWQK
+					UoFq9NHsH2WSDw== )
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./zone.db b/contrib/zkt/examples/hierarchical/de./example.de./zone.db
new file mode 100644
index 0000000..c485181
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de./example.de./zone.db
@@ -0,0 +1,37 @@
+;-----------------------------------------------------------------
+;
+;       @(#)    example.de/zone.db
+;
+;-----------------------------------------------------------------
+
+$TTL	7200
+
+;	Be sure that the serial number below is left
+;	justified in a field of at least 10 chars!!
+;				0123456789;
+;	It's also possible to use the date form e.g. 2005040101
+@	IN SOA	ns1.example.de. hostmaster.example.de.  (
+				258       ; Serial	
+				43200	; Refresh
+				1800	; Retry
+				2W	; Expire
+				7200 )	; Minimum
+
+		IN  NS		ns1.example.de.
+		IN  NS		ns2.example.de.
+
+ns1		IN  A		1.0.0.5
+		IN  AAAA	2001:db8::53
+ns2		IN  A		1.2.0.6
+
+localhost	IN  A		127.0.0.1
+
+; Delegation to secure zone; The DS resource record will
+; be added by dnssec-signzone automatically if the
+; keyset-sub.example.de file is present (run dnssec-signzone
+; with option -g or use the dnssec-signer tool) ;-)
+sub		IN NS      ns1.example.de.
+
+; this file will have all the zone keys
+$INCLUDE dnskey.db
+
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./zone.db.signed b/contrib/zkt/examples/hierarchical/de./example.de./zone.db.signed
new file mode 100644
index 0000000..4b9b3dc
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de./example.de./zone.db.signed
@@ -0,0 +1,147 @@
+; File written on Tue Jul 29 12:44:06 2008
+; dnssec_signzone version 9.5.1b1
+example.de.		7200	IN SOA	ns1.example.de. hostmaster.example.de. (
+					258        ; serial
+					43200      ; refresh (12 hours)
+					1800       ; retry (30 minutes)
+					1209600    ; expire (2 weeks)
+					7200       ; minimum (2 hours)
+					)
+			7200	RRSIG	SOA 5 2 7200 20080808092956 (
+					20080729094406 35672 example.de.
+					UufM9vATUwvqXJjvgt9WGAytmMhd7Pz/3DK0
+					6a9uReXHcU4NcO0BhTP9chwXAQC5pI2ucRxs
+					/4p/Vc/L91wUMA== )
+			7200	NS	ns1.example.de.
+			7200	NS	ns2.example.de.
+			7200	RRSIG	NS 5 2 7200 20080808091515 (
+					20080729094406 35672 example.de.
+					hpHATL81t7GASSKPPBuheQqBqXU688itETkN
+					QYfy/OwcE/7g+LvS1oHEBRds6neRkXxUpDa1
+					hsdbbCDo6UuHSg== )
+			7200	NSEC	localhost.example.de. NS SOA RRSIG NSEC DNSKEY
+			7200	RRSIG	NSEC 5 2 7200 20080808092007 (
+					20080729094406 35672 example.de.
+					aN9cYobVe+qJ5Gw0GPMQI3V7vPQaF7cBuX6T
+					+yWZ/TAHhKcJYqbwOQH2XQar2s+JwckEMSdI
+					HFPySUOtQaNNxA== )
+			3600	DNSKEY	256 3 5 (
+					BQEAAAABnRJdmY7dzRKi93pVkLToV5FK4Ffm
+					8YnY0c6IHKcAmb5t8FLvpNijniIclCPXTpfi
+					o+HNa59a4UA8jTdJb+kT0w==
+					) ; key id = 35672
+			3600	DNSKEY	256 3 5 (
+					BQEAAAAByN2rMrazHwh+sNOv8cBef3HUotAQ
+					TS9QW4Y5NjNuyYNraJBAOqV8KSaGQqIhkh0Z
+					D0oIm2h0JowdyERZVj6ZZQ==
+					) ; key id = 11867
+			3600	DNSKEY	257 3 5 (
+					BQEAAAABDfaBERX9p+FUi1OXYVig7zLCQFZo
+					RYpwDDuLzBcC7k+G1+wWdftyA1vBm5HMpyq0
+					OifT0Hsez4+H+0CIWHZP8oPCYfKrq+wM2EgM
+					zDDOYv+O1TQU4i3G+iONxB1RAwH/J2lA+U0z
+					Cbrdf0KLq/enNquchhPw4gCX0RB9HC+TkpoP
+					f2u7aKFcjlpw4C4uhDl1s6FpfdXe6NQWW6c+
+					ONUcLAEt+w==
+					) ; key id = 59244
+			3600	DNSKEY	257 3 5 (
+					BQEAAAABDrm5aXRPuZOmwT4nINnY2qXyXWLt
+					utggFAJgBW5Ua7uzAR+7r/DcOE7IfjnT5FQh
+					bYXIuKy61uOEqPu1TYvDsGb1pseKSB4J0jmX
+					DU9Ntu9TDp6X6ZXE11+cFdATa4TPnsAUMSxV
+					kLZanrbyACmcNr1gjT3dz6qIVBVPb5OnUldn
+					dbgtlOX3wcE0aR/MIsIjz1UQl/QoxbVclZVO
+					UNdJQGb9zQ==
+					) ; key id = 41145
+			3600	DNSKEY	385 3 5 (
+					BQEAAAABCyg92L7v21N3lc/gR07/2iLmvt6d
+					Un1KKauLvmkRuT040XT+Rd3Iq20iq6BqVPsP
+					S+hCOTRA3xikTIn5YzmPLPutIRtjIodHhsrM
+					L4D9Pp1dzgEDKWLam96v+E7KC0GGH/BI6/We
+					lqeqjS5BjI4Gjv4roaTyDCi63oXwcMFDVwrS
+					jws4A/5AGANka41Aky+UCGse6+64YmNP/QkS
+					XDAeBZqwrw==
+					) ; key id = 17567
+			3600	RRSIG	DNSKEY 5 2 3600 20080808092214 (
+					20080729094406 41145 example.de.
+					BMVp5vW7MgvrhoGfqQhdwGg1mBHNw4xnI+YX
+					XMYqOAMMRmFg7G6Vn+UcFmUoL1AdUKIdXPp7
+					t30UREHQspELWmnLVdJ36HRmzk1eNgwLFuUM
+					l+Lr+KeoufJ2QlF4TWeItozv0pgmkxaOr0Im
+					fzRmWKs84rwautwY+R/b5wrCMfZt96/JPGA0
+					4JWDls1wJ7iR0LtiJxe7mvtNRZ5krPFKXBRz
+					nA== )
+			3600	RRSIG	DNSKEY 5 2 3600 20080808092411 (
+					20080729094406 17567 example.de.
+					BmHQcJsmGmt7HZHqWPAHQuelDrWXASUy7tgc
+					W4RVIed4voZiHyvxfTPR3cldIWpdP2RqxMm8
+					Dj5hlYRqnVt3phSSnwpczcPkfQD4meTqK0DJ
+					kpX/mBCMHedfvATKf82A9wri13/Zi97N6sTK
+					4VZZIWaUH/YDYyMwxgK70+jU0m2N8Iebm3s6
+					RshTMxAZjiSH29mgow/HSHtf+cnaTUGAr83P
+					ug== )
+			3600	RRSIG	DNSKEY 5 2 3600 20080808093317 (
+					20080729094406 35672 example.de.
+					Q5UnfDMbzApCl/wOy9IDna25UVvjKhuV/dos
+					hFKPUArM4wDx9kJU5tc1Eatwh4MAXPM81kNW
+					6DbiKMXJpO7biQ== )
+localhost.example.de.	7200	IN A	127.0.0.1
+			7200	RRSIG	A 5 3 7200 20080808092724 (
+					20080729094406 35672 example.de.
+					JW8ScAtavvTR0fHI/ZDZTgARHSXM/QcLT+w6
+					dl6kaeR/9JqxTKpKnH6mtYYdfqom4siJnZCI
+					D66sltGHW/er+Q== )
+			7200	NSEC	ns1.example.de. A RRSIG NSEC
+			7200	RRSIG	NSEC 5 3 7200 20080808094047 (
+					20080729094406 35672 example.de.
+					XsTqHahVRcPPyrdffkdyBj0BFlTx2vkmfrvY
+					IIQcaNiUxrgZfyDBQ1GZbL4tDGK/ujValdz9
+					s2s+6ISxxobC3A== )
+ns1.example.de.		7200	IN A	1.0.0.5
+			7200	RRSIG	A 5 3 7200 20080808091743 (
+					20080729094406 35672 example.de.
+					ljYOmOC9r3RlsohXrHt40sIQuF98JSkRSFHb
+					xKlcToqEVSgxAKkMlwPKBQPaHtRdQhIVkxly
+					OpCYxAQSguB/MA== )
+			7200	AAAA	2001:db8::53
+			7200	RRSIG	AAAA 5 3 7200 20080808094144 (
+					20080729094406 35672 example.de.
+					nNchBWvoPtgRNxaz9bmFwvv/KtgloYq1SGti
+					59yQFFm6ixY0p0l0d+U5nnwgI1iS5h0JGYqI
+					0mOu0mNbxtt9gQ== )
+			7200	NSEC	ns2.example.de. A AAAA RRSIG NSEC
+			7200	RRSIG	NSEC 5 3 7200 20080808092537 (
+					20080729094406 35672 example.de.
+					MgnxPyKHMqQXnmfjh5ffr0FRvgRyl7D56phx
+					xKzTquSXDECP5ORpDxvybixbvHvM8R59LjYH
+					1OZ3fi+/kWVAJg== )
+ns2.example.de.		7200	IN A	1.2.0.6
+			7200	RRSIG	A 5 3 7200 20080808091624 (
+					20080729094406 35672 example.de.
+					MkrwvOLYJQvoNFNeqtLOOmDnVFY0n7qdTOUL
+					Ia2stlfOn7r/7f4lKQTE5UMM+SBN2iizV4qc
+					SFFUxREAI5UGkQ== )
+			7200	NSEC	sub.example.de. A RRSIG NSEC
+			7200	RRSIG	NSEC 5 3 7200 20080808094337 (
+					20080729094406 35672 example.de.
+					QE8DYRraVloZVQi2RTpYwxEY1P0u3ovHgC58
+					AR1NiLtbQ0YCsPJZeIhVSXbdd8qLZzb5gsJ2
+					9AU6m1TfAa5WSw== )
+sub.example.de.		7200	IN NS	ns1.example.de.
+			7200	DS	40998 5 1 (
+					1414E9C46F367D787EEF2EC91E1FC66DD087
+					AEAE )
+			7200	DS	40998 5 2 (
+					6FE53984AB75C31A06778E9944F8CDB47905
+					27D36BBD08CC1E90DA7AE32EEE5F )
+			7200	RRSIG	DS 5 3 7200 20080808092142 (
+					20080729094406 35672 example.de.
+					cdyXeVNOD5TBuab8JFkwcf4GiS2n9F4tgct/
+					ZedULbikEqO0CyJddPW3wSsNAZeP2tgXJNI8
+					H6SutDh0IiR5MA== )
+			7200	NSEC	example.de. NS DS RRSIG NSEC
+			7200	RRSIG	NSEC 5 3 7200 20080808091754 (
+					20080729094406 35672 example.de.
+					jkvn4NznbaH8S5PeWkPf/cHaq19kNav8Y78E
+					3GVQHD3ApcDAMs8gImjRrJMT1lqSB7yCu/5f
+					k3CPfTs/+p/8Og== )
diff --git a/contrib/zkt/examples/hierarchical/de./keyset-example.de. b/contrib/zkt/examples/hierarchical/de./keyset-example.de.
new file mode 100644
index 0000000..2b40c68
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de./keyset-example.de.
@@ -0,0 +1,28 @@
+$ORIGIN .
