diff options
Diffstat (limited to 'contrib/zkt/examples')
121 files changed, 5614 insertions, 0 deletions
diff --git a/contrib/zkt/examples/dnskey.db b/contrib/zkt/examples/dnskey.db new file mode 100644 index 0000000..2822e6a --- /dev/null +++ b/contrib/zkt/examples/dnskey.db @@ -0,0 +1,24 @@ +; +; !!! Don't edit this file by hand. +; !!! It will be generated by dnssec-signer. +; +; Last generation time Jun 24 2008 09:58:34 +; + +; *** List of Key Signing Keys *** +; example.net. tag=31674 algo=RSASHA1 generated Jun 24 2008 09:58:34 +example.net. 14400 IN DNSKEY 257 3 5 ( + BQEAAAABC23icFZAD3DFBLoEw7DWKl8Hig7azmEbpXHYyAV98l+QQaTA + b98Ob3YbrVJ9IU8E0KBFb5iYpHobxowPsI8FjUH2oL/7PfhtN1E3NlL6 + Uhbo8Umf6H0UULEsUTlTT8dnX+ikjAr8bN71YJP7BXlszezsFHuMEspN + dOPyMr93230+R2KTEzC2H4CQzSRIr5xXSIq8kkrJ3miGjTyj5awvXfJ+ + eQ== + ) ; key id = 31674 + +; *** List of Zone Signing Keys *** +; example.net. tag=33755 algo=RSASHA1 generated Jun 24 2008 09:58:34 +example.net. 14400 IN DNSKEY 256 3 5 ( + BQEAAAABzN8pvZb5GSy8AozXt4L8HK/x59TQjh9IaZS+mIyyuHDX2iaF + UigOqHixIJtDLD1r/MfelgJ/Mh6+vCu+XmMQuw== + ) ; key id = 33755 + diff --git a/contrib/zkt/examples/dnssec-signer.sh b/contrib/zkt/examples/dnssec-signer.sh new file mode 100755 index 0000000..ee4bfc0 --- /dev/null +++ b/contrib/zkt/examples/dnssec-signer.sh @@ -0,0 +1,12 @@ +#!/bin/sh +# +# Shell script to start the dnssec-signer +# command out of the example directory +# + +if test ! -f dnssec.conf +then + echo Please start this skript out of the flat or hierarchical sub directory + exit 1 +fi +ZKT_CONFFILE=`pwd`/dnssec.conf ../../dnssec-signer "$@" diff --git a/contrib/zkt/examples/dnssec-zkt.sh b/contrib/zkt/examples/dnssec-zkt.sh new file mode 100755 index 0000000..f3976ce --- /dev/null +++ b/contrib/zkt/examples/dnssec-zkt.sh @@ -0,0 +1,12 @@ +#!/bin/sh +# +# Shell script to start the dnssec-zkt command +# out of the example directory +# + +if test ! -f dnssec.conf +then + echo Please start this skript out of the flat or hierarchical sub directory + exit 1 +fi +ZKT_CONFFILE=`pwd`/dnssec.conf ../../dnssec-zkt "$@" diff --git a/contrib/zkt/examples/flat/dist.sh b/contrib/zkt/examples/flat/dist.sh new file mode 100755 index 0000000..c112f55 --- /dev/null +++ b/contrib/zkt/examples/flat/dist.sh @@ -0,0 +1,70 @@ +################################################################# +# +# @(#) dist.sh -- distribute and reload command for dnssec-signer +# +# (c) Jul 2008 Holger Zuleger hznet.de +# +# This shell script will be run by dnssec-signer as a distribution +# and reload command if: +# +# a) the dnssec.conf file parameter Distribute_Cmd: points +# to this file +# and +# b) the user running the dnssec-signer command is not +# root (uid==0) +# and +# c) the owner of this shell script is the same as the +# running user and the access rights don't allow writing +# for anyone except the owner +# or +# d) the group of this shell script is the same as the +# running user and the access rights don't allow writing +# for anyone except the group +# +################################################################# + +# set path to rndc and scp +PATH="/bin:/usr/bin:/usr/local/sbin" + +# remote server and directory +server=localhost # fqdn of remote name server +dir=/var/named # zone directory on remote name server + +progname=$0 +usage() +{ + echo "usage: $progname distribute|reload <domain> <path_to_zonefile> [<viewname>]" 1>&2 + test $# -gt 0 && echo $* 1>&2 + exit 1 +} + +if test $# -lt 3 +then + usage +fi +action="$1" +domain="$2" +zonefile="$3" +view="" +test $# -gt 3 && view="$4" + +case $action in +distribute) + if test -n "$view" + then + echo "scp $zonefile $server:$dir/$view/$domain/" + : scp $zonefile $server:$dir/$view/$domain/ + else + echo "scp $zonefile $server:$dir/$domain/" + : scp $zonefile $server:$dir/$domain/ + fi + ;; +reload) + echo "rndc $action $zone $view" + : rndc $action $zone $view + ;; +*) + usage "illegal action $action" + ;; +esac + diff --git a/contrib/zkt/examples/flat/dnssec.conf b/contrib/zkt/examples/flat/dnssec.conf new file mode 100644 index 0000000..2bd9c58 --- /dev/null +++ b/contrib/zkt/examples/flat/dnssec.conf @@ -0,0 +1,41 @@ +# +# @(#) dnssec.conf vT0.96 (c) Feb 2005 - May 2008 Holger Zuleger hznet.de +# + +# dnssec-zkt options +Zonedir: "." +Recursive: True +PrintTime: False +PrintAge: True +LeftJustify: False + +# zone specific values +ResignInterval: 2d # (172800 seconds) +Sigvalidity: 6d # (518400 seconds) +Max_TTL: 8h # (28800 seconds) +Propagation: 5m # (300 seconds) +KEY_TTL: 1h # (3600 seconds) +Serialformat: incremental + +# signing key parameters +KSK_lifetime: 60d # (5184000 seconds) +KSK_algo: RSASHA1 # (Algorithm ID 5) +KSK_bits: 1300 +KSK_randfile: "/dev/urandom" +ZSK_lifetime: 2w # (1209600 seconds) +ZSK_algo: RSASHA1 # (Algorithm ID 5) +ZSK_bits: 512 +ZSK_randfile: "/dev/urandom" + +# dnssec-signer options +LogFile: "zkt.log" +LogLevel: debug +SyslogFacility: USER +SyslogLevel: notice +VerboseLog: 2 +Keyfile: "dnskey.db" +Zonefile: "zone.db" +KeySetDir: "../keysets" +DLV_Domain: "" +Sig_Pseudorand: True +Distribute_Cmd: "./dist.sh" diff --git a/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+003+42138.key b/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+003+42138.key new file mode 100644 index 0000000..6a64c44 --- /dev/null +++ b/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+003+42138.key @@ -0,0 +1,3 @@ +;% generationtime=20080609224426 +;% lifetime=60d +dyn.example.net. IN DNSKEY 257 3 3 CNtFdVrUUJ9MPDyzGoPm+tSKUgnX4bble5+VNGd4RjwWpEDj8RhEAhQ7 LybJzr0wtHXT2Q/KS55xARkUtcH2TVO/ayMupa30pM38rd8uF38sm+AB KLEvCbPjaLZyW+s10di8nLp1aAxKFFfAEfXkIhl3Wm5g9CvjrMlrxAOf Ny/jtz4v+asIr6/d992V80G9wMKMvTMQoCr4Sp9s2JubW79i4RBVWgHH JMmtyqq+SqEkPhZvsTuo2sXgIH9vRS3XgfkGtw/KyTUM29bhZ2eB+Ldq +bggp1gbBDiSsxZPjxciizI/mCzXWbq8BdfZ6LsddMjAolJwCtaPCD4e 4infmw+YSxjGau+YGgI0Cc0uItzQmNNpSoejM3IWGV+SN/YuPJIzw8wi xDfO6kCNiPsW45Fvq31148cAvUvwiqYPQ3fONeOTdQjsJWLLdLTApVEH 10kjAGfa30Tm92lQhhG5ovWrWCMbFlw4Lbvlon+X2snWPNut0a1Pz4Wd clDcmNU8dxi1lFvGbcJ0E4qBoJVBIzDh4HX1 diff --git a/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+003+42138.private b/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+003+42138.private new file mode 100644 index 0000000..4f7ec3d --- /dev/null +++ b/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+003+42138.private @@ -0,0 +1,7 @@ +Private-key-format: v1.2 +Algorithm: 3 (DSA) +Prime(p): 4bble5+VNGd4RjwWpEDj8RhEAhQ7LybJzr0wtHXT2Q/KS55xARkUtcH2TVO/ayMupa30pM38rd8uF38sm+ABKLEvCbPjaLZyW+s10di8nLp1aAxKFFfAEfXkIhl3Wm5g9CvjrMlrxAOfNy/jtz4v+asIr6/d992V80G9wMKMvTM= +Subprime(q): 20V1WtRQn0w8PLMag+b61IpSCdc= +Base(g): EKAq+EqfbNibm1u/YuEQVVoBxyTJrcqqvkqhJD4Wb7E7qNrF4CB/b0Ut14H5BrcPysk1DNvW4Wdngfi3avm4IKdYGwQ4krMWT48XIosyP5gs11m6vAXX2ei7HXTIwKJScArWjwg+HuIp35sPmEsYxmrvmBoCNAnNLiLc0JjTaUo= +Private_value(x): xY/GSk3U4oHIsvUiAs/9/n+6ttk= +Public_value(y): h6MzchYZX5I39i48kjPDzCLEN87qQI2I+xbjkW+rfXXjxwC9S/CKpg9Dd84145N1COwlYst0tMClUQfXSSMAZ9rfROb3aVCGEbmi9atYIxsWXDgtu+Wif5faydY8263RrU/PhZ1yUNyY1Tx3GLWUW8ZtwnQTioGglUEjMOHgdfU= diff --git a/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+005+01355.key b/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+005+01355.key new file mode 100644 index 0000000..d129398 --- /dev/null +++ b/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+005+01355.key @@ -0,0 +1,3 @@ +;% generationtime=20080609224426 +;% lifetime=14d +dyn.example.net. IN DNSKEY 256 3 5 BQEAAAAB1hmOomNafbJ3H76e8V4qmFvlFWQuIkM+jbh+s79ZpErpCR7w BS5TswdoTeglX9UjP0D6hLmHfTcsdHQLLeMidQ== diff --git a/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+005+01355.private b/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+005+01355.private new file mode 100644 index 0000000..3692946 --- /dev/null +++ b/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+005+01355.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: 1hmOomNafbJ3H76e8V4qmFvlFWQuIkM+jbh+s79ZpErpCR7wBS5TswdoTeglX9UjP0D6hLmHfTcsdHQLLeMidQ== +PublicExponent: AQAAAAE= +PrivateExponent: dAiTob6wk4h5l6frfh49NAzd3RBsVRxqqCsMao52fJvlK06wmOb9PkqOaEMTDroJEGgN6zD/sWcGPK7nYwDMHQ== +Prime1: 731n5xPK9UQqQsQtattcC4MxtL6+OP1CyLy8e2tsd/8= +Prime2: 5NwPUBy32o2zzpw4TDH3omB6yk0fmFItJx4ek3RaBYs= +Exponent1: jzq6en2c8SwS5uQwY3/vFY549HMSTxP58kyS/GJ9hqE= +Exponent2: y52KLCquniy3EwUypKRkPZPftjBoqZkXeQLXSk4b850= +Coefficient: vHnxG4D4n+IKETXrutOFT+iREDDcfj6GpYubIP/goZc= diff --git a/contrib/zkt/examples/flat/dyn.example.net./dnskey.db b/contrib/zkt/examples/flat/dyn.example.net./dnskey.db new file mode 100644 index 0000000..e0f978e --- /dev/null +++ b/contrib/zkt/examples/flat/dyn.example.net./dnskey.db @@ -0,0 +1,29 @@ +; +; !!! Don't edit this file by hand. +; !!! It will be generated by dnssec-signer. +; +; Last generation time Jun 12 2008 18:28:38 +; + +; *** List of Key Signing Keys *** +; dyn.example.net. tag=42138 algo=DSA generated Jun 10 2008 00:44:26 +dyn.example.net. 14400 IN DNSKEY 257 3 3 ( + CNtFdVrUUJ9MPDyzGoPm+tSKUgnX4bble5+VNGd4RjwWpEDj8RhEAhQ7 + LybJzr0wtHXT2Q/KS55xARkUtcH2TVO/ayMupa30pM38rd8uF38sm+AB + KLEvCbPjaLZyW+s10di8nLp1aAxKFFfAEfXkIhl3Wm5g9CvjrMlrxAOf + Ny/jtz4v+asIr6/d992V80G9wMKMvTMQoCr4Sp9s2JubW79i4RBVWgHH + JMmtyqq+SqEkPhZvsTuo2sXgIH9vRS3XgfkGtw/KyTUM29bhZ2eB+Ldq + +bggp1gbBDiSsxZPjxciizI/mCzXWbq8BdfZ6LsddMjAolJwCtaPCD4e + 4infmw+YSxjGau+YGgI0Cc0uItzQmNNpSoejM3IWGV+SN/YuPJIzw8wi + xDfO6kCNiPsW45Fvq31148cAvUvwiqYPQ3fONeOTdQjsJWLLdLTApVEH + 10kjAGfa30Tm92lQhhG5ovWrWCMbFlw4Lbvlon+X2snWPNut0a1Pz4Wd + clDcmNU8dxi1lFvGbcJ0E4qBoJVBIzDh4HX1 + ) ; key id = 42138 + +; *** List of Zone Signing Keys *** +; dyn.example.net. tag=1355 algo=RSASHA1 generated Jun 10 2008 00:44:26 +dyn.example.net. 14400 IN DNSKEY 256 3 5 ( + BQEAAAAB1hmOomNafbJ3H76e8V4qmFvlFWQuIkM+jbh+s79ZpErpCR7w + BS5TswdoTeglX9UjP0D6hLmHfTcsdHQLLeMidQ== + ) ; key id = 1355 + diff --git a/contrib/zkt/examples/flat/dyn.example.net./dnssec.conf b/contrib/zkt/examples/flat/dyn.example.net./dnssec.conf new file mode 100644 index 0000000..0998fda --- /dev/null +++ b/contrib/zkt/examples/flat/dyn.example.net./dnssec.conf @@ -0,0 +1,5 @@ +# signing key parameters +KSK_lifetime: 60d # (5184000 seconds) +KSK_algo: DSA +KSK_bits: 1024 +KSK_randfile: "/dev/urandom" diff --git a/contrib/zkt/examples/flat/dyn.example.net./dsset-dyn.example.net. b/contrib/zkt/examples/flat/dyn.example.net./dsset-dyn.example.net. new file mode 100644 index 0000000..f94666a --- /dev/null +++ b/contrib/zkt/examples/flat/dyn.example.net./dsset-dyn.example.net. @@ -0,0 +1,2 @@ +dyn.example.net. IN DS 42138 3 1 0F49FCDB683D1903F69B6779DB55CA3472974879 +dyn.example.net. IN DS 42138 3 2 94AC94BFE3AFA17F7485F5F741274074FF2E26A360D776D8884F2689 CCED34C6 diff --git a/contrib/zkt/examples/flat/dyn.example.net./keyset-dyn.example.net. b/contrib/zkt/examples/flat/dyn.example.net./keyset-dyn.example.net. new file mode 100644 index 0000000..002217b --- /dev/null +++ b/contrib/zkt/examples/flat/dyn.example.net./keyset-dyn.example.net. @@ -0,0 +1,18 @@ +$ORIGIN . +dyn.example.net 7200 IN DNSKEY 257 3 3 ( + CNtFdVrUUJ9MPDyzGoPm+tSKUgnX4bble5+V + NGd4RjwWpEDj8RhEAhQ7LybJzr0wtHXT2Q/K + S55xARkUtcH2TVO/ayMupa30pM38rd8uF38s + m+ABKLEvCbPjaLZyW+s10di8nLp1aAxKFFfA + EfXkIhl3Wm5g9CvjrMlrxAOfNy/jtz4v+asI + r6/d992V80G9wMKMvTMQoCr4Sp9s2JubW79i + 4RBVWgHHJMmtyqq+SqEkPhZvsTuo2sXgIH9v + RS3XgfkGtw/KyTUM29bhZ2eB+Ldq+bggp1gb + BDiSsxZPjxciizI/mCzXWbq8BdfZ6LsddMjA + olJwCtaPCD4e4infmw+YSxjGau+YGgI0Cc0u + ItzQmNNpSoejM3IWGV+SN/YuPJIzw8wixDfO + 6kCNiPsW45Fvq31148cAvUvwiqYPQ3fONeOT + dQjsJWLLdLTApVEH10kjAGfa30Tm92lQhhG5 + ovWrWCMbFlw4Lbvlon+X2snWPNut0a1Pz4Wd + clDcmNU8dxi1lFvGbcJ0E4qBoJVBIzDh4HX1 + ) ; key id = 42138 diff --git a/contrib/zkt/examples/flat/dyn.example.net./zone.db b/contrib/zkt/examples/flat/dyn.example.net./zone.db new file mode 100644 index 0000000..ee557b8 --- /dev/null +++ b/contrib/zkt/examples/flat/dyn.example.net./zone.db @@ -0,0 +1,136 @@ +; File written on Thu Jun 12 18:28:34 2008 +; dnssec_signzone version 9.5.0 +dyn.example.net. 7200 IN SOA ns1.example.net. hostmaster.example.net. ( + 7 ; serial + 43200 ; refresh (12 hours) + 1800 ; retry (30 minutes) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 7200 RRSIG SOA 5 3 7200 20080622152834 ( + 20080612152834 1355 dyn.example.net. + h8oKA1I7aC378Cll7LdhM2XZzrtsoxOdPaas + SMAd5Ok2zobl8i4nTpxUzmJE27U+yEeOJkf+ + SXgsy934gAaYLw== ) + 7200 NS ns1.example.net. + 7200 NS ns2.example.net. + 7200 RRSIG NS 5 3 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + xuEEg3kN7hAVIwdQ8l8lmeEzNhrtz5Ow1PQK + Sm3KTIxXI8RLcqZgc4pMlCWq+gWwxekvxJwz + lU0C+J4VPkA8pA== ) + 7200 NSEC localhost.dyn.example.net. NS SOA RRSIG NSEC DNSKEY + 7200 RRSIG NSEC 5 3 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + XFDBfmcN874qUtNsGwD9Ir0QAzjYMw3BI40I + HFEOkTBJouhQ8RBpR6YqgWpkLqg1khvES5DH + +6XuqA8u/xPmbw== ) + 3600 DNSKEY 256 3 5 ( + BQEAAAAB1hmOomNafbJ3H76e8V4qmFvlFWQu + IkM+jbh+s79ZpErpCR7wBS5TswdoTeglX9Uj + P0D6hLmHfTcsdHQLLeMidQ== + ) ; key id = 1355 + 3600 DNSKEY 257 3 3 ( + CNtFdVrUUJ9MPDyzGoPm+tSKUgnX4bble5+V + NGd4RjwWpEDj8RhEAhQ7LybJzr0wtHXT2Q/K + S55xARkUtcH2TVO/ayMupa30pM38rd8uF38s + m+ABKLEvCbPjaLZyW+s10di8nLp1aAxKFFfA + EfXkIhl3Wm5g9CvjrMlrxAOfNy/jtz4v+asI + r6/d992V80G9wMKMvTMQoCr4Sp9s2JubW79i + 4RBVWgHHJMmtyqq+SqEkPhZvsTuo2sXgIH9v + RS3XgfkGtw/KyTUM29bhZ2eB+Ldq+bggp1gb + BDiSsxZPjxciizI/mCzXWbq8BdfZ6LsddMjA + olJwCtaPCD4e4infmw+YSxjGau+YGgI0Cc0u + ItzQmNNpSoejM3IWGV+SN/YuPJIzw8wixDfO + 6kCNiPsW45Fvq31148cAvUvwiqYPQ3fONeOT + dQjsJWLLdLTApVEH10kjAGfa30Tm92lQhhG5 + ovWrWCMbFlw4Lbvlon+X2snWPNut0a1Pz4Wd + clDcmNU8dxi1lFvGbcJ0E4qBoJVBIzDh4HX1 + ) ; key id = 42138 + 3600 RRSIG DNSKEY 3 3 3600 20080615214426 ( + 20080609214426 42138 dyn.example.net. + CIIuZ4cbwEWxoPGO6KDcLRO4Z3y0i2VhXy+5 + 1X+nmHSkpcKJrUty/wY= ) + 3600 RRSIG DNSKEY 5 3 3600 20080615214426 ( + 20080609214426 1355 dyn.example.net. + xGL6ZjA7v2RjPj7BnYjCvsgMRm/Z94j4c5K4 + 7twJsUZ0AO/mURIpdbCigDfFJuK2fy/8X4Vi + 9K8P4EgCcj52Jw== ) +localhost.dyn.example.net. 7200 IN A 127.0.0.1 + 7200 RRSIG A 5 4 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + s+RvcycC8aAYgRcR5qBdVXhpRxBMTFS5Q0Pk + FN7OAdfmJ/3nV7+ehu0eOZ2ZjO2Pm4ZFcSM1 + Sm1ttNxSTe2M8A== ) + 7200 NSEC ns1.dyn.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 4 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + ZhXlmS/WJPbIiXwLKzNFOxw7RU3owfTA8vEM + +/SDZO/7+aVSj5IgbsUs3qLAuFrMN8BFEAWt + AqArf+M3STbO9g== ) +ns1.dyn.example.net. 7200 IN A 1.0.0.5 + 7200 RRSIG A 5 4 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + gPY1vUcxdWRJ1YbFMg/8rgoPZwta6rFrxQZl + KbyBNctNmlbXxeynP6j3qjwq9dydzbNt+sjO + TdWtXSZIlU2JKQ== ) + 7200 AAAA 2001:db8::53 + 7200 RRSIG AAAA 5 4 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + Y/PZmvaKPq4CqDvdG7eA2sxlnCPeNKHkZOB4 + eDvK1x+q/WfTs3BDd3+g4zlG5nMC+NRSlXeO + Q4Pxd2rI9ud1hA== ) + 7200 NSEC ns2.dyn.example.net. A AAAA RRSIG NSEC + 7200 RRSIG NSEC 5 4 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + pLgxecgjqGdhVmCcUl59FljWsnC4bjkslUdt + 0etzeGD1SNGUqhFcW10EgZE4Y9pXwvLvw68R + sj80tqtN0NHi/Q== ) +ns2.dyn.example.net. 7200 IN A 1.2.0.6 + 7200 RRSIG A 5 4 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + pHtJzfj0HU/AkLE70xT0UG8M/Gvvsia61TnC + UrxR/61uQk1X4Vy2+oPA14Yb2QJ7ZHG5D1cn + LrVtjyQbfimbOA== ) + 7200 NSEC x.dyn.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 4 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + vjPL9Mb6oUyg9y8m+BpVpTRpac9+WJxu8FHd + Xv4xk67NN+L+Zpukm0D8LSOrk4hZk0X5JkLD + Pz/gpH280yQJFA== ) +x.dyn.example.net. 7200 IN A 1.2.3.4 + 7200 RRSIG A 5 4 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + tFyv0gmTKt8/IXdH9VA1H1ymBQ8EIviN2xbC + P8vzWZbay3Az2GPObYmaHKb1dm+Sq1dQUJsb + jn6fdB+T2Zs9Pw== ) + 7200 NSEC y.dyn.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 4 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + bWhiuA+4V86k/bfw7XQ7qDHwxTwbTyN+2gu5 + MeYQA/WeHdb+3QUOYr6aERRJlbD4q431d4f7 + 0sIwBMHOsDjTSA== ) +y.dyn.example.net. 7200 IN A 1.2.3.5 + 7200 RRSIG A 5 4 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + KQbZCcMcXWwGUyHyubt0VRhrpgiOel/0rQpF + 18PyCNIAUIdRra1+Tj12ZaCBT2x5fu+/rtki + qA5CzWo8HIPwmA== ) + 7200 NSEC z.dyn.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 4 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + e/zPTQ1WxvSJymZ/QSyPYFRYpc8gScTbwfXY + mSyhQGyn1FjfLodAvyicNYbKF/oxR7IaXKLn + lO6C9gQ+Iu9wyw== ) +z.dyn.example.net. 7200 IN A 1.2.3.6 + 7200 RRSIG A 5 4 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + hv9KA2BS+b97KSebN4h/nrP8cU4FUASHdsZj + E2GMTf1aV3gpUyPf8LizKhLbUo/LF0bO3CpJ + rWBT4VggwE8blQ== ) + 7200 NSEC dyn.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 4 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + r8f5dzQcdnn8gvr0jiExt/n4IUCVKID9Nahx + XMDPLrA7ZH7omol+hKz6wlumYmjphlP2mHUU + TNZYnWKCkD3hAQ== ) diff --git a/contrib/zkt/examples/flat/dyn.example.net./zone.db.dsigned b/contrib/zkt/examples/flat/dyn.example.net./zone.db.dsigned new file mode 100644 index 0000000..9e4c5c8 --- /dev/null +++ b/contrib/zkt/examples/flat/dyn.example.net./zone.db.dsigned @@ -0,0 +1,136 @@ +; File written on Thu Jun 12 18:28:39 2008 +; dnssec_signzone version 9.5.0 +dyn.example.net. 7200 IN SOA ns1.example.net. hostmaster.example.net. ( + 8 ; serial + 43200 ; refresh (12 hours) + 1800 ; retry (30 minutes) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 7200 RRSIG SOA 5 3 7200 20080622152838 ( + 20080612152838 1355 dyn.example.net. + GXyAKsmJ3D+pFic86kQxw+ASoAeGwuGj2rY+ + fby0HR5ud3i/Iq857ZlluDbQbg1EKZuar0l5 + e7HwrB59bxKAuw== ) + 7200 NS ns1.example.net. + 7200 NS ns2.example.net. + 7200 RRSIG NS 5 3 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + xuEEg3kN7hAVIwdQ8l8lmeEzNhrtz5Ow1PQK + Sm3KTIxXI8RLcqZgc4pMlCWq+gWwxekvxJwz + lU0C+J4VPkA8pA== ) + 7200 NSEC localhost.dyn.example.net. NS SOA RRSIG NSEC DNSKEY + 7200 RRSIG NSEC 5 3 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + XFDBfmcN874qUtNsGwD9Ir0QAzjYMw3BI40I + HFEOkTBJouhQ8RBpR6YqgWpkLqg1khvES5DH + +6XuqA8u/xPmbw== ) + 3600 DNSKEY 256 3 5 ( + BQEAAAAB1hmOomNafbJ3H76e8V4qmFvlFWQu + IkM+jbh+s79ZpErpCR7wBS5TswdoTeglX9Uj + P0D6hLmHfTcsdHQLLeMidQ== + ) ; key id = 1355 + 3600 DNSKEY 257 3 3 ( + CNtFdVrUUJ9MPDyzGoPm+tSKUgnX4bble5+V + NGd4RjwWpEDj8RhEAhQ7LybJzr0wtHXT2Q/K + S55xARkUtcH2TVO/ayMupa30pM38rd8uF38s + m+ABKLEvCbPjaLZyW+s10di8nLp1aAxKFFfA + EfXkIhl3Wm5g9CvjrMlrxAOfNy/jtz4v+asI + r6/d992V80G9wMKMvTMQoCr4Sp9s2JubW79i + 4RBVWgHHJMmtyqq+SqEkPhZvsTuo2sXgIH9v + RS3XgfkGtw/KyTUM29bhZ2eB+Ldq+bggp1gb + BDiSsxZPjxciizI/mCzXWbq8BdfZ6LsddMjA + olJwCtaPCD4e4infmw+YSxjGau+YGgI0Cc0u + ItzQmNNpSoejM3IWGV+SN/YuPJIzw8wixDfO + 6kCNiPsW45Fvq31148cAvUvwiqYPQ3fONeOT + dQjsJWLLdLTApVEH10kjAGfa30Tm92lQhhG5 + ovWrWCMbFlw4Lbvlon+X2snWPNut0a1Pz4Wd + clDcmNU8dxi1lFvGbcJ0E4qBoJVBIzDh4HX1 + ) ; key id = 42138 + 3600 RRSIG DNSKEY 3 3 3600 20080615214426 ( + 20080609214426 42138 dyn.example.net. + CIIuZ4cbwEWxoPGO6KDcLRO4Z3y0i2VhXy+5 + 1X+nmHSkpcKJrUty/wY= ) + 3600 RRSIG DNSKEY 5 3 3600 20080615214426 ( + 20080609214426 1355 dyn.example.net. + xGL6ZjA7v2RjPj7BnYjCvsgMRm/Z94j4c5K4 + 7twJsUZ0AO/mURIpdbCigDfFJuK2fy/8X4Vi + 9K8P4EgCcj52Jw== ) +localhost.dyn.example.net. 7200 IN A 127.0.0.1 + 7200 RRSIG A 5 4 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + s+RvcycC8aAYgRcR5qBdVXhpRxBMTFS5Q0Pk + FN7OAdfmJ/3nV7+ehu0eOZ2ZjO2Pm4ZFcSM1 + Sm1ttNxSTe2M8A== ) + 7200 NSEC ns1.dyn.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 4 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + ZhXlmS/WJPbIiXwLKzNFOxw7RU3owfTA8vEM + +/SDZO/7+aVSj5IgbsUs3qLAuFrMN8BFEAWt + AqArf+M3STbO9g== ) +ns1.dyn.example.net. 7200 IN A 1.0.0.5 + 7200 RRSIG A 5 4 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + gPY1vUcxdWRJ1YbFMg/8rgoPZwta6rFrxQZl + KbyBNctNmlbXxeynP6j3qjwq9dydzbNt+sjO + TdWtXSZIlU2JKQ== ) + 7200 AAAA 2001:db8::53 + 7200 RRSIG AAAA 5 4 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + Y/PZmvaKPq4CqDvdG7eA2sxlnCPeNKHkZOB4 + eDvK1x+q/WfTs3BDd3+g4zlG5nMC+NRSlXeO + Q4Pxd2rI9ud1hA== ) + 7200 NSEC ns2.dyn.example.net. A AAAA RRSIG NSEC + 7200 RRSIG NSEC 5 4 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + pLgxecgjqGdhVmCcUl59FljWsnC4bjkslUdt + 0etzeGD1SNGUqhFcW10EgZE4Y9pXwvLvw68R + sj80tqtN0NHi/Q== ) +ns2.dyn.example.net. 7200 IN A 1.2.0.6 + 7200 RRSIG A 5 4 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + pHtJzfj0HU/AkLE70xT0UG8M/Gvvsia61TnC + UrxR/61uQk1X4Vy2+oPA14Yb2QJ7ZHG5D1cn + LrVtjyQbfimbOA== ) + 7200 NSEC x.dyn.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 4 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + vjPL9Mb6oUyg9y8m+BpVpTRpac9+WJxu8FHd + Xv4xk67NN+L+Zpukm0D8LSOrk4hZk0X5JkLD + Pz/gpH280yQJFA== ) +x.dyn.example.net. 7200 IN A 1.2.3.4 + 7200 RRSIG A 5 4 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + tFyv0gmTKt8/IXdH9VA1H1ymBQ8EIviN2xbC + P8vzWZbay3Az2GPObYmaHKb1dm+Sq1dQUJsb + jn6fdB+T2Zs9Pw== ) + 7200 NSEC y.dyn.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 4 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + bWhiuA+4V86k/bfw7XQ7qDHwxTwbTyN+2gu5 + MeYQA/WeHdb+3QUOYr6aERRJlbD4q431d4f7 + 0sIwBMHOsDjTSA== ) +y.dyn.example.net. 7200 IN A 1.2.3.5 + 7200 RRSIG A 5 4 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + KQbZCcMcXWwGUyHyubt0VRhrpgiOel/0rQpF + 18PyCNIAUIdRra1+Tj12ZaCBT2x5fu+/rtki + qA5CzWo8HIPwmA== ) + 7200 NSEC z.dyn.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 4 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + e/zPTQ1WxvSJymZ/QSyPYFRYpc8gScTbwfXY + mSyhQGyn1FjfLodAvyicNYbKF/oxR7IaXKLn + lO6C9gQ+Iu9wyw== ) +z.dyn.example.net. 7200 IN A 1.2.3.6 + 7200 RRSIG A 5 4 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + hv9KA2BS+b97KSebN4h/nrP8cU4FUASHdsZj + E2GMTf1aV3gpUyPf8LizKhLbUo/LF0bO3CpJ + rWBT4VggwE8blQ== ) + 7200 NSEC dyn.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 4 7200 20080615214426 ( + 20080609214426 1355 dyn.example.net. + r8f5dzQcdnn8gvr0jiExt/n4IUCVKID9Nahx + XMDPLrA7ZH7omol+hKz6wlumYmjphlP2mHUU + TNZYnWKCkD3hAQ== ) diff --git a/contrib/zkt/examples/flat/dyn.example.net./zone.org b/contrib/zkt/examples/flat/dyn.example.net./zone.org new file mode 100644 index 0000000..c536fc8 --- /dev/null +++ b/contrib/zkt/examples/flat/dyn.example.net./zone.org @@ -0,0 +1,30 @@ +;----------------------------------------------------------------- +; +; @(#) dyn.example.net/zone.org +; +;----------------------------------------------------------------- + +$TTL 7200 + +@ IN SOA ns1.example.net. hostmaster.example.net. ( + 1 ; Serial + 43200 ; Refresh + 1800 ; Retry + 2W ; Expire + 7200 ) ; Minimum + + IN NS ns1.example.net. + IN NS ns2.example.net. + +ns1 IN A 1.0.0.5 + IN AAAA 2001:db8::53 +ns2 IN A 1.2.0.6 + +localhost IN A 127.0.0.1 + +x IN A 1.2.3.4 +y IN A 1.2.3.5 +z IN A 1.2.3.6 + +$INCLUDE dnskey.db + diff --git a/contrib/zkt/examples/flat/example.net./Kexample.net.+005+01764.key b/contrib/zkt/examples/flat/example.net./Kexample.net.+005+01764.key new file mode 100644 index 0000000..bd273d3 --- /dev/null +++ b/contrib/zkt/examples/flat/example.net./Kexample.net.+005+01764.key @@ -0,0 +1,3 @@ +;% generationtime=20080506212634 +;% lifetime=60d +example.net. IN DNSKEY 257 3 5 BQEAAAABDUi2uSUlDjESbnrnY5wd8+pXxhYVY4wCi2UVjhcehvIb2bF8 VJH2Q9/0ubQR1vQ2VJhsGUj3A7bdTfbMETPxKkZaDpc9lCYrm0z5HDrs lyx4bSb4JX/iCyhgYZXrTVb9WyLXjUtmDUktDjZgsyVshFHVJShBUSj+ YpnfQkndGViDAbJRycXDYEF1hCNmTK3KsR1JS9dXMKI3WidH+B9rLlBU 8w== diff --git a/contrib/zkt/examples/flat/example.net./Kexample.net.+005+01764.published b/contrib/zkt/examples/flat/example.net./Kexample.net.+005+01764.published new file mode 100644 index 0000000..42b8b80 --- /dev/null +++ b/contrib/zkt/examples/flat/example.net./Kexample.net.+005+01764.published @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: DUi2uSUlDjESbnrnY5wd8+pXxhYVY4wCi2UVjhcehvIb2bF8VJH2Q9/0ubQR1vQ2VJhsGUj3A7bdTfbMETPxKkZaDpc9lCYrm0z5HDrslyx4bSb4JX/iCyhgYZXrTVb9WyLXjUtmDUktDjZgsyVshFHVJShBUSj+YpnfQkndGViDAbJRycXDYEF1hCNmTK3KsR1JS9dXMKI3WidH+B9rLlBU8w== +PublicExponent: AQAAAAE= +PrivateExponent: AzPR74ljfqsl7qB92XeCowR3igYQrN59a2Z8VGB1PegjagkBltDzudzYyDKpvqdigjeFLL54f1MN5JCPo4J2Q6Ij49LAQ5GsXiEd/FWlwR+UztOcW/uZ3W6DNIwuMbSY7ruZmpv/zVPpyeY1PVXgCsJlX2Zj/Wt8QHASHp5rUugGQSPQfVSQ/mBdDXMZw2tEb3b10quziCmKuHegopRYeuNXwQ== +Prime1: A+5jXfxmP0Mfnjr4m8BPrPkDyokgFXZB3dXibxeZqp4ypcwpXeO0xTf1FjSZeIOi2RJOzpym914IYa3wPx4zbxmsGeozr1hTIWE+6Xuz0qjE0w== +Prime2: A2EOffOaSvEoTUf/0dF8Z9/dYxIrE9HBbXRjgrlPc+WoG57lCkjxe/KO5Eclg9o5nrTFcsxpsjrdxOAcIcyTIHsXW8YgxDAb1mFJ0V6tBsabYQ== +Exponent1: vmRAN3zHGTV28Oj4gslB/xA58sDyieCkDrpGaGChsPo7yUPOEeZQ8ep/FDnQoZLhLCn6XkKcN4D99Yo3JxVECBJOHZp8HrFsfF9BzpXk2yH9 +Exponent2: Aj8x3YdZJ0/KzwX2m6G2qZ5WktmkDITa+XHxvSashqlBm2niBCRFN5kNQNhkIO5ZAFWKEPuHSB5BZWTzgj8jeB8mRoYtbPlJom4KbNtCiZ6BYQ== +Coefficient: A87WfUPUBfYDuSAu6kcHLAyr0OnqoXnMeXSgyq28CJXdh3Vg39Al8me07wWeRDjMzfpZGdKEhxyvVIS8WhY3du0FYoGI5YhJMqaYq3XjwLfpsQ== diff --git a/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41151.key b/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41151.key new file mode 100644 index 0000000..d72baa9 --- /dev/null +++ b/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41151.key @@ -0,0 +1,3 @@ +;% generationtime=20080420205422 +;% lifetime=60d +example.net. IN DNSKEY 257 3 5 BQEAAAABDAnSCbSyScZdP2M6OQTbTGvZRD5avmDYgAwXv0EsnNautYn7 kzDGwY3oVTXWDTdII+syK0pt0unjUn2ActoXtyFzIk61VRKDroANM9/W O0PO/y50vNIGMJUL1TiMR6jCp23eSxQ39/1A+BeiU+fMjoJK0/Yc7hbM HWwD8myU0IEX8R2iVUTXNPNbmUV2M836Eu5SRLIVTc7P4vjKT1YYVnoQ qw== diff --git a/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41151.private b/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41151.private new file mode 100644 index 0000000..554cd12 --- /dev/null +++ b/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41151.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: DAnSCbSyScZdP2M6OQTbTGvZRD5avmDYgAwXv0EsnNautYn7kzDGwY3oVTXWDTdII+syK0pt0unjUn2ActoXtyFzIk61VRKDroANM9/WO0PO/y50vNIGMJUL1TiMR6jCp23eSxQ39/1A+BeiU+fMjoJK0/Yc7hbMHWwD8myU0IEX8R2iVUTXNPNbmUV2M836Eu5SRLIVTc7P4vjKT1YYVnoQqw== +PublicExponent: AQAAAAE= +PrivateExponent: CJPcx+j7bWxMzKCl395v2PxQRYc/YurHU25oJL9i+B/bkxC8sRzSrTe4rRW61vhtAE3R6+CGz1336igirbEWKjHbPyBg42QHu2OCHWcKv4jq8k9yvtYGb9rKVvSUj4HAfZolr130loWW+CNp5soQQcJG0qxP+YkdI/Z+GDQ9kDbn80+r3wtCtVzjhoq0RoUSH3UnKUbs+DvacQmvepMLcM3PgQ== +Prime1: A413lN4gpI+7Imn2Krm4CGyRCBoNwFa2PSr1ZQN195W5enKVZAkKg+49G7hoduMgjW2RAzwoJp0/4cGPx5nugSv93QT/mTMhYupL9KdGKcYUIQ== +Prime2: A2N7TbYY1Q67CsoqHPvogKEP0XtlN421eF+88Yu/YnAZ3Ikd1nMad7rO1bVWptabsNuw0JFkpOmrS3u/GvaWmKCNGBlGjF/XlKr8Bh63V/zLSw== +Exponent1: Aa0C6ssN8NTZIKsoGJEJLVbb9uB48nXtaMq2FxFARogrnmY0Gi/n8AWFc+ulPvAzJhhrjWF3VW38GcuPe3Ss8l3fpAbAexEnrJHOXxKLlOgmwQ== +Exponent2: j78LKeDXSgTL5WmsffdJHSRe32GfaX6SgTF0BKzKVRuNIiOf7vHjzkDn4gdcTsMLTSNVp/Zj4vkWMkfJNq+AqosHpBFvhmd+boUG4Xde4jSp +Coefficient: A1RWhKCgowdNAWs9OF3Q5CBBzC2Fq6O0CspJJD3cmNTEQVbxEbzSWyW7S1NsBgp+6de/HQ72IFtEAL9ChSy6pXWx27PGK6wE89rGbfaJ9Y2gzQ== diff --git a/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41300.key b/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41300.key new file mode 100644 index 0000000..235a5df --- /dev/null +++ b/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41300.key @@ -0,0 +1,3 @@ +;% generationtime=20080721221039 +;% lifetime=14d +example.net. IN DNSKEY 256 3 5 BQEAAAABz+XkYpKYKuMPi7jA8Y/qfzDuGKdGVadO1kBAK6UnrK+WbxP3 LjoOtWm13QuS8fHsuZipXs2ouT2S9dhdEArKfw== diff --git a/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41300.private b/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41300.private new file mode 100644 index 0000000..b5041c0 --- /dev/null +++ b/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41300.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: z+XkYpKYKuMPi7jA8Y/qfzDuGKdGVadO1kBAK6UnrK+WbxP3LjoOtWm13QuS8fHsuZipXs2ouT2S9dhdEArKfw== +PublicExponent: AQAAAAE= +PrivateExponent: MF8+pDySZKCy1bZvgH9me1xf6cMd7V7FYgIWqRTSGuGpRWdtnIoltaBWjj2UlCshJYiwT0Y5g3obAsorqBC3wQ== +Prime1: 6M83fhmfDJmatbG+texk1m/E7Aj8yOTLommXQYC/18M= +Prime2: 5JtrNfEt434OYY/aIFo+LpKQ4YHmni1IODDoP9sHkpU= +Exponent1: nCZRKBmE9YucwPIw6E1yLiAJ87fqm9IGNLez0kmtV+0= +Exponent2: 4rEtpIoEBRymA2/iJbg+UmyCd1MKp5Mx4WhFTv1KOS0= +Coefficient: v0eWAC3cl0XllkeNGaq5thp02OnHsxVU8Xwtss3dCMw= diff --git a/contrib/zkt/examples/flat/example.net./dnskey.db b/contrib/zkt/examples/flat/example.net./dnskey.db new file mode 100644 index 0000000..6bd2ba0 --- /dev/null +++ b/contrib/zkt/examples/flat/example.net./dnskey.db @@ -0,0 +1,33 @@ +; +; !!! Don't edit this file by hand. +; !!! It will be generated by dnssec-signer. +; +; Last generation time Jul 31 2008 00:25:53 +; + +; *** List of Key Signing Keys *** +; example.net. tag=1764 algo=RSASHA1 generated Jun 19 2008 00:32:22 +example.net. 3600 IN DNSKEY 257 3 5 ( + BQEAAAABDUi2uSUlDjESbnrnY5wd8+pXxhYVY4wCi2UVjhcehvIb2bF8 + VJH2Q9/0ubQR1vQ2VJhsGUj3A7bdTfbMETPxKkZaDpc9lCYrm0z5HDrs + lyx4bSb4JX/iCyhgYZXrTVb9WyLXjUtmDUktDjZgsyVshFHVJShBUSj+ + YpnfQkndGViDAbJRycXDYEF1hCNmTK3KsR1JS9dXMKI3WidH+B9rLlBU + 8w== + ) ; key id = 1764 + +; example.net. tag=41151 algo=RSASHA1 generated Jun 19 2008 00:32:22 +example.net. 3600 IN DNSKEY 257 3 5 ( + BQEAAAABDAnSCbSyScZdP2M6OQTbTGvZRD5avmDYgAwXv0EsnNautYn7 + kzDGwY3oVTXWDTdII+syK0pt0unjUn2ActoXtyFzIk61VRKDroANM9/W + O0PO/y50vNIGMJUL1TiMR6jCp23eSxQ39/1A+BeiU+fMjoJK0/Yc7hbM + HWwD8myU0IEX8R2iVUTXNPNbmUV2M836Eu5SRLIVTc7P4vjKT1YYVnoQ + qw== + ) ; key id = 41151 + +; *** List of Zone Signing Keys *** +; example.net. tag=41300 algo=RSASHA1 generated Jul 24 2008 00:13:57 +example.net. 3600 IN DNSKEY 256 3 5 ( + BQEAAAABz+XkYpKYKuMPi7jA8Y/qfzDuGKdGVadO1kBAK6UnrK+WbxP3 + LjoOtWm13QuS8fHsuZipXs2ouT2S9dhdEArKfw== + ) ; key id = 41300 + diff --git a/contrib/zkt/examples/flat/example.net./dsset-example.net. b/contrib/zkt/examples/flat/example.net./dsset-example.net. new file mode 100644 index 0000000..d4a01ed --- /dev/null +++ b/contrib/zkt/examples/flat/example.net./dsset-example.net. @@ -0,0 +1,4 @@ +example.net. IN DS 1764 5 1 A6F060DDE8DE45CA7FD1C21E2F39C477F214795F +example.net. IN DS 1764 5 2 B7109245C60ACEDD1630E145477FDF574D5BD9CABE530AAC6D7192DB 7FBFAA3F +example.net. IN DS 41151 5 1 BBB692EA07571E412F9385A618C1CAD9BFC1469A +example.net. IN DS 41151 5 2 4D22B44C3DC09BD9EEADFFB917EFCE8E45F22E89FF0C096CD14F4405 CA1CAE3F diff --git a/contrib/zkt/examples/flat/example.net./kexample.net.+005+14829.key b/contrib/zkt/examples/flat/example.net./kexample.net.+005+14829.key new file mode 100644 index 0000000..fdf427b --- /dev/null +++ b/contrib/zkt/examples/flat/example.net./kexample.net.+005+14829.key @@ -0,0 +1,4 @@ +;% generationtime=20080415164557 +;% lifetime=20d +;% expirationtime=20080506212633 +example.net. IN DNSKEY 385 3 5 BQEAAAABCrDt76ODmeteohszxggclH3vAXO/NXOnXjOzIivP5LaUL4/U uAtafg5JXypl/nCUVap9FG0K1ebCCBCMJaPCoi7pIgD5EgFzHPnxZo2w GvtmWYwK3MaBP4U8YzwpVbGpJIBAW+IZyM89LD6b2cvkJL5YEviPNfMp rMTLo7BOMVjMBpG2IuULOHq7dzyIe/ym/RXKuuYc5AVtHCBBfGKU/Wzn 0Q== diff --git a/contrib/zkt/examples/flat/example.net./kexample.net.+005+14829.private b/contrib/zkt/examples/flat/example.net./kexample.net.+005+14829.private new file mode 100644 index 0000000..1018561 --- /dev/null +++ b/contrib/zkt/examples/flat/example.net./kexample.net.+005+14829.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: CrDt76ODmeteohszxggclH3vAXO/NXOnXjOzIivP5LaUL4/UuAtafg5JXypl/nCUVap9FG0K1ebCCBCMJaPCoi7pIgD5EgFzHPnxZo2wGvtmWYwK3MaBP4U8YzwpVbGpJIBAW+IZyM89LD6b2cvkJL5YEviPNfMprMTLo7BOMVjMBpG2IuULOHq7dzyIe/ym/RXKuuYc5AVtHCBBfGKU/Wzn0Q== +PublicExponent: AQAAAAE= +PrivateExponent: CWC6hC61oQC954Dcu2Z0NNmLk6Wnr33yh7VCuT7kh5fSOgA6Fm0qQgH+nvW2sv9fpy8JB4WBaa/CnysKkLwjDBFcWkrMw7wDR0KAiixe8bjXCZUy95x2t3B/o23jQtS/ejJgaSSOJFioRcPoT5sv9mm6QCe3ir3g9+3n4COrzf0DY1oGfDLzuhrYDT/AM5MuEjSamlblTPHHsKlI3UCl+AHDLQ== +Prime1: A3ZcDeyxt/SDgmgg4Yk7v66MbFU4GWreYp4/MYhEDsE4jA0cqEY28cAoN8FyPCB1H1t10IVqOs7/LSKrWdXMUKUv57DPMHJp539Wx2HYLmVIfw== +Prime2: AxZ8J01/Sbij24nloiVsDJdjFTAVApr4S6n/QRdBkWumQTLexnQ1ErcTEVc3Fn0po04ZToIO5JNINrWNdAuNiaHYLuiD4pkkHuSAmTajbVsnrw== +Exponent1: Iw7WPWd3zZeJ/b3zQcQtSosUXUWFy430aEsQWimMnibFm+qOVpsjhRkTHW/yZp227Y4sVb/ZhzCZWFGr6qWe0sdHIv5Yx6SkvIxv4rUiHdOL +Exponent2: AhiPWhKq+Iyy/HRZuWpIAalUZ7yE7FeHWFQYQLocatTCnY91VsgNxRLXRwcci6mflhIVoLBDHJal7x4SCRq0Xbze5PeMlMUhsDQdCT+QYTgCRw== +Coefficient: Auw2b1lPzp3gWxpnDNZWeuiwGcWTd9fNfN/4kBrCbulFngYTNVBpqathFqdwtojYXHfM2HZDKHqmZVZgON+FfxvauGvTDWO6MTBxUleeBlLmcg== diff --git a/contrib/zkt/examples/flat/example.net./keyset-example.net. b/contrib/zkt/examples/flat/example.net./keyset-example.net. new file mode 100644 index 0000000..c832578 --- /dev/null +++ b/contrib/zkt/examples/flat/example.net./keyset-example.net. @@ -0,0 +1,19 @@ +$ORIGIN . +example.net 7200 IN DNSKEY 257 3 5 ( + BQEAAAABDAnSCbSyScZdP2M6OQTbTGvZRD5a + vmDYgAwXv0EsnNautYn7kzDGwY3oVTXWDTdI + I+syK0pt0unjUn2ActoXtyFzIk61VRKDroAN + M9/WO0PO/y50vNIGMJUL1TiMR6jCp23eSxQ3 + 9/1A+BeiU+fMjoJK0/Yc7hbMHWwD8myU0IEX + 8R2iVUTXNPNbmUV2M836Eu5SRLIVTc7P4vjK + T1YYVnoQqw== + ) ; key id = 41151 + 7200 IN DNSKEY 257 3 5 ( + BQEAAAABDUi2uSUlDjESbnrnY5wd8+pXxhYV + Y4wCi2UVjhcehvIb2bF8VJH2Q9/0ubQR1vQ2 + VJhsGUj3A7bdTfbMETPxKkZaDpc9lCYrm0z5 + HDrslyx4bSb4JX/iCyhgYZXrTVb9WyLXjUtm + DUktDjZgsyVshFHVJShBUSj+YpnfQkndGViD + AbJRycXDYEF1hCNmTK3KsR1JS9dXMKI3WidH + +B9rLlBU8w== + ) ; key id = 1764 diff --git a/contrib/zkt/examples/flat/example.net./zone.db b/contrib/zkt/examples/flat/example.net./zone.db new file mode 100644 index 0000000..42ad067 --- /dev/null +++ b/contrib/zkt/examples/flat/example.net./zone.db @@ -0,0 +1,43 @@ +;----------------------------------------------------------------- +; +; @(#) example.net/zone.db +; +;----------------------------------------------------------------- + +$TTL 7200 + +; Be sure that the serial number below is left +; justified in a field of at least 10 chars!! +; 0123456789; +; It's also possible to use the date form e.g. 2005040101 +@ IN SOA ns1.example.net. hostmaster.example.net. ( + 306 ; Serial + 43200 ; Refresh + 1800 ; Retry + 2W ; Expire + 7200 ) ; Minimum + + IN NS ns1.example.net. + IN NS ns2.example.net. + +ns1 IN A 1.0.0.5 + IN AAAA 2001:db8::53 +ns2 IN A 1.2.0.6 + +localhost IN A 127.0.0.1 + +a IN A 1.2.3.1 +b IN MX 10 a +;c IN A 1.2.3.2 +d IN A 1.2.3.3 + IN AAAA 2001:0db8::3 + +; Delegation to secure zone; The DS resource record will +; be added by dnssec-signzone automatically if the +; keyset-sub.example.net file is present (run dnssec-signzone +; with option -g or use the dnssec-signer tool) ;-) +sub IN NS ns1.example.net. + +; this file will have all the zone keys +$INCLUDE dnskey.db + diff --git a/contrib/zkt/examples/flat/example.net./zone.db.signed b/contrib/zkt/examples/flat/example.net./zone.db.signed new file mode 100644 index 0000000..b10d122 --- /dev/null +++ b/contrib/zkt/examples/flat/example.net./zone.db.signed @@ -0,0 +1,166 @@ +; File written on Thu Jul 31 00:25:53 2008 +; dnssec_signzone version 9.5.1b1 +example.net. 7200 IN SOA ns1.example.net. hostmaster.example.net. ( + 306 ; serial + 43200 ; refresh (12 hours) + 1800 ; retry (30 minutes) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 7200 RRSIG SOA 5 2 7200 20080805212553 ( + 20080730212553 41300 example.net. + eRpET793mGv1lKjHoaL/woHNxqFx8mFg1LlT + x3ISMuUH7BJCHI4urjNMIJCOKwTeDsstlmvt + llflqikDp8uLmQ== ) + 7200 NS ns1.example.net. + 7200 NS ns2.example.net. + 7200 RRSIG NS 5 2 7200 20080805212553 ( + 20080730212553 41300 example.net. + t7lt/MCYy2plJXQXeZFapUjzkhtYi0NIa4/i + sJInZYv78nT2981zrlYCX5UKswGy6VAchtgu + WDdVL5V3nirNiA== ) + 7200 NSEC a.example.net. NS SOA RRSIG NSEC DNSKEY + 7200 RRSIG NSEC 5 2 7200 20080805212553 ( + 20080730212553 41300 example.net. + TNq3FKjB7brjHQDD1vReNNddof1UmsAOdioU + vL1alQJa1zXVpL9Yl2NUbtuV3kKVpxxLAZM4 + 8fjJ1uPzW3KVJQ== ) + 3600 DNSKEY 256 3 5 ( + BQEAAAABz+XkYpKYKuMPi7jA8Y/qfzDuGKdG + VadO1kBAK6UnrK+WbxP3LjoOtWm13QuS8fHs + uZipXs2ouT2S9dhdEArKfw== + ) ; key id = 41300 + 3600 DNSKEY 257 3 5 ( + BQEAAAABDAnSCbSyScZdP2M6OQTbTGvZRD5a + vmDYgAwXv0EsnNautYn7kzDGwY3oVTXWDTdI + I+syK0pt0unjUn2ActoXtyFzIk61VRKDroAN + M9/WO0PO/y50vNIGMJUL1TiMR6jCp23eSxQ3 + 9/1A+BeiU+fMjoJK0/Yc7hbMHWwD8myU0IEX + 8R2iVUTXNPNbmUV2M836Eu5SRLIVTc7P4vjK + T1YYVnoQqw== + ) ; key id = 41151 + 3600 DNSKEY 257 3 5 ( + BQEAAAABDUi2uSUlDjESbnrnY5wd8+pXxhYV + Y4wCi2UVjhcehvIb2bF8VJH2Q9/0ubQR1vQ2 + VJhsGUj3A7bdTfbMETPxKkZaDpc9lCYrm0z5 + HDrslyx4bSb4JX/iCyhgYZXrTVb9WyLXjUtm + DUktDjZgsyVshFHVJShBUSj+YpnfQkndGViD + AbJRycXDYEF1hCNmTK3KsR1JS9dXMKI3WidH + +B9rLlBU8w== + ) ; key id = 1764 + 3600 RRSIG DNSKEY 5 2 3600 20080805212553 ( + 20080730212553 41151 example.net. + AoLzL97D0rw8R5leKTNH7XuKyLPUdmX2nmfb + Q9RV9mV1mcM7cV37C8nNp1xNqY91frjCiUtd + PjFa95U2B1ZVU6j2CgWzPLRidRTU/aKJy2MZ + dwkAx4P6MGXemCwi5xGY1JLP3WTtdW1ERBjE + tgOT8mOOA8pDk+1S2zUAGbT4WGLx09hf16n+ + b9YR+mNVyEyJ8qJGvWm6U8niyhHOZWFj6QkL + Tw== ) + 3600 RRSIG DNSKEY 5 2 3600 20080805212553 ( + 20080730212553 41300 example.net. + up151hyvd84qGvWxziVwgzuLHvZ9os27gqSU + hMeplk+Q2coXShZ219zSQKfZHRYRQF0Hujwi + FSHnJW5dlBhMow== ) +a.example.net. 7200 IN A 1.2.3.1 + 7200 RRSIG A 5 3 7200 20080805212553 ( + 20080730212553 41300 example.net. + EOJulnvULgDyx+WXIPkkoAcBot3lKKIHplAM + aa2K3QIXak75/IxCh+K/yUpqgsbeU0wHJakd + vo0cFjkPvCCrHA== ) + 7200 NSEC b.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20080805212553 ( + 20080730212553 41300 example.net. + Vb+ZkjqQ+TzXmhsVEE1490F6O3Mww5z0GiO/ + 1CtMb+qfUNS0RavmHVnm5rBYs3WyQmG04vQr + 2MS4wJguPpznEg== ) +b.example.net. 7200 IN MX 10 a.example.net. + 7200 RRSIG MX 5 3 7200 20080805212553 ( + 20080730212553 41300 example.net. + RG6GDR1HAKQeG6TaWbIlp97FYZSp8Xf7ySxi + Q+OJaPw209RmlNFySWt/HQ6XiwPQ3OJUU9KJ + V1VbEaZnFVXu2Q== ) + 7200 NSEC d.example.net. MX RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20080805212553 ( + 20080730212553 41300 example.net. + MxxrqKlQWoN1PgC6g/VkzTQYRFZpeJfjtm9L + jbnNPVNUJoRFA2knURkrTB4nmQc6k9bms9Na + G1yt/jdFB699yg== ) +d.example.net. 7200 IN A 1.2.3.3 + 7200 RRSIG A 5 3 7200 20080805212553 ( + 20080730212553 41300 example.net. + LHAxOSR8B+5D4nPxGn3zr4w8E+sSffCRbiqS + 8Giafiugn+FKRRO+QrCBytSF/YBmwfuz7uQF + Xqk7op11oye7fA== ) + 7200 AAAA 2001:db8::3 + 7200 RRSIG AAAA 5 3 7200 20080805212553 ( + 20080730212553 41300 example.net. + VkBfSCLQGwOsCdzJTCgNenXpIHQ1OfOHhqib + 2UHf/kPtCRxONFQUcKfTC10XSbnOJ7oWcyVC + sJOAIxxNQOefZg== ) + 7200 NSEC localhost.example.net. A AAAA RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20080805212553 ( + 20080730212553 41300 example.net. + e9HXw+0oV/wa8dobs1lstE68JgCzdlmnGUAh + /0878kn5nyoLBaFEW3u6LU1E1YY277Ox2jZD + X51lgVvrlOsMaw== ) +localhost.example.net. 7200 IN A 127.0.0.1 + 7200 RRSIG A 5 3 7200 20080805212553 ( + 20080730212553 41300 example.net. + cx0NJFy0/RjCjhlU1X3S0na2q9hMyHmvFLhv + zLk+LqSaK1rHW4GNCCsGlNxQIb9uJjQJuUq1 + U9ZdHxUEqeRRtQ== ) + 7200 NSEC ns1.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20080805212553 ( + 20080730212553 41300 example.net. + nDPwYL/05NLxkY4iuyzH8ASiBq8FcY0uNQAg + F+bjdtm1xt1uyqTROl5JQ1P3SUb/EuoxCMII + hS9tIVb0spHDuQ== ) +ns1.example.net. 7200 IN A 1.0.0.5 + 7200 RRSIG A 5 3 7200 20080805212553 ( + 20080730212553 41300 example.net. + swMfIxbBfSCr4ACCa3dJ8d0gtoHD7Z0L0sTp + TFEZ9miQFFN9zxKHGRpk6fBjkiMI3bSAMbtM + bBUOTYWJIMT50g== ) + 7200 AAAA 2001:db8::53 + 7200 RRSIG AAAA 5 3 7200 20080805212553 ( + 20080730212553 41300 example.net. + w+weJuOzg5fQ15RGdNQ/7Gf4DxkcKq4Drx0l + CZ16TKV3/fR8ROCzIP9HulPsNJtEFK+J+CbM + 5P5ZMXieZrh+xQ== ) + 7200 NSEC ns2.example.net. A AAAA RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20080805212553 ( + 20080730212553 41300 example.net. + xe9q0umSSgBNQ5H0yLSQ9tONsw2hORQpxMGT + rrfxEcPm86SLMM40dithZQeajNucRlmuadKX + HREpYT/DVVBT0A== ) +ns2.example.net. 7200 IN A 1.2.0.6 + 7200 RRSIG A 5 3 7200 20080805212553 ( + 20080730212553 41300 example.net. + gOU5QjhdfwBBNHi5uQOs53GoxU7eiSt9I/yk + 06EzlFU2gJ+1cmhYKqrSZM7XC7/c5I61AZDS + 2LaOiuqMIPm8Hw== ) + 7200 NSEC sub.