157 files changed, 23288 insertions, 0 deletions

diff --git a/contrib/zkt/CHANGELOG b/contrib/zkt/CHANGELOG
new file mode 100644
index 0000000..40fb02e
--- /dev/null
+++ b/contrib/zkt/CHANGELOG
@@ -0,0 +1,446 @@
+zkt 0.97 -- 
+
+* bug	LG_* logging level wasn't mapped to syslog level in lg_mesg().
+	gettock() in ncparse.c did not recognize C single line comments "//"
+	(Thanks to Frank Behrens for finding this out)
+
+* misc	dist_and_reload () now calls the "Distribute_Cmd" twice:
+	First with argument "distribute" for signed zone file distribution,
+	second with argument "reload" to initiate a reload.
+	Again see example/flat/dist.sh for an example script.
+
+* bug	full KSK rollover will (mostly) also work for dynamic zones
+	This is a hack and requires further investigation. Currently
+	it will not work if someone is using non standard zone file
+	names.
+
+* misc	default ZSK lifetime set to 3 month
+
+* misc	get_mtime() renamed to file_mtime()
+
+* func	is_exec_ok() added and called in dist_and_reload ()
+
+* func	New parameter "Distribute_Cmd" added for specifing a user
+	defined distribution (and reload) command (See example/flat/dist.sh).
+
+* misc	Changed wording to be a bit more consistent to
+	draft-gudmundsson-life-of-dnskey-00.txt
+	- State of published key will be print as "pub" instead of "pre"
+	  by dnssec-zkt.
+	- Option --pre-publish of dnssec-zkt changed to --published.
+	- Changed wording in all comments and log message from "pre-publish"
+	  to "published".
+
+* func	Highly experimental code to do a full automatic ksk rollover
+	in hierachical mode.
+	ksk_rollover() added in rollover.c; parameter change for ksk_status()
+
+* misc	Changed name of "dnssec-soaserial" to "zkt-soaserial"
+
+* bug	Fixed verbose logging error if -N or -D option was used
+
+* func	Some LG_INFO messages added about key status change
+
+* func	Remove of function to register a new ksk (zktr.[ch])
+
+* misc	Changed licence from GNU GPLv2 to BSD licence
+
+* bug	Fixed bug in logging of ZSK rollover
+
+* misc	Changed tar file to zipped one and archive the files with
+	toplevel directory
+
+* bug	Fixed use of uninitialized vars in zconf.c (line)
+
+* port	Preparation for use of autoconf
+	- config.h renamed to config_zkt.h and change of include directives
+	- conditional include of config.h 
+	- ./configure script is able to determine BIND utility path
+	  (BIND_UTIL_PATH) and version (BIND_VERSION)
+	- compile time options are settable via configure script (--enable-xxx)
+	- For now, the configure script is not able to set the install dir.
+
+* bug	ksk rollover phase2 did not trigger resigning of parent
+	(the parent file was copied to the parent directory only
+	after child zone resigning)
+
+* bug	fixed bad notice message in zskstatus ()
+
+* func	dnssec-zkt -Z print out syslog facility & level with
+	upper case letter and without quotation marks
+
+* func	Syslog facility DAEMON added
+
+zkt 0.96 -- 19. June 2008
+
+* func	Config file option "SIG_Parameter" added.
+
+* func	Function verbmesg() added and used for verbose logging
+	to stdout and/or to syslog resp. file.
+	Config file parameter VerboseLog added to config file.
+
+* bug 	Option -O wasn't recognized by dnssec-signer
+
+* func	Better support of initial setup of dynamic signed
+	zones (just create an empty "zone.db.dsigned" file
+	and run dnssec-signer with option -d).
+
+* func	Improved error logging; incr_soa() errors are written
+	as clear text message instead of error number
+
+* func	elog_mesg() function replaced by a more general
+	logging mechanism.
+	ErrorLog config parameter replaced by LogFile,
+	LogLevel and SyslogFacility, SyslogLevel parameter
+
+* func	New function filesize() added
+
+* func	dki_prt_trustedkey print out old key id if key
+	is revoked 
+
+* func	dki_new() writes gentime (GMT) and proposed key
+	lifetime (days) as comment into the *.key file
+
+* bug	Doing some housekeeping
+
+zkt 0.95 -- 19. April 2008
+
+* misc	This is not a public released version of zkt.
+
+* func	All config file option are now settable via
+	commandline option -O (--option or --config-option)
+
+* misc	Function fatal() now has an exit code of 127.
+	This is neccessary because values from 1 to 64 are
+	reflecting the number of errors occured.
+
+* func	Errorlog functionality added
+	All dnssec-signer errors will be logged in the file
+	specified by the Errorlog config file parameter or
+	specified by the command line option -L (--errorlog).
+	If a directory is given, then the logging will occur
+	in a file within this directory which is named
+	like "zkt-<current-date>.log".
+	The dnssec-signer command has an exit code of 0 if
+	no error occured, an exit code of 127 on fatal errors,
+	an exit code from 1 to 63 reflecting the number of errors
+	occured, or an exit code of 64 if more than 63 errors
+	occured.
+
+* func	dnssec-signer: Introducing long options
+
+* bug	New skript added to example/views directory to
+	read in the right config file
+
+* func	New option -f (--lifetime) and -F (--setlifetime)
+	added to dnssec-zkt.
+
+* func	New option -e (--expire) added to dnssec-zkt.
+	(Seems to be that the dnssec-zkt command is a little
+	bit overloaded with options.)
+
+* func	dki.c and zkt.c supports storage of key lifetime,
+	generation time and expiration time as a comment in the
+	.key file.  With this, it's possible to change the default
+	lifetime without any impact on already used keys.
+
+zkt 0.94 -- 6. Dec 2007
+
+* bug	Case mismatch of zone name and key file name prevent
+	dki_read() from reading the key.
+	Thanks to Alan Clegg for finding this out.
+	Added some additional error processing and convert
+	zone name to lower case.
+
+* misc	Builtin default for KSK_randfile changed
+	from NULL to "/dev/urandom".
+
+* bug	dnssec-signer has to use private keys for signing
+	even if the revoke bit is set.
+	To achieve this the file pattern K*.private is added
+	to the dnssec-signzone run.
+
+* bug	Uninitialized variable "len" in sign_zone().
+
+* func	Default config file is settable via environment
+	variable ZKT_CONFFILE
+
+* func	Support of views added
+	Link dnssec-zkt to dnssec-zkt-<view> and
+	dnssec-signer to dnssec-signer-<view>.
+	Option -V and --view added to dnssec-zkt.
+	Option -V added to dnssec-signer.
+	View support added to parse_namedconf().
+
+zkt 0.93 -- 1. Nov 2007
+
+* func	The ksk registration mechanism is disabled by
+	default (see REG_URL in config.h).
+
+* func	Basic support for revoke flag added (RFC5011).
+	Semantic of option -R of dnssec-zkt changed.
+
+* func	Undocumented option -S changed to lower case.
+	Pre-pulished KSK will be shown as "standby" key.
+	New Option -S (standby) for pre-publish KSK.
+
+* func	New command dnssec-soaserial added.
+
+* bug	dnssec-signer do not print the incremented serial
+	number anymore.
+	time2str() fixed bug in time format (HAS_STRFTIME=0).
+
+* port	New build dependencies "solaris", "macos" and "help"
+	added to Makefile.
+
+zkt 0.92 -- 1. Oct 2007
+
+* func	Parameter "Serialformat" in dnssec.conf added .
+	Now it is possible to use the unixtime format for
+	the SOA serial number. If you use BIND 9.4 or
+	greater in conjunction with this, than there is no
+	need for the special SOA serial formating in
+	the zonefile. (Thanks to Jakob Schlyter for the
+	-N option of dnssec-signzone and the suggestion to
+	add the unixtime support to zkt)
+	
+* func	Option --ksk-roll-stat added.
+
+* port	Added macro HAS_GETOPT_LONG to support OS with
+	lack of getopt_long() (e.g. solaris).
+	Options -[01239] added.
+
+* misc	Unused macro HAS_ULONG removed from config.h.
+	Deklaration of unsigned types moved from dki.h to
+	config.h (so it will be available in _all_ source
+	files). Thanks to Mans Nilsson.
+	Unused macro isblank() (ncparse.c) removed.
+
+* bug	In dosigning(): freeze the dynamic zone _before_ copying
+	the zone file.
+
+zkt 0.91 -- 1. Apr 2007
+
+* doc	--ksk-rollover option added to usage().
+
+* func	some experimental code for dynamic zones added.
+	new functions added: copyzonefile(), dyn_update_freeze().
+	New option "-d" added. 
+
+zkt 0.90 -- 6. Dec 2006
+
+* func 	CHECK_RESIGN interval added to config.h.
+	This is the dnssec-signer calling interval (at least 1 day or 86400 sec).
+
+* func 	new function dki_destroy() added; semantic of dk_remove()
+	changed to rename the key files instead of physical deletion.
+
+* doc	Setup of new example directory (flat and hierarchical).
+
+* doc	dnssec-zkt man page updated.
+	Added some comments in misc.c
+
+* misc	function strtaint() renamed to str_untaint(),
+	dki_keycmp() renamed to dki_tagcmp().
+
+* func	New parameter key_ttl added to dnssec.conf.
+	New func dki_prt_dnskeyttl () added.
+	Now dnskey.db is written with key_ttl value.
+
+* func	dnssec-signer: In hierarchical mode sign_zone() copies the
+	parent-file (if such a file exist) instead of the
+	keyset-file to the parent directory.
+
+* func	dnssec-zkt: Option --ksk-roll-phase[123] and function
+	ksk_rollover() added.
+
+* misc	zconf: default values for sigvalidity, resign_int etc. changed,
+	new dnssec.conf example file created.
+
+* func	dnssec-zkt: Long option support added.
+
+zkt 0.83 -- 11. Sep 2006
+
+* bug	dosigning(): Fixed bug in the bug fixing of printing undefined
+	serial number if incr_serial() failed. (Thanks to Randy McCasskill).
+
+zkt 0.82 -- 8. Sep 2006
+
+* bug	Use option -e for dnssec-keygen calls in dki_new(), because
+	an RSA exponent of 3 is vulnerable.
+
+* bug	dosigning(): Fixed bug in printing undefined serial
+	number if incr_serial() failed.
+
+	an RSA exponent of 3 is vulnerable.
+
+* bug	dosigning(): Fixed bug in printing undefined serial
+	number if incr_serial() failed.
+
+zkt 0.81 -- 13. July 2006
+
+* bug	The function ceatekey() won't work with USE_TREE.
+	Size of MAX_DNAME increased.
+
+zkt 0.8 -- 09. July 2006
+
+* func	Now a hierarchical directory structure with subdomains stored in
+	subfolders of the parent domain are allowed. Added copyfile(),
+	cmpfile() and new_keysetfiles() for that.
+
+* func	Config parameter added to choose if the domain name is
+	right or left justified listed by dnssec-zkt (printkeyinfo).
+
+* func	New class of key added ("sep"). A SEP key is a (public) key file
+	without the private counterpart. So we could use the key solely
+	as an secure entry point. (dki.h, dki_read).
+
+zkt 0.70 -- 15. Sep 2005
+
+* func	Experimental code added to use a binary search tree instead of a
+	single linked list. This is mainly for performance improvement for large
+	sites. If you don't want to use it, set USE_TREE in config.h to zero.
+	In the first step only dnssec-zkt use the new data structure.
+	The tree is build over the domain names and each node is the starting point
+	of a linked list of keys.
+	As a result, it's not possible anymore to search on key tags only. You have
+	to specify the domain name plus the tag. :-(
+
+* func	Function parseurl added.
+
+* func	Experimental code to register a new ksk. Currently it's more like
+	a key announcement because of the lack of identification and
+	authentication.
+
+zkt 0.65 -- 22. Aug 2005
+
+* misc	Rewrite of the domaincmp() function. Now it's round about 2 times faster.
+	After some additional changes and the compiler option -O3 the dnssec-zkt
+	on the ~ 12000 zones requires only a minute
+		$ time dnssec-zkt -z -r sec > /dev/null
+		real    0m58.287s
+		user    0m54.610s
+		sys     0m3.680s
+
+* func	A keyset directory is introduced (experimental)
+	The parameter -d is added to the call of the dnssec-signzone command
+	if the config option KeySetDir is set.
+	As a result, all dsset-, keyset- and dlvset- files are stored in one directory.
+	The advantage is, that the chain of trust of all local subzone is build
+	automatically (This is the reason why we sort the zones with the child zones
+	first).
+	The disadvantage is that we store many files in single directory (3 files
+	per zone).
+
+zkt 0.64 -- 1. Aug 2005
+
+* bug	The code for option -Z of dnssec-zkt should be executed before we read the
+	complete directory tree. This is usefull if we have a very deep directory
+	structure and the recursive flag is switched on.
+
+* func	SIG_Pseudorand parameter added.
+
+* func	([KZ]SK)|(SIG)_randfile parameter added.
+
+* func	measure the time used for signing of each zone.
+
+* bug	function logflush() added to misc.c and called by dosigning().
+
+* misc	some perfomance test made:
+	- Directory structure "sec/<firstletter>/domain" with round about 12200 domains
+	- One of the domain is a big one (~ 820000 RRs), the others are mostly very small ones
+	- We use a dsa with 704 bits as ksk and a rsamd5 with 512 bits as zsk on each domain.
+	- All test made on Sun Fire V440 with 4 CPU and 4x2GB main memory
+
+		# sequential signing of all zones 
+		$ time dnssec-signer -v -v -f -D sec
+		real	434m	(~ 7h 14min)
+		user	188
+		sys	175
+
+		# with option -p and -r /dev/urandom
+		$ time dnssec-signer -v -v -f -D sec > log
+		real	96m28.306s
+		user	290m41.980s
+		sys	6m13.790s
+
+		# one process for each firstletter subdirectory
+		$ time par_signer.sh
+		real	394m12.334s
+		user	295m58.390s
+		sys	786m42.479s
+
+		# with option -p and -r /dev/urandom
+		$ time par_signer.sh
+		real	78m49.323s
+		user	284m58.350s
+		sys	5m39.340s
+
+
+		$ time dnssec-zkt -z -r sec > /dev/null
+		real	2m5.722s
+		user	2m0.060s
+		sys	0m4.510s
+
+	
+		# signing the big (820000 RR) domain only
+		$ time dnssec-signer -v -v -f -D sec/b/big-domain
+		real	196m23.165	(~ 3h 16min)
+		user	176m57.610
+		sys	167m27.570
+
+		# with option -p and -r /dev/urandom
+		$ time dnssec-signer -v -v -f -D sec/b/big-domain
+		real	49m53.152
+		user	173m59.520
+		sys	1m40.150
+
+zkt 0.63 -- 14. June 2005
+
+* bug	allow TTL value in keyfiles (see TTL_IN_KEYFILES_ALLOWED
+	in dki_readfile()).
+
+* misc	function strchop() added to misc.c.
+
+zkt 0.62 -- 13. May 2005
+
+* func	dnssec-signer: Option -o added.
+	Now it works a little bit more like dnssec-signzone.
+
+* func	strlist.c: prepstrlist and unprepstrlist functions get a
+	second parameter for the delimiter.
+
+* bug	fixed some typos and inaccurate usage of symbolic constants.
+	Doing some housekeeping.
+
+zkt 0.61 -- 3. May 2005
+
+* bug	local config file will not be mentioned if -N switch is used.
+
+zkt 0.6 -- 1. May 2005
+
+* doc	dnssec-signer: man page added.
+
+* func	dnssec-signer: Print out a warning message if ksk lifetime is exceeded.
+
+* func	dnssec-signer: Remaining arguments will be interpreted as zone names
+	(in_strarr () added).
+
+* func	dnssec-signer: Option -D added.
+
+
+zkt 0.51 -- 8. April 2005
+
+* func	dnssec-signer: Option -N added.
+
+* func	dnssec-signer: change of keystatus from pre-published to active
+	resets timestamp of key, thus age of active key counts 0.
+
+* bug	prepstrlist: resulting string was not terminated with '\0'.
+
+* bug	dnssec-signer: do signing if there are additional keys, or the
+	status of any key is changed (function check_keytimestamp).
+
+* func	dnssec-zkt: -l <list> option added.
+
+* func	dnssec-zkt: -p flag defaults to on in key creation mode (-C).
diff --git a/contrib/zkt/LICENSE b/contrib/zkt/LICENSE
new file mode 100644
index 0000000..1af01c7
--- /dev/null
+++ b/contrib/zkt/LICENSE
@@ -0,0 +1,30 @@
+Copyright (c) 2005 - 2008, Holger Zuleger HZnet. All rights reserved.
+
+This software is open source.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+
+Redistributions of source code must retain the above copyright notice,
+this list of conditions and the following disclaimer.
+
+Redistributions in binary form must reproduce the above copyright notice,
+this list of conditions and the following disclaimer in the documentation
+and/or other materials provided with the distribution.