+example.de		7200	IN DNSKEY 257 3 5 (
+					BQEAAAABDfaBERX9p+FUi1OXYVig7zLCQFZo
+					RYpwDDuLzBcC7k+G1+wWdftyA1vBm5HMpyq0
+					OifT0Hsez4+H+0CIWHZP8oPCYfKrq+wM2EgM
+					zDDOYv+O1TQU4i3G+iONxB1RAwH/J2lA+U0z
+					Cbrdf0KLq/enNquchhPw4gCX0RB9HC+TkpoP
+					f2u7aKFcjlpw4C4uhDl1s6FpfdXe6NQWW6c+
+					ONUcLAEt+w==
+					) ; key id = 59244
+			7200	IN DNSKEY 257 3 5 (
+					BQEAAAABDrm5aXRPuZOmwT4nINnY2qXyXWLt
+					utggFAJgBW5Ua7uzAR+7r/DcOE7IfjnT5FQh
+					bYXIuKy61uOEqPu1TYvDsGb1pseKSB4J0jmX
+					DU9Ntu9TDp6X6ZXE11+cFdATa4TPnsAUMSxV
+					kLZanrbyACmcNr1gjT3dz6qIVBVPb5OnUldn
+					dbgtlOX3wcE0aR/MIsIjz1UQl/QoxbVclZVO
+					UNdJQGb9zQ==
+					) ; key id = 41145
+			7200	IN DNSKEY 385 3 5 (
+					BQEAAAABCyg92L7v21N3lc/gR07/2iLmvt6d
+					Un1KKauLvmkRuT040XT+Rd3Iq20iq6BqVPsP
+					S+hCOTRA3xikTIn5YzmPLPutIRtjIodHhsrM
+					L4D9Pp1dzgEDKWLam96v+E7KC0GGH/BI6/We
+					lqeqjS5BjI4Gjv4roaTyDCi63oXwcMFDVwrS
+					jws4A/5AGANka41Aky+UCGse6+64YmNP/QkS
+					XDAeBZqwrw==
+					) ; key id = 17567
diff --git a/contrib/zkt/examples/hierarchical/dnssec.conf b/contrib/zkt/examples/hierarchical/dnssec.conf
new file mode 100644
index 0000000..12da654
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/dnssec.conf
@@ -0,0 +1,40 @@
+#   
+#   	@(#) dnssec.conf vT0.96 (c) Feb 2005 - May 2008 Holger Zuleger hznet.de
+#   
+
+#   dnssec-zkt options
+Zonedir:	"."
+Recursive:	True
+PrintTime:	False
+PrintAge:	True
+LeftJustify:	False
+
+#   zone specific values
+ResignInterval:	1w	# (604800 seconds)
+Sigvalidity:	10d	# (864000 seconds)
+Max_TTL:	6h	# (21600 seconds)
+Propagation:	5m	# (300 seconds)
+KEY_TTL:	1h	# (3600 seconds)
+Serialformat:	incremental
+
+#   signing key parameters
+KSK_lifetime:	20d	# (1728000 seconds)
+KSK_algo:	RSASHA1	# (Algorithm ID 5)
+KSK_bits:	1300
+KSK_randfile:	"/dev/urandom"
+ZSK_lifetime:	4w	# (2419200 seconds)
+ZSK_algo:	RSASHA1	# (Algorithm ID 5)
+ZSK_bits:	512
+ZSK_randfile:	"/dev/urandom"
+
+#   dnssec-signer options
+LogFile:	"log"
+LogLevel:	"info"
+SyslogFacility:	"user"
+SyslogLevel:	"notice"
+Keyfile:	"dnskey.db"
+Zonefile:	"zone.db"
+KeySetDir:	".."
+DLV_Domain:	""
+Sig_Pseudorand:	True
+Sig_Parameter:	"-j 1800"
diff --git a/contrib/zkt/examples/hierarchical/named.conf b/contrib/zkt/examples/hierarchical/named.conf
new file mode 100644
index 0000000..8bd3f9d
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/named.conf
@@ -0,0 +1,102 @@
+/*****************************************************************
+**
+**      #(@)    named.conf	(c) 6. May 2004 (hoz)
+**
+*****************************************************************/
+
+/*****************************************************************
+**      logging options
+*****************************************************************/
+logging {
+        channel "named-log" {
+                file "/var/log/named" versions 3 size 2m;
+                print-time yes;
+                print-category yes;
+                print-severity yes;
+                severity info;
+        };
+        channel "resolver-log" {
+                file "/var/log/named";
+                print-time yes;
+                print-category yes;
+                print-severity yes;
+                severity debug 1;
+        };
+        channel "dnssec-log" {
+#                file "/var/log/named-dnssec" ;
+                file "/var/log/named" ;
+                print-time yes;
+                print-category yes;
+                print-severity yes;
+                severity debug 3;
+        };
+        category "dnssec" { "dnssec-log"; };
+        category "default" { "named-log"; };
+        category "resolver" { "resolver-log"; };
+        category "client" { "resolver-log"; };
+        category "queries" { "resolver-log"; };
+};
+
+/*****************************************************************
+**      name server options
+*****************************************************************/
+options {
+	directory ".";
+
+	dump-file "/var/log/named_dump.db";
+	statistics-file "/var/log/named.stats";
+
+	listen-on-v6 { any; };
+
+	query-source address * port 53;
+	transfer-source * port 53;
+	notify-source * port 53;
+
+	recursion yes;
+	dnssec-enable yes;
+	edns-udp-size 4096;
+
+#	dnssec-lookaside "." trust-anchor "trusted-keys.de.";
+
+	querylog yes;
+
+};
+
+/*****************************************************************
+**      include shared secrets...
+*****************************************************************/
+/**      for control sessions ...	**/
+#	include "rndc.key";
+controls {
+ 	inet 127.0.0.1 
+ 		allow { localhost; }
+		keys { "rndc-key"; };
+ 	inet ::1 
+ 		allow { localhost; }
+		keys { "rndc-key"; };
+};
+
+/*****************************************************************
+**      ... and trusted_keys
+*****************************************************************/
+# include "trusted-keys.conf" ;
+
+/*****************************************************************
+**      root server hints and required 127 stuff
+*****************************************************************/
+zone "." in {
+	type hint;
+	file "root.hint";
+};
+
+zone "localhost" in {
+	type master;
+	file "localhost.zone";
+};
+
+zone "0.0.127.in-addr.arpa" in {
+	type master;
+	file "127.0.0.zone";
+};
+
+include "zone.conf";
diff --git a/contrib/zkt/examples/hierarchical/zone.conf b/contrib/zkt/examples/hierarchical/zone.conf
new file mode 100644
index 0000000..6944d5a
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/zone.conf
@@ -0,0 +1,10 @@
+
+zone "example.de." in {
+	type master;
+	file "de./example.de./zone.db.signed";
+};
+
+zone "sub.example.de." in {
+	type master;
+	file "de./example.de./sub.example.de./zone.db.signed";
+};
diff --git a/contrib/zkt/examples/views/dnssec-extern.conf b/contrib/zkt/examples/views/dnssec-extern.conf
new file mode 100644
index 0000000..728dcc9
--- /dev/null
+++ b/contrib/zkt/examples/views/dnssec-extern.conf
@@ -0,0 +1,39 @@
+#   
+#   	@(#) dnssec.conf vT0.96 (c) Feb 2005 - May 2008 Holger Zuleger hznet.de
+#   
+
+#   dnssec-zkt options
+Zonedir:	"extern"
+Recursive:	True
+PrintTime:	False
+PrintAge:	True
+LeftJustify:	False
+
+#   zone specific values
+ResignInterval:	1w	# (604800 seconds)
+Sigvalidity:	10d	# (864000 seconds)
+Max_TTL:	8h	# (28800 seconds)
+Propagation:	5m	# (300 seconds)
+KEY_TTL:	1h	# (3600 seconds)
+Serialformat:	unixtime
+
+#   signing key parameters
+KSK_lifetime:	1y	# (31536000 seconds)
+KSK_algo:	RSASHA1	# (Algorithm ID 5)
+KSK_bits:	1300
+KSK_randfile:	"/dev/urandom"
+ZSK_lifetime:	30d	# (2592000 seconds)
+ZSK_algo:	RSASHA1	# (Algorithm ID 5)
+ZSK_bits:	512
+ZSK_randfile:	"/dev/urandom"
+
+#   dnssec-signer options
+LogFile:	"zkt-ext.log"
+LogLevel:	"debug"
+SyslogFacility:	"none"
+SyslogLevel:	"notice"
+VerboseLog:	2
+Keyfile:	"dnskey.db"
+Zonefile:	"zone.db"
+DLV_Domain:	""
+Sig_Pseudorand:	True
diff --git a/contrib/zkt/examples/views/dnssec-intern.conf b/contrib/zkt/examples/views/dnssec-intern.conf
new file mode 100644
index 0000000..d49fc94
--- /dev/null
+++ b/contrib/zkt/examples/views/dnssec-intern.conf
@@ -0,0 +1,39 @@
+#   
+#   	@(#) dnssec.conf vT0.96 (c) Feb 2005 - May 2008 Holger Zuleger hznet.de
+#   
+
+#   dnssec-zkt options
+Zonedir:	"intern"
+Recursive:	True
+PrintTime:	False
+PrintAge:	True
+LeftJustify:	False
+
+#   zone specific values
+ResignInterval:	5h	# (18000 seconds)
+Sigvalidity:	1d	# (86400 seconds)
+Max_TTL:	30m	# (1800 seconds)
+Propagation:	1m	# (60 seconds)
+KEY_TTL:	30m	# (1800 seconds)
+Serialformat:	unixtime
+
+#   signing key parameters
+KSK_lifetime:	1y	# (31536000 seconds)
+KSK_algo:	RSASHA1	# (Algorithm ID 5)
+KSK_bits:	1300
+KSK_randfile:	"/dev/urandom"
+ZSK_lifetime:	30d	# (2592000 seconds)
+ZSK_algo:	RSASHA1	# (Algorithm ID 5)
+ZSK_bits:	512
+ZSK_randfile:	"/dev/urandom"
+
+#   dnssec-signer options
+LogFile:	"zkt-int.log"
+LogLevel:	"debug"
+SyslogFacility:	"none"
+SyslogLevel:	"notice"
+VerboseLog:	2
+Keyfile:	"dnskey.db"
+Zonefile:	"zone.db"
+DLV_Domain:	""
+Sig_Pseudorand:	True
diff --git a/contrib/zkt/examples/views/dnssec-signer-extern b/contrib/zkt/examples/views/dnssec-signer-extern
new file mode 100755
index 0000000..910e82a
--- /dev/null
+++ b/contrib/zkt/examples/views/dnssec-signer-extern
@@ -0,0 +1,7 @@
+#!/bin/sh
+#
+#	Shell script to start the dnssec-signer
+#	command out of the view directory
+#
+
+ZKT_CONFFILE=`pwd`/dnssec.conf ../../dnssec-signer -V extern "$@"
diff --git a/contrib/zkt/examples/views/dnssec-signer-intern b/contrib/zkt/examples/views/dnssec-signer-intern
new file mode 100755
index 0000000..915ed15
--- /dev/null
+++ b/contrib/zkt/examples/views/dnssec-signer-intern
@@ -0,0 +1,7 @@
+#!/bin/sh
+#
+#	Shell script to start the dnssec-signer
+#	command out of the view directory
+#
+
+ZKT_CONFFILE=`pwd`/dnssec.conf ../../dnssec-signer -V intern "$@"
diff --git a/contrib/zkt/examples/views/dnssec-zkt-extern b/contrib/zkt/examples/views/dnssec-zkt-extern
new file mode 100755
index 0000000..129b4e1
--- /dev/null
+++ b/contrib/zkt/examples/views/dnssec-zkt-extern
@@ -0,0 +1,7 @@
+#!/bin/sh
+#
+#	Shell script to start the dnssec-zkt command
+#	out of the view directory
+#
+
+ZKT_CONFFILE=`pwd`/dnssec.conf ../../dnssec-zkt --view extern "$@"
diff --git a/contrib/zkt/examples/views/dnssec-zkt-intern b/contrib/zkt/examples/views/dnssec-zkt-intern
new file mode 100755
index 0000000..1836840
--- /dev/null
+++ b/contrib/zkt/examples/views/dnssec-zkt-intern
@@ -0,0 +1,7 @@
+#!/bin/sh
+#
+#	Shell script to start the dnssec-zkt command
+#	out of the view directory
+#
+