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20080805212553 ( + 20080730212553 41300 example.net. + dT90BIfl/AJ6gVSbrU0TiOacE5ZffS4N4B5+ + HQzwNup6HfL7ZwBEO/vhKJjSgwd+Oetfc76+ + /l+dJFZ8FtdZTA== ) +sub.example.net. 7200 IN NS ns1.example.net. + 7200 DS 54876 5 1 ( + CAB6127E303A8A8D7D5A29AE05DB60F4C506 + 0B10 ) + 7200 DS 54876 5 2 ( + 7C8CAF1844479F3600213173BB5D1E2A4414 + 3D63B6E0B3E10D8C5310ADF84D30 ) + 7200 RRSIG DS 5 3 7200 20080805212553 ( + 20080730212553 41300 example.net. + DjNb5DNaKyPMWJgfiLxXbw/BhuxxKd58tHv+ + TQqrp6STx8jZRWNsigEh4QTyx8lyYcAPaYEt + X6JnkVWr89s82A== ) + 7200 NSEC example.net. NS DS RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20080805212553 ( + 20080730212553 41300 example.net. + kDm+cYjtem6aZSTTsLdSQZnJJVfASXdIsrom + fViO1QIHNSZodbtWT9cqMvhMhmQ1rO5GVRGg + KaG0bEo8TpOAUw== ) diff --git a/contrib/zkt/examples/flat/keysets/dlvset-sub.example.net. b/contrib/zkt/examples/flat/keysets/dlvset-sub.example.net. new file mode 100644 index 0000000..8e00719 --- /dev/null +++ b/contrib/zkt/examples/flat/keysets/dlvset-sub.example.net. @@ -0,0 +1,2 @@ +sub.example.net.dlv.trusted-keys.de. IN DLV 54876 5 1 CAB6127E303A8A8D7D5A29AE05DB60F4C5060B10 +sub.example.net.dlv.trusted-keys.de. IN DLV 54876 5 2 7C8CAF1844479F3600213173BB5D1E2A44143D63B6E0B3E10D8C5310 ADF84D30 diff --git a/contrib/zkt/examples/flat/keysets/dsset-dyn.example.net. b/contrib/zkt/examples/flat/keysets/dsset-dyn.example.net. new file mode 100644 index 0000000..f94666a --- /dev/null +++ b/contrib/zkt/examples/flat/keysets/dsset-dyn.example.net. @@ -0,0 +1,2 @@ +dyn.example.net. IN DS 42138 3 1 0F49FCDB683D1903F69B6779DB55CA3472974879 +dyn.example.net. IN DS 42138 3 2 94AC94BFE3AFA17F7485F5F741274074FF2E26A360D776D8884F2689 CCED34C6 diff --git a/contrib/zkt/examples/flat/keysets/dsset-example.net. b/contrib/zkt/examples/flat/keysets/dsset-example.net. new file mode 100644 index 0000000..d4a01ed --- /dev/null +++ b/contrib/zkt/examples/flat/keysets/dsset-example.net. @@ -0,0 +1,4 @@ +example.net. IN DS 1764 5 1 A6F060DDE8DE45CA7FD1C21E2F39C477F214795F +example.net. IN DS 1764 5 2 B7109245C60ACEDD1630E145477FDF574D5BD9CABE530AAC6D7192DB 7FBFAA3F +example.net. IN DS 41151 5 1 BBB692EA07571E412F9385A618C1CAD9BFC1469A +example.net. IN DS 41151 5 2 4D22B44C3DC09BD9EEADFFB917EFCE8E45F22E89FF0C096CD14F4405 CA1CAE3F diff --git a/contrib/zkt/examples/flat/keysets/dsset-sub.example.net. b/contrib/zkt/examples/flat/keysets/dsset-sub.example.net. new file mode 100644 index 0000000..9bed62a --- /dev/null +++ b/contrib/zkt/examples/flat/keysets/dsset-sub.example.net. @@ -0,0 +1,2 @@ +sub.example.net. IN DS 54876 5 1 CAB6127E303A8A8D7D5A29AE05DB60F4C5060B10 +sub.example.net. IN DS 54876 5 2 7C8CAF1844479F3600213173BB5D1E2A44143D63B6E0B3E10D8C5310 ADF84D30 diff --git a/contrib/zkt/examples/flat/keysets/keyset-dyn.example.net. b/contrib/zkt/examples/flat/keysets/keyset-dyn.example.net. new file mode 100644 index 0000000..002217b --- /dev/null +++ b/contrib/zkt/examples/flat/keysets/keyset-dyn.example.net. @@ -0,0 +1,18 @@ +$ORIGIN . +dyn.example.net 7200 IN DNSKEY 257 3 3 ( + CNtFdVrUUJ9MPDyzGoPm+tSKUgnX4bble5+V + NGd4RjwWpEDj8RhEAhQ7LybJzr0wtHXT2Q/K + S55xARkUtcH2TVO/ayMupa30pM38rd8uF38s + m+ABKLEvCbPjaLZyW+s10di8nLp1aAxKFFfA + EfXkIhl3Wm5g9CvjrMlrxAOfNy/jtz4v+asI + r6/d992V80G9wMKMvTMQoCr4Sp9s2JubW79i + 4RBVWgHHJMmtyqq+SqEkPhZvsTuo2sXgIH9v + RS3XgfkGtw/KyTUM29bhZ2eB+Ldq+bggp1gb + BDiSsxZPjxciizI/mCzXWbq8BdfZ6LsddMjA + olJwCtaPCD4e4infmw+YSxjGau+YGgI0Cc0u + ItzQmNNpSoejM3IWGV+SN/YuPJIzw8wixDfO + 6kCNiPsW45Fvq31148cAvUvwiqYPQ3fONeOT + dQjsJWLLdLTApVEH10kjAGfa30Tm92lQhhG5 + ovWrWCMbFlw4Lbvlon+X2snWPNut0a1Pz4Wd + clDcmNU8dxi1lFvGbcJ0E4qBoJVBIzDh4HX1 + ) ; key id = 42138 diff --git a/contrib/zkt/examples/flat/keysets/keyset-example.net. b/contrib/zkt/examples/flat/keysets/keyset-example.net. new file mode 100644 index 0000000..c832578 --- /dev/null +++ b/contrib/zkt/examples/flat/keysets/keyset-example.net. @@ -0,0 +1,19 @@ +$ORIGIN . +example.net 7200 IN DNSKEY 257 3 5 ( + BQEAAAABDAnSCbSyScZdP2M6OQTbTGvZRD5a + vmDYgAwXv0EsnNautYn7kzDGwY3oVTXWDTdI + I+syK0pt0unjUn2ActoXtyFzIk61VRKDroAN + M9/WO0PO/y50vNIGMJUL1TiMR6jCp23eSxQ3 + 9/1A+BeiU+fMjoJK0/Yc7hbMHWwD8myU0IEX + 8R2iVUTXNPNbmUV2M836Eu5SRLIVTc7P4vjK + T1YYVnoQqw== + ) ; key id = 41151 + 7200 IN DNSKEY 257 3 5 ( + BQEAAAABDUi2uSUlDjESbnrnY5wd8+pXxhYV + Y4wCi2UVjhcehvIb2bF8VJH2Q9/0ubQR1vQ2 + VJhsGUj3A7bdTfbMETPxKkZaDpc9lCYrm0z5 + HDrslyx4bSb4JX/iCyhgYZXrTVb9WyLXjUtm + DUktDjZgsyVshFHVJShBUSj+YpnfQkndGViD + AbJRycXDYEF1hCNmTK3KsR1JS9dXMKI3WidH + +B9rLlBU8w== + ) ; key id = 1764 diff --git a/contrib/zkt/examples/flat/keysets/keyset-sub.example.net. b/contrib/zkt/examples/flat/keysets/keyset-sub.example.net. new file mode 100644 index 0000000..77aacd6 --- /dev/null +++ b/contrib/zkt/examples/flat/keysets/keyset-sub.example.net. @@ -0,0 +1,8 @@ +$ORIGIN . +sub.example.net 7200 IN DNSKEY 257 3 5 ( + AQOjGNN0/hLA20+W2qo0sktVActYKf1Opnx+ + bmkWSrsmJHMBHlT8hL507pGTmDoyH0Ae9+3M + ZSTBL1S+HhA12B0htiTp8IbtN/gZOBbwD36c + BpPe72uDQoUy/TdSn1HLtoqUSMTB+saqCTZW + CfIEqcbHRn0T6PhgqLyCvLzbZ/avYw== + ) ; key id = 54876 diff --git a/contrib/zkt/examples/flat/named.conf b/contrib/zkt/examples/flat/named.conf new file mode 100644 index 0000000..0e8551c --- /dev/null +++ b/contrib/zkt/examples/flat/named.conf @@ -0,0 +1,99 @@ +/***************************************************************** +** +** #(@) named.conf (c) 6. May 2004 (hoz) +** +*****************************************************************/ + +/***************************************************************** +** logging options +*****************************************************************/ +logging { + channel "named-log" { + file "/var/log/named" versions 3 size 2m; + print-time yes; + print-category yes; + print-severity yes; + severity info; + }; + channel "resolver-log" { + file "/var/log/named"; + print-time yes; + print-category yes; + print-severity yes; + severity debug 1; + }; + channel "dnssec-log" { +# file "/var/log/named-dnssec" ; + file "/var/log/named" ; + print-time yes; + print-category yes; + print-severity yes; + severity debug 3; + }; + category "dnssec" { "dnssec-log"; }; + category "default" { "named-log"; }; + category "resolver" { "resolver-log"; }; + category "client" { "resolver-log"; }; + category "queries" { "resolver-log"; }; +}; + +/***************************************************************** +** name server options +*****************************************************************/ +options { + directory "."; + + dump-file "/var/log/named_dump.db"; + statistics-file "/var/log/named.stats"; + + listen-on-v6 { any; }; + + query-source address * port 53; + transfer-source * port 53; + notify-source * port 53; + + recursion yes; + dnssec-enable yes; + edns-udp-size 4096; + +# dnssec-lookaside "." trust-anchor "trusted-keys.de."; + + querylog yes; + +}; + +/***************************************************************** +** include shared secrets... +*****************************************************************/ +/** for control sessions ... **/ +controls { + inet 127.0.0.1 + allow { localhost; }; + inet ::1 + allow { localhost; }; +}; + +/***************************************************************** +** ... and trusted_keys +*****************************************************************/ +# include "trusted-keys.conf" ; + +/***************************************************************** +** root server hints and required 127 stuff +*****************************************************************/ +zone "." in { + type hint; + file "root.hint"; +}; + +zone "localhost" in { + type master; + file "localhost.zone"; +}; + +zone "0.0.127.in-addr.ARPA" in { + type master; + file "127.0.0.zone"; +}; + +include "zone.conf"; diff --git a/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+04254.key b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+04254.key new file mode 100644 index 0000000..a255a7b --- /dev/null +++ b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+04254.key @@ -0,0 +1,3 @@ +;% generationtime=20080725213107 +;% lifetime=3d +sub.example.net. IN DNSKEY 256 3 1 BQEAAAAB4Z/siqZTvCFKzaOrB8+HHTlR9is+/+/Sem6gxhZt/vpWkNMy aSpAT8LjR7nNHr9vNYsJ2KCQtY2dUFjT5BCeqQ== diff --git a/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+04254.private b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+04254.private new file mode 100644 index 0000000..e636e05 --- /dev/null +++ b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+04254.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 1 (RSA) +Modulus: 4Z/siqZTvCFKzaOrB8+HHTlR9is+/+/Sem6gxhZt/vpWkNMyaSpAT8LjR7nNHr9vNYsJ2KCQtY2dUFjT5BCeqQ== +PublicExponent: AQAAAAE= +PrivateExponent: fcaPYDDCumWIaPKV7FY0JB/PofSCo8amWw5u+eXFxh149WE5PeXYOOS2+x41keA5Z1PhYme4Ma5rcCMRN7n+sQ== +Prime1: /RbDZdmt2zlsChJiLR+Brweas6L1jnzUsJFm78HlSnM= +Prime2: 5DhKYbovzYbkIFhp1b9lt22+ymAU8LOGvFXdfb1y33M= +Exponent1: yw61YMxuJGzEAgxVmlAm6oEH0WaaJ5T1PvZGut1xCU0= +Exponent2: wYNtwOUtI0UQWQF1ZCBiVsquBIkPvI5eR2GQypHaK08= +Coefficient: NqkVvrZjnJ/jVWDEykJ2XYuslJOIJPi1+7+sTUyBhPU= diff --git a/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+56744.key b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+56744.key new file mode 100644 index 0000000..4e7c3e5 --- /dev/null +++ b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+56744.key @@ -0,0 +1,3 @@ +;% generationtime=20080730222553 +;% lifetime=3d +sub.example.net. IN DNSKEY 256 3 1 BQEAAAABxZS/DJA1BUdYVj5cOmMMnA5W/SHlkb4sEZkca3uIqV4gTzgv guftN+M1ZgwyPwarn7DQR1Eb92uW3ALxwN2o6w== diff --git a/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+56744.published b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+56744.published new file mode 100644 index 0000000..2a3ae65 --- /dev/null +++ b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+56744.published @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 1 (RSA) +Modulus: xZS/DJA1BUdYVj5cOmMMnA5W/SHlkb4sEZkca3uIqV4gTzgvguftN+M1ZgwyPwarn7DQR1Eb92uW3ALxwN2o6w== +PublicExponent: AQAAAAE= +PrivateExponent: aSglUr7DxsGNZMOhyoyN6W0xGps+JGfI3ErXbewlvflVSFSHrA19x0OafvR6eFzqmzKKGIyZBJkYT5NHqKIG6Q== +Prime1: 4yqINEZm3xDdHGyv31umolirJtS4X2teORhzWDE/r6U= +Prime2: 3qjiidKP41FSrOsXXgkj3XBi+OAH0cpVBZxCuP+ykU8= +Exponent1: p8nyeR3ldgpw7A6tebr6okucM6324S5LPOWlC8ygxp0= +Exponent2: a1qTrKaBO6pN7UI/mHimSYLoevjQBWeX8jB0tmG0NIc= +Coefficient: NB2eeh6Z+a9qMf1w5UY2z9ME+ZyYtvRbYZSkedB4Q4Y= diff --git a/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+005+54876.key b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+005+54876.key new file mode 100644 index 0000000..21098f8 --- /dev/null +++ b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+005+54876.key @@ -0,0 +1 @@ +sub.example.net. IN DNSKEY 257 3 5 AQOjGNN0/hLA20+W2qo0sktVActYKf1Opnx+bmkWSrsmJHMBHlT8hL50 7pGTmDoyH0Ae9+3MZSTBL1S+HhA12B0htiTp8IbtN/gZOBbwD36cBpPe 72uDQoUy/TdSn1HLtoqUSMTB+saqCTZWCfIEqcbHRn0T6PhgqLyCvLzb Z/avYw== diff --git a/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+005+54876.private b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+005+54876.private new file mode 100644 index 0000000..ad5b363 --- /dev/null +++ b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+005+54876.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: oxjTdP4SwNtPltqqNLJLVQHLWCn9TqZ8fm5pFkq7JiRzAR5U/IS+dO6Rk5g6Mh9AHvftzGUkwS9Uvh4QNdgdIbYk6fCG7Tf4GTgW8A9+nAaT3u9rg0KFMv03Up9Ry7aKlEjEwfrGqgk2VgnyBKnGx0Z9E+j4YKi8gry822f2r2M= +PublicExponent: Aw== +PrivateExponent: bLs3o1QMgJI1DzxxeHbc41aHkBv+NG79qZ7wuYcnbsL3VhQ4qFh++J8Lt7rRdr+AFKVJMu4YgMo4fr61eTq+FWije4t8PrILH6qzNdwCqOLsQYyKRUODTPsE+2BU6TZVBsBOBPlpJP9hTBj1DCoUTE6y8Evkkmf4C4Y6U7frF/s= +Prime1: 1t2pJC/eQzdhrLR4qHlaaT6vPmBC+7eNPg8zjdZDA03TKMd/V4kw6XtB6QYQZRi/CXg7JjoLr3dpUgyMY0l8tw== +Prime2: wlIHexyw6bAIC1WmnQFESPLNXjvYYYiyRqCmAPwq4b02/4g7LR/BoKkh+3xiBY+VxvhwUOd5XVEIIVjRcMyOtQ== +Exponent1: jz5wwsqULM+WcyL7GvuRm38ffurXUnpeKV93s+QsrN6MxdpU5QYgm6eBRgQK7hB/W6V8xCaydPpGNrMIQjD9zw== +Exponent2: gYwE/L3LRnVasjkZvgDYMKHePtKQQQXMLxXEAKgcln4kqlrSHhUrwHDBUlLsA7UOhKWgNe+mPjYFa5CLoIhfIw== +Coefficient: DWng17udd0Q2STNt5gshQ6PjNQxEQmQMnCwltkosf8rJhl/rQuYULz0elnWhADcMBDYw7Y6Kb7xjpL4FdR0YnA== diff --git a/contrib/zkt/examples/flat/sub.example.net./dlvset-sub.example.net. b/contrib/zkt/examples/flat/sub.example.net./dlvset-sub.example.net. new file mode 100644 index 0000000..8e00719 --- /dev/null +++ b/contrib/zkt/examples/flat/sub.example.net./dlvset-sub.example.net. @@ -0,0 +1,2 @@ +sub.example.net.dlv.trusted-keys.de. IN DLV 54876 5 1 CAB6127E303A8A8D7D5A29AE05DB60F4C5060B10 +sub.example.net.dlv.trusted-keys.de. IN DLV 54876 5 2 7C8CAF1844479F3600213173BB5D1E2A44143D63B6E0B3E10D8C5310 ADF84D30 diff --git a/contrib/zkt/examples/flat/sub.example.net./dnskey.db b/contrib/zkt/examples/flat/sub.example.net./dnskey.db new file mode 100644 index 0000000..396e7d3 --- /dev/null +++ b/contrib/zkt/examples/flat/sub.example.net./dnskey.db @@ -0,0 +1,29 @@ +; +; !!! Don't edit this file by hand. +; !!! It will be generated by dnssec-signer. +; +; Last generation time Jul 31 2008 13:19:17 +; + +; *** List of Key Signing Keys *** +; sub.example.net. tag=54876 algo=RSASHA1 generated Jun 19 2008 00:32:22 +sub.example.net. 3600 IN DNSKEY 257 3 5 ( + AQOjGNN0/hLA20+W2qo0sktVActYKf1Opnx+bmkWSrsmJHMBHlT8hL50 + 7pGTmDoyH0Ae9+3MZSTBL1S+HhA12B0htiTp8IbtN/gZOBbwD36cBpPe + 72uDQoUy/TdSn1HLtoqUSMTB+saqCTZWCfIEqcbHRn0T6PhgqLyCvLzb + Z/avYw== + ) ; key id = 54876 + +; *** List of Zone Signing Keys *** +; sub.example.net. tag=4254 algo=RSAMD5 generated Jul 31 2008 00:25:52 +sub.example.net. 3600 IN DNSKEY 256 3 1 ( + BQEAAAAB4Z/siqZTvCFKzaOrB8+HHTlR9is+/+/Sem6gxhZt/vpWkNMy + aSpAT8LjR7nNHr9vNYsJ2KCQtY2dUFjT5BCeqQ== + ) ; key id = 4254 + +; sub.example.net. tag=56744 algo=RSAMD5 generated Jul 31 2008 00:25:53 +sub.example.net. 3600 IN DNSKEY 256 3 1 ( + BQEAAAABxZS/DJA1BUdYVj5cOmMMnA5W/SHlkb4sEZkca3uIqV4gTzgv + guftN+M1ZgwyPwarn7DQR1Eb92uW3ALxwN2o6w== + ) ; key id = 56744 + diff --git a/contrib/zkt/examples/flat/sub.example.net./dnssec.conf b/contrib/zkt/examples/flat/sub.example.net./dnssec.conf new file mode 100644 index 0000000..4a045ad --- /dev/null +++ b/contrib/zkt/examples/flat/sub.example.net./dnssec.conf @@ -0,0 +1,14 @@ + +resigninterval 1d +sigvalidity 2d +max_ttl 90s + +Serialformat: unixtime +ksk_algo RSASHA1 +ksk_bits 1024 + +zsk_lifetime 3d +zsk_algo RSAMD5 +zsk_bits 512 + +dlv_domain "dlv.trusted-keys.de" diff --git a/contrib/zkt/examples/flat/sub.example.net./zone.db b/contrib/zkt/examples/flat/sub.example.net./zone.db new file mode 100644 index 0000000..c9ec01e --- /dev/null +++ b/contrib/zkt/examples/flat/sub.example.net./zone.db @@ -0,0 +1,25 @@ +;----------------------------------------------------------------- +; +; @(#) sec.example.net/zone.db +; +;----------------------------------------------------------------- + +$TTL 7200 + +@ IN SOA ns1.example.net. hostmaster.example.net. ( + 0 ; Serial + 86400 ; Refresh (RIPE recommendation if NOTIFY is used) + 1800 ; Retry + 2W ; Expire + 7200 ) ; Minimum + + + IN NS ns1.example.net. + +$INCLUDE dnskey.db + +localhost IN A 127.0.0.1 + +a IN A 1.2.3.4 +b IN A 1.2.3.5 +c IN A 1.2.3.6 diff --git a/contrib/zkt/examples/flat/sub.example.net./zone.db.signed b/contrib/zkt/examples/flat/sub.example.net./zone.db.signed new file mode 100644 index 0000000..0560d2b --- /dev/null +++ b/contrib/zkt/examples/flat/sub.example.net./zone.db.signed @@ -0,0 +1,103 @@ +; File written on Thu Jul 31 13:19:17 2008 +; dnssec_signzone version 9.5.1b1 +sub.example.net. 7200 IN SOA ns1.example.net. hostmaster.example.net. ( + 1217503157 ; serial + 86400 ; refresh (1 day) + 1800 ; retry (30 minutes) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 7200 RRSIG SOA 1 3 7200 20080802101917 ( + 20080731101917 4254 sub.example.net. + pAevIprv5lPMcSSR4l0cGzaYTY2pG3HsT6z9 + RkSwssWSyyMxRqgYCuR2gErA1THGJNPlT8Qa + 9bvrMVOXpd0Q1g== ) + 7200 NS ns1.example.net. + 7200 RRSIG NS 1 3 7200 20080802101917 ( + 20080731101917 4254 sub.example.net. + zB0f/bN5fvezT404pT+ArKVIW2QHKzTC2osb + k2sUpJiuhKtdJBx1kfBNmyaIuFaZsLtWacJn + 1S/A2bV4S3No7Q== ) + 7200 NSEC a.sub.example.net. NS SOA RRSIG NSEC DNSKEY + 7200 RRSIG NSEC 1 3 7200 20080802101917 ( + 20080731101917 4254 sub.example.net. + ElgI6LCNWdDWM3OKh4vNDN9EiSns1bpnmOPK + TmAPb/tStfHfmNOuwBleW6irtDexizZcZFl8 + feRHQBEYFpgvhA== ) + 3600 DNSKEY 256 3 1 ( + BQEAAAABxZS/DJA1BUdYVj5cOmMMnA5W/SHl + kb4sEZkca3uIqV4gTzgvguftN+M1ZgwyPwar + n7DQR1Eb92uW3ALxwN2o6w== + ) ; key id = 56744 + 3600 DNSKEY 256 3 1 ( + BQEAAAAB4Z/siqZTvCFKzaOrB8+HHTlR9is+ + /+/Sem6gxhZt/vpWkNMyaSpAT8LjR7nNHr9v + NYsJ2KCQtY2dUFjT5BCeqQ== + ) ; key id = 4254 + 3600 DNSKEY 257 3 5 ( + AQOjGNN0/hLA20+W2qo0sktVActYKf1Opnx+ + bmkWSrsmJHMBHlT8hL507pGTmDoyH0Ae9+3M + ZSTBL1S+HhA12B0htiTp8IbtN/gZOBbwD36c + BpPe72uDQoUy/TdSn1HLtoqUSMTB+saqCTZW + CfIEqcbHRn0T6PhgqLyCvLzbZ/avYw== + ) ; key id = 54876 + 3600 RRSIG DNSKEY 1 3 3600 20080802101917 ( + 20080731101917 4254 sub.example.net. + ASLViHuAWYqnzkZ4i6eywTuKvHyk93xsQBba + 4VjRCKc93KzvkWUA6SgOcwGvuRuAGCGb60VT + UW2clZMFj/Fy6g== ) + 3600 RRSIG DNSKEY 5 3 3600 20080802101917 ( + 20080731101917 54876 sub.example.net. + B2w2YAkeV2vx159FnG+B/H36Vnx8L1WwHt3E + 0YV1yYj2s5ZV6B6Gq34Ahm6y+zs7TsVxeYpO + OCoYCck/D+ehpuHOzZRR7xS2Rz/xLIvfASAK + 7NT/aIOlNPWH6I1J3ZAwhfAwF680KEFHPksv + oFMHe/OpIq7x/a4NdMn3yIWbFtg= ) +a.sub.example.net. 7200 IN A 1.2.3.4 + 7200 RRSIG A 1 4 7200 20080802101917 ( + 20080731101917 4254 sub.example.net. + 1bTDrFSMIV8H8HTfEFQiG7dqYGr3a8UvK5fQ + owoh0VJuG4+DCUZU8edUSwnzMW8Yza4Ev0j+ + M4ESPnoKxli7YQ== ) + 7200 NSEC b.sub.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 1 4 7200 20080802101917 ( + 20080731101917 4254 sub.example.net. + nmJGbJWWaChlNmTTk5TgWEYRETeSJFiCoYHv + USKfEwLn13LfKk/lRZJarWIkDh7mxoismPOt + 2ODgeGLhUTap7A== ) +b.sub.example.net. 7200 IN A 1.2.3.5 + 7200 RRSIG A 1 4 7200 20080802101917 ( + 20080731101917 4254 sub.example.net. + ojTCQ+aB8WClC7ncJsVGaN5RY6lczR7/Q0uz + bydmXQBjGUdF/GsuJvhR26mVbPzJNmF7uDNN + S0Et3ivWZSAVOg== ) + 7200 NSEC c.sub.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 1 4 7200 20080802101917 ( + 20080731101917 4254 sub.example.net. + a6adIifDPjibbLme8dVzcKymxSARsIs2pz7B + jHXl0NCH9tmPBc/cBnjHxnSaes3QVDeok04k + +SzjVQtJfxUDsA== ) +c.sub.example.net. 7200 IN A 1.2.3.6 + 7200 RRSIG A 1 4 7200 20080802101917 ( + 20080731101917 4254 sub.example.net. + ZeYTG7C6eEXhcHaBS4oIcwWGA5NayJs9aqhb + eWLRoZ75LxgIxhMQYU6A22PQf+zIWLADd0ID + z5HLpC+KbfpJxw== ) + 7200 NSEC localhost.sub.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 1 4 7200 20080802101917 ( + 20080731101917 4254 sub.example.net. + IypmujoPBPhfEJqJdst5ZBazYfrr5l8nzrIh + a6xQYUDcw8aI96rVxn0pjeeiGBHuge2HbAAh + 4AnYjZlHjfe+MA== ) +localhost.sub.example.net. 7200 IN A 127.0.0.1 + 7200 RRSIG A 1 4 7200 20080802101917 ( + 20080731101917 4254 sub.example.net. + o8kEv5q2Xus/jL8w8gB/M3VSvz7eTP67u38T + X+JO2yRn7W8gIxPo46yYfgr3qB7WXYD8jB8Y + vw4b+pdoWMi0+g== ) + 7200 NSEC sub.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 1 4 7200 20080802101917 ( + 20080731101917 4254 sub.example.net. + XbQQpoL8oV9kgpIKHyX2KoCmtMm2Wub1lVu9 + PP0RM4QO5bpWls0ify3KgNiAg0g6qV86UQIr + SgFnqsd6YTxxpw== ) diff --git a/contrib/zkt/examples/flat/zkt.log b/contrib/zkt/examples/flat/zkt.log new file mode 100644 index 0000000..9276f94 --- /dev/null +++ b/contrib/zkt/examples/flat/zkt.log @@ -0,0 +1,2501 @@ +2008-06-10 00:36:45.086: warning: zone "sub.example.net.": lifetime of key signing key 54876 exceeded +2008-06-10 00:37:09.073: warning: zone "sub.example.net.": lifetime of key signing key 54876 exceeded +2008-06-10 00:37:09.074: error: zone "example.net.": couldn't increment serialno in file ./example.net./zone.db: not enough space left for serialno +2008-06-10 00:37:24.586: warning: zone "sub.example.net.": lifetime of key signing key 54876 exceeded +2008-06-10 00:37:24.588: error: zone "example.net.": couldn't increment serialno in file ./example.net./zone.db: not enough space left for serialno +2008-06-10 00:38:02.499: warning: zone "sub.example.net.": lifetime of key signing key 54876 exceeded +2008-06-10 00:38:14.016: warning: zone "sub.example.net.": lifetime of key signing key 54876 exceeded +2008-06-10 00:38:14.018: error: zone "example.net.": couldn't increment serialno in file ./example.net./zone.db: couldn't find serialnumber in zone file +2008-06-10 00:38:40.235: warning: zone "sub.example.net.": lifetime of key signing key 54876 exceeded +2008-06-10 00:38:40.236: error: zone "example.net.": couldn't increment serialno in file ./example.net./zone.db: unexpected end of file +2008-06-10 00:38:49.975: warning: zone "sub.example.net.": lifetime of key signing key 54876 exceeded +2008-06-11 13:47:16.909: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded () +2008-06-11 13:51:06.959: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded -16781202() +2008-06-11 13:54:29.680: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded (27w5d5h30m5s) +2008-06-11 13:56:36.990: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w5d5h32m12s +2008-06-11 22:39:48.053: notice: running as ../../dnssec-signer -v -v +2008-06-11 22:39:48.056: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w5d14h15m24s +2008-06-11 22:39:48.056: notice: "sub.example.net.": lifetime of zone signing key 44833 exceeded since 2h30m54s: ZSK rollover done +2008-06-11 22:39:48.143: notice: "sub.example.net.": re-signing triggered: New zone key +2008-06-11 22:39:48.617: notice: end of run: 0 errors occured +2008-06-11 22:41:14.103: notice: running as ../../dnssec-signer -v -v +2008-06-11 22:41:14.106: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w5d14h16m50s +2008-06-11 22:41:14.106: notice: end of run: 0 errors occured +2008-06-11 22:48:18.445: notice: running as ../../dnssec-signer -v -v +2008-06-11 22:48:18.448: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w5d14h23m54s +2008-06-11 22:48:18.448: notice: "sub.example.net.": re-signing triggered: New zone key +2008-06-11 22:48:19.087: notice: end of run: 0 errors occured +2008-06-11 22:56:53.295: notice: running as ../../dnssec-signer -v -v +2008-06-11 22:56:53.297: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w5d14h32m29s +2008-06-11 22:56:53.297: notice: end of run: 0 errors occured +2008-06-11 23:01:41.451: notice: running as ../../dnssec-signer -v -v +2008-06-11 23:01:41.454: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w5d14h37m17s +2008-06-11 23:01:41.454: notice: end of run: 0 errors occured +2008-06-11 23:04:25.909: notice: running as ../../dnssec-signer -c dnssec.conf -v -v +2008-06-11 23:04:25.911: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w5d14h40m1s +2008-06-11 23:04:25.911: notice: end of run: 0 errors occured +2008-06-12 13:06:54.007: notice: running as ../../dnssec-signer -v -v +2008-06-12 13:06:54.055: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d4h42m30s +2008-06-12 13:06:54.056: notice: end of run: 0 errors occured +2008-06-12 13:07:45.126: notice: running as ../../dnssec-signer -v -v +2008-06-12 13:07:45.129: debug: parsing zone "sub.example.net." in dir "./sub.example.net." + +2008-06-12 13:07:45.129: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d4h43m21s +2008-06-12 13:07:45.130: debug: parsing zone "example.net." in dir "./example.net." + +2008-06-12 13:07:45.130: notice: end of run: 0 errors occured +2008-06-12 13:22:02.251: notice: running as ../../dnssec-signer -v -v +2008-06-12 13:22:02.253: debug: parsing zone "sub.example.net." in dir "./sub.example.net." + +2008-06-12 13:22:02.253: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d4h57m38s +2008-06-12 13:22:02.253: debug: parsing zone "example.net." in dir "./example.net." + +2008-06-12 13:22:02.253: notice: end of run: 0 errors occured +2008-06-12 13:24:37.956: notice: running as ../../dnssec-signer -v -v +2008-06-12 13:24:37.958: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-06-12 13:24:37.958: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d5h13s +2008-06-12 13:24:37.958: debug: parsing zone "example.net." in dir "./example.net." +2008-06-12 13:24:37.958: notice: end of run: 0 errors occured +2008-06-12 13:25:32.993: notice: running as ../../dnssec-signer --config-option verboselog: 0; -v -v +2008-06-12 13:25:32.997: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d5h1m8s +2008-06-12 13:25:32.997: notice: end of run: 0 errors occured +2008-06-12 13:26:49.861: notice: running as ../../dnssec-signer -O verboselog: 0; -v -v +2008-06-12 13:26:49.864: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d5h2m25s +2008-06-12 13:26:49.864: notice: end of run: 0 errors occured +2008-06-12 16:28:01.977: notice: running as ../../dnssec-signer --config-option verboselog: 0; -v -v +2008-06-12 16:28:01.979: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h3m37s +2008-06-12 16:28:01.979: notice: end of run: 0 errors occured +2008-06-12 16:28:13.626: notice: running as ../../dnssec-signer --config-option verboselog: 0; -v +2008-06-12 16:28:13.629: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h3m49s +2008-06-12 16:28:13.630: notice: end of run: 0 errors occured +2008-06-12 16:28:30.318: notice: running as ../../dnssec-signer --config-option verboselog: 0; -v -v +2008-06-12 16:28:30.320: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h4m6s +2008-06-12 16:28:30.320: notice: end of run: 0 errors occured +2008-06-12 16:34:06.968: notice: running as ../../dnssec-signer -v -v +2008-06-12 16:34:06.971: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-06-12 16:34:06.971: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h9m42s +2008-06-12 16:34:06.972: debug: parsing zone "example.net." in dir "./example.net." +2008-06-12 16:34:06.972: notice: end of run: 0 errors occured +2008-06-12 16:34:15.816: notice: running as ../../dnssec-signer +2008-06-12 16:34:15.818: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-06-12 16:34:15.818: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h9m51s +2008-06-12 16:34:15.818: debug: parsing zone "example.net." in dir "./example.net." +2008-06-12 16:34:15.818: notice: end of run: 0 errors occured +2008-06-12 16:35:27.777: notice: running as ../../dnssec-signer --config-option verboselog: 0; -v -v +2008-06-12 16:35:27.780: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h11m3s +2008-06-12 16:35:27.780: notice: end of run: 0 errors occured +2008-06-12 16:44:56.266: notice: running as ../../dnssec-signer -v -v +2008-06-12 16:44:56.269: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-06-12 16:44:56.269: debug: ->ksk5011status returns 0 +2008-06-12 16:44:56.269: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h20m32s +2008-06-12 16:44:56.269: debug: Re-signing not necessary! +2008-06-12 16:44:56.269: debug: parsing zone "example.net." in dir "./example.net." +2008-06-12 16:44:56.269: debug: ->ksk5011status returns 2 +2008-06-12 16:44:56.269: debug: Re-signing not necessary! +2008-06-12 16:44:56.270: notice: end of run: 0 errors occured +2008-06-12 16:49:23.380: notice: running as ../../dnssec-signer -v -v +2008-06-12 16:49:23.385: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-06-12 16:49:23.385: debug: ->ksk5011status returns 0 +2008-06-12 16:49:23.386: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h24m59s +2008-06-12 16:49:23.386: debug: Re-signing not necessary! +2008-06-12 16:49:23.386: debug: parsing zone "example.net." in dir "./example.net." +2008-06-12 16:49:23.386: debug: ->ksk5011status returns 2 +2008-06-12 16:49:23.386: debug: Re-signing not necessary! +2008-06-12 16:49:23.386: notice: end of run: 0 errors occured +2008-06-12 16:49:28.284: notice: running as ../../dnssec-signer -r -v -v +2008-06-12 16:49:28.288: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-06-12 16:49:28.288: debug: ->ksk5011status returns 0 +2008-06-12 16:49:28.288: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h25m4s +2008-06-12 16:49:28.288: debug: Re-signing not necessary! +2008-06-12 16:49:28.288: debug: parsing zone "example.net." in dir "./example.net." +2008-06-12 16:49:28.288: debug: ->ksk5011status returns 2 +2008-06-12 16:49:28.288: debug: Re-signing not necessary! +2008-06-12 16:49:28.288: notice: end of run: 0 errors occured +2008-06-12 16:49:32.079: notice: running as ../../dnssec-signer -f -v -v +2008-06-12 16:49:32.081: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-06-12 16:49:32.081: debug: ->ksk5011status returns 0 +2008-06-12 16:49:32.081: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h25m8s +2008-06-12 16:49:32.082: debug: Re-signing necessary: Option -f +2008-06-12 16:49:32.082: notice: "sub.example.net.": re-signing triggered: Option -f +2008-06-12 16:49:32.082: debug: Writing key file "./sub.example.net./dnskey.db" +2008-06-12 16:49:32.082: debug: Signing zone "sub.example.net." +2008-06-12 16:49:32.082: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o sub.example.net. -e +172800 -g -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-06-12 16:49:32.222: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-06-12 16:49:32.222: debug: Signing completed after 0s. +2008-06-12 16:49:32.222: debug: +2008-06-12 16:49:32.222: debug: parsing zone "example.net." in dir "./example.net." +2008-06-12 16:49:32.222: debug: ->ksk5011status returns 2 +2008-06-12 16:49:32.223: debug: Re-signing necessary: Option -f +2008-06-12 16:49:32.223: notice: "example.net.": re-signing triggered: Option -f +2008-06-12 16:49:32.223: debug: Writing key file "./example.net./dnskey.db" +2008-06-12 16:49:32.223: debug: Incrementing serial number in file "./example.net./zone.db" +2008-06-12 16:49:32.223: debug: Signing zone "example.net." +2008-06-12 16:49:32.223: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o example.net. -e +518400 -g zone.db K*.private" +2008-06-12 16:49:32.335: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-06-12 16:49:32.335: debug: Signing completed after 0s. +2008-06-12 16:49:32.335: debug: +2008-06-12 16:49:32.335: notice: end of run: 0 errors occured +2008-06-12 17:02:15.076: notice: running as ../../dnssec-signer -f -v -v +2008-06-12 17:02:15.078: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-06-12 17:02:15.078: debug: Check RFC5011 status +2008-06-12 17:02:15.078: debug: ->ksk5011status returns 0 +2008-06-12 17:02:15.078: debug: Check ksk status +2008-06-12 17:02:15.078: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h37m51s +2008-06-12 17:02:15.078: debug: Re-signing necessary: Option -f +2008-06-12 17:02:15.078: notice: "sub.example.net.": re-signing triggered: Option -f +2008-06-12 17:02:15.078: debug: Writing key file "./sub.example.net./dnskey.db" +2008-06-12 17:02:15.079: debug: Signing zone "sub.example.net." +2008-06-12 17:02:15.079: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o sub.example.net. -e +172800 -g -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-06-12 17:02:15.254: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-06-12 17:02:15.254: debug: Signing completed after 0s. +2008-06-12 17:02:15.254: debug: +2008-06-12 17:02:15.254: debug: parsing zone "example.net." in dir "./example.net." +2008-06-12 17:02:15.255: debug: Check RFC5011 status +2008-06-12 17:02:15.255: debug: ->ksk5011status returns 2 +2008-06-12 17:02:15.255: debug: Re-signing necessary: Option -f +2008-06-12 17:02:15.255: notice: "example.net.": re-signing triggered: Option -f +2008-06-12 17:02:15.255: debug: Writing key file "./example.net./dnskey.db" +2008-06-12 17:02:15.255: debug: Incrementing serial number in file "./example.net./zone.db" +2008-06-12 17:02:15.255: debug: Signing zone "example.net." +2008-06-12 17:02:15.255: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o example.net. -e +518400 -g zone.db K*.private" +2008-06-12 17:02:15.368: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-06-12 17:02:15.368: debug: Signing completed after 0s. +2008-06-12 17:02:15.368: debug: +2008-06-12 17:02:15.368: notice: end of run: 0 errors occured +2008-06-12 17:43:50.388: notice: running as ../../dnssec-signer -f -f +2008-06-12 17:43:50.390: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-06-12 17:43:50.390: debug: Check RFC5011 status +2008-06-12 17:43:50.390: debug: ->ksk5011status returns 0 +2008-06-12 17:43:50.390: debug: Check ksk status +2008-06-12 17:43:50.390: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d9h19m26s +2008-06-12 17:43:50.390: debug: Re-signing necessary: Option -f +2008-06-12 17:43:50.390: notice: "sub.example.net.": re-signing triggered: Option -f +2008-06-12 17:43:50.390: debug: Writing key file "./sub.example.net./dnskey.db" +2008-06-12 17:43:50.390: debug: Signing zone "sub.example.net." +2008-06-12 17:43:50.390: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o sub.example.net. -e +172800 -g -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-06-12 17:43:50.533: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-06-12 17:43:50.533: debug: Signing completed after 0s. +2008-06-12 17:43:50.533: debug: +2008-06-12 17:43:50.533: debug: parsing zone "example.net." in dir "./example.net." +2008-06-12 17:43:50.533: debug: Check RFC5011 status +2008-06-12 17:43:50.533: debug: ->ksk5011status returns 2 +2008-06-12 17:43:50.533: debug: Re-signing necessary: Option -f +2008-06-12 17:43:50.533: notice: "example.net.": re-signing triggered: Option -f +2008-06-12 17:43:50.533: debug: Writing key file "./example.net./dnskey.db" +2008-06-12 17:43:50.534: debug: Incrementing serial number in file "./example.net./zone.db" +2008-06-12 17:43:50.534: debug: Signing zone "example.net." +2008-06-12 17:43:50.534: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o example.net. -e +518400 -g zone.db K*.private" +2008-06-12 17:43:50.645: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-06-12 17:43:50.645: debug: Signing completed after 0s. +2008-06-12 17:43:50.645: debug: +2008-06-12 17:43:50.645: notice: end of run: 0 errors occured +2008-06-12 17:49:43.188: notice: running as ../../dnssec-signer -O verboselog: 2 -v -v +2008-06-12 17:49:43.190: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-06-12 17:49:43.190: debug: Check RFC5011 status +2008-06-12 17:49:43.190: debug: ->ksk5011status returns 0 +2008-06-12 17:49:43.190: debug: Check ksk status +2008-06-12 17:49:43.190: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d9h25m19s +2008-06-12 17:49:43.190: debug: Re-signing not necessary! +2008-06-12 17:49:43.190: debug: parsing zone "example.net." in dir "./example.net." +2008-06-12 17:49:43.190: debug: Check RFC5011 status +2008-06-12 17:49:43.190: debug: ->ksk5011status returns 2 +2008-06-12 17:49:43.190: debug: Re-signing not necessary! +2008-06-12 17:49:43.190: notice: end of run: 0 errors occured +2008-06-12 17:50:09.325: notice: running as ../../dnssec-signer -v -v +2008-06-12 17:50:09.327: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-06-12 17:50:09.327: debug: Check RFC5011 status +2008-06-12 17:50:09.327: debug: ->ksk5011status returns 0 +2008-06-12 17:50:09.327: debug: Check ksk status +2008-06-12 17:50:09.327: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d9h25m45s +2008-06-12 17:50:09.327: debug: Re-signing not necessary! +2008-06-12 17:50:09.327: debug: parsing zone "example.net." in dir "./example.net." +2008-06-12 17:50:09.327: debug: Check RFC5011 status +2008-06-12 17:50:09.327: debug: ->ksk5011status returns 2 +2008-06-12 17:50:09.327: debug: Re-signing not necessary! +2008-06-12 17:50:09.327: notice: end of run: 0 errors occured +2008-06-12 17:52:29.309: notice: running as ../../dnssec-signer -v -v +2008-06-12 17:52:29.311: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-06-12 17:52:29.312: debug: Check RFC5011 status +2008-06-12 17:52:29.312: debug: ->ksk5011status returns 0 +2008-06-12 17:52:29.312: debug: Check ksk status +2008-06-12 17:52:29.312: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d9h28m5s +2008-06-12 17:52:29.312: debug: Re-signing not necessary! +2008-06-12 17:52:29.312: debug: parsing zone "example.net." in dir "./example.net." +2008-06-12 17:52:29.313: debug: Check RFC5011 status +2008-06-12 17:52:29.313: debug: ->ksk5011status returns 2 +2008-06-12 17:52:29.313: debug: Re-signing not necessary! +2008-06-12 17:52:29.313: notice: end of run: 0 errors occured +2008-06-12 18:24:57.405: notice: running as ../../dnssec-signer -v -v +2008-06-12 18:24:57.409: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-06-12 18:24:57.409: debug: Check RFC5011 status +2008-06-12 18:24:57.409: debug: ->ksk5011status returns 0 +2008-06-12 18:24:57.409: debug: Check ksk status +2008-06-12 18:24:57.409: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d10h33s +2008-06-12 18:24:57.409: debug: Re-signing not necessary! +2008-06-12 18:24:57.409: debug: parsing zone "example.net." in dir "./example.net." +2008-06-12 18:24:57.409: debug: Check RFC5011 status +2008-06-12 18:24:57.409: debug: ->ksk5011status returns 2 +2008-06-12 18:24:57.410: debug: Re-signing not necessary! +2008-06-12 18:24:57.410: notice: end of run: 0 errors occured +2008-06-16 23:12:32.309: notice: +2008-06-16 23:12:32.309: notice: running as ../../dnssec-signer -v -v +2008-06-16 23:12:32.654: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-06-16 23:12:32.654: debug: Check RFC5011 status +2008-06-16 23:12:32.654: debug: ->ksk5011status returns 0 +2008-06-16 23:12:32.654: debug: Check ksk status +2008-06-16 23:12:32.654: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 28w3d14h48m8s +2008-06-16 23:12:32.654: debug: Lifetime(259200 +/-150 sec) of active key 44833 exceeded (433964 sec) +2008-06-16 23:12:32.654: debug: ->depreciate it +2008-06-16 23:12:32.654: debug: ->activate pre-publish key 55267 +2008-06-16 23:12:32.654: notice: "sub.example.net.": lifetime of zone signing key 55267 exceeded since 2d32m44s: ZSK rollover done +2008-06-16 23:12:32.654: debug: New pre-publish key needed +2008-06-16 23:12:32.790: debug: ->creating new pre-publish key 56149 +2008-06-16 23:12:32.791: debug: Re-signing necessary: New zone key +2008-06-16 23:12:32.791: notice: "sub.example.net.": re-signing triggered: New zone key +2008-06-16 23:12:32.791: debug: Writing key file "./sub.example.net./dnskey.db" +2008-06-16 23:12:32.792: debug: Signing zone "sub.example.net." +2008-06-16 23:12:32.792: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o sub.example.net. -e +172800 -g -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-06-16 23:12:33.022: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-06-16 23:12:33.022: debug: Signing completed after 1s. +2008-06-16 23:12:33.022: debug: +2008-06-16 23:12:33.023: debug: parsing zone "example.net." in dir "./example.net." +2008-06-16 23:12:33.023: debug: Check RFC5011 status +2008-06-16 23:12:33.023: debug: ->ksk5011status returns 2 +2008-06-16 23:12:33.023: debug: Re-signing necessary: re-signing interval (2d) reached +2008-06-16 23:12:33.023: notice: "example.net.": re-signing triggered: re-signing interval (2d) reached +2008-06-16 23:12:33.023: debug: Writing key file "./example.net./dnskey.db" +2008-06-16 23:12:33.024: debug: Incrementing serial number in file "./example.net./zone.db" +2008-06-16 23:12:33.024: debug: Signing zone "example.net." +2008-06-16 23:12:33.024: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o example.net. -e +518400 -g zone.db K*.private" +2008-06-16 23:12:33.169: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-06-16 23:12:33.170: debug: Signing completed after 0s. +2008-06-16 23:12:33.170: debug: +2008-06-16 23:12:33.170: notice: end of run: 0 errors occured +2008-06-16 23:13:24.119: notice: ===> running as ../../dnssec-signer -v -v <=== +2008-06-16 23:13:24.121: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-06-16 23:13:24.121: debug: Check RFC5011 status +2008-06-16 23:13:24.121: debug: ->ksk5011status returns 0 +2008-06-16 23:13:24.121: debug: Check ksk status +2008-06-16 23:13:24.121: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 28w3d14h49m +2008-06-16 23:13:24.121: debug: Re-signing not necessary! +2008-06-16 23:13:24.121: debug: parsing zone "example.net." in dir "./example.net." +2008-06-16 23:13:24.121: debug: Check RFC5011 status +2008-06-16 23:13:24.121: debug: ->ksk5011status returns 2 +2008-06-16 23:13:24.121: debug: Re-signing not necessary! +2008-06-16 23:13:24.121: notice: end of run: 0 errors occured +2008-06-16 23:13:56.970: notice: =====> running as ../../dnssec-signer -v -v <===== +2008-06-16 23:13:56.972: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-06-16 23:13:56.972: debug: Check RFC5011 status +2008-06-16 23:13:56.972: debug: ->ksk5011status returns 0 +2008-06-16 23:13:56.972: debug: Check ksk status +2008-06-16 23:13:56.973: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 28w3d14h49m32s +2008-06-16 23:13:56.973: debug: Re-signing not necessary! +2008-06-16 23:13:56.973: debug: parsing zone "example.net." in dir "./example.net." +2008-06-16 23:13:56.973: debug: Check RFC5011 status +2008-06-16 23:13:56.973: debug: ->ksk5011status returns 2 +2008-06-16 23:13:56.973: debug: Re-signing not necessary! +2008-06-16 23:13:56.973: notice: end of run: 0 errors occured +2008-06-16 23:15:16.980: notice: ------------------------------------------------------------ +2008-06-16 23:15:16.982: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-06-16 23:15:16.982: debug: Check RFC5011 status +2008-06-16 23:15:16.982: debug: ->ksk5011status returns 0 +2008-06-16 23:15:16.982: debug: Check ksk status +2008-06-16 23:15:16.982: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 