+
+Neither the name of Holger Zuleger HZnet nor the names of its contributors may
+be used to endorse or promote products derived from this software without
+specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
+LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.
diff --git a/contrib/zkt/Makefile.in b/contrib/zkt/Makefile.in
new file mode 100644
index 0000000..197fd14
--- /dev/null
+++ b/contrib/zkt/Makefile.in
@@ -0,0 +1,151 @@
+#################################################################
+#
+#	@(#) Makefile for dnssec zone key tool  (c) Mar 2005 hoz
+#
+#################################################################
+
+INSTALL_DIR ?=	$$HOME/bin
+
+CC	?=	@CC@
+
+PROFILE =	# -pg
+OPTIM	=	# -O3 -DNDEBUG
+
+#CFLAGS	?=	@CFLAGS@ @DEFS@ -I@top_srcdir@
+CFLAGS	+=	-g @DEFS@ -I@top_srcdir@
+CFLAGS	+=	-Wall #-DDBG
+CFLAGS	+=	-Wmissing-prototypes
+CFLAGS	+=	$(PROFILE) $(OPTIM)
+LDFLAGS	+=	$(PROFILE)
+
+PROJECT =	@PACKAGE_TARNAME@
+VERSION =	@PACKAGE_VERSION@
+
+HEADER	=	dki.h misc.h domaincmp.h zconf.h config_zkt.h \
+		config.h.in strlist.h zone.h zkt.h debug.h \
+		ncparse.h log.h rollover.h
+SRC_ALL	=	dki.c misc.c domaincmp.c zconf.c log.c
+OBJ_ALL	=	$(SRC_ALL:.c=.o)
+
+SRC_SIG	=	dnssec-signer.c zone.c ncparse.c rollover.c
+OBJ_SIG	=	$(SRC_SIG:.c=.o)
+MAN_SIG	=	dnssec-signer.8
+PROG_SIG=	dnssec-signer
+
+SRC_ZKT	=	dnssec-zkt.c strlist.c zkt.c
+OBJ_ZKT	=	$(SRC_ZKT:.c=.o)
+MAN_ZKT	=	dnssec-zkt.8
+PROG_ZKT=	dnssec-zkt
+
+SRC_SER	=	zkt-soaserial.c
+OBJ_SER	=	$(SRC_SER:.c=.o)
+#MAN_SER	=	zkt-soaserial.8
+PROG_SER=	zkt-soaserial
+
+MAN	=	$(MAN_ZKT) $(MAN_SIG) #$(MAN_SER)
+OTHER	=	README README.logging TODO LICENSE CHANGELOG tags Makefile.in \
+		configure examples
+SAVE	=	$(HEADER) $(SRC_ALL) $(SRC_SIG) $(SRC_ZKT) $(SRC_SER) $(MAN) $(OTHER)
+MNTSAVE	=	$(SAVE) configure.ac config.h.in doc
+
+
+all:	$(PROG_ZKT) $(PROG_SIG) $(PROG_SER)
+
+macos:		## for MAC OS
+macos:
+	$(MAKE) CFLAGS="$(CFLAGS) -D HAS_UTYPES=0" all
+
+solaris:	## for solaris
+solaris:
+	@$(MAKE) CFLAGS="$(CFLAGS) -D HAVE_GETOPT_LONG=0" all
+
+linux:		## for linux (default)
+linux:
+	@$(MAKE) all
+
+$(PROG_SIG):	$(OBJ_SIG) $(OBJ_ALL) Makefile
+	$(CC) $(LDFLAGS) $(OBJ_SIG) $(OBJ_ALL) -o $(PROG_SIG)
+
+$(PROG_ZKT):	$(OBJ_ZKT) $(OBJ_ALL) Makefile
+	$(CC) $(LDFLAGS) $(OBJ_ZKT) $(OBJ_ALL) -o $(PROG_ZKT)
+
+$(PROG_SER):	$(OBJ_SER) Makefile
+	$(CC) $(LDFLAGS) $(OBJ_SER) -o $(PROG_SER)
+
+install:	## install binaries in INSTALL_DIR
+install:	$(PROG_ZKT) $(PROG_SIG) $(PROG_SER)
+	cp $(PROG_ZKT) $(PROG_SIG) $(PROG_SER) $(INSTALL_DIR)
+
+tags:		## create tags file
+tags:	$(SRC_ALL) $(SRC_SIG) $(SRC_ZKT) $(SRC_SER)
+	ctags $(SRC_ALL) $(SRC_SIG) $(SRC_ZKT) $(SRC_SER)
+
+clean:		## remove objectfiles and binaries
+clean:
+	rm -f $(OBJ_SIG) $(OBJ_ZKT) $(OBJ_SER) $(OBJ_ALL)
+
+dist:		## create tar file for distribution
+dist:	$(PROJECT)-$(VERSION).tar.gz
+tar:		## create tar file for distribution
+tar:	$(PROJECT)-$(VERSION).tar.gz
+
+maintain:	## create configure script
+maintain:	configure
+
+mainttar:	## create tar file for maintenance
+mainttar:	$(PROJECT)-maint-$(VERSION).tar.gz
+
+configure:	configure.ac
+	autoconf && autoheader
+
+man:	$(MAN_ZKT).html $(MAN_ZKT).pdf $(MAN_SIG).html $(MAN_SIG).pdf
+
+$(MAN_ZKT).html: $(MAN_ZKT)
+	groff -Thtml -man -mhtml $(MAN_ZKT) > $(MAN_ZKT).html
+$(MAN_ZKT).pdf: $(MAN_ZKT)
+	groff -Tps -man $(MAN_ZKT) | ps2pdf - $(MAN_ZKT).pdf
+$(MAN_SIG).html: $(MAN_SIG)
+	groff -Thtml -man -mhtml $(MAN_SIG) > $(MAN_SIG).html
+$(MAN_SIG).pdf: $(MAN_SIG)
+	groff -Tps -man $(MAN_SIG) | ps2pdf - $(MAN_SIG).pdf
+	
+	
+$(PROJECT)-$(VERSION).tar.gz:	$(SAVE)
+	rm -f examples/hierarchical/log/zkt-*
+	(	\
+		distfiles=`ls -d $(SAVE) | sed 's|^|$(PROJECT)-$(VERSION)/|'` ;\
+		cd .. && tar czvf $(PROJECT)-$(VERSION)/$(PROJECT)-$(VERSION).tar.gz $$distfiles ;\
+	)
+
+$(PROJECT)-maint-$(VERSION).tar.gz:	$(MNTSAVE)
+	(	\
+		distfiles=`ls -d $(SAVE) | sed 's|^|$(PROJECT)-$(VERSION)/|'` ;\
+		cd .. && tar czvf $(PROJECT)-$(VERSION)/$(PROJECT)-maint-$(VERSION).tar.gz $$distfiles ;\
+	)
+
+depend:
+	$(CC) -MM $(SRC_SIG) $(SRC_ZKT) $(SRC_SER) $(SRC_ALL)
+
+help:
+	@grep "^.*:[ 	]*##" Makefile
+
+## all dependicies
+#:r !make depend
+#gcc -MM dnssec-signer.c zone.c ncparse.c rollover.c dnssec-zkt.c strlist.c zkt.c zkt-soaserial.c dki.c misc.c domaincmp.c zconf.c log.c
+dnssec-signer.o: dnssec-signer.c config_zkt.h zconf.h debug.h misc.h \
+  ncparse.h zone.h dki.h rollover.h log.h
+zone.o: zone.c config_zkt.h debug.h domaincmp.h misc.h zconf.h dki.h \
+  zone.h
+ncparse.o: ncparse.c debug.h misc.h zconf.h log.h ncparse.h
+rollover.o: rollover.c config_zkt.h zconf.h debug.h misc.h zone.h dki.h \
+  log.h rollover.h
+dnssec-zkt.o: dnssec-zkt.c config_zkt.h debug.h misc.h zconf.h strlist.h \
+  dki.h zkt.h
+strlist.o: strlist.c strlist.h
+zkt.o: zkt.c config_zkt.h dki.h misc.h zconf.h strlist.h zkt.h
+zkt-soaserial.o: zkt-soaserial.c config_zkt.h
+dki.o: dki.c config_zkt.h debug.h domaincmp.h misc.h zconf.h dki.h
+misc.o: misc.c config_zkt.h zconf.h log.h debug.h misc.h
+domaincmp.o: domaincmp.c domaincmp.h
+zconf.o: zconf.c config_zkt.h debug.h misc.h zconf.h dki.h
+log.o: log.c config_zkt.h misc.h zconf.h debug.h log.h
diff --git a/contrib/zkt/README b/contrib/zkt/README
new file mode 100644
index 0000000..0798932
--- /dev/null
+++ b/contrib/zkt/README
@@ -0,0 +1,44 @@
+#
+#	README  dnssec zone key tool
+#
+#	(c) March 2005 - Aug 2008 by  Holger Zuleger  hznet
+#	(c) for domaincmp Aug 2005 by Karle Boss & H. Zuleger (kaho)
+#	(c) for zconf.c by Jeroen Masar & Holger Zuleger
+#
+
+For more information about the DNSSEC Zone Key Tool please
+have a look at "http://www.hznet.de/dns/zkt/"
+
+You can also subscribe to the zkt-users@sourceforge.net mailing list
+on the following website: https://lists.sourceforge.net/lists/listinfo/zkt-users
+
+The complete software stands under BSD licence (see LICENCE file)
+
+To build the software:
+a) Get the current version of zkt
+	$ wget http://www.hznet.de/dns/zkt/zkt-0.97.tar.gz
+
+b) Unpack
+	$ tar xzvf zkt-0.97.tar.gz
+
+c) Change to dir
+	$ cd zkt-0.97
+
+d) Run configure script
+	$ ./configure
+
+e) (optional) Edit config_zkt.h
+
+f) Compile
+	$ make
+   For MAC users:	# this should not needed anymore
+	$ make macos
+   For Solaris:		# this should not needed anymore
+	$ make solaris
+
+g) Install
+	$ make install	# this will copy the binarys to $HOME/bin
+
+h) (optional) Install and modify the default dnssec.conf file 
+	$ ./dnssec-zkt -c "" -Z > /var/named/dnssec.conf
+	$ vi /var/named/dnssec.conf
diff --git a/contrib/zkt/README.logging b/contrib/zkt/README.logging
new file mode 100644
index 0000000..f0f3f90
--- /dev/null
+++ b/contrib/zkt/README.logging
@@ -0,0 +1,99 @@
+#
+#	README.logging
+#
+#	Introduction into the new logging feature 
+#	available since v0.96
+#	
+
+In previous version of dnssec-signer every message was written
+to the default stdout and stderr channels, and the logging itself
+was handled by a redirection of those chanels to the logger command
+or to a file.
+
+Now, since version v0.96, the dnssec-signer command is able to log all
+messages by itself. File and SYSLOG logging is supported.
+
+To enable the logging into a file channel, you have to specify
+the file or directory name via the commandline option -L (--logfile)
+or via the config file parameter "LogFile".
+	LogFile: ""|"<file>"|"<directory>"	(default is "")
+If a file is specified, than each run of dnssec-signer will append the
+messages to tat file. If a directory is specified, than a file with a
+name of zkt-<ISOdate&timeUTC>.log" will be created on each dnssec-signer run.
+
+Logging into the syslog channel could be enabled via the config file
+parameter "SyslogFacility".
+	SyslogFacility:	NONE|USER|DAEMON|LOCAL0|..|LOCAL7 (default is USER)
+
+For both channels, the log level could be independently set to one
+of six log levels:
+	LG_FATAL, LG_ERROR, LG_WARNING
+	LB_NOTICE, LG_INFO, LG_DEBUG
+
+The loglevel is settable via the config file parameter :
+	SyslogLevel: FATAL|ERROR|WARNING|NOTICE|INFO|DEBUG
+		(default is ERROR)
+and
+	LogLevel: FATAL|ERROR|WARNING|NOTICE|INFO|DEBUG
+   		(default is NOTICE)
+
+All the log parameters are settable on the commandline via the generic
+option -O "optstring" (--config-option="opt").
+
+A verbose message output to stdout could be achieved by the commandline
+option -v (or -v -v).
+If you want to log the same messages with loglevel LG_DEBUG to a file or
+to syslog, you could enable this by setting the config file option
+"VerboseLog" to a value of 1 or 2.
+
+Current logging messages:
+	LG_FATAL: Not all of the fatal errors are logged
+		(e.g.: config file or command line option fatal errors are
+		not logged)
+	LG_ERROR: All error messages will be logged
+	LG_WARNING: KSK lifetime expiration
+	LG_NOTICE:
+		Start and stop of dnssec-signer
+		Re-signing events 
+		Key rollover events
+		Zone reload resp. freeze/thaw of dynamic zone
+	LG_INFO: Currently none
+		planned:
+		Mesages for key generation and key status change
+		(e.g.: pre-publish -> activate; revoked -> removed etc.)
+	LG_DEBUG: all "verbose" (-v) and "very verbose" (-v -v)  messages
+
+Some recomended and useful logging settings
+
+- The default setting
+	LogFile: ""
+	SyslogFacility: USER
+	SyslogLevel: NOTICE
+	VerboseLog: 0
+
+- Setting as in version v0.95
+	LogFile: "zkt-error.log"	# or a directory for seperate logfiles
+	LogLevel: ERROR
+	SyslogFacility: NONE
+	VerboseLog: 0
+
+- Setting as in previous versions
+	LogFile: ""
+	SyslogFacility: NONE
+	VerboseLog: 0
+
+- Recommended setting for normal usage
+	LogFile: "zkt.log"	# or a directory for seperate logfiles
+	LogLevel: ERROR
+	SyslogFacility: USER
+	SyslogLevel: NOTICE
+	VerboseLog: 0
+	
+- Recommended setting for debugging
+	LogFile: "zkt.log"	# or a directory for seperate logfiles
+	LogLevel: DEBUG
+	SyslogFacility: USER
+	SyslogLevel: NOTICE
+	VerboseLog: 2
+	
+- 
diff --git a/contrib/zkt/TODO b/contrib/zkt/TODO
new file mode 100644
index 0000000..fc53210
--- /dev/null
+++ b/contrib/zkt/TODO
@@ -0,0 +1,37 @@
+TODO list as of zkt-0.97
+
+general:
+	Renaming of the tools to zkt-* ? 
+
+dnssec-zkt:
+ feat	option to specify the key age as remaining lifetime
+	(Option -i inverse age ?) As of v0.95 the key lifetime
+	is stored at the key itself, so this could be possibly
+	implemented without big effort(?).
+
+dnssec-signer:
+ bug	Distribute_Cmd will not work properly on dynamic zones
+
+ bug	Automatic KSK rollover of dynamic zones will only work if the parent
+ 	uses the standard name for the signed zonefile (zonefile.db.signed).
+
+ bug	Phase3 of manual ksk rollover do not trigger a resigning of the zone
+ 	(Key removal is not recognized by dosigning () function )
+
+ bug	There is no online checking of the key material by design.
+ 	So the signer command checks the status of the key as they
+	are represented in the file system and not in the zone.
+	The dnssec maintainer is responsible for the lifeliness of the
+	data in the hosted domain.
+	In other words: It's highly recommended to use the
+	option -r when you use dnssec-signer on a production zone.
+	Then the time of propagation is (more or less) equal to the timestamp
+	of the zone.db.signed file.
+
+ bug	The max_TTL and Key_TTL parameter should be set to the value found
+ 	in the zone. A mechanism for setting up a dnssec.conf file for the
+	zone specific TTL values is needed.
+
+dki:
+ feat	Use dynamic memory for dname in dki_t
+
diff --git a/contrib/zkt/config.h.in b/contrib/zkt/config.h.in
new file mode 100644
index 0000000..fa6ef0f
--- /dev/null
+++ b/contrib/zkt/config.h.in
@@ -0,0 +1,217 @@
+/* config.h.in.  Generated from configure.ac by autoheader.  */
+
+/* Path to BIND utilities */
+#undef BIND_UTIL_PATH
+
+/* BIND version as integer number without dots */
+#undef BIND_VERSION
+
+/* Define to 1 if the `closedir' function returns void instead of `int'. */
+#undef CLOSEDIR_VOID
+
+/* set path of config file (defaults to /var/named) */
+#undef CONFIG_PATH
+
+/* Define to 1 if you have the `alarm' function. */
+#undef HAVE_ALARM
+
+/* Define to 1 if you have the <dirent.h> header file, and it defines `DIR'.
+   */
+#undef HAVE_DIRENT_H
+
+/* Define to 1 if you don't have `vprintf' but do have `_doprnt.' */
+#undef HAVE_DOPRNT
+
+/* Define to 1 if you have the <fcntl.h> header file. */
+#undef HAVE_FCNTL_H
+
+/* Define to 1 if you have the <getopt.h> header file. */
+#undef HAVE_GETOPT_H
+
+/* Define to 1 if you have the `getopt_long' function. */
+#undef HAVE_GETOPT_LONG
+
+/* Define to 1 if you have the `gettimeofday' function. */
+#undef HAVE_GETTIMEOFDAY
+
+/* Define to 1 if you have the <inttypes.h> header file. */
+#undef HAVE_INTTYPES_H
+
+/* Define to 1 if your system has a GNU libc compatible `malloc' function, and
+   to 0 otherwise. */
+#undef HAVE_MALLOC
+
+/* Define to 1 if you have the <memory.h> header file. */
+#undef HAVE_MEMORY_H
+
+/* Define to 1 if you have the `memset' function. */
+#undef HAVE_MEMSET
+
+/* Define to 1 if you have the <ndir.h> header file, and it defines `DIR'. */
+#undef HAVE_NDIR_H
+
+/* Define to 1 if you have the <netdb.h> header file. */
+#undef HAVE_NETDB_H
+
+/* Define to 1 if you have the `setenv' function. */
+#undef HAVE_SETENV
+
+/* Define to 1 if you have the `socket' function. */
+#undef HAVE_SOCKET
+
+/* Define to 1 if `stat' has the bug that it succeeds when given the
+   zero-length file name argument. */
+#undef HAVE_STAT_EMPTY_STRING_BUG
+
+/* Define to 1 if you have the <stdint.h> header file. */
+#undef HAVE_STDINT_H
+
+/* Define to 1 if you have the <stdlib.h> header file. */
+#undef HAVE_STDLIB_H
+
+/* Define to 1 if you have the `strcasecmp' function. */
+#undef HAVE_STRCASECMP
+
+/* Define to 1 if you have the `strchr' function. */
+#undef HAVE_STRCHR
+
+/* Define to 1 if you have the `strdup' function. */
+#undef HAVE_STRDUP
+
+/* Define to 1 if you have the `strerror' function. */
+#undef HAVE_STRERROR
+
+/* Define to 1 if you have the `strftime' function. */
+#undef HAVE_STRFTIME
+
+/* Define to 1 if you have the <strings.h> header file. */
+#undef HAVE_STRINGS_H
+
+/* Define to 1 if you have the <string.h> header file. */
+#undef HAVE_STRING_H
+
+/* Define to 1 if you have the `strncasecmp' function. */
+#undef HAVE_STRNCASECMP
+
+/* Define to 1 if you have the `strrchr' function. */
+#undef HAVE_STRRCHR
+
+/* Define to 1 if you have the <syslog.h> header file. */
+#undef HAVE_SYSLOG_H
+
+/* Define to 1 if you have the <sys/dir.h> header file, and it defines `DIR'.