+ZKT_CONFFILE=`pwd`/dnssec.conf ../../dnssec-zkt --view intern "$@"
diff --git a/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+10367.key b/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+10367.key
new file mode 100644
index 0000000..54ba934
--- /dev/null
+++ b/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+10367.key
@@ -0,0 +1,3 @@
+;%	generationtime=20080609231143
+;%	lifetime=30d
+example.net. IN DNSKEY  256 3 5 BQEAAAAB3U9DMT6BkywYADO+5p0lG4VFLLzNvJUMaOc++HqN2N1sKSX4 ZTf2V5gtamPZ/1kMrg8gYImKCl6n3K37EjXYBw==
diff --git a/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+10367.published b/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+10367.published
new file mode 100644
index 0000000..7240075
--- /dev/null
+++ b/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+10367.published
@@ -0,0 +1,10 @@
+Private-key-format: v1.2
+Algorithm: 5 (RSASHA1)
+Modulus: 3U9DMT6BkywYADO+5p0lG4VFLLzNvJUMaOc++HqN2N1sKSX4ZTf2V5gtamPZ/1kMrg8gYImKCl6n3K37EjXYBw==
+PublicExponent: AQAAAAE=
+PrivateExponent: Q3TKb2j5AMk4wn9q5vvgtEy7o1VAhCvv/Nw3QRpXi7xGeHb7WJHj2ia2I44vQQk9fB+Kck1M8KNRMgYt0d0xCQ==
+Prime1: 7l4yn7VYrTSOaZu+lubsFvE+JB7asyYyymAEQeod2p0=
+Prime2: 7a4LEAmrtZTI/PHjdk/Ij/hbpDmtOe1H0lnWTVG+GfM=
+Exponent1: DTpyBBW39+d9b8LqCo7hJf5KQ3oVw9tdnUuHNstGZd0=
+Exponent2: b+aBbhRPr/a9ZCNM2JTjZJrrSebtMQCy1GcE33o64HM=
+Coefficient: UdvxnKd2GL6In82yHG40rU35WTZ2SUYQ+1mfz3DQqnE=
diff --git a/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+23553.key b/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+23553.key
new file mode 100644
index 0000000..ec11dcb
--- /dev/null
+++ b/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+23553.key
@@ -0,0 +1 @@
+example.net. IN DNSKEY 257 3 5 BQEAAAABDEEycfY6uqWNTpQO8ygi9xms6NOFYGhCjijN109fVGJ4KDnI ZtLhoFrOKru9rZn+pyqurlyZG4vESg0BMty6xljVDlr/TegDYFTN19mQ uwvlasJhZPv9pjROPqQGnqLaw3O4OKCY9HgTTPdXK1hQ4Mg2rNU4SM2T u5ki91f5AQqiXF8KYMics0mwVvpj5C2YTDvE9SafLrce68JM6DaiC6E1 sQ==
diff --git a/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+23553.private b/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+23553.private
new file mode 100644
index 0000000..ea29447
--- /dev/null
+++ b/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+23553.private
@@ -0,0 +1,10 @@
+Private-key-format: v1.2
+Algorithm: 5 (RSASHA1)
+Modulus: DEEycfY6uqWNTpQO8ygi9xms6NOFYGhCjijN109fVGJ4KDnIZtLhoFrOKru9rZn+pyqurlyZG4vESg0BMty6xljVDlr/TegDYFTN19mQuwvlasJhZPv9pjROPqQGnqLaw3O4OKCY9HgTTPdXK1hQ4Mg2rNU4SM2Tu5ki91f5AQqiXF8KYMics0mwVvpj5C2YTDvE9SafLrce68JM6DaiC6E1sQ==
+PublicExponent: AQAAAAE=
+PrivateExponent: A3ZXTF8afjlxddgO/sDxotc0XLBMa3sNrXhCpdFzeDV1HszZbz1lP8rrZjA1wQgSo56DjiGRKTsHjAAm4xN1lGYKBZuVF4U3uiWie2PhJStt7kckNduKOfV9Nofow5Jh8I2lXKqcOJ8Qd+EJYIsajdBoGQ72PGGfDaHphbN/mW13n59PlilMF4RRRybcMA6jTAOfvIcv5Mes3+ADh0TktHdHQQ==
+Prime1: A+SKyrgtNzGVpAXPQysMQ9O/10B/+nhy6//1F5Epxihyuln+d2euh+TjVneojx4D2JUflDUSD5BQAdflDb+KiBXdQjBEmqfWwY+INwSQzv4M5Q==
+Prime2: AyXovkiIs7ywIRS6FfRolMMUeh3yeYNtCVAvLB6EC2MiNCzfkDOFB7rpmUkZR8HYUWuz1hQfR781RDO81Sp3RIpSyL7SwOqkpMZyaSgK/GKE3Q==
+Exponent1: D1vC405mkcUVfno92EuBXomRiOG7VeSyjwofgCpa0JKR6J2BThdCGrcVbq68ucIddn+cbkD8JsZB3k4aeDYFxm6d1En1Z2C1cVHrzCFi2zFV
+Exponent2: N+iliM1Qp3spcsR06kXImb/N4FosHrZkXtcbRIMWhV8NBcyqLDIfGlNluaiztv4rf6Kn2UyVeiGC822nqZHcW5PiXJnBEWs9AC4Di1QzZh0h
+Coefficient: AtZ4sYqGgyB5kfdcQBBlIkPbsRRNKrUVAsZkjabdZTQa+ox6tYnlVjh7BgPMHJlj/Z4VTRJ5rfAUPnB4ZwO/r1eAJLd+vxjJb9M7DaGMc+RqQA==
diff --git a/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+35744.key b/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+35744.key
new file mode 100644
index 0000000..1809a93
--- /dev/null
+++ b/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+35744.key
@@ -0,0 +1,4 @@
+;%	generationtime=20071217224527
+;%	lifetime=30
+;%	expiretime=20080116224527
+example.net. IN DNSKEY  256 3 5 BQEAAAABsQvn4MXvSlbajLPMJdGnczsX/Zw5yYSeERYtaO2Wxi+kHz6w iAyKkbBYFUGtmbPJ6JFt+4f9KnNPi1txiBg76Q==
diff --git a/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+35744.private b/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+35744.private
new file mode 100644
index 0000000..ca789eb
--- /dev/null
+++ b/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+35744.private
@@ -0,0 +1,10 @@
+Private-key-format: v1.2
+Algorithm: 5 (RSASHA1)
+Modulus: sQvn4MXvSlbajLPMJdGnczsX/Zw5yYSeERYtaO2Wxi+kHz6wiAyKkbBYFUGtmbPJ6JFt+4f9KnNPi1txiBg76Q==
+PublicExponent: AQAAAAE=
+PrivateExponent: fZs/S7/pOPP1C9Jjdb7KhnbfiLfCIXdc7d8LDWmm7d9rL2kZK77WMp+o5WRQhoIDDQPAdv+phoIdFEIiXKLN8Q==
+Prime1: 6NEgG3Z86nn9fNjG+3E9OqF/7oaCvrVnb1XogalZgr0=
+Prime2: wq0aosO1mWXo38HuxO5JiR2mX/9LWjxxqwK6I9gnJp0=
+Exponent1: ZvI2y//PImr1OqeVLoWfFHop2iorgT4+SYiz1Gw9FME=
+Exponent2: TBUeoolmnFcOfWO6T1v0S6za7LEib2H1Pgt95UvDA40=
+Coefficient: eHmKka0EVRfjDfEpcwRp5nZ36ZHfLxuKF5tGQ1YclBI=
diff --git a/contrib/zkt/examples/views/extern/example.net./dnskey.db b/contrib/zkt/examples/views/extern/example.net./dnskey.db
new file mode 100644
index 0000000..d46eff9
--- /dev/null
+++ b/contrib/zkt/examples/views/extern/example.net./dnskey.db
@@ -0,0 +1,30 @@
+;
+;	!!! Don't edit this file by hand.
+;	!!! It will be generated by dnssec-signer.
+;
+;	 Last generation time Jun 12 2008 17:56:05
+;
+
+;  ***  List of Key Signing Keys  ***
+; example.net.  tag=23553  algo=RSASHA1  generated Nov 20 2007 12:49:04
+example.net. 3600 IN DNSKEY  257 3 5 (
+			BQEAAAABDEEycfY6uqWNTpQO8ygi9xms6NOFYGhCjijN109fVGJ4KDnI
+			ZtLhoFrOKru9rZn+pyqurlyZG4vESg0BMty6xljVDlr/TegDYFTN19mQ
+			uwvlasJhZPv9pjROPqQGnqLaw3O4OKCY9HgTTPdXK1hQ4Mg2rNU4SM2T
+			u5ki91f5AQqiXF8KYMics0mwVvpj5C2YTDvE9SafLrce68JM6DaiC6E1
+			sQ==
+		) ; key id = 23553
+
+; ***  List of Zone Signing Keys  ***
+; example.net.  tag=35744  algo=RSASHA1  generated Jun 10 2008 01:11:43
+example.net. 3600 IN DNSKEY  256 3 5 (
+			BQEAAAABsQvn4MXvSlbajLPMJdGnczsX/Zw5yYSeERYtaO2Wxi+kHz6w
+			iAyKkbBYFUGtmbPJ6JFt+4f9KnNPi1txiBg76Q==
+		) ; key id = 35744
+
+; example.net.  tag=10367  algo=RSASHA1  generated Jun 10 2008 01:11:43
+example.net. 3600 IN DNSKEY  256 3 5 (
+			BQEAAAAB3U9DMT6BkywYADO+5p0lG4VFLLzNvJUMaOc++HqN2N1sKSX4
+			ZTf2V5gtamPZ/1kMrg8gYImKCl6n3K37EjXYBw==
+		) ; key id = 10367
+
diff --git a/contrib/zkt/examples/views/extern/example.net./dsset-example.net. b/contrib/zkt/examples/views/extern/example.net./dsset-example.net.
new file mode 100644
index 0000000..cbcd3d0
--- /dev/null
+++ b/contrib/zkt/examples/views/extern/example.net./dsset-example.net.
@@ -0,0 +1,2 @@
+example.net.		IN DS 23553 5 1 A1A6D06CB84D619730F605AEF2A6DD4148DD9D5B
+example.net.		IN DS 23553 5 2 B0DCAB8A32C230495CEC1FD61CEC03849450909CA6636FD9BC53D1B3 3B4F3A2D
diff --git a/contrib/zkt/examples/views/extern/example.net./keyset-example.net. b/contrib/zkt/examples/views/extern/example.net./keyset-example.net.
new file mode 100644
index 0000000..b845245
--- /dev/null
+++ b/contrib/zkt/examples/views/extern/example.net./keyset-example.net.
@@ -0,0 +1,10 @@
+$ORIGIN .
+example.net		7200	IN DNSKEY 257 3 5 (
+					BQEAAAABDEEycfY6uqWNTpQO8ygi9xms6NOF
+					YGhCjijN109fVGJ4KDnIZtLhoFrOKru9rZn+
+					pyqurlyZG4vESg0BMty6xljVDlr/TegDYFTN
+					19mQuwvlasJhZPv9pjROPqQGnqLaw3O4OKCY
+					9HgTTPdXK1hQ4Mg2rNU4SM2Tu5ki91f5AQqi
+					XF8KYMics0mwVvpj5C2YTDvE9SafLrce68JM
+					6DaiC6E1sQ==
+					) ; key id = 23553
diff --git a/contrib/zkt/examples/views/extern/example.net./zone.db b/contrib/zkt/examples/views/extern/example.net./zone.db
new file mode 100644
index 0000000..4c72928
--- /dev/null
+++ b/contrib/zkt/examples/views/extern/example.net./zone.db
@@ -0,0 +1,33 @@
+;-----------------------------------------------------------------
+;
+;       @(#)    extern/example.net/zone.db
+;
+;-----------------------------------------------------------------
+
+$TTL	7200
+
+@	IN SOA	ns1.example.net. hostmaster.example.net.  (
+				0       ; Serial	
+				43200	; Refresh
+				1800	; Retry
+				2W	; Expire
+				7200 )	; Minimum
+
+		IN  NS		ns1.example.net.
+		IN  NS		ns2.example.net.
+
+ns1		IN  A		1.0.0.5
+		IN  AAAA	2001:db8::53
+ns2		IN  A		1.2.0.6
+
+localhost	IN  A		127.0.0.1
+
+; Delegation to secure zone; The DS resource record will
+; be added by dnssec-signzone automatically if the
+; keyset-sub.example.net file is present (run dnssec-signzone
+; with option -g or use the dnssec-signer tool) ;-)
+sub		IN NS      ns1.example.net.
+
+; this file will have all the zone keys
+$INCLUDE dnskey.db
+
diff --git a/contrib/zkt/examples/views/extern/example.net./zone.db.signed b/contrib/zkt/examples/views/extern/example.net./zone.db.signed
new file mode 100644
index 0000000..c0e2801
--- /dev/null
+++ b/contrib/zkt/examples/views/extern/example.net./zone.db.signed
@@ -0,0 +1,109 @@
+; File written on Thu Jun 12 17:56:06 2008
+; dnssec_signzone version 9.5.0
+example.net.		7200	IN SOA	ns1.example.net. hostmaster.example.net. (
+					1213286165 ; serial
+					43200      ; refresh (12 hours)
+					1800       ; retry (30 minutes)
+					1209600    ; expire (2 weeks)
+					7200       ; minimum (2 hours)
+					)
+			7200	RRSIG	SOA 5 2 7200 20080622145605 (
+					20080612145605 35744 example.net.
+					iSF46kemTmJ62ipRyAzcVF0zlND4ZXdMSzAg
+					wGLfXN1xlgt0IwB8ypP1OjDyUx+YwBpbMlJt
+					tFsswvYaZtP11Q== )
+			7200	NS	ns1.example.net.
+			7200	NS	ns2.example.net.
+			7200	RRSIG	NS 5 2 7200 20080622145605 (
+					20080612145605 35744 example.net.
+					fmC9BXzFcy6TRXixIHk51TYTetGd69YcRguc
+					VlqTalvPJTJ99nKkRS5HdP2CZPJqv9bHOmSO
+					yQibjS4TA5Pr3g== )
+			7200	NSEC	localhost.example.net. NS SOA RRSIG NSEC DNSKEY
+			7200	RRSIG	NSEC 5 2 7200 20080622145605 (
+					20080612145605 35744 example.net.