28w3d14h50m52s +2008-06-16 23:15:16.982: debug: Re-signing not necessary! +2008-06-16 23:15:16.982: debug: parsing zone "example.net." in dir "./example.net." +2008-06-16 23:15:16.982: debug: Check RFC5011 status +2008-06-16 23:15:16.982: debug: ->ksk5011status returns 2 +2008-06-16 23:15:16.982: debug: Re-signing not necessary! +2008-06-16 23:15:16.983: notice: end of run: 0 errors occured +2008-06-16 23:18:48.101: notice: ------------------------------------------------------------ +2008-06-16 23:18:48.101: notice: running as ../../dnssec-signer -v -v +2008-06-16 23:18:48.103: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-06-16 23:18:48.103: debug: Check RFC5011 status +2008-06-16 23:18:48.103: debug: ->ksk5011status returns 0 +2008-06-16 23:18:48.103: debug: Check ksk status +2008-06-16 23:18:48.103: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 28w3d14h54m24s +2008-06-16 23:18:48.103: debug: Re-signing not necessary! +2008-06-16 23:18:48.103: debug: +2008-06-16 23:18:48.103: debug: parsing zone "example.net." in dir "./example.net." +2008-06-16 23:18:48.104: debug: Check RFC5011 status +2008-06-16 23:18:48.104: debug: ->ksk5011status returns 2 +2008-06-16 23:18:48.104: debug: Re-signing not necessary! +2008-06-16 23:18:48.104: debug: +2008-06-16 23:18:48.104: notice: end of run: 0 errors occured +2008-06-24 14:55:16.347: notice: ------------------------------------------------------------ +2008-06-24 14:55:16.347: notice: running ../../dnssec-signer -v -v +2008-06-24 14:55:16.349: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-06-24 14:55:16.349: debug: Check RFC5011 status +2008-06-24 14:55:16.349: debug: ->ksk5011status returns 0 +2008-06-24 14:55:16.349: debug: Check ksk status +2008-06-24 14:55:16.349: debug: Lifetime(390 sec) of depreciated key 44833 exceeded (483774 sec) +2008-06-24 14:55:16.350: debug: ->remove it +2008-06-24 14:55:16.350: debug: Lifetime(259200 +/-150 sec) of active key 55267 exceeded (483774 sec) +2008-06-24 14:55:16.350: debug: ->depreciate it +2008-06-24 14:55:16.350: debug: ->activate pre-publish key 56149 +2008-06-24 14:55:16.350: notice: "sub.example.net.": lifetime of zone signing key 55267 exceeded: ZSK rollover done +2008-06-24 14:55:16.350: notice: "sub.example.net.": lifetime of zone signing key 56149 exceeded since 2d14h22m54s: ZSK rollover deferred: waiting for pre-publish key +2008-06-24 14:55:16.350: debug: New pre-publish key needed +2008-06-24 14:55:16.532: debug: ->creating new pre-publish key 2338 +2008-06-24 14:55:16.532: debug: Re-signing necessary: New zone key +2008-06-24 14:55:16.533: notice: "sub.example.net.": re-signing triggered: New zone key +2008-06-24 14:55:16.533: debug: Writing key file "./sub.example.net./dnskey.db" +2008-06-24 14:55:16.533: debug: Signing zone "sub.example.net." +2008-06-24 14:55:16.533: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o sub.example.net. -e +172800 -g -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-06-24 14:55:16.776: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-06-24 14:55:16.776: debug: Signing completed after 0s. +2008-06-24 14:55:16.776: debug: +2008-06-24 14:55:16.776: debug: parsing zone "example.net." in dir "./example.net." +2008-06-24 14:55:16.776: debug: Check RFC5011 status +2008-06-24 14:55:16.776: debug: ->ksk5011status returns 2 +2008-06-24 14:55:16.776: debug: Re-signing necessary: re-signing interval (2d) reached +2008-06-24 14:55:16.776: notice: "example.net.": re-signing triggered: re-signing interval (2d) reached +2008-06-24 14:55:16.776: debug: Writing key file "./example.net./dnskey.db" +2008-06-24 14:55:16.777: debug: Incrementing serial number in file "./example.net./zone.db" +2008-06-24 14:55:16.777: debug: Signing zone "example.net." +2008-06-24 14:55:16.777: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o example.net. -e +518400 -g zone.db K*.private" +2008-06-24 14:55:16.922: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-06-24 14:55:16.922: debug: Signing completed after 0s. +2008-06-24 14:55:16.922: debug: +2008-06-24 14:55:16.922: notice: end of run: 0 errors occured +2008-06-24 14:57:56.093: notice: ------------------------------------------------------------ +2008-06-24 14:57:56.094: notice: running ../../dnssec-signer -v -v +2008-06-24 14:57:56.096: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-06-24 14:57:56.096: debug: Check RFC5011 status +2008-06-24 14:57:56.096: debug: ->ksk5011status returns 0 +2008-06-24 14:57:56.096: debug: Check ksk status +2008-06-24 14:57:56.097: debug: Re-signing not necessary! +2008-06-24 14:57:56.097: debug: +2008-06-24 14:57:56.097: debug: parsing zone "example.net." in dir "./example.net." +2008-06-24 14:57:56.097: debug: Check RFC5011 status +2008-06-24 14:57:56.097: debug: ->ksk5011status returns 2 +2008-06-24 14:57:56.097: debug: Re-signing not necessary! +2008-06-24 14:57:56.097: debug: +2008-06-24 14:57:56.098: notice: end of run: 0 errors occured +2008-06-24 23:26:12.632: notice: ------------------------------------------------------------ +2008-06-24 23:26:12.632: notice: running ../../dnssec-signer -v -v +2008-06-24 23:26:12.648: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-06-24 23:26:12.648: debug: Check RFC5011 status +2008-06-24 23:26:12.648: debug: ->ksk5011status returns 0 +2008-06-24 23:26:12.648: debug: Check ksk status +2008-06-24 23:26:12.648: debug: Lifetime(390 sec) of depreciated key 55267 exceeded (30656 sec) +2008-06-24 23:26:12.648: debug: ->remove it +2008-06-24 23:26:12.648: debug: Re-signing necessary: New zone key +2008-06-24 23:26:12.649: notice: "sub.example.net.": re-signing triggered: New zone key +2008-06-24 23:26:12.649: debug: Writing key file "./sub.example.net./dnskey.db" +2008-06-24 23:26:12.655: debug: Signing zone "sub.example.net." +2008-06-24 23:26:12.655: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o sub.example.net. -e +172800 -g -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-06-24 23:26:13.030: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-06-24 23:26:13.030: debug: Signing completed after 1s. +2008-06-24 23:26:13.030: debug: +2008-06-24 23:26:13.030: debug: parsing zone "example.net." in dir "./example.net." +2008-06-24 23:26:13.030: debug: Check RFC5011 status +2008-06-24 23:26:13.030: debug: ->ksk5011status returns 2 +2008-06-24 23:26:13.030: debug: Re-signing not necessary! +2008-06-24 23:26:13.030: debug: +2008-06-24 23:26:13.030: notice: end of run: 0 errors occured +2008-07-08 00:53:55.013: notice: ------------------------------------------------------------ +2008-07-08 00:53:55.013: notice: running ../../dnssec-signer -v -v +2008-07-08 00:53:55.015: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-08 00:53:55.015: debug: Check RFC5011 status +2008-07-08 00:53:55.015: debug: ->ksk5011status returns 0 +2008-07-08 00:53:55.015: debug: Check KSK status +2008-07-08 00:53:55.015: debug: Check ZSK status +2008-07-08 00:53:55.015: debug: Lifetime(259200 +/-150 sec) of active key 56149 exceeded (1159119 sec) +2008-07-08 00:53:55.015: debug: ->depreciate it +2008-07-08 00:53:55.015: debug: ->activate pre-publish key 2338 +2008-07-08 00:53:55.018: notice: "sub.example.net.": lifetime of zone signing key 56149 exceeded: ZSK rollover done +2008-07-08 00:53:55.018: debug: New pre-publish key needed +2008-07-08 00:53:55.547: debug: ->creating new pre-publish key 9198 +2008-07-08 00:53:55.547: info: "sub.example.net.": new pre-publish key 9198 created +2008-07-08 00:53:55.547: debug: Re-signing necessary: New zone key +2008-07-08 00:53:55.548: notice: "sub.example.net.": re-signing triggered: New zone key +2008-07-08 00:53:55.548: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-08 00:53:55.578: debug: Signing zone "sub.example.net." +2008-07-08 00:53:55.578: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-08 00:53:55.708: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-08 00:53:55.708: debug: Signing completed after 0s. +2008-07-08 00:53:55.708: debug: +2008-07-08 00:53:55.708: debug: parsing zone "example.net." in dir "./example.net." +2008-07-08 00:53:55.708: debug: Check RFC5011 status +2008-07-08 00:53:55.708: debug: ->ksk5011status returns 2 +2008-07-08 00:53:55.708: debug: Check ZSK status +2008-07-08 00:53:55.708: debug: Lifetime(1209600 +/-150 sec) of active key 14939 exceeded (1642893 sec) +2008-07-08 00:53:55.708: debug: ->waiting for pre-publish key +2008-07-08 00:53:55.708: notice: "example.net.": lifetime of zone signing key 14939 exceeded since 5d21m33s: ZSK rollover deferred: waiting for pre-publish key +2008-07-08 00:53:55.708: debug: New pre-publish key needed +2008-07-08 00:53:55.747: debug: ->creating new pre-publish key 16682 +2008-07-08 00:53:55.747: info: "example.net.": new pre-publish key 16682 created +2008-07-08 00:53:55.747: debug: Re-signing necessary: New zone key +2008-07-08 00:53:55.747: notice: "example.net.": re-signing triggered: New zone key +2008-07-08 00:53:55.747: debug: Writing key file "./example.net./dnskey.db" +2008-07-08 00:53:55.748: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-08 00:53:55.748: debug: Signing zone "example.net." +2008-07-08 00:53:55.748: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-08 00:53:55.899: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-08 00:53:55.899: debug: Signing completed after 0s. +2008-07-08 00:53:55.899: debug: +2008-07-08 00:53:55.899: notice: end of run: 0 errors occured +2008-07-08 00:53:57.597: notice: ------------------------------------------------------------ +2008-07-08 00:53:57.597: notice: running ../../dnssec-signer -v -v +2008-07-08 00:53:57.599: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-08 00:53:57.599: debug: Check RFC5011 status +2008-07-08 00:53:57.599: debug: ->ksk5011status returns 0 +2008-07-08 00:53:57.599: debug: Check KSK status +2008-07-08 00:53:57.599: debug: Check ZSK status +2008-07-08 00:53:57.599: debug: Re-signing not necessary! +2008-07-08 00:53:57.599: debug: Check if there is a parent file to copy +2008-07-08 00:53:57.599: debug: +2008-07-08 00:53:57.599: debug: parsing zone "example.net." in dir "./example.net." +2008-07-08 00:53:57.599: debug: Check RFC5011 status +2008-07-08 00:53:57.599: debug: ->ksk5011status returns 2 +2008-07-08 00:53:57.599: debug: Check ZSK status +2008-07-08 00:53:57.599: debug: Lifetime(1209600 +/-150 sec) of active key 14939 exceeded (1642895 sec) +2008-07-08 00:53:57.599: debug: ->waiting for pre-publish key +2008-07-08 00:53:57.600: notice: "example.net.": lifetime of zone signing key 14939 exceeded since 5d21m35s: ZSK rollover deferred: waiting for pre-publish key +2008-07-08 00:53:57.600: debug: Re-signing not necessary! +2008-07-08 00:53:57.600: debug: Check if there is a parent file to copy +2008-07-08 00:53:57.600: debug: +2008-07-08 00:53:57.600: notice: end of run: 0 errors occured +2008-07-08 20:28:20.476: notice: ------------------------------------------------------------ +2008-07-08 20:28:20.476: notice: running ../../dnssec-signer -v -v -N named.conf +2008-07-08 20:28:20.476: debug: parsing zone "sub.example.net." in dir "././sub.example.net." +2008-07-08 20:28:20.476: debug: Check RFC5011 status +2008-07-08 20:28:20.476: debug: ->ksk5011status returns 0 +2008-07-08 20:28:20.476: debug: Check KSK status +2008-07-08 20:28:20.476: debug: Check ZSK status +2008-07-08 20:28:20.476: debug: Lifetime(390 sec) of depreciated key 56149 exceeded (70465 sec) +2008-07-08 20:28:20.476: info: "sub.example.net.": removed old ZSK 56149 + +2008-07-08 20:28:20.656: debug: ->remove it +2008-07-08 20:28:20.656: debug: Re-signing necessary: New zone key +2008-07-08 20:28:20.656: notice: "sub.example.net.": re-signing triggered: New zone key +2008-07-08 20:28:20.656: debug: Writing key file "././sub.example.net./dnskey.db" +2008-07-08 20:28:20.656: debug: Signing zone "sub.example.net." +2008-07-08 20:28:20.656: debug: Run cmd "cd ././sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-08 20:28:20.990: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-08 20:28:20.990: debug: Signing completed after 0s. +2008-07-08 20:28:20.990: debug: +2008-07-08 20:28:20.990: debug: parsing zone "example.net." in dir "././example.net." +2008-07-08 20:28:20.990: debug: Check RFC5011 status +2008-07-08 20:28:20.990: debug: ->ksk5011status returns 2 +2008-07-08 20:28:20.990: debug: Check ZSK status +2008-07-08 20:28:20.990: debug: Lifetime(1209600 +/-150 sec) of active key 14939 exceeded (1713358 sec) +2008-07-08 20:28:20.990: debug: ->depreciate it +2008-07-08 20:28:20.990: debug: ->activate pre-publish key 16682 +2008-07-08 20:28:20.990: notice: "example.net.": lifetime of zone signing key 14939 exceeded: ZSK rollover done +2008-07-08 20:28:20.990: debug: Re-signing necessary: New zone key +2008-07-08 20:28:20.990: notice: "example.net.": re-signing triggered: New zone key +2008-07-08 20:28:20.990: debug: Writing key file "././example.net./dnskey.db" +2008-07-08 20:28:20.991: debug: Incrementing serial number in file "././example.net./zone.db" +2008-07-08 20:28:20.991: debug: Signing zone "example.net." +2008-07-08 20:28:20.991: debug: Run cmd "cd ././example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-08 20:28:21.112: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-08 20:28:21.112: debug: Signing completed after 1s. +2008-07-08 20:28:21.112: debug: +2008-07-08 20:28:21.113: notice: end of run: 0 errors occured +2008-07-08 20:32:23.121: notice: ------------------------------------------------------------ +2008-07-08 20:32:23.121: notice: running ../../dnssec-signer -v -v +2008-07-08 20:32:23.123: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-08 20:32:23.123: debug: Check RFC5011 status +2008-07-08 20:32:23.124: debug: ->ksk5011status returns 0 +2008-07-08 20:32:23.124: debug: Check KSK status +2008-07-08 20:32:23.124: debug: Check ZSK status +2008-07-08 20:32:23.124: debug: Re-signing not necessary! +2008-07-08 20:32:23.124: debug: Check if there is a parent file to copy +2008-07-08 20:32:23.124: debug: +2008-07-08 20:32:23.124: debug: parsing zone "example.net." in dir "./example.net." +2008-07-08 20:32:23.124: debug: Check RFC5011 status +2008-07-08 20:32:23.124: debug: ->ksk5011status returns 2 +2008-07-08 20:32:23.124: debug: Check ZSK status +2008-07-08 20:32:23.124: debug: Re-signing not necessary! +2008-07-08 20:32:23.124: debug: Check if there is a parent file to copy +2008-07-08 20:32:23.124: debug: +2008-07-08 20:32:23.124: notice: end of run: 0 errors occured +2008-07-08 20:32:30.246: notice: ------------------------------------------------------------ +2008-07-08 20:32:30.246: notice: running ../../dnssec-signer -v -v -N named.conf +2008-07-08 20:32:30.246: debug: parsing zone "sub.example.net." in dir "././sub.example.net." +2008-07-08 20:32:30.246: debug: Check RFC5011 status +2008-07-08 20:32:30.246: debug: ->ksk5011status returns 0 +2008-07-08 20:32:30.246: debug: Check KSK status +2008-07-08 20:32:30.246: debug: Check ZSK status +2008-07-08 20:32:30.246: debug: Re-signing not necessary! +2008-07-08 20:32:30.246: debug: Check if there is a parent file to copy +2008-07-08 20:32:30.246: debug: +2008-07-08 20:32:30.246: debug: parsing zone "example.net." in dir "././example.net." +2008-07-08 20:32:30.246: debug: Check RFC5011 status +2008-07-08 20:32:30.246: debug: ->ksk5011status returns 2 +2008-07-08 20:32:30.247: debug: Check ZSK status +2008-07-08 20:32:30.247: debug: Re-signing not necessary! +2008-07-08 20:32:30.247: debug: Check if there is a parent file to copy +2008-07-08 20:32:30.247: debug: +2008-07-08 20:32:30.247: notice: end of run: 0 errors occured +2008-07-08 20:35:51.512: notice: ------------------------------------------------------------ +2008-07-08 20:35:51.512: notice: running ../../dnssec-signer -v -v -N named.conf +2008-07-08 20:35:51.512: debug: parsing zone "sub.example.net." in dir "././sub.example.net." +2008-07-08 20:35:51.512: debug: Check RFC5011 status +2008-07-08 20:35:51.512: debug: ->ksk5011status returns 0 +2008-07-08 20:35:51.513: debug: Check KSK status +2008-07-08 20:35:51.513: debug: Check ZSK status +2008-07-08 20:35:51.513: debug: Re-signing not necessary! +2008-07-08 20:35:51.513: debug: Check if there is a parent file to copy +2008-07-08 20:35:51.513: debug: +2008-07-08 20:35:51.513: debug: parsing zone "example.net." in dir "././example.net." +2008-07-08 20:35:51.513: debug: Check RFC5011 status +2008-07-08 20:35:51.513: debug: ->ksk5011status returns 2 +2008-07-08 20:35:51.513: debug: Check ZSK status +2008-07-08 20:35:51.513: debug: Re-signing not necessary! +2008-07-08 20:35:51.513: debug: Check if there is a parent file to copy +2008-07-08 20:35:51.513: debug: +2008-07-08 20:35:51.513: notice: end of run: 0 errors occured +2008-07-08 20:37:16.569: notice: ------------------------------------------------------------ +2008-07-08 20:37:16.569: notice: running ../../dnssec-signer -v -v -N named.conf +2008-07-08 20:37:16.569: debug: parsing zone "sub.example.net." in dir "././sub.example.net." +2008-07-08 20:37:16.569: debug: Check RFC5011 status +2008-07-08 20:37:16.569: debug: ->ksk5011status returns 0 +2008-07-08 20:37:16.570: debug: Check KSK status +2008-07-08 20:37:16.570: debug: Check ZSK status +2008-07-08 20:37:16.570: debug: Re-signing not necessary! +2008-07-08 20:37:16.570: debug: Check if there is a parent file to copy +2008-07-08 20:37:16.570: debug: +2008-07-08 20:37:16.570: debug: parsing zone "example.net." in dir "././example.net." +2008-07-08 20:37:16.570: debug: Check RFC5011 status +2008-07-08 20:37:16.570: debug: ->ksk5011status returns 2 +2008-07-08 20:37:16.570: debug: Check ZSK status +2008-07-08 20:37:16.570: debug: Re-signing not necessary! +2008-07-08 20:37:16.570: debug: Check if there is a parent file to copy +2008-07-08 20:37:16.570: debug: +2008-07-08 20:37:16.570: notice: end of run: 0 errors occured +2008-07-08 20:37:29.134: notice: ------------------------------------------------------------ +2008-07-08 20:37:29.134: notice: running ../../dnssec-signer -v -v +2008-07-08 20:37:29.137: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-08 20:37:29.137: debug: Check RFC5011 status +2008-07-08 20:37:29.137: debug: ->ksk5011status returns 0 +2008-07-08 20:37:29.137: debug: Check KSK status +2008-07-08 20:37:29.137: debug: Check ZSK status +2008-07-08 20:37:29.137: debug: Re-signing not necessary! +2008-07-08 20:37:29.138: debug: Check if there is a parent file to copy +2008-07-08 20:37:29.138: debug: +2008-07-08 20:37:29.138: debug: parsing zone "example.net." in dir "./example.net." +2008-07-08 20:37:29.138: debug: Check RFC5011 status +2008-07-08 20:37:29.138: debug: ->ksk5011status returns 2 +2008-07-08 20:37:29.138: debug: Check ZSK status +2008-07-08 20:37:29.138: debug: Re-signing not necessary! +2008-07-08 20:37:29.139: debug: Check if there is a parent file to copy +2008-07-08 20:37:29.139: debug: +2008-07-08 20:37:29.139: notice: end of run: 0 errors occured +2008-07-08 20:39:39.895: notice: ------------------------------------------------------------ +2008-07-08 20:39:39.895: notice: running ../../dnssec-signer -N named.conf -v -v +2008-07-08 20:39:39.895: debug: parsing zone "sub.example.net." in dir "././sub.example.net." +2008-07-08 20:39:39.895: debug: Check RFC5011 status +2008-07-08 20:39:39.895: debug: ->ksk5011status returns 0 +2008-07-08 20:39:39.895: debug: Check KSK status +2008-07-08 20:39:39.895: debug: Check ZSK status +2008-07-08 20:39:39.895: debug: Re-signing not necessary! +2008-07-08 20:39:39.895: debug: Check if there is a parent file to copy +2008-07-08 20:39:39.895: debug: +2008-07-08 20:39:39.895: debug: parsing zone "example.net." in dir "././example.net." +2008-07-08 20:39:39.895: debug: Check RFC5011 status +2008-07-08 20:39:39.895: debug: ->ksk5011status returns 2 +2008-07-08 20:39:39.895: debug: Check ZSK status +2008-07-08 20:39:39.895: debug: Re-signing not necessary! +2008-07-08 20:39:39.895: debug: Check if there is a parent file to copy +2008-07-08 20:39:39.895: debug: +2008-07-08 20:39:39.895: notice: end of run: 0 errors occured +2008-07-08 20:42:54.377: notice: ------------------------------------------------------------ +2008-07-08 20:42:54.377: notice: running ../../dnssec-signer -v -v -D . +2008-07-08 20:42:54.377: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-08 20:42:54.377: debug: Check RFC5011 status +2008-07-08 20:42:54.377: debug: ->ksk5011status returns 0 +2008-07-08 20:42:54.377: debug: Check KSK status +2008-07-08 20:42:54.377: debug: Check ZSK status +2008-07-08 20:42:54.377: debug: Re-signing not necessary! +2008-07-08 20:42:54.377: debug: Check if there is a parent file to copy +2008-07-08 20:42:54.377: debug: +2008-07-08 20:42:54.377: debug: parsing zone "example.net." in dir "./example.net." +2008-07-08 20:42:54.378: debug: Check RFC5011 status +2008-07-08 20:42:54.378: debug: ->ksk5011status returns 2 +2008-07-08 20:42:54.378: debug: Check ZSK status +2008-07-08 20:42:54.378: debug: Re-signing not necessary! +2008-07-08 20:42:54.378: debug: Check if there is a parent file to copy +2008-07-08 20:42:54.378: debug: +2008-07-08 20:42:54.378: notice: end of run: 0 errors occured +2008-07-08 20:53:40.414: notice: ------------------------------------------------------------ +2008-07-08 20:53:40.414: notice: running ../../dnssec-signer -v -v -D . +2008-07-08 20:53:40.417: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-08 20:53:40.417: debug: Check RFC5011 status +2008-07-08 20:53:40.417: debug: ->ksk5011status returns 0 +2008-07-08 20:53:40.417: debug: Check KSK status +2008-07-08 20:53:40.417: debug: Check ZSK status +2008-07-08 20:53:40.417: debug: Re-signing not necessary! +2008-07-08 20:53:40.417: debug: Check if there is a parent file to copy +2008-07-08 20:53:40.417: debug: +2008-07-08 20:53:40.417: debug: parsing zone "example.net." in dir "./example.net." +2008-07-08 20:53:40.417: debug: Check RFC5011 status +2008-07-08 20:53:40.417: debug: ->ksk5011status returns 2 +2008-07-08 20:53:40.417: debug: Check ZSK status +2008-07-08 20:53:40.417: debug: Re-signing not necessary! +2008-07-08 20:53:40.418: debug: Check if there is a parent file to copy +2008-07-08 20:53:40.418: debug: +2008-07-08 20:53:40.418: notice: end of run: 0 errors occured +2008-07-08 20:53:49.488: notice: ------------------------------------------------------------ +2008-07-08 20:53:49.488: notice: running ../../dnssec-signer -v -v -N named.conf +2008-07-08 20:53:49.490: debug: parsing zone "sub.example.net." in dir "././sub.example.net." +2008-07-08 20:53:49.490: debug: Check RFC5011 status +2008-07-08 20:53:49.490: debug: ->ksk5011status returns 0 +2008-07-08 20:53:49.491: debug: Check KSK status +2008-07-08 20:53:49.491: debug: Check ZSK status +2008-07-08 20:53:49.491: debug: Re-signing not necessary! +2008-07-08 20:53:49.491: debug: Check if there is a parent file to copy +2008-07-08 20:53:49.491: debug: +2008-07-08 20:53:49.491: debug: parsing zone "example.net." in dir "././example.net." +2008-07-08 20:53:49.492: debug: Check RFC5011 status +2008-07-08 20:53:49.492: debug: ->ksk5011status returns 2 +2008-07-08 20:53:49.492: debug: Check ZSK status +2008-07-08 20:53:49.492: debug: Re-signing not necessary! +2008-07-08 20:53:49.492: debug: Check if there is a parent file to copy +2008-07-08 20:53:49.492: debug: +2008-07-08 20:53:49.492: notice: end of run: 0 errors occured +2008-07-09 00:42:08.103: notice: ------------------------------------------------------------ +2008-07-09 00:42:08.103: notice: running ../../dnssec-signer -v -v +2008-07-09 00:42:08.106: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-09 00:42:08.106: debug: Check RFC5011 status +2008-07-09 00:42:08.106: debug: ->ksk5011status returns 0 +2008-07-09 00:42:08.106: debug: Check KSK status +2008-07-09 00:42:08.106: debug: ksk_rollover +2008-07-09 00:42:08.106: debug: Check ZSK status +2008-07-09 00:42:08.106: debug: Re-signing not necessary! +2008-07-09 00:42:08.106: debug: Check if there is a parent file to copy +2008-07-09 00:42:08.106: debug: +2008-07-09 00:42:08.106: debug: parsing zone "example.net." in dir "./example.net." +2008-07-09 00:42:08.106: debug: Check RFC5011 status +2008-07-09 00:42:08.106: debug: ->ksk5011status returns 2 +2008-07-09 00:42:08.106: debug: Check ZSK status +2008-07-09 00:42:08.106: debug: Re-signing not necessary! +2008-07-09 00:42:08.106: debug: Check if there is a parent file to copy +2008-07-09 00:42:08.106: debug: +2008-07-09 00:42:08.106: notice: end of run: 0 errors occured +2008-07-09 00:45:19.663: notice: ------------------------------------------------------------ +2008-07-09 00:45:19.663: notice: running ../../dnssec-signer -v -v +2008-07-09 00:45:19.665: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-09 00:45:19.665: debug: Check RFC5011 status +2008-07-09 00:45:19.665: debug: ->ksk5011status returns 0 +2008-07-09 00:45:19.665: debug: Check KSK status +2008-07-09 00:45:19.665: debug: Check ZSK status +2008-07-09 00:45:19.665: debug: Re-signing not necessary! +2008-07-09 00:45:19.665: debug: Check if there is a parent file to copy +2008-07-09 00:45:19.665: debug: +2008-07-09 00:45:19.665: debug: parsing zone "example.net." in dir "./example.net." +2008-07-09 00:45:19.665: debug: Check RFC5011 status +2008-07-09 00:45:19.665: debug: ->ksk5011status returns 2 +2008-07-09 00:45:19.665: debug: Check ZSK status +2008-07-09 00:45:19.665: debug: Re-signing not necessary! +2008-07-09 00:45:19.665: debug: Check if there is a parent file to copy +2008-07-09 00:45:19.665: debug: +2008-07-09 00:45:19.665: notice: end of run: 0 errors occured +2008-07-09 23:46:12.682: notice: ------------------------------------------------------------ +2008-07-09 23:46:12.682: notice: running ../../dnssec-signer -v -v -D /home/hoz/named/dnssec-signer/zkt-0.97/examples/flat/ +2008-07-09 23:46:12.702: debug: parsing zone "sub.example.net." in dir "/home/hoz/named/dnssec-signer/zkt-0.97/examples/flat/sub.example.net." +2008-07-09 23:46:12.702: debug: Check RFC5011 status +2008-07-09 23:46:12.702: debug: ->ksk5011status returns 0 +2008-07-09 23:46:12.702: debug: Check KSK status +2008-07-09 23:46:12.702: debug: Check ZSK status +2008-07-09 23:46:12.702: debug: Re-signing necessary: re-signing interval (1d) reached +2008-07-09 23:46:12.702: notice: "sub.example.net.": re-signing triggered: re-signing interval (1d) reached +2008-07-09 23:46:12.702: debug: Writing key file "/home/hoz/named/dnssec-signer/zkt-0.97/examples/flat/sub.example.net./dnskey.db" +2008-07-09 23:46:12.702: debug: Signing zone "sub.example.net." +2008-07-09 23:46:12.702: debug: Run cmd "cd /home/hoz/named/dnssec-signer/zkt-0.97/examples/flat/sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-09 23:46:13.222: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-09 23:46:13.222: debug: Signing completed after 1s. +2008-07-09 23:46:13.222: debug: +2008-07-09 23:46:13.222: debug: parsing zone "example.net." in dir "/home/hoz/named/dnssec-signer/zkt-0.97/examples/flat/example.net." +2008-07-09 23:46:13.222: debug: Check RFC5011 status +2008-07-09 23:46:13.222: debug: ->ksk5011status returns 2 +2008-07-09 23:46:13.222: debug: Check ZSK status +2008-07-09 23:46:13.222: debug: Lifetime(29100 sec) of depreciated key 14939 exceeded (98273 sec) +2008-07-09 23:46:13.222: info: "example.net.": removed old ZSK 14939 + +2008-07-09 23:46:13.222: debug: ->remove it +2008-07-09 23:46:13.222: debug: Re-signing necessary: New zone key +2008-07-09 23:46:13.222: notice: "example.net.": re-signing triggered: New zone key +2008-07-09 23:46:13.222: debug: Writing key file "/home/hoz/named/dnssec-signer/zkt-0.97/examples/flat/example.net./dnskey.db" +2008-07-09 23:46:13.223: debug: Incrementing serial number in file "/home/hoz/named/dnssec-signer/zkt-0.97/examples/flat/example.net./zone.db" +2008-07-09 23:46:13.223: debug: Signing zone "example.net." +2008-07-09 23:46:13.223: debug: Run cmd "cd /home/hoz/named/dnssec-signer/zkt-0.97/examples/flat/example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-09 23:46:13.374: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-09 23:46:13.374: debug: Signing completed after 0s. +2008-07-09 23:46:13.374: debug: +2008-07-09 23:46:13.374: notice: end of run: 0 errors occured +2008-07-15 00:21:04.641: notice: ------------------------------------------------------------ +2008-07-15 00:21:04.641: notice: running ../../dnssec-signer -r -v -v +2008-07-15 00:21:05.071: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-15 00:21:05.071: debug: Check RFC5011 status +2008-07-15 00:21:05.071: debug: ->ksk5011status returns 0 +2008-07-15 00:21:05.071: debug: Check KSK status +2008-07-15 00:21:05.071: debug: Check ZSK status +2008-07-15 00:21:05.071: debug: Lifetime(259200 +/-150 sec) of active key 2338 exceeded (602830 sec) +2008-07-15 00:21:05.071: debug: ->depreciate it +2008-07-15 00:21:05.072: debug: ->activate published key 9198 +2008-07-15 00:21:05.072: notice: "sub.example.net.": lifetime of zone signing key 2338 exceeded: ZSK rollover done +2008-07-15 00:21:05.072: debug: New published key needed +2008-07-15 00:21:05.128: debug: ->creating new published key 8397 +2008-07-15 00:21:05.128: info: "sub.example.net.": new published key 8397 created +2008-07-15 00:21:05.128: debug: Re-signing necessary: New zone key +2008-07-15 00:21:05.128: notice: "sub.example.net.": re-signing triggered: New zone key +2008-07-15 00:21:05.129: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-15 00:21:05.129: debug: Signing zone "sub.example.net." +2008-07-15 00:21:05.129: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-15 00:21:05.274: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-15 00:21:05.274: debug: Signing completed after 0s. +2008-07-15 00:21:05.274: notice: "sub.example.net.": distribution triggered +2008-07-15 00:21:05.275: debug: Distribute zone "sub.example.net." +2008-07-15 00:21:05.275: debug: Run cmd "./dist.sh reload sub.example.net." +2008-07-15 00:21:05.279: debug: +2008-07-15 00:21:05.279: debug: parsing zone "example.net." in dir "./example.net." +2008-07-15 00:21:05.279: debug: Check RFC5011 status +2008-07-15 00:21:05.279: debug: ->ksk5011status returns 2 +2008-07-15 00:21:05.279: debug: Check ZSK status +2008-07-15 00:21:05.279: debug: Re-signing necessary: re-signing interval (2d) reached +2008-07-15 00:21:05.279: notice: "example.net.": re-signing triggered: re-signing interval (2d) reached +2008-07-15 00:21:05.279: debug: Writing key file "./example.net./dnskey.db" +2008-07-15 00:21:05.280: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-15 00:21:05.280: debug: Signing zone "example.net." +2008-07-15 00:21:05.280: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-15 00:21:05.418: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-15 00:21:05.419: debug: Signing completed after 0s. +2008-07-15 00:21:05.419: notice: "example.net.": distribution triggered +2008-07-15 00:21:05.419: debug: Distribute zone "example.net." +2008-07-15 00:21:05.419: debug: Run cmd "./dist.sh reload example.net." +2008-07-15 00:21:05.423: debug: +2008-07-15 00:21:05.423: notice: end of run: 0 errors occured +2008-07-15 00:21:18.128: notice: ------------------------------------------------------------ +2008-07-15 00:21:18.128: notice: running ../../dnssec-signer -r -v -v +2008-07-15 00:21:18.130: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-15 00:21:18.130: debug: Check RFC5011 status +2008-07-15 00:21:18.130: debug: ->ksk5011status returns 0 +2008-07-15 00:21:18.130: debug: Check KSK status +2008-07-15 00:21:18.130: debug: Check ZSK status +2008-07-15 00:21:18.130: debug: Re-signing not necessary! +2008-07-15 00:21:18.130: debug: Check if there is a parent file to copy +2008-07-15 00:21:18.130: debug: +2008-07-15 00:21:18.130: debug: parsing zone "example.net." in dir "./example.net." +2008-07-15 00:21:18.131: debug: Check RFC5011 status +2008-07-15 00:21:18.131: debug: ->ksk5011status returns 2 +2008-07-15 00:21:18.131: debug: Check ZSK status +2008-07-15 00:21:18.131: debug: Re-signing not necessary! +2008-07-15 00:21:18.131: debug: Check if there is a parent file to copy +2008-07-15 00:21:18.131: debug: +2008-07-15 00:21:18.131: notice: end of run: 0 errors occured +2008-07-15 00:21:26.360: notice: ------------------------------------------------------------ +2008-07-15 00:21:26.360: notice: running ../../dnssec-signer -f -r -v -v +2008-07-15 00:21:26.362: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-15 00:21:26.362: debug: Check RFC5011 status +2008-07-15 00:21:26.362: debug: ->ksk5011status returns 0 +2008-07-15 00:21:26.362: debug: Check KSK status +2008-07-15 00:21:26.362: debug: Check ZSK status +2008-07-15 00:21:26.362: debug: Re-signing necessary: Option -f +2008-07-15 00:21:26.362: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-15 00:21:26.362: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-15 00:21:26.363: debug: Signing zone "sub.example.net." +2008-07-15 00:21:26.363: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-15 00:21:26.978: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-15 00:21:26.978: debug: Signing completed after 0s. +2008-07-15 00:21:26.978: notice: "sub.example.net.": distribution triggered +2008-07-15 00:21:26.978: debug: Distribute zone "sub.example.net." +2008-07-15 00:21:26.978: debug: Run cmd "./dist.sh reload sub.example.net." +2008-07-15 00:21:26.983: debug: +2008-07-15 00:21:26.983: debug: parsing zone "example.net." in dir "./example.net." +2008-07-15 00:21:26.983: debug: Check RFC5011 status +2008-07-15 00:21:26.983: debug: ->ksk5011status returns 2 +2008-07-15 00:21:26.983: debug: Check ZSK status +2008-07-15 00:21:26.983: debug: Re-signing necessary: Option -f +2008-07-15 00:21:26.983: notice: "example.net.": re-signing triggered: Option -f +2008-07-15 00:21:26.983: debug: Writing key file "./example.net./dnskey.db" +2008-07-15 00:21:26.983: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-15 00:21:26.983: debug: Signing zone "example.net." +2008-07-15 00:21:26.983: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-15 00:21:27.122: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-15 00:21:27.122: debug: Signing completed after 1s. +2008-07-15 00:21:27.122: notice: "example.net.": distribution triggered +2008-07-15 00:21:27.122: debug: Distribute zone "example.net." +2008-07-15 00:21:27.122: debug: Run cmd "./dist.sh reload example.net." +2008-07-15 00:21:27.127: debug: +2008-07-15 00:21:27.127: notice: end of run: 0 errors occured +2008-07-15 00:21:52.947: notice: ------------------------------------------------------------ +2008-07-15 00:21:52.947: notice: running ../../dnssec-signer -f -r -v -v +2008-07-15 00:21:52.951: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-15 00:21:52.951: debug: Check RFC5011 status +2008-07-15 00:21:52.951: debug: ->ksk5011status returns 0 +2008-07-15 00:21:52.951: debug: Check KSK status +2008-07-15 00:21:52.951: debug: Check ZSK status +2008-07-15 00:21:52.951: debug: Re-signing necessary: Option -f +2008-07-15 00:21:52.951: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-15 00:21:52.951: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-15 00:21:52.952: debug: Signing zone "sub.example.net." +2008-07-15 00:21:52.952: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-15 00:21:53.119: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-15 00:21:53.119: debug: Signing completed after 1s. +2008-07-15 00:21:53.120: notice: "sub.example.net.": distribution triggered +2008-07-15 00:21:53.120: debug: Distribute zone "sub.example.net." +2008-07-15 00:21:53.120: debug: Run cmd "./dist.sh reload sub.example.net." +2008-07-15 00:21:53.126: debug: +2008-07-15 00:21:53.126: debug: parsing zone "example.net." in dir "./example.net." +2008-07-15 00:21:53.126: debug: Check RFC5011 status +2008-07-15 00:21:53.126: debug: ->ksk5011status returns 2 +2008-07-15 00:21:53.126: debug: Check ZSK status +2008-07-15 00:21:53.126: debug: Re-signing necessary: Option -f +2008-07-15 00:21:53.126: notice: "example.net.": re-signing triggered: Option -f +2008-07-15 00:21:53.126: debug: Writing key file "./example.net./dnskey.db" +2008-07-15 00:21:53.126: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-15 00:21:53.126: debug: Signing zone "example.net." +2008-07-15 00:21:53.126: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-15 00:21:53.262: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-15 00:21:53.262: debug: Signing completed after 0s. +2008-07-15 00:21:53.262: notice: "example.net.": distribution triggered +2008-07-15 00:21:53.262: debug: Distribute zone "example.net." +2008-07-15 00:21:53.262: debug: Run cmd "./dist.sh reload example.net." +2008-07-15 00:21:53.268: debug: +2008-07-15 00:21:53.268: notice: end of run: 0 errors occured +2008-07-15 00:23:40.781: notice: ------------------------------------------------------------ +2008-07-15 00:23:40.781: notice: running ../../dnssec-signer -f -r -v -v +2008-07-15 00:23:40.783: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-15 00:23:40.783: debug: Check RFC5011 status +2008-07-15 00:23:40.783: debug: ->ksk5011status returns 0 +2008-07-15 00:23:40.783: debug: Check KSK status +2008-07-15 00:23:40.783: debug: Check ZSK status +2008-07-15 00:23:40.783: debug: Re-signing necessary: Option -f +2008-07-15 00:23:40.783: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-15 00:23:40.783: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-15 00:23:40.786: debug: Signing zone "sub.example.net." +2008-07-15 00:23:40.786: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-15 00:23:41.281: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-15 00:23:41.281: debug: Signing completed after 1s. +2008-07-15 00:23:41.281: notice: "sub.example.net.": distribution triggered +2008-07-15 00:23:41.281: debug: Distribute zone "sub.example.net." +2008-07-15 00:23:41.281: debug: Run cmd "./dist.sh reload sub.example.net." +2008-07-15 00:23:41.287: debug: +2008-07-15 00:23:41.287: debug: parsing zone "example.net." in dir "./example.net." +2008-07-15 00:23:41.287: debug: Check RFC5011 status +2008-07-15 00:23:41.287: debug: ->ksk5011status returns 2 +2008-07-15 00:23:41.287: debug: Check ZSK status +2008-07-15 00:23:41.287: debug: Re-signing necessary: Option -f +2008-07-15 00:23:41.287: notice: "example.net.": re-signing triggered: Option -f +2008-07-15 00:23:41.288: debug: Writing key file "./example.net./dnskey.db" +2008-07-15 00:23:41.288: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-15 00:23:41.288: debug: Signing zone "example.net." +2008-07-15 00:23:41.289: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-15 00:23:41.561: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-15 00:23:41.561: debug: Signing completed after 0s. +2008-07-15 00:23:41.561: notice: "example.net.": distribution triggered +2008-07-15 00:23:41.561: debug: Distribute zone "example.net." +2008-07-15 00:23:41.561: debug: Run cmd "./dist.sh reload example.net." +2008-07-15 00:23:41.566: debug: +2008-07-15 00:23:41.567: notice: end of run: 0 errors occured +2008-07-15 00:31:10.917: notice: ------------------------------------------------------------ +2008-07-15 00:31:10.917: notice: running ../../dnssec-signer -f -r -v -v +2008-07-15 00:31:10.923: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-15 00:31:10.923: debug: Check RFC5011 status +2008-07-15 00:31:10.923: debug: ->ksk5011status returns 0 +2008-07-15 00:31:10.923: debug: Check KSK status +2008-07-15 00:31:10.923: debug: Check ZSK status +2008-07-15 00:31:10.923: debug: Lifetime(390 sec) of depreciated key 2338 exceeded (605 sec) +2008-07-15 00:31:10.923: info: "sub.example.net.": removed old ZSK 2338 + +2008-07-15 00:31:10.924: debug: ->remove it +2008-07-15 00:31:10.924: debug: Re-signing necessary: Option -f +2008-07-15 00:31:10.924: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-15 00:31:10.924: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-15 00:31:11.347: debug: Signing zone "sub.example.net." +2008-07-15 00:31:11.347: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-15 00:31:11.571: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-15 00:31:11.571: debug: Signing completed after 0s. +2008-07-15 00:31:11.571: notice: "sub.example.net.": distribution triggered +2008-07-15 00:31:11.571: debug: Distribute zone "sub.example.net." +2008-07-15 00:31:11.571: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-15 