+   */
+#undef HAVE_SYS_DIR_H
+
+/* Define to 1 if you have the <sys/ndir.h> header file, and it defines `DIR'.
+   */
+#undef HAVE_SYS_NDIR_H
+
+/* Define to 1 if you have the <sys/socket.h> header file. */
+#undef HAVE_SYS_SOCKET_H
+
+/* Define to 1 if you have the <sys/stat.h> header file. */
+#undef HAVE_SYS_STAT_H
+
+/* Define to 1 if you have the <sys/time.h> header file. */
+#undef HAVE_SYS_TIME_H
+
+/* Define to 1 if you have the <sys/types.h> header file. */
+#undef HAVE_SYS_TYPES_H
+
+/* Define to 1 if you have the `tzset' function. */
+#undef HAVE_TZSET
+
+/* Define to 1 if you have the <unistd.h> header file. */
+#undef HAVE_UNISTD_H
+
+/* Define to 1 if you have the `utime' function. */
+#undef HAVE_UTIME
+
+/* Define to 1 if you have the <utime.h> header file. */
+#undef HAVE_UTIME_H
+
+/* Define to 1 if `utime(file, NULL)' sets file's timestamp to the present. */
+#undef HAVE_UTIME_NULL
+
+/* Define to 1 if you have the `vprintf' function. */
+#undef HAVE_VPRINTF
+
+/* log with level */
+#undef LOG_WITH_LEVEL
+
+/* log with progname */
+#undef LOG_WITH_PROGNAME
+
+/* log with timestamp */
+#undef LOG_WITH_TIMESTAMP
+
+/* Define to 1 if `lstat' dereferences a symlink specified with a trailing
+   slash. */
+#undef LSTAT_FOLLOWS_SLASHED_SYMLINK
+
+/* Define to the address where bug reports for this package should be sent. */
+#undef PACKAGE_BUGREPORT
+
+/* Define to the full name of this package. */
+#undef PACKAGE_NAME
+
+/* Define to the full name and version of this package. */
+#undef PACKAGE_STRING
+
+/* Define to the one symbol short name of this package. */
+#undef PACKAGE_TARNAME
+
+/* Define to the version of this package. */
+#undef PACKAGE_VERSION
+
+/* print age of year */
+#undef PRINT_AGE_OF_YEAR
+
+/* print out timezone */
+#undef PRINT_TIMEZONE
+
+/* Define to 1 if you have the ANSI C header files. */
+#undef STDC_HEADERS
+
+/* Define to 1 if you can safely include both <sys/time.h> and <time.h>. */
+#undef TIME_WITH_SYS_TIME
+
+/* Define to 1 if your <sys/time.h> declares `struct tm'. */
+#undef TM_IN_SYS_TIME
+
+/* TTL in keyfiles allowed */
+#undef TTL_IN_KEYFILE_ALLOWED
+
+/* Use TREE data structure for dnssec-zkt */
+#undef USE_TREE
+
+/* ZKT version string */
+#undef ZKT_VERSION
+
+/* Define to empty if `const' does not conform to ANSI C. */
+#undef const
+
+/* Define to `int' if <sys/types.h> doesn't define. */
+#undef gid_t
+
+/* Define to rpl_malloc if the replacement function should be used. */
+#undef malloc
+
+/* Define to `unsigned' if <sys/types.h> does not define. */
+#undef size_t
+
+/* Define to `unsigned char' if <sys/types.h> does not define. */
+#undef uchar
+
+/* Define to `int' if <sys/types.h> doesn't define. */
+#undef uid_t
+
+/* Define to `unsigned int' if <sys/types.h> does not define. */
+#undef uint
+
+/* Define to `unsigned long' if <sys/types.h> does not define. */
+#undef ulong
+
+/* Define to `unsigned short' if <sys/types.h> does not define. */
+#undef ushort
diff --git a/contrib/zkt/config_zkt.h b/contrib/zkt/config_zkt.h
new file mode 100644
index 0000000..4c04844
--- /dev/null
+++ b/contrib/zkt/config_zkt.h
@@ -0,0 +1,121 @@
+/*****************************************************************
+**
+**	@(#) config_zkt.h -- config options for ZKT
+**
+**	Copyright (c) Aug 2005, Holger Zuleger HZnet. All rights reserved.
+**
+**	This software is open source.
+**
+**	Redistribution and use in source and binary forms, with or without
+**	modification, are permitted provided that the following conditions
+**	are met:
+**
+**	Redistributions of source code must retain the above copyright notice,
+**	this list of conditions and the following disclaimer.
+**
+**	Redistributions in binary form must reproduce the above copyright notice,
+**	this list of conditions and the following disclaimer in the documentation
+**	and/or other materials provided with the distribution.
+**
+**	Neither the name of Holger Zuleger HZnet nor the names of its contributors may
+**	be used to endorse or promote products derived from this software without
+**	specific prior written permission.
+**
+**	THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+**	"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+**	TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+**	PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
+**	LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+**	CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+**	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+**	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+**	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+**	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+**	POSSIBILITY OF SUCH DAMAGE.
+**
+*****************************************************************/
+#ifndef CONFIG_ZKT_H
+# define CONFIG_ZKT_H
+
+#ifndef HAS_TIMEGM
+# define	HAS_TIMEGM	1
+#endif
+
+#ifndef HAS_UTYPES
+# define	HAS_UTYPES	1
+#endif
+
+#ifndef LOG_FNAMETMPL
+# define	LOG_FNAMETMPL	"/zkt-%04d-%02d-%02dT%02d%02d%02dZ.log"
+#endif
+
+/* don't change anything below this */
+/* the values here are determined or settable via the ./configure script */
+
+#ifndef HAVE_GETOPT_LONG
+# define	HAVE_GETOPT_LONG	1
+#endif
+
+#ifndef HAVE_STRFTIME
+# define	HAVE_STRFTIME	1
+#endif
+
+#ifndef TTL_IN_KEYFILE_ALLOWED
+# define	TTL_IN_KEYFILE_ALLOWED	1
+#endif
+
+#ifndef PRINT_TIMEZONE
+# define	PRINT_TIMEZONE	0
+#endif
+
+#ifndef PRINT_AGE_WITH_YEAR
+# define	PRINT_AGE_WITH_YEAR	0
+#endif
+
+#ifndef LOG_WITH_PROGNAME
+# define	LOG_WITH_PROGNAME	0
+#endif
+
+#ifndef LOG_WITH_TIMESTAMP
+# define	LOG_WITH_TIMESTAMP	1
+#endif
+
+#ifndef LOG_WITH_LEVEL
+# define	LOG_WITH_LEVEL		1
+#endif
+
+#ifndef CONFIG_PATH
+# define	CONFIG_PATH	"/var/named/"
+#endif
+
+/* tree usage is setable by configure script parameter */
+#ifndef USE_TREE
+# define	USE_TREE	1
+#endif
+
+/* BIND version and utility path will be set by ./configure script */
+#ifndef BIND_VERSION
+# define	BIND_VERSION	942
+#endif
+
+#ifndef BIND_UTIL_PATH
+# define	BIND_UTIL_PATH	"/usr/local/sbin/"
+#endif
+
+#ifndef ZKT_VERSION
+# if defined(USE_TREE) && USE_TREE
+#  define	ZKT_VERSION	"vT0.97 (c) Feb 2005 - Aug 2008 Holger Zuleger hznet.de"
+# else
+#  define	ZKT_VERSION	"v0.97 (c) Feb 2005 - Aug 2008 Holger Zuleger hznet.de"
+# endif
+#endif
+
+
+#if !defined(HAS_UTYPES) || !HAS_UTYPES
+typedef	unsigned long	ulong;
+typedef	unsigned int	uint;
+typedef	unsigned short	ushort;
+typedef	unsigned char	uchar;
+#endif
+
+#endif
diff --git a/contrib/zkt/configure b/contrib/zkt/configure
new file mode 100755
index 0000000..178398f
--- /dev/null
+++ b/contrib/zkt/configure
@@ -0,0 +1,6838 @@
+#! /bin/sh
+# Guess values for system-dependent variables and create Makefiles.
+# Generated by GNU Autoconf 2.59 for ZKT 0.97.
+#
+# Report bugs to <Holger Zuleger hznet.de>.
+#
+# Copyright (C) 2003 Free Software Foundation, Inc.
+# This configure script is free software; the Free Software Foundation
+# gives unlimited permission to copy, distribute and modify it.
+## --------------------- ##
+## M4sh Initialization.  ##
+## --------------------- ##
+
+# Be Bourne compatible
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
+  emulate sh
+  NULLCMD=:
+  # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which
+  # is contrary to our usage.  Disable this feature.
+  alias -g '${1+"$@"}'='"$@"'
+elif test -n "${BASH_VERSION+set}" && (set -o posix) >/dev/null 2>&1; then
+  set -o posix
+fi
+DUALCASE=1; export DUALCASE # for MKS sh
+
+# Support unset when possible.
+if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
+  as_unset=unset
+else
+  as_unset=false
+fi
+
+
+# Work around bugs in pre-3.0 UWIN ksh.
+$as_unset ENV MAIL MAILPATH
+PS1='$ '
+PS2='> '
+PS4='+ '
+
+# NLS nuisances.
+for as_var in \
+  LANG LANGUAGE LC_ADDRESS LC_ALL LC_COLLATE LC_CTYPE LC_IDENTIFICATION \
+  LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER \
+  LC_TELEPHONE LC_TIME
+do
+  if (set +x; test -z "`(eval $as_var=C; export $as_var) 2>&1`"); then
+    eval $as_var=C; export $as_var
+  else
+    $as_unset $as_var
+  fi
+done
+
+# Required to use basename.
+if expr a : '\(a\)' >/dev/null 2>&1; then
+  as_expr=expr
+else
+  as_expr=false
+fi
+
+if (basename /) >/dev/null 2>&1 && test "X`basename / 2>&1`" = "X/"; then
+  as_basename=basename
+else
+  as_basename=false
+fi
+
+
+# Name of the executable.
+as_me=`$as_basename "$0" ||
+$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
+	 X"$0" : 'X\(//\)$' \| \
+	 X"$0" : 'X\(/\)$' \| \
+	 .     : '\(.\)' 2>/dev/null ||
+echo X/"$0" |
+    sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/; q; }
+  	  /^X\/\(\/\/\)$/{ s//\1/; q; }
+  	  /^X\/\(\/\).*/{ s//\1/; q; }
+  	  s/.*/./; q'`
+
+
+# PATH needs CR, and LINENO needs CR and PATH.
+# Avoid depending upon Character Ranges.
+as_cr_letters='abcdefghijklmnopqrstuvwxyz'
+as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
+as_cr_Letters=$as_cr_letters$as_cr_LETTERS
+as_cr_digits='0123456789'
+as_cr_alnum=$as_cr_Letters$as_cr_digits
+
+# The user is always right.
+if test "${PATH_SEPARATOR+set}" != set; then
+  echo "#! /bin/sh" >conf$$.sh
+  echo  "exit 0"   >>conf$$.sh
+  chmod +x conf$$.sh
+  if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then
+    PATH_SEPARATOR=';'
+  else
+    PATH_SEPARATOR=:
+  fi
+  rm -f conf$$.sh
+fi
+
+
+  as_lineno_1=$LINENO
+  as_lineno_2=$LINENO
+  as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null`
+  test "x$as_lineno_1" != "x$as_lineno_2" &&
+  test "x$as_lineno_3"  = "x$as_lineno_2"  || {
+  # Find who we are.  Look in the path if we contain no path at all
+  # relative or not.
+  case $0 in
+    *[\\/]* ) as_myself=$0 ;;
+    *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
+done
+
+       ;;
+  esac
+  # We did not find ourselves, most probably we were run as `sh COMMAND'
+  # in which case we are not to be found in the path.
+  if test "x$as_myself" = x; then
+    as_myself=$0
+  fi
+  if test ! -f "$as_myself"; then
+    { echo "$as_me: error: cannot find myself; rerun with an absolute path" >&2
+   { (exit 1); exit 1; }; }
+  fi
+  case $CONFIG_SHELL in
+  '')
+    as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for as_base in sh bash ksh sh5; do
+	 case $as_dir in
+	 /*)
+	   if ("$as_dir/$as_base" -c '
+  as_lineno_1=$LINENO
+  as_lineno_2=$LINENO
+  as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null`
+  test "x$as_lineno_1" != "x$as_lineno_2" &&
+  test "x$as_lineno_3"  = "x$as_lineno_2" ') 2>/dev/null; then
+	     $as_unset BASH_ENV || test "${BASH_ENV+set}" != set || { BASH_ENV=; export BASH_ENV; }
+	     $as_unset ENV || test "${ENV+set}" != set || { ENV=; export ENV; }
+	     CONFIG_SHELL=$as_dir/$as_base
+	     export CONFIG_SHELL
+	     exec "$CONFIG_SHELL" "$0" ${1+"$@"}
+	   fi;;
+	 esac
+       done
+done
+;;
+  esac
+
+  # Create $as_me.lineno as a copy of $as_myself, but with $LINENO
+  # uniformly replaced by the line number.  The first 'sed' inserts a
+  # line-number line before each line; the second 'sed' does the real
+  # work.  The second script uses 'N' to pair each line-number line
+  # with the numbered line, and appends trailing '-' during
+  # substitution so that $LINENO is not a special case at line end.
+  # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the
+  # second 'sed' script.  Blame Lee E. McMahon for sed's syntax.  :-)
+  sed '=' <$as_myself |
+    sed '
+      N
+      s,$,-,
+      : loop
+      s,^\(['$as_cr_digits']*\)\(.*\)[$]LINENO\([^'$as_cr_alnum'_]\),\1\2\1\3,
+      t loop
+      s,-$,,
+      s,^['$as_cr_digits']*\n,,
+    ' >$as_me.lineno &&
+  chmod +x $as_me.lineno ||
+    { echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2
+   { (exit 1); exit 1; }; }
+
+  # Don't try to exec as it changes $[0], causing all sort of problems
+  # (the dirname of $[0] is not the place where we might find the
+  # original and so on.  Autoconf is especially sensible to this).
+  . ./$as_me.lineno
+  # Exit status is that of the last command.
+  exit
+}
+
+
+case `echo "testing\c"; echo 1,2,3`,`echo -n testing; echo 1,2,3` in
+  *c*,-n*) ECHO_N= ECHO_C='
+' ECHO_T='	' ;;
+  *c*,*  ) ECHO_N=-n ECHO_C= ECHO_T= ;;
+  *)       ECHO_N= ECHO_C='\c' ECHO_T= ;;
+esac
+
+if expr a : '\(a\)' >/dev/null 2>&1; then
+  as_expr=expr
+else
+  as_expr=false
+fi
+
+rm -f conf$$ conf$$.exe conf$$.file
+echo >conf$$.file
+if ln -s conf$$.file conf$$ 2>/dev/null; then
+  # We could just check for DJGPP; but this test a) works b) is more generic
+  # and c) will remain valid once DJGPP supports symlinks (DJGPP 2.04).
+  if test -f conf$$.exe; then
+    # Don't use ln at all; we don't have any links
+    as_ln_s='cp -p'
+  else
+    as_ln_s='ln -s'
+  fi
+elif ln conf$$.file conf$$ 2>/dev/null; then
+  as_ln_s=ln
+else
+  as_ln_s='cp -p'
+fi
+rm -f conf$$ conf$$.exe conf$$.file
+
+if mkdir -p . 2>/dev/null; then
+  as_mkdir_p=:
+else
+  test -d ./-p && rmdir ./-p
+  as_mkdir_p=false
+fi
+
+as_executable_p="test -f"
+
+# Sed expression to map a string onto a valid CPP name.
+as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
+
+# Sed expression to map a string onto a valid variable name.
+as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
+
+
+# IFS
+# We need space, tab and new line, in precisely that order.
+as_nl='
+'
+IFS=" 	$as_nl"
+
+# CDPATH.
+$as_unset CDPATH
+
+
+# Name of the host.
+# hostname on some systems (SVR3.2, Linux) returns a bogus exit status,
+# so uname gets run too.
+ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q`
+
+exec 6>&1
+
+#
+# Initializations.
+#
+ac_default_prefix=/usr/local
+ac_config_libobj_dir=.
+cross_compiling=no
+subdirs=
+MFLAGS=
+MAKEFLAGS=
+SHELL=${CONFIG_SHELL-/bin/sh}
+
+# Maximum number of lines to put in a shell here document.
+# This variable seems obsolete.  It should probably be removed, and
+# only ac_max_sed_lines should be used.
+: ${ac_max_here_lines=38}
+
+# Identity of this package.