+					kimcFA1awlsIou/66y2XLByBWKc2e7Wm8vis
+					Pz/i0NS4NFoe+oSKIeIjUorWOSf5AkpxxntV
+					91i/sxof6bc61w== )
+			3600	DNSKEY	256 3 5 (
+					BQEAAAABsQvn4MXvSlbajLPMJdGnczsX/Zw5
+					yYSeERYtaO2Wxi+kHz6wiAyKkbBYFUGtmbPJ
+					6JFt+4f9KnNPi1txiBg76Q==
+					) ; key id = 35744
+			3600	DNSKEY	256 3 5 (
+					BQEAAAAB3U9DMT6BkywYADO+5p0lG4VFLLzN
+					vJUMaOc++HqN2N1sKSX4ZTf2V5gtamPZ/1kM
+					rg8gYImKCl6n3K37EjXYBw==
+					) ; key id = 10367
+			3600	DNSKEY	257 3 5 (
+					BQEAAAABDEEycfY6uqWNTpQO8ygi9xms6NOF
+					YGhCjijN109fVGJ4KDnIZtLhoFrOKru9rZn+
+					pyqurlyZG4vESg0BMty6xljVDlr/TegDYFTN
+					19mQuwvlasJhZPv9pjROPqQGnqLaw3O4OKCY
+					9HgTTPdXK1hQ4Mg2rNU4SM2Tu5ki91f5AQqi
+					XF8KYMics0mwVvpj5C2YTDvE9SafLrce68JM
+					6DaiC6E1sQ==
+					) ; key id = 23553
+			3600	RRSIG	DNSKEY 5 2 3600 20080622145605 (
+					20080612145605 23553 example.net.
+					Bfg8AMvj3OmC7E5aMCfotsdL4eJ+hPqtH30E
+					+aGEJojZNgfhnSKZrolMJa5fij4oZ+Fp8U+a
+					V73egxkrYI+NnddGRVium+vT6NDVknYl6hx0
+					kgKmZ8oYMulF8CCmTaw6WXswIX0j/7e17Qtw
+					ZjbkWZagIXWotE5t0qel3doAQ37ZUaKMMAoc
+					SRgJ8s+w7OZ86f1kWyGNdhYeF8yY3AraSx7h
+					fg== )
+			3600	RRSIG	DNSKEY 5 2 3600 20080622145605 (
+					20080612145605 35744 example.net.
+					SrsmKW7eB+zWA+8j2DvlDktthDusinJP4QKV
+					ihsJN1Gq8fTcHsFX2+3EJLyGZfhKyW7Q5Z1W
+					dIM4sjx78Zjh5Q== )
+localhost.example.net.	7200	IN A	127.0.0.1
+			7200	RRSIG	A 5 3 7200 20080622145605 (
+					20080612145605 35744 example.net.
+					DUWSV0Wj/h1U4idKUoDLB+NXgj8M9et1E8BP
+					X0lhAu4CMrPhsiFU1NN+N3bhC16u7S+xxeEI
+					N/c7vC223ejn8A== )
+			7200	NSEC	ns1.example.net. A RRSIG NSEC
+			7200	RRSIG	NSEC 5 3 7200 20080622145605 (
+					20080612145605 35744 example.net.
+					qQ7FB0+O9Ve88VblRspGAm28JXurNAQ23HX9
+					rkmbFLL/Z7Xp7xO2899oJZrgHl3CWLcKRBV+
+					P50QYwYXET3byw== )
+ns1.example.net.	7200	IN A	1.0.0.5
+			7200	RRSIG	A 5 3 7200 20080622145605 (
+					20080612145605 35744 example.net.
+					qv8y5gEQg/5BpSTMoZvwW6AAzMIxT34ds4VK
+					QQ9ScfVYOwtKigsaFmr8Zs97R946rl5vh/cs
+					w8uw5x6/1ECflg== )
+			7200	AAAA	2001:db8::53
+			7200	RRSIG	AAAA 5 3 7200 20080622145605 (
+					20080612145605 35744 example.net.
+					T5MtLR9ZY0e6PKk+nU9cjRpSAWaccH2bGjzI
+					aYEvKRFcLQ0QPDww8gBZNimYL+BYfCSysyXz
+					LNjR7KqYQxrXmg== )
+			7200	NSEC	ns2.example.net. A AAAA RRSIG NSEC
+			7200	RRSIG	NSEC 5 3 7200 20080622145605 (
+					20080612145605 35744 example.net.
+					IlRZWwLVtf7oalaLBCMbqH4pxgqCJ7f0wQzO
+					ftS2jhMGVez+q7SgO8Vpw5f+vhNiSWe6noiN
+					ogRV1rxohxDyCw== )
+ns2.example.net.	7200	IN A	1.2.0.6
+			7200	RRSIG	A 5 3 7200 20080622145605 (
+					20080612145605 35744 example.net.
+					NR3Nkw9U12uZcZs8ChTY+u3a0QisLV/5okqR
+					Cy1Jpg8YkEzBJ0nEdxoGX6WUtnb0u5Kjxea1
+					iTZYEXffLBchmw== )
+			7200	NSEC	sub.example.net. A RRSIG NSEC
+			7200	RRSIG	NSEC 5 3 7200 20080622145605 (
+					20080612145605 35744 example.net.
+					eM1ckSfeiEg6pV8JxJEEkDeDo04i1iblO6a1
+					pWydc4IGMH0vaCuGHvLlfCmSOZK7TWMFSLJN
+					SqabEFO1114AyQ== )
+sub.example.net.	7200	IN NS	ns1.example.net.
+			7200	NSEC	example.net. NS RRSIG NSEC
+			7200	RRSIG	NSEC 5 3 7200 20080622145605 (
+					20080612145605 35744 example.net.
+					nwfqNjzYHKtWWsJgoiM9ZQFY9UKHMS6pkyNB
+					ISgm6pTLeG9QXuwf9vTrtfvhPYAp5DRz96AT
+					db/3/DXIwUnMnA== )
diff --git a/contrib/zkt/examples/views/extern/zkt-ext.log b/contrib/zkt/examples/views/extern/zkt-ext.log
new file mode 100644
index 0000000..04fa4fb
--- /dev/null
+++ b/contrib/zkt/examples/views/extern/zkt-ext.log
@@ -0,0 +1,28 @@
+2008-06-12 17:59:04.194: notice: running as ../../dnssec-signer -V extern -v -v
+2008-06-12 17:59:04.195: debug: parsing zone "example.net." in dir "extern/example.net."
+2008-06-12 17:59:04.196: debug: 	Check RFC5011 status
+2008-06-12 17:59:04.196: debug: 		->ksk5011status returns 0
+2008-06-12 17:59:04.196: debug: 	Check ksk status
+2008-06-12 17:59:04.196: debug: 	Re-signing not necessary!
+2008-06-12 17:59:04.196: notice: end of run: 0 errors occured
+2008-06-12 17:59:17.435: notice: running as ../../dnssec-signer -V extern -v -v
+2008-06-12 17:59:17.436: debug: parsing zone "example.net." in dir "extern/example.net."
+2008-06-12 17:59:17.436: debug: 	Check RFC5011 status
+2008-06-12 17:59:17.436: debug: 		->ksk5011status returns 0
+2008-06-12 17:59:17.436: debug: 	Check ksk status
+2008-06-12 17:59:17.436: debug: 	Re-signing not necessary!
+2008-06-12 17:59:17.436: notice: end of run: 0 errors occured
+2008-06-12 18:00:07.818: notice: running as ../../dnssec-signer -V extern -v -v
+2008-06-12 18:00:07.819: debug: parsing zone "example.net." in dir "extern/example.net."
+2008-06-12 18:00:07.819: debug: 	Check RFC5011 status
+2008-06-12 18:00:07.819: debug: 		->ksk5011status returns 0
+2008-06-12 18:00:07.819: debug: 	Check ksk status
+2008-06-12 18:00:07.819: debug: 	Re-signing not necessary!
+2008-06-12 18:00:07.819: notice: end of run: 0 errors occured
+2008-06-12 18:00:39.019: notice: running as ../../dnssec-signer -V extern -v -v
+2008-06-12 18:00:39.020: debug: parsing zone "example.net." in dir "extern/example.net."
+2008-06-12 18:00:39.020: debug: 	Check RFC5011 status
+2008-06-12 18:00:39.020: debug: 		->ksk5011status returns 0
+2008-06-12 18:00:39.020: debug: 	Check ksk status
+2008-06-12 18:00:39.020: debug: 	Re-signing not necessary!
+2008-06-12 18:00:39.020: notice: end of run: 0 errors occured
diff --git a/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+00126.key b/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+00126.key
new file mode 100644
index 0000000..316e4cf
--- /dev/null
+++ b/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+00126.key
@@ -0,0 +1 @@
+example.net. IN DNSKEY 257 3 5 BQEAAAABC+JLXRgWPqqGe0cta8CR95tz7PkkgRDlXyxESD+XkpVDkJ3W ey/1Lh7083Ve1WmIuUAo3N4d7HjLgrFVZxiumGGRz/aV3s01OFFS5JqI wF9BTNrNPGLPzzbBaQMHErO88HIbbg4sot7e6bSrtpAEf23MhZ3qZJC9 +nN+DknmsgTE6EpK6ZyUrZc64/0K68EWhtk1gf95NQEzTD4QgrOD6IYq Lw==
diff --git a/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+00126.private b/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+00126.private
new file mode 100644
index 0000000..96e1ff6
--- /dev/null
+++ b/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+00126.private
@@ -0,0 +1,10 @@
+Private-key-format: v1.2
+Algorithm: 5 (RSASHA1)
+Modulus: C+JLXRgWPqqGe0cta8CR95tz7PkkgRDlXyxESD+XkpVDkJ3Wey/1Lh7083Ve1WmIuUAo3N4d7HjLgrFVZxiumGGRz/aV3s01OFFS5JqIwF9BTNrNPGLPzzbBaQMHErO88HIbbg4sot7e6bSrtpAEf23MhZ3qZJC9+nN+DknmsgTE6EpK6ZyUrZc64/0K68EWhtk1gf95NQEzTD4QgrOD6IYqLw==
+PublicExponent: AQAAAAE=
+PrivateExponent: CF6/bss8OtQFdcjO6kJh9EamPFXAsaXFCdcYpHF55CU4H3jBuu7teLFEanvgm6M+wROYF0Yohiyb2aeSBdGLRIfTC9l3xfHD+XixuZVoNk6DqR1/8Wlxwu/a/hW9dq7pUXqDfTbzdZKR6SVRPa4MAdQ0p8aSF4S926NRqZC6E/anqhqNPSlBpxTs3TrRk+wY6u8wMXxPGNjJYoID8Y0Qau/H6Q==
+Prime1: A50B7etEtQCDudL8+KBxU1/2sVT3ORMfoZPsOe+ZLFrwcOO9Iyrr6saymuD4QvcIHECdLUM5rsT1JBo87wgvVysibco7oVLxlIfsTcbM70l2Kw==
+Prime2: A0n3+qM3ng3WAFzlpYRNUZpH/CW1pMq3nOHjx2olWwDxDZ4tAsUPKuW9n3kVZAR+4FkeUKn2ePR7xRtO3AzvA6QmZuZN6EHuLPlSKRufzeZ+DQ==
+Exponent1: Hk5KY5PiXs6pf8T8rSvVs6PJqDX491R01ZDdAIDYjmhIUHKWQ2STAlPEpSAGXi+oqOo4dD1eJWgw36hT0JakjXU4aIvPoSdmVPMs8aod0NUh
+Exponent2: AXKBZ5sYApCCj/0fGBTkmU6Zc89/ddQNrFm2lVLrwSTILHQWm/aXDvI+5icpF5kdrukVcNHUeCz1R/RTgeV4N9/qvr5YzbPWieqDNvpG1RcNRQ==
+Coefficient: BZxK+fKwUNWoJ5huBqLsi8UMWgrCMqAfXvge4+Y4n4IL0VCU1UUEXZQEEeiATh0g52CuetOMej6FZ4QKbNryWg036ZKl81ataMGtDX/i/yZG
diff --git a/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+05972.key b/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+05972.key
new file mode 100644
index 0000000..8be3973
--- /dev/null
+++ b/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+05972.key
@@ -0,0 +1 @@
+example.net. IN DNSKEY 256 3 5 BQEAAAABsMIdQ+yt52Q/OR1s+QPj7SuBydYb11l0HC5kGIDp+JPQIQHx pyCWa/LaLgcvK3IA1HR8YaO3QXB2LAHEz5B/CQ==
diff --git a/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+05972.private b/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+05972.private
new file mode 100644
index 0000000..b519641
--- /dev/null
+++ b/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+05972.private
@@ -0,0 +1,10 @@
+Private-key-format: v1.2
+Algorithm: 5 (RSASHA1)
+Modulus: sMIdQ+yt52Q/OR1s+QPj7SuBydYb11l0HC5kGIDp+JPQIQHxpyCWa/LaLgcvK3IA1HR8YaO3QXB2LAHEz5B/CQ==
+PublicExponent: AQAAAAE=
+PrivateExponent: fpWuYAOXJWdjMrZnI91hTi1wwuje4sKjDu8xvfnKvqKhr61QxK1gR9TB3mc2FM+Awivphb3xfi8+y2cacq9iUQ==
+Prime1: 6DE1tFJXGIm2SW3fSwQymX7Zcw8VSIMWiHQPCqX1FA0=
+Prime2: wuHS7u0I9aYOFkDAndfEVyDi8vOh96CcY/BuSvEZ6+0=
+Exponent1: sn7RttKPap3cgw2sddmgwcuVSaEpwOswF/O42Ou3fMk=
+Exponent2: LoJ305VksT7SWWR6bM5OybcdTm39PTZM0g3V2hOceK0=
+Coefficient: SwRF9S9ICVeyeYw3djxbg7kUZjz5AkbHIgz9VeX4mzM=
diff --git a/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+23375.key b/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+23375.key
new file mode 100644
index 0000000..160110e
--- /dev/null
+++ b/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+23375.key
@@ -0,0 +1,3 @@
+;%	generationtime=20080612154545
+;%	lifetime=30d
+example.net. IN DNSKEY  256 3 5 BQEAAAABzbx90CiFrOSh0/BkiRQYRC4rHL0QQv96Qwy5/zuOa/3Zy9Lc TpbE13DtEAqOfVGSQ79S4WgKalFJxq6lSk0xrw==
diff --git a/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+23375.published b/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+23375.published
new file mode 100644
index 0000000..60e4316
--- /dev/null
+++ b/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+23375.published
@@ -0,0 +1,10 @@
+Private-key-format: v1.2
+Algorithm: 5 (RSASHA1)
+Modulus: zbx90CiFrOSh0/BkiRQYRC4rHL0QQv96Qwy5/zuOa/3Zy9LcTpbE13DtEAqOfVGSQ79S4WgKalFJxq6lSk0xrw==
+PublicExponent: AQAAAAE=
+PrivateExponent: XZK4eHRUrFka7O0Q/RBuBG3iW8KFng5em4FnjCSBQpwSAvFzTBebqwfNSOcgqKihz8VzvKHxEd6BxVZRGI2dgQ==
+Prime1: 8Jji5R57Y4ROxrO5EuEFjxL723VQ/Ym+4KYG+tM3bP8=
+Prime2: 2uhGRdJU3UJvnPwx0gJGio6KmRBC6CmDqTMORhYrS1E=
+Exponent1: cqVno4KLgMmKN5VPWaYA+pB5e55r6UEIaxqj6WMXATs=
+Exponent2: EqSKzb/r02jmNCTv5aX7wHl+57LYR40rJvzgVTfh/tE=
+Coefficient: 37ywfYlNFmtR/jZwoZBHNdIEy+C+jIeJ+fEepesSpoI=
diff --git a/contrib/zkt/examples/views/intern/example.net./dnskey.db b/contrib/zkt/examples/views/intern/example.net./dnskey.db
new file mode 100644
index 0000000..9e2c47f
--- /dev/null
+++ b/contrib/zkt/examples/views/intern/example.net./dnskey.db
@@ -0,0 +1,30 @@
+;
+;	!!! Don't edit this file by hand.