00:31:11.579: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed :/sub.example.net." +2008-07-15 00:31:11.579: debug: +2008-07-15 00:31:11.580: debug: parsing zone "example.net." in dir "./example.net." +2008-07-15 00:31:11.580: debug: Check RFC5011 status +2008-07-15 00:31:11.580: debug: ->ksk5011status returns 2 +2008-07-15 00:31:11.580: debug: Check ZSK status +2008-07-15 00:31:11.580: debug: Re-signing necessary: Option -f +2008-07-15 00:31:11.580: notice: "example.net.": re-signing triggered: Option -f +2008-07-15 00:31:11.580: debug: Writing key file "./example.net./dnskey.db" +2008-07-15 00:31:11.581: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-15 00:31:11.581: debug: Signing zone "example.net." +2008-07-15 00:31:11.581: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-15 00:31:11.698: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-15 00:31:11.698: debug: Signing completed after 0s. +2008-07-15 00:31:11.698: notice: "example.net.": distribution triggered +2008-07-15 00:31:11.698: debug: Distribute zone "example.net." +2008-07-15 00:31:11.698: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" +2008-07-15 00:31:11.704: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed :/example.net." +2008-07-15 00:31:11.704: debug: +2008-07-15 00:31:11.704: notice: end of run: 0 errors occured +2008-07-15 00:32:00.676: notice: ------------------------------------------------------------ +2008-07-15 00:32:00.676: notice: running ../../dnssec-signer -f -r -v -v +2008-07-15 00:32:00.678: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-15 00:32:00.678: debug: Check RFC5011 status +2008-07-15 00:32:00.678: debug: ->ksk5011status returns 0 +2008-07-15 00:32:00.678: debug: Check KSK status +2008-07-15 00:32:00.678: debug: Check ZSK status +2008-07-15 00:32:00.678: debug: Re-signing necessary: Option -f +2008-07-15 00:32:00.678: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-15 00:32:00.678: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-15 00:32:00.679: debug: Signing zone "sub.example.net." +2008-07-15 00:32:00.679: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-15 00:32:01.282: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-15 00:32:01.282: debug: Signing completed after 1s. +2008-07-15 00:32:01.282: notice: "sub.example.net.": distribution triggered +2008-07-15 00:32:01.282: debug: Distribute zone "sub.example.net." +2008-07-15 00:32:01.282: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-15 00:32:01.289: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/sub.example.net." +2008-07-15 00:32:01.289: debug: +2008-07-15 00:32:01.289: debug: parsing zone "example.net." in dir "./example.net." +2008-07-15 00:32:01.289: debug: Check RFC5011 status +2008-07-15 00:32:01.289: debug: ->ksk5011status returns 2 +2008-07-15 00:32:01.289: debug: Check ZSK status +2008-07-15 00:32:01.290: debug: Re-signing necessary: Option -f +2008-07-15 00:32:01.290: notice: "example.net.": re-signing triggered: Option -f +2008-07-15 00:32:01.290: debug: Writing key file "./example.net./dnskey.db" +2008-07-15 00:32:01.291: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-15 00:32:01.291: debug: Signing zone "example.net." +2008-07-15 00:32:01.291: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-15 00:32:01.405: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-15 00:32:01.405: debug: Signing completed after 0s. +2008-07-15 00:32:01.406: notice: "example.net.": distribution triggered +2008-07-15 00:32:01.406: debug: Distribute zone "example.net." +2008-07-15 00:32:01.406: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" +2008-07-15 00:32:01.412: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/example.net." +2008-07-15 00:32:01.412: debug: +2008-07-15 00:32:01.412: notice: end of run: 0 errors occured +2008-07-15 00:33:00.866: notice: ------------------------------------------------------------ +2008-07-15 00:33:00.867: notice: running ../../dnssec-signer -f -r -v -v +2008-07-15 00:33:00.869: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-15 00:33:00.869: debug: Check RFC5011 status +2008-07-15 00:33:00.869: debug: ->ksk5011status returns 0 +2008-07-15 00:33:00.869: debug: Check KSK status +2008-07-15 00:33:00.869: debug: Check ZSK status +2008-07-15 00:33:00.869: debug: Re-signing necessary: Option -f +2008-07-15 00:33:00.870: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-15 00:33:00.870: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-15 00:33:00.870: debug: Signing zone "sub.example.net." +2008-07-15 00:33:00.870: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-15 00:33:01.531: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-15 00:33:01.531: debug: Signing completed after 1s. +2008-07-15 00:33:01.531: notice: "sub.example.net.": distribution triggered +2008-07-15 00:33:01.531: debug: Distribute zone "sub.example.net." +2008-07-15 00:33:01.531: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-15 00:33:01.537: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net." +2008-07-15 00:33:01.537: debug: +2008-07-15 00:33:01.537: debug: parsing zone "example.net." in dir "./example.net." +2008-07-15 00:33:01.538: debug: Check RFC5011 status +2008-07-15 00:33:01.538: debug: ->ksk5011status returns 2 +2008-07-15 00:33:01.538: debug: Check ZSK status +2008-07-15 00:33:01.538: debug: Re-signing necessary: Option -f +2008-07-15 00:33:01.538: notice: "example.net.": re-signing triggered: Option -f +2008-07-15 00:33:01.538: debug: Writing key file "./example.net./dnskey.db" +2008-07-15 00:33:01.539: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-15 00:33:01.539: debug: Signing zone "example.net." +2008-07-15 00:33:01.539: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-15 00:33:01.655: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-15 00:33:01.655: debug: Signing completed after 0s. +2008-07-15 00:33:01.655: notice: "example.net.": distribution triggered +2008-07-15 00:33:01.655: debug: Distribute zone "example.net." +2008-07-15 00:33:01.656: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" +2008-07-15 00:33:01.661: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net." +2008-07-15 00:33:01.662: debug: +2008-07-15 00:33:01.662: notice: end of run: 0 errors occured +2008-07-15 00:34:09.259: notice: ------------------------------------------------------------ +2008-07-15 00:34:09.259: notice: running ../../dnssec-signer -f -r -v -v +2008-07-15 00:34:09.261: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-15 00:34:09.261: debug: Check RFC5011 status +2008-07-15 00:34:09.261: debug: ->ksk5011status returns 0 +2008-07-15 00:34:09.261: debug: Check KSK status +2008-07-15 00:34:09.261: debug: Check ZSK status +2008-07-15 00:34:09.261: debug: Re-signing necessary: Option -f +2008-07-15 00:34:09.261: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-15 00:34:09.261: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-15 00:34:09.261: debug: Signing zone "sub.example.net." +2008-07-15 00:34:09.261: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-15 00:34:10.245: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-15 00:34:10.245: debug: Signing completed after 1s. +2008-07-15 00:34:10.245: notice: "sub.example.net.": distribution triggered +2008-07-15 00:34:10.245: debug: Distribute zone "sub.example.net." +2008-07-15 00:34:10.245: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-15 00:34:10.251: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./" +2008-07-15 00:34:10.252: debug: +2008-07-15 00:34:10.252: debug: parsing zone "example.net." in dir "./example.net." +2008-07-15 00:34:10.252: debug: Check RFC5011 status +2008-07-15 00:34:10.252: debug: ->ksk5011status returns 2 +2008-07-15 00:34:10.252: debug: Check ZSK status +2008-07-15 00:34:10.252: debug: Re-signing necessary: Option -f +2008-07-15 00:34:10.252: notice: "example.net.": re-signing triggered: Option -f +2008-07-15 00:34:10.252: debug: Writing key file "./example.net./dnskey.db" +2008-07-15 00:34:10.252: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-15 00:34:10.252: debug: Signing zone "example.net." +2008-07-15 00:34:10.252: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-15 00:34:10.369: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-15 00:34:10.369: debug: Signing completed after 0s. +2008-07-15 00:34:10.369: notice: "example.net.": distribution triggered +2008-07-15 00:34:10.369: debug: Distribute zone "example.net." +2008-07-15 00:34:10.369: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" +2008-07-15 00:34:10.375: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./" +2008-07-15 00:34:10.375: debug: +2008-07-15 00:34:10.375: notice: end of run: 0 errors occured +2008-07-18 00:38:52.860: notice: ------------------------------------------------------------ +2008-07-18 00:38:52.860: notice: running ../../dnssec-signer -v -v +2008-07-18 00:38:52.862: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-18 00:38:52.862: debug: Check RFC5011 status +2008-07-18 00:38:52.862: debug: ->ksk5011status returns 0 +2008-07-18 00:38:52.862: debug: Check KSK status +2008-07-18 00:38:52.862: debug: Check ZSK status +2008-07-18 00:38:52.862: debug: Lifetime(259200 +/-150 sec) of active key 9198 exceeded (260267 sec) +2008-07-18 00:38:52.862: debug: ->depreciate it +2008-07-18 00:38:52.862: debug: ->activate published key 8397 +2008-07-18 00:38:52.862: notice: "sub.example.net.": lifetime of zone signing key 9198 exceeded: ZSK rollover done +2008-07-18 00:38:52.862: debug: New published key needed +2008-07-18 00:38:53.418: debug: ->creating new published key 31081 +2008-07-18 00:38:53.418: info: "sub.example.net.": new key 31081 generated for publishing +2008-07-18 00:38:53.418: debug: Re-signing necessary: New zone key +2008-07-18 00:38:53.418: notice: "sub.example.net.": re-signing triggered: New zone key +2008-07-18 00:38:53.418: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-18 00:38:53.419: debug: Signing zone "sub.example.net." +2008-07-18 00:38:53.419: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-18 00:38:53.556: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-18 00:38:53.556: debug: Signing completed after 0s. +2008-07-18 00:38:53.556: debug: +2008-07-18 00:38:53.556: debug: parsing zone "example.net." in dir "./example.net." +2008-07-18 00:38:53.557: debug: Check RFC5011 status +2008-07-18 00:38:53.557: debug: ->ksk5011status returns 2 +2008-07-18 00:38:53.557: debug: Check ZSK status +2008-07-18 00:38:53.557: debug: Re-signing necessary: re-signing interval (2d) reached +2008-07-18 00:38:53.557: notice: "example.net.": re-signing triggered: re-signing interval (2d) reached +2008-07-18 00:38:53.557: debug: Writing key file "./example.net./dnskey.db" +2008-07-18 00:38:53.558: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-18 00:38:53.558: debug: Signing zone "example.net." +2008-07-18 00:38:53.559: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-18 00:38:53.715: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-18 00:38:53.715: debug: Signing completed after 0s. +2008-07-18 00:38:53.715: debug: +2008-07-18 00:38:53.716: notice: end of run: 0 errors occured +2008-07-18 00:39:29.824: notice: ------------------------------------------------------------ +2008-07-18 00:39:29.824: notice: running ../../dnssec-signer -r -v -v +2008-07-18 00:39:29.827: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-18 00:39:29.827: debug: Check RFC5011 status +2008-07-18 00:39:29.827: debug: ->ksk5011status returns 0 +2008-07-18 00:39:29.827: debug: Check KSK status +2008-07-18 00:39:29.827: debug: Check ZSK status +2008-07-18 00:39:29.827: debug: Re-signing not necessary! +2008-07-18 00:39:29.827: debug: Check if there is a parent file to copy +2008-07-18 00:39:29.827: debug: +2008-07-18 00:39:29.827: debug: parsing zone "example.net." in dir "./example.net." +2008-07-18 00:39:29.827: debug: Check RFC5011 status +2008-07-18 00:39:29.827: debug: ->ksk5011status returns 2 +2008-07-18 00:39:29.827: debug: Check ZSK status +2008-07-18 00:39:29.827: debug: Re-signing not necessary! +2008-07-18 00:39:29.827: debug: Check if there is a parent file to copy +2008-07-18 00:39:29.827: debug: +2008-07-18 00:39:29.828: notice: end of run: 0 errors occured +2008-07-18 00:39:36.641: notice: ------------------------------------------------------------ +2008-07-18 00:39:36.641: notice: running ../../dnssec-signer -r -f -v -v +2008-07-18 00:39:36.644: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-18 00:39:36.644: debug: Check RFC5011 status +2008-07-18 00:39:36.644: debug: ->ksk5011status returns 0 +2008-07-18 00:39:36.644: debug: Check KSK status +2008-07-18 00:39:36.644: debug: Check ZSK status +2008-07-18 00:39:36.644: debug: Re-signing necessary: Option -f +2008-07-18 00:39:36.644: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-18 00:39:36.644: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-18 00:39:36.644: debug: Signing zone "sub.example.net." +2008-07-18 00:39:36.644: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-18 00:39:37.144: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-18 00:39:37.144: debug: Signing completed after 1s. +2008-07-18 00:39:37.144: notice: "sub.example.net.": distribution triggered +2008-07-18 00:39:37.144: debug: Distribute zone "sub.example.net." +2008-07-18 00:39:37.144: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-18 00:39:37.151: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./" +2008-07-18 00:39:37.151: debug: +2008-07-18 00:39:37.151: debug: parsing zone "example.net." in dir "./example.net." +2008-07-18 00:39:37.151: debug: Check RFC5011 status +2008-07-18 00:39:37.151: debug: ->ksk5011status returns 2 +2008-07-18 00:39:37.151: debug: Check ZSK status +2008-07-18 00:39:37.151: debug: Re-signing necessary: Option -f +2008-07-18 00:39:37.151: notice: "example.net.": re-signing triggered: Option -f +2008-07-18 00:39:37.151: debug: Writing key file "./example.net./dnskey.db" +2008-07-18 00:39:37.152: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-18 00:39:37.152: debug: Signing zone "example.net." +2008-07-18 00:39:37.152: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-18 00:39:37.313: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-18 00:39:37.313: debug: Signing completed after 0s. +2008-07-18 00:39:37.313: notice: "example.net.": distribution triggered +2008-07-18 00:39:37.313: debug: Distribute zone "example.net." +2008-07-18 00:39:37.313: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" +2008-07-18 00:39:37.319: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./" +2008-07-18 00:39:37.319: debug: +2008-07-18 00:39:37.319: notice: end of run: 0 errors occured +2008-07-18 00:42:39.912: notice: ------------------------------------------------------------ +2008-07-18 00:42:39.912: notice: running ../../dnssec-signer -v -v +2008-07-18 00:42:39.914: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-18 00:42:39.914: debug: Check RFC5011 status +2008-07-18 00:42:39.914: debug: ->ksk5011status returns 0 +2008-07-18 00:42:39.914: debug: Check KSK status +2008-07-18 00:42:39.914: debug: Check ZSK status +2008-07-18 00:42:39.914: debug: Re-signing not necessary! +2008-07-18 00:42:39.914: debug: Check if there is a parent file to copy +2008-07-18 00:42:39.914: debug: +2008-07-18 00:42:39.914: debug: parsing zone "example.net." in dir "./example.net." +2008-07-18 00:42:39.914: debug: Check RFC5011 status +2008-07-18 00:42:39.914: debug: ->ksk5011status returns 2 +2008-07-18 00:42:39.914: debug: Check ZSK status +2008-07-18 00:42:39.914: debug: Re-signing not necessary! +2008-07-18 00:42:39.914: debug: Check if there is a parent file to copy +2008-07-18 00:42:39.914: debug: +2008-07-18 00:42:39.914: notice: end of run: 0 errors occured +2008-07-22 00:10:38.346: notice: ------------------------------------------------------------ +2008-07-22 00:10:38.346: notice: running ../../dnssec-signer -v -v +2008-07-22 00:10:38.349: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-22 00:10:38.349: debug: Check RFC5011 status +2008-07-22 00:10:38.349: debug: ->ksk5011status returns 0 +2008-07-22 00:10:38.349: debug: Check KSK status +2008-07-22 00:10:38.349: debug: Check ZSK status +2008-07-22 00:10:38.349: debug: Lifetime(390 sec) of depreciated key 9198 exceeded (343906 sec) +2008-07-22 00:10:38.349: info: "sub.example.net.": removed old ZSK 9198 + +2008-07-22 00:10:38.349: debug: ->remove it +2008-07-22 00:10:38.349: debug: Lifetime(259200 +/-150 sec) of active key 8397 exceeded (343906 sec) +2008-07-22 00:10:38.349: debug: ->depreciate it +2008-07-22 00:10:38.349: debug: ->activate published key 31081 +2008-07-22 00:10:38.349: notice: "sub.example.net.": lifetime of zone signing key 8397 exceeded: ZSK rollover done +2008-07-22 00:10:38.349: debug: New published key needed +2008-07-22 00:10:38.870: debug: ->creating new published key 3615 +2008-07-22 00:10:38.870: info: "sub.example.net.": new key 3615 generated for publishing +2008-07-22 00:10:38.870: debug: Re-signing necessary: New zone key +2008-07-22 00:10:38.870: notice: "sub.example.net.": re-signing triggered: New zone key +2008-07-22 00:10:38.870: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-22 00:10:38.871: debug: Signing zone "sub.example.net." +2008-07-22 00:10:38.871: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-22 00:10:39.208: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 00:10:39.208: debug: Signing completed after 1s. +2008-07-22 00:10:39.208: debug: +2008-07-22 00:10:39.208: debug: parsing zone "example.net." in dir "./example.net." +2008-07-22 00:10:39.208: debug: Check RFC5011 status +2008-07-22 00:10:39.208: debug: ->ksk5011status returns 2 +2008-07-22 00:10:39.208: debug: Check ZSK status +2008-07-22 00:10:39.208: debug: New published key needed +2008-07-22 00:10:39.255: debug: ->creating new published key 41300 +2008-07-22 00:10:39.255: info: "example.net.": new key 41300 generated for publishing +2008-07-22 00:10:39.255: debug: Re-signing necessary: New zone key +2008-07-22 00:10:39.255: notice: "example.net.": re-signing triggered: New zone key +2008-07-22 00:10:39.255: debug: Writing key file "./example.net./dnskey.db" +2008-07-22 00:10:39.256: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-22 00:10:39.256: debug: Signing zone "example.net." +2008-07-22 00:10:39.256: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-22 00:10:39.414: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 00:10:39.414: debug: Signing completed after 0s. +2008-07-22 00:10:39.414: debug: +2008-07-22 00:10:39.414: notice: end of run: 0 errors occured +2008-07-22 00:16:04.680: notice: ------------------------------------------------------------ +2008-07-22 00:16:04.680: notice: running ../../dnssec-signer -v -v +2008-07-22 00:16:04.682: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-22 00:16:04.682: debug: Check RFC5011 status +2008-07-22 00:16:04.682: debug: ->ksk5011status returns 0 +2008-07-22 00:16:04.683: debug: Check KSK status +2008-07-22 00:16:04.683: debug: Check ZSK status +2008-07-22 00:16:04.683: debug: Re-signing not necessary! +2008-07-22 00:16:04.683: debug: Check if there is a parent file to copy +2008-07-22 00:16:04.683: debug: +2008-07-22 00:16:04.683: debug: parsing zone "example.net." in dir "./example.net." +2008-07-22 00:16:04.683: debug: Check RFC5011 status +2008-07-22 00:16:04.683: debug: ->ksk5011status returns 2 +2008-07-22 00:16:04.684: debug: Check ZSK status +2008-07-22 00:16:04.684: debug: Re-signing not necessary! +2008-07-22 00:16:04.684: debug: Check if there is a parent file to copy +2008-07-22 00:16:04.684: debug: +2008-07-22 00:16:04.684: notice: end of run: 0 errors occured +2008-07-22 00:16:09.309: notice: ------------------------------------------------------------ +2008-07-22 00:16:09.309: notice: running ../../dnssec-signer -r -v -v +2008-07-22 00:16:09.311: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-22 00:16:09.311: debug: Check RFC5011 status +2008-07-22 00:16:09.311: debug: ->ksk5011status returns 0 +2008-07-22 00:16:09.312: debug: Check KSK status +2008-07-22 00:16:09.312: debug: Check ZSK status +2008-07-22 00:16:09.312: debug: Re-signing not necessary! +2008-07-22 00:16:09.312: debug: Check if there is a parent file to copy +2008-07-22 00:16:09.312: debug: +2008-07-22 00:16:09.312: debug: parsing zone "example.net." in dir "./example.net." +2008-07-22 00:16:09.312: debug: Check RFC5011 status +2008-07-22 00:16:09.312: debug: ->ksk5011status returns 2 +2008-07-22 00:16:09.313: debug: Check ZSK status +2008-07-22 00:16:09.313: debug: Re-signing not necessary! +2008-07-22 00:16:09.313: debug: Check if there is a parent file to copy +2008-07-22 00:16:09.313: debug: +2008-07-22 00:16:09.313: notice: end of run: 0 errors occured +2008-07-22 00:16:13.285: notice: ------------------------------------------------------------ +2008-07-22 00:16:13.285: notice: running ../../dnssec-signer -r -f -v -v +2008-07-22 00:16:13.287: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-22 00:16:13.287: debug: Check RFC5011 status +2008-07-22 00:16:13.287: debug: ->ksk5011status returns 0 +2008-07-22 00:16:13.287: debug: Check KSK status +2008-07-22 00:16:13.287: debug: Check ZSK status +2008-07-22 00:16:13.287: debug: Re-signing necessary: Option -f +2008-07-22 00:16:13.287: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-22 00:16:13.287: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-22 00:16:13.287: debug: Signing zone "sub.example.net." +2008-07-22 00:16:13.287: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-22 00:16:13.822: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 00:16:13.822: debug: Signing completed after 0s. +2008-07-22 00:16:13.822: notice: "sub.example.net.": distribution triggered +2008-07-22 00:16:13.822: debug: Distribute zone "sub.example.net." +2008-07-22 00:16:13.822: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-22 00:16:13.828: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./" +2008-07-22 00:16:13.828: debug: +2008-07-22 00:16:13.829: debug: parsing zone "example.net." in dir "./example.net." +2008-07-22 00:16:13.829: debug: Check RFC5011 status +2008-07-22 00:16:13.829: debug: ->ksk5011status returns 2 +2008-07-22 00:16:13.829: debug: Check ZSK status +2008-07-22 00:16:13.829: debug: Re-signing necessary: Option -f +2008-07-22 00:16:13.829: notice: "example.net.": re-signing triggered: Option -f +2008-07-22 00:16:13.829: debug: Writing key file "./example.net./dnskey.db" +2008-07-22 00:16:13.830: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-22 00:16:13.830: debug: Signing zone "example.net." +2008-07-22 00:16:13.830: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-22 00:16:13.976: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 00:16:13.976: debug: Signing completed after 0s. +2008-07-22 00:16:13.977: notice: "example.net.": distribution triggered +2008-07-22 00:16:13.977: debug: Distribute zone "example.net." +2008-07-22 00:16:13.977: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" +2008-07-22 00:16:13.983: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./" +2008-07-22 00:16:13.983: debug: +2008-07-22 00:16:13.983: notice: end of run: 0 errors occured +2008-07-22 00:20:56.119: notice: ------------------------------------------------------------ +2008-07-22 00:20:56.119: notice: running ../../dnssec-signer -r -f -v -v +2008-07-22 00:20:56.121: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-22 00:20:56.121: debug: Check RFC5011 status +2008-07-22 00:20:56.121: debug: ->ksk5011status returns 0 +2008-07-22 00:20:56.121: debug: Check KSK status +2008-07-22 00:20:56.121: debug: Check ZSK status +2008-07-22 00:20:56.121: debug: Lifetime(390 sec) of depreciated key 8397 exceeded (618 sec) +2008-07-22 00:20:56.121: info: "sub.example.net.": removed old ZSK 8397 + +2008-07-22 00:20:56.122: debug: ->remove it +2008-07-22 00:20:56.122: debug: Re-signing necessary: Option -f +2008-07-22 00:20:56.122: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-22 00:20:56.122: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-22 00:20:56.122: debug: Signing zone "sub.example.net." +2008-07-22 00:20:56.122: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-22 00:20:56.627: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 00:20:56.627: debug: Signing completed after 0s. +2008-07-22 00:20:56.627: notice: "sub.example.net.": distribution triggered +2008-07-22 00:20:56.627: debug: Distribute zone "sub.example.net." +2008-07-22 00:20:56.627: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-22 00:20:56.634: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./" +2008-07-22 00:20:56.635: debug: +2008-07-22 00:20:56.635: debug: parsing zone "example.net." in dir "./example.net." +2008-07-22 00:20:56.635: debug: Check RFC5011 status +2008-07-22 00:20:56.635: debug: ->ksk5011status returns 2 +2008-07-22 00:20:56.635: debug: Check ZSK status +2008-07-22 00:20:56.635: debug: Re-signing necessary: Option -f +2008-07-22 00:20:56.635: notice: "example.net.": re-signing triggered: Option -f +2008-07-22 00:20:56.635: debug: Writing key file "./example.net./dnskey.db" +2008-07-22 00:20:56.636: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-22 00:20:56.636: debug: Signing zone "example.net." +2008-07-22 00:20:56.637: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-22 00:20:56.760: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 00:20:56.760: debug: Signing completed after 0s. +2008-07-22 00:20:56.760: notice: "example.net.": distribution triggered +2008-07-22 00:20:56.760: debug: Distribute zone "example.net." +2008-07-22 00:20:56.760: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" +2008-07-22 00:20:56.768: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./" +2008-07-22 00:20:56.769: debug: +2008-07-22 00:20:56.769: notice: end of run: 0 errors occured +2008-07-22 00:23:51.528: notice: ------------------------------------------------------------ +2008-07-22 00:23:51.528: notice: running ../../dnssec-signer -r -f -v -v +2008-07-22 00:23:51.530: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-22 00:23:51.530: debug: Check RFC5011 status +2008-07-22 00:23:51.530: debug: ->ksk5011status returns 0 +2008-07-22 00:23:51.531: debug: Check KSK status +2008-07-22 00:23:51.531: debug: Check ZSK status +2008-07-22 00:23:51.531: debug: Re-signing necessary: Option -f +2008-07-22 00:23:51.531: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-22 00:23:51.531: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-22 00:23:51.531: debug: Signing zone "sub.example.net." +2008-07-22 00:23:51.532: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-22 00:23:52.042: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 00:23:52.042: debug: Signing completed after 1s. +2008-07-22 00:23:52.042: notice: "sub.example.net.": distribution triggered +2008-07-22 00:23:52.042: debug: Distribute zone "sub.example.net." +2008-07-22 00:23:52.043: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-22 00:23:52.049: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./" +2008-07-22 00:23:52.049: debug: +2008-07-22 00:23:52.049: debug: parsing zone "example.net." in dir "./example.net." +2008-07-22 00:23:52.049: debug: Check RFC5011 status +2008-07-22 00:23:52.049: debug: ->ksk5011status returns 2 +2008-07-22 00:23:52.049: debug: Check ZSK status +2008-07-22 00:23:52.049: debug: Re-signing necessary: Option -f +2008-07-22 00:23:52.049: notice: "example.net.": re-signing triggered: Option -f +2008-07-22 00:23:52.049: debug: Writing key file "./example.net./dnskey.db" +2008-07-22 00:23:52.050: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-22 00:23:52.050: debug: Signing zone "example.net." +2008-07-22 00:23:52.050: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-22 00:23:52.176: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 00:23:52.176: debug: Signing completed after 0s. +2008-07-22 00:23:52.176: notice: "example.net.": distribution triggered +2008-07-22 00:23:52.176: debug: Distribute zone "example.net." +2008-07-22 00:23:52.176: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" +2008-07-22 00:23:52.185: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./" +2008-07-22 00:23:52.185: debug: +2008-07-22 00:23:52.185: notice: end of run: 0 errors occured +2008-07-22 00:24:09.609: notice: ------------------------------------------------------------ +2008-07-22 00:24:09.609: notice: running ../../dnssec-signer -r -f -v -v +2008-07-22 00:24:09.614: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-22 00:24:09.614: debug: Check RFC5011 status +2008-07-22 00:24:09.614: debug: ->ksk5011status returns 0 +2008-07-22 00:24:09.614: debug: Check KSK status +2008-07-22 00:24:09.614: debug: Check ZSK status +2008-07-22 00:24:09.614: debug: Re-signing necessary: Option -f +2008-07-22 00:24:09.614: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-22 00:24:09.614: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-22 00:24:09.614: debug: Signing zone "sub.example.net." +2008-07-22 00:24:09.614: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-22 00:24:10.692: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 00:24:10.692: debug: Signing completed after 1s. +2008-07-22 00:24:10.692: notice: "sub.example.net.": distribution triggered +2008-07-22 00:24:10.692: debug: Distribute zone "sub.example.net." +2008-07-22 00:24:10.692: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-22 00:24:10.698: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./" +2008-07-22 00:24:10.698: debug: +2008-07-22 00:24:10.698: debug: parsing zone "example.net." in dir "./example.net." +2008-07-22 00:24:10.698: debug: Check RFC5011 status +2008-07-22 00:24:10.698: debug: ->ksk5011status returns 2 +2008-07-22 00:24:10.698: debug: Check ZSK status +2008-07-22 00:24:10.698: debug: Re-signing necessary: Option -f +2008-07-22 00:24:10.698: notice: "example.net.": re-signing triggered: Option -f +2008-07-22 00:24:10.698: debug: Writing key file "./example.net./dnskey.db" +2008-07-22 00:24:10.699: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-22 00:24:10.699: debug: Signing zone "example.net." +2008-07-22 00:24:10.699: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-22 00:24:10.883: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 00:24:10.883: debug: Signing completed after 0s. +2008-07-22 00:24:10.883: notice: "example.net.": distribution triggered +2008-07-22 00:24:10.883: debug: Distribute zone "example.net." +2008-07-22 00:24:10.883: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" +2008-07-22 00:24:10.889: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./" +2008-07-22 00:24:10.889: debug: +2008-07-22 00:24:10.889: notice: end of run: 0 errors occured +2008-07-22 00:28:44.300: notice: ------------------------------------------------------------ +2008-07-22 00:28:44.300: notice: running ../../dnssec-signer -r -f -v -v +2008-07-22 00:28:44.302: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-22 00:28:44.302: debug: Check RFC5011 status +2008-07-22 00:28:44.302: debug: ->ksk5011status returns 0 +2008-07-22 00:28:44.302: debug: Check KSK status +2008-07-22 00:28:44.302: debug: Check ZSK status +2008-07-22 00:28:44.302: debug: Re-signing necessary: Option -f +2008-07-22 00:28:44.302: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-22 00:28:44.302: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-22 00:28:44.306: debug: Signing zone "sub.example.net." +2008-07-22 00:28:44.306: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-22 00:28:44.898: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 00:28:44.898: debug: Signing completed after 0s. +2008-07-22 00:28:44.898: notice: "sub.example.net.": distribution triggered +2008-07-22 00:28:44.899: debug: Distribute zone "sub.example.net." +2008-07-22 00:28:44.899: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-22 00:28:44.904: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./" +2008-07-22 00:28:44.905: debug: +2008-07-22 00:28:44.905: debug: parsing zone "example.net." in dir "./example.net." +2008-07-22 00:28:44.905: debug: Check RFC5011 status +2008-07-22 00:28:44.905: debug: ->ksk5011status returns 2 +2008-07-22 00:28:44.905: debug: Check ZSK status +2008-07-22 00:28:44.905: debug: Re-signing necessary: Option -f +2008-07-22 00:28:44.905: notice: "example.net.": re-signing triggered: Option -f +2008-07-22 00:28:44.905: debug: Writing key file "./example.net./dnskey.db" +2008-07-22 00:28:44.906: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-22 00:28:44.906: debug: Signing zone "example.net." +2008-07-22 00:28:44.907: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-22 00:28:45.039: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 00:28:45.039: debug: Signing completed after 1s. +2008-07-22 00:28:45.039: notice: "example.net.": distribution triggered +2008-07-22 00:28:45.039: debug: Distribute zone "example.net." +2008-07-22 00:28:45.040: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" +2008-07-22 00:28:45.046: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./" +2008-07-22 00:28:45.046: debug: +2008-07-22 00:28:45.046: notice: end of run: 0 errors occured +2008-07-22 00:39:15.968: notice: ------------------------------------------------------------ +2008-07-22 00:39:15.968: notice: running ../../dnssec-signer -r -v -v +2008-07-22 00:39:16.005: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-22 00:39:16.006: debug: Check RFC5011 status +2008-07-22 00:39:16.006: debug: ->ksk5011status returns 0 +2008-07-22 00:39:16.006: debug: Check KSK status +2008-07-22 00:39:16.006: debug: Check ZSK status +2008-07-22 00:39:16.006: debug: Re-signing not necessary! +2008-07-22 00:39:16.006: debug: Check if there is a parent file to copy +2008-07-22 00:39:16.006: debug: +2008-07-22 00:39:16.006: debug: parsing zone "example.net." in dir "./example.net." +2008-07-22 00:39:16.006: debug: Check RFC5011 status +2008-07-22 00:39:16.006: debug: ->ksk5011status returns 2 +2008-07-22 00:39:16.007: debug: Check ZSK status +2008-07-22 00:39:16.007: debug: Re-signing not necessary! +2008-07-22 00:39:16.007: debug: Check if there is a parent file to copy +2008-07-22 00:39:16.007: debug: +2008-07-22 00:39:16.007: notice: end of run: 0 errors occured +2008-07-22 00:39:31.578: notice: ------------------------------------------------------------ +2008-07-22 00:39:31.578: notice: running ../../dnssec-signer -r -f -v -v +2008-07-22 00:39:31.580: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-22 00:39:31.580: debug: Check RFC5011 status +2008-07-22 00:39:31.580: debug: ->ksk5011status returns 0 +2008-07-22 00:39:31.580: debug: Check KSK status +2008-07-22 00:39:31.581: debug: Check ZSK status +2008-07-22 00:39:31.581: debug: Re-signing necessary: Option -f +2008-07-22 00:39:31.581: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-22 00:39:31.581: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-22 00:39:31.581: debug: Signing zone "sub.example.net." +2008-07-22 00:39:31.582: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-22 00:39:32.216: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 00:39:32.216: debug: Signing completed after 1s. +2008-07-22 00:39:32.216: notice: "sub.example.net.": distribution triggered +2008-07-22 00:39:32.216: debug: Distribute zone "sub.example.net." +2008-07-22 00:39:32.217: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-22 00:39:32.223: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./" +2008-07-22 00:39:32.223: debug: +2008-07-22 00:39:32.223: debug: parsing zone "example.net." in dir "./example.net." +2008-07-22 00:39:32.223: debug: Check RFC5011 status +2008-07-22 00:39:32.223: debug: ->ksk5011status returns 2 +2008-07-22 00:39:32.223: debug: Check ZSK status +2008-07-22 00:39:32.223: debug: Re-signing necessary: Option -f +2008-07-22 00:39:32.223: notice: "example.net.": re-signing triggered: Option -f +2008-07-22 00:39:32.223: debug: Writing key file "./example.net./dnskey.db" +2008-07-22 00:39:32.224: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-22 00:39:32.224: debug: Signing zone "example.net." +2008-07-22 00:39:32.225: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-22 00:39:32.360: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 00:39:32.361: debug: Signing completed after 0s. +2008-07-22 00:39:32.361: notice: "example.net.": distribution triggered +2008-07-22 00:39:32.361: debug: Distribute zone "example.net." +2008-07-22 00:39:32.361: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" +2008-07-22 00:39:32.367: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./" +2008-07-22 00:39:32.367: debug: +2008-07-22 00:39:32.367: notice: end of run: 0 errors occured +2008-07-22 00:41:53.710: notice: ------------------------------------------------------------ +2008-07-22 00:41:53.710: notice: running ../../dnssec-signer -r -f -v -v +2008-07-22 00:41:53.712: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-22 00:41:53.712: debug: Check RFC5011 status +2008-07-22 00:41:53.712: debug: ->ksk5011status returns 0 +2008-07-22 00:41:53.712: debug: Check KSK status +2008-07-22 00:41:53.712: debug: Check ZSK status +2008-07-22 00:41:53.712: debug: Re-signing necessary: Option -f +2008-07-22 00:41:53.712: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-22 00:41:53.712: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-22 00:41:53.712: debug: Signing zone "sub.example.net." +2008-07-22 00:41:53.713: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-22 00:41:53.866: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 00:41:53.866: debug: Signing completed after 0s. +2008-07-22 00:41:53.866: notice: "sub.example.net.": distribution triggered +2008-07-22 00:41:53.866: debug: Distribute zone "sub.example.net." +2008-07-22 00:41:53.867: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-22 00:41:53.873: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./" +2008-07-22 00:41:53.873: debug: +2008-07-22 00:41:53.873: debug: parsing zone "example.net." in dir "./example.net." +2008-07-22 00:41:53.873: debug: Check RFC5011 status +2008-07-22 00:41:53.873: debug: ->ksk5011status returns 2 +2008-07-22 00:41:53.873: debug: Check ZSK status +2008-07-22 00:41:53.873: debug: Re-signing necessary: Option -f +2008-07-22 00:41:53.873: notice: "example.net.": re-signing triggered: Option -f +2008-07-22 00:41:53.873: debug: Writing key file "./example.net./dnskey.db" +2008-07-22 00:41:53.873: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-22 00:41:53.873: debug: Signing zone "example.net." +2008-07-22 00:41:53.873: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-22 00:41:53.989: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 00:41:53.989: debug: Signing completed after 0s. +2008-07-22 00:41:53.989: notice: "example.net.": distribution triggered +2008-07-22 00:41:53.989: debug: Distribute zone "example.net." +2008-07-22 00:41:53.989: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" +2008-07-22 00:41:53.995: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./" +2008-07-22 00:41:53.995: debug: +2008-07-22 00:41:53.995: notice: end of run: 0 errors occured +2008-07-22 00:45:46.509: notice: ------------------------------------------------------------ +2008-07-22 00:45:46.509: notice: running ../../dnssec-signer -r -f -v -v +2008-07-22 00:45:46.511: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-22 00:45:46.512: debug: Check RFC5011 status +2008-07-22 00:45:46.512: debug: ->ksk5011status returns 0 +2008-07-22 00:45:46.512: debug: Check KSK status +2008-07-22 00:45:46.512: debug: Check ZSK status +2008-07-22 00:45:46.512: debug: Re-signing necessary: Option -f +2008-07-22 00:45:46.512: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-22 00:45:46.512: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-22 00:45:46.513: debug: Signing zone "sub.example.net." +2008-07-22 00:45:46.513: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-22 00:45:46.734: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 00:45:46.734: debug: Signing completed after 0s. +2008-07-22 00:45:46.734: notice: "sub.example.net.": distribution triggered +2008-07-22 00:45:46.734: debug: Distribute zone "sub.example.net." +2008-07-22 00:45:46.734: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-22 00:45:46.740: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./" +2008-07-22 00:45:46.740: debug: +2008-07-22 