+PACKAGE_NAME='ZKT'
+PACKAGE_TARNAME='zkt'
+PACKAGE_VERSION='0.97'
+PACKAGE_STRING='ZKT 0.97'
+PACKAGE_BUGREPORT='Holger Zuleger hznet.de'
+
+ac_unique_file="dnssec-zkt.c"
+# Factoring default headers for most tests.
+ac_includes_default="\
+#include <stdio.h>
+#if HAVE_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+#if HAVE_SYS_STAT_H
+# include <sys/stat.h>
+#endif
+#if STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# if HAVE_STDLIB_H
+#  include <stdlib.h>
+# endif
+#endif
+#if HAVE_STRING_H
+# if !STDC_HEADERS && HAVE_MEMORY_H
+#  include <memory.h>
+# endif
+# include <string.h>
+#endif
+#if HAVE_STRINGS_H
+# include <strings.h>
+#endif
+#if HAVE_INTTYPES_H
+# include <inttypes.h>
+#else
+# if HAVE_STDINT_H
+#  include <stdint.h>
+# endif
+#endif
+#if HAVE_UNISTD_H
+# include <unistd.h>
+#endif"
+
+ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT SIGNZONE_PROG CPP EGREP LIBOBJS LTLIBOBJS'
+ac_subst_files=''
+
+# Initialize some variables set by options.
+ac_init_help=
+ac_init_version=false
+# The variables have the same names as the options, with
+# dashes changed to underlines.
+cache_file=/dev/null
+exec_prefix=NONE
+no_create=
+no_recursion=
+prefix=NONE
+program_prefix=NONE
+program_suffix=NONE
+program_transform_name=s,x,x,
+silent=
+site=
+srcdir=
+verbose=
+x_includes=NONE
+x_libraries=NONE
+
+# Installation directory options.
+# These are left unexpanded so users can "make install exec_prefix=/foo"
+# and all the variables that are supposed to be based on exec_prefix
+# by default will actually change.
+# Use braces instead of parens because sh, perl, etc. also accept them.
+bindir='${exec_prefix}/bin'
+sbindir='${exec_prefix}/sbin'
+libexecdir='${exec_prefix}/libexec'
+datadir='${prefix}/share'
+sysconfdir='${prefix}/etc'
+sharedstatedir='${prefix}/com'
+localstatedir='${prefix}/var'
+libdir='${exec_prefix}/lib'
+includedir='${prefix}/include'
+oldincludedir='/usr/include'
+infodir='${prefix}/info'
+mandir='${prefix}/man'
+
+ac_prev=
+for ac_option
+do
+  # If the previous option needs an argument, assign it.
+  if test -n "$ac_prev"; then
+    eval "$ac_prev=\$ac_option"
+    ac_prev=
+    continue
+  fi
+
+  ac_optarg=`expr "x$ac_option" : 'x[^=]*=\(.*\)'`
+
+  # Accept the important Cygnus configure options, so we can diagnose typos.
+
+  case $ac_option in
+
+  -bindir | --bindir | --bindi | --bind | --bin | --bi)
+    ac_prev=bindir ;;
+  -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*)
+    bindir=$ac_optarg ;;
+
+  -build | --build | --buil | --bui | --bu)
+    ac_prev=build_alias ;;
+  -build=* | --build=* | --buil=* | --bui=* | --bu=*)
+    build_alias=$ac_optarg ;;
+
+  -cache-file | --cache-file | --cache-fil | --cache-fi \
+  | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c)
+    ac_prev=cache_file ;;
+  -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \
+  | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*)
+    cache_file=$ac_optarg ;;
+
+  --config-cache | -C)
+    cache_file=config.cache ;;
+
+  -datadir | --datadir | --datadi | --datad | --data | --dat | --da)
+    ac_prev=datadir ;;
+  -datadir=* | --datadir=* | --datadi=* | --datad=* | --data=* | --dat=* \
+  | --da=*)
+    datadir=$ac_optarg ;;
+
+  -disable-* | --disable-*)
+    ac_feature=`expr "x$ac_option" : 'x-*disable-\(.*\)'`
+    # Reject names that are not valid shell variable names.
+    expr "x$ac_feature" : ".*[^-_$as_cr_alnum]" >/dev/null &&
+      { echo "$as_me: error: invalid feature name: $ac_feature" >&2
+   { (exit 1); exit 1; }; }
+    ac_feature=`echo $ac_feature | sed 's/-/_/g'`
+    eval "enable_$ac_feature=no" ;;
+
+  -enable-* | --enable-*)
+    ac_feature=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'`
+    # Reject names that are not valid shell variable names.
+    expr "x$ac_feature" : ".*[^-_$as_cr_alnum]" >/dev/null &&
+      { echo "$as_me: error: invalid feature name: $ac_feature" >&2
+   { (exit 1); exit 1; }; }
+    ac_feature=`echo $ac_feature | sed 's/-/_/g'`
+    case $ac_option in
+      *=*) ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"`;;
+      *) ac_optarg=yes ;;
+    esac
+    eval "enable_$ac_feature='$ac_optarg'" ;;
+
+  -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \
+  | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \
+  | --exec | --exe | --ex)
+    ac_prev=exec_prefix ;;
+  -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \
+  | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \
+  | --exec=* | --exe=* | --ex=*)
+    exec_prefix=$ac_optarg ;;
+
+  -gas | --gas | --ga | --g)
+    # Obsolete; use --with-gas.
+    with_gas=yes ;;
+
+  -help | --help | --hel | --he | -h)
+    ac_init_help=long ;;
+  -help=r* | --help=r* | --hel=r* | --he=r* | -hr*)
+    ac_init_help=recursive ;;
+  -help=s* | --help=s* | --hel=s* | --he=s* | -hs*)
+    ac_init_help=short ;;
+
+  -host | --host | --hos | --ho)
+    ac_prev=host_alias ;;
+  -host=* | --host=* | --hos=* | --ho=*)
+    host_alias=$ac_optarg ;;
+
+  -includedir | --includedir | --includedi | --included | --include \
+  | --includ | --inclu | --incl | --inc)
+    ac_prev=includedir ;;
+  -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \
+  | --includ=* | --inclu=* | --incl=* | --inc=*)
+    includedir=$ac_optarg ;;
+
+  -infodir | --infodir | --infodi | --infod | --info | --inf)
+    ac_prev=infodir ;;
+  -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*)
+    infodir=$ac_optarg ;;
+
+  -libdir | --libdir | --libdi | --libd)
+    ac_prev=libdir ;;
+  -libdir=* | --libdir=* | --libdi=* | --libd=*)
+    libdir=$ac_optarg ;;
+
+  -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \
+  | --libexe | --libex | --libe)
+    ac_prev=libexecdir ;;
+  -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \
+  | --libexe=* | --libex=* | --libe=*)
+    libexecdir=$ac_optarg ;;
+
+  -localstatedir | --localstatedir | --localstatedi | --localstated \
+  | --localstate | --localstat | --localsta | --localst \
+  | --locals | --local | --loca | --loc | --lo)
+    ac_prev=localstatedir ;;
+  -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \
+  | --localstate=* | --localstat=* | --localsta=* | --localst=* \
+  | --locals=* | --local=* | --loca=* | --loc=* | --lo=*)
+    localstatedir=$ac_optarg ;;
+
+  -mandir | --mandir | --mandi | --mand | --man | --ma | --m)
+    ac_prev=mandir ;;
+  -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*)
+    mandir=$ac_optarg ;;
+
+  -nfp | --nfp | --nf)
+    # Obsolete; use --without-fp.
+    with_fp=no ;;
+
+  -no-create | --no-create | --no-creat | --no-crea | --no-cre \
+  | --no-cr | --no-c | -n)
+    no_create=yes ;;
+
+  -no-recursion | --no-recursion | --no-recursio | --no-recursi \
+  | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r)
+    no_recursion=yes ;;
+
+  -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \
+  | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \
+  | --oldin | --oldi | --old | --ol | --o)
+    ac_prev=oldincludedir ;;
+  -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \
+  | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \
+  | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*)
+    oldincludedir=$ac_optarg ;;
+
+  -prefix | --prefix | --prefi | --pref | --pre | --pr | --p)
+    ac_prev=prefix ;;
+  -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*)
+    prefix=$ac_optarg ;;
+
+  -program-prefix | --program-prefix | --program-prefi | --program-pref \
+  | --program-pre | --program-pr | --program-p)
+    ac_prev=program_prefix ;;
+  -program-prefix=* | --program-prefix=* | --program-prefi=* \
+  | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*)
+    program_prefix=$ac_optarg ;;
+
+  -program-suffix | --program-suffix | --program-suffi | --program-suff \
+  | --program-suf | --program-su | --program-s)
+    ac_prev=program_suffix ;;
+  -program-suffix=* | --program-suffix=* | --program-suffi=* \
+  | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*)
+    program_suffix=$ac_optarg ;;
+
+  -program-transform-name | --program-transform-name \
+  | --program-transform-nam | --program-transform-na \
+  | --program-transform-n | --program-transform- \
+  | --program-transform | --program-transfor \
+  | --program-transfo | --program-transf \
+  | --program-trans | --program-tran \
+  | --progr-tra | --program-tr | --program-t)
+    ac_prev=program_transform_name ;;
+  -program-transform-name=* | --program-transform-name=* \
+  | --program-transform-nam=* | --program-transform-na=* \
+  | --program-transform-n=* | --program-transform-=* \
+  | --program-transform=* | --program-transfor=* \
+  | --program-transfo=* | --program-transf=* \
+  | --program-trans=* | --program-tran=* \
+  | --progr-tra=* | --program-tr=* | --program-t=*)
+    program_transform_name=$ac_optarg ;;
+
+  -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+  | -silent | --silent | --silen | --sile | --sil)
+    silent=yes ;;
+
+  -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
+    ac_prev=sbindir ;;
+  -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
+  | --sbi=* | --sb=*)
+    sbindir=$ac_optarg ;;
+
+  -sharedstatedir | --sharedstatedir | --sharedstatedi \
+  | --sharedstated | --sharedstate | --sharedstat | --sharedsta \
+  | --sharedst | --shareds | --shared | --share | --shar \
+  | --sha | --sh)
+    ac_prev=sharedstatedir ;;
+  -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \
+  | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \
+  | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \
+  | --sha=* | --sh=*)
+    sharedstatedir=$ac_optarg ;;
+
+  -site | --site | --sit)
+    ac_prev=site ;;
+  -site=* | --site=* | --sit=*)
+    site=$ac_optarg ;;
+
+  -srcdir | --srcdir | --srcdi | --srcd | --src | --sr)
+    ac_prev=srcdir ;;
+  -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*)
+    srcdir=$ac_optarg ;;
+
+  -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \
+  | --syscon | --sysco | --sysc | --sys | --sy)
+    ac_prev=sysconfdir ;;
+  -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \
+  | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*)
+    sysconfdir=$ac_optarg ;;
+
+  -target | --target | --targe | --targ | --tar | --ta | --t)
+    ac_prev=target_alias ;;
+  -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*)
+    target_alias=$ac_optarg ;;
+
+  -v | -verbose | --verbose | --verbos | --verbo | --verb)
+    verbose=yes ;;
+
+  -version | --version | --versio | --versi | --vers | -V)
+    ac_init_version=: ;;
+
+  -with-* | --with-*)
+    ac_package=`expr "x$ac_option" : 'x-*with-\([^=]*\)'`
+    # Reject names that are not valid shell variable names.
+    expr "x$ac_package" : ".*[^-_$as_cr_alnum]" >/dev/null &&
+      { echo "$as_me: error: invalid package name: $ac_package" >&2
+   { (exit 1); exit 1; }; }
+    ac_package=`echo $ac_package| sed 's/-/_/g'`
+    case $ac_option in
+      *=*) ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"`;;
+      *) ac_optarg=yes ;;
+    esac
+    eval "with_$ac_package='$ac_optarg'" ;;
+
+  -without-* | --without-*)
+    ac_package=`expr "x$ac_option" : 'x-*without-\(.*\)'`
+    # Reject names that are not valid shell variable names.
+    expr "x$ac_package" : ".*[^-_$as_cr_alnum]" >/dev/null &&
+      { echo "$as_me: error: invalid package name: $ac_package" >&2
+   { (exit 1); exit 1; }; }
+    ac_package=`echo $ac_package | sed 's/-/_/g'`
+    eval "with_$ac_package=no" ;;
+
+  --x)
+    # Obsolete; use --with-x.
+    with_x=yes ;;
+
+  -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \
+  | --x-incl | --x-inc | --x-in | --x-i)
+    ac_prev=x_includes ;;
+  -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \
+  | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*)
+    x_includes=$ac_optarg ;;
+
+  -x-libraries | --x-libraries | --x-librarie | --x-librari \
+  | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l)
+    ac_prev=x_libraries ;;
+  -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \
+  | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*)
+    x_libraries=$ac_optarg ;;
+
+  -*) { echo "$as_me: error: unrecognized option: $ac_option
+Try \`$0 --help' for more information." >&2
+   { (exit 1); exit 1; }; }
+    ;;
+
+  *=*)
+    ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='`
+    # Reject names that are not valid shell variable names.
+    expr "x$ac_envvar" : ".*[^_$as_cr_alnum]" >/dev/null &&
+      { echo "$as_me: error: invalid variable name: $ac_envvar" >&2
+   { (exit 1); exit 1; }; }
+    ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"`
+    eval "$ac_envvar='$ac_optarg'"
+    export $ac_envvar ;;
+
+  *)
+    # FIXME: should be removed in autoconf 3.0.
+    echo "$as_me: WARNING: you should use --build, --host, --target" >&2
+    expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null &&
+      echo "$as_me: WARNING: invalid host type: $ac_option" >&2
+    : ${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}
+    ;;
+
+  esac
+done
+
+if test -n "$ac_prev"; then
+  ac_option=--`echo $ac_prev | sed 's/_/-/g'`
+  { echo "$as_me: error: missing argument to $ac_option" >&2
+   { (exit 1); exit 1; }; }
+fi
+
+# Be sure to have absolute paths.
+for ac_var in exec_prefix prefix
+do
+  eval ac_val=$`echo $ac_var`
+  case $ac_val in
+    [\\/$]* | ?:[\\/]* | NONE | '' ) ;;
+    *)  { echo "$as_me: error: expected an absolute directory name for --$ac_var: $ac_val" >&2
+   { (exit 1); exit 1; }; };;
+  esac
+done
+
+# Be sure to have absolute paths.
+for ac_var in bindir sbindir libexecdir datadir sysconfdir sharedstatedir \
+	      localstatedir libdir includedir oldincludedir infodir mandir
+do
+  eval ac_val=$`echo $ac_var`
+  case $ac_val in
+    [\\/$]* | ?:[\\/]* ) ;;
+    *)  { echo "$as_me: error: expected an absolute directory name for --$ac_var: $ac_val" >&2
+   { (exit 1); exit 1; }; };;
+  esac
+done
+
+# There might be people who depend on the old broken behavior: `$host'
+# used to hold the argument of --host etc.
+# FIXME: To remove some day.
+build=$build_alias
+host=$host_alias
+target=$target_alias
+
+# FIXME: To remove some day.
+if test "x$host_alias" != x; then
+  if test "x$build_alias" = x; then
+    cross_compiling=maybe
+    echo "$as_me: WARNING: If you wanted to set the --build type, don't use --host.
+    If a cross compiler is detected then cross compile mode will be used." >&2
+  elif test "x$build_alias" != "x$host_alias"; then
+    cross_compiling=yes
+  fi
+fi
+
+ac_tool_prefix=
+test -n "$host_alias" && ac_tool_prefix=$host_alias-
+
+test "$silent" = yes && exec 6>/dev/null
+
+
+# Find the source files, if location was not specified.
+if test -z "$srcdir"; then
+  ac_srcdir_defaulted=yes
+  # Try the directory containing this script, then its parent.
+  ac_confdir=`(dirname "$0") 2>/dev/null ||
+$as_expr X"$0" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$0" : 'X\(//\)[^/]' \| \
+	 X"$0" : 'X\(//\)$' \| \
+	 X"$0" : 'X\(/\)' \| \
+	 .     : '\(.\)' 2>/dev/null ||
+echo X"$0" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
+  	  /^X\(\/\/\)[^/].*/{ s//\1/; q; }
+  	  /^X\(\/\/\)$/{ s//\1/; q; }
+  	  /^X\(\/\).*/{ s//\1/; q; }
+  	  s/.*/./; q'`
+  srcdir=$ac_confdir
+  if test ! -r $srcdir/$ac_unique_file; then
+    srcdir=..