+;	!!! It will be generated by dnssec-signer.
+;
+;	 Last generation time Jun 12 2008 18:13:43
+;
+
+;  ***  List of Key Signing Keys  ***
+; example.net.  tag=126  algo=RSASHA1  generated Nov 20 2007 12:44:27
+example.net. 1800 IN DNSKEY  257 3 5 (
+			BQEAAAABC+JLXRgWPqqGe0cta8CR95tz7PkkgRDlXyxESD+XkpVDkJ3W
+			ey/1Lh7083Ve1WmIuUAo3N4d7HjLgrFVZxiumGGRz/aV3s01OFFS5JqI
+			wF9BTNrNPGLPzzbBaQMHErO88HIbbg4sot7e6bSrtpAEf23MhZ3qZJC9
+			+nN+DknmsgTE6EpK6ZyUrZc64/0K68EWhtk1gf95NQEzTD4QgrOD6IYq
+			Lw==
+		) ; key id = 126
+
+; ***  List of Zone Signing Keys  ***
+; example.net.  tag=5972  algo=RSASHA1  generated Nov 20 2007 12:44:27
+example.net. 1800 IN DNSKEY  256 3 5 (
+			BQEAAAABsMIdQ+yt52Q/OR1s+QPj7SuBydYb11l0HC5kGIDp+JPQIQHx
+			pyCWa/LaLgcvK3IA1HR8YaO3QXB2LAHEz5B/CQ==
+		) ; key id = 5972
+
+; example.net.  tag=23375  algo=RSASHA1  generated Jun 12 2008 17:45:45
+example.net. 1800 IN DNSKEY  256 3 5 (
+			BQEAAAABzbx90CiFrOSh0/BkiRQYRC4rHL0QQv96Qwy5/zuOa/3Zy9Lc
+			TpbE13DtEAqOfVGSQ79S4WgKalFJxq6lSk0xrw==
+		) ; key id = 23375
+
diff --git a/contrib/zkt/examples/views/intern/example.net./dsset-example.net. b/contrib/zkt/examples/views/intern/example.net./dsset-example.net.
new file mode 100644
index 0000000..b61c1b6
--- /dev/null
+++ b/contrib/zkt/examples/views/intern/example.net./dsset-example.net.
@@ -0,0 +1,2 @@
+example.net.		IN DS 126 5 1 D32161DCFCA120944CB9C0394CBED1389FDB72CA
+example.net.		IN DS 126 5 2 351C6807B25E47223D7A6AA222291E8D7D7DDDA61D64CE839F937F22 47481FC9
diff --git a/contrib/zkt/examples/views/intern/example.net./keyset-example.net. b/contrib/zkt/examples/views/intern/example.net./keyset-example.net.
new file mode 100644
index 0000000..0aa2c7d
--- /dev/null
+++ b/contrib/zkt/examples/views/intern/example.net./keyset-example.net.
@@ -0,0 +1,10 @@
+$ORIGIN .
+example.net		7200	IN DNSKEY 257 3 5 (
+					BQEAAAABC+JLXRgWPqqGe0cta8CR95tz7Pkk
+					gRDlXyxESD+XkpVDkJ3Wey/1Lh7083Ve1WmI
+					uUAo3N4d7HjLgrFVZxiumGGRz/aV3s01OFFS
+					5JqIwF9BTNrNPGLPzzbBaQMHErO88HIbbg4s
+					ot7e6bSrtpAEf23MhZ3qZJC9+nN+DknmsgTE
+					6EpK6ZyUrZc64/0K68EWhtk1gf95NQEzTD4Q
+					grOD6IYqLw==
+					) ; key id = 126
diff --git a/contrib/zkt/examples/views/intern/example.net./zone.db b/contrib/zkt/examples/views/intern/example.net./zone.db
new file mode 100644
index 0000000..d3e90f7
--- /dev/null
+++ b/contrib/zkt/examples/views/intern/example.net./zone.db
@@ -0,0 +1,33 @@
+;-----------------------------------------------------------------
+;
+;       @(#)    intern/example.net/zone.db
+;
+;-----------------------------------------------------------------
+
+$TTL	7200
+
+@	IN SOA	ns1.example.net. hostmaster.example.net.  (
+				0       ; Serial	
+				43200	; Refresh
+				1800	; Retry
+				2W	; Expire
+				7200 )	; Minimum
+
+		IN  NS		ns1.example.net.
+		IN  NS		ns2.example.net.
+
+ns1		IN  A		192.168.1.53
+		IN  AAAA	fd12:063c:cdbb::53
+ns2		IN  A		10.1.2.3
+
+localhost	IN  A		127.0.0.1
+
+; Delegation to secure zone; The DS resource record will
+; be added by dnssec-signzone automatically if the
+; keyset-sub.example.net file is present (run dnssec-signzone
+; with option -g or use the dnssec-signer tool) ;-)
+sub		IN NS      ns1.example.net.
+
+; this file will have all the zone keys
+$INCLUDE dnskey.db
+
diff --git a/contrib/zkt/examples/views/intern/example.net./zone.db.signed b/contrib/zkt/examples/views/intern/example.net./zone.db.signed
new file mode 100644
index 0000000..88a42c6
--- /dev/null
+++ b/contrib/zkt/examples/views/intern/example.net./zone.db.signed
@@ -0,0 +1,109 @@
+; File written on Thu Jun 12 18:13:43 2008
+; dnssec_signzone version 9.5.0
+example.net.		7200	IN SOA	ns1.example.net. hostmaster.example.net. (
+					1213287223 ; serial
+					43200      ; refresh (12 hours)
+					1800       ; retry (30 minutes)
+					1209600    ; expire (2 weeks)
+					7200       ; minimum (2 hours)
+					)
+			7200	RRSIG	SOA 5 2 7200 20080613151343 (
+					20080612151343 5972 example.net.
+					Pc3wGwZm0n5gMs9lSHUiRG4EIpalC+UUJPwy
+					2LwHbyFkzCdGQz2RDJeL6mRKS4Z+gmt3oNUV
+					aV3H0KfNq6ITLg== )
+			7200	NS	ns1.example.net.
+			7200	NS	ns2.example.net.
+			7200	RRSIG	NS 5 2 7200 20080613151343 (
+					20080612151343 5972 example.net.
+					dUy23xqHx9shvAc20zW9uBOt8TnrI5ot31vS
+					Gas9s5ksxGZuQIIdpdYvbFtufp9jLfAQG98L
+					a6rQDFcnJ8xzng== )
+			7200	NSEC	localhost.example.net. NS SOA RRSIG NSEC DNSKEY
+			7200	RRSIG	NSEC 5 2 7200 20080613151343 (
+					20080612151343 5972 example.net.
+					gWt7VDw60E1q7qS4+pkor6RR2Dfc1sshGHia
+					UEJBt9F4PiHux3ICJbyWQ2USBLJMzO+uR8GH
+					kt2inbyQytbPDQ== )
+			1800	DNSKEY	256 3 5 (
+					BQEAAAABsMIdQ+yt52Q/OR1s+QPj7SuBydYb
+					11l0HC5kGIDp+JPQIQHxpyCWa/LaLgcvK3IA
+					1HR8YaO3QXB2LAHEz5B/CQ==
+					) ; key id = 5972
+			1800	DNSKEY	256 3 5 (
+					BQEAAAABzbx90CiFrOSh0/BkiRQYRC4rHL0Q
+					Qv96Qwy5/zuOa/3Zy9LcTpbE13DtEAqOfVGS
+					Q79S4WgKalFJxq6lSk0xrw==
+					) ; key id = 23375
+			1800	DNSKEY	257 3 5 (
+					BQEAAAABC+JLXRgWPqqGe0cta8CR95tz7Pkk
+					gRDlXyxESD+XkpVDkJ3Wey/1Lh7083Ve1WmI
+					uUAo3N4d7HjLgrFVZxiumGGRz/aV3s01OFFS
+					5JqIwF9BTNrNPGLPzzbBaQMHErO88HIbbg4s
+					ot7e6bSrtpAEf23MhZ3qZJC9+nN+DknmsgTE
+					6EpK6ZyUrZc64/0K68EWhtk1gf95NQEzTD4Q
+					grOD6IYqLw==
+					) ; key id = 126
+			1800	RRSIG	DNSKEY 5 2 1800 20080613151343 (
+					20080612151343 126 example.net.
+					CPj9rEcjTazkLm5yNpC4PatufPvKQdCkaIj9
+					EKFgYUpPftfvhP1MzKcHnKraVq8jU995e1vU
+					WZ3ac9M4KRynUoYYj4/nMFwWQu/xC9yaUjj0
+					XodXMEMlSjjN5BE/2Og3xzKJ9grim7riKClH
+					fixhNn6WGUXWT7TV1GKNnB7Ix/ZVCpzU4QAz
+					qr28rqTYvbmoowGXPf6OgafFdRQ6rdTRTzvK
+					xA== )
+			1800	RRSIG	DNSKEY 5 2 1800 20080613151343 (
+					20080612151343 5972 example.net.
+					dOdjm4GD0nzgoMgRYl8HiEqi4nxP/ocB7n/N
+					WRKdU4Tuk7OYacr2Bd+tVa2bKLJZ9JmMQR8v
+					VDkzRjT4eONxuA== )
+localhost.example.net.	7200	IN A	127.0.0.1
+			7200	RRSIG	A 5 3 7200 20080613151343 (
+					20080612151343 5972 example.net.
+					KRpkDBsuqC+WHv++YBsxW1rhkALl/LWyI24E
+					qJJevkm0+5tCmHgHa9WovZwDDMEn/tzxOaqi
+					rk8Mnbf6cYxSlw== )
+			7200	NSEC	ns1.example.net. A RRSIG NSEC
+			7200	RRSIG	NSEC 5 3 7200 20080613151343 (
+					20080612151343 5972 example.net.