00:45:46.740: debug: parsing zone "example.net." in dir "./example.net." +2008-07-22 00:45:46.740: debug: Check RFC5011 status +2008-07-22 00:45:46.741: debug: ->ksk5011status returns 2 +2008-07-22 00:45:46.741: debug: Check ZSK status +2008-07-22 00:45:46.741: debug: Re-signing necessary: Option -f +2008-07-22 00:45:46.741: notice: "example.net.": re-signing triggered: Option -f +2008-07-22 00:45:46.741: debug: Writing key file "./example.net./dnskey.db" +2008-07-22 00:45:46.742: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-22 00:45:46.742: debug: Signing zone "example.net." +2008-07-22 00:45:46.742: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-22 00:45:47.013: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 00:45:47.013: debug: Signing completed after 1s. +2008-07-22 00:45:47.013: notice: "example.net.": distribution triggered +2008-07-22 00:45:47.013: debug: Distribute zone "example.net." +2008-07-22 00:45:47.013: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" +2008-07-22 00:45:47.019: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./" +2008-07-22 00:45:47.019: debug: +2008-07-22 00:45:47.019: notice: end of run: 0 errors occured +2008-07-22 00:48:02.761: notice: ------------------------------------------------------------ +2008-07-22 00:48:02.761: notice: running ../../dnssec-signer -r -f -v -v +2008-07-22 00:48:02.763: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-22 00:48:02.763: debug: Check RFC5011 status +2008-07-22 00:48:02.763: debug: ->ksk5011status returns 0 +2008-07-22 00:48:02.763: debug: Check KSK status +2008-07-22 00:48:02.763: debug: Check ZSK status +2008-07-22 00:48:02.763: debug: Re-signing necessary: Option -f +2008-07-22 00:48:02.763: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-22 00:48:02.763: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-22 00:48:02.763: debug: Signing zone "sub.example.net." +2008-07-22 00:48:02.763: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-22 00:48:02.907: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 00:48:02.907: debug: Signing completed after 0s. +2008-07-22 00:48:02.907: notice: "sub.example.net.": distribution triggered +2008-07-22 00:48:02.907: debug: Distribute zone "sub.example.net." +2008-07-22 00:48:02.907: debug: +2008-07-22 00:48:02.907: debug: parsing zone "example.net." in dir "./example.net." +2008-07-22 00:48:02.907: debug: Check RFC5011 status +2008-07-22 00:48:02.907: debug: ->ksk5011status returns 2 +2008-07-22 00:48:02.907: debug: Check ZSK status +2008-07-22 00:48:02.907: debug: Re-signing necessary: Option -f +2008-07-22 00:48:02.907: notice: "example.net.": re-signing triggered: Option -f +2008-07-22 00:48:02.907: debug: Writing key file "./example.net./dnskey.db" +2008-07-22 00:48:02.908: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-22 00:48:02.908: debug: Signing zone "example.net." +2008-07-22 00:48:02.908: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-22 00:48:03.029: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 00:48:03.029: debug: Signing completed after 1s. +2008-07-22 00:48:03.029: notice: "example.net.": distribution triggered +2008-07-22 00:48:03.029: debug: Distribute zone "example.net." +2008-07-22 00:48:03.029: debug: +2008-07-22 00:48:03.029: notice: end of run: 0 errors occured +2008-07-22 00:48:56.098: notice: ------------------------------------------------------------ +2008-07-22 00:48:56.098: notice: running ../../dnssec-signer -r -f -v -v +2008-07-22 00:48:56.100: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-22 00:48:56.101: debug: Check RFC5011 status +2008-07-22 00:48:56.101: debug: ->ksk5011status returns 0 +2008-07-22 00:48:56.101: debug: Check KSK status +2008-07-22 00:48:56.101: debug: Check ZSK status +2008-07-22 00:48:56.101: debug: Re-signing necessary: Option -f +2008-07-22 00:48:56.101: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-22 00:48:56.101: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-22 00:48:56.102: debug: Signing zone "sub.example.net." +2008-07-22 00:48:56.102: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-22 00:48:56.244: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 00:48:56.244: debug: Signing completed after 0s. +2008-07-22 00:48:56.244: notice: "sub.example.net.": distribution triggered +2008-07-22 00:48:56.244: debug: Distribute zone "sub.example.net." +2008-07-22 00:48:56.245: debug: +2008-07-22 00:48:56.245: debug: parsing zone "example.net." in dir "./example.net." +2008-07-22 00:48:56.245: debug: Check RFC5011 status +2008-07-22 00:48:56.245: debug: ->ksk5011status returns 2 +2008-07-22 00:48:56.245: debug: Check ZSK status +2008-07-22 00:48:56.245: debug: Re-signing necessary: Option -f +2008-07-22 00:48:56.245: notice: "example.net.": re-signing triggered: Option -f +2008-07-22 00:48:56.246: debug: Writing key file "./example.net./dnskey.db" +2008-07-22 00:48:56.246: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-22 00:48:56.246: debug: Signing zone "example.net." +2008-07-22 00:48:56.247: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-22 00:48:56.367: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 00:48:56.367: debug: Signing completed after 0s. +2008-07-22 00:48:56.367: notice: "example.net.": distribution triggered +2008-07-22 00:48:56.367: debug: Distribute zone "example.net." +2008-07-22 00:48:56.367: debug: +2008-07-22 00:48:56.367: notice: end of run: 0 errors occured +2008-07-22 08:07:30.993: notice: ------------------------------------------------------------ +2008-07-22 08:07:30.993: notice: running ../../dnssec-signer -r -f -v -v +2008-07-22 08:07:30.995: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-22 08:07:30.995: debug: Check RFC5011 status +2008-07-22 08:07:30.995: debug: ->ksk5011status returns 0 +2008-07-22 08:07:30.995: debug: Check KSK status +2008-07-22 08:07:30.995: debug: Check ZSK status +2008-07-22 08:07:30.995: debug: Re-signing necessary: Option -f +2008-07-22 08:07:30.996: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-22 08:07:30.996: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-22 08:07:30.996: debug: Signing zone "sub.example.net." +2008-07-22 08:07:30.996: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-22 08:07:31.454: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 08:07:31.454: debug: Signing completed after 1s. +2008-07-22 08:07:31.454: notice: "sub.example.net.": distribution triggered +2008-07-22 08:07:31.454: debug: Distribute zone "sub.example.net." +2008-07-22 08:07:31.454: debug: +2008-07-22 08:07:31.454: debug: parsing zone "example.net." in dir "./example.net." +2008-07-22 08:07:31.454: debug: Check RFC5011 status +2008-07-22 08:07:31.454: debug: ->ksk5011status returns 2 +2008-07-22 08:07:31.454: debug: Check ZSK status +2008-07-22 08:07:31.454: debug: Re-signing necessary: Option -f +2008-07-22 08:07:31.454: notice: "example.net.": re-signing triggered: Option -f +2008-07-22 08:07:31.454: debug: Writing key file "./example.net./dnskey.db" +2008-07-22 08:07:31.454: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-22 08:07:31.454: debug: Signing zone "example.net." +2008-07-22 08:07:31.455: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-22 08:07:31.588: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 08:07:31.589: debug: Signing completed after 0s. +2008-07-22 08:07:31.589: notice: "example.net.": distribution triggered +2008-07-22 08:07:31.589: debug: Distribute zone "example.net." +2008-07-22 08:07:31.589: debug: +2008-07-22 08:07:31.589: notice: end of run: 0 errors occured +2008-07-22 08:08:09.237: notice: ------------------------------------------------------------ +2008-07-22 08:08:09.237: notice: running ../../dnssec-signer -r -f -v -v +2008-07-22 08:08:09.239: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-22 08:08:09.239: debug: Check RFC5011 status +2008-07-22 08:08:09.239: debug: ->ksk5011status returns 0 +2008-07-22 08:08:09.239: debug: Check KSK status +2008-07-22 08:08:09.239: debug: Check ZSK status +2008-07-22 08:08:09.239: debug: Re-signing necessary: Option -f +2008-07-22 08:08:09.239: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-22 08:08:09.239: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-22 08:08:09.240: debug: Signing zone "sub.example.net." +2008-07-22 08:08:09.240: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-22 08:08:09.506: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 08:08:09.507: debug: Signing completed after 0s. +2008-07-22 08:08:09.507: notice: "sub.example.net.": distribution triggered +2008-07-22 08:08:09.507: debug: Distribute zone "sub.example.net." +2008-07-22 08:10:10.328: notice: ------------------------------------------------------------ +2008-07-22 08:10:10.328: notice: running ../../dnssec-signer -r -f -v -v +2008-07-22 08:10:10.330: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-22 08:10:10.330: debug: Check RFC5011 status +2008-07-22 08:10:10.330: debug: ->ksk5011status returns 0 +2008-07-22 08:10:10.330: debug: Check KSK status +2008-07-22 08:10:10.330: debug: Check ZSK status +2008-07-22 08:10:10.330: debug: Re-signing necessary: Option -f +2008-07-22 08:10:10.330: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-22 08:10:10.330: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-22 08:10:10.331: debug: Signing zone "sub.example.net." +2008-07-22 08:10:10.331: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-22 08:10:10.950: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 08:10:10.950: debug: Signing completed after 0s. +2008-07-22 08:10:10.950: notice: "sub.example.net.": distribution triggered +2008-07-22 08:10:10.950: debug: Distribute zone "sub.example.net." +2008-07-22 08:11:17.247: notice: ------------------------------------------------------------ +2008-07-22 08:11:17.247: notice: running ../../dnssec-signer -r -f -v -v +2008-07-22 08:11:17.249: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-22 08:11:17.250: debug: Check RFC5011 status +2008-07-22 08:11:17.250: debug: ->ksk5011status returns 0 +2008-07-22 08:11:17.250: debug: Check KSK status +2008-07-22 08:11:17.250: debug: Check ZSK status +2008-07-22 08:11:17.250: debug: Re-signing necessary: Option -f +2008-07-22 08:11:17.250: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-22 08:11:17.250: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-22 08:11:17.251: debug: Signing zone "sub.example.net." +2008-07-22 08:11:17.251: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-22 08:11:17.883: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 08:11:17.883: debug: Signing completed after 0s. +2008-07-22 08:11:17.883: notice: "sub.example.net.": distribution triggered +2008-07-22 08:11:17.883: debug: Distribute zone "sub.example.net." +2008-07-22 08:11:17.883: debug: +2008-07-22 08:11:17.883: debug: parsing zone "example.net." in dir "./example.net." +2008-07-22 08:11:17.884: debug: Check RFC5011 status +2008-07-22 08:11:17.884: debug: ->ksk5011status returns 2 +2008-07-22 08:11:17.884: debug: Check ZSK status +2008-07-22 08:11:17.884: debug: Re-signing necessary: Option -f +2008-07-22 08:11:17.884: notice: "example.net.": re-signing triggered: Option -f +2008-07-22 08:11:17.884: debug: Writing key file "./example.net./dnskey.db" +2008-07-22 08:11:17.884: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-22 08:11:17.884: debug: Signing zone "example.net." +2008-07-22 08:11:17.884: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-22 08:11:18.005: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-22 08:11:18.005: debug: Signing completed after 1s. +2008-07-22 08:11:18.006: notice: "example.net.": distribution triggered +2008-07-22 08:11:18.006: debug: Distribute zone "example.net." +2008-07-22 08:11:18.006: debug: +2008-07-22 08:11:18.006: notice: end of run: 0 errors occured +2008-07-24 00:13:56.493: notice: ------------------------------------------------------------ +2008-07-24 00:13:56.493: notice: running ../../dnssec-signer -v -v +2008-07-24 00:13:56.495: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-24 00:13:56.495: debug: Check RFC5011 status +2008-07-24 00:13:56.495: debug: ->ksk5011status returns 0 +2008-07-24 00:13:56.495: debug: Check KSK status +2008-07-24 00:13:56.495: debug: Check ZSK status +2008-07-24 00:13:56.495: debug: Re-signing necessary: re-signing interval (1d) reached +2008-07-24 00:13:56.495: notice: "sub.example.net.": re-signing triggered: re-signing interval (1d) reached +2008-07-24 00:13:56.495: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-24 00:13:56.495: debug: Signing zone "sub.example.net." +2008-07-24 00:13:56.495: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-24 00:13:57.439: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 00:13:57.439: debug: Signing completed after 1s. +2008-07-24 00:13:57.439: debug: +2008-07-24 00:13:57.439: debug: parsing zone "example.net." in dir "./example.net." +2008-07-24 00:13:57.439: debug: Check RFC5011 status +2008-07-24 00:13:57.439: debug: ->ksk5011status returns 2 +2008-07-24 00:13:57.439: debug: Check ZSK status +2008-07-24 00:13:57.440: debug: Lifetime(1209600 +/-150 sec) of active key 16682 exceeded (1309537 sec) +2008-07-24 00:13:57.440: debug: ->depreciate it +2008-07-24 00:13:57.440: debug: ->activate published key 41300 +2008-07-24 00:13:57.440: notice: "example.net.": lifetime of zone signing key 16682 exceeded: ZSK rollover done +2008-07-24 00:13:57.440: debug: Re-signing necessary: New zone key +2008-07-24 00:13:57.440: notice: "example.net.": re-signing triggered: New zone key +2008-07-24 00:13:57.441: debug: Writing key file "./example.net./dnskey.db" +2008-07-24 00:13:57.441: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-24 00:13:57.441: debug: Signing zone "example.net." +2008-07-24 00:13:57.442: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-24 00:13:57.562: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 00:13:57.562: debug: Signing completed after 0s. +2008-07-24 00:13:57.562: debug: +2008-07-24 00:13:57.562: notice: end of run: 0 errors occured +2008-07-24 00:14:08.862: notice: ------------------------------------------------------------ +2008-07-24 00:14:08.862: notice: running ../../dnssec-signer -r -v -v +2008-07-24 00:14:08.864: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-24 00:14:08.864: debug: Check RFC5011 status +2008-07-24 00:14:08.864: debug: ->ksk5011status returns 0 +2008-07-24 00:14:08.864: debug: Check KSK status +2008-07-24 00:14:08.864: debug: Check ZSK status +2008-07-24 00:14:08.864: debug: Re-signing not necessary! +2008-07-24 00:14:08.864: debug: Check if there is a parent file to copy +2008-07-24 00:14:08.864: debug: +2008-07-24 00:14:08.864: debug: parsing zone "example.net." in dir "./example.net." +2008-07-24 00:14:08.864: debug: Check RFC5011 status +2008-07-24 00:14:08.864: debug: ->ksk5011status returns 2 +2008-07-24 00:14:08.864: debug: Check ZSK status +2008-07-24 00:14:08.864: debug: Re-signing not necessary! +2008-07-24 00:14:08.864: debug: Check if there is a parent file to copy +2008-07-24 00:14:08.864: debug: +2008-07-24 00:14:08.864: notice: end of run: 0 errors occured +2008-07-24 00:14:12.963: notice: ------------------------------------------------------------ +2008-07-24 00:14:12.963: notice: running ../../dnssec-signer -r -f -v -v +2008-07-24 00:14:12.965: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-24 00:14:12.965: debug: Check RFC5011 status +2008-07-24 00:14:12.965: debug: ->ksk5011status returns 0 +2008-07-24 00:14:12.965: debug: Check KSK status +2008-07-24 00:14:12.965: debug: Check ZSK status +2008-07-24 00:14:12.965: debug: Re-signing necessary: Option -f +2008-07-24 00:14:12.965: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-24 00:14:12.966: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-24 00:14:12.966: debug: Signing zone "sub.example.net." +2008-07-24 00:14:12.966: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-24 00:14:13.488: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 00:14:13.488: debug: Signing completed after 1s. +2008-07-24 00:14:13.488: error: exec of distribution command Ìö÷¿ forbidden due to strange file mode settings +2008-07-24 00:14:13.488: debug: +2008-07-24 00:14:13.488: debug: parsing zone "example.net." in dir "./example.net." +2008-07-24 00:14:13.488: debug: Check RFC5011 status +2008-07-24 00:14:13.488: debug: ->ksk5011status returns 2 +2008-07-24 00:14:13.488: debug: Check ZSK status +2008-07-24 00:14:13.488: debug: Re-signing necessary: Option -f +2008-07-24 00:14:13.488: notice: "example.net.": re-signing triggered: Option -f +2008-07-24 00:14:13.488: debug: Writing key file "./example.net./dnskey.db" +2008-07-24 00:14:13.489: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-24 00:14:13.489: debug: Signing zone "example.net." +2008-07-24 00:14:13.489: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-24 00:14:13.601: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 00:14:13.601: debug: Signing completed after 0s. +2008-07-24 00:14:13.601: error: exec of distribution command Ìö÷¿ forbidden due to strange file mode settings +2008-07-24 00:14:13.602: debug: +2008-07-24 00:14:13.602: notice: end of run: 2 errors occured +2008-07-24 00:15:38.304: notice: ------------------------------------------------------------ +2008-07-24 00:15:38.304: notice: running ../../dnssec-signer -f -v -v +2008-07-24 00:15:38.306: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-24 00:15:38.306: debug: Check RFC5011 status +2008-07-24 00:15:38.307: debug: ->ksk5011status returns 0 +2008-07-24 00:15:38.307: debug: Check KSK status +2008-07-24 00:15:38.307: debug: Check ZSK status +2008-07-24 00:15:38.307: debug: Re-signing necessary: Option -f +2008-07-24 00:15:38.307: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-24 00:15:38.307: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-24 00:15:38.308: debug: Signing zone "sub.example.net." +2008-07-24 00:15:38.308: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-24 00:15:39.280: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 00:15:39.280: debug: Signing completed after 1s. +2008-07-24 00:15:39.281: debug: +2008-07-24 00:15:39.281: debug: parsing zone "example.net." in dir "./example.net." +2008-07-24 00:15:39.281: debug: Check RFC5011 status +2008-07-24 00:15:39.281: debug: ->ksk5011status returns 2 +2008-07-24 00:15:39.281: debug: Check ZSK status +2008-07-24 00:15:39.281: debug: Re-signing necessary: Option -f +2008-07-24 00:15:39.281: notice: "example.net.": re-signing triggered: Option -f +2008-07-24 00:15:39.281: debug: Writing key file "./example.net./dnskey.db" +2008-07-24 00:15:39.282: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-24 00:15:39.282: debug: Signing zone "example.net." +2008-07-24 00:15:39.282: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-24 00:15:39.402: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 00:15:39.402: debug: Signing completed after 0s. +2008-07-24 00:15:39.403: debug: +2008-07-24 00:15:39.403: notice: end of run: 0 errors occured +2008-07-24 00:18:59.568: notice: ------------------------------------------------------------ +2008-07-24 00:18:59.568: notice: running ../../dnssec-signer -r -f -v -v +2008-07-24 00:18:59.570: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-24 00:18:59.573: debug: Check RFC5011 status +2008-07-24 00:18:59.573: debug: ->ksk5011status returns 0 +2008-07-24 00:18:59.573: debug: Check KSK status +2008-07-24 00:18:59.573: debug: Check ZSK status +2008-07-24 00:18:59.573: debug: Re-signing necessary: Option -f +2008-07-24 00:18:59.573: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-24 00:18:59.573: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-24 00:18:59.573: debug: Signing zone "sub.example.net." +2008-07-24 00:18:59.573: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-24 00:19:00.167: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 00:19:00.167: debug: Signing completed after 1s. +2008-07-24 00:19:00.168: error: exec of distribution command ./dist.sh forbidden due to strange file mode settings +2008-07-24 00:19:00.168: debug: +2008-07-24 00:19:00.168: debug: parsing zone "example.net." in dir "./example.net." +2008-07-24 00:19:00.168: debug: Check RFC5011 status +2008-07-24 00:19:00.168: debug: ->ksk5011status returns 2 +2008-07-24 00:19:00.168: debug: Check ZSK status +2008-07-24 00:19:00.168: debug: Re-signing necessary: Option -f +2008-07-24 00:19:00.168: notice: "example.net.": re-signing triggered: Option -f +2008-07-24 00:19:00.168: debug: Writing key file "./example.net./dnskey.db" +2008-07-24 00:19:00.169: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-24 00:19:00.169: debug: Signing zone "example.net." +2008-07-24 00:19:00.169: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-24 00:19:00.280: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 00:19:00.280: debug: Signing completed after 0s. +2008-07-24 00:19:00.280: error: exec of distribution command ./dist.sh forbidden due to strange file mode settings +2008-07-24 00:19:00.280: debug: +2008-07-24 00:19:00.280: notice: end of run: 2 errors occured +2008-07-24 00:22:24.567: notice: ------------------------------------------------------------ +2008-07-24 00:22:24.567: notice: running ../../dnssec-signer -r -f -v -v +2008-07-24 00:22:24.569: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-24 00:22:24.569: debug: Check RFC5011 status +2008-07-24 00:22:24.569: debug: ->ksk5011status returns 0 +2008-07-24 00:22:24.569: debug: Check KSK status +2008-07-24 00:22:24.570: debug: Check ZSK status +2008-07-24 00:22:24.570: debug: Re-signing necessary: Option -f +2008-07-24 00:22:24.570: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-24 00:22:24.570: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-24 00:22:24.570: debug: Signing zone "sub.example.net." +2008-07-24 00:22:24.571: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-24 00:22:25.147: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 00:22:25.148: debug: Signing completed after 1s. +2008-07-24 00:22:25.148: error: exec of distribution command ./dist.sh forbidden due to strange file mode settings +2008-07-24 00:22:25.148: debug: not running distribution command ./dist.sh because of strange file mode settings +2008-07-24 00:22:25.148: debug: +2008-07-24 00:22:25.148: debug: parsing zone "example.net." in dir "./example.net." +2008-07-24 00:22:25.148: debug: Check RFC5011 status +2008-07-24 00:22:25.148: debug: ->ksk5011status returns 2 +2008-07-24 00:22:25.148: debug: Check ZSK status +2008-07-24 00:22:25.149: debug: Re-signing necessary: Option -f +2008-07-24 00:22:25.149: notice: "example.net.": re-signing triggered: Option -f +2008-07-24 00:22:25.149: debug: Writing key file "./example.net./dnskey.db" +2008-07-24 00:22:25.150: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-24 00:22:25.150: debug: Signing zone "example.net." +2008-07-24 00:22:25.150: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-24 00:22:25.271: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 00:22:25.271: debug: Signing completed after 0s. +2008-07-24 00:22:25.271: error: exec of distribution command ./dist.sh forbidden due to strange file mode settings +2008-07-24 00:22:25.271: debug: not running distribution command ./dist.sh because of strange file mode settings +2008-07-24 00:22:25.271: debug: +2008-07-24 00:22:25.271: notice: end of run: 2 errors occured +2008-07-24 00:23:08.907: notice: ------------------------------------------------------------ +2008-07-24 00:23:08.907: notice: running ../../dnssec-signer -r -f -v -v +2008-07-24 00:23:08.909: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-24 00:23:08.909: debug: Check RFC5011 status +2008-07-24 00:23:08.909: debug: ->ksk5011status returns 0 +2008-07-24 00:23:08.909: debug: Check KSK status +2008-07-24 00:23:08.909: debug: Check ZSK status +2008-07-24 00:23:08.909: debug: Re-signing necessary: Option -f +2008-07-24 00:23:08.909: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-24 00:23:08.909: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-24 00:23:08.910: debug: Signing zone "sub.example.net." +2008-07-24 00:23:08.910: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-24 00:23:09.510: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 00:23:09.510: debug: Signing completed after 1s. +2008-07-24 00:23:09.511: notice: "sub.example.net.": distribution triggered +2008-07-24 00:23:09.511: debug: Distribute zone "sub.example.net." +2008-07-24 00:23:09.511: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-24 00:23:09.517: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./" +2008-07-24 00:23:09.517: debug: +2008-07-24 00:23:09.517: debug: parsing zone "example.net." in dir "./example.net." +2008-07-24 00:23:09.517: debug: Check RFC5011 status +2008-07-24 00:23:09.517: debug: ->ksk5011status returns 2 +2008-07-24 00:23:09.517: debug: Check ZSK status +2008-07-24 00:23:09.517: debug: Re-signing necessary: Option -f +2008-07-24 00:23:09.517: notice: "example.net.": re-signing triggered: Option -f +2008-07-24 00:23:09.517: debug: Writing key file "./example.net./dnskey.db" +2008-07-24 00:23:09.518: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-24 00:23:09.518: debug: Signing zone "example.net." +2008-07-24 00:23:09.518: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-24 00:23:09.633: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 00:23:09.633: debug: Signing completed after 0s. +2008-07-24 00:23:09.634: notice: "example.net.": distribution triggered +2008-07-24 00:23:09.634: debug: Distribute zone "example.net." +2008-07-24 00:23:09.634: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" +2008-07-24 00:23:09.640: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./" +2008-07-24 00:23:09.640: debug: +2008-07-24 00:23:09.640: notice: end of run: 0 errors occured +2008-07-24 00:33:30.818: notice: ------------------------------------------------------------ +2008-07-24 00:33:30.818: notice: running ../../dnssec-signer -r -f -v -v +2008-07-24 00:33:30.820: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-24 00:33:30.820: debug: Check RFC5011 status +2008-07-24 00:33:30.821: debug: ->ksk5011status returns 0 +2008-07-24 00:33:30.821: debug: Check KSK status +2008-07-24 00:33:30.821: debug: Check ZSK status +2008-07-24 00:33:30.821: debug: Re-signing necessary: Option -f +2008-07-24 00:33:30.821: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-24 00:33:30.821: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-24 00:33:30.822: debug: Signing zone "sub.example.net." +2008-07-24 00:33:30.822: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-24 00:33:31.320: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 00:33:31.320: debug: Signing completed after 1s. +2008-07-24 00:33:31.320: error: exec of distribution command ./dist.sh forbidden due to running as root +2008-07-24 00:33:31.320: debug: Not running distribution command ./dist.sh as root +2008-07-24 00:33:31.320: debug: +2008-07-24 00:33:31.320: debug: parsing zone "example.net." in dir "./example.net." +2008-07-24 00:33:31.320: debug: Check RFC5011 status +2008-07-24 00:33:31.320: debug: ->ksk5011status returns 2 +2008-07-24 00:33:31.320: debug: Check ZSK status +2008-07-24 00:33:31.320: debug: Re-signing necessary: Option -f +2008-07-24 00:33:31.320: notice: "example.net.": re-signing triggered: Option -f +2008-07-24 00:33:31.320: debug: Writing key file "./example.net./dnskey.db" +2008-07-24 00:33:31.321: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-24 00:33:31.321: debug: Signing zone "example.net." +2008-07-24 00:33:31.321: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-24 00:33:31.443: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 00:33:31.443: debug: Signing completed after 0s. +2008-07-24 00:33:31.443: error: exec of distribution command ./dist.sh forbidden due to running as root +2008-07-24 00:33:31.443: debug: Not running distribution command ./dist.sh as root +2008-07-24 00:33:31.443: debug: +2008-07-24 00:33:31.443: notice: end of run: 2 errors occured +2008-07-24 23:21:55.189: notice: ------------------------------------------------------------ +2008-07-24 23:21:55.189: notice: running ../../dnssec-signer -r -v -v +2008-07-24 23:21:55.196: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-24 23:21:55.196: debug: Check RFC5011 status +2008-07-24 23:21:55.196: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2008-07-24 23:21:55.196: debug: Check KSK status +2008-07-24 23:21:55.196: debug: Check ZSK status +2008-07-24 23:21:55.196: debug: Re-signing not necessary! +2008-07-24 23:21:55.196: debug: Check if there is a parent file to copy +2008-07-24 23:21:55.196: debug: +2008-07-24 23:21:55.196: debug: parsing zone "example.net." in dir "./example.net." +2008-07-24 23:21:55.196: debug: Check RFC5011 status +2008-07-24 23:21:55.196: debug: Check ZSK status +2008-07-24 23:21:55.196: debug: Lifetime(29100 sec) of depreciated key 16682 exceeded (83278 sec) +2008-07-24 23:21:55.196: info: "example.net.": old ZSK 16682 removed +2008-07-24 23:21:55.196: debug: ->remove it +2008-07-24 23:21:55.196: debug: Re-signing necessary: New zone key +2008-07-24 23:21:55.197: notice: "example.net.": re-signing triggered: New zone key +2008-07-24 23:21:55.197: debug: Writing key file "./example.net./dnskey.db" +2008-07-24 23:21:55.197: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-24 23:21:55.197: debug: Signing zone "example.net." +2008-07-24 23:21:55.197: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-24 23:21:55.873: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 23:21:55.873: debug: Signing completed after 0s. +2008-07-24 23:21:55.873: debug: Distribution command ./dist.sh not run as root +2008-07-24 23:21:55.873: error: exec of distribution command ./dist.sh suppressed because of security reasons +2008-07-24 23:21:55.873: debug: +2008-07-24 23:21:55.874: notice: end of run: 1 error occured +2008-07-24 23:23:06.278: notice: ------------------------------------------------------------ +2008-07-24 23:23:06.278: notice: running ../../dnssec-signer -r -v -v +2008-07-24 23:23:06.279: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-24 23:23:06.280: debug: Check RFC5011 status +2008-07-24 23:23:06.280: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2008-07-24 23:23:06.280: debug: Check KSK status +2008-07-24 23:23:06.280: debug: Check ZSK status +2008-07-24 23:23:06.280: debug: Re-signing not necessary! +2008-07-24 23:23:06.280: debug: Check if there is a parent file to copy +2008-07-24 23:23:06.280: debug: +2008-07-24 23:23:06.280: debug: parsing zone "example.net." in dir "./example.net." +2008-07-24 23:23:06.280: debug: Check RFC5011 status +2008-07-24 23:23:06.280: debug: Check ZSK status +2008-07-24 23:23:06.280: debug: Re-signing not necessary! +2008-07-24 23:23:06.280: debug: Check if there is a parent file to copy +2008-07-24 23:23:06.280: debug: +2008-07-24 23:23:06.280: notice: end of run: 0 errors occured +2008-07-24 23:25:21.930: notice: ------------------------------------------------------------ +2008-07-24 23:25:21.930: notice: running ../../dnssec-signer -r -v -v +2008-07-24 23:25:21.932: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-24 23:25:21.932: debug: Check RFC5011 status +2008-07-24 23:25:21.932: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2008-07-24 23:25:21.932: debug: Check KSK status +2008-07-24 23:25:21.932: debug: Check ZSK status +2008-07-24 23:25:21.932: debug: Re-signing not necessary! +2008-07-24 23:25:21.932: debug: Check if there is a parent file to copy +2008-07-24 23:25:21.932: debug: +2008-07-24 23:25:21.932: debug: parsing zone "example.net." in dir "./example.net." +2008-07-24 23:25:21.932: debug: Check RFC5011 status +2008-07-24 23:25:21.932: debug: Check ZSK status +2008-07-24 23:25:21.932: debug: Re-signing not necessary! +2008-07-24 23:25:21.932: debug: Check if there is a parent file to copy +2008-07-24 23:25:21.932: debug: +2008-07-24 23:25:21.932: notice: end of run: 0 errors occured +2008-07-24 23:25:39.009: notice: ------------------------------------------------------------ +2008-07-24 23:25:39.009: notice: running ../../dnssec-signer -f -r -v -v +2008-07-24 23:25:39.011: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-24 23:25:39.011: debug: Check RFC5011 status +2008-07-24 23:25:39.011: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2008-07-24 23:25:39.011: debug: Check KSK status +2008-07-24 23:25:39.011: debug: Check ZSK status +2008-07-24 23:25:39.011: debug: Re-signing necessary: Option -f +2008-07-24 23:25:39.011: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-24 23:25:39.011: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-24 23:25:39.011: debug: Signing zone "sub.example.net." +2008-07-24 23:25:39.012: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-24 23:25:39.591: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 23:25:39.591: debug: Signing completed after 0s. +2008-07-24 23:25:39.591: debug: Distribution command ./dist.sh not run as root +2008-07-24 23:25:39.591: error: exec of distribution command ./dist.sh suppressed because of security reasons +2008-07-24 23:25:39.592: debug: +2008-07-24 23:25:39.592: debug: parsing zone "example.net." in dir "./example.net." +2008-07-24 23:25:39.592: debug: Check RFC5011 status +2008-07-24 23:25:39.592: debug: Check ZSK status +2008-07-24 23:25:39.592: debug: Re-signing necessary: Option -f +2008-07-24 23:25:39.592: notice: "example.net.": re-signing triggered: Option -f +2008-07-24 23:25:39.592: debug: Writing key file "./example.net./dnskey.db" +2008-07-24 23:25:39.592: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-24 23:25:39.592: debug: Signing zone "example.net." +2008-07-24 23:25:39.592: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-24 23:25:39.703: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 23:25:39.703: debug: Signing completed after 0s. +2008-07-24 23:25:39.703: debug: Distribution command ./dist.sh not run as root +2008-07-24 23:25:39.703: error: exec of distribution command ./dist.sh suppressed because of security reasons +2008-07-24 23:25:39.703: debug: +2008-07-24 23:25:39.703: notice: end of run: 2 errors occured +2008-07-24 23:28:16.436: notice: ------------------------------------------------------------ +2008-07-24 23:28:16.436: notice: running ../../dnssec-signer -r -f -v -v +2008-07-24 23:28:16.438: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-24 23:28:16.438: debug: Check RFC5011 status +2008-07-24 23:28:16.438: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2008-07-24 23:28:16.438: debug: Check KSK status +2008-07-24 23:28:16.438: debug: Check ZSK status +2008-07-24 23:28:16.438: debug: Re-signing necessary: Option -f +2008-07-24 23:28:16.438: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-24 23:28:16.438: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-24 23:28:16.438: debug: Signing zone "sub.example.net." +2008-07-24 23:28:16.439: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-24 23:28:17.008: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 23:28:17.008: debug: Signing completed after 1s. +2008-07-24 23:28:17.009: notice: "sub.example.net.": distribution triggered +2008-07-24 23:28:17.009: debug: Distribute zone "sub.example.net." +2008-07-24 23:28:17.009: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-24 23:28:17.015: debug: ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./" +2008-07-24 23:28:17.015: debug: +2008-07-24 23:28:17.015: debug: parsing zone "example.net." in dir "./example.net." +2008-07-24 23:28:17.015: debug: Check RFC5011 status +2008-07-24 23:28:17.015: debug: Check ZSK status +2008-07-24 23:28:17.015: debug: Re-signing necessary: Option -f +2008-07-24 23:28:17.015: notice: "example.net.": re-signing triggered: Option -f +2008-07-24 23:28:17.015: debug: Writing key file "./example.net./dnskey.db" +2008-07-24 23:28:17.016: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-24 23:28:17.016: debug: Signing zone "example.net." +2008-07-24 23:28:17.016: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-24 23:28:17.132: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 23:28:17.132: debug: Signing completed after 0s. +2008-07-24 23:28:17.132: notice: "example.net.": distribution triggered +2008-07-24 23:28:17.132: debug: Distribute zone "example.net." +2008-07-24 23:28:17.132: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" +2008-07-24 23:28:17.138: debug: ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./" +2008-07-24 23:28:17.138: debug: +2008-07-24 23:28:17.138: notice: end of run: 0 errors occured +2008-07-24 23:31:17.354: notice: ------------------------------------------------------------ +2008-07-24 23:31:17.354: notice: running ../../dnssec-signer -r -f -v -v +2008-07-24 23:31:17.364: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-24 23:31:17.364: debug: Check RFC5011 status +2008-07-24 23:31:17.364: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2008-07-24 23:31:17.364: debug: Check KSK status +2008-07-24 23:31:17.364: debug: Check ZSK status +2008-07-24 23:31:17.364: debug: Re-signing necessary: Option -f +2008-07-24 23:31:17.364: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-24 23:31:17.364: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-24 23:31:17.364: debug: Signing zone "sub.example.net." +2008-07-24 23:31:17.364: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-24 23:31:18.032: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 23:31:18.032: debug: Signing completed after 1s. +2008-07-24 23:31:18.032: notice: "sub.example.net.": distribution triggered +2008-07-24 23:31:18.032: debug: Distribute zone "sub.example.net." +2008-07-24 23:31:18.032: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-24 23:31:18.039: debug: ./dist.sh reload return: "rndc reload " +2008-07-24 23:31:18.039: debug: +2008-07-24 23:31:18.039: debug: parsing zone "example.net." in dir "./example.net." +2008-07-24 23:31:18.039: debug: Check RFC5011 status +2008-07-24 23:31:18.039: debug: Check ZSK status +2008-07-24 23:31:18.039: debug: Re-signing necessary: Option -f +2008-07-24 23:31:18.039: notice: "example.net.": re-signing triggered: Option -f +2008-07-24 23:31:18.039: debug: Writing key file "./example.net./dnskey.db" +2008-07-24 23:31:18.040: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-24 23:31:18.040: debug: Signing zone "example.net." +2008-07-24 23:31:18.040: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-24 23:31:18.155: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 23:31:18.155: debug: Signing completed after 0s. +2008-07-24 23:31:18.155: notice: "example.net.": distribution triggered +2008-07-24 23:31:18.155: debug: Distribute zone "example.net." +2008-07-24 23:31:18.155: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" +2008-07-24 23:31:18.161: debug: ./dist.sh reload return: "rndc reload " +2008-07-24 23:31:18.161: debug: +2008-07-24 23:31:18.162: notice: end of run: 0 errors occured +2008-07-24 23:31:28.467: notice: ------------------------------------------------------------ +2008-07-24 23:31:28.467: notice: running ../../dnssec-signer -r -f -v -v +2008-07-24 23:31:28.470: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-24 23:31:28.470: debug: Check RFC5011 status +2008-07-24 23:31:28.470: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2008-07-24 23:31:28.470: debug: Check KSK status +2008-07-24 23:31:28.470: debug: Check ZSK status +2008-07-24 23:31:28.470: debug: Re-signing necessary: Option -f +2008-07-24 23:31:28.470: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-24 23:31:28.470: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-24 23:31:28.471: debug: Signing zone "sub.example.net." +2008-07-24 23:31:28.471: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-24 23:31:29.058: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 23:31:29.059: debug: Signing completed after 1s. +2008-07-24 23:31:29.059: notice: "sub.example.net.": distribution triggered +2008-07-24 23:31:29.059: debug: Distribute zone "sub.example.net." +2008-07-24 23:31:29.059: debug: Run cmd "./dist.sh distribute sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-24 23:31:29.066: debug: ./dist.sh distribute return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./" +2008-07-24 23:31:29.066: notice: scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./: distribution triggered +2008-07-24 23:31:29.066: debug: Distribute zone scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./ +2008-07-24 23:31:29.066: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-24 23:31:29.072: debug: ./dist.sh reload return: "rndc reload " +2008-07-24 23:31:29.072: debug: +2008-07-24 23:31:29.073: debug: parsing zone "example.net." in dir "./example.net." +2008-07-24 23:31:29.073: debug: Check RFC5011 status +2008-07-24 23:31:29.073: debug: Check ZSK status +2008-07-24 23:31:29.073: debug: Re-signing necessary: Option -f +2008-07-24 23:31:29.073: notice: "example.net.": re-signing triggered: Option -f +2008-07-24 23:31:29.073: debug: Writing key file "./example.net./dnskey.db" +2008-07-24 23:31:29.074: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-24 23:31:29.074: debug: Signing zone "example.net." +2008-07-24 23:31:29.075: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-24 23:31:29.204: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 23:31:29.204: debug: Signing completed after 0s. +2008-07-24 23:31:29.204: notice: "example.net.": distribution triggered +2008-07-24 23:31:29.204: debug: Distribute zone "example.net." +2008-07-24 23:31:29.205: debug: Run cmd "./dist.sh distribute example.net. ./example.net./zone.db.signed" +2008-07-24 23:31:29.211: debug: ./dist.sh distribute return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./" +2008-07-24 23:31:29.211: notice: scp ./example.net./zone.db.signed localhost:/var/named/example.net./: distribution triggered +2008-07-24 23:31:29.211: debug: Distribute zone scp ./example.net./zone.db.signed localhost:/var/named/example.net./ +2008-07-24 23:31:29.211: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" +2008-07-24 23:31:29.217: debug: ./dist.sh reload return: "rndc reload " +2008-07-24 23:31:29.217: debug: +2008-07-24 23:31:29.217: notice: end of run: 0 errors occured +2008-07-24 23:35:48.844: notice: ------------------------------------------------------------ +2008-07-24 23:35:48.844: notice: running ../../dnssec-signer -r -f -v -v +2008-07-24 23:35:48.846: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-24 23:35:48.846: debug: Check RFC5011 status +2008-07-24 23:35:48.846: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2008-07-24 23:35:48.846: debug: Check KSK status +2008-07-24 23:35:48.846: debug: Check ZSK status +2008-07-24 23:35:48.846: debug: Re-signing necessary: Option -f +2008-07-24 23:35:48.846: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-24 23:35:48.846: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-24 23:35:48.846: debug: Signing zone "sub.example.net." +2008-07-24 23:35:48.846: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-24 23:35:49.455: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 23:35:49.455: debug: Signing completed after 1s. +2008-07-24 23:35:49.455: notice: "sub.example.net.": distribution triggered +2008-07-24 23:35:49.455: debug: Distribute zone "sub.example.net." +2008-07-24 23:35:49.455: debug: Run cmd "./dist.sh distribute sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-24 23:35:49.462: notice: "sub.example.net.": distribution triggered +2008-07-24 23:35:49.462: debug: Distribute zone "sub.example.net." +2008-07-24 23:35:49.462: debug: ./dist.sh distribute return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./" +2008-07-24 23:35:49.462: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-24 23:35:49.468: notice: "sub.example.net.": reload triggered +2008-07-24 23:35:49.468: debug: Reload zone "sub.example.net." +2008-07-24 23:35:49.468: debug: ./dist.sh reload return: "rndc reload " +2008-07-24 23:35:49.468: debug: +2008-07-24 23:35:49.468: debug: parsing zone "example.net." in dir "./example.net." +2008-07-24 23:35:49.468: debug: Check RFC5011 status +2008-07-24 23:35:49.469: debug: Check ZSK status +2008-07-24 23:35:49.469: debug: Re-signing necessary: Option -f +2008-07-24 23:35:49.469: notice: "example.net.": re-signing triggered: Option -f +2008-07-24 23:35:49.469: debug: Writing key file "./example.net./dnskey.db" +2008-07-24 23:35:49.470: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-24 23:35:49.470: debug: Signing zone "example.net." +2008-07-24 23:35:49.470: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-24 23:35:49.600: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 23:35:49.600: debug: Signing completed after 0s. +2008-07-24 23:35:49.600: notice: "example.net.": distribution triggered +2008-07-24 23:35:49.600: debug: Distribute zone "example.net." +2008-07-24 23:35:49.600: debug: Run cmd "./dist.sh distribute example.net. ./example.net./zone.db.signed" +2008-07-24 23:35:49.606: notice: "example.net.": distribution triggered +2008-07-24 23:35:49.606: debug: Distribute zone "example.net." +2008-07-24 23:35:49.606: debug: ./dist.sh distribute return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./" +2008-07-24 23:35:49.606: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" +2008-07-24 23:35:49.613: notice: "example.net.": reload triggered +2008-07-24 23:35:49.613: debug: Reload zone "example.net." +2008-07-24 23:35:49.613: debug: ./dist.sh reload return: "rndc reload " +2008-07-24 23:35:49.613: debug: +2008-07-24 23:35:49.613: notice: end of run: 0 errors occured +2008-07-24 23:37:41.081: notice: ------------------------------------------------------------ +2008-07-24 23:37:41.081: notice: running ../../dnssec-signer -r -f -v -v +2008-07-24 23:37:41.083: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-24 23:37:41.083: debug: Check RFC5011 status +2008-07-24 23:37:41.083: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2008-07-24 23:37:41.083: debug: Check KSK status +2008-07-24 23:37:41.083: debug: Check ZSK status +2008-07-24 23:37:41.083: debug: Re-signing necessary: Option -f +2008-07-24 23:37:41.083: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-24 23:37:41.083: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-24 23:37:41.084: debug: Signing zone "sub.example.net." +2008-07-24 23:37:41.084: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-24 23:37:41.688: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 23:37:41.688: debug: Signing completed after 0s. +2008-07-24 23:37:41.689: notice: "sub.example.net.": distribution triggered +2008-07-24 23:37:41.689: debug: Distribute zone "sub.example.net." +2008-07-24 23:37:41.689: debug: Run cmd "./dist.sh distribute sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-24 23:37:41.695: debug: ./dist.sh distribute return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./" +2008-07-24 23:37:41.695: notice: "sub.example.net.": reload triggered +2008-07-24 23:37:41.695: debug: Reload zone "sub.example.net." +2008-07-24 23:37:41.695: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-24 23:37:41.701: debug: ./dist.sh reload return: "rndc reload " +2008-07-24 23:37:41.701: debug: +2008-07-24 23:37:41.701: debug: parsing zone "example.net." in dir "./example.net." +2008-07-24 23:37:41.701: debug: Check RFC5011 status +2008-07-24 23:37:41.701: debug: Check ZSK status +2008-07-24 23:37:41.701: debug: Re-signing necessary: Option -f +2008-07-24 23:37:41.701: notice: "example.net.": re-signing triggered: Option -f +2008-07-24 23:37:41.701: debug: Writing key file "./example.net./dnskey.db" +2008-07-24 23:37:41.702: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-24 23:37:41.702: debug: Signing zone "example.net." +2008-07-24 23:37:41.702: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-24 23:37:41.823: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 23:37:41.824: debug: Signing completed after 0s. +2008-07-24 23:37:41.824: notice: "example.net.": distribution triggered +2008-07-24 23:37:41.824: debug: Distribute zone "example.net." +2008-07-24 23:37:41.824: debug: Run cmd "./dist.sh distribute example.net. ./example.net./zone.db.signed" +2008-07-24 23:37:41.830: debug: ./dist.sh distribute return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./" +2008-07-24 23:37:41.831: notice: "example.net.": reload triggered +2008-07-24 23:37:41.831: debug: Reload zone "example.net." +2008-07-24 23:37:41.831: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" +2008-07-24 23:37:41.837: debug: ./dist.sh reload return: "rndc reload " +2008-07-24 23:37:41.837: debug: +2008-07-24 23:37:41.837: notice: end of run: 0 errors occured +2008-07-24 23:37:51.742: notice: ------------------------------------------------------------ +2008-07-24 23:37:51.742: notice: running ../../dnssec-signer -r -f -v +2008-07-24 23:37:51.744: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-24 23:37:51.744: debug: Check RFC5011 status +2008-07-24 23:37:51.744: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2008-07-24 23:37:51.744: debug: Check KSK status +2008-07-24 23:37:51.744: debug: Check ZSK status +2008-07-24 23:37:51.744: debug: Re-signing necessary: Option -f +2008-07-24 23:37:51.744: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-24 23:37:51.744: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-24 23:37:51.745: debug: Signing zone "sub.example.net." +2008-07-24 23:37:51.745: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-24 23:37:52.263: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 23:37:52.264: debug: Signing completed after 1s. +2008-07-24 23:37:52.264: notice: "sub.example.net.": distribution triggered +2008-07-24 23:37:52.264: debug: Distribute zone "sub.example.net." +2008-07-24 23:37:52.264: debug: Run cmd "./dist.sh distribute sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-24 23:37:52.270: debug: ./dist.sh distribute return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./" +2008-07-24 23:37:52.271: notice: "sub.example.net.": reload triggered +2008-07-24 23:37:52.271: debug: Reload zone "sub.example.net." +2008-07-24 23:37:52.271: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-24 23:37:52.276: debug: ./dist.sh reload return: "rndc reload " +2008-07-24 23:37:52.277: debug: +2008-07-24 23:37:52.277: debug: parsing zone "example.net." in dir "./example.net." +2008-07-24 23:37:52.277: debug: Check RFC5011 status +2008-07-24 23:37:52.277: debug: Check ZSK status +2008-07-24 23:37:52.277: debug: Re-signing necessary: Option -f +2008-07-24 23:37:52.277: notice: "example.net.": re-signing triggered: Option -f +2008-07-24 23:37:52.277: debug: Writing key file "./example.net./dnskey.db" +2008-07-24 23:37:52.277: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-24 23:37:52.277: debug: Signing zone "example.net." +2008-07-24 23:37:52.277: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-24 23:37:52.397: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-24 23:37:52.398: debug: Signing completed after 0s. +2008-07-24 23:37:52.398: notice: "example.net.": distribution triggered +2008-07-24 23:37:52.398: debug: Distribute zone "example.net." +2008-07-24 23:37:52.398: debug: Run cmd "./dist.sh distribute example.net. ./example.net./zone.db.signed" +2008-07-24 23:37:52.404: debug: ./dist.sh distribute return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./" +2008-07-24 23:37:52.404: notice: "example.net.": reload triggered +2008-07-24 23:37:52.404: debug: Reload zone "example.net." +2008-07-24 23:37:52.404: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" +2008-07-24 23:37:52.410: debug: ./dist.sh reload return: "rndc reload " +2008-07-24 23:37:52.410: debug: +2008-07-24 23:37:52.410: notice: end of run: 0 errors occured +2008-07-24 23:44:51.717: notice: ------------------------------------------------------------ +2008-07-24 23:44:51.717: notice: running ../../dnssec-signer -n -r -f -v +2008-07-24 23:44:51.719: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-24 23:44:51.719: debug: Check RFC5011 status +2008-07-24 23:44:51.719: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2008-07-24 23:44:51.719: debug: Check KSK status +2008-07-24 23:44:51.720: debug: Check ZSK status +2008-07-24 23:44:51.720: debug: Re-signing necessary: Option -f +2008-07-24 23:44:51.720: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-24 23:44:51.720: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-24 23:44:51.720: debug: Signing zone "sub.example.net." +2008-07-24 23:44:51.720: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-24 23:44:51.720: debug: Cmd dnssec-signzone return: "" +2008-07-24 23:44:51.720: debug: Signing completed after 0s. +2008-07-24 23:44:51.721: notice: "sub.example.net.": distribution triggered +2008-07-24 23:44:51.721: debug: Distribute zone "sub.example.net." +2008-07-24 23:44:51.721: debug: Run cmd "./dist.sh distribute sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-24 23:44:51.721: debug: ./dist.sh distribute return: "" +2008-07-24 23:44:51.721: notice: "sub.example.net.": reload triggered +2008-07-24 23:44:51.721: debug: Reload zone "sub.example.net." +2008-07-24 23:44:51.721: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-24 23:44:51.721: debug: ./dist.sh reload return: "" +2008-07-24 23:44:51.721: debug: +2008-07-24 23:44:51.721: debug: parsing zone "example.net." in dir "./example.net." +2008-07-24 23:44:51.721: debug: Check RFC5011 status +2008-07-24 23:44:51.721: debug: Check ZSK status +2008-07-24 23:44:51.721: debug: Re-signing necessary: Option -f +2008-07-24 23:44:51.722: notice: "example.net.": re-signing triggered: Option -f +2008-07-24 23:44:51.722: debug: Writing key file "./example.net./dnskey.db" +2008-07-24 23:44:51.722: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-24 23:44:51.722: notice: "example.net.": distribution triggered +2008-07-24 23:44:51.722: debug: Distribute zone "example.net." +2008-07-24 23:44:51.722: debug: Run cmd "./dist.sh distribute example.net. ./example.net./zone.db.signed" +2008-07-24 23:44:51.722: debug: ./dist.sh distribute return: "" +2008-07-24 23:44:51.722: notice: "example.net.": reload triggered +2008-07-24 23:44:51.722: debug: Reload zone "example.net." +2008-07-24 23:44:51.722: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" +2008-07-24 23:44:51.722: debug: ./dist.sh reload return: "" +2008-07-24 23:44:51.723: debug: +2008-07-24 23:44:51.723: notice: end of run: 0 errors occured +2008-07-24 23:44:57.039: notice: ------------------------------------------------------------ +2008-07-24 23:44:57.040: notice: running ../../dnssec-signer -n -r -f -v -v +2008-07-24 23:44:57.042: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-24 23:44:57.042: debug: Check RFC5011 status +2008-07-24 23:44:57.042: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2008-07-24 23:44:57.042: debug: Check KSK status +2008-07-24 23:44:57.042: debug: Check ZSK status +2008-07-24 23:44:57.042: debug: Re-signing necessary: Option -f +2008-07-24 23:44:57.042: notice: "sub.example.net.": re-signing triggered: Option -f +2008-07-24 23:44:57.042: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-24 23:44:57.042: debug: Signing zone "sub.example.net." +2008-07-24 23:44:57.042: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-24 23:44:57.042: debug: Cmd dnssec-signzone return: "" +2008-07-24 23:44:57.042: debug: Signing completed after 0s. +2008-07-24 23:44:57.042: notice: "sub.example.net.": distribution triggered +2008-07-24 23:44:57.042: debug: Distribute zone "sub.example.net." +2008-07-24 23:44:57.042: debug: Run cmd "./dist.sh distribute sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-24 23:44:57.042: debug: ./dist.sh distribute return: "" +2008-07-24 23:44:57.043: notice: "sub.example.net.": reload triggered +2008-07-24 23:44:57.043: debug: Reload zone "sub.example.net." +2008-07-24 23:44:57.043: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed" +2008-07-24 23:44:57.043: debug: ./dist.sh reload return: "" +2008-07-24 23:44:57.043: debug: +2008-07-24 23:44:57.043: debug: parsing zone "example.net." in dir "./example.net." +2008-07-24 23:44:57.043: debug: Check RFC5011 status +2008-07-24 23:44:57.043: debug: Check ZSK status +2008-07-24 23:44:57.043: debug: Re-signing necessary: Option -f +2008-07-24 23:44:57.043: notice: "example.net.": re-signing triggered: Option -f +2008-07-24 23:44:57.043: debug: Writing key file "./example.net./dnskey.db" +2008-07-24 23:44:57.043: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-24 23:44:57.043: notice: "example.net.": distribution triggered +2008-07-24 23:44:57.043: debug: Distribute zone "example.net." +2008-07-24 23:44:57.043: debug: Run cmd "./dist.sh distribute example.net. ./example.net./zone.db.signed" +2008-07-24 23:44:57.043: debug: ./dist.sh distribute return: "" +2008-07-24 23:44:57.043: notice: "example.net.": reload triggered +2008-07-24 23:44:57.043: debug: Reload zone "example.net." +2008-07-24 23:44:57.043: debug: Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed" +2008-07-24 23:44:57.043: debug: ./dist.sh reload return: "" +2008-07-24 23:44:57.043: debug: +2008-07-24 23:44:57.043: notice: end of run: 0 errors occured +2008-07-25 23:31:07.235: notice: ------------------------------------------------------------ +2008-07-25 23:31:07.236: notice: running ../../dnssec-signer -v -v +2008-07-25 23:31:07.238: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-25 23:31:07.238: debug: Check RFC5011 status +2008-07-25 23:31:07.238: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2008-07-25 23:31:07.238: debug: Check KSK status +2008-07-25 23:31:07.238: debug: Check ZSK status +2008-07-25 23:31:07.238: debug: Lifetime(259200 +/-150 sec) of active key 31081 exceeded (343229 sec) +2008-07-25 23:31:07.239: debug: ->depreciate it +2008-07-25 23:31:07.239: debug: ->activate published key 3615 +2008-07-25 23:31:07.239: notice: "sub.example.net.": lifetime of zone signing key 31081 exceeded: ZSK rollover done +2008-07-25 23:31:07.239: debug: New published key needed +2008-07-25 23:31:07.397: debug: ->creating new published key 4254 +2008-07-25 23:31:07.397: info: "sub.example.net.": new key 4254 generated for publishing +2008-07-25 23:31:07.397: debug: Re-signing necessary: New zone key +2008-07-25 23:31:07.397: notice: "sub.example.net.": re-signing triggered: New zone key +2008-07-25 23:31:07.398: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-25 23:31:07.398: debug: Signing zone "sub.example.net." +2008-07-25 23:31:07.398: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-25 23:31:07.639: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-25 23:31:07.639: debug: Signing completed after 0s. +2008-07-25 23:31:07.639: debug: +2008-07-25 23:31:07.639: debug: parsing zone "example.net." in dir "./example.net." +2008-07-25 23:31:07.639: debug: Check RFC5011 status +2008-07-25 23:31:07.639: debug: Check ZSK status +2008-07-25 23:31:07.639: debug: Re-signing necessary: Modified keys +2008-07-25 23:31:07.639: notice: "example.net.": re-signing triggered: Modified keys +2008-07-25 23:31:07.639: debug: Writing key file "./example.net./dnskey.db" +2008-07-25 23:31:07.640: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-25 23:31:07.640: debug: Signing zone "example.net." +2008-07-25 23:31:07.640: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-25 23:31:07.783: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-25 23:31:07.783: debug: Signing completed after 0s. +2008-07-25 23:31:07.783: debug: +2008-07-25 23:31:07.783: notice: end of run: 0 errors occured +2008-07-25 23:32:27.052: notice: ------------------------------------------------------------ +2008-07-25 23:32:27.052: notice: running ../../dnssec-signer -v -v +2008-07-25 23:32:27.054: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-25 23:32:27.054: debug: Check RFC5011 status +2008-07-25 23:32:27.054: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2008-07-25 23:32:27.054: debug: Check KSK status +2008-07-25 23:32:27.054: debug: Check ZSK status +2008-07-25 23:32:27.054: debug: Re-signing not necessary! +2008-07-25 23:32:27.054: debug: Check if there is a parent file to copy +2008-07-25 23:32:27.054: debug: +2008-07-25 23:32:27.054: debug: parsing zone "example.net." in dir "./example.net." +2008-07-25 23:32:27.054: debug: Check RFC5011 status +2008-07-25 23:32:27.054: debug: Check ZSK status +2008-07-25 23:32:27.054: debug: Re-signing not necessary! +2008-07-25 23:32:27.054: debug: Check if there is a parent file to copy +2008-07-25 23:32:27.057: debug: +2008-07-25 23:32:27.057: notice: end of run: 0 errors occured +2008-07-31 00:25:52.601: notice: ------------------------------------------------------------ +2008-07-31 00:25:52.601: notice: running ../../dnssec-signer -v -v +2008-07-31 00:25:52.604: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-31 00:25:52.604: debug: Check RFC5011 status +2008-07-31 00:25:52.604: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2008-07-31 00:25:52.604: debug: Check KSK status +2008-07-31 00:25:52.604: debug: Check ZSK status +2008-07-31 00:25:52.604: debug: Lifetime(390 sec) of depreciated key 31081 exceeded (435285 sec) +2008-07-31 00:25:52.604: info: "sub.example.net.": old ZSK 31081 removed +2008-07-31 00:25:52.605: debug: ->remove it +2008-07-31 00:25:52.605: debug: Lifetime(259200 +/-150 sec) of active key 3615 exceeded (435285 sec) +2008-07-31 00:25:52.605: debug: ->depreciate it +2008-07-31 00:25:52.605: debug: ->activate published key 4254 +2008-07-31 00:25:52.605: notice: "sub.example.net.": lifetime of zone signing key 3615 exceeded: ZSK rollover done +2008-07-31 00:25:52.605: debug: New key for publishing needed +2008-07-31 00:25:53.128: debug: ->creating new key 56744 +2008-07-31 00:25:53.128: info: "sub.example.net.": new key 56744 generated for publishing +2008-07-31 00:25:53.128: debug: Re-signing necessary: New zone key +2008-07-31 00:25:53.128: notice: "sub.example.net.": re-signing triggered: New zone key +2008-07-31 00:25:53.128: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-31 00:25:53.128: debug: Signing zone "sub.example.net." +2008-07-31 00:25:53.128: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-31 00:25:53.332: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-31 00:25:53.332: debug: Signing completed after 0s. +2008-07-31 00:25:53.332: debug: +2008-07-31 00:25:53.332: debug: parsing zone "example.net." in dir "./example.net." +2008-07-31 00:25:53.332: debug: Check RFC5011 status +2008-07-31 00:25:53.332: debug: Check ZSK status +2008-07-31 00:25:53.332: debug: Re-signing necessary: re-signing interval (2d) reached +2008-07-31 00:25:53.332: notice: "example.net.": re-signing triggered: re-signing interval (2d) reached +2008-07-31 00:25:53.332: debug: Writing key file "./example.net./dnskey.db" +2008-07-31 00:25:53.333: debug: Incrementing serial number in file "./example.net./zone.db" +2008-07-31 00:25:53.333: debug: Signing zone "example.net." +2008-07-31 00:25:53.333: debug: Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private" +2008-07-31 00:25:53.477: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-31 00:25:53.477: debug: Signing completed after 0s. +2008-07-31 00:25:53.477: debug: +2008-07-31 00:25:53.477: notice: end of run: 0 errors occured +2008-07-31 13:19:17.447: notice: ------------------------------------------------------------ +2008-07-31 13:19:17.447: notice: running ../../dnssec-signer -v -v +2008-07-31 13:19:17.449: debug: parsing zone "sub.example.net." in dir "./sub.example.net." +2008-07-31 13:19:17.449: debug: Check RFC5011 status +2008-07-31 13:19:17.450: debug: ->not a rfc5011 zone, looking for a regular ksk rollover +2008-07-31 13:19:17.450: debug: Check KSK status +2008-07-31 13:19:17.450: debug: Check ZSK status +2008-07-31 13:19:17.450: debug: Lifetime(390 sec) of depreciated key 3615 exceeded (46405 sec) +2008-07-31 13:19:17.450: info: "sub.example.net.": old ZSK 3615 removed +2008-07-31 13:19:17.450: debug: ->remove it +2008-07-31 13:19:17.450: debug: Re-signing necessary: New zone key +2008-07-31 13:19:17.451: notice: "sub.example.net.": re-signing triggered: New zone key +2008-07-31 13:19:17.451: debug: Writing key file "./sub.example.net./dnskey.db" +2008-07-31 13:19:17.451: debug: Signing zone "sub.example.net." +2008-07-31 13:19:17.451: debug: Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private" +2008-07-31 13:19:17.943: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-07-31 13:19:17.944: debug: Signing completed after 0s. +2008-07-31 13:19:17.944: debug: +2008-07-31 13:19:17.944: debug: parsing zone "example.net." in dir "./example.net." +2008-07-31 13:19:17.944: debug: Check RFC5011 status +2008-07-31 13:19:17.944: debug: Check ZSK status +2008-07-31 13:19:17.944: debug: Re-signing not necessary! +2008-07-31 13:19:17.944: debug: Check if there is a parent file to copy +2008-07-31 13:19:17.944: debug: +2008-07-31 13:19:17.945: notice: end of run: 0 errors occured diff --git a/contrib/zkt/examples/flat/zone.conf b/contrib/zkt/examples/flat/zone.conf new file mode 100644 index 0000000..0ccc7f6 --- /dev/null +++ b/contrib/zkt/examples/flat/zone.conf @@ -0,0 +1,10 @@ + +zone "example.NET." in { + type master; + file "example.net./zone.db.signed"; +}; + +zone "sub.example.NET." in { + type master; + file "sub.example.net./zone.db.signed"; +}; diff --git a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+11867.key b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+11867.key new file mode 100644 index 0000000..a824208 --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+11867.key @@ -0,0 +1,3 @@ +;% generationtime=20080717083652 +;% lifetime=28d +example.de. IN DNSKEY 256 3 5 BQEAAAAByN2rMrazHwh+sNOv8cBef3HUotAQTS9QW4Y5NjNuyYNraJBA OqV8KSaGQqIhkh0ZD0oIm2h0JowdyERZVj6ZZQ== diff --git a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+11867.published b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+11867.published new file mode 100644 index 0000000..8703816 --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+11867.published @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: yN2rMrazHwh+sNOv8cBef3HUotAQTS9QW4Y5NjNuyYNraJBAOqV8KSaGQqIhkh0ZD0oIm2h0JowdyERZVj6ZZQ== +PublicExponent: AQAAAAE= +PrivateExponent: PUJ1+zrJn3r8Z+GcNmxwyHaNeLivsjSiSoGZu2FnlJHgHV3Kq5ZL+d5jeGpbPyW6Bc5z+NpkqGPuz/DG9C6OhQ== +Prime1: 8NWUn++L7p45k/tgcIoVKWe9Jgwtn4m8K8PkNQG1H4s= +Prime2: 1YPE6Nw/KsuDHPkM6NAqtnMWugaG9kDq348eSTkhSM8= +Exponent1: tF/x51phYle6xgqBLw3ixmkQJCSpCa3F51pb/zGieV0= +Exponent2: PeU/PmlccGmtux9ZC9rEdu/xmMERXZri3QdBtCzYDLs= +Coefficient: gMF5l8BpGn2VBO7XqZNTJWOkx1lBOytfBc4y6yh+Cn8= diff --git a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+17439.key b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+17439.key new file mode 100644 index 0000000..1986117 --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+17439.key @@ -0,0 +1,4 @@ +;% generationtime=20080506225722 +;% lifetime=20d +;% expirationtime=20080711220959 +example.de. IN DNSKEY 385 3 5 BQEAAAABCyg92L7v21N3lc/gR07/2iLmvt6dUn1KKauLvmkRuT040XT+ Rd3Iq20iq6BqVPsPS+hCOTRA3xikTIn5YzmPLPutIRtjIodHhsrML4D9 Pp1dzgEDKWLam96v+E7KC0GGH/BI6/WelqeqjS5BjI4Gjv4roaTyDCi6 3oXwcMFDVwrSjws4A/5AGANka41Aky+UCGse6+64YmNP/QkSXDAeBZqw rw== diff --git a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+17439.private b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+17439.private new file mode 100644 index 0000000..62b7ca4 --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+17439.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: Cyg92L7v21N3lc/gR07/2iLmvt6dUn1KKauLvmkRuT040XT+Rd3Iq20iq6BqVPsPS+hCOTRA3xikTIn5YzmPLPutIRtjIodHhsrML4D9Pp1dzgEDKWLam96v+E7KC0GGH/BI6/WelqeqjS5BjI4Gjv4roaTyDCi63oXwcMFDVwrSjws4A/5AGANka41Aky+UCGse6+64YmNP/QkSXDAeBZqwrw== +PublicExponent: AQAAAAE= +PrivateExponent: CGYBtGSIMmSFoqnh6yYuoYlvTP2O7vkBdRrfkN43NwdlQVhco+wQO55QxCZNhCcbp2xau9IdejetNH0pQ3Zfg2Vllx78F8VMTMqkgw2HudWS/RahkMg+Hq6DBUaX/LYt90ToGyy5+FmyBm4fOV8FxJVrmTFMw4m7ULp3FgRcxmzS5zNjKYP2LKU/pYz0wFpyAr88DGNjChgwvRN/GE4obsoJgQ== +Prime1: A18v8idXV3o9tpIzalTEpOeDX7OxKumhUsoDpPhOJf7XqHLS6hYoYwFbRObF23Zi/3kHiAoGffR1Dkd+ji3xZhFOSEcUDuikQ2jdzdY8NxbzQQ== +Prime2: A08XMjIEpsViYvYB+ChuYxPbq7Z/eHtT/r5f8zS+nuEUwYAlKeq/i+U5sIydC1txv5XQuRPqpjtlZTClJ85BpS0GnSspG5PcY3OMwkA2smLX7w== +Exponent1: AcLu8YM68M8LtP7Dr7vYI+vJK6RK5SN/mAnz4ALt53igCUB/iVrfvBWCHp7hEgkRZUQQoItbT9C6YXrC3G9DW+IldSP8vrtqYva4YDBD2X1LAQ== +Exponent2: JdJVp3CAJPPcx0KiKDS8gHDiu22CBV2w1cycnXgwFmJl4aQkbTA7/xlgl15r3lByacAc19JreArqgCQRQV3bS7NG2PiQmzO26XkwCq+Kj7OJ +Coefficient: i6sKgv2zpCvdY9fChryaf5nZyb4nFd2dG/vnjQScBz8YVw4LnfL/XqKIego0Ez6/KlL4AnvkcafzogJ+MtmBB7V4RXEyObcbR6M/MLGMhpL8 diff --git a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+35672.key b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+35672.key new file mode 100644 index 0000000..4836d51 --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+35672.key @@ -0,0 +1,3 @@ +;% generationtime=20080608210458 +;% lifetime=28d +example.de. IN DNSKEY 256 3 5 BQEAAAABnRJdmY7dzRKi93pVkLToV5FK4Ffm8YnY0c6IHKcAmb5t8FLv pNijniIclCPXTpfio+HNa59a4UA8jTdJb+kT0w== diff --git a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+35672.private b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+35672.private new file mode 100644 index 0000000..3b1b32e --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+35672.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: nRJdmY7dzRKi93pVkLToV5FK4Ffm8YnY0c6IHKcAmb5t8FLvpNijniIclCPXTpfio+HNa59a4UA8jTdJb+kT0w== +PublicExponent: AQAAAAE= +PrivateExponent: I2jMbjLfEzJ4iZHvXDTRZKM2/SXOLH9dTWkzH8zfbW+jzsKObfnt7/yJYaIHv0gQOvOAfQ46RutqryjQpLPtoQ== +Prime1: 0TgZK52tc+JlhyG5229kjntpXP0enYcMqROdLM9lSoM= +Prime2: wDFNEVHv0GDU7L7ZLPIuRewnHg9SHgSnQ+kOWDhZEHE= +Exponent1: aVdC0HyDAG7bvUkwx468HhrL/00lGXQYvnxoKqV3/dU= +Exponent2: quQ/NY7YkT3jYi649bQ9hsWDkaAoBf1FrIVPcf3FSXE= +Coefficient: Td8UjaaoC44Qt0jCQ4uULI1YUQRNdPYH3024NghryrE= diff --git a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+41145.key b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+41145.key new file mode 100644 index 0000000..3a636d4 --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+41145.key @@ -0,0 +1,3 @@ +;% generationtime=20080608210458 +;% lifetime=20d +example.de. IN DNSKEY 257 3 5 BQEAAAABDrm5aXRPuZOmwT4nINnY2qXyXWLtutggFAJgBW5Ua7uzAR+7 r/DcOE7IfjnT5FQhbYXIuKy61uOEqPu1TYvDsGb1pseKSB4J0jmXDU9N tu9TDp6X6ZXE11+cFdATa4TPnsAUMSxVkLZanrbyACmcNr1gjT3dz6qI VBVPb5OnUldndbgtlOX3wcE0aR/MIsIjz1UQl/QoxbVclZVOUNdJQGb9 zQ== diff --git a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+41145.private b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+41145.private new file mode 100644 index 0000000..b0466be --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+41145.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: Drm5aXRPuZOmwT4nINnY2qXyXWLtutggFAJgBW5Ua7uzAR+7r/DcOE7IfjnT5FQhbYXIuKy61uOEqPu1TYvDsGb1pseKSB4J0jmXDU9Ntu9TDp6X6ZXE11+cFdATa4TPnsAUMSxVkLZanrbyACmcNr1gjT3dz6qIVBVPb5OnUldndbgtlOX3wcE0aR/MIsIjz1UQl/QoxbVclZVOUNdJQGb9zQ== +PublicExponent: AQAAAAE= +PrivateExponent: AQM2fRAmc6coPLeTHAK1DCHOYCRPSjsHYXoOzwMzzdIpHschjfxka35UdNSGKYpqM9E+VTZmV96w9ZZK5recxYak/6F72ZYTIYtsWYqCkej18nzhpnlt4nASnRt0nsS9UVVwc1Y7QxqRtSVXEcgcbiW3lr0jq+PSBf/HjY9qOHV4ExXlz7KPYOWbJa1YLFnvGlMd/W7hmQvXNEfTvOwjKURV4Q== +Prime1: A/0Yax4evJzC7VSw0Swt0KNM7gtIJ9nwzDCrTymulzKhu6Wgeu0veU9OAGDhv0Yfmn0kr1JLITpMu4uo3a5jfLb18yZEAyPphejZBA+wPIll+Q== +Prime2: A7EcplBfPWZmeCeL6UnFz4h45nxi3jRfQT00k34Nu5aFt5v+ngExbatcoOMnEKZSq2SQKDQRTp6XBOiwPNB9mVaLmzl9k9tyX6JvkCBEDrM7dQ== +Exponent1: AjoJbjmJarH7I4Zj5UPc9r0I5NtVgrAx4ZltcqPN07/1cBS2QAnZuMSLUvv8pkK+Lng9Wdy9c2FL0XjWY5Q+ORYj4ONGl9OWpi2zKqpTw4WgOQ== +Exponent2: AZfFGuYsztbn6tHFUIdIeXfaFTYyVbSfCEUp2Uv8N75QMyyuT4dzAlkU2cfSg3oAefrlCKWqXtLv9XlOJ1hTeXZOz8jyYAyhvGWGoHmSbeaNKQ== +Coefficient: AX6DKJRk0GXwCnkpfbn91myfZ2wgsUTXKjqasdlTqm3JL9Rtpq8J2MWPhexcSSz8DNa5LQlGduE1nh4eqqntnSNckD6CeImMdWgTNbQS3zV8Bw== diff --git a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+59244.key b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+59244.key new file mode 100644 index 0000000..35d4c6a --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+59244.key @@ -0,0 +1,3 @@ +;% generationtime=20080711221000 +;% lifetime=20d +example.de. IN DNSKEY 257 3 5 BQEAAAABDfaBERX9p+FUi1OXYVig7zLCQFZoRYpwDDuLzBcC7k+G1+wW dftyA1vBm5HMpyq0OifT0Hsez4+H+0CIWHZP8oPCYfKrq+wM2EgMzDDO Yv+O1TQU4i3G+iONxB1RAwH/J2lA+U0zCbrdf0KLq/enNquchhPw4gCX 0RB9HC+TkpoPf2u7aKFcjlpw4C4uhDl1s6FpfdXe6NQWW6c+ONUcLAEt +w== diff --git a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+59244.published b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+59244.published new file mode 100644 index 0000000..b7f28db --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+59244.published @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: DfaBERX9p+FUi1OXYVig7zLCQFZoRYpwDDuLzBcC7k+G1+wWdftyA1vBm5HMpyq0OifT0Hsez4+H+0CIWHZP8oPCYfKrq+wM2EgMzDDOYv+O1TQU4i3G+iONxB1RAwH/J2lA+U0zCbrdf0KLq/enNquchhPw4gCX0RB9HC+TkpoPf2u7aKFcjlpw4C4uhDl1s6FpfdXe6NQWW6c+ONUcLAEt+w== +PublicExponent: AQAAAAE= +PrivateExponent: /MDd0rAZf9mm/3cDi6TjTqeegMmnidhKYIzxyz1+quzwOA16L3jLf3ucWjz/BlEiOYh1CZbAroGRYqBAskys8u7FDinOQEP5cEn5NUyL5z0WebSCO+qnaqaQSokRs0oUx3+e9tJc9GhhmZIVNXQe4mYxfeYCl6KZS9CXe22y31PkvJ+SQIBh/I+SQnM4rbW012rKroAxdHfTvmalofx+Qb1h +Prime1: A/5Pkk5UAGvEa06GrEcATMOjsxZ0BbgalPuJKLLTFzvtYhdlJY738oY0QfsHba9hEC+iiSwfjWYyNlH/7bcVqSFtbLJiJ0aUfvObj75qw4HjXQ== +Prime2: A38aQzy3UrARKcwUqCiQrSOTM5P7xIDfbruW7ywmaWA1lXCvP3EJAal6MYs0pG2vx1cxVTIPva3Se26NkGaBqZw+RgHxmRmfgxvSoCfWXGZZNw== +Exponent1: OvPYJBkVUbncb0mBtTe5uwa9RgGlCgW4ges93zf3UQuHGvAesUFNnMh6y9zi4vgyVNbz2KOSnA91onc9l42b6NwqRNbExGhDsMc8NQi16vnF +Exponent2: AkkCNzHuGv3HaQ4MpRT/PLPA2UONseMBvJHWlgK+aO2xb6/7I09sPqKnJ4f6Bj5jL8efNZYHWsaN4l335V9lc5791opU+07LHHpULn2qVRpJYw== +Coefficient: An94juF2F5cDtoMC6gwI5iaWDH/qxkeuZ62fnMFoMY18XO0/clTVfdW7XvXCOn1DQyDLDOYpxR5MfeDKkbxtGGYKABWBOWlyaS1A5D5wTQRJzw== diff --git a/contrib/zkt/examples/hierarchical/de./example.de./dnskey.db b/contrib/zkt/examples/hierarchical/de./example.de./dnskey.db new file mode 100644 index 0000000..bd106bd --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de./example.de./dnskey.db @@ -0,0 +1,48 @@ +; +; !!! Don't edit this file by hand. +; !!! It will be generated by dnssec-signer. +; +; Last generation time Jul 29 2008 12:44:06 +; + +; *** List of Key Signing Keys *** +; example.de. tag=17439 algo=RSASHA1 generated Jun 19 2008 00:32:22 +example.de. 3600 IN DNSKEY 385 3 5 ( + BQEAAAABCyg92L7v21N3lc/gR07/2iLmvt6dUn1KKauLvmkRuT040XT+ + Rd3Iq20iq6BqVPsPS+hCOTRA3xikTIn5YzmPLPutIRtjIodHhsrML4D9 + Pp1dzgEDKWLam96v+E7KC0GGH/BI6/WelqeqjS5BjI4Gjv4roaTyDCi6 + 3oXwcMFDVwrSjws4A/5AGANka41Aky+UCGse6+64YmNP/QkSXDAeBZqw + rw== + ) ; key id = 17567 (original key id = 17439) + +; example.de. tag=41145 algo=RSASHA1 generated Jul 12 2008 00:10:00 +example.de. 3600 IN DNSKEY 257 3 5 ( + BQEAAAABDrm5aXRPuZOmwT4nINnY2qXyXWLtutggFAJgBW5Ua7uzAR+7 + r/DcOE7IfjnT5FQhbYXIuKy61uOEqPu1TYvDsGb1pseKSB4J0jmXDU9N + tu9TDp6X6ZXE11+cFdATa4TPnsAUMSxVkLZanrbyACmcNr1gjT3dz6qI + VBVPb5OnUldndbgtlOX3wcE0aR/MIsIjz1UQl/QoxbVclZVOUNdJQGb9 + zQ== + ) ; key id = 41145 + +; example.de. tag=59244 algo=RSASHA1 generated Jul 12 2008 00:10:00 +example.de. 3600 IN DNSKEY 257 3 5 ( + BQEAAAABDfaBERX9p+FUi1OXYVig7zLCQFZoRYpwDDuLzBcC7k+G1+wW + dftyA1vBm5HMpyq0OifT0Hsez4+H+0CIWHZP8oPCYfKrq+wM2EgMzDDO + Yv+O1TQU4i3G+iONxB1RAwH/J2lA+U0zCbrdf0KLq/enNquchhPw4gCX + 0RB9HC+TkpoPf2u7aKFcjlpw4C4uhDl1s6FpfdXe6NQWW6c+ONUcLAEt + +w== + ) ; key id = 59244 + +; *** List of Zone Signing Keys *** +; example.de. tag=35672 algo=RSASHA1 generated Jul 17 2008 10:36:52 +example.de. 3600 IN DNSKEY 256 3 5 ( + BQEAAAABnRJdmY7dzRKi93pVkLToV5FK4Ffm8YnY0c6IHKcAmb5t8FLv + pNijniIclCPXTpfio+HNa59a4UA8jTdJb+kT0w== + ) ; key id = 35672 + +; example.de. tag=11867 algo=RSASHA1 generated Jul 17 2008 10:36:52 +example.de. 3600 IN DNSKEY 256 3 5 ( + BQEAAAAByN2rMrazHwh+sNOv8cBef3HUotAQTS9QW4Y5NjNuyYNraJBA + OqV8KSaGQqIhkh0ZD0oIm2h0JowdyERZVj6ZZQ== + ) ; key id = 11867 + diff --git a/contrib/zkt/examples/hierarchical/de./example.de./dsset-example.de. b/contrib/zkt/examples/hierarchical/de./example.de./dsset-example.de. new file mode 100644 index 0000000..a2cb04a --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de./example.de./dsset-example.de. @@ -0,0 +1,6 @@ +example.de. IN DS 17567 5 1 D2AE03CF2A76AA0A28AE8593B3D96E497C6508E5 +example.de. IN DS 17567 5 2 A9F2D82927721257F7C4325B402F664BBFE58780A786BB7B7188A0DB FD5D7008 +example.de. IN DS 41145 5 1 8F18A5F2A59AEF518DBA5A0CD0F0E259DD0F8C05 +example.de. IN DS 41145 5 2 BA5A78FB98E5A38554B4D73B32F15C4794AEE9E25934B3696B999451 A534102A +example.de. IN DS 59244 5 1 56F34A865AFA3A183D3C008490B94CB1D238BB9A +example.de. IN DS 59244 5 2 08C1BFC17C4634BE4A03A297D65E44CC8EB375B4027534541B7E0596 5E985313 diff --git a/contrib/zkt/examples/hierarchical/de./example.de./keyset-example.de. b/contrib/zkt/examples/hierarchical/de./example.de./keyset-example.de. new file mode 100644 index 0000000..2b40c68 --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de./example.de./keyset-example.de. @@ -0,0 +1,28 @@ +$ORIGIN . +example.de 7200 IN DNSKEY 257 3 5 ( + BQEAAAABDfaBERX9p+FUi1OXYVig7zLCQFZo + RYpwDDuLzBcC7k+G1+wWdftyA1vBm5HMpyq0 + OifT0Hsez4+H+0CIWHZP8oPCYfKrq+wM2EgM + zDDOYv+O1TQU4i3G+iONxB1RAwH/J2lA+U0z + Cbrdf0KLq/enNquchhPw4gCX0RB9HC+TkpoP + f2u7aKFcjlpw4C4uhDl1s6FpfdXe6NQWW6c+ + ONUcLAEt+w== + ) ; key id = 59244 + 7200 IN DNSKEY 257 3 5 ( + BQEAAAABDrm5aXRPuZOmwT4nINnY2qXyXWLt + utggFAJgBW5Ua7uzAR+7r/DcOE7IfjnT5FQh + bYXIuKy61uOEqPu1TYvDsGb1pseKSB4J0jmX + DU9Ntu9TDp6X6ZXE11+cFdATa4TPnsAUMSxV + kLZanrbyACmcNr1gjT3dz6qIVBVPb5OnUldn + dbgtlOX3wcE0aR/MIsIjz1UQl/QoxbVclZVO + UNdJQGb9zQ== + ) ; key id = 41145 + 7200 IN DNSKEY 385 3 5 ( + BQEAAAABCyg92L7v21N3lc/gR07/2iLmvt6d + Un1KKauLvmkRuT040XT+Rd3Iq20iq6BqVPsP + S+hCOTRA3xikTIn5YzmPLPutIRtjIodHhsrM + L4D9Pp1dzgEDKWLam96v+E7KC0GGH/BI6/We + lqeqjS5BjI4Gjv4roaTyDCi63oXwcMFDVwrS + jws4A/5AGANka41Aky+UCGse6+64YmNP/QkS + XDAeBZqwrw== + ) ; key id = 17567 diff --git a/contrib/zkt/examples/hierarchical/de./example.de./keyset-sub.example.de. b/contrib/zkt/examples/hierarchical/de./example.de./keyset-sub.example.de. new file mode 100644 index 0000000..04ed33a --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de./example.de./keyset-sub.example.de. @@ -0,0 +1,8 @@ +$ORIGIN . +sub.example.de 7200 IN DNSKEY 257 3 5 ( + BQEAAAABpL4/T8z6mCbTm46Y9+KJOgCAk+dG + HBoyg75N1f0lwYSZOLyyyOLWwDxlsfkb5Wwv + Z1ZG6NFmg/3o5N3Zd7TEkkvHZafRMrzHFicd + IMSvjmOWVBR0GsEb+reREu5X0sdZbqOuxT6C + kKoTXRpRZgU9ouus6W5bSWQAfdQIegTBBKk= + ) ; key id = 40998 diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+19793.key b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+19793.key new file mode 100644 index 0000000..6b6aca1 --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+19793.key @@ -0,0 +1,3 @@ +;% generationtime=20080729104405 +;% lifetime=2d +sub.example.de. IN DNSKEY 256 3 1 BQEAAAABny2+yO3erGn/4hCJyG031zbeZa91KPPsQRfqgx3eNgyaQjfD 7NTKuAfJjbSTbHnvXF008duYET+UU9+hS01RIw== diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+19793.private b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+19793.private new file mode 100644 index 0000000..2377635 --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+19793.