+  fi
+else
+  ac_srcdir_defaulted=no
+fi
+if test ! -r $srcdir/$ac_unique_file; then
+  if test "$ac_srcdir_defaulted" = yes; then
+    { echo "$as_me: error: cannot find sources ($ac_unique_file) in $ac_confdir or .." >&2
+   { (exit 1); exit 1; }; }
+  else
+    { echo "$as_me: error: cannot find sources ($ac_unique_file) in $srcdir" >&2
+   { (exit 1); exit 1; }; }
+  fi
+fi
+(cd $srcdir && test -r ./$ac_unique_file) 2>/dev/null ||
+  { echo "$as_me: error: sources are in $srcdir, but \`cd $srcdir' does not work" >&2
+   { (exit 1); exit 1; }; }
+srcdir=`echo "$srcdir" | sed 's%\([^\\/]\)[\\/]*$%\1%'`
+ac_env_build_alias_set=${build_alias+set}
+ac_env_build_alias_value=$build_alias
+ac_cv_env_build_alias_set=${build_alias+set}
+ac_cv_env_build_alias_value=$build_alias
+ac_env_host_alias_set=${host_alias+set}
+ac_env_host_alias_value=$host_alias
+ac_cv_env_host_alias_set=${host_alias+set}
+ac_cv_env_host_alias_value=$host_alias
+ac_env_target_alias_set=${target_alias+set}
+ac_env_target_alias_value=$target_alias
+ac_cv_env_target_alias_set=${target_alias+set}
+ac_cv_env_target_alias_value=$target_alias
+ac_env_CC_set=${CC+set}
+ac_env_CC_value=$CC
+ac_cv_env_CC_set=${CC+set}
+ac_cv_env_CC_value=$CC
+ac_env_CFLAGS_set=${CFLAGS+set}
+ac_env_CFLAGS_value=$CFLAGS
+ac_cv_env_CFLAGS_set=${CFLAGS+set}
+ac_cv_env_CFLAGS_value=$CFLAGS
+ac_env_LDFLAGS_set=${LDFLAGS+set}
+ac_env_LDFLAGS_value=$LDFLAGS
+ac_cv_env_LDFLAGS_set=${LDFLAGS+set}
+ac_cv_env_LDFLAGS_value=$LDFLAGS
+ac_env_CPPFLAGS_set=${CPPFLAGS+set}
+ac_env_CPPFLAGS_value=$CPPFLAGS
+ac_cv_env_CPPFLAGS_set=${CPPFLAGS+set}
+ac_cv_env_CPPFLAGS_value=$CPPFLAGS
+ac_env_CPP_set=${CPP+set}
+ac_env_CPP_value=$CPP
+ac_cv_env_CPP_set=${CPP+set}
+ac_cv_env_CPP_value=$CPP
+
+#
+# Report the --help message.
+#
+if test "$ac_init_help" = "long"; then
+  # Omit some internal or obsolete options to make the list less imposing.
+  # This message is too long to be a string in the A/UX 3.1 sh.
+  cat <<_ACEOF
+\`configure' configures ZKT 0.97 to adapt to many kinds of systems.
+
+Usage: $0 [OPTION]... [VAR=VALUE]...
+
+To assign environment variables (e.g., CC, CFLAGS...), specify them as
+VAR=VALUE.  See below for descriptions of some of the useful variables.
+
+Defaults for the options are specified in brackets.
+
+Configuration:
+  -h, --help              display this help and exit
+      --help=short        display options specific to this package
+      --help=recursive    display the short help of all the included packages
+  -V, --version           display version information and exit
+  -q, --quiet, --silent   do not print \`checking...' messages
+      --cache-file=FILE   cache test results in FILE [disabled]
+  -C, --config-cache      alias for \`--cache-file=config.cache'
+  -n, --no-create         do not create output files
+      --srcdir=DIR        find the sources in DIR [configure dir or \`..']
+
+_ACEOF
+
+  cat <<_ACEOF
+Installation directories:
+  --prefix=PREFIX         install architecture-independent files in PREFIX
+			  [$ac_default_prefix]
+  --exec-prefix=EPREFIX   install architecture-dependent files in EPREFIX
+			  [PREFIX]
+
+By default, \`make install' will install all the files in
+\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc.  You can specify
+an installation prefix other than \`$ac_default_prefix' using \`--prefix',
+for instance \`--prefix=\$HOME'.
+
+For better control, use the options below.
+
+Fine tuning of the installation directories:
+  --bindir=DIR           user executables [EPREFIX/bin]
+  --sbindir=DIR          system admin executables [EPREFIX/sbin]
+  --libexecdir=DIR       program executables [EPREFIX/libexec]
+  --datadir=DIR          read-only architecture-independent data [PREFIX/share]
+  --sysconfdir=DIR       read-only single-machine data [PREFIX/etc]
+  --sharedstatedir=DIR   modifiable architecture-independent data [PREFIX/com]
+  --localstatedir=DIR    modifiable single-machine data [PREFIX/var]
+  --libdir=DIR           object code libraries [EPREFIX/lib]
+  --includedir=DIR       C header files [PREFIX/include]
+  --oldincludedir=DIR    C header files for non-gcc [/usr/include]
+  --infodir=DIR          info documentation [PREFIX/info]
+  --mandir=DIR           man documentation [PREFIX/man]
+_ACEOF
+
+  cat <<\_ACEOF
+_ACEOF
+fi
+
+if test -n "$ac_init_help"; then
+  case $ac_init_help in
+     short | recursive ) echo "Configuration of ZKT 0.97:";;
+   esac
+  cat <<\_ACEOF
+
+Optional Features:
+  --disable-FEATURE       do not include FEATURE (same as --enable-FEATURE=no)
+  --enable-FEATURE[=ARG]  include FEATURE [ARG=yes]
+  --enable-print-timezone print out timezone
+  --enable-print-age      print age of year
+  --enable-log-progname   log with progname
+  --disable-log-timestamp do not log with timestamp
+  --disable-log-level     do not log with level
+  --disable-ttl-in-keyfiles
+                          do not allow TTL values in keyfiles
+  --enable-configpath=PATH
+                          set path of config file (defaults to /var/named)
+  --disable-tree          use single linked list instead of binary tree data
+                          structure for dnssec-zkt
+
+Some influential environment variables:
+  CC          C compiler command
+  CFLAGS      C compiler flags
+  LDFLAGS     linker flags, e.g. -L<lib dir> if you have libraries in a
+              nonstandard directory <lib dir>
+  CPPFLAGS    C/C++ preprocessor flags, e.g. -I<include dir> if you have
+              headers in a nonstandard directory <include dir>
+  CPP         C preprocessor
+
+Use these variables to override the choices made by `configure' or to help
+it to find libraries and programs with nonstandard names/locations.
+
+Report bugs to <Holger Zuleger hznet.de>.
+_ACEOF
+fi
+
+if test "$ac_init_help" = "recursive"; then
+  # If there are subdirs, report their specific --help.
+  ac_popdir=`pwd`
+  for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue
+    test -d $ac_dir || continue
+    ac_builddir=.
+
+if test "$ac_dir" != .; then
+  ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'`
+  # A "../" for each directory in $ac_dir_suffix.
+  ac_top_builddir=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,../,g'`
+else
+  ac_dir_suffix= ac_top_builddir=
+fi
+
+case $srcdir in
+  .)  # No --srcdir option.  We are building in place.
+    ac_srcdir=.
+    if test -z "$ac_top_builddir"; then
+       ac_top_srcdir=.
+    else
+       ac_top_srcdir=`echo $ac_top_builddir | sed 's,/$,,'`
+    fi ;;
+  [\\/]* | ?:[\\/]* )  # Absolute path.
+    ac_srcdir=$srcdir$ac_dir_suffix;
+    ac_top_srcdir=$srcdir ;;
+  *) # Relative path.
+    ac_srcdir=$ac_top_builddir$srcdir$ac_dir_suffix
+    ac_top_srcdir=$ac_top_builddir$srcdir ;;
+esac
+
+# Do not use `cd foo && pwd` to compute absolute paths, because
+# the directories may not exist.
+case `pwd` in
+.) ac_abs_builddir="$ac_dir";;
+*)
+  case "$ac_dir" in
+  .) ac_abs_builddir=`pwd`;;
+  [\\/]* | ?:[\\/]* ) ac_abs_builddir="$ac_dir";;
+  *) ac_abs_builddir=`pwd`/"$ac_dir";;
+  esac;;
+esac
+case $ac_abs_builddir in
+.) ac_abs_top_builddir=${ac_top_builddir}.;;
+*)
+  case ${ac_top_builddir}. in
+  .) ac_abs_top_builddir=$ac_abs_builddir;;
+  [\\/]* | ?:[\\/]* ) ac_abs_top_builddir=${ac_top_builddir}.;;
+  *) ac_abs_top_builddir=$ac_abs_builddir/${ac_top_builddir}.;;
+  esac;;
+esac
+case $ac_abs_builddir in
+.) ac_abs_srcdir=$ac_srcdir;;
+*)
+  case $ac_srcdir in
+  .) ac_abs_srcdir=$ac_abs_builddir;;
+  [\\/]* | ?:[\\/]* ) ac_abs_srcdir=$ac_srcdir;;
+  *) ac_abs_srcdir=$ac_abs_builddir/$ac_srcdir;;
+  esac;;
+esac
+case $ac_abs_builddir in
+.) ac_abs_top_srcdir=$ac_top_srcdir;;
+*)
+  case $ac_top_srcdir in
+  .) ac_abs_top_srcdir=$ac_abs_builddir;;
+  [\\/]* | ?:[\\/]* ) ac_abs_top_srcdir=$ac_top_srcdir;;
+  *) ac_abs_top_srcdir=$ac_abs_builddir/$ac_top_srcdir;;
+  esac;;
+esac
+
+    cd $ac_dir
+    # Check for guested configure; otherwise get Cygnus style configure.
+    if test -f $ac_srcdir/configure.gnu; then
+      echo
+      $SHELL $ac_srcdir/configure.gnu  --help=recursive
+    elif test -f $ac_srcdir/configure; then
+      echo
+      $SHELL $ac_srcdir/configure  --help=recursive
+    elif test -f $ac_srcdir/configure.ac ||
+	   test -f $ac_srcdir/configure.in; then
+      echo
+      $ac_configure --help
+    else
+      echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2
+    fi
+    cd $ac_popdir
+  done
+fi
+
+test -n "$ac_init_help" && exit 0
+if $ac_init_version; then
+  cat <<\_ACEOF
+ZKT configure 0.97
+generated by GNU Autoconf 2.59
+
+Copyright (C) 2003 Free Software Foundation, Inc.
+This configure script is free software; the Free Software Foundation
+gives unlimited permission to copy, distribute and modify it.
+_ACEOF
+  exit 0
+fi
+exec 5>config.log
+cat >&5 <<_ACEOF
+This file contains any messages produced by compilers while
+running configure, to aid debugging if configure makes a mistake.
+
+It was created by ZKT $as_me 0.97, which was
+generated by GNU Autoconf 2.59.  Invocation command line was
+
+  $ $0 $@
+
+_ACEOF
+{
+cat <<_ASUNAME
+## --------- ##
+## Platform. ##
+## --------- ##
+
+hostname = `(hostname || uname -n) 2>/dev/null | sed 1q`
+uname -m = `(uname -m) 2>/dev/null || echo unknown`
+uname -r = `(uname -r) 2>/dev/null || echo unknown`
+uname -s = `(uname -s) 2>/dev/null || echo unknown`
+uname -v = `(uname -v) 2>/dev/null || echo unknown`
+
+/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown`
+/bin/uname -X     = `(/bin/uname -X) 2>/dev/null     || echo unknown`
+
+/bin/arch              = `(/bin/arch) 2>/dev/null              || echo unknown`
+/usr/bin/arch -k       = `(/usr/bin/arch -k) 2>/dev/null       || echo unknown`
+/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown`
+hostinfo               = `(hostinfo) 2>/dev/null               || echo unknown`
+/bin/machine           = `(/bin/machine) 2>/dev/null           || echo unknown`
+/usr/bin/oslevel       = `(/usr/bin/oslevel) 2>/dev/null       || echo unknown`
+/bin/universe          = `(/bin/universe) 2>/dev/null          || echo unknown`
+
+_ASUNAME
+
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  echo "PATH: $as_dir"
+done
+
+} >&5
+
+cat >&5 <<_ACEOF
+
+
+## ----------- ##
+## Core tests. ##
+## ----------- ##
+
+_ACEOF
+
+
+# Keep a trace of the command line.
+# Strip out --no-create and --no-recursion so they do not pile up.
+# Strip out --silent because we don't want to record it for future runs.
+# Also quote any args containing shell meta-characters.
+# Make two passes to allow for proper duplicate-argument suppression.
+ac_configure_args=
+ac_configure_args0=
+ac_configure_args1=
+ac_sep=
+ac_must_keep_next=false
+for ac_pass in 1 2
+do
+  for ac_arg
+  do
+    case $ac_arg in
+    -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;;
+    -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+    | -silent | --silent | --silen | --sile | --sil)
+      continue ;;
+    *" "*|*"	"*|*[\[\]\~\#\$\^\&\*\(\)\{\}\\\|\;\<\>\?\"\']*)
+      ac_arg=`echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;;
+    esac
+    case $ac_pass in
+    1) ac_configure_args0="$ac_configure_args0 '$ac_arg'" ;;
+    2)
+      ac_configure_args1="$ac_configure_args1 '$ac_arg'"
+      if test $ac_must_keep_next = true; then
+	ac_must_keep_next=false # Got value, back to normal.
+      else
+	case $ac_arg in
+	  *=* | --config-cache | -C | -disable-* | --disable-* \
+	  | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \
+	  | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \
+	  | -with-* | --with-* | -without-* | --without-* | --x)
+	    case "$ac_configure_args0 " in
+	      "$ac_configure_args1"*" '$ac_arg' "* ) continue ;;
+	    esac
+	    ;;
+	  -* ) ac_must_keep_next=true ;;
+	esac
+      fi
+      ac_configure_args="$ac_configure_args$ac_sep'$ac_arg'"
+      # Get rid of the leading space.
+      ac_sep=" "
+      ;;
+    esac
+  done
+done
+$as_unset ac_configure_args0 || test "${ac_configure_args0+set}" != set || { ac_configure_args0=; export ac_configure_args0; }
+$as_unset ac_configure_args1 || test "${ac_configure_args1+set}" != set || { ac_configure_args1=; export ac_configure_args1; }
+
+# When interrupted or exit'd, cleanup temporary files, and complete
+# config.log.  We remove comments because anyway the quotes in there
+# would cause problems or look ugly.
+# WARNING: Be sure not to use single quotes in there, as some shells,
+# such as our DU 5.0 friend, will then `close' the trap.
+trap 'exit_status=$?
+  # Save into config.log some information that might help in debugging.
+  {
+    echo
+
+    cat <<\_ASBOX
+## ---------------- ##
+## Cache variables. ##
+## ---------------- ##
+_ASBOX
+    echo
+    # The following way of writing the cache mishandles newlines in values,
+{
+  (set) 2>&1 |
+    case `(ac_space='"'"' '"'"'; set | grep ac_space) 2>&1` in
+    *ac_space=\ *)
+      sed -n \
+	"s/'"'"'/'"'"'\\\\'"'"''"'"'/g;
+	  s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='"'"'\\2'"'"'/p"
+      ;;
+    *)
+      sed -n \
+	"s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1=\\2/p"
+      ;;
+    esac;
+}
+    echo
+
+    cat <<\_ASBOX
+## ----------------- ##
+## Output variables. ##
+## ----------------- ##
+_ASBOX
+    echo
+    for ac_var in $ac_subst_vars
+    do
+      eval ac_val=$`echo $ac_var`
+      echo "$ac_var='"'"'$ac_val'"'"'"
+    done | sort
+    echo
+
+    if test -n "$ac_subst_files"; then
+      cat <<\_ASBOX
+## ------------- ##
+## Output files. ##
+## ------------- ##
+_ASBOX
+      echo
+      for ac_var in $ac_subst_files
+      do
+	eval ac_val=$`echo $ac_var`
+	echo "$ac_var='"'"'$ac_val'"'"'"
+      done | sort
+      echo
+    fi
+
+    if test -s confdefs.h; then
+      cat <<\_ASBOX
+## ----------- ##
+## confdefs.h. ##
+## ----------- ##
+_ASBOX
+      echo
+      sed "/^$/d" confdefs.h | sort
+      echo
+    fi
+    test "$ac_signal" != 0 &&
+      echo "$as_me: caught signal $ac_signal"
+    echo "$as_me: exit $exit_status"
+  } >&5
+  rm -f core *.core &&
+  rm -rf conftest* confdefs* conf$$* $ac_clean_files &&
+    exit $exit_status
+     ' 0
+for ac_signal in 1 2 13 15; do
+  trap 'ac_signal='$ac_signal'; { (exit 1); exit 1; }' $ac_signal
+done
+ac_signal=0
+
+# confdefs.h avoids OS command line length limits that DEFS can exceed.
+rm -rf conftest* confdefs.h
+# AIX cpp loses on an empty file, so make sure it contains at least a newline.
+echo >confdefs.h
+
+# Predefined preprocessor variables.
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_NAME "$PACKAGE_NAME"
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_TARNAME "$PACKAGE_TARNAME"
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_VERSION "$PACKAGE_VERSION"
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_STRING "$PACKAGE_STRING"
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT"
+_ACEOF
+
+
+# Let the site file select an alternate cache file if it wants to.
+# Prefer explicitly selected file to automatically selected ones.
+if test -z "$CONFIG_SITE"; then
+  if test "x$prefix" != xNONE; then
+    CONFIG_SITE="$prefix/share/config.site $prefix/etc/config.site"
+  else
+    CONFIG_SITE="$ac_default_prefix/share/config.site $ac_default_prefix/etc/config.site"
+  fi
+fi
+for ac_site_file in $CONFIG_SITE; do
+  if test -r "$ac_site_file"; then
+    { echo "$as_me:$LINENO: loading site script $ac_site_file" >&5
+echo "$as_me: loading site script $ac_site_file" >&6;}
+    sed 's/^/| /' "$ac_site_file" >&5
+    . "$ac_site_file"
+  fi
+done
+
+if test -r "$cache_file"; then
+  # Some versions of bash will fail to source /dev/null (special
+  # files actually), so we avoid doing that.
+  if test -f "$cache_file"; then
+    { echo "$as_me:$LINENO: loading cache $cache_file" >&5
+echo "$as_me: loading cache $cache_file" >&6;}
+    case $cache_file in
+      [\\/]* | ?:[\\/]* ) . $cache_file;;
+      *)                      . ./$cache_file;;
+    esac
+  fi
+else
+  { echo "$as_me:$LINENO: creating cache $cache_file" >&5
+echo "$as_me: creating cache $cache_file" >&6;}
+  >$cache_file
+fi
+
+# Check that the precious variables saved in the cache have kept the same
+# value.