+					GdpOVVyqa1nTaGFuN4ohqxnYs5yG+vGK9gK0
+					Tt4aenChFAmcuIvhX7ZcdejXM8x+imttnKCp
+					Smho3kSGf9gQRQ== )
+ns1.example.net.	7200	IN A	192.168.1.53
+			7200	RRSIG	A 5 3 7200 20080613151343 (
+					20080612151343 5972 example.net.
+					P4vZDd3DBZIEwk9mQWoR1qjqyFTNOvsp+yOt
+					z2OvdAjSnlVnYHC0lM0LY24RVTQlQPLRq75F
+					joAIP/0wvXihsA== )
+			7200	AAAA	fd12:63c:cdbb::53
+			7200	RRSIG	AAAA 5 3 7200 20080613151343 (
+					20080612151343 5972 example.net.
+					V04kA3VrzhcNfwCEXBpgKyu+eRFYGCIrXuty
+					XiRCHV2DCOlr9EBKGdXzpR8kUnpRZI2BuP17
+					2a3emgs9BHJJ6A== )
+			7200	NSEC	ns2.example.net. A AAAA RRSIG NSEC
+			7200	RRSIG	NSEC 5 3 7200 20080613151343 (
+					20080612151343 5972 example.net.
+					Y0DaMxmczQLNCtzKO/MA7Nvt4Rh3MdnEvcPJ
+					48blsqd3UWGlRcHD/yx1NFV2JxBFSNTsAkBs
+					JFhw+nVeZJdHJA== )
+ns2.example.net.	7200	IN A	10.1.2.3
+			7200	RRSIG	A 5 3 7200 20080613151343 (
+					20080612151343 5972 example.net.
+					GsvMGEozNeTjBPOuYM3thOZsQ+pPv7/8zQlj
+					FPnivBwkvkgrk+IyJxoh9xyTnVxd93mPY0Rv
+					Xsp5ITBTILSM6Q== )
+			7200	NSEC	sub.example.net. A RRSIG NSEC
+			7200	RRSIG	NSEC 5 3 7200 20080613151343 (
+					20080612151343 5972 example.net.
+					LYIa+Hhk4l6KnbT/QKS0Zqkfy8Ywpz8J9RLh
+					9VqzxFcdXrJswV4o/5fbZCT33sBqzebggBVR
+					LYF/o0HVi5uzJA== )
+sub.example.net.	7200	IN NS	ns1.example.net.
+			7200	NSEC	example.net. NS RRSIG NSEC
+			7200	RRSIG	NSEC 5 3 7200 20080613151343 (
+					20080612151343 5972 example.net.
+					nkGsdegvupGxCOpr/8K6kY/0iZH1ZC8y5HwQ
+					8Z3/aD0wJxaVK9iMjZ+jbIbQHg3Es5V0UYFR
+					RPdjTNk7YEC0Mg== )
diff --git a/contrib/zkt/examples/views/intern/zkt-int.log b/contrib/zkt/examples/views/intern/zkt-int.log
new file mode 100644
index 0000000..0729139
--- /dev/null
+++ b/contrib/zkt/examples/views/intern/zkt-int.log
@@ -0,0 +1,169 @@
+2008-06-12 18:02:13.593: notice: running as ../../dnssec-signer -V intern -v -v
+2008-06-12 18:02:13.594: debug: parsing zone "example.net." in dir "intern/example.net."
+2008-06-12 18:02:13.594: debug: 	Check RFC5011 status
+2008-06-12 18:02:13.595: debug: 		->ksk5011status returns 0
+2008-06-12 18:02:13.595: debug: 	Check ksk status
+2008-06-12 18:02:13.595: debug: 	Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17727466 sec)
+2008-06-12 18:02:13.595: debug: 		->waiting for pre-publish key
+2008-06-12 18:02:13.595: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h17m46s: ZSK rollover deferred: waiting for pre-publish key
+2008-06-12 18:02:13.595: debug: 	Re-signing necessary: Modified keys
+2008-06-12 18:02:13.595: notice: "example.net.": re-signing triggered: Modified keys
+2008-06-12 18:02:13.595: debug: 	Writing key file "intern/example.net./dnskey.db"
+2008-06-12 18:02:13.596: debug: 	Signing zone "example.net."
+2008-06-12 18:02:13.596: debug: 	  Run cmd "cd intern/example.net.; /usr/local/sbin/dnssec-signzone -p -o example.net. -e +86400 -g  -N unixtime zone.db K*.private"
+2008-06-12 18:02:13.705: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-06-12 18:02:13.705: debug: 	Signing completed after 0s.
+2008-06-12 18:02:13.705: debug: 
+2008-06-12 18:02:13.705: notice: end of run: 0 errors occured
+2008-06-12 18:03:13.208: notice: running as ../../dnssec-signer -V intern -r -v -v
+2008-06-12 18:03:13.209: debug: parsing zone "example.net." in dir "intern/example.net."
+2008-06-12 18:03:13.209: debug: 	Check RFC5011 status
+2008-06-12 18:03:13.209: debug: 		->ksk5011status returns 0
+2008-06-12 18:03:13.209: debug: 	Check ksk status
+2008-06-12 18:03:13.209: debug: 	Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17727526 sec)
+2008-06-12 18:03:13.209: debug: 		->waiting for pre-publish key
+2008-06-12 18:03:13.209: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h18m46s: ZSK rollover deferred: waiting for pre-publish key
+2008-06-12 18:03:13.209: debug: 	Re-signing not necessary!
+2008-06-12 18:03:13.209: notice: end of run: 0 errors occured
+2008-06-12 18:03:19.287: notice: running as ../../dnssec-signer -V intern -r -v -v
+2008-06-12 18:03:19.288: debug: parsing zone "example.net." in dir "intern/example.net."
+2008-06-12 18:03:19.288: debug: 	Check RFC5011 status
+2008-06-12 18:03:19.289: debug: 		->ksk5011status returns 0
+2008-06-12 18:03:19.289: debug: 	Check ksk status
+2008-06-12 18:03:19.289: debug: 	Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17727532 sec)
+2008-06-12 18:03:19.289: debug: 		->waiting for pre-publish key
+2008-06-12 18:03:19.289: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h18m52s: ZSK rollover deferred: waiting for pre-publish key
+2008-06-12 18:03:19.289: debug: 	Re-signing not necessary!
+2008-06-12 18:03:19.289: notice: end of run: 0 errors occured
+2008-06-12 18:03:23.617: notice: running as ../../dnssec-signer -V intern -f -r -v -v
+2008-06-12 18:03:23.618: debug: parsing zone "example.net." in dir "intern/example.net."
+2008-06-12 18:03:23.618: debug: 	Check RFC5011 status
+2008-06-12 18:03:23.618: debug: 		->ksk5011status returns 0
+2008-06-12 18:03:23.618: debug: 	Check ksk status
+2008-06-12 18:03:23.618: debug: 	Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17727536 sec)
+2008-06-12 18:03:23.618: debug: 		->waiting for pre-publish key
+2008-06-12 18:03:23.618: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h18m56s: ZSK rollover deferred: waiting for pre-publish key
+2008-06-12 18:03:23.618: debug: 	Re-signing necessary: Option -f
+2008-06-12 18:03:23.618: notice: "example.net.": re-signing triggered: Option -f
+2008-06-12 18:03:23.618: debug: 	Writing key file "intern/example.net./dnskey.db"
+2008-06-12 18:03:23.619: debug: 	Signing zone "example.net."
+2008-06-12 18:03:23.619: debug: 	  Run cmd "cd intern/example.net.; /usr/local/sbin/dnssec-signzone -p -o example.net. -e +86400 -g  -N unixtime zone.db K*.private"
+2008-06-12 18:03:23.719: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-06-12 18:03:23.719: debug: 	Signing completed after 0s.
+2008-06-12 18:03:23.720: notice: ""example.net." in view "intern"": reload triggered
+2008-06-12 18:03:23.772: debug: 
+2008-06-12 18:03:23.772: notice: end of run: 0 errors occured
+2008-06-12 18:05:39.532: notice: running as ../../dnssec-signer -V intern -f -r -v -v
+2008-06-12 18:05:39.533: debug: parsing zone "example.net." in dir "intern/example.net."
+2008-06-12 18:05:39.533: debug: 	Check RFC5011 status
+2008-06-12 18:05:39.533: debug: 		->ksk5011status returns 0
+2008-06-12 18:05:39.533: debug: 	Check ksk status
+2008-06-12 18:05:39.533: debug: 	Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17727672 sec)
+2008-06-12 18:05:39.533: debug: 		->waiting for pre-publish key
+2008-06-12 18:05:39.533: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h21m12s: ZSK rollover deferred: waiting for pre-publish key
+2008-06-12 18:05:39.533: debug: 	Re-signing necessary: Option -f
+2008-06-12 18:05:39.533: notice: "example.net.": re-signing triggered: Option -f
+2008-06-12 18:05:39.533: debug: 	Writing key file "intern/example.net./dnskey.db"
+2008-06-12 18:05:39.534: debug: 	Signing zone "example.net."
+2008-06-12 18:05:39.534: debug: 	  Run cmd "cd intern/example.net.; /usr/local/sbin/dnssec-signzone -p -o example.net. -e +86400 -g  -N unixtime zone.db K*.private"
+2008-06-12 18:05:39.629: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-06-12 18:05:39.630: debug: 	Signing completed after 0s.
+2008-06-12 18:05:39.630: notice: ""example.net."": reload triggered
+2008-06-12 18:05:39.640: debug: 
+2008-06-12 18:05:39.640: notice: end of run: 0 errors occured
+2008-06-12 18:07:47.753: notice: running as ../../dnssec-signer -V intern -f -r -v -v
+2008-06-12 18:07:47.754: debug: parsing zone "example.net." in dir "intern/example.net."
+2008-06-12 18:07:47.754: debug: 	Check RFC5011 status
+2008-06-12 18:07:47.754: debug: 		->ksk5011status returns 0
+2008-06-12 18:07:47.754: debug: 	Check ksk status
+2008-06-12 18:07:47.754: debug: 	Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17727800 sec)
+2008-06-12 18:07:47.754: debug: 		->waiting for pre-publish key
+2008-06-12 18:07:47.754: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h23m20s: ZSK rollover deferred: waiting for pre-publish key
+2008-06-12 18:07:47.754: debug: 	Re-signing necessary: Option -f
+2008-06-12 18:07:47.754: notice: "example.net.": re-signing triggered: Option -f
+2008-06-12 18:07:47.754: debug: 	Writing key file "intern/example.net./dnskey.db"
+2008-06-12 18:07:47.754: debug: 	Signing zone "example.net."
+2008-06-12 18:07:47.754: debug: 	  Run cmd "cd intern/example.net.; /usr/local/sbin/dnssec-signzone -p -o example.net. -e +86400 -g  -N unixtime zone.db K*.private"
+2008-06-12 18:07:47.856: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-06-12 18:07:47.856: debug: 	Signing completed after 0s.
+2008-06-12 18:07:47.856: notice: ""example.net."": reload triggered
+2008-06-12 18:07:47.866: debug: 
+2008-06-12 18:07:47.867: notice: end of run: 0 errors occured
+2008-06-12 18:10:57.978: notice: running as ../../dnssec-signer -V intern -f -r -v -v
+2008-06-12 18:10:57.978: debug: parsing zone "example.net." in dir "intern/example.net."
+2008-06-12 18:10:57.978: debug: 	Check RFC5011 status
+2008-06-12 18:10:57.978: debug: 		->ksk5011status returns 0
+2008-06-12 18:10:57.978: debug: 	Check ksk status
+2008-06-12 18:10:57.978: debug: 	Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17727990 sec)
+2008-06-12 18:10:57.978: debug: 		->waiting for pre-publish key
+2008-06-12 18:10:57.978: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h26m30s: ZSK rollover deferred: waiting for pre-publish key
+2008-06-12 18:10:57.978: debug: 	Re-signing necessary: Option -f
+2008-06-12 18:10:57.978: notice: "example.net.": re-signing triggered: Option -f
+2008-06-12 18:10:57.978: debug: 	Writing key file "intern/example.net./dnskey.db"
+2008-06-12 18:10:57.979: debug: 	Signing zone "example.net."
+2008-06-12 18:10:57.979: debug: 	  Run cmd "cd intern/example.net.; /usr/local/sbin/dnssec-signzone -p -o example.net. -e +86400 -g  -N unixtime zone.db K*.private"
+2008-06-12 18:10:58.081: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-06-12 18:10:58.081: debug: 	Signing completed after 1s.
+2008-06-12 18:10:58.081: notice: ""example.net." in view "intern"": reload triggered
+2008-06-12 18:10:58.093: debug: 
+2008-06-12 18:10:58.093: notice: end of run: 0 errors occured
+2008-06-12 18:13:29.511: notice: running as ../../dnssec-signer -V intern -f -r -v -v
+2008-06-12 18:13:29.512: debug: parsing zone "example.net." in dir "intern/example.net."