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 1 (RSA) +Modulus: ny2+yO3erGn/4hCJyG031zbeZa91KPPsQRfqgx3eNgyaQjfD7NTKuAfJjbSTbHnvXF008duYET+UU9+hS01RIw== +PublicExponent: AQAAAAE= +PrivateExponent: njIKbIVXtg54r7CRULxKaNXpW0BUus3VYh/JBkMgd+runwCUtXUccG14jHrZ/H2M6Yx46EIYxebzoi0rStisAQ== +Prime1: zsU5EgehqDuowoV/yRkMTDa/b3unK6hUy4AnqCpumtE= +Prime2: xRPHnd4KuW4H4SueCLf3oduoTfOp6pl6cKdJyjooQbM= +Exponent1: WbbHa11huZfttfhiiocYX0zKzy+2hTHb8vXBJ27mIcE= +Exponent2: JrXRbJt0aQuZ7PEcBuYpcLp0d4WZFD0htANku1j9xHc= +Coefficient: y0cK7SB3Usly0yku3wY50DpxX0k+qPu8HztqHeGCXpg= diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+51977.depreciated b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+51977.depreciated new file mode 100644 index 0000000..934f630 --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+51977.depreciated @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 1 (RSA) +Modulus: rPRVqWxFqCoVRrtQ8XYrbeogdBKBvEus359hPgFqYdGHvR1Kkyl8EhioksP/Tze5cGBHTSFCjIh+lGMPEssJCQ== +PublicExponent: AQAAAAE= +PrivateExponent: OGFXm5oxuztSyLrcmyhrWs14NTOKh745RZMjIUVyoem0SLRjkJWdqGlPnMsR+lmyVieKx6OhFTOZnbjRaeu2AQ== +Prime1: 1epbg5Yr1USYkwGu9zV7AXpB74Wfu7I3WDzPabBFQ+k= +Prime2: zvsD4Q/+PCmzXiRwsSlwZwtwpcSump1fuIve+REOCCE= +Exponent1: kMpHQJed0XNHcNZ2hcEZ1/yG3Ex4MZbdJ9DsK2Rgosk= +Exponent2: LEK4vqbV5lWlccULSqR0puA/1lFWmvRbS0yu7qp4OGE= +Coefficient: gXEyODoVUSbHQP2mar5cwP3BDdi1LwDYVvdvKYEPIrw= diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+51977.key b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+51977.key new file mode 100644 index 0000000..2c662a9 --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+51977.key @@ -0,0 +1,3 @@ +;% generationtime=20080726213646 +;% lifetime=2d +sub.example.de. IN DNSKEY 256 3 1 BQEAAAABrPRVqWxFqCoVRrtQ8XYrbeogdBKBvEus359hPgFqYdGHvR1K kyl8EhioksP/Tze5cGBHTSFCjIh+lGMPEssJCQ== diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+55699.key b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+55699.key new file mode 100644 index 0000000..3a0fcec --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+55699.key @@ -0,0 +1,3 @@ +;% generationtime=20080731111645 +;% lifetime=2d +sub.example.de. IN DNSKEY 256 3 1 BQEAAAABwutYROLC3W5wyq8jZEN7Fjgn2bLMoUAVJoteHeTZgfc11ekm /T+TEsR0L1Eazfc/MP+8X0OzdEl97NGOPtmT9w== diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+55699.published b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+55699.published new file mode 100644 index 0000000..b45db1f --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+55699.published @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 1 (RSA) +Modulus: wutYROLC3W5wyq8jZEN7Fjgn2bLMoUAVJoteHeTZgfc11ekm/T+TEsR0L1Eazfc/MP+8X0OzdEl97NGOPtmT9w== +PublicExponent: AQAAAAE= +PrivateExponent: f7ufWzg6L93T6LUD9P4Enjv0YvfQoIAJwO3OLdaMTuvz7ehqy+FWuAzy4fQwBxr768pDWv/EZqpqPuDIifUCUQ== +Prime1: 50l7b5UFq5ejhH7Y/ZTA03M0JMZiIQDrpJdWL89sn6M= +Prime2: 178TrVx2Of4cF18K9sbgdrbQCL82IotrErwo5YAsb50= +Exponent1: Gs/D3DZdG7gy9INcfyIBH8pOHkcITjxJQbEJotYtp48= +Exponent2: xVkRB61kvgdvwcowk4UnL6FqBPi5p9Jk1AlNteSksMU= +Coefficient: Z9dHWKQ4b7QgZt5kzJNs4gW4iZPvD2pdm31V0jEbPoA= diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+005+40998.key b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+005+40998.key new file mode 100644 index 0000000..9c7c36c --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+005+40998.key @@ -0,0 +1,3 @@ +;% generationtime=20080726221746 +;% lifetime=5d +sub.example.de. IN DNSKEY 257 3 5 BQEAAAABpL4/T8z6mCbTm46Y9+KJOgCAk+dGHBoyg75N1f0lwYSZOLyy yOLWwDxlsfkb5WwvZ1ZG6NFmg/3o5N3Zd7TEkkvHZafRMrzHFicdIMSv jmOWVBR0GsEb+reREu5X0sdZbqOuxT6CkKoTXRpRZgU9ouus6W5bSWQA fdQIegTBBKk= diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+005+40998.private b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+005+40998.private new file mode 100644 index 0000000..3e39f5a --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+005+40998.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: pL4/T8z6mCbTm46Y9+KJOgCAk+dGHBoyg75N1f0lwYSZOLyyyOLWwDxlsfkb5WwvZ1ZG6NFmg/3o5N3Zd7TEkkvHZafRMrzHFicdIMSvjmOWVBR0GsEb+reREu5X0sdZbqOuxT6CkKoTXRpRZgU9ouus6W5bSWQAfdQIegTBBKk= +PublicExponent: AQAAAAE= +PrivateExponent: CrFKdhkCOgyF27Jc4GPfo7A6v2q0OgRE2nBdkw7XFUEADEHSVLA6XYUm3AZmAOWxTmrGU8EK+76hfC22DjA6O0BljTNdxLB5cGRL2Dxey603jCIEVt/ahIqyb2STr0pWYEVc3qAKJL93iP4v5r7fJt157sJhQF8F5Zpqj24QvmE= +Prime1: 1EpVvo011F2qgjesKSKplhqtvbmRPjTuhijb7531zIbxDzBF+lXCDyjt3Y/LrWS240t74vbZpo9FUZIETIf/FQ== +Prime2: xqm8Bk18u2WJZ9uUr+/MMPKfh6OgAFqtBwFi81FFJ62kHGL9i8AcychE9tD5IRu74KLCGW+Vk87lyLOF3WU0RQ== +Exponent1: JmLNa+QmMjHVDmAM833bF024/+NIyZgfNSDLnGXxTqYZ3PK/llLHIwBChLMKAQgFvt5PP0id1Nkc9N16xjkuFQ== +Exponent2: rZW7rMmQxQQRHD8TKQTAhCX+31n8jnq7gW9dyVpjY85GDuQe6+3rox6xvsMfUzEOgXk1lgnm46FAIHOH6DhMuQ== +Coefficient: MPoirwMUkLzLWeynO1Izy+lff70hnDnOcZEckS+Sy1TlUkk22uHBF4uNLkgoF26XqeKzK9pG1rCGfccfWTCayQ== diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./dlvset-sub.example.de. b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./dlvset-sub.example.de. new file mode 100644 index 0000000..c392b9a --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./dlvset-sub.example.de. @@ -0,0 +1,2 @@ +sub.example.de.dlv.trusted-keys.net. IN DLV 40998 5 1 1414E9C46F367D787EEF2EC91E1FC66DD087AEAE +sub.example.de.dlv.trusted-keys.net. IN DLV 40998 5 2 6FE53984AB75C31A06778E9944F8CDB4790527D36BBD08CC1E90DA7A E32EEE5F diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./dnskey.db b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./dnskey.db new file mode 100644 index 0000000..e922c18 --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./dnskey.db @@ -0,0 +1,35 @@ +; +; !!! Don't edit this file by hand. +; !!! It will be generated by dnssec-signer. +; +; Last generation time Jul 31 2008 13:16:45 +; + +; *** List of Key Signing Keys *** +; sub.example.de. tag=40998 algo=RSASHA1 generated Jul 27 2008 00:17:46 +sub.example.de. 3600 IN DNSKEY 257 3 5 ( + BQEAAAABpL4/T8z6mCbTm46Y9+KJOgCAk+dGHBoyg75N1f0lwYSZOLyy + yOLWwDxlsfkb5WwvZ1ZG6NFmg/3o5N3Zd7TEkkvHZafRMrzHFicdIMSv + jmOWVBR0GsEb+reREu5X0sdZbqOuxT6CkKoTXRpRZgU9ouus6W5bSWQA + fdQIegTBBKk= + ) ; key id = 40998 + +; *** List of Zone Signing Keys *** +; sub.example.de. tag=51977 algo=RSAMD5 generated Jul 29 2008 12:44:04 +sub.example.de. 3600 IN DNSKEY 256 3 1 ( + BQEAAAABrPRVqWxFqCoVRrtQ8XYrbeogdBKBvEus359hPgFqYdGHvR1K + kyl8EhioksP/Tze5cGBHTSFCjIh+lGMPEssJCQ== + ) ; key id = 51977 + +; sub.example.de. tag=19793 algo=RSAMD5 generated Jul 29 2008 12:44:05 +sub.example.de. 3600 IN DNSKEY 256 3 1 ( + BQEAAAABny2+yO3erGn/4hCJyG031zbeZa91KPPsQRfqgx3eNgyaQjfD + 7NTKuAfJjbSTbHnvXF008duYET+UU9+hS01RIw== + ) ; key id = 19793 + +; sub.example.de. tag=55699 algo=RSAMD5 generated Jul 31 2008 13:16:45 +sub.example.de. 3600 IN DNSKEY 256 3 1 ( + BQEAAAABwutYROLC3W5wyq8jZEN7Fjgn2bLMoUAVJoteHeTZgfc11ekm + /T+TEsR0L1Eazfc/MP+8X0OzdEl97NGOPtmT9w== + ) ; key id = 55699 + diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./dnssec.conf b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./dnssec.conf new file mode 100644 index 0000000..d7d33ca --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./dnssec.conf @@ -0,0 +1,17 @@ +## +## dnssec-zkt v0.4 (c) Jan 2005 hoz <at> hznet <dot> de ## +## + +resigninterval 36h +sigvalidity 2d +max_ttl 90s + +ksk_lifetime 5d +ksk_algo RSASHA1 +ksk_bits 1024 + +zsk_lifetime 2d +zsk_algo RSAMD5 +zsk_bits 512 + +dlv_domain "dlv.trusted-keys.net" diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./dsset-sub.example.de. b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./dsset-sub.example.de. new file mode 100644 index 0000000..b8ec77b --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./dsset-sub.example.de. @@ -0,0 +1,2 @@ +sub.example.de. IN DS 40998 5 1 1414E9C46F367D787EEF2EC91E1FC66DD087AEAE +sub.example.de. IN DS 40998 5 2 6FE53984AB75C31A06778E9944F8CDB4790527D36BBD08CC1E90DA7A E32EEE5F diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./keyset-sub.example.de. b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./keyset-sub.example.de. new file mode 100644 index 0000000..04ed33a --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./keyset-sub.example.de. @@ -0,0 +1,8 @@ +$ORIGIN . +sub.example.de 7200 IN DNSKEY 257 3 5 ( + BQEAAAABpL4/T8z6mCbTm46Y9+KJOgCAk+dG + HBoyg75N1f0lwYSZOLyyyOLWwDxlsfkb5Wwv + Z1ZG6NFmg/3o5N3Zd7TEkkvHZafRMrzHFicd + IMSvjmOWVBR0GsEb+reREu5X0sdZbqOuxT6C + kKoTXRpRZgU9ouus6W5bSWQAfdQIegTBBKk= + ) ; key id = 40998 diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./zone.db b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./zone.db new file mode 100644 index 0000000..05489a4 --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./zone.db @@ -0,0 +1,25 @@ +;----------------------------------------------------------------- +; +; @(#) sub.example.de/zone.db +; +;----------------------------------------------------------------- + +$TTL 7200 + +@ IN SOA ns1.example.de. hostmaster.example.de. ( + 2008073101; Serial (up to 10 digits) + 86400 ; Refresh (RIPE recommendation if NOTIFY is used) + 1800 ; Retry + 2W ; Expire + 7200 ) ; Minimum + + + IN NS ns1.example.de. + +$INCLUDE dnskey.db + +localhost IN A 127.0.0.1 + +a IN A 1.2.3.4 +b IN A 1.2.3.5 +c IN A 1.2.3.6 diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./zone.db.signed b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./zone.db.signed new file mode 100644 index 0000000..d607de5 --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./zone.db.signed @@ -0,0 +1,108 @@ +; File written on Thu Jul 31 13:16:45 2008 +; dnssec_signzone version 9.5.1b1 +sub.example.de. 7200 IN SOA ns1.example.de. hostmaster.example.de. ( + 2008073101 ; serial + 86400 ; refresh (1 day) + 1800 ; retry (30 minutes) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 7200 RRSIG SOA 1 3 7200 20080802100259 ( + 20080731101645 19793 sub.example.de. + d/lRqmf+AWENEHoKbG+ABspEFH0UEHsyue0o + DPPUzkAw/gZcHcwoCuf4AsbUYHz1HKyHjeUz + g2+AsH8mPZKGvg== ) + 7200 NS ns1.example.de. + 7200 RRSIG NS 1 3 7200 20080802095409 ( + 20080731101645 19793 sub.example.de. + VoXeajFhxMQjwVXspcxBN/lfM1R6hc1fIVdV + HjWlw0RSeCL7fBOY54HOIWcu6jHegMrjuB9y + KTOgEwv3r8kOiw== ) + 7200 NSEC a.sub.example.de. NS SOA RRSIG NSEC DNSKEY + 7200 RRSIG NSEC 1 3 7200 20080802095639 ( + 20080731101645 19793 sub.example.de. + cmhtmISCv2bbpBkgwyMuKNnlrNsJ3GViYUxT + lhQ8ASHjNH74mIuenBIGy+w3RxyDzoMk1w6Y + J0qpEvDF3FNvRQ== ) + 3600 DNSKEY 256 3 1 ( + BQEAAAABny2+yO3erGn/4hCJyG031zbeZa91 + KPPsQRfqgx3eNgyaQjfD7NTKuAfJjbSTbHnv + XF008duYET+UU9+hS01RIw== + ) ; key id = 19793 + 3600 DNSKEY 256 3 1 ( + BQEAAAABrPRVqWxFqCoVRrtQ8XYrbeogdBKB + vEus359hPgFqYdGHvR1Kkyl8EhioksP/Tze5 + cGBHTSFCjIh+lGMPEssJCQ== + ) ; key id = 51977 + 3600 DNSKEY 256 3 1 ( + BQEAAAABwutYROLC3W5wyq8jZEN7Fjgn2bLM + oUAVJoteHeTZgfc11ekm/T+TEsR0L1Eazfc/ + MP+8X0OzdEl97NGOPtmT9w== + ) ; key id = 55699 + 3600 DNSKEY 257 3 5 ( + BQEAAAABpL4/T8z6mCbTm46Y9+KJOgCAk+dG + HBoyg75N1f0lwYSZOLyyyOLWwDxlsfkb5Wwv + Z1ZG6NFmg/3o5N3Zd7TEkkvHZafRMrzHFicd + IMSvjmOWVBR0GsEb+reREu5X0sdZbqOuxT6C + kKoTXRpRZgU9ouus6W5bSWQAfdQIegTBBKk= + ) ; key id = 40998 + 3600 RRSIG DNSKEY 1 3 3600 20080802100935 ( + 20080731101645 19793 sub.example.de. + WU1UIuqpuCLRe/46p4u2eqEvKrfsBvKpzKmx + TLG2AX+AOxWhRH5CqZ1zDiKUd+Xu6ekGxB/g + ZOu0rsPqvux2PA== ) + 3600 RRSIG DNSKEY 5 3 3600 20080802100334 ( + 20080731101645 40998 sub.example.de. + WW23Oq06HTSt5R/4Ds/nOl1n0Egsbf4bztB8 + MZQAv6khorlDzmy3B4WPG1f79yuc26Zb6/Z9 + QxNH0s68kp3X/eBR7FTEfHehsKaoRtaxldhz + V0VjOKI2iu4mhA6n/P0bAEhfxFxxde5tymP/ + Od6//GN4UmNi9LCwWtLbGnF4Gpc= ) +a.sub.example.de. 7200 IN A 1.2.3.4 + 7200 RRSIG A 1 4 7200 20080802095159 ( + 20080731101645 19793 sub.example.de. + LxVthdAkEiBec6khr63+rufhSwtByBNvff8e + HEG/m+yusTBVqVoUp987aabxqaeW5v6f4GaB + 4iK4mspVH4Md7A== ) + 7200 NSEC b.sub.example.de. A RRSIG NSEC + 7200 RRSIG NSEC 1 4 7200 20080802100843 ( + 20080731101645 19793 sub.example.de. + HEqR2LChtQD2AeGCBhCsCemP3kjwAGi3RIXu + UpklHVo44Yu+JINnO/jxZ61CtlvBaZ25dpjt + 4ldl+d6z3bs4pQ== ) +b.sub.example.de. 7200 IN A 1.2.3.5 + 7200 RRSIG A 1 4 7200 20080802095415 ( + 20080731101645 19793 sub.example.de. + eLTaD1maS++Py3rybVftMtz0V8QnJenAH6tQ + PIcoZElIaLt8DGfwJYPmIPJlhwNlyqJH7d2A + SDEWBEFsFCnMkg== ) + 7200 NSEC c.sub.example.de. A RRSIG NSEC + 7200 RRSIG NSEC 1 4 7200 20080802094836 ( + 20080731101645 19793 sub.example.de. + nHvo1ValqHljlwCiPI51hdl0lnd5WiDIHbo7 + MMxxZrYLNAP9ECK5DCzht9UrEGgIpI/MAvsU + 7S7eIlt0jBSehg== ) +c.sub.example.de. 7200 IN A 1.2.3.6 + 7200 RRSIG A 1 4 7200 20080802095037 ( + 20080731101645 19793 sub.example.de. + eVluthAz6YLAJWSaroRGuf5IsjhHoLz60Ot9 + 1KTnw9zAFU16H6vuQ/TIH7ZzHOT0CgdwawF5 + V0L4MAkK76H00w== ) + 7200 NSEC localhost.sub.example.de. A RRSIG NSEC + 7200 RRSIG NSEC 1 4 7200 20080802100135 ( + 20080731101645 19793 sub.example.de. + KRTIiVJPkQayfB8k6sIWyZPm6fqQAZbs8BQ4 + jz/EGrHj3oFPRULUpLMKUdLFAp0kU0qRqCwl + Ull//CFV9J272A== ) +localhost.sub.example.de. 7200 IN A 127.0.0.1 + 7200 RRSIG A 1 4 7200 20080802095833 ( + 20080731101645 19793 sub.example.de. + fXGLRIRCvK/Q9D+dQTia3HUe1xlVBwBL1vcY + wRWdvNQgXQnOkpGtcb9fjKXkPz34SirmyESh + 8kYWUvV1kghBzA== ) + 7200 NSEC sub.example.de. A RRSIG NSEC + 7200 RRSIG NSEC 1 4 7200 20080802101452 ( + 20080731101645 19793 sub.example.de. + EqI9jcbxtroVBCVrCLWezzcxNvwm2xl/1nCt + 6Nogs3WvBPpMExUX2tWvpJMV14vpFSW2qWQK + UoFq9NHsH2WSDw== ) diff --git a/contrib/zkt/examples/hierarchical/de./example.de./zone.db b/contrib/zkt/examples/hierarchical/de./example.de./zone.db new file mode 100644 index 0000000..c485181 --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de./example.de./zone.db @@ -0,0 +1,37 @@ +;----------------------------------------------------------------- +; +; @(#) example.de/zone.db +; +;----------------------------------------------------------------- + +$TTL 7200 + +; Be sure that the serial number below is left +; justified in a field of at least 10 chars!! +; 0123456789; +; It's also possible to use the date form e.g. 2005040101 +@ IN SOA ns1.example.de. hostmaster.example.de. ( + 258 ; Serial + 43200 ; Refresh + 1800 ; Retry + 2W ; Expire + 7200 ) ; Minimum + + IN NS ns1.example.de. + IN NS ns2.example.de. + +ns1 IN A 1.0.0.5 + IN AAAA 2001:db8::53 +ns2 IN A 1.2.0.6 + +localhost IN A 127.0.0.1 + +; Delegation to secure zone; The DS resource record will +; be added by dnssec-signzone automatically if the +; keyset-sub.example.de file is present (run dnssec-signzone +; with option -g or use the dnssec-signer tool) ;-) +sub IN NS ns1.example.de. + +; this file will have all the zone keys +$INCLUDE dnskey.db + diff --git a/contrib/zkt/examples/hierarchical/de./example.de./zone.db.signed b/contrib/zkt/examples/hierarchical/de./example.de./zone.db.signed new file mode 100644 index 0000000..4b9b3dc --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de./example.de./zone.db.signed @@ -0,0 +1,147 @@ +; File written on Tue Jul 29 12:44:06 2008 +; dnssec_signzone version 9.5.1b1 +example.de. 7200 IN SOA ns1.example.de. hostmaster.example.de. ( + 258 ; serial + 43200 ; refresh (12 hours) + 1800 ; retry (30 minutes) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 7200 RRSIG SOA 5 2 7200 20080808092956 ( + 20080729094406 35672 example.de. + UufM9vATUwvqXJjvgt9WGAytmMhd7Pz/3DK0 + 6a9uReXHcU4NcO0BhTP9chwXAQC5pI2ucRxs + /4p/Vc/L91wUMA== ) + 7200 NS ns1.example.de. + 7200 NS ns2.example.de. + 7200 RRSIG NS 5 2 7200 20080808091515 ( + 20080729094406 35672 example.de. + hpHATL81t7GASSKPPBuheQqBqXU688itETkN + QYfy/OwcE/7g+LvS1oHEBRds6neRkXxUpDa1 + hsdbbCDo6UuHSg== ) + 7200 NSEC localhost.example.de. NS SOA RRSIG NSEC DNSKEY + 7200 RRSIG NSEC 5 2 7200 20080808092007 ( + 20080729094406 35672 example.de. + aN9cYobVe+qJ5Gw0GPMQI3V7vPQaF7cBuX6T + +yWZ/TAHhKcJYqbwOQH2XQar2s+JwckEMSdI + HFPySUOtQaNNxA== ) + 3600 DNSKEY 256 3 5 ( + BQEAAAABnRJdmY7dzRKi93pVkLToV5FK4Ffm + 8YnY0c6IHKcAmb5t8FLvpNijniIclCPXTpfi + o+HNa59a4UA8jTdJb+kT0w== + ) ; key id = 35672 + 3600 DNSKEY 256 3 5 ( + BQEAAAAByN2rMrazHwh+sNOv8cBef3HUotAQ + TS9QW4Y5NjNuyYNraJBAOqV8KSaGQqIhkh0Z + D0oIm2h0JowdyERZVj6ZZQ== + ) ; key id = 11867 + 3600 DNSKEY 257 3 5 ( + BQEAAAABDfaBERX9p+FUi1OXYVig7zLCQFZo + RYpwDDuLzBcC7k+G1+wWdftyA1vBm5HMpyq0 + OifT0Hsez4+H+0CIWHZP8oPCYfKrq+wM2EgM + zDDOYv+O1TQU4i3G+iONxB1RAwH/J2lA+U0z + Cbrdf0KLq/enNquchhPw4gCX0RB9HC+TkpoP + f2u7aKFcjlpw4C4uhDl1s6FpfdXe6NQWW6c+ + ONUcLAEt+w== + ) ; key id = 59244 + 3600 DNSKEY 257 3 5 ( + BQEAAAABDrm5aXRPuZOmwT4nINnY2qXyXWLt + utggFAJgBW5Ua7uzAR+7r/DcOE7IfjnT5FQh + bYXIuKy61uOEqPu1TYvDsGb1pseKSB4J0jmX + DU9Ntu9TDp6X6ZXE11+cFdATa4TPnsAUMSxV + kLZanrbyACmcNr1gjT3dz6qIVBVPb5OnUldn + dbgtlOX3wcE0aR/MIsIjz1UQl/QoxbVclZVO + UNdJQGb9zQ== + ) ; key id = 41145 + 3600 DNSKEY 385 3 5 ( + BQEAAAABCyg92L7v21N3lc/gR07/2iLmvt6d + Un1KKauLvmkRuT040XT+Rd3Iq20iq6BqVPsP + S+hCOTRA3xikTIn5YzmPLPutIRtjIodHhsrM + L4D9Pp1dzgEDKWLam96v+E7KC0GGH/BI6/We + lqeqjS5BjI4Gjv4roaTyDCi63oXwcMFDVwrS + jws4A/5AGANka41Aky+UCGse6+64YmNP/QkS + XDAeBZqwrw== + ) ; key id = 17567 + 3600 RRSIG DNSKEY 5 2 3600 20080808092214 ( + 20080729094406 41145 example.de. + BMVp5vW7MgvrhoGfqQhdwGg1mBHNw4xnI+YX + XMYqOAMMRmFg7G6Vn+UcFmUoL1AdUKIdXPp7 + t30UREHQspELWmnLVdJ36HRmzk1eNgwLFuUM + l+Lr+KeoufJ2QlF4TWeItozv0pgmkxaOr0Im + fzRmWKs84rwautwY+R/b5wrCMfZt96/JPGA0 + 4JWDls1wJ7iR0LtiJxe7mvtNRZ5krPFKXBRz + nA== ) + 3600 RRSIG DNSKEY 5 2 3600 20080808092411 ( + 20080729094406 17567 example.de. + BmHQcJsmGmt7HZHqWPAHQuelDrWXASUy7tgc + W4RVIed4voZiHyvxfTPR3cldIWpdP2RqxMm8 + Dj5hlYRqnVt3phSSnwpczcPkfQD4meTqK0DJ + kpX/mBCMHedfvATKf82A9wri13/Zi97N6sTK + 4VZZIWaUH/YDYyMwxgK70+jU0m2N8Iebm3s6 + RshTMxAZjiSH29mgow/HSHtf+cnaTUGAr83P + ug== ) + 3600 RRSIG DNSKEY 5 2 3600 20080808093317 ( + 20080729094406 35672 example.de. + Q5UnfDMbzApCl/wOy9IDna25UVvjKhuV/dos + hFKPUArM4wDx9kJU5tc1Eatwh4MAXPM81kNW + 6DbiKMXJpO7biQ== ) +localhost.example.de. 7200 IN A 127.0.0.1 + 7200 RRSIG A 5 3 7200 20080808092724 ( + 20080729094406 35672 example.de. + JW8ScAtavvTR0fHI/ZDZTgARHSXM/QcLT+w6 + dl6kaeR/9JqxTKpKnH6mtYYdfqom4siJnZCI + D66sltGHW/er+Q== ) + 7200 NSEC ns1.example.de. A RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20080808094047 ( + 20080729094406 35672 example.de. + XsTqHahVRcPPyrdffkdyBj0BFlTx2vkmfrvY + IIQcaNiUxrgZfyDBQ1GZbL4tDGK/ujValdz9 + s2s+6ISxxobC3A== ) +ns1.example.de. 7200 IN A 1.0.0.5 + 7200 RRSIG A 5 3 7200 20080808091743 ( + 20080729094406 35672 example.de. + ljYOmOC9r3RlsohXrHt40sIQuF98JSkRSFHb + xKlcToqEVSgxAKkMlwPKBQPaHtRdQhIVkxly + OpCYxAQSguB/MA== ) + 7200 AAAA 2001:db8::53 + 7200 RRSIG AAAA 5 3 7200 20080808094144 ( + 20080729094406 35672 example.de. + nNchBWvoPtgRNxaz9bmFwvv/KtgloYq1SGti + 59yQFFm6ixY0p0l0d+U5nnwgI1iS5h0JGYqI + 0mOu0mNbxtt9gQ== ) + 7200 NSEC ns2.example.de. A AAAA RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20080808092537 ( + 20080729094406 35672 example.de. + MgnxPyKHMqQXnmfjh5ffr0FRvgRyl7D56phx + xKzTquSXDECP5ORpDxvybixbvHvM8R59LjYH + 1OZ3fi+/kWVAJg== ) +ns2.example.de. 7200 IN A 1.2.0.6 + 7200 RRSIG A 5 3 7200 20080808091624 ( + 20080729094406 35672 example.de. + MkrwvOLYJQvoNFNeqtLOOmDnVFY0n7qdTOUL + Ia2stlfOn7r/7f4lKQTE5UMM+SBN2iizV4qc + SFFUxREAI5UGkQ== ) + 7200 NSEC sub.example.de. A RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20080808094337 ( + 20080729094406 35672 example.de. + QE8DYRraVloZVQi2RTpYwxEY1P0u3ovHgC58 + AR1NiLtbQ0YCsPJZeIhVSXbdd8qLZzb5gsJ2 + 9AU6m1TfAa5WSw== ) +sub.example.de. 7200 IN NS ns1.example.de. + 7200 DS 40998 5 1 ( + 1414E9C46F367D787EEF2EC91E1FC66DD087 + AEAE ) + 7200 DS 40998 5 2 ( + 6FE53984AB75C31A06778E9944F8CDB47905 + 27D36BBD08CC1E90DA7AE32EEE5F ) + 7200 RRSIG DS 5 3 7200 20080808092142 ( + 20080729094406 35672 example.de. + cdyXeVNOD5TBuab8JFkwcf4GiS2n9F4tgct/ + ZedULbikEqO0CyJddPW3wSsNAZeP2tgXJNI8 + H6SutDh0IiR5MA== ) + 7200 NSEC example.de. NS DS RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20080808091754 ( + 20080729094406 35672 example.de. + jkvn4NznbaH8S5PeWkPf/cHaq19kNav8Y78E + 3GVQHD3ApcDAMs8gImjRrJMT1lqSB7yCu/5f + k3CPfTs/+p/8Og== ) diff --git a/contrib/zkt/examples/hierarchical/de./keyset-example.de. b/contrib/zkt/examples/hierarchical/de./keyset-example.de. new file mode 100644 index 0000000..2b40c68 --- /dev/null +++ b/contrib/zkt/examples/hierarchical/de./keyset-example.de. @@ -0,0 +1,28 @@ +$ORIGIN . +example.de 7200 IN DNSKEY 257 3 5 ( + BQEAAAABDfaBERX9p+FUi1OXYVig7zLCQFZo + RYpwDDuLzBcC7k+G1+wWdftyA1vBm5HMpyq0 + OifT0Hsez4+H+0CIWHZP8oPCYfKrq+wM2EgM + zDDOYv+O1TQU4i3G+iONxB1RAwH/J2lA+U0z + Cbrdf0KLq/enNquchhPw4gCX0RB9HC+TkpoP + f2u7aKFcjlpw4C4uhDl1s6FpfdXe6NQWW6c+ + ONUcLAEt+w== + ) ; key id = 59244 + 7200 IN DNSKEY 257 3 5 ( + BQEAAAABDrm5aXRPuZOmwT4nINnY2qXyXWLt + utggFAJgBW5Ua7uzAR+7r/DcOE7IfjnT5FQh + bYXIuKy61uOEqPu1TYvDsGb1pseKSB4J0jmX + DU9Ntu9TDp6X6ZXE11+cFdATa4TPnsAUMSxV + kLZanrbyACmcNr1gjT3dz6qIVBVPb5OnUldn + dbgtlOX3wcE0aR/MIsIjz1UQl/QoxbVclZVO + UNdJQGb9zQ== + ) ; key id = 41145 + 7200 IN DNSKEY 385 3 5 ( + BQEAAAABCyg92L7v21N3lc/gR07/2iLmvt6d + Un1KKauLvmkRuT040XT+Rd3Iq20iq6BqVPsP + S+hCOTRA3xikTIn5YzmPLPutIRtjIodHhsrM + L4D9Pp1dzgEDKWLam96v+E7KC0GGH/BI6/We + lqeqjS5BjI4Gjv4roaTyDCi63oXwcMFDVwrS + jws4A/5AGANka41Aky+UCGse6+64YmNP/QkS + XDAeBZqwrw== + ) ; key id = 17567 diff --git a/contrib/zkt/examples/hierarchical/dnssec.conf b/contrib/zkt/examples/hierarchical/dnssec.conf new file mode 100644 index 0000000..12da654 --- /dev/null +++ b/contrib/zkt/examples/hierarchical/dnssec.conf @@ -0,0 +1,40 @@ +# +# @(#) dnssec.conf vT0.96 (c) Feb 2005 - May 2008 Holger Zuleger hznet.de +# + +# dnssec-zkt options +Zonedir: "." +Recursive: True +PrintTime: False +PrintAge: True +LeftJustify: False + +# zone specific values +ResignInterval: 1w # (604800 seconds) +Sigvalidity: 10d # (864000 seconds) +Max_TTL: 6h # (21600 seconds) +Propagation: 5m # (300 seconds) +KEY_TTL: 1h # (3600 seconds) +Serialformat: incremental + +# signing key parameters +KSK_lifetime: 20d # (1728000 seconds) +KSK_algo: RSASHA1 # (Algorithm ID 5) +KSK_bits: 1300 +KSK_randfile: "/dev/urandom" +ZSK_lifetime: 4w # (2419200 seconds) +ZSK_algo: RSASHA1 # (Algorithm ID 5) +ZSK_bits: 512 +ZSK_randfile: "/dev/urandom" + +# dnssec-signer options +LogFile: "log" +LogLevel: "info" +SyslogFacility: "user" +SyslogLevel: "notice" +Keyfile: "dnskey.db" +Zonefile: "zone.db" +KeySetDir: ".." +DLV_Domain: "" +Sig_Pseudorand: True +Sig_Parameter: "-j 1800" diff --git a/contrib/zkt/examples/hierarchical/named.conf b/contrib/zkt/examples/hierarchical/named.conf new file mode 100644 index 0000000..8bd3f9d --- /dev/null +++ b/contrib/zkt/examples/hierarchical/named.conf @@ -0,0 +1,102 @@ +/***************************************************************** +** +** #(@) named.conf (c) 6. May 2004 (hoz) +** +*****************************************************************/ + +/***************************************************************** +** logging options +*****************************************************************/ +logging { + channel "named-log" { + file "/var/log/named" versions 3 size 2m; + print-time yes; + print-category yes; + print-severity yes; + severity info; + }; + channel "resolver-log" { + file "/var/log/named"; + print-time yes; + print-category yes; + print-severity yes; + severity debug 1; + }; + channel "dnssec-log" { +# file "/var/log/named-dnssec" ; + file "/var/log/named" ; + print-time yes; + print-category yes; + print-severity yes; + severity debug 3; + }; + category "dnssec" { "dnssec-log"; }; + category "default" { "named-log"; }; + category "resolver" { "resolver-log"; }; + category "client" { "resolver-log"; }; + category "queries" { "resolver-log"; }; +}; + +/***************************************************************** +** name server options +*****************************************************************/ +options { + directory "."; + + dump-file "/var/log/named_dump.db"; + statistics-file "/var/log/named.stats"; + + listen-on-v6 { any; }; + + query-source address * port 53; + transfer-source * port 53; + notify-source * port 53; + + recursion yes; + dnssec-enable yes; + edns-udp-size 4096; + +# dnssec-lookaside "." trust-anchor "trusted-keys.de."; + + querylog yes; + +}; + +/***************************************************************** +** include shared secrets... +*****************************************************************/ +/** for control sessions ... **/ +# include "rndc.key"; +controls { + inet 127.0.0.1 + allow { localhost; } + keys { "rndc-key"; }; + inet ::1 + allow { localhost; } + keys { "rndc-key"; }; +}; + +/***************************************************************** +** ... and trusted_keys +*****************************************************************/ +# include "trusted-keys.conf" ; + +/***************************************************************** +** root server hints and required 127 stuff +*****************************************************************/ +zone "." in { + type hint; + file "root.hint"; +}; + +zone "localhost" in { + type master; + file "localhost.zone"; +}; + +zone "0.0.127.in-addr.arpa" in { + type master; + file "127.0.0.zone"; +}; + +include "zone.conf"; diff --git a/contrib/zkt/examples/hierarchical/zone.conf b/contrib/zkt/examples/hierarchical/zone.conf new file mode 100644 index 0000000..6944d5a --- /dev/null +++ b/contrib/zkt/examples/hierarchical/zone.conf @@ -0,0 +1,10 @@ + +zone "example.de." in { + type master; + file "de./example.de./zone.db.signed"; +}; + +zone "sub.example.de." in { + type master; + file "de./example.de./sub.example.de./zone.db.signed"; +}; diff --git a/contrib/zkt/examples/views/dnssec-extern.conf b/contrib/zkt/examples/views/dnssec-extern.conf new file mode 100644 index 0000000..728dcc9 --- /dev/null +++ b/contrib/zkt/examples/views/dnssec-extern.conf @@ -0,0 +1,39 @@ +# +# @(#) dnssec.conf vT0.96 (c) Feb 2005 - May 2008 Holger Zuleger hznet.de +# + +# dnssec-zkt options +Zonedir: "extern" +Recursive: True +PrintTime: False +PrintAge: True +LeftJustify: False + +# zone specific values +ResignInterval: 1w # (604800 seconds) +Sigvalidity: 10d # (864000 seconds) +Max_TTL: 8h # (28800 seconds) +Propagation: 5m # (300 seconds) +KEY_TTL: 1h # (3600 seconds) +Serialformat: unixtime + +# signing key parameters +KSK_lifetime: 1y # (31536000 seconds) +KSK_algo: RSASHA1 # (Algorithm ID 5) +KSK_bits: 1300 +KSK_randfile: "/dev/urandom" +ZSK_lifetime: 30d # (2592000 seconds) +ZSK_algo: RSASHA1 # (Algorithm ID 5) +ZSK_bits: 512 +ZSK_randfile: "/dev/urandom" + +# dnssec-signer options +LogFile: "zkt-ext.log" +LogLevel: "debug" +SyslogFacility: "none" +SyslogLevel: "notice" +VerboseLog: 2 +Keyfile: "dnskey.db" +Zonefile: "zone.db" +DLV_Domain: "" +Sig_Pseudorand: True diff --git a/contrib/zkt/examples/views/dnssec-intern.conf b/contrib/zkt/examples/views/dnssec-intern.conf new file mode 100644 index 0000000..d49fc94 --- /dev/null +++ b/contrib/zkt/examples/views/dnssec-intern.conf @@ -0,0 +1,39 @@ +# +# @(#) dnssec.conf vT0.96 (c) Feb 2005 - May 2008 Holger Zuleger hznet.de +# + +# dnssec-zkt options +Zonedir: "intern" +Recursive: True +PrintTime: False +PrintAge: True +LeftJustify: False + +# zone specific values +ResignInterval: 5h # (18000 seconds) +Sigvalidity: 1d # (86400 seconds) +Max_TTL: 30m # (1800 seconds) +Propagation: 1m # (60 seconds) +KEY_TTL: 30m # (1800 seconds) +Serialformat: unixtime + +# signing key parameters +KSK_lifetime: 1y # (31536000 seconds) +KSK_algo: RSASHA1 # (Algorithm ID 5) +KSK_bits: 1300 +KSK_randfile: "/dev/urandom" +ZSK_lifetime: 30d # (2592000 seconds) +ZSK_algo: RSASHA1 # (Algorithm ID 5) +ZSK_bits: 512 +ZSK_randfile: "/dev/urandom" + +# dnssec-signer options +LogFile: "zkt-int.log" +LogLevel: "debug" +SyslogFacility: "none" +SyslogLevel: "notice" +VerboseLog: 2 +Keyfile: "dnskey.db" +Zonefile: "zone.db" +DLV_Domain: "" +Sig_Pseudorand: True diff --git a/contrib/zkt/examples/views/dnssec-signer-extern b/contrib/zkt/examples/views/dnssec-signer-extern new file mode 100755 index 0000000..910e82a --- /dev/null +++ b/contrib/zkt/examples/views/dnssec-signer-extern @@ -0,0 +1,7 @@ +#!/bin/sh +# +# Shell script to start the dnssec-signer +# command out of the view directory +# + +ZKT_CONFFILE=`pwd`/dnssec.conf ../../dnssec-signer -V extern "$@" diff --git a/contrib/zkt/examples/views/dnssec-signer-intern b/contrib/zkt/examples/views/dnssec-signer-intern new file mode 100755 index 0000000..915ed15 --- /dev/null +++ b/contrib/zkt/examples/views/dnssec-signer-intern @@ -0,0 +1,7 @@ +#!/bin/sh +# +# Shell script to start the dnssec-signer +# command out of the view directory +# + +ZKT_CONFFILE=`pwd`/dnssec.conf ../../dnssec-signer -V intern "$@" diff --git a/contrib/zkt/examples/views/dnssec-zkt-extern b/contrib/zkt/examples/views/dnssec-zkt-extern new file mode 100755 index 0000000..129b4e1 --- /dev/null +++ b/contrib/zkt/examples/views/dnssec-zkt-extern @@ -0,0 +1,7 @@ +#!/bin/sh +# +# Shell script to start the dnssec-zkt command +# out of the view directory +# + +ZKT_CONFFILE=`pwd`/dnssec.conf ../../dnssec-zkt --view extern "$@" diff --git a/contrib/zkt/examples/views/dnssec-zkt-intern b/contrib/zkt/examples/views/dnssec-zkt-intern new file mode 100755 index 0000000..1836840 --- /dev/null +++ b/contrib/zkt/examples/views/dnssec-zkt-intern @@ -0,0 +1,7 @@ +#!/bin/sh +# +# Shell script to start the dnssec-zkt command +# out of the view directory +# + +ZKT_CONFFILE=`pwd`/dnssec.conf ../../dnssec-zkt --view intern "$@" diff --git a/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+10367.key b/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+10367.key new file mode 100644 index 0000000..54ba934 --- /dev/null +++ b/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+10367.key @@ -0,0 +1,3 @@ +;% generationtime=20080609231143 +;% lifetime=30d +example.net. IN DNSKEY 256 3 5 BQEAAAAB3U9DMT6BkywYADO+5p0lG4VFLLzNvJUMaOc++HqN2N1sKSX4 ZTf2V5gtamPZ/1kMrg8gYImKCl6n3K37EjXYBw== diff --git a/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+10367.published b/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+10367.published new file mode 100644 index 0000000..7240075 --- /dev/null +++ b/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+10367.published @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: 3U9DMT6BkywYADO+5p0lG4VFLLzNvJUMaOc++HqN2N1sKSX4ZTf2V5gtamPZ/1kMrg8gYImKCl6n3K37EjXYBw== +PublicExponent: AQAAAAE= +PrivateExponent: Q3TKb2j5AMk4wn9q5vvgtEy7o1VAhCvv/Nw3QRpXi7xGeHb7WJHj2ia2I44vQQk9fB+Kck1M8KNRMgYt0d0xCQ== +Prime1: 7l4yn7VYrTSOaZu+lubsFvE+JB7asyYyymAEQeod2p0= +Prime2: 7a4LEAmrtZTI/PHjdk/Ij/hbpDmtOe1H0lnWTVG+GfM= +Exponent1: DTpyBBW39+d9b8LqCo7hJf5KQ3oVw9tdnUuHNstGZd0= +Exponent2: b+aBbhRPr/a9ZCNM2JTjZJrrSebtMQCy1GcE33o64HM= +Coefficient: UdvxnKd2GL6In82yHG40rU35WTZ2SUYQ+1mfz3DQqnE= diff --git a/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+23553.key b/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+23553.key new file mode 100644 index 0000000..ec11dcb --- /dev/null +++ b/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+23553.key @@ -0,0 +1 @@ +example.net. IN DNSKEY 257 3 5 BQEAAAABDEEycfY6uqWNTpQO8ygi9xms6NOFYGhCjijN109fVGJ4KDnI ZtLhoFrOKru9rZn+pyqurlyZG4vESg0BMty6xljVDlr/TegDYFTN19mQ uwvlasJhZPv9pjROPqQGnqLaw3O4OKCY9HgTTPdXK1hQ4Mg2rNU4SM2T u5ki91f5AQqiXF8KYMics0mwVvpj5C2YTDvE9SafLrce68JM6DaiC6E1 sQ== diff --git a/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+23553.private b/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+23553.private new file mode 100644 index 0000000..ea29447 --- /dev/null +++ b/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+23553.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: DEEycfY6uqWNTpQO8ygi9xms6NOFYGhCjijN109fVGJ4KDnIZtLhoFrOKru9rZn+pyqurlyZG4vESg0BMty6xljVDlr/TegDYFTN19mQuwvlasJhZPv9pjROPqQGnqLaw3O4OKCY9HgTTPdXK1hQ4Mg2rNU4SM2Tu5ki91f5AQqiXF8KYMics0mwVvpj5C2YTDvE9SafLrce68JM6DaiC6E1sQ== +PublicExponent: AQAAAAE= +PrivateExponent: A3ZXTF8afjlxddgO/sDxotc0XLBMa3sNrXhCpdFzeDV1HszZbz1lP8rrZjA1wQgSo56DjiGRKTsHjAAm4xN1lGYKBZuVF4U3uiWie2PhJStt7kckNduKOfV9Nofow5Jh8I2lXKqcOJ8Qd+EJYIsajdBoGQ72PGGfDaHphbN/mW13n59PlilMF4RRRybcMA6jTAOfvIcv5Mes3+ADh0TktHdHQQ== +Prime1: A+SKyrgtNzGVpAXPQysMQ9O/10B/+nhy6//1F5Epxihyuln+d2euh+TjVneojx4D2JUflDUSD5BQAdflDb+KiBXdQjBEmqfWwY+INwSQzv4M5Q== +Prime2: AyXovkiIs7ywIRS6FfRolMMUeh3yeYNtCVAvLB6EC2MiNCzfkDOFB7rpmUkZR8HYUWuz1hQfR781RDO81Sp3RIpSyL7SwOqkpMZyaSgK/GKE3Q== +Exponent1: D1vC405mkcUVfno92EuBXomRiOG7VeSyjwofgCpa0JKR6J2BThdCGrcVbq68ucIddn+cbkD8JsZB3k4aeDYFxm6d1En1Z2C1cVHrzCFi2zFV +Exponent2: N+iliM1Qp3spcsR06kXImb/N4FosHrZkXtcbRIMWhV8NBcyqLDIfGlNluaiztv4rf6Kn2UyVeiGC822nqZHcW5PiXJnBEWs9AC4Di1QzZh0h +Coefficient: AtZ4sYqGgyB5kfdcQBBlIkPbsRRNKrUVAsZkjabdZTQa+ox6tYnlVjh7BgPMHJlj/Z4VTRJ5rfAUPnB4ZwO/r1eAJLd+vxjJb9M7DaGMc+RqQA== diff --git a/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+35744.key b/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+35744.key new file mode 100644 index 0000000..1809a93 --- /dev/null +++ b/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+35744.key @@ -0,0 +1,4 @@ +;% generationtime=20071217224527 +;% lifetime=30 +;% expiretime=20080116224527 +example.net. IN DNSKEY 256 3 5 BQEAAAABsQvn4MXvSlbajLPMJdGnczsX/Zw5yYSeERYtaO2Wxi+kHz6w iAyKkbBYFUGtmbPJ6JFt+4f9KnNPi1txiBg76Q== diff --git a/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+35744.private b/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+35744.private new file mode 100644 index 0000000..ca789eb --- /dev/null +++ b/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+35744.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: sQvn4MXvSlbajLPMJdGnczsX/Zw5yYSeERYtaO2Wxi+kHz6wiAyKkbBYFUGtmbPJ6JFt+4f9KnNPi1txiBg76Q== +PublicExponent: AQAAAAE= +PrivateExponent: fZs/S7/pOPP1C9Jjdb7KhnbfiLfCIXdc7d8LDWmm7d9rL2kZK77WMp+o5WRQhoIDDQPAdv+phoIdFEIiXKLN8Q== +Prime1: 6NEgG3Z86nn9fNjG+3E9OqF/7oaCvrVnb1XogalZgr0= +Prime2: wq0aosO1mWXo38HuxO5JiR2mX/9LWjxxqwK6I9gnJp0= +Exponent1: ZvI2y//PImr1OqeVLoWfFHop2iorgT4+SYiz1Gw9FME= +Exponent2: TBUeoolmnFcOfWO6T1v0S6za7LEib2H1Pgt95UvDA40= +Coefficient: eHmKka0EVRfjDfEpcwRp5nZ36ZHfLxuKF5tGQ1YclBI= diff --git a/contrib/zkt/examples/views/extern/example.net./dnskey.db b/contrib/zkt/examples/views/extern/example.net./dnskey.db new file mode 100644 index 0000000..d46eff9 --- /dev/null +++ b/contrib/zkt/examples/views/extern/example.net./dnskey.db @@ -0,0 +1,30 @@ +; +; !!! Don't edit this file by hand. +; !!! It will be generated by dnssec-signer. +; +; Last generation time Jun 12 2008 17:56:05 +; + +; *** List of Key Signing Keys *** +; example.net. tag=23553 algo=RSASHA1 generated Nov 20 2007 12:49:04 +example.net. 3600 IN DNSKEY 257 3 5 ( + BQEAAAABDEEycfY6uqWNTpQO8ygi9xms6NOFYGhCjijN109fVGJ4KDnI + ZtLhoFrOKru9rZn+pyqurlyZG4vESg0BMty6xljVDlr/TegDYFTN19mQ + uwvlasJhZPv9pjROPqQGnqLaw3O4OKCY9HgTTPdXK1hQ4Mg2rNU4SM2T + u5ki91f5AQqiXF8KYMics0mwVvpj5C2YTDvE9SafLrce68JM6DaiC6E1 + sQ== + ) ; key id = 23553 + +; *** List of Zone Signing Keys *** +; example.net. tag=35744 algo=RSASHA1 generated Jun 10 2008 01:11:43 +example.net. 3600 IN DNSKEY 256 3 5 ( + BQEAAAABsQvn4MXvSlbajLPMJdGnczsX/Zw5yYSeERYtaO2Wxi+kHz6w + iAyKkbBYFUGtmbPJ6JFt+4f9KnNPi1txiBg76Q== + ) ; key id = 35744 + +; example.net. tag=10367 algo=RSASHA1 generated Jun 10 2008 01:11:43 +example.net. 3600 IN DNSKEY 256 3 5 ( + BQEAAAAB3U9DMT6BkywYADO+5p0lG4VFLLzNvJUMaOc++HqN2N1sKSX4 + ZTf2V5gtamPZ/1kMrg8gYImKCl6n3K37EjXYBw== + ) ; key id = 10367 + diff --git a/contrib/zkt/examples/views/extern/example.net./dsset-example.net. b/contrib/zkt/examples/views/extern/example.net./dsset-example.net. new file mode 100644 index 0000000..cbcd3d0 --- /dev/null +++ b/contrib/zkt/examples/views/extern/example.net./dsset-example.net. @@ -0,0 +1,2 @@ +example.net. IN DS 23553 5 1 A1A6D06CB84D619730F605AEF2A6DD4148DD9D5B +example.net. IN DS 23553 5 2 B0DCAB8A32C230495CEC1FD61CEC03849450909CA6636FD9BC53D1B3 3B4F3A2D diff --git a/contrib/zkt/examples/views/extern/example.net./keyset-example.net. b/contrib/zkt/examples/views/extern/example.net./keyset-example.net. new file mode 100644 index 0000000..b845245 --- /dev/null +++ b/contrib/zkt/examples/views/extern/example.net./keyset-example.net. @@ -0,0 +1,10 @@ +$ORIGIN . +example.net 7200 IN DNSKEY 257 3 5 ( + BQEAAAABDEEycfY6uqWNTpQO8ygi9xms6NOF + YGhCjijN109fVGJ4KDnIZtLhoFrOKru9rZn+ + pyqurlyZG4vESg0BMty6xljVDlr/TegDYFTN + 19mQuwvlasJhZPv9pjROPqQGnqLaw3O4OKCY + 9HgTTPdXK1hQ4Mg2rNU4SM2Tu5ki91f5AQqi + XF8KYMics0mwVvpj5C2YTDvE9SafLrce68JM + 6DaiC6E1sQ== + ) ; key id = 23553 diff --git a/contrib/zkt/examples/views/extern/example.net./zone.db b/contrib/zkt/examples/views/extern/example.net./zone.db new file mode 100644 index 0000000..4c72928 --- /dev/null +++ b/contrib/zkt/examples/views/extern/example.net./zone.db @@ -0,0 +1,33 @@ +;----------------------------------------------------------------- +; +; @(#) extern/example.net/zone.db +; +;----------------------------------------------------------------- + +$TTL 7200 + +@ IN SOA ns1.example.net. hostmaster.example.net. ( + 0 ; Serial + 43200 ; Refresh + 1800 ; Retry + 2W ; Expire + 7200 ) ; Minimum + + IN NS ns1.example.net. + IN NS ns2.example.net. + +ns1 IN A 1.0.0.5 + IN AAAA 2001:db8::53 +ns2 IN A 1.2.0.6 + +localhost IN A 127.0.0.1 + +; Delegation to secure zone; The DS resource record will +; be added by dnssec-signzone automatically if the +; keyset-sub.example.net file is present (run dnssec-signzone +; with option -g or use the dnssec-signer tool) ;-) +sub IN NS ns1.example.net. + +; this file will have all the zone keys +$INCLUDE dnskey.db + diff --git a/contrib/zkt/examples/views/extern/example.net./zone.db.signed b/contrib/zkt/examples/views/extern/example.net./zone.db.signed new file mode 100644 index 0000000..c0e2801 --- /dev/null +++ b/contrib/zkt/examples/views/extern/example.net./zone.db.signed @@ -0,0 +1,109 @@ +; File written on Thu Jun 12 17:56:06 2008 +; dnssec_signzone version 9.5.0 +example.net. 7200 IN SOA ns1.example.net. hostmaster.example.net. ( + 1213286165 ; serial + 43200 ; refresh (12 hours) + 1800 ; retry (30 minutes) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 7200 RRSIG SOA 5 2 7200 20080622145605 ( + 20080612145605 35744 example.net. + iSF46kemTmJ62ipRyAzcVF0zlND4ZXdMSzAg + wGLfXN1xlgt0IwB8ypP1OjDyUx+YwBpbMlJt + tFsswvYaZtP11Q== ) + 7200 NS ns1.example.net. + 7200 NS ns2.example.net. + 7200 RRSIG NS 5 2 7200 20080622145605 ( + 20080612145605 35744 example.net. + fmC9BXzFcy6TRXixIHk51TYTetGd69YcRguc + VlqTalvPJTJ99nKkRS5HdP2CZPJqv9bHOmSO + yQibjS4TA5Pr3g== ) + 7200 NSEC localhost.example.net. NS SOA RRSIG NSEC DNSKEY + 7200 RRSIG NSEC 5 2 7200 20080622145605 ( + 20080612145605 35744 example.net. + kimcFA1awlsIou/66y2XLByBWKc2e7Wm8vis + Pz/i0NS4NFoe+oSKIeIjUorWOSf5AkpxxntV + 91i/sxof6bc61w== ) + 3600 DNSKEY 256 3 5 ( + BQEAAAABsQvn4MXvSlbajLPMJdGnczsX/Zw5 + yYSeERYtaO2Wxi+kHz6wiAyKkbBYFUGtmbPJ + 6JFt+4f9KnNPi1txiBg76Q== + ) ; key id = 35744 + 3600 DNSKEY 256 3 5 ( + BQEAAAAB3U9DMT6BkywYADO+5p0lG4VFLLzN + vJUMaOc++HqN2N1sKSX4ZTf2V5gtamPZ/1kM + rg8gYImKCl6n3K37EjXYBw== + ) ; key id = 10367 + 3600 DNSKEY 257 3 5 ( + BQEAAAABDEEycfY6uqWNTpQO8ygi9xms6NOF + YGhCjijN109fVGJ4KDnIZtLhoFrOKru9rZn+ + pyqurlyZG4vESg0BMty6xljVDlr/TegDYFTN + 19mQuwvlasJhZPv9pjROPqQGnqLaw3O4OKCY + 9HgTTPdXK1hQ4Mg2rNU4SM2Tu5ki91f5AQqi + XF8KYMics0mwVvpj5C2YTDvE9SafLrce68JM + 6DaiC6E1sQ== + ) ; key id = 23553 + 3600 RRSIG DNSKEY 5 2 3600 20080622145605 ( + 20080612145605 23553 example.net. + Bfg8AMvj3OmC7E5aMCfotsdL4eJ+hPqtH30E + +aGEJojZNgfhnSKZrolMJa5fij4oZ+Fp8U+a + V73egxkrYI+NnddGRVium+vT6NDVknYl6hx0 + kgKmZ8oYMulF8CCmTaw6WXswIX0j/7e17Qtw + ZjbkWZagIXWotE5t0qel3doAQ37ZUaKMMAoc + SRgJ8s+w7OZ86f1kWyGNdhYeF8yY3AraSx7h + fg== ) + 3600 RRSIG DNSKEY 5 2 3600 20080622145605 ( + 20080612145605 35744 example.net. + SrsmKW7eB+zWA+8j2DvlDktthDusinJP4QKV + ihsJN1Gq8fTcHsFX2+3EJLyGZfhKyW7Q5Z1W + dIM4sjx78Zjh5Q== ) +localhost.example.net. 7200 IN A 127.0.0.1 + 7200 RRSIG A 5 3 7200 20080622145605 ( + 20080612145605 35744 example.net. + DUWSV0Wj/h1U4idKUoDLB+NXgj8M9et1E8BP + X0lhAu4CMrPhsiFU1NN+N3bhC16u7S+xxeEI + N/c7vC223ejn8A== ) + 7200 NSEC ns1.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20080622145605 ( + 20080612145605 35744 example.net. + qQ7FB0+O9Ve88VblRspGAm28JXurNAQ23HX9 + rkmbFLL/Z7Xp7xO2899oJZrgHl3CWLcKRBV+ + P50QYwYXET3byw== ) +ns1.example.net. 7200 IN A 1.0.0.5 + 7200 RRSIG A 5 3 7200 20080622145605 ( + 20080612145605 35744 example.net. + qv8y5gEQg/5BpSTMoZvwW6AAzMIxT34ds4VK + QQ9ScfVYOwtKigsaFmr8Zs97R946rl5vh/cs + w8uw5x6/1ECflg== ) + 7200 AAAA 2001:db8::53 + 7200 RRSIG AAAA 5 3 7200 20080622145605 ( + 20080612145605 35744 example.net. + T5MtLR9ZY0e6PKk+nU9cjRpSAWaccH2bGjzI + aYEvKRFcLQ0QPDww8gBZNimYL+BYfCSysyXz + LNjR7KqYQxrXmg== ) + 7200 NSEC ns2.example.net. A AAAA RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20080622145605 ( + 20080612145605 35744 example.net. + IlRZWwLVtf7oalaLBCMbqH4pxgqCJ7f0wQzO + ftS2jhMGVez+q7SgO8Vpw5f+vhNiSWe6noiN + ogRV1rxohxDyCw== ) +ns2.example.net. 7200 IN A 1.2.0.6 + 7200 RRSIG A 5 3 7200 20080622145605 ( + 20080612145605 35744 example.net. + NR3Nkw9U12uZcZs8ChTY+u3a0QisLV/5okqR + Cy1Jpg8YkEzBJ0nEdxoGX6WUtnb0u5Kjxea1 + iTZYEXffLBchmw== ) + 7200 NSEC sub.