+ac_cache_corrupted=false
+for ac_var in `(set) 2>&1 |
+	       sed -n 's/^ac_env_\([a-zA-Z_0-9]*\)_set=.*/\1/p'`; do
+  eval ac_old_set=\$ac_cv_env_${ac_var}_set
+  eval ac_new_set=\$ac_env_${ac_var}_set
+  eval ac_old_val="\$ac_cv_env_${ac_var}_value"
+  eval ac_new_val="\$ac_env_${ac_var}_value"
+  case $ac_old_set,$ac_new_set in
+    set,)
+      { echo "$as_me:$LINENO: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5
+echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;}
+      ac_cache_corrupted=: ;;
+    ,set)
+      { echo "$as_me:$LINENO: error: \`$ac_var' was not set in the previous run" >&5
+echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;}
+      ac_cache_corrupted=: ;;
+    ,);;
+    *)
+      if test "x$ac_old_val" != "x$ac_new_val"; then
+	{ echo "$as_me:$LINENO: error: \`$ac_var' has changed since the previous run:" >&5
+echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;}
+	{ echo "$as_me:$LINENO:   former value:  $ac_old_val" >&5
+echo "$as_me:   former value:  $ac_old_val" >&2;}
+	{ echo "$as_me:$LINENO:   current value: $ac_new_val" >&5
+echo "$as_me:   current value: $ac_new_val" >&2;}
+	ac_cache_corrupted=:
+      fi;;
+  esac
+  # Pass precious variables to config.status.
+  if test "$ac_new_set" = set; then
+    case $ac_new_val in
+    *" "*|*"	"*|*[\[\]\~\#\$\^\&\*\(\)\{\}\\\|\;\<\>\?\"\']*)
+      ac_arg=$ac_var=`echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;;
+    *) ac_arg=$ac_var=$ac_new_val ;;
+    esac
+    case " $ac_configure_args " in
+      *" '$ac_arg' "*) ;; # Avoid dups.  Use of quotes ensures accuracy.
+      *) ac_configure_args="$ac_configure_args '$ac_arg'" ;;
+    esac
+  fi
+done
+if $ac_cache_corrupted; then
+  { echo "$as_me:$LINENO: error: changes in the environment can compromise the build" >&5
+echo "$as_me: error: changes in the environment can compromise the build" >&2;}
+  { { echo "$as_me:$LINENO: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&5
+echo "$as_me: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&2;}
+   { (exit 1); exit 1; }; }
+fi
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+### Files to test to check if src dir contains the package
+
+          ac_config_headers="$ac_config_headers config.h"
+
+
+
+### Checks for programs.
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args.
+set dummy ${ac_tool_prefix}gcc; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_prog_CC+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  if test -n "$CC"; then
+  ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_CC="${ac_tool_prefix}gcc"
+    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+  echo "$as_me:$LINENO: result: $CC" >&5
+echo "${ECHO_T}$CC" >&6
+else
+  echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+fi
+if test -z "$ac_cv_prog_CC"; then
+  ac_ct_CC=$CC
+  # Extract the first word of "gcc", so it can be a program name with args.
+set dummy gcc; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_prog_ac_ct_CC+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  if test -n "$ac_ct_CC"; then
+  ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_ac_ct_CC="gcc"
+    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+
+fi
+fi
+ac_ct_CC=$ac_cv_prog_ac_ct_CC
+if test -n "$ac_ct_CC"; then
+  echo "$as_me:$LINENO: result: $ac_ct_CC" >&5
+echo "${ECHO_T}$ac_ct_CC" >&6
+else
+  echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+  CC=$ac_ct_CC
+else
+  CC="$ac_cv_prog_CC"
+fi
+
+if test -z "$CC"; then
+  if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args.
+set dummy ${ac_tool_prefix}cc; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_prog_CC+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  if test -n "$CC"; then
+  ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_CC="${ac_tool_prefix}cc"
+    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+  echo "$as_me:$LINENO: result: $CC" >&5
+echo "${ECHO_T}$CC" >&6
+else
+  echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+fi
+if test -z "$ac_cv_prog_CC"; then
+  ac_ct_CC=$CC
+  # Extract the first word of "cc", so it can be a program name with args.
+set dummy cc; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_prog_ac_ct_CC+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  if test -n "$ac_ct_CC"; then
+  ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_ac_ct_CC="cc"
+    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+
+fi
+fi
+ac_ct_CC=$ac_cv_prog_ac_ct_CC
+if test -n "$ac_ct_CC"; then
+  echo "$as_me:$LINENO: result: $ac_ct_CC" >&5
+echo "${ECHO_T}$ac_ct_CC" >&6
+else
+  echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+  CC=$ac_ct_CC
+else
+  CC="$ac_cv_prog_CC"
+fi
+
+fi
+if test -z "$CC"; then
+  # Extract the first word of "cc", so it can be a program name with args.
+set dummy cc; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_prog_CC+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  if test -n "$CC"; then
+  ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+  ac_prog_rejected=no
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then
+       ac_prog_rejected=yes
+       continue
+     fi
+    ac_cv_prog_CC="cc"
+    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+
+if test $ac_prog_rejected = yes; then
+  # We found a bogon in the path, so make sure we never use it.
+  set dummy $ac_cv_prog_CC
+  shift
+  if test $# != 0; then
+    # We chose a different compiler from the bogus one.
+    # However, it has the same basename, so the bogon will be chosen
+    # first if we set CC to just the basename; use the full file name.
+    shift
+    ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@"
+  fi
+fi
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+  echo "$as_me:$LINENO: result: $CC" >&5
+echo "${ECHO_T}$CC" >&6
+else
+  echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+fi
+if test -z "$CC"; then
+  if test -n "$ac_tool_prefix"; then
+  for ac_prog in cl
+  do
+    # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
+set dummy $ac_tool_prefix$ac_prog; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_prog_CC+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  if test -n "$CC"; then
+  ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_CC="$ac_tool_prefix$ac_prog"
+    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+  echo "$as_me:$LINENO: result: $CC" >&5
+echo "${ECHO_T}$CC" >&6
+else
+  echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+    test -n "$CC" && break
+  done
+fi
+if test -z "$CC"; then
+  ac_ct_CC=$CC
+  for ac_prog in cl
+do
+  # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_prog_ac_ct_CC+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  if test -n "$ac_ct_CC"; then
+  ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_prog_ac_ct_CC="$ac_prog"
+    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+
+fi
+fi
+ac_ct_CC=$ac_cv_prog_ac_ct_CC
+if test -n "$ac_ct_CC"; then
+  echo "$as_me:$LINENO: result: $ac_ct_CC" >&5
+echo "${ECHO_T}$ac_ct_CC" >&6
+else
+  echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+  test -n "$ac_ct_CC" && break
+done
+
+  CC=$ac_ct_CC
+fi
+
+fi
+
+
+test -z "$CC" && { { echo "$as_me:$LINENO: error: no acceptable C compiler found in \$PATH
+See \`config.log' for more details." >&5
+echo "$as_me: error: no acceptable C compiler found in \$PATH
+See \`config.log' for more details." >&2;}
+   { (exit 1); exit 1; }; }
+
+# Provide some information about the compiler.
+echo "$as_me:$LINENO:" \
+     "checking for C compiler version" >&5
+ac_compiler=`set X $ac_compile; echo $2`
+{ (eval echo "$as_me:$LINENO: \"$ac_compiler --version </dev/null >&5\"") >&5
+  (eval $ac_compiler --version </dev/null >&5) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }
+{ (eval echo "$as_me:$LINENO: \"$ac_compiler -v </dev/null >&5\"") >&5
+  (eval $ac_compiler -v </dev/null >&5) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }
+{ (eval echo "$as_me:$LINENO: \"$ac_compiler -V </dev/null >&5\"") >&5
+  (eval $ac_compiler -V </dev/null >&5) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }
+
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+ac_clean_files_save=$ac_clean_files
+ac_clean_files="$ac_clean_files a.out a.exe b.out"
+# Try to create an executable without -o first, disregard a.out.
+# It will help us diagnose broken compilers, and finding out an intuition
+# of exeext.
+echo "$as_me:$LINENO: checking for C compiler default output file name" >&5
+echo $ECHO_N "checking for C compiler default output file name... $ECHO_C" >&6
+ac_link_default=`echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'`
+if { (eval echo "$as_me:$LINENO: \"$ac_link_default\"") >&5
+  (eval $ac_link_default) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; then
+  # Find the output, starting from the most likely.  This scheme is
+# not robust to junk in `.', hence go to wildcards (a.*) only as a last
+# resort.
+
+# Be careful to initialize this variable, since it used to be cached.
+# Otherwise an old cache value of `no' led to `EXEEXT = no' in a Makefile.
+ac_cv_exeext=
+# b.out is created by i960 compilers.
+for ac_file in a_out.exe a.exe conftest.exe a.out conftest a.* conftest.* b.out
+do
+  test -f "$ac_file" || continue
+  case $ac_file in
+    *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.o | *.obj )
+	;;
+    conftest.$ac_ext )
+	# This is the source file.
+	;;
+    [ab].out )
+	# We found the default executable, but exeext='' is most
+	# certainly right.
+	break;;
+    *.* )
+	ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
+	# FIXME: I believe we export ac_cv_exeext for Libtool,
+	# but it would be cool to find out if it's true.  Does anybody
+	# maintain Libtool? --akim.
+	export ac_cv_exeext
+	break;;
+    * )
+	break;;
+  esac
+done
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+{ { echo "$as_me:$LINENO: error: C compiler cannot create executables
+See \`config.log' for more details." >&5
+echo "$as_me: error: C compiler cannot create executables
+See \`config.log' for more details." >&2;}
+   { (exit 77); exit 77; }; }
+fi
+
+ac_exeext=$ac_cv_exeext
+echo "$as_me:$LINENO: result: $ac_file" >&5
+echo "${ECHO_T}$ac_file" >&6
+
+# Check the compiler produces executables we can run.  If not, either
+# the compiler is broken, or we cross compile.
+echo "$as_me:$LINENO: checking whether the C compiler works" >&5
+echo $ECHO_N "checking whether the C compiler works... $ECHO_C" >&6
+# FIXME: These cross compiler hacks should be removed for Autoconf 3.0
+# If not cross compiling, check that we can run a simple program.
+if test "$cross_compiling" != yes; then
+  if { ac_try='./$ac_file'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+    cross_compiling=no
+  else
+    if test "$cross_compiling" = maybe; then
+	cross_compiling=yes
+    else
+	{ { echo "$as_me:$LINENO: error: cannot run C compiled programs.
+If you meant to cross compile, use \`--host'.
+See \`config.log' for more details." >&5
+echo "$as_me: error: cannot run C compiled programs.
+If you meant to cross compile, use \`--host'.
+See \`config.log' for more details." >&2;}
+   { (exit 1); exit 1; }; }
+    fi
+  fi
+fi
+echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6
+
+rm -f a.out a.exe conftest$ac_cv_exeext b.out
+ac_clean_files=$ac_clean_files_save
+# Check the compiler produces executables we can run.  If not, either
+# the compiler is broken, or we cross compile.
+echo "$as_me:$LINENO: checking whether we are cross compiling" >&5
+echo $ECHO_N "checking whether we are cross compiling... $ECHO_C" >&6
+echo "$as_me:$LINENO: result: $cross_compiling" >&5
+echo "${ECHO_T}$cross_compiling" >&6
+
+echo "$as_me:$LINENO: checking for suffix of executables" >&5
+echo $ECHO_N "checking for suffix of executables... $ECHO_C" >&6
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; then
+  # If both `conftest.exe' and `conftest' are `present' (well, observable)
+# catch `conftest.exe'.  For instance with Cygwin, `ls conftest' will
+# work properly (i.e., refer to `conftest.exe'), while it won't with
+# `rm'.
+for ac_file in conftest.exe conftest conftest.*; do
+  test -f "$ac_file" || continue
+  case $ac_file in
+    *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.o | *.obj ) ;;
+    *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
+	  export ac_cv_exeext
+	  break;;
+    * ) break;;
+  esac
+done
+else
+  { { echo "$as_me:$LINENO: error: cannot compute suffix of executables: cannot compile and link
+See \`config.log' for more details." >&5
+echo "$as_me: error: cannot compute suffix of executables: cannot compile and link
+See \`config.log' for more details." >&2;}
+   { (exit 1); exit 1; }; }
+fi
+
+rm -f conftest$ac_cv_exeext
+echo "$as_me:$LINENO: result: $ac_cv_exeext" >&5
+echo "${ECHO_T}$ac_cv_exeext" >&6
+
+rm -f conftest.$ac_ext
+EXEEXT=$ac_cv_exeext
+ac_exeext=$EXEEXT
+echo "$as_me:$LINENO: checking for suffix of object files" >&5
+echo $ECHO_N "checking for suffix of object files... $ECHO_C" >&6
+if test "${ac_cv_objext+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.o conftest.obj
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; then
+  for ac_file in `(ls conftest.o conftest.obj; ls conftest.*) 2>/dev/null`; do
+  case $ac_file in
+    *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg ) ;;
+    *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'`
+       break;;
+  esac
+done
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+{ { echo "$as_me:$LINENO: error: cannot compute suffix of object files: cannot compile
+See \`config.log' for more details." >&5
+echo "$as_me: error: cannot compute suffix of object files: cannot compile
+See \`config.log' for more details." >&2;}
+   { (exit 1); exit 1; }; }
+fi
+
+rm -f conftest.$ac_cv_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_objext" >&5
+echo "${ECHO_T}$ac_cv_objext" >&6
+OBJEXT=$ac_cv_objext
+ac_objext=$OBJEXT
+echo "$as_me:$LINENO: checking whether we are using the GNU C compiler" >&5
+echo $ECHO_N "checking whether we are using the GNU C compiler... $ECHO_C" >&6
+if test "${ac_cv_c_compiler_gnu+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+int
+main ()
+{
+#ifndef __GNUC__
+       choke me
+#endif
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest.$ac_objext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_compiler_gnu=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_compiler_gnu=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+ac_cv_c_compiler_gnu=$ac_compiler_gnu
+
+fi
+echo "$as_me:$LINENO: result: $ac_cv_c_compiler_gnu" >&5
+echo "${ECHO_T}$ac_cv_c_compiler_gnu" >&6
+GCC=`test $ac_compiler_gnu = yes && echo yes`
+ac_test_CFLAGS=${CFLAGS+set}
+ac_save_CFLAGS=$CFLAGS
+CFLAGS="-g"
+echo "$as_me:$LINENO: checking whether $CC accepts -g" >&5
+echo $ECHO_N "checking whether $CC accepts -g... $ECHO_C" >&6
+if test "${ac_cv_prog_cc_g+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest.$ac_objext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_prog_cc_g=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_prog_cc_g=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_prog_cc_g" >&5
+echo "${ECHO_T}$ac_cv_prog_cc_g" >&6
+if test "$ac_test_CFLAGS" = set; then
+  CFLAGS=$ac_save_CFLAGS
+elif test $ac_cv_prog_cc_g = yes; then
+  if test "$GCC" = yes; then
+    CFLAGS="-g -O2"
+  else
+    CFLAGS="-g"
+  fi
+else
+  if test "$GCC" = yes; then
+    CFLAGS="-O2"
+  else
+    CFLAGS=
+  fi
+fi
+echo "$as_me:$LINENO: checking for $CC option to accept ANSI C" >&5
+echo $ECHO_N "checking for $CC option to accept ANSI C... $ECHO_C" >&6
+if test "${ac_cv_prog_cc_stdc+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  ac_cv_prog_cc_stdc=no
+ac_save_CC=$CC
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#include <stdarg.h>
+#include <stdio.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+/* Most of the following tests are stolen from RCS 5.7's src/conf.sh.  */
+struct buf { int x; };
+FILE * (*rcsopen) (struct buf *, struct stat *, int);
+static char *e (p, i)
+     char **p;
+     int i;
+{
+  return p[i];
+}
+static char *f (char * (*g) (char **, int), char **p, ...)
+{
+  char *s;
+  va_list v;
+  va_start (v,p);
+  s = g (p, va_arg (v,int));
+  va_end (v);
+  return s;
+}
+
+/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default.  It has
+   function prototypes and stuff, but not '\xHH' hex character constants.
+   These don't provoke an error unfortunately, instead are silently treated
+   as 'x'.  The following induces an error, until -std1 is added to get
+   proper ANSI mode.  Curiously '\x00'!='x' always comes out true, for an
+   array size at least.  It's necessary to write '\x00'==0 to get something
+   that's true only with -std1.  */
+int osf4_cc_array ['\x00' == 0 ? 1 : -1];
+
+int test (int i, double x);
+struct s1 {int (*f) (int a);};
+struct s2 {int (*f) (double a);};
+int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int);
+int argc;
+char **argv;
+int
+main ()
+{
+return f (e, argv, 0) != argv[0]  ||  f (e, argv, 1) != argv[1];
+  ;
+  return 0;
+}
+_ACEOF
+# Don't try gcc -ansi; that turns off useful extensions and
+# breaks some systems' header files.