+2008-06-12 18:13:29.512: debug: 	Check RFC5011 status
+2008-06-12 18:13:29.512: debug: 		->ksk5011status returns 0
+2008-06-12 18:13:29.512: debug: 	Check ksk status
+2008-06-12 18:13:29.512: debug: 	Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17728142 sec)
+2008-06-12 18:13:29.512: debug: 		->waiting for pre-publish key
+2008-06-12 18:13:29.512: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h29m2s: ZSK rollover deferred: waiting for pre-publish key
+2008-06-12 18:13:29.512: debug: 	Re-signing necessary: Option -f
+2008-06-12 18:13:29.512: notice: "example.net.": re-signing triggered: Option -f
+2008-06-12 18:13:29.512: debug: 	Writing key file "intern/example.net./dnskey.db"
+2008-06-12 18:13:29.513: debug: 	Signing zone "example.net."
+2008-06-12 18:13:29.513: debug: 	  Run cmd "cd intern/example.net.; /usr/local/sbin/dnssec-signzone -p -o example.net. -e +86400 -g  -N unixtime zone.db K*.private"
+2008-06-12 18:13:29.612: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-06-12 18:13:29.612: debug: 	Signing completed after 0s.
+2008-06-12 18:13:29.612: notice: ""example.net." in view "intern"": reload triggered
+2008-06-12 18:13:29.612: debug: 	Reload zone "example.net." in view "intern"
+2008-06-12 18:13:29.612: debug: 	  Run cmd "/usr/local/sbin/rndc reload example.net. IN intern"
+2008-06-12 18:13:29.623: debug: 
+2008-06-12 18:13:29.623: notice: end of run: 0 errors occured
+2008-06-12 18:13:38.707: notice: running as ../../dnssec-signer -V intern -f -r -v
+2008-06-12 18:13:38.708: debug: parsing zone "example.net." in dir "intern/example.net."
+2008-06-12 18:13:38.709: debug: 	Check RFC5011 status
+2008-06-12 18:13:38.709: debug: 		->ksk5011status returns 0
+2008-06-12 18:13:38.709: debug: 	Check ksk status
+2008-06-12 18:13:38.709: debug: 	Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17728151 sec)
+2008-06-12 18:13:38.709: debug: 		->waiting for pre-publish key
+2008-06-12 18:13:38.709: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h29m11s: ZSK rollover deferred: waiting for pre-publish key
+2008-06-12 18:13:38.709: debug: 	Re-signing necessary: Option -f
+2008-06-12 18:13:38.709: notice: "example.net.": re-signing triggered: Option -f
+2008-06-12 18:13:38.709: debug: 	Writing key file "intern/example.net./dnskey.db"
+2008-06-12 18:13:38.710: debug: 	Signing zone "example.net."
+2008-06-12 18:13:38.710: debug: 	  Run cmd "cd intern/example.net.; /usr/local/sbin/dnssec-signzone -p -o example.net. -e +86400 -g  -N unixtime zone.db K*.private"
+2008-06-12 18:13:39.163: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-06-12 18:13:39.163: debug: 	Signing completed after 1s.
+2008-06-12 18:13:39.163: notice: ""example.net." in view "intern"": reload triggered
+2008-06-12 18:13:39.163: debug: 	Reload zone "example.net." in view "intern"
+2008-06-12 18:13:39.163: debug: 	  Run cmd "/usr/local/sbin/rndc reload example.net. IN intern"
+2008-06-12 18:13:39.174: debug: 
+2008-06-12 18:13:39.174: notice: end of run: 0 errors occured
+2008-06-12 18:13:43.163: notice: running as ../../dnssec-signer -V intern -f -r -v -v
+2008-06-12 18:13:43.164: debug: parsing zone "example.net." in dir "intern/example.net."
+2008-06-12 18:13:43.164: debug: 	Check RFC5011 status
+2008-06-12 18:13:43.164: debug: 		->ksk5011status returns 0
+2008-06-12 18:13:43.164: debug: 	Check ksk status
+2008-06-12 18:13:43.164: debug: 	Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17728156 sec)
+2008-06-12 18:13:43.164: debug: 		->waiting for pre-publish key
+2008-06-12 18:13:43.164: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h29m16s: ZSK rollover deferred: waiting for pre-publish key
+2008-06-12 18:13:43.164: debug: 	Re-signing necessary: Option -f
+2008-06-12 18:13:43.164: notice: "example.net.": re-signing triggered: Option -f
+2008-06-12 18:13:43.164: debug: 	Writing key file "intern/example.net./dnskey.db"
+2008-06-12 18:13:43.164: debug: 	Signing zone "example.net."
+2008-06-12 18:13:43.164: debug: 	  Run cmd "cd intern/example.net.; /usr/local/sbin/dnssec-signzone -p -o example.net. -e +86400 -g  -N unixtime zone.db K*.private"
+2008-06-12 18:13:43.262: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-06-12 18:13:43.262: debug: 	Signing completed after 0s.
+2008-06-12 18:13:43.262: notice: ""example.net." in view "intern"": reload triggered
+2008-06-12 18:13:43.262: debug: 	Reload zone "example.net." in view "intern"
+2008-06-12 18:13:43.262: debug: 	  Run cmd "/usr/local/sbin/rndc reload example.net. IN intern"
+2008-06-12 18:13:43.273: debug: 
+2008-06-12 18:13:43.273: notice: end of run: 0 errors occured
diff --git a/contrib/zkt/examples/views/named.conf b/contrib/zkt/examples/views/named.conf
new file mode 100644
index 0000000..1ec3d13
--- /dev/null
+++ b/contrib/zkt/examples/views/named.conf
@@ -0,0 +1,97 @@
+/*****************************************************************
+**
+**      #(@)    named.conf	(c) 6. May 2004 (hoz)
+*****************************************************************/
+
+/*****************************************************************
+**      logging options
+*****************************************************************/
+logging {
+        channel "named-log" {
+                file "named.log";
+                print-time yes;
+                print-category yes;
+                print-severity yes;
+                severity info;
+        };
+        category "dnssec" { "named-log"; };
+        category "edns-disabled" { "named-log"; };
+        category "default" { "named-log"; };
+};
+
+/*****************************************************************
+**      name server options
+*****************************************************************/
+options {
+	directory ".";
+
+	pid-file "named.pid"; 
+	listen-on-v6 port 1053 { any; };
+	listen-on port 1053 { any; };
+
+	empty-zones-enable no;
+
+	port 1053;
+	query-source address * port 1053;
+	query-source-v6 address * port 1053;
+	transfer-source * port 53;
+	transfer-source-v6 * port 53;
+	use-alt-transfer-source no;
+	notify-source * port 53;
+	notify-source-v6 * port 53;
+
+	recursion yes;
+	dnssec-enable yes;
+	dnssec-validation yes;		/* required by BIND 9.4.0 */
+	dnssec-accept-expired false;	/* added since BIND 9.5.0 */
+	edns-udp-size 1460;		/* (M4) */
+	max-udp-size 1460;		/* (M5) */
+
+	# allow-query { localhost; };	/* default in 9.4.0 */
+	# allow-query-cache { localhost; };	/* default in 9.4.0 */
+
+	dnssec-must-be-secure "." no;
+
+	querylog yes;
+
+	stats-server 127.0.0.1 port 8881;	/* added since BIND 9.5.0 */
+};
+
+/*****************************************************************
+**      view intern
+*****************************************************************/
+view "intern" {
+	match-clients { 127.0.0.1; ::1; };
+	recursion yes;
+	zone "." in {
+		type hint;
+		file "root.hint";
+	};
+
+	zone "0.0.127.in-addr.arpa" in {
+		type master;
+		file "127.0.0.zone";
+	};
+
+	zone "example.net" in {
+		type master;
+		file "intern/example.net./zone.db.signed";
+	};
+};
+
+/*****************************************************************
+**      view extern
+*****************************************************************/
+view "extern" {
+	match-clients { any; };
+	recursion no;
+	zone "." in {
+		type hint;
+		file "root.hint";
+	};
+
+	zone "example.net" in {
+		type master;
+		file "extern/example.net./zone.db.signed";
+	};
+};
diff --git a/contrib/zkt/examples/views/named.log b/contrib/zkt/examples/views/named.log
new file mode 100644
index 0000000..15d5f7b
--- /dev/null
+++ b/contrib/zkt/examples/views/named.log
@@ -0,0 +1,17 @@
+20-Nov-2007 17:12:58.092 general: critical: couldn't open pid file '/var/run/named.pid': Permission denied
+20-Nov-2007 17:12:58.092 general: critical: exiting (due to early fatal error)
+20-Nov-2007 17:20:24.941 general: critical: couldn't open pid file '/var/run/named.pid': Permission denied
+20-Nov-2007 17:20:24.941 general: critical: exiting (due to early fatal error)
+20-Nov-2007 17:28:22.686 general: critical: couldn't open pid file '/var/run/named.pid': Permission denied
+20-Nov-2007 17:28:22.686 general: critical: exiting (due to early fatal error)
+20-Nov-2007 17:40:12.389 general: error: zone 0.0.127.in-addr.arpa/IN/intern: loading from master file 127.0.0.zone failed: file not found
+20-Nov-2007 17:40:12.391 general: info: zone example.net/IN/intern: loaded serial 1195574789 (signed)
+20-Nov-2007 17:40:12.393 general: info: zone example.net/IN/extern: loaded serial 1195561217 (signed)
+20-Nov-2007 17:40:12.393 general: notice: running
+20-Nov-2007 17:40:12.393 notify: info: zone example.net/IN/intern: sending notifies (serial 1195574789)
+20-Nov-2007 17:40:12.394 notify: info: zone example.net/IN/extern: sending notifies (serial 1195561217)
+20-Nov-2007 19:07:04.016 general: info: shutting down
+20-Nov-2007 19:07:04.017 network: info: no longer listening on ::#1053
+20-Nov-2007 19:07:04.017 network: info: no longer listening on 127.0.0.1#1053
+20-Nov-2007 19:07:04.017 network: info: no longer listening on 145.253.100.51#1053
+20-Nov-2007 19:07:04.020 general: notice: exiting
diff --git a/contrib/zkt/examples/views/root.hint b/contrib/zkt/examples/views/root.hint
new file mode 100644
index 0000000..2b5c167
--- /dev/null
+++ b/contrib/zkt/examples/views/root.hint
@@ -0,0 +1,45 @@
+; <<>> DiG 9.5.0a6 <<>> ns . @a.root-servers.net
+;; global options:  printcmd
+;; Got answer:
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33355
+;; flags: qr aa rd; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 13
+;; WARNING: recursion requested but not available
+
+;; QUESTION SECTION:
+;.				IN	NS
+
+;; ANSWER SECTION:
+.			518400	IN	NS	H.ROOT-SERVERS.NET.
+.			518400	IN	NS	I.ROOT-SERVERS.NET.
+.			518400	IN	NS	J.ROOT-SERVERS.NET.
+.			518400	IN	NS	K.ROOT-SERVERS.NET.
+.			518400	IN	NS	L.ROOT-SERVERS.NET.
+.			518400	IN	NS	M.ROOT-SERVERS.NET.
+.			518400	IN	NS	A.ROOT-SERVERS.NET.
+.			518400	IN	NS	B.ROOT-SERVERS.NET.
+.			518400	IN	NS	C.ROOT-SERVERS.NET.
+.			518400	IN	NS	D.ROOT-SERVERS.NET.
+.			518400	IN	NS	E.ROOT-SERVERS.NET.
+.			518400	IN	NS	F.ROOT-SERVERS.NET.
+.			518400	IN	NS	G.ROOT-SERVERS.NET.