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20080622145605 ( + 20080612145605 35744 example.net. + eM1ckSfeiEg6pV8JxJEEkDeDo04i1iblO6a1 + pWydc4IGMH0vaCuGHvLlfCmSOZK7TWMFSLJN + SqabEFO1114AyQ== ) +sub.example.net. 7200 IN NS ns1.example.net. + 7200 NSEC example.net. NS RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20080622145605 ( + 20080612145605 35744 example.net. + nwfqNjzYHKtWWsJgoiM9ZQFY9UKHMS6pkyNB + ISgm6pTLeG9QXuwf9vTrtfvhPYAp5DRz96AT + db/3/DXIwUnMnA== ) diff --git a/contrib/zkt/examples/views/extern/zkt-ext.log b/contrib/zkt/examples/views/extern/zkt-ext.log new file mode 100644 index 0000000..04fa4fb --- /dev/null +++ b/contrib/zkt/examples/views/extern/zkt-ext.log @@ -0,0 +1,28 @@ +2008-06-12 17:59:04.194: notice: running as ../../dnssec-signer -V extern -v -v +2008-06-12 17:59:04.195: debug: parsing zone "example.net." in dir "extern/example.net." +2008-06-12 17:59:04.196: debug: Check RFC5011 status +2008-06-12 17:59:04.196: debug: ->ksk5011status returns 0 +2008-06-12 17:59:04.196: debug: Check ksk status +2008-06-12 17:59:04.196: debug: Re-signing not necessary! +2008-06-12 17:59:04.196: notice: end of run: 0 errors occured +2008-06-12 17:59:17.435: notice: running as ../../dnssec-signer -V extern -v -v +2008-06-12 17:59:17.436: debug: parsing zone "example.net." in dir "extern/example.net." +2008-06-12 17:59:17.436: debug: Check RFC5011 status +2008-06-12 17:59:17.436: debug: ->ksk5011status returns 0 +2008-06-12 17:59:17.436: debug: Check ksk status +2008-06-12 17:59:17.436: debug: Re-signing not necessary! +2008-06-12 17:59:17.436: notice: end of run: 0 errors occured +2008-06-12 18:00:07.818: notice: running as ../../dnssec-signer -V extern -v -v +2008-06-12 18:00:07.819: debug: parsing zone "example.net." in dir "extern/example.net." +2008-06-12 18:00:07.819: debug: Check RFC5011 status +2008-06-12 18:00:07.819: debug: ->ksk5011status returns 0 +2008-06-12 18:00:07.819: debug: Check ksk status +2008-06-12 18:00:07.819: debug: Re-signing not necessary! +2008-06-12 18:00:07.819: notice: end of run: 0 errors occured +2008-06-12 18:00:39.019: notice: running as ../../dnssec-signer -V extern -v -v +2008-06-12 18:00:39.020: debug: parsing zone "example.net." in dir "extern/example.net." +2008-06-12 18:00:39.020: debug: Check RFC5011 status +2008-06-12 18:00:39.020: debug: ->ksk5011status returns 0 +2008-06-12 18:00:39.020: debug: Check ksk status +2008-06-12 18:00:39.020: debug: Re-signing not necessary! +2008-06-12 18:00:39.020: notice: end of run: 0 errors occured diff --git a/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+00126.key b/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+00126.key new file mode 100644 index 0000000..316e4cf --- /dev/null +++ b/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+00126.key @@ -0,0 +1 @@ +example.net. IN DNSKEY 257 3 5 BQEAAAABC+JLXRgWPqqGe0cta8CR95tz7PkkgRDlXyxESD+XkpVDkJ3W ey/1Lh7083Ve1WmIuUAo3N4d7HjLgrFVZxiumGGRz/aV3s01OFFS5JqI wF9BTNrNPGLPzzbBaQMHErO88HIbbg4sot7e6bSrtpAEf23MhZ3qZJC9 +nN+DknmsgTE6EpK6ZyUrZc64/0K68EWhtk1gf95NQEzTD4QgrOD6IYq Lw== diff --git a/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+00126.private b/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+00126.private new file mode 100644 index 0000000..96e1ff6 --- /dev/null +++ b/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+00126.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: C+JLXRgWPqqGe0cta8CR95tz7PkkgRDlXyxESD+XkpVDkJ3Wey/1Lh7083Ve1WmIuUAo3N4d7HjLgrFVZxiumGGRz/aV3s01OFFS5JqIwF9BTNrNPGLPzzbBaQMHErO88HIbbg4sot7e6bSrtpAEf23MhZ3qZJC9+nN+DknmsgTE6EpK6ZyUrZc64/0K68EWhtk1gf95NQEzTD4QgrOD6IYqLw== +PublicExponent: AQAAAAE= +PrivateExponent: CF6/bss8OtQFdcjO6kJh9EamPFXAsaXFCdcYpHF55CU4H3jBuu7teLFEanvgm6M+wROYF0Yohiyb2aeSBdGLRIfTC9l3xfHD+XixuZVoNk6DqR1/8Wlxwu/a/hW9dq7pUXqDfTbzdZKR6SVRPa4MAdQ0p8aSF4S926NRqZC6E/anqhqNPSlBpxTs3TrRk+wY6u8wMXxPGNjJYoID8Y0Qau/H6Q== +Prime1: A50B7etEtQCDudL8+KBxU1/2sVT3ORMfoZPsOe+ZLFrwcOO9Iyrr6saymuD4QvcIHECdLUM5rsT1JBo87wgvVysibco7oVLxlIfsTcbM70l2Kw== +Prime2: A0n3+qM3ng3WAFzlpYRNUZpH/CW1pMq3nOHjx2olWwDxDZ4tAsUPKuW9n3kVZAR+4FkeUKn2ePR7xRtO3AzvA6QmZuZN6EHuLPlSKRufzeZ+DQ== +Exponent1: Hk5KY5PiXs6pf8T8rSvVs6PJqDX491R01ZDdAIDYjmhIUHKWQ2STAlPEpSAGXi+oqOo4dD1eJWgw36hT0JakjXU4aIvPoSdmVPMs8aod0NUh +Exponent2: AXKBZ5sYApCCj/0fGBTkmU6Zc89/ddQNrFm2lVLrwSTILHQWm/aXDvI+5icpF5kdrukVcNHUeCz1R/RTgeV4N9/qvr5YzbPWieqDNvpG1RcNRQ== +Coefficient: BZxK+fKwUNWoJ5huBqLsi8UMWgrCMqAfXvge4+Y4n4IL0VCU1UUEXZQEEeiATh0g52CuetOMej6FZ4QKbNryWg036ZKl81ataMGtDX/i/yZG diff --git a/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+05972.key b/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+05972.key new file mode 100644 index 0000000..8be3973 --- /dev/null +++ b/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+05972.key @@ -0,0 +1 @@ +example.net. IN DNSKEY 256 3 5 BQEAAAABsMIdQ+yt52Q/OR1s+QPj7SuBydYb11l0HC5kGIDp+JPQIQHx pyCWa/LaLgcvK3IA1HR8YaO3QXB2LAHEz5B/CQ== diff --git a/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+05972.private b/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+05972.private new file mode 100644 index 0000000..b519641 --- /dev/null +++ b/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+05972.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: sMIdQ+yt52Q/OR1s+QPj7SuBydYb11l0HC5kGIDp+JPQIQHxpyCWa/LaLgcvK3IA1HR8YaO3QXB2LAHEz5B/CQ== +PublicExponent: AQAAAAE= +PrivateExponent: fpWuYAOXJWdjMrZnI91hTi1wwuje4sKjDu8xvfnKvqKhr61QxK1gR9TB3mc2FM+Awivphb3xfi8+y2cacq9iUQ== +Prime1: 6DE1tFJXGIm2SW3fSwQymX7Zcw8VSIMWiHQPCqX1FA0= +Prime2: wuHS7u0I9aYOFkDAndfEVyDi8vOh96CcY/BuSvEZ6+0= +Exponent1: sn7RttKPap3cgw2sddmgwcuVSaEpwOswF/O42Ou3fMk= +Exponent2: LoJ305VksT7SWWR6bM5OybcdTm39PTZM0g3V2hOceK0= +Coefficient: SwRF9S9ICVeyeYw3djxbg7kUZjz5AkbHIgz9VeX4mzM= diff --git a/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+23375.key b/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+23375.key new file mode 100644 index 0000000..160110e --- /dev/null +++ b/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+23375.key @@ -0,0 +1,3 @@ +;% generationtime=20080612154545 +;% lifetime=30d +example.net. IN DNSKEY 256 3 5 BQEAAAABzbx90CiFrOSh0/BkiRQYRC4rHL0QQv96Qwy5/zuOa/3Zy9Lc TpbE13DtEAqOfVGSQ79S4WgKalFJxq6lSk0xrw== diff --git a/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+23375.published b/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+23375.published new file mode 100644 index 0000000..60e4316 --- /dev/null +++ b/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+23375.published @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 5 (RSASHA1) +Modulus: zbx90CiFrOSh0/BkiRQYRC4rHL0QQv96Qwy5/zuOa/3Zy9LcTpbE13DtEAqOfVGSQ79S4WgKalFJxq6lSk0xrw== +PublicExponent: AQAAAAE= +PrivateExponent: XZK4eHRUrFka7O0Q/RBuBG3iW8KFng5em4FnjCSBQpwSAvFzTBebqwfNSOcgqKihz8VzvKHxEd6BxVZRGI2dgQ== +Prime1: 8Jji5R57Y4ROxrO5EuEFjxL723VQ/Ym+4KYG+tM3bP8= +Prime2: 2uhGRdJU3UJvnPwx0gJGio6KmRBC6CmDqTMORhYrS1E= +Exponent1: cqVno4KLgMmKN5VPWaYA+pB5e55r6UEIaxqj6WMXATs= +Exponent2: EqSKzb/r02jmNCTv5aX7wHl+57LYR40rJvzgVTfh/tE= +Coefficient: 37ywfYlNFmtR/jZwoZBHNdIEy+C+jIeJ+fEepesSpoI= diff --git a/contrib/zkt/examples/views/intern/example.net./dnskey.db b/contrib/zkt/examples/views/intern/example.net./dnskey.db new file mode 100644 index 0000000..9e2c47f --- /dev/null +++ b/contrib/zkt/examples/views/intern/example.net./dnskey.db @@ -0,0 +1,30 @@ +; +; !!! Don't edit this file by hand. +; !!! It will be generated by dnssec-signer. +; +; Last generation time Jun 12 2008 18:13:43 +; + +; *** List of Key Signing Keys *** +; example.net. tag=126 algo=RSASHA1 generated Nov 20 2007 12:44:27 +example.net. 1800 IN DNSKEY 257 3 5 ( + BQEAAAABC+JLXRgWPqqGe0cta8CR95tz7PkkgRDlXyxESD+XkpVDkJ3W + ey/1Lh7083Ve1WmIuUAo3N4d7HjLgrFVZxiumGGRz/aV3s01OFFS5JqI + wF9BTNrNPGLPzzbBaQMHErO88HIbbg4sot7e6bSrtpAEf23MhZ3qZJC9 + +nN+DknmsgTE6EpK6ZyUrZc64/0K68EWhtk1gf95NQEzTD4QgrOD6IYq + Lw== + ) ; key id = 126 + +; *** List of Zone Signing Keys *** +; example.net. tag=5972 algo=RSASHA1 generated Nov 20 2007 12:44:27 +example.net. 1800 IN DNSKEY 256 3 5 ( + BQEAAAABsMIdQ+yt52Q/OR1s+QPj7SuBydYb11l0HC5kGIDp+JPQIQHx + pyCWa/LaLgcvK3IA1HR8YaO3QXB2LAHEz5B/CQ== + ) ; key id = 5972 + +; example.net. tag=23375 algo=RSASHA1 generated Jun 12 2008 17:45:45 +example.net. 1800 IN DNSKEY 256 3 5 ( + BQEAAAABzbx90CiFrOSh0/BkiRQYRC4rHL0QQv96Qwy5/zuOa/3Zy9Lc + TpbE13DtEAqOfVGSQ79S4WgKalFJxq6lSk0xrw== + ) ; key id = 23375 + diff --git a/contrib/zkt/examples/views/intern/example.net./dsset-example.net. b/contrib/zkt/examples/views/intern/example.net./dsset-example.net. new file mode 100644 index 0000000..b61c1b6 --- /dev/null +++ b/contrib/zkt/examples/views/intern/example.net./dsset-example.net. @@ -0,0 +1,2 @@ +example.net. IN DS 126 5 1 D32161DCFCA120944CB9C0394CBED1389FDB72CA +example.net. IN DS 126 5 2 351C6807B25E47223D7A6AA222291E8D7D7DDDA61D64CE839F937F22 47481FC9 diff --git a/contrib/zkt/examples/views/intern/example.net./keyset-example.net. b/contrib/zkt/examples/views/intern/example.net./keyset-example.net. new file mode 100644 index 0000000..0aa2c7d --- /dev/null +++ b/contrib/zkt/examples/views/intern/example.net./keyset-example.net. @@ -0,0 +1,10 @@ +$ORIGIN . +example.net 7200 IN DNSKEY 257 3 5 ( + BQEAAAABC+JLXRgWPqqGe0cta8CR95tz7Pkk + gRDlXyxESD+XkpVDkJ3Wey/1Lh7083Ve1WmI + uUAo3N4d7HjLgrFVZxiumGGRz/aV3s01OFFS + 5JqIwF9BTNrNPGLPzzbBaQMHErO88HIbbg4s + ot7e6bSrtpAEf23MhZ3qZJC9+nN+DknmsgTE + 6EpK6ZyUrZc64/0K68EWhtk1gf95NQEzTD4Q + grOD6IYqLw== + ) ; key id = 126 diff --git a/contrib/zkt/examples/views/intern/example.net./zone.db b/contrib/zkt/examples/views/intern/example.net./zone.db new file mode 100644 index 0000000..d3e90f7 --- /dev/null +++ b/contrib/zkt/examples/views/intern/example.net./zone.db @@ -0,0 +1,33 @@ +;----------------------------------------------------------------- +; +; @(#) intern/example.net/zone.db +; +;----------------------------------------------------------------- + +$TTL 7200 + +@ IN SOA ns1.example.net. hostmaster.example.net. ( + 0 ; Serial + 43200 ; Refresh + 1800 ; Retry + 2W ; Expire + 7200 ) ; Minimum + + IN NS ns1.example.net. + IN NS ns2.example.net. + +ns1 IN A 192.168.1.53 + IN AAAA fd12:063c:cdbb::53 +ns2 IN A 10.1.2.3 + +localhost IN A 127.0.0.1 + +; Delegation to secure zone; The DS resource record will +; be added by dnssec-signzone automatically if the +; keyset-sub.example.net file is present (run dnssec-signzone +; with option -g or use the dnssec-signer tool) ;-) +sub IN NS ns1.example.net. + +; this file will have all the zone keys +$INCLUDE dnskey.db + diff --git a/contrib/zkt/examples/views/intern/example.net./zone.db.signed b/contrib/zkt/examples/views/intern/example.net./zone.db.signed new file mode 100644 index 0000000..88a42c6 --- /dev/null +++ b/contrib/zkt/examples/views/intern/example.net./zone.db.signed @@ -0,0 +1,109 @@ +; File written on Thu Jun 12 18:13:43 2008 +; dnssec_signzone version 9.5.0 +example.net. 7200 IN SOA ns1.example.net. hostmaster.example.net. ( + 1213287223 ; serial + 43200 ; refresh (12 hours) + 1800 ; retry (30 minutes) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 7200 RRSIG SOA 5 2 7200 20080613151343 ( + 20080612151343 5972 example.net. + Pc3wGwZm0n5gMs9lSHUiRG4EIpalC+UUJPwy + 2LwHbyFkzCdGQz2RDJeL6mRKS4Z+gmt3oNUV + aV3H0KfNq6ITLg== ) + 7200 NS ns1.example.net. + 7200 NS ns2.example.net. + 7200 RRSIG NS 5 2 7200 20080613151343 ( + 20080612151343 5972 example.net. + dUy23xqHx9shvAc20zW9uBOt8TnrI5ot31vS + Gas9s5ksxGZuQIIdpdYvbFtufp9jLfAQG98L + a6rQDFcnJ8xzng== ) + 7200 NSEC localhost.example.net. NS SOA RRSIG NSEC DNSKEY + 7200 RRSIG NSEC 5 2 7200 20080613151343 ( + 20080612151343 5972 example.net. + gWt7VDw60E1q7qS4+pkor6RR2Dfc1sshGHia + UEJBt9F4PiHux3ICJbyWQ2USBLJMzO+uR8GH + kt2inbyQytbPDQ== ) + 1800 DNSKEY 256 3 5 ( + BQEAAAABsMIdQ+yt52Q/OR1s+QPj7SuBydYb + 11l0HC5kGIDp+JPQIQHxpyCWa/LaLgcvK3IA + 1HR8YaO3QXB2LAHEz5B/CQ== + ) ; key id = 5972 + 1800 DNSKEY 256 3 5 ( + BQEAAAABzbx90CiFrOSh0/BkiRQYRC4rHL0Q + Qv96Qwy5/zuOa/3Zy9LcTpbE13DtEAqOfVGS + Q79S4WgKalFJxq6lSk0xrw== + ) ; key id = 23375 + 1800 DNSKEY 257 3 5 ( + BQEAAAABC+JLXRgWPqqGe0cta8CR95tz7Pkk + gRDlXyxESD+XkpVDkJ3Wey/1Lh7083Ve1WmI + uUAo3N4d7HjLgrFVZxiumGGRz/aV3s01OFFS + 5JqIwF9BTNrNPGLPzzbBaQMHErO88HIbbg4s + ot7e6bSrtpAEf23MhZ3qZJC9+nN+DknmsgTE + 6EpK6ZyUrZc64/0K68EWhtk1gf95NQEzTD4Q + grOD6IYqLw== + ) ; key id = 126 + 1800 RRSIG DNSKEY 5 2 1800 20080613151343 ( + 20080612151343 126 example.net. + CPj9rEcjTazkLm5yNpC4PatufPvKQdCkaIj9 + EKFgYUpPftfvhP1MzKcHnKraVq8jU995e1vU + WZ3ac9M4KRynUoYYj4/nMFwWQu/xC9yaUjj0 + XodXMEMlSjjN5BE/2Og3xzKJ9grim7riKClH + fixhNn6WGUXWT7TV1GKNnB7Ix/ZVCpzU4QAz + qr28rqTYvbmoowGXPf6OgafFdRQ6rdTRTzvK + xA== ) + 1800 RRSIG DNSKEY 5 2 1800 20080613151343 ( + 20080612151343 5972 example.net. + dOdjm4GD0nzgoMgRYl8HiEqi4nxP/ocB7n/N + WRKdU4Tuk7OYacr2Bd+tVa2bKLJZ9JmMQR8v + VDkzRjT4eONxuA== ) +localhost.example.net. 7200 IN A 127.0.0.1 + 7200 RRSIG A 5 3 7200 20080613151343 ( + 20080612151343 5972 example.net. + KRpkDBsuqC+WHv++YBsxW1rhkALl/LWyI24E + qJJevkm0+5tCmHgHa9WovZwDDMEn/tzxOaqi + rk8Mnbf6cYxSlw== ) + 7200 NSEC ns1.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20080613151343 ( + 20080612151343 5972 example.net. + GdpOVVyqa1nTaGFuN4ohqxnYs5yG+vGK9gK0 + Tt4aenChFAmcuIvhX7ZcdejXM8x+imttnKCp + Smho3kSGf9gQRQ== ) +ns1.example.net. 7200 IN A 192.168.1.53 + 7200 RRSIG A 5 3 7200 20080613151343 ( + 20080612151343 5972 example.net. + P4vZDd3DBZIEwk9mQWoR1qjqyFTNOvsp+yOt + z2OvdAjSnlVnYHC0lM0LY24RVTQlQPLRq75F + joAIP/0wvXihsA== ) + 7200 AAAA fd12:63c:cdbb::53 + 7200 RRSIG AAAA 5 3 7200 20080613151343 ( + 20080612151343 5972 example.net. + V04kA3VrzhcNfwCEXBpgKyu+eRFYGCIrXuty + XiRCHV2DCOlr9EBKGdXzpR8kUnpRZI2BuP17 + 2a3emgs9BHJJ6A== ) + 7200 NSEC ns2.example.net. A AAAA RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20080613151343 ( + 20080612151343 5972 example.net. + Y0DaMxmczQLNCtzKO/MA7Nvt4Rh3MdnEvcPJ + 48blsqd3UWGlRcHD/yx1NFV2JxBFSNTsAkBs + JFhw+nVeZJdHJA== ) +ns2.example.net. 7200 IN A 10.1.2.3 + 7200 RRSIG A 5 3 7200 20080613151343 ( + 20080612151343 5972 example.net. + GsvMGEozNeTjBPOuYM3thOZsQ+pPv7/8zQlj + FPnivBwkvkgrk+IyJxoh9xyTnVxd93mPY0Rv + Xsp5ITBTILSM6Q== ) + 7200 NSEC sub.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20080613151343 ( + 20080612151343 5972 example.net. + LYIa+Hhk4l6KnbT/QKS0Zqkfy8Ywpz8J9RLh + 9VqzxFcdXrJswV4o/5fbZCT33sBqzebggBVR + LYF/o0HVi5uzJA== ) +sub.example.net. 7200 IN NS ns1.example.net. + 7200 NSEC example.net. NS RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20080613151343 ( + 20080612151343 5972 example.net. + nkGsdegvupGxCOpr/8K6kY/0iZH1ZC8y5HwQ + 8Z3/aD0wJxaVK9iMjZ+jbIbQHg3Es5V0UYFR + RPdjTNk7YEC0Mg== ) diff --git a/contrib/zkt/examples/views/intern/zkt-int.log b/contrib/zkt/examples/views/intern/zkt-int.log new file mode 100644 index 0000000..0729139 --- /dev/null +++ b/contrib/zkt/examples/views/intern/zkt-int.log @@ -0,0 +1,169 @@ +2008-06-12 18:02:13.593: notice: running as ../../dnssec-signer -V intern -v -v +2008-06-12 18:02:13.594: debug: parsing zone "example.net." in dir "intern/example.net." +2008-06-12 18:02:13.594: debug: Check RFC5011 status +2008-06-12 18:02:13.595: debug: ->ksk5011status returns 0 +2008-06-12 18:02:13.595: debug: Check ksk status +2008-06-12 18:02:13.595: debug: Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17727466 sec) +2008-06-12 18:02:13.595: debug: ->waiting for pre-publish key +2008-06-12 18:02:13.595: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h17m46s: ZSK rollover deferred: waiting for pre-publish key +2008-06-12 18:02:13.595: debug: Re-signing necessary: Modified keys +2008-06-12 18:02:13.595: notice: "example.net.": re-signing triggered: Modified keys +2008-06-12 18:02:13.595: debug: Writing key file "intern/example.net./dnskey.db" +2008-06-12 18:02:13.596: debug: Signing zone "example.net." +2008-06-12 18:02:13.596: debug: Run cmd "cd intern/example.net.; /usr/local/sbin/dnssec-signzone -p -o example.net. -e +86400 -g -N unixtime zone.db K*.private" +2008-06-12 18:02:13.705: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-06-12 18:02:13.705: debug: Signing completed after 0s. +2008-06-12 18:02:13.705: debug: +2008-06-12 18:02:13.705: notice: end of run: 0 errors occured +2008-06-12 18:03:13.208: notice: running as ../../dnssec-signer -V intern -r -v -v +2008-06-12 18:03:13.209: debug: parsing zone "example.net." in dir "intern/example.net." +2008-06-12 18:03:13.209: debug: Check RFC5011 status +2008-06-12 18:03:13.209: debug: ->ksk5011status returns 0 +2008-06-12 18:03:13.209: debug: Check ksk status +2008-06-12 18:03:13.209: debug: Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17727526 sec) +2008-06-12 18:03:13.209: debug: ->waiting for pre-publish key +2008-06-12 18:03:13.209: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h18m46s: ZSK rollover deferred: waiting for pre-publish key +2008-06-12 18:03:13.209: debug: Re-signing not necessary! +2008-06-12 18:03:13.209: notice: end of run: 0 errors occured +2008-06-12 18:03:19.287: notice: running as ../../dnssec-signer -V intern -r -v -v +2008-06-12 18:03:19.288: debug: parsing zone "example.net." in dir "intern/example.net." +2008-06-12 18:03:19.288: debug: Check RFC5011 status +2008-06-12 18:03:19.289: debug: ->ksk5011status returns 0 +2008-06-12 18:03:19.289: debug: Check ksk status +2008-06-12 18:03:19.289: debug: Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17727532 sec) +2008-06-12 18:03:19.289: debug: ->waiting for pre-publish key +2008-06-12 18:03:19.289: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h18m52s: ZSK rollover deferred: waiting for pre-publish key +2008-06-12 18:03:19.289: debug: Re-signing not necessary! +2008-06-12 18:03:19.289: notice: end of run: 0 errors occured +2008-06-12 18:03:23.617: notice: running as ../../dnssec-signer -V intern -f -r -v -v +2008-06-12 18:03:23.618: debug: parsing zone "example.net." in dir "intern/example.net." +2008-06-12 18:03:23.618: debug: Check RFC5011 status +2008-06-12 18:03:23.618: debug: ->ksk5011status returns 0 +2008-06-12 18:03:23.618: debug: Check ksk status +2008-06-12 18:03:23.618: debug: Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17727536 sec) +2008-06-12 18:03:23.618: debug: ->waiting for pre-publish key +2008-06-12 18:03:23.618: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h18m56s: ZSK rollover deferred: waiting for pre-publish key +2008-06-12 18:03:23.618: debug: Re-signing necessary: Option -f +2008-06-12 18:03:23.618: notice: "example.net.": re-signing triggered: Option -f +2008-06-12 18:03:23.618: debug: Writing key file "intern/example.net./dnskey.db" +2008-06-12 18:03:23.619: debug: Signing zone "example.net." +2008-06-12 18:03:23.619: debug: Run cmd "cd intern/example.net.; /usr/local/sbin/dnssec-signzone -p -o example.net. -e +86400 -g -N unixtime zone.db K*.private" +2008-06-12 18:03:23.719: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-06-12 18:03:23.719: debug: Signing completed after 0s. +2008-06-12 18:03:23.720: notice: ""example.net." in view "intern"": reload triggered +2008-06-12 18:03:23.772: debug: +2008-06-12 18:03:23.772: notice: end of run: 0 errors occured +2008-06-12 18:05:39.532: notice: running as ../../dnssec-signer -V intern -f -r -v -v +2008-06-12 18:05:39.533: debug: parsing zone "example.net." in dir "intern/example.net." +2008-06-12 18:05:39.533: debug: Check RFC5011 status +2008-06-12 18:05:39.533: debug: ->ksk5011status returns 0 +2008-06-12 18:05:39.533: debug: Check ksk status +2008-06-12 18:05:39.533: debug: Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17727672 sec) +2008-06-12 18:05:39.533: debug: ->waiting for pre-publish key +2008-06-12 18:05:39.533: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h21m12s: ZSK rollover deferred: waiting for pre-publish key +2008-06-12 18:05:39.533: debug: Re-signing necessary: Option -f +2008-06-12 18:05:39.533: notice: "example.net.": re-signing triggered: Option -f +2008-06-12 18:05:39.533: debug: Writing key file "intern/example.net./dnskey.db" +2008-06-12 18:05:39.534: debug: Signing zone "example.net." +2008-06-12 18:05:39.534: debug: Run cmd "cd intern/example.net.; /usr/local/sbin/dnssec-signzone -p -o example.net. -e +86400 -g -N unixtime zone.db K*.private" +2008-06-12 18:05:39.629: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-06-12 18:05:39.630: debug: Signing completed after 0s. +2008-06-12 18:05:39.630: notice: ""example.net."": reload triggered +2008-06-12 18:05:39.640: debug: +2008-06-12 18:05:39.640: notice: end of run: 0 errors occured +2008-06-12 18:07:47.753: notice: running as ../../dnssec-signer -V intern -f -r -v -v +2008-06-12 18:07:47.754: debug: parsing zone "example.net." in dir "intern/example.net." +2008-06-12 18:07:47.754: debug: Check RFC5011 status +2008-06-12 18:07:47.754: debug: ->ksk5011status returns 0 +2008-06-12 18:07:47.754: debug: Check ksk status +2008-06-12 18:07:47.754: debug: Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17727800 sec) +2008-06-12 18:07:47.754: debug: ->waiting for pre-publish key +2008-06-12 18:07:47.754: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h23m20s: ZSK rollover deferred: waiting for pre-publish key +2008-06-12 18:07:47.754: debug: Re-signing necessary: Option -f +2008-06-12 18:07:47.754: notice: "example.net.": re-signing triggered: Option -f +2008-06-12 18:07:47.754: debug: Writing key file "intern/example.net./dnskey.db" +2008-06-12 18:07:47.754: debug: Signing zone "example.net." +2008-06-12 18:07:47.754: debug: Run cmd "cd intern/example.net.; /usr/local/sbin/dnssec-signzone -p -o example.net. -e +86400 -g -N unixtime zone.db K*.private" +2008-06-12 18:07:47.856: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-06-12 18:07:47.856: debug: Signing completed after 0s. +2008-06-12 18:07:47.856: notice: ""example.net."": reload triggered +2008-06-12 18:07:47.866: debug: +2008-06-12 18:07:47.867: notice: end of run: 0 errors occured +2008-06-12 18:10:57.978: notice: running as ../../dnssec-signer -V intern -f -r -v -v +2008-06-12 18:10:57.978: debug: parsing zone "example.net." in dir "intern/example.net." +2008-06-12 18:10:57.978: debug: Check RFC5011 status +2008-06-12 18:10:57.978: debug: ->ksk5011status returns 0 +2008-06-12 18:10:57.978: debug: Check ksk status +2008-06-12 18:10:57.978: debug: Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17727990 sec) +2008-06-12 18:10:57.978: debug: ->waiting for pre-publish key +2008-06-12 18:10:57.978: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h26m30s: ZSK rollover deferred: waiting for pre-publish key +2008-06-12 18:10:57.978: debug: Re-signing necessary: Option -f +2008-06-12 18:10:57.978: notice: "example.net.": re-signing triggered: Option -f +2008-06-12 18:10:57.978: debug: Writing key file "intern/example.net./dnskey.db" +2008-06-12 18:10:57.979: debug: Signing zone "example.net." +2008-06-12 18:10:57.979: debug: Run cmd "cd intern/example.net.; /usr/local/sbin/dnssec-signzone -p -o example.net. -e +86400 -g -N unixtime zone.db K*.private" +2008-06-12 18:10:58.081: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-06-12 18:10:58.081: debug: Signing completed after 1s. +2008-06-12 18:10:58.081: notice: ""example.net." in view "intern"": reload triggered +2008-06-12 18:10:58.093: debug: +2008-06-12 18:10:58.093: notice: end of run: 0 errors occured +2008-06-12 18:13:29.511: notice: running as ../../dnssec-signer -V intern -f -r -v -v +2008-06-12 18:13:29.512: debug: parsing zone "example.net." in dir "intern/example.net." +2008-06-12 18:13:29.512: debug: Check RFC5011 status +2008-06-12 18:13:29.512: debug: ->ksk5011status returns 0 +2008-06-12 18:13:29.512: debug: Check ksk status +2008-06-12 18:13:29.512: debug: Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17728142 sec) +2008-06-12 18:13:29.512: debug: ->waiting for pre-publish key +2008-06-12 18:13:29.512: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h29m2s: ZSK rollover deferred: waiting for pre-publish key +2008-06-12 18:13:29.512: debug: Re-signing necessary: Option -f +2008-06-12 18:13:29.512: notice: "example.net.": re-signing triggered: Option -f +2008-06-12 18:13:29.512: debug: Writing key file "intern/example.net./dnskey.db" +2008-06-12 18:13:29.513: debug: Signing zone "example.net." +2008-06-12 18:13:29.513: debug: Run cmd "cd intern/example.net.; /usr/local/sbin/dnssec-signzone -p -o example.net. -e +86400 -g -N unixtime zone.db K*.private" +2008-06-12 18:13:29.612: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-06-12 18:13:29.612: debug: Signing completed after 0s. +2008-06-12 18:13:29.612: notice: ""example.net." in view "intern"": reload triggered +2008-06-12 18:13:29.612: debug: Reload zone "example.net." in view "intern" +2008-06-12 18:13:29.612: debug: Run cmd "/usr/local/sbin/rndc reload example.net. IN intern" +2008-06-12 18:13:29.623: debug: +2008-06-12 18:13:29.623: notice: end of run: 0 errors occured +2008-06-12 18:13:38.707: notice: running as ../../dnssec-signer -V intern -f -r -v +2008-06-12 18:13:38.708: debug: parsing zone "example.net." in dir "intern/example.net." +2008-06-12 18:13:38.709: debug: Check RFC5011 status +2008-06-12 18:13:38.709: debug: ->ksk5011status returns 0 +2008-06-12 18:13:38.709: debug: Check ksk status +2008-06-12 18:13:38.709: debug: Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17728151 sec) +2008-06-12 18:13:38.709: debug: ->waiting for pre-publish key +2008-06-12 18:13:38.709: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h29m11s: ZSK rollover deferred: waiting for pre-publish key +2008-06-12 18:13:38.709: debug: Re-signing necessary: Option -f +2008-06-12 18:13:38.709: notice: "example.net.": re-signing triggered: Option -f +2008-06-12 18:13:38.709: debug: Writing key file "intern/example.net./dnskey.db" +2008-06-12 18:13:38.710: debug: Signing zone "example.net." +2008-06-12 18:13:38.710: debug: Run cmd "cd intern/example.net.; /usr/local/sbin/dnssec-signzone -p -o example.net. -e +86400 -g -N unixtime zone.db K*.private" +2008-06-12 18:13:39.163: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-06-12 18:13:39.163: debug: Signing completed after 1s. +2008-06-12 18:13:39.163: notice: ""example.net." in view "intern"": reload triggered +2008-06-12 18:13:39.163: debug: Reload zone "example.net." in view "intern" +2008-06-12 18:13:39.163: debug: Run cmd "/usr/local/sbin/rndc reload example.net. IN intern" +2008-06-12 18:13:39.174: debug: +2008-06-12 18:13:39.174: notice: end of run: 0 errors occured +2008-06-12 18:13:43.163: notice: running as ../../dnssec-signer -V intern -f -r -v -v +2008-06-12 18:13:43.164: debug: parsing zone "example.net." in dir "intern/example.net." +2008-06-12 18:13:43.164: debug: Check RFC5011 status +2008-06-12 18:13:43.164: debug: ->ksk5011status returns 0 +2008-06-12 18:13:43.164: debug: Check ksk status +2008-06-12 18:13:43.164: debug: Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17728156 sec) +2008-06-12 18:13:43.164: debug: ->waiting for pre-publish key +2008-06-12 18:13:43.164: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h29m16s: ZSK rollover deferred: waiting for pre-publish key +2008-06-12 18:13:43.164: debug: Re-signing necessary: Option -f +2008-06-12 18:13:43.164: notice: "example.net.": re-signing triggered: Option -f +2008-06-12 18:13:43.164: debug: Writing key file "intern/example.net./dnskey.db" +2008-06-12 18:13:43.164: debug: Signing zone "example.net." +2008-06-12 18:13:43.164: debug: Run cmd "cd intern/example.net.; /usr/local/sbin/dnssec-signzone -p -o example.net. -e +86400 -g -N unixtime zone.db K*.private" +2008-06-12 18:13:43.262: debug: Cmd dnssec-signzone return: "zone.db.signed" +2008-06-12 18:13:43.262: debug: Signing completed after 0s. +2008-06-12 18:13:43.262: notice: ""example.net." in view "intern"": reload triggered +2008-06-12 18:13:43.262: debug: Reload zone "example.net." in view "intern" +2008-06-12 18:13:43.262: debug: Run cmd "/usr/local/sbin/rndc reload example.net. IN intern" +2008-06-12 18:13:43.273: debug: +2008-06-12 18:13:43.273: notice: end of run: 0 errors occured diff --git a/contrib/zkt/examples/views/named.conf b/contrib/zkt/examples/views/named.conf new file mode 100644 index 0000000..1ec3d13 --- /dev/null +++ b/contrib/zkt/examples/views/named.conf @@ -0,0 +1,97 @@ +/***************************************************************** +** +** #(@) named.conf (c) 6. May 2004 (hoz) +*****************************************************************/ + +/***************************************************************** +** logging options +*****************************************************************/ +logging { + channel "named-log" { + file "named.log"; + print-time yes; + print-category yes; + print-severity yes; + severity info; + }; + category "dnssec" { "named-log"; }; + category "edns-disabled" { "named-log"; }; + category "default" { "named-log"; }; +}; + +/***************************************************************** +** name server options +*****************************************************************/ +options { + directory "."; + + pid-file "named.pid"; + listen-on-v6 port 1053 { any; }; + listen-on port 1053 { any; }; + + empty-zones-enable no; + + port 1053; + query-source address * port 1053; + query-source-v6 address * port 1053; + transfer-source * port 53; + transfer-source-v6 * port 53; + use-alt-transfer-source no; + notify-source * port 53; + notify-source-v6 * port 53; + + recursion yes; + dnssec-enable yes; + dnssec-validation yes; /* required by BIND 9.4.0 */ + dnssec-accept-expired false; /* added since BIND 9.5.0 */ + edns-udp-size 1460; /* (M4) */ + max-udp-size 1460; /* (M5) */ + + # allow-query { localhost; }; /* default in 9.4.0 */ + # allow-query-cache { localhost; }; /* default in 9.4.0 */ + + dnssec-must-be-secure "." no; + + querylog yes; + + stats-server 127.0.0.1 port 8881; /* added since BIND 9.5.0 */ +}; + +/***************************************************************** +** view intern +*****************************************************************/ +view "intern" { + match-clients { 127.0.0.1; ::1; }; + recursion yes; + zone "." in { + type hint; + file "root.hint"; + }; + + zone "0.0.127.in-addr.arpa" in { + type master; + file "127.0.0.zone"; + }; + + zone "example.net" in { + type master; + file "intern/example.net./zone.db.signed"; + }; +}; + +/***************************************************************** +** view extern +*****************************************************************/ +view "extern" { + match-clients { any; }; + recursion no; + zone "." in { + type hint; + file "root.hint"; + }; + + zone "example.net" in { + type master; + file "extern/example.net./zone.db.signed"; + }; +}; diff --git a/contrib/zkt/examples/views/named.log b/contrib/zkt/examples/views/named.log new file mode 100644 index 0000000..15d5f7b --- /dev/null +++ b/contrib/zkt/examples/views/named.log @@ -0,0 +1,17 @@ +20-Nov-2007 17:12:58.092 general: critical: couldn't open pid file '/var/run/named.pid': Permission denied +20-Nov-2007 17:12:58.092 general: critical: exiting (due to early fatal error) +20-Nov-2007 17:20:24.941 general: critical: couldn't open pid file '/var/run/named.pid': Permission denied +20-Nov-2007 17:20:24.941 general: critical: exiting (due to early fatal error) +20-Nov-2007 17:28:22.686 general: critical: couldn't open pid file '/var/run/named.pid': Permission denied +20-Nov-2007 17:28:22.686 general: critical: exiting (due to early fatal error) +20-Nov-2007 17:40:12.389 general: error: zone 0.0.127.in-addr.arpa/IN/intern: loading from master file 127.0.0.zone failed: file not found +20-Nov-2007 17:40:12.391 general: info: zone example.net/IN/intern: loaded serial 1195574789 (signed) +20-Nov-2007 17:40:12.393 general: info: zone example.net/IN/extern: loaded serial 1195561217 (signed) +20-Nov-2007 17:40:12.393 general: notice: running +20-Nov-2007 17:40:12.393 notify: info: zone example.net/IN/intern: sending notifies (serial 1195574789) +20-Nov-2007 17:40:12.394 notify: info: zone example.net/IN/extern: sending notifies (serial 1195561217) +20-Nov-2007 19:07:04.016 general: info: shutting down +20-Nov-2007 19:07:04.017 network: info: no longer listening on ::#1053 +20-Nov-2007 19:07:04.017 network: info: no longer listening on 127.0.0.1#1053 +20-Nov-2007 19:07:04.017 network: info: no longer listening on 145.253.100.51#1053 +20-Nov-2007 19:07:04.020 general: notice: exiting diff --git a/contrib/zkt/examples/views/root.hint b/contrib/zkt/examples/views/root.hint new file mode 100644 index 0000000..2b5c167 --- /dev/null +++ b/contrib/zkt/examples/views/root.hint @@ -0,0 +1,45 @@ +; <<>> DiG 9.5.0a6 <<>> ns . @a.root-servers.net +;; global options: printcmd +;; Got answer: +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33355 +;; flags: qr aa rd; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 13 +;; WARNING: recursion requested but not available + +;; QUESTION SECTION: +;. IN NS + +;; ANSWER SECTION: +. 518400 IN NS H.ROOT-SERVERS.NET. +. 518400 IN NS I.ROOT-SERVERS.NET. +. 518400 IN NS J.ROOT-SERVERS.NET. +. 518400 IN NS K.ROOT-SERVERS.NET. +. 518400 IN NS L.ROOT-SERVERS.NET. +. 518400 IN NS M.ROOT-SERVERS.NET. +. 518400 IN NS A.ROOT-SERVERS.NET. +. 518400 IN NS B.ROOT-SERVERS.NET. +. 518400 IN NS C.ROOT-SERVERS.NET. +. 518400 IN NS D.ROOT-SERVERS.NET. +. 518400 IN NS E.ROOT-SERVERS.NET. +. 518400 IN NS F.ROOT-SERVERS.NET. +. 518400 IN NS G.ROOT-SERVERS.NET. + +;; ADDITIONAL SECTION: +A.ROOT-SERVERS.NET. 3600000 IN A 198.41.0.4 +B.ROOT-SERVERS.NET. 3600000 IN A 192.228.79.201 +C.ROOT-SERVERS.NET. 3600000 IN A 192.33.4.12 +D.ROOT-SERVERS.NET. 3600000 IN A 128.8.10.90 +E.ROOT-SERVERS.NET. 3600000 IN A 192.203.230.10 +F.ROOT-SERVERS.NET. 3600000 IN A 192.5.5.241 +G.ROOT-SERVERS.NET. 3600000 IN A 192.112.36.4 +H.ROOT-SERVERS.NET. 3600000 IN A 128.63.2.53 +I.ROOT-SERVERS.NET. 3600000 IN A 192.36.148.17 +J.ROOT-SERVERS.NET. 3600000 IN A 192.58.128.30 +K.ROOT-SERVERS.NET. 3600000 IN A 193.0.14.129 +L.ROOT-SERVERS.NET. 3600000 IN A 199.7.83.42 +M.ROOT-SERVERS.NET. 3600000 IN A 202.12.27.33 + +;; Query time: 114 msec +;; SERVER: 198.41.0.4#53(198.41.0.4) +;; WHEN: Mon Nov 5 07:28:00 2007 +;; MSG SIZE rcvd: 436 + diff --git a/contrib/zkt/examples/views/viewtest.sh b/contrib/zkt/examples/views/viewtest.sh new file mode 100755 index 0000000..f0a1754 --- /dev/null +++ b/contrib/zkt/examples/views/viewtest.sh @@ -0,0 +1,20 @@ + + +ZKT_CONFFILE=dnssec.conf +export ZKT_CONFFILE + +if true +then + echo "All internal keys:" + ./dnssec-zkt-intern + echo + + echo "All external keys:" + ./dnssec-zkt-extern + echo +fi + +echo "Sign both views" +./dnssec-signer-intern -v -v -f -r +echo +./dnssec-signer-extern -v -v diff --git a/contrib/zkt/examples/zone.db b/contrib/zkt/examples/zone.db new file mode 100644 index 0000000..9864cb1 --- /dev/null +++ b/contrib/zkt/examples/zone.db @@ -0,0 +1,45 @@ +;----------------------------------------------------------------- +; +; @(#) example.net/zone.db +; +;----------------------------------------------------------------- + +$TTL 7200 + +; Be sure that the serial number below is left +; justified in a field of at least 10 chars!! +; 0123456789; +; It's also possible to use the date form e.g. 2005040101 +@ IN SOA ns1.example.net. hostmaster.example.net. ( + 263 ; Serial + 43200 ; Refresh + 1800 ; Retry + 2W ; Expire + 7200 ) ; Minimum + + IN NS ns1.example.net. + IN NS ns2.example.net. + +ns1 IN A 1.0.0.5 + IN AAAA 2001:db8::53 +ns2 IN A 1.2.0.6 + +localhost IN A 127.0.0.1 + +a IN A 1.2.3.1 +b IN MX 10 a +;c IN A 1.2.3.2 +d IN A 1.2.3.3 + IN AAAA 2001:0db8::3 + +; Delegation to secure zone; The DS resource record will +; be added by dnssec-signzone automatically if the +; keyset-sub.example.net file is present (run dnssec-signzone +; with option -g or use the dnssec-signer tool) ;-) +sub IN NS ns1.example.net. +sub IN DS 54876 5 1 CAB6127E303A8A8D7D5A29AE05DB60F4C5060B10 +sub IN DS 54876 5 2 7C8CAF1844479F3600213173BB5D1E2A44143D63B6E0B3E10D8C5310 ADF84D30 + +; this file will have all the zone keys +$INCLUDE dnskey.db + diff --git a/contrib/zkt/examples/zone.db.signed b/contrib/zkt/examples/zone.db.signed new file mode 100644 index 0000000..1e389ea --- /dev/null +++ b/contrib/zkt/examples/zone.db.signed @@ -0,0 +1,146 @@ +; File written on Tue Jun 24 10:00:31 2008 +; dnssec_signzone version 9.5.0 +example.net. 7200 IN SOA ns1.example.net. hostmaster.example.net. ( + 263 ; serial + 43200 ; refresh (12 hours) + 1800 ; retry (30 minutes) + 1209600 ; expire (2 weeks) + 7200 ; minimum (2 hours) + ) + 7200 RRSIG SOA 5 2 7200 20080724070030 ( + 20080624070030 33755 example.net. + FFUGR4+nzjZbpDT/RAncV7dNvBy1xil4MO17 + DU+gotHHV1Yq+4RRqEnRhOSWydDC9ENAjH7W + lmzr+igFHp8qiw== ) + 7200 NS ns1.example.net. + 7200 NS ns2.example.net. + 7200 RRSIG NS 5 2 7200 20080724070030 ( + 20080624070030 33755 example.net. + mpT5zY57UtLMdl6iKVtvr78vINyaA3NkZ0af + E/TtUUBJeIEjLauzxA5jJBGqLWAiLj8HKWhS + dq1VfORhRh/Xng== ) + 7200 NSEC a.example.net. NS SOA RRSIG NSEC DNSKEY + 7200 RRSIG NSEC 5 2 7200 20080724070030 ( + 20080624070030 33755 example.net. + Q5yxSoL+Df3UbGe1RSFFj01SoBGLgjXvgLd5 + wKota7wnjO8CxidmrN+qcKQHjF+R+mH8GeQ7 + xL1qZxKLQqxmwA== ) + 14400 DNSKEY 256 3 5 ( + BQEAAAABzN8pvZb5GSy8AozXt4L8HK/x59TQ + jh9IaZS+mIyyuHDX2iaFUigOqHixIJtDLD1r + /MfelgJ/Mh6+vCu+XmMQuw== + ) ; key id = 33755 + 14400 DNSKEY 257 3 5 ( + BQEAAAABC23icFZAD3DFBLoEw7DWKl8Hig7a + zmEbpXHYyAV98l+QQaTAb98Ob3YbrVJ9IU8E + 0KBFb5iYpHobxowPsI8FjUH2oL/7PfhtN1E3 + NlL6Uhbo8Umf6H0UULEsUTlTT8dnX+ikjAr8 + bN71YJP7BXlszezsFHuMEspNdOPyMr93230+ + R2KTEzC2H4CQzSRIr5xXSIq8kkrJ3miGjTyj + 5awvXfJ+eQ== + ) ; key id = 31674 + 14400 RRSIG DNSKEY 5 2 14400 20080724070030 ( + 20080624070030 31674 example.net. + BGed6Vivkmx/SM7HuXMy9ex+p0fDWcXW6uTH + SZLs9oAZMSkm8Xh2RNNI1sgZefGpsOc7AZJE + JuIWttqKm5VL57qpEKeTxZ9oE6Vpk4ko5lMo + yTJUoih7lTXo7a1OsNHMFZadE7Fu4Q8pjGUZ + ZJI4zBrT7JmgyPNCkgn1JdC2qJlc6ClHEb4E + 6pQyH3BnSOFudZDz8MdVQnqdxpShGwucnf2i + oA== ) + 14400 RRSIG DNSKEY 5 2 14400 20080724070030 ( + 20080624070030 33755 example.net. + f03G7Cq3CwWz7Lbe7cl61ciSsdEYv4heYnR3 + binJ3xWO7jSiRAvUAfkIYDspdlF/PCOnv8sr + id8TL8q/qQ0MCg== ) +a.example.net. 7200 IN A 1.2.3.1 + 7200 RRSIG A 5 3 7200 20080724070030 ( + 20080624070030 33755 example.net. + VuIrcft9jvWKORJy2SQ4UgWwRnUL4gIiaVpy + 3i5hfjM6X38FHsy0SvGrjxQqiurwZZS4NxXG + ljUerawxMdHWWw== ) + 7200 NSEC b.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20080724070030 ( + 20080624070030 33755 example.net. + yc/tsRYQRaYsPp+5jPUj2NR0R3zHKvXBQ/RO + 14b/eKL9i4NnuzS50qFZwzpcOBOJd6XITO4p + yJNZQKtryRJuSg== ) +b.example.net. 7200 IN MX 10 a.example.net. + 7200 RRSIG MX 5 3 7200 20080724070030 ( + 20080624070030 33755 example.net. + xVjOhCO2zJVp1SsoMdM6ePCZUkittsqEP7rI + 7j8r2S1j4oiIdXaxCBBVwddhS/x1eziI/a2S + /HwVRJThIYIKnQ== ) + 7200 NSEC d.example.net. MX RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20080724070030 ( + 20080624070030 33755 example.net. + jC171VBU0dqcI1NnMUUqrUIjq09sVHnFo9CH + 0jKNwxkj+K1Zkr7CBm6htH+EkKKhqKFW8kz7 + b2r05FL1xakcnQ== ) +d.example.net. 7200 IN A 1.2.3.3 + 7200 RRSIG A 5 3 7200 20080724070030 ( + 20080624070030 33755 example.net. + Q4C7HCpDR6fxIczzqGDnkpXUL5oxdPDYWF2H + vmAalL++9A5hVGz8S5IfX87dZAg71c1j8ZAe + 5oS0pvLQnweoIw== ) + 7200 AAAA 2001:db8::3 + 7200 RRSIG AAAA 5 3 7200 20080724070030 ( + 20080624070030 33755 example.net. + ECjxqQpJCbL6A9iBk/bImgzDNevUXFjq8n2L + 14ewG5zQSz/0l0NqcHKtCiruBjHd+DEXjTEI + Qo8RvMm7Rn8OsA== ) + 7200 NSEC localhost.example.net. A AAAA RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20080724070030 ( + 20080624070030 33755 example.net. + k+AhslVfBZgXkTaWjDVB+3nLm2ye8UOGMNhY + QcKxJZaVYKnUZfyX1sJONN4UdFjmnkdNcRVC + 6ouWrLbIwslqIQ== ) +localhost.example.net. 7200 IN A 127.0.0.1 + 7200 RRSIG A 5 3 7200 20080724070030 ( + 20080624070030 33755 example.net. + wZjK9o3CElHLPSzynvzft/nQAEeBpNOj22vq + 3TWa9HWQ0RqL55NRmzxuDtyMtPOFQpniVxgV + jizb8X3SPJ5V1g== ) + 7200 NSEC ns1.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20080724070030 ( + 20080624070030 33755 example.net. + e4nOW7PuqCQBYgSCBQH06V2XB7SF85jmfFIc + dSMbsLRK+1tN/Y2+85WKVSQrXZzWRHgjQ+Hw + iL/FWK5Zfq7ixg== ) +ns1.example.net. 7200 IN A 1.0.0.5 + 7200 RRSIG A 5 3 7200 20080724070030 ( + 20080624070030 33755 example.net. + tTfMDk2ww2uWutlhjRMDPGo9ZPugjJqSbdyP + 6cJcCDJUBce0UZFxjvDBZhfG7O2XUscooUjp + JpXsJ54ksPugXA== ) + 7200 AAAA 2001:db8::53 + 7200 RRSIG AAAA 5 3 7200 20080724070030 ( + 20080624070030 33755 example.net. + x8iMgcICSOxgx4biLForfZxgMbMVpzwMQR6n + naFVK79GOwFFT8krAfo6K6Rg7Fyu0jSE/59H + 3Y15F0ju6YvbAg== ) + 7200 NSEC ns2.example.net. A AAAA RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20080724070030 ( + 20080624070030 33755 example.net. + EYof9XuXHXuWgRF0MzgO/Z8FGYJEfLlJKWCV + IWh+b8XJejLO1Tt0vlJZl0orrs6yam/B8CWb + dgq8ktbqpNHmvg== ) +ns2.example.net. 7200 IN A 1.2.0.6 + 7200 RRSIG A 5 3 7200 20080724070030 ( + 20080624070030 33755 example.net. + Uh93B1J7mOqBcW8sXWHA6vmeGszGJGE/BtFV + cdO4tBNoIDbIdkzBUJZphc6HfK7/gu7WFhAo + 5v6cZr4bRDOf6A== ) + 7200 NSEC sub.example.net. A RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20080724070030 ( + 20080624070030 33755 example.net. + xOkV3aTsgrP7ZyaHfKhLmjJfhboQJpDYFdqV + y0zzZuGQr7Yr4PxWED5WJhm4fFf48agNWBmm + rk1OaFadv6m2uw== ) +sub.example.net. 7200 IN NS ns1.example.net. + 7200 NSEC example.net. NS RRSIG NSEC + 7200 RRSIG NSEC 5 3 7200 20080724070030 ( + 20080624070030 33755 example.net. + Pr8KFvU/Fr2lp9W6Wqqq47VKrnh3tL90S8Eu + KIPsfmBE00g7eGPVswJUWShXMBZFLtfqI8z/ + UBM6VzROSTtryA== ) |