+# AIX			-qlanglvl=ansi
+# Ultrix and OSF/1	-std1
+# HP-UX 10.20 and later	-Ae
+# HP-UX older versions	-Aa -D_HPUX_SOURCE
+# SVR4			-Xc -D__EXTENSIONS__
+for ac_arg in "" -qlanglvl=ansi -std1 -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__"
+do
+  CC="$ac_save_CC $ac_arg"
+  rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest.$ac_objext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_prog_cc_stdc=$ac_arg
+break
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+fi
+rm -f conftest.err conftest.$ac_objext
+done
+rm -f conftest.$ac_ext conftest.$ac_objext
+CC=$ac_save_CC
+
+fi
+
+case "x$ac_cv_prog_cc_stdc" in
+  x|xno)
+    echo "$as_me:$LINENO: result: none needed" >&5
+echo "${ECHO_T}none needed" >&6 ;;
+  *)
+    echo "$as_me:$LINENO: result: $ac_cv_prog_cc_stdc" >&5
+echo "${ECHO_T}$ac_cv_prog_cc_stdc" >&6
+    CC="$CC $ac_cv_prog_cc_stdc" ;;
+esac
+
+# Some people use a C++ compiler to compile C.  Since we use `exit',
+# in C++ we need to declare it.  In case someone uses the same compiler
+# for both compiling C and C++ we need to have the C++ compiler decide
+# the declaration of exit, since it's the most demanding environment.
+cat >conftest.$ac_ext <<_ACEOF
+#ifndef __cplusplus
+  choke me
+#endif
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest.$ac_objext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  for ac_declaration in \
+   '' \
+   'extern "C" void std::exit (int) throw (); using std::exit;' \
+   'extern "C" void std::exit (int); using std::exit;' \
+   'extern "C" void exit (int) throw ();' \
+   'extern "C" void exit (int);' \
+   'void exit (int);'
+do
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+$ac_declaration
+#include <stdlib.h>
+int
+main ()
+{
+exit (42);
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest.$ac_objext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  :
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+continue
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+$ac_declaration
+int
+main ()
+{
+exit (42);
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest.$ac_objext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  break
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+done
+rm -f conftest*
+if test -n "$ac_declaration"; then
+  echo '#ifdef __cplusplus' >>confdefs.h
+  echo $ac_declaration      >>confdefs.h
+  echo '#endif'             >>confdefs.h
+fi
+
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+### find out the path to BIND utils and version
+# Extract the first word of "dnssec-signzone", so it can be a program name with args.
+set dummy dnssec-signzone; ac_word=$2
+echo "$as_me:$LINENO: checking for $ac_word" >&5
+echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6
+if test "${ac_cv_path_SIGNZONE_PROG+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  case $SIGNZONE_PROG in
+  [\\/]* | ?:[\\/]*)
+  ac_cv_path_SIGNZONE_PROG="$SIGNZONE_PROG" # Let the user override the test with a path.
+  ;;
+  *)
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for ac_exec_ext in '' $ac_executable_extensions; do
+  if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+    ac_cv_path_SIGNZONE_PROG="$as_dir/$ac_word$ac_exec_ext"
+    echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+done
+
+  ;;
+esac
+fi
+SIGNZONE_PROG=$ac_cv_path_SIGNZONE_PROG
+
+if test -n "$SIGNZONE_PROG"; then
+  echo "$as_me:$LINENO: result: $SIGNZONE_PROG" >&5
+echo "${ECHO_T}$SIGNZONE_PROG" >&6
+else
+  echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6
+fi
+
+bind_util_path=`dirname $SIGNZONE_PROG`
+if test -z "$SIGNZONE_PROG" ; then
+        { { echo "$as_me:$LINENO: error: *** 'BIND dnssec-signzone dnssec-keygen' missing, please install or fix your \$PATH ***" >&5
+echo "$as_me: error: *** 'BIND dnssec-signzone dnssec-keygen' missing, please install or fix your \$PATH ***" >&2;}
+   { (exit 1); exit 1; }; }
+	fi
+
+# define BIND_UTIL_PATH in config.h.in
+
+cat >>confdefs.h <<_ACEOF
+#define BIND_UTIL_PATH "$bind_util_path/"
+_ACEOF
+
+# define BIND_VERSION in config.h.in
+bind_version=`$SIGNZONE_PROG 2>&1 | grep Version: | tr -dc 0-9`
+
+cat >>confdefs.h <<_ACEOF
+#define BIND_VERSION $bind_version
+_ACEOF
+
+
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+echo "$as_me:$LINENO: checking how to run the C preprocessor" >&5
+echo $ECHO_N "checking how to run the C preprocessor... $ECHO_C" >&6
+# On Suns, sometimes $CPP names a directory.
+if test -n "$CPP" && test -d "$CPP"; then
+  CPP=
+fi
+if test -z "$CPP"; then
+  if test "${ac_cv_prog_CPP+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+      # Double quotes because CPP needs to be expanded
+    for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp"
+    do
+      ac_preproc_ok=false
+for ac_c_preproc_warn_flag in '' yes
+do
+  # Use a header file that comes with gcc, so configuring glibc
+  # with a fresh cross-compiler works.
+  # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+  # <limits.h> exists even on freestanding compilers.
+  # On the NeXT, cc -E runs the code through the compiler's parser,
+  # not just through cpp. "Syntax error" is here to catch this case.
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+		     Syntax error
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } >/dev/null; then
+  if test -s conftest.err; then
+    ac_cpp_err=$ac_c_preproc_warn_flag
+    ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
+  else
+    ac_cpp_err=
+  fi
+else
+  ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+  :
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+  # Broken: fails on valid input.
+continue
+fi
+rm -f conftest.err conftest.$ac_ext
+
+  # OK, works on sane cases.  Now check whether non-existent headers
+  # can be detected and how.
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#include <ac_nonexistent.h>
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } >/dev/null; then
+  if test -s conftest.err; then
+    ac_cpp_err=$ac_c_preproc_warn_flag
+    ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
+  else
+    ac_cpp_err=
+  fi
+else
+  ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+  # Broken: success on invalid input.
+continue
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+  # Passes both tests.
+ac_preproc_ok=:
+break
+fi
+rm -f conftest.err conftest.$ac_ext
+
+done
+# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
+rm -f conftest.err conftest.$ac_ext
+if $ac_preproc_ok; then
+  break
+fi
+
+    done
+    ac_cv_prog_CPP=$CPP
+
+fi
+  CPP=$ac_cv_prog_CPP
+else
+  ac_cv_prog_CPP=$CPP
+fi
+echo "$as_me:$LINENO: result: $CPP" >&5
+echo "${ECHO_T}$CPP" >&6
+ac_preproc_ok=false
+for ac_c_preproc_warn_flag in '' yes
+do
+  # Use a header file that comes with gcc, so configuring glibc
+  # with a fresh cross-compiler works.
+  # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+  # <limits.h> exists even on freestanding compilers.
+  # On the NeXT, cc -E runs the code through the compiler's parser,
+  # not just through cpp. "Syntax error" is here to catch this case.
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+		     Syntax error
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } >/dev/null; then
+  if test -s conftest.err; then
+    ac_cpp_err=$ac_c_preproc_warn_flag
+    ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
+  else
+    ac_cpp_err=
+  fi
+else
+  ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+  :
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+  # Broken: fails on valid input.
+continue
+fi
+rm -f conftest.err conftest.$ac_ext
+
+  # OK, works on sane cases.  Now check whether non-existent headers
+  # can be detected and how.
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#include <ac_nonexistent.h>
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } >/dev/null; then
+  if test -s conftest.err; then
+    ac_cpp_err=$ac_c_preproc_warn_flag
+    ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
+  else
+    ac_cpp_err=
+  fi
+else
+  ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+  # Broken: success on invalid input.
+continue
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+  # Passes both tests.
+ac_preproc_ok=:
+break
+fi
+rm -f conftest.err conftest.$ac_ext
+
+done
+# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
+rm -f conftest.err conftest.$ac_ext
+if $ac_preproc_ok; then
+  :
+else
+  { { echo "$as_me:$LINENO: error: C preprocessor \"$CPP\" fails sanity check
+See \`config.log' for more details." >&5
+echo "$as_me: error: C preprocessor \"$CPP\" fails sanity check
+See \`config.log' for more details." >&2;}
+   { (exit 1); exit 1; }; }
+fi
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+echo "$as_me:$LINENO: checking for egrep" >&5
+echo $ECHO_N "checking for egrep... $ECHO_C" >&6
+if test "${ac_cv_prog_egrep+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  if echo a | (grep -E '(a|b)') >/dev/null 2>&1
+    then ac_cv_prog_egrep='grep -E'
+    else ac_cv_prog_egrep='egrep'
+    fi
+fi
+echo "$as_me:$LINENO: result: $ac_cv_prog_egrep" >&5
+echo "${ECHO_T}$ac_cv_prog_egrep" >&6
+ EGREP=$ac_cv_prog_egrep
+
+
+echo "$as_me:$LINENO: checking for ANSI C header files" >&5
+echo $ECHO_N "checking for ANSI C header files... $ECHO_C" >&6
+if test "${ac_cv_header_stdc+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#include <stdlib.h>
+#include <stdarg.h>
+#include <string.h>
+#include <float.h>
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest.$ac_objext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_header_stdc=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_header_stdc=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+if test $ac_cv_header_stdc = yes; then
+  # SunOS 4.x string.h does not declare mem*, contrary to ANSI.
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#include <string.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+  $EGREP "memchr" >/dev/null 2>&1; then
+  :
+else
+  ac_cv_header_stdc=no
+fi
+rm -f conftest*
+
+fi
+
+if test $ac_cv_header_stdc = yes; then
+  # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#include <stdlib.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+  $EGREP "free" >/dev/null 2>&1; then
+  :
+else
+  ac_cv_header_stdc=no
+fi
+rm -f conftest*
+
+fi
+
+if test $ac_cv_header_stdc = yes; then
+  # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi.
+  if test "$cross_compiling" = yes; then
+  :
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#include <ctype.h>
+#if ((' ' & 0x0FF) == 0x020)
+# define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
+# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c))
+#else
+# define ISLOWER(c) \
+		   (('a' <= (c) && (c) <= 'i') \
+		     || ('j' <= (c) && (c) <= 'r') \
+		     || ('s' <= (c) && (c) <= 'z'))
+# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c))
+#endif
+
+#define XOR(e, f) (((e) && !(f)) || (!(e) && (f)))
+int
+main ()
+{
+  int i;
+  for (i = 0; i < 256; i++)
+    if (XOR (islower (i), ISLOWER (i))
+	|| toupper (i) != TOUPPER (i))
+      exit(2);
+  exit (0);
+}
+_ACEOF
+rm -f conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  :
+else
+  echo "$as_me: program exited with status $ac_status" >&5
+echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+( exit $ac_status )
+ac_cv_header_stdc=no
+fi
+rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+fi
+fi
+fi
+echo "$as_me:$LINENO: result: $ac_cv_header_stdc" >&5
+echo "${ECHO_T}$ac_cv_header_stdc" >&6
+if test $ac_cv_header_stdc = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define STDC_HEADERS 1
+_ACEOF
+
+fi
+
+# On IRIX 5.3, sys/types and inttypes.h are conflicting.
+
+
+
+
+
+
+
+
+
+for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \
+		  inttypes.h stdint.h unistd.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+$ac_includes_default
+
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest.$ac_objext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  eval "$as_ac_Header=yes"
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+eval "$as_ac_Header=no"
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+  cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
+echo "$as_me:$LINENO: checking for uint" >&5
+echo $ECHO_N "checking for uint... $ECHO_C" >&6
+if test "${ac_cv_type_uint+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+$ac_includes_default
+int
+main ()
+{
+if ((uint *) 0)
+  return 0;
+if (sizeof (uint))
+  return 0;
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest.$ac_objext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_type_uint=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_type_uint=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_type_uint" >&5
+echo "${ECHO_T}$ac_cv_type_uint" >&6
+if test $ac_cv_type_uint = yes; then
+  :
+else
+
+cat >>confdefs.h <<_ACEOF
+#define uint unsigned int
+_ACEOF
+
+fi
+
+echo "$as_me:$LINENO: checking for ulong" >&5
+echo $ECHO_N "checking for ulong... $ECHO_C" >&6
+if test "${ac_cv_type_ulong+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+$ac_includes_default
+int
+main ()
+{
+if ((ulong *) 0)
+  return 0;
+if (sizeof (ulong))
+  return 0;
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest.$ac_objext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_type_ulong=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_type_ulong=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_type_ulong" >&5
+echo "${ECHO_T}$ac_cv_type_ulong" >&6
+if test $ac_cv_type_ulong = yes; then
+  :
+else
+
+cat >>confdefs.h <<_ACEOF
+#define ulong unsigned long
+_ACEOF
+
+fi
+
+echo "$as_me:$LINENO: checking for ushort" >&5
+echo $ECHO_N "checking for ushort... $ECHO_C" >&6
+if test "${ac_cv_type_ushort+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+$ac_includes_default
+int
+main ()
+{
+if ((ushort *) 0)
+  return 0;
+if (sizeof (ushort))
+  return 0;
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest.$ac_objext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_type_ushort=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_type_ushort=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_type_ushort" >&5
+echo "${ECHO_T}$ac_cv_type_ushort" >&6
+if test $ac_cv_type_ushort = yes; then
+  :
+else
+
+cat >>confdefs.h <<_ACEOF
+#define ushort unsigned short
+_ACEOF
+
+fi
+
+echo "$as_me:$LINENO: checking for uchar" >&5
+echo $ECHO_N "checking for uchar... $ECHO_C" >&6
+if test "${ac_cv_type_uchar+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+$ac_includes_default
+int
+main ()
+{
+if ((uchar *) 0)
+  return 0;
+if (sizeof (uchar))
+  return 0;
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest.$ac_objext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_type_uchar=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_type_uchar=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_type_uchar" >&5
+echo "${ECHO_T}$ac_cv_type_uchar" >&6
+if test $ac_cv_type_uchar = yes; then
+  :
+else
+
+cat >>confdefs.h <<_ACEOF
+#define uchar unsigned char
+_ACEOF
+
+fi
+
+
+### define configure arguments
+# Check whether --enable-printtimezone or --disable-printtimezone was given.
+if test "${enable_printtimezone+set}" = set; then
+  enableval="$enable_printtimezone"
+  printtimezone=$enableval
+fi;
+printtimezone=0
+test "$printtimezone" = yes && printtimezone=1
+
+cat >>confdefs.h <<_ACEOF
+#define PRINT_TIMEZONE $printtimezone
+_ACEOF
+
+
+# Check whether --enable-printyear or --disable-printyear was given.
+if test "${enable_printyear+set}" = set; then
+  enableval="$enable_printyear"
+  printyear=$enableval
+fi;
+printyear=0
+test "$printyear" = yes && printyear=1
+
+cat >>confdefs.h <<_ACEOF
+#define PRINT_AGE_OF_YEAR $printyear
+_ACEOF
+
+
+# Check whether --enable-logprogname or --disable-logprogname was given.
+if test "${enable_logprogname+set}" = set; then
+  enableval="$enable_logprogname"
+  logprogname=$enableval
+fi;
+logprogname=0
+test "$logprogname" = yes && logprogname=1
+
+cat >>confdefs.h <<_ACEOF
+#define LOG_WITH_PROGNAME $logprogname
+_ACEOF
+
+
+# Check whether --enable-logtimestamp or --disable-logtimestamp was given.
+if test "${enable_logtimestamp+set}" = set; then
+  enableval="$enable_logtimestamp"
+  logtimestamp=$enableval
+fi;
+logtimestamp=1
+test "$logtimestamp" = no && logtimestamp=0
+
+cat >>confdefs.h <<_ACEOF
+#define LOG_WITH_TIMESTAMP $logtimestamp
+_ACEOF
+
+
+# Check whether --enable-loglevel or --disable-loglevel was given.
+if test "${enable_loglevel+set}" = set; then
+  enableval="$enable_loglevel"
+  loglevel=$enableval
+fi;
+loglevel=1
+test "$loglevel" = no && loglevel=0
+
+cat >>confdefs.h <<_ACEOF
+#define LOG_WITH_LEVEL $loglevel
+_ACEOF
+
+
+# Check whether --enable-ttl_in_keyfile or --disable-ttl_in_keyfile was given.
+if test "${enable_ttl_in_keyfile+set}" = set; then
+  enableval="$enable_ttl_in_keyfile"
+  ttl_in_keyfile=$enableval
+fi;
+ttl_in_keyfile=1
+test "$ttl_in_keyfile" = no && ttl_in_keyfile=0
+
+cat >>confdefs.h <<_ACEOF
+#define TTL_IN_KEYFILE_ALLOWED $ttl_in_keyfile
+_ACEOF
+
+
+configpath="/var/named"
+# Check whether --enable-configpath or --disable-configpath was given.
+if test "${enable_configpath+set}" = set; then
+  enableval="$enable_configpath"
+  configpath=$enableval
+fi;
+case "$configpath" in
+yes)
+	configpath="/var/named"
+	;;
+no)
+	configpath=""
+	;;
+*)
+	;;
+esac
+
+cat >>confdefs.h <<_ACEOF
+#define CONFIG_PATH "$configpath/"
+_ACEOF
+
+
+usetree=1
+t="T"
+# Check whether --enable-tree or --disable-tree was given.
+if test "${enable_tree+set}" = set; then
+  enableval="$enable_tree"
+  usetree=$enableval
+fi;
+if test "$usetree" = no
+then
+	usetree=0
+	t=""
+fi
+
+cat >>confdefs.h <<_ACEOF
+#define USE_TREE $usetree
+_ACEOF
+
+
+
+cat >>confdefs.h <<_ACEOF
+#define ZKT_VERSION "v$t$PACKAGE_VERSION (c) Feb 2005 - Aug 2008 Holger Zuleger hznet.de"
+_ACEOF
+
+
+### Checks for libraries.
+
+
+### Checks for header files.