+
+;; ADDITIONAL SECTION:
+A.ROOT-SERVERS.NET.	3600000	IN	A	198.41.0.4
+B.ROOT-SERVERS.NET.	3600000	IN	A	192.228.79.201
+C.ROOT-SERVERS.NET.	3600000	IN	A	192.33.4.12
+D.ROOT-SERVERS.NET.	3600000	IN	A	128.8.10.90
+E.ROOT-SERVERS.NET.	3600000	IN	A	192.203.230.10
+F.ROOT-SERVERS.NET.	3600000	IN	A	192.5.5.241
+G.ROOT-SERVERS.NET.	3600000	IN	A	192.112.36.4
+H.ROOT-SERVERS.NET.	3600000	IN	A	128.63.2.53
+I.ROOT-SERVERS.NET.	3600000	IN	A	192.36.148.17
+J.ROOT-SERVERS.NET.	3600000	IN	A	192.58.128.30
+K.ROOT-SERVERS.NET.	3600000	IN	A	193.0.14.129
+L.ROOT-SERVERS.NET.	3600000	IN	A	199.7.83.42
+M.ROOT-SERVERS.NET.	3600000	IN	A	202.12.27.33
+
+;; Query time: 114 msec
+;; SERVER: 198.41.0.4#53(198.41.0.4)
+;; WHEN: Mon Nov  5 07:28:00 2007
+;; MSG SIZE  rcvd: 436
+
diff --git a/contrib/zkt/examples/views/viewtest.sh b/contrib/zkt/examples/views/viewtest.sh
new file mode 100755
index 0000000..f0a1754
--- /dev/null
+++ b/contrib/zkt/examples/views/viewtest.sh
@@ -0,0 +1,20 @@
+
+
+ZKT_CONFFILE=dnssec.conf
+export ZKT_CONFFILE
+
+if true
+then
+	echo "All internal keys:"
+	./dnssec-zkt-intern
+	echo
+
+	echo "All external keys:"
+	./dnssec-zkt-extern
+	echo
+fi
+
+echo "Sign both views"
+./dnssec-signer-intern -v -v -f -r
+echo
+./dnssec-signer-extern -v -v
diff --git a/contrib/zkt/examples/zone.db b/contrib/zkt/examples/zone.db
new file mode 100644
index 0000000..9864cb1
--- /dev/null
+++ b/contrib/zkt/examples/zone.db
@@ -0,0 +1,45 @@
+;-----------------------------------------------------------------
+;
+;       @(#)    example.net/zone.db
+;
+;-----------------------------------------------------------------
+
+$TTL	7200
+
+;	Be sure that the serial number below is left
+;	justified in a field of at least 10 chars!!
+;				0123456789;
+;	It's also possible to use the date form e.g. 2005040101
+@	IN SOA	ns1.example.net. hostmaster.example.net.  (
+				263       ; Serial	
+				43200	; Refresh
+				1800	; Retry
+				2W	; Expire
+				7200 )	; Minimum
+
+		IN  NS		ns1.example.net.
+		IN  NS		ns2.example.net.
+
+ns1		IN  A		1.0.0.5
+		IN  AAAA	2001:db8::53
+ns2		IN  A		1.2.0.6
+
+localhost	IN  A		127.0.0.1
+
+a		IN  A		1.2.3.1
+b		IN  MX		10 a
+;c		IN  A		1.2.3.2
+d		IN  A		1.2.3.3
+		IN  AAAA	2001:0db8::3
+
+; Delegation to secure zone; The DS resource record will
+; be added by dnssec-signzone automatically if the
+; keyset-sub.example.net file is present (run dnssec-signzone
+; with option -g or use the dnssec-signer tool) ;-)
+sub		IN NS      ns1.example.net.
+sub		IN DS 54876 5 1 CAB6127E303A8A8D7D5A29AE05DB60F4C5060B10
+sub		IN DS 54876 5 2 7C8CAF1844479F3600213173BB5D1E2A44143D63B6E0B3E10D8C5310 ADF84D30
+
+; this file will have all the zone keys
+$INCLUDE dnskey.db
+
diff --git a/contrib/zkt/examples/zone.db.signed b/contrib/zkt/examples/zone.db.signed
new file mode 100644
index 0000000..1e389ea
--- /dev/null
+++ b/contrib/zkt/examples/zone.db.signed
@@ -0,0 +1,146 @@
+; File written on Tue Jun 24 10:00:31 2008
+; dnssec_signzone version 9.5.0
+example.net.		7200	IN SOA	ns1.example.net. hostmaster.example.net. (
+					263        ; serial
+					43200      ; refresh (12 hours)
+					1800       ; retry (30 minutes)
+					1209600    ; expire (2 weeks)
+					7200       ; minimum (2 hours)
+					)
+			7200	RRSIG	SOA 5 2 7200 20080724070030 (
+					20080624070030 33755 example.net.
+					FFUGR4+nzjZbpDT/RAncV7dNvBy1xil4MO17
+					DU+gotHHV1Yq+4RRqEnRhOSWydDC9ENAjH7W
+					lmzr+igFHp8qiw== )
+			7200	NS	ns1.example.net.
+			7200	NS	ns2.example.net.
+			7200	RRSIG	NS 5 2 7200 20080724070030 (
+					20080624070030 33755 example.net.
+					mpT5zY57UtLMdl6iKVtvr78vINyaA3NkZ0af
+					E/TtUUBJeIEjLauzxA5jJBGqLWAiLj8HKWhS
+					dq1VfORhRh/Xng== )
+			7200	NSEC	a.example.net. NS SOA RRSIG NSEC DNSKEY
+			7200	RRSIG	NSEC 5 2 7200 20080724070030 (
+					20080624070030 33755 example.net.
+					Q5yxSoL+Df3UbGe1RSFFj01SoBGLgjXvgLd5
+					wKota7wnjO8CxidmrN+qcKQHjF+R+mH8GeQ7
+					xL1qZxKLQqxmwA== )
+			14400	DNSKEY	256 3 5 (
+					BQEAAAABzN8pvZb5GSy8AozXt4L8HK/x59TQ
+					jh9IaZS+mIyyuHDX2iaFUigOqHixIJtDLD1r
+					/MfelgJ/Mh6+vCu+XmMQuw==
+					) ; key id = 33755
+			14400	DNSKEY	257 3 5 (
+					BQEAAAABC23icFZAD3DFBLoEw7DWKl8Hig7a
+					zmEbpXHYyAV98l+QQaTAb98Ob3YbrVJ9IU8E
+					0KBFb5iYpHobxowPsI8FjUH2oL/7PfhtN1E3
+					NlL6Uhbo8Umf6H0UULEsUTlTT8dnX+ikjAr8
+					bN71YJP7BXlszezsFHuMEspNdOPyMr93230+
+					R2KTEzC2H4CQzSRIr5xXSIq8kkrJ3miGjTyj
+					5awvXfJ+eQ==
+					) ; key id = 31674
+			14400	RRSIG	DNSKEY 5 2 14400 20080724070030 (
+					20080624070030 31674 example.net.
+					BGed6Vivkmx/SM7HuXMy9ex+p0fDWcXW6uTH
+					SZLs9oAZMSkm8Xh2RNNI1sgZefGpsOc7AZJE
+					JuIWttqKm5VL57qpEKeTxZ9oE6Vpk4ko5lMo
+					yTJUoih7lTXo7a1OsNHMFZadE7Fu4Q8pjGUZ
+					ZJI4zBrT7JmgyPNCkgn1JdC2qJlc6ClHEb4E
+					6pQyH3BnSOFudZDz8MdVQnqdxpShGwucnf2i
+					oA== )
+			14400	RRSIG	DNSKEY 5 2 14400 20080724070030 (
+					20080624070030 33755 example.net.
+					f03G7Cq3CwWz7Lbe7cl61ciSsdEYv4heYnR3
+					binJ3xWO7jSiRAvUAfkIYDspdlF/PCOnv8sr
+					id8TL8q/qQ0MCg== )
+a.example.net.		7200	IN A	1.2.3.1
+			7200	RRSIG	A 5 3 7200 20080724070030 (
+					20080624070030 33755 example.net.
+					VuIrcft9jvWKORJy2SQ4UgWwRnUL4gIiaVpy
+					3i5hfjM6X38FHsy0SvGrjxQqiurwZZS4NxXG
+					ljUerawxMdHWWw== )
+			7200	NSEC	b.example.net. A RRSIG NSEC
+			7200	RRSIG	NSEC 5 3 7200 20080724070030 (
+					20080624070030 33755 example.net.
+					yc/tsRYQRaYsPp+5jPUj2NR0R3zHKvXBQ/RO
+					14b/eKL9i4NnuzS50qFZwzpcOBOJd6XITO4p
+					yJNZQKtryRJuSg== )
+b.example.net.		7200	IN MX	10 a.example.net.
+			7200	RRSIG	MX 5 3 7200 20080724070030 (
+					20080624070030 33755 example.net.
+					xVjOhCO2zJVp1SsoMdM6ePCZUkittsqEP7rI
+					7j8r2S1j4oiIdXaxCBBVwddhS/x1eziI/a2S
+					/HwVRJThIYIKnQ== )
+			7200	NSEC	d.example.net. MX RRSIG NSEC
+			7200	RRSIG	NSEC 5 3 7200 20080724070030 (
+					20080624070030 33755 example.net.
+					jC171VBU0dqcI1NnMUUqrUIjq09sVHnFo9CH
+					0jKNwxkj+K1Zkr7CBm6htH+EkKKhqKFW8kz7
+					b2r05FL1xakcnQ== )
+d.example.net.		7200	IN A	1.2.3.3
+			7200	RRSIG	A 5 3 7200 20080724070030 (
+					20080624070030 33755 example.net.
+					Q4C7HCpDR6fxIczzqGDnkpXUL5oxdPDYWF2H
+					vmAalL++9A5hVGz8S5IfX87dZAg71c1j8ZAe
+					5oS0pvLQnweoIw== )
+			7200	AAAA	2001:db8::3
+			7200	RRSIG	AAAA 5 3 7200 20080724070030 (
+					20080624070030 33755 example.net.
+					ECjxqQpJCbL6A9iBk/bImgzDNevUXFjq8n2L
+					14ewG5zQSz/0l0NqcHKtCiruBjHd+DEXjTEI
+					Qo8RvMm7Rn8OsA== )
+			7200	NSEC	localhost.example.net. A AAAA RRSIG NSEC
+			7200	RRSIG	NSEC 5 3 7200 20080724070030 (
+					20080624070030 33755 example.net.
+					k+AhslVfBZgXkTaWjDVB+3nLm2ye8UOGMNhY
+					QcKxJZaVYKnUZfyX1sJONN4UdFjmnkdNcRVC
+					6ouWrLbIwslqIQ== )
+localhost.example.net.	7200	IN A	127.0.0.1
+			7200	RRSIG	A 5 3 7200 20080724070030 (
+					20080624070030 33755 example.net.
+					wZjK9o3CElHLPSzynvzft/nQAEeBpNOj22vq
+					3TWa9HWQ0RqL55NRmzxuDtyMtPOFQpniVxgV
+					jizb8X3SPJ5V1g== )
+			7200	NSEC	ns1.example.net. A RRSIG NSEC
+			7200	RRSIG	NSEC 5 3 7200 20080724070030 (
+					20080624070030 33755 example.net.
+					e4nOW7PuqCQBYgSCBQH06V2XB7SF85jmfFIc
+					dSMbsLRK+1tN/Y2+85WKVSQrXZzWRHgjQ+Hw
+					iL/FWK5Zfq7ixg== )
+ns1.example.net.	7200	IN A	1.0.0.5
+			7200	RRSIG	A 5 3 7200 20080724070030 (
+					20080624070030 33755 example.net.
+					tTfMDk2ww2uWutlhjRMDPGo9ZPugjJqSbdyP
+					6cJcCDJUBce0UZFxjvDBZhfG7O2XUscooUjp
+					JpXsJ54ksPugXA== )
+			7200	AAAA	2001:db8::53
+			7200	RRSIG	AAAA 5 3 7200 20080724070030 (
+					20080624070030 33755 example.net.
+					x8iMgcICSOxgx4biLForfZxgMbMVpzwMQR6n
+					naFVK79GOwFFT8krAfo6K6Rg7Fyu0jSE/59H
+					3Y15F0ju6YvbAg== )
+			7200	NSEC	ns2.example.net. A AAAA RRSIG NSEC
+			7200	RRSIG	NSEC 5 3 7200 20080724070030 (
+					20080624070030 33755 example.net.
+					EYof9XuXHXuWgRF0MzgO/Z8FGYJEfLlJKWCV
+					IWh+b8XJejLO1Tt0vlJZl0orrs6yam/B8CWb
+					dgq8ktbqpNHmvg== )
+ns2.example.net.	7200	IN A	1.2.0.6
+			7200	RRSIG	A 5 3 7200 20080724070030 (
+					20080624070030 33755 example.net.
+					Uh93B1J7mOqBcW8sXWHA6vmeGszGJGE/BtFV
+					cdO4tBNoIDbIdkzBUJZphc6HfK7/gu7WFhAo
+					5v6cZr4bRDOf6A== )
+			7200	NSEC	sub.example.net. A RRSIG NSEC
+			7200	RRSIG	NSEC 5 3 7200 20080724070030 (
+					20080624070030 33755 example.net.
+					xOkV3aTsgrP7ZyaHfKhLmjJfhboQJpDYFdqV
+					y0zzZuGQr7Yr4PxWED5WJhm4fFf48agNWBmm
+					rk1OaFadv6m2uw== )
+sub.example.net.	7200	IN NS	ns1.example.net.
+			7200	NSEC	example.net. NS RRSIG NSEC
+			7200	RRSIG	NSEC 5 3 7200 20080724070030 (
+					20080624070030 33755 example.net.
+					Pr8KFvU/Fr2lp9W6Wqqq47VKrnh3tL90S8Eu
+					KIPsfmBE00g7eGPVswJUWShXMBZFLtfqI8z/
+					UBM6VzROSTtryA== )