+
+
+
+
+
+ac_header_dirent=no
+for ac_hdr in dirent.h sys/ndir.h sys/dir.h ndir.h; do
+  as_ac_Header=`echo "ac_cv_header_dirent_$ac_hdr" | $as_tr_sh`
+echo "$as_me:$LINENO: checking for $ac_hdr that defines DIR" >&5
+echo $ECHO_N "checking for $ac_hdr that defines DIR... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#include <sys/types.h>
+#include <$ac_hdr>
+
+int
+main ()
+{
+if ((DIR *) 0)
+return 0;
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest.$ac_objext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  eval "$as_ac_Header=yes"
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+eval "$as_ac_Header=no"
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+  cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_hdr" | $as_tr_cpp` 1
+_ACEOF
+
+ac_header_dirent=$ac_hdr; break
+fi
+
+done
+# Two versions of opendir et al. are in -ldir and -lx on SCO Xenix.
+if test $ac_header_dirent = dirent.h; then
+  echo "$as_me:$LINENO: checking for library containing opendir" >&5
+echo $ECHO_N "checking for library containing opendir... $ECHO_C" >&6
+if test "${ac_cv_search_opendir+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  ac_func_search_save_LIBS=$LIBS
+ac_cv_search_opendir=no
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+/* Override any gcc2 internal prototype to avoid an error.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+   builtin and then its argument prototype would still apply.  */
+char opendir ();
+int
+main ()
+{
+opendir ();
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_search_opendir="none required"
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+fi
+rm -f conftest.err conftest.$ac_objext \
+      conftest$ac_exeext conftest.$ac_ext
+if test "$ac_cv_search_opendir" = no; then
+  for ac_lib in dir; do
+    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
+    cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+/* Override any gcc2 internal prototype to avoid an error.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+   builtin and then its argument prototype would still apply.  */
+char opendir ();
+int
+main ()
+{
+opendir ();
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_search_opendir="-l$ac_lib"
+break
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+fi
+rm -f conftest.err conftest.$ac_objext \
+      conftest$ac_exeext conftest.$ac_ext
+  done
+fi
+LIBS=$ac_func_search_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_search_opendir" >&5
+echo "${ECHO_T}$ac_cv_search_opendir" >&6
+if test "$ac_cv_search_opendir" != no; then
+  test "$ac_cv_search_opendir" = "none required" || LIBS="$ac_cv_search_opendir $LIBS"
+
+fi
+
+else
+  echo "$as_me:$LINENO: checking for library containing opendir" >&5
+echo $ECHO_N "checking for library containing opendir... $ECHO_C" >&6
+if test "${ac_cv_search_opendir+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  ac_func_search_save_LIBS=$LIBS
+ac_cv_search_opendir=no
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+/* Override any gcc2 internal prototype to avoid an error.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+   builtin and then its argument prototype would still apply.  */
+char opendir ();
+int
+main ()
+{
+opendir ();
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_search_opendir="none required"
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+fi
+rm -f conftest.err conftest.$ac_objext \
+      conftest$ac_exeext conftest.$ac_ext
+if test "$ac_cv_search_opendir" = no; then
+  for ac_lib in x; do
+    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
+    cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+/* Override any gcc2 internal prototype to avoid an error.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+   builtin and then its argument prototype would still apply.  */
+char opendir ();
+int
+main ()
+{
+opendir ();
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_search_opendir="-l$ac_lib"
+break
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+fi
+rm -f conftest.err conftest.$ac_objext \
+      conftest$ac_exeext conftest.$ac_ext
+  done
+fi
+LIBS=$ac_func_search_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_search_opendir" >&5
+echo "${ECHO_T}$ac_cv_search_opendir" >&6
+if test "$ac_cv_search_opendir" != no; then
+  test "$ac_cv_search_opendir" = "none required" || LIBS="$ac_cv_search_opendir $LIBS"
+
+fi
+
+fi
+
+echo "$as_me:$LINENO: checking for ANSI C header files" >&5
+echo $ECHO_N "checking for ANSI C header files... $ECHO_C" >&6
+if test "${ac_cv_header_stdc+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#include <stdlib.h>
+#include <stdarg.h>
+#include <string.h>
+#include <float.h>
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest.$ac_objext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_header_stdc=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_header_stdc=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+
+if test $ac_cv_header_stdc = yes; then
+  # SunOS 4.x string.h does not declare mem*, contrary to ANSI.
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#include <string.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+  $EGREP "memchr" >/dev/null 2>&1; then
+  :
+else
+  ac_cv_header_stdc=no
+fi
+rm -f conftest*
+
+fi
+
+if test $ac_cv_header_stdc = yes; then
+  # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#include <stdlib.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+  $EGREP "free" >/dev/null 2>&1; then
+  :
+else
+  ac_cv_header_stdc=no
+fi
+rm -f conftest*
+
+fi
+
+if test $ac_cv_header_stdc = yes; then
+  # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi.
+  if test "$cross_compiling" = yes; then
+  :
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#include <ctype.h>
+#if ((' ' & 0x0FF) == 0x020)
+# define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
+# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c))
+#else
+# define ISLOWER(c) \
+		   (('a' <= (c) && (c) <= 'i') \
+		     || ('j' <= (c) && (c) <= 'r') \
+		     || ('s' <= (c) && (c) <= 'z'))
+# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c))
+#endif
+
+#define XOR(e, f) (((e) && !(f)) || (!(e) && (f)))
+int
+main ()
+{
+  int i;
+  for (i = 0; i < 256; i++)
+    if (XOR (islower (i), ISLOWER (i))
+	|| toupper (i) != TOUPPER (i))
+      exit(2);
+  exit (0);
+}
+_ACEOF
+rm -f conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  :
+else
+  echo "$as_me: program exited with status $ac_status" >&5
+echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+( exit $ac_status )
+ac_cv_header_stdc=no
+fi
+rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+fi
+fi
+fi
+echo "$as_me:$LINENO: result: $ac_cv_header_stdc" >&5
+echo "${ECHO_T}$ac_cv_header_stdc" >&6
+if test $ac_cv_header_stdc = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define STDC_HEADERS 1
+_ACEOF
+
+fi
+
+
+
+
+
+
+
+
+
+
+
+
+
+for ac_header in fcntl.h netdb.h stdlib.h getopt.h string.h strings.h sys/socket.h sys/time.h sys/types.h syslog.h unistd.h utime.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+  echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+else
+  # Is the header compilable?
+echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+$ac_includes_default
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest.$ac_objext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_header_compiler=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_header_compiler=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6
+
+# Is the header present?
+echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#include <$ac_header>
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } >/dev/null; then
+  if test -s conftest.err; then
+    ac_cpp_err=$ac_c_preproc_warn_flag
+    ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
+  else
+    ac_cpp_err=
+  fi
+else
+  ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+  ac_header_preproc=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+  ac_header_preproc=no
+fi
+rm -f conftest.err conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6
+
+# So?  What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+  yes:no: )
+    { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
+echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
+    { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
+    ac_header_preproc=yes
+    ;;
+  no:yes:* )
+    { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
+echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
+    { echo "$as_me:$LINENO: WARNING: $ac_header:     check for missing prerequisite headers?" >&5
+echo "$as_me: WARNING: $ac_header:     check for missing prerequisite headers?" >&2;}
+    { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
+echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
+    { echo "$as_me:$LINENO: WARNING: $ac_header:     section \"Present But Cannot Be Compiled\"" >&5
+echo "$as_me: WARNING: $ac_header:     section \"Present But Cannot Be Compiled\"" >&2;}
+    { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
+    { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
+echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
+    (
+      cat <<\_ASBOX
+## -------------------------------------- ##
+## Report this to Holger Zuleger hznet.de ##
+## -------------------------------------- ##
+_ASBOX
+    ) |
+      sed "s/^/$as_me: WARNING:     /" >&2
+    ;;
+esac
+echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  eval "$as_ac_Header=\$ac_header_preproc"
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+
+fi
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+  cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
+
+### Checks for typedefs, structures, and compiler characteristics.
+echo "$as_me:$LINENO: checking for an ANSI C-conforming const" >&5
+echo $ECHO_N "checking for an ANSI C-conforming const... $ECHO_C" >&6
+if test "${ac_cv_c_const+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+int
+main ()
+{
+/* FIXME: Include the comments suggested by Paul. */
+#ifndef __cplusplus
+  /* Ultrix mips cc rejects this.  */
+  typedef int charset[2];
+  const charset x;
+  /* SunOS 4.1.1 cc rejects this.  */
+  char const *const *ccp;
+  char **p;
+  /* NEC SVR4.0.2 mips cc rejects this.  */
+  struct point {int x, y;};
+  static struct point const zero = {0,0};
+  /* AIX XL C 1.02.0.0 rejects this.
+     It does not let you subtract one const X* pointer from another in
+     an arm of an if-expression whose if-part is not a constant
+     expression */
+  const char *g = "string";
+  ccp = &g + (g ? g-g : 0);
+  /* HPUX 7.0 cc rejects these. */
+  ++ccp;
+  p = (char**) ccp;
+  ccp = (char const *const *) p;
+  { /* SCO 3.2v4 cc rejects this.  */
+    char *t;
+    char const *s = 0 ? (char *) 0 : (char const *) 0;
+
+    *t++ = 0;
+  }
+  { /* Someone thinks the Sun supposedly-ANSI compiler will reject this.  */
+    int x[] = {25, 17};
+    const int *foo = &x[0];
+    ++foo;
+  }
+  { /* Sun SC1.0 ANSI compiler rejects this -- but not the above. */
+    typedef const int *iptr;
+    iptr p = 0;
+    ++p;
+  }
+  { /* AIX XL C 1.02.0.0 rejects this saying
+       "k.c", line 2.27: 1506-025 (S) Operand must be a modifiable lvalue. */
+    struct s { int j; const int *ap[3]; };
+    struct s *b; b->j = 5;
+  }
+  { /* ULTRIX-32 V3.1 (Rev 9) vcc rejects this */
+    const int foo = 10;
+  }
+#endif
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest.$ac_objext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_c_const=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_c_const=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_c_const" >&5
+echo "${ECHO_T}$ac_cv_c_const" >&6
+if test $ac_cv_c_const = no; then
+
+cat >>confdefs.h <<\_ACEOF
+#define const
+_ACEOF
+
+fi
+
+echo "$as_me:$LINENO: checking for size_t" >&5
+echo $ECHO_N "checking for size_t... $ECHO_C" >&6
+if test "${ac_cv_type_size_t+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+$ac_includes_default
+int
+main ()
+{
+if ((size_t *) 0)
+  return 0;
+if (sizeof (size_t))
+  return 0;
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest.$ac_objext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_type_size_t=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_type_size_t=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_type_size_t" >&5
+echo "${ECHO_T}$ac_cv_type_size_t" >&6
+if test $ac_cv_type_size_t = yes; then
+  :
+else
+
+cat >>confdefs.h <<_ACEOF
+#define size_t unsigned
+_ACEOF
+
+fi
+
+echo "$as_me:$LINENO: checking whether time.h and sys/time.h may both be included" >&5
+echo $ECHO_N "checking whether time.h and sys/time.h may both be included... $ECHO_C" >&6
+if test "${ac_cv_header_time+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#include <sys/types.h>
+#include <sys/time.h>
+#include <time.h>
+
+int
+main ()
+{
+if ((struct tm *) 0)
+return 0;
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest.$ac_objext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_header_time=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_header_time=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_header_time" >&5
+echo "${ECHO_T}$ac_cv_header_time" >&6
+if test $ac_cv_header_time = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define TIME_WITH_SYS_TIME 1
+_ACEOF
+
+fi
+
+echo "$as_me:$LINENO: checking whether struct tm is in sys/time.h or time.h" >&5
+echo $ECHO_N "checking whether struct tm is in sys/time.h or time.h... $ECHO_C" >&6
+if test "${ac_cv_struct_tm+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#include <sys/types.h>
+#include <time.h>
+
+int
+main ()
+{
+struct tm *tp; tp->tm_sec;
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest.$ac_objext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_struct_tm=time.h
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_struct_tm=sys/time.h
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_struct_tm" >&5
+echo "${ECHO_T}$ac_cv_struct_tm" >&6
+if test $ac_cv_struct_tm = sys/time.h; then
+
+cat >>confdefs.h <<\_ACEOF
+#define TM_IN_SYS_TIME 1
+_ACEOF
+
+fi
+
+echo "$as_me:$LINENO: checking for uid_t in sys/types.h" >&5
+echo $ECHO_N "checking for uid_t in sys/types.h... $ECHO_C" >&6
+if test "${ac_cv_type_uid_t+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#include <sys/types.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+  $EGREP "uid_t" >/dev/null 2>&1; then
+  ac_cv_type_uid_t=yes
+else
+  ac_cv_type_uid_t=no
+fi
+rm -f conftest*
+
+fi
+echo "$as_me:$LINENO: result: $ac_cv_type_uid_t" >&5
+echo "${ECHO_T}$ac_cv_type_uid_t" >&6
+if test $ac_cv_type_uid_t = no; then
+
+cat >>confdefs.h <<\_ACEOF
+#define uid_t int
+_ACEOF
+
+
+cat >>confdefs.h <<\_ACEOF
+#define gid_t int
+_ACEOF
+
+fi
+
+
+
+### Checks for library functions.
+echo "$as_me:$LINENO: checking whether closedir returns void" >&5
+echo $ECHO_N "checking whether closedir returns void... $ECHO_C" >&6
+if test "${ac_cv_func_closedir_void+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  if test "$cross_compiling" = yes; then
+  ac_cv_func_closedir_void=yes
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+$ac_includes_default
+#include <$ac_header_dirent>
+#ifndef __cplusplus
+int closedir ();
+#endif
+
+int
+main ()
+{
+exit (closedir (opendir (".")) != 0);
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_func_closedir_void=no
+else
+  echo "$as_me: program exited with status $ac_status" >&5
+echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+( exit $ac_status )
+ac_cv_func_closedir_void=yes
+fi
+rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+fi
+fi
+echo "$as_me:$LINENO: result: $ac_cv_func_closedir_void" >&5
+echo "${ECHO_T}$ac_cv_func_closedir_void" >&6
+if test $ac_cv_func_closedir_void = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define CLOSEDIR_VOID 1
+_ACEOF
+
+fi
+
+echo "$as_me:$LINENO: checking for error_at_line" >&5
+echo $ECHO_N "checking for error_at_line... $ECHO_C" >&6
+if test "${ac_cv_lib_error_at_line+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+$ac_includes_default
+int
+main ()
+{
+error_at_line (0, 0, "", 0, "");
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_lib_error_at_line=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_error_at_line=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+      conftest$ac_exeext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_error_at_line" >&5
+echo "${ECHO_T}$ac_cv_lib_error_at_line" >&6
+if test $ac_cv_lib_error_at_line = no; then
+  case $LIBOBJS in
+    "error.$ac_objext"   | \
+  *" error.$ac_objext"   | \
+    "error.$ac_objext "* | \
+  *" error.$ac_objext "* ) ;;
+  *) LIBOBJS="$LIBOBJS error.$ac_objext" ;;
+esac
+
+fi
+
+
+for ac_header in stdlib.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+  echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+else
+  # Is the header compilable?
+echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+$ac_includes_default
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest.$ac_objext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_header_compiler=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_header_compiler=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6
+
+# Is the header present?
+echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#include <$ac_header>
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } >/dev/null; then
+  if test -s conftest.err; then
+    ac_cpp_err=$ac_c_preproc_warn_flag
+    ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
+  else
+    ac_cpp_err=
+  fi
+else
+  ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+  ac_header_preproc=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+  ac_header_preproc=no
+fi
+rm -f conftest.err conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6
+
+# So?  What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+  yes:no: )
+    { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
+echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
+    { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
+    ac_header_preproc=yes
+    ;;
+  no:yes:* )
+    { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
+echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
+    { echo "$as_me:$LINENO: WARNING: $ac_header:     check for missing prerequisite headers?" >&5
+echo "$as_me: WARNING: $ac_header:     check for missing prerequisite headers?" >&2;}
+    { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
+echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
+    { echo "$as_me:$LINENO: WARNING: $ac_header:     section \"Present But Cannot Be Compiled\"" >&5
+echo "$as_me: WARNING: $ac_header:     section \"Present But Cannot Be Compiled\"" >&2;}
+    { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
+    { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
+echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
+    (
+      cat <<\_ASBOX
+## -------------------------------------- ##
+## Report this to Holger Zuleger hznet.de ##
+## -------------------------------------- ##
+_ASBOX
+    ) |
+      sed "s/^/$as_me: WARNING:     /" >&2
+    ;;
+esac
+echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  eval "$as_ac_Header=\$ac_header_preproc"
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+
+fi
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+  cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+echo "$as_me:$LINENO: checking for GNU libc compatible malloc" >&5
+echo $ECHO_N "checking for GNU libc compatible malloc... $ECHO_C" >&6
+if test "${ac_cv_func_malloc_0_nonnull+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  if test "$cross_compiling" = yes; then
+  ac_cv_func_malloc_0_nonnull=no
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#if STDC_HEADERS || HAVE_STDLIB_H
+# include <stdlib.h>
+#else
+char *malloc ();
+#endif
+
+int
+main ()
+{
+exit (malloc (0) ? 0 : 1);
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_func_malloc_0_nonnull=yes
+else
+  echo "$as_me: program exited with status $ac_status" >&5
+echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+( exit $ac_status )
+ac_cv_func_malloc_0_nonnull=no
+fi
+rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+fi
+fi
+echo "$as_me:$LINENO: result: $ac_cv_func_malloc_0_nonnull" >&5
+echo "${ECHO_T}$ac_cv_func_malloc_0_nonnull" >&6
+if test $ac_cv_func_malloc_0_nonnull = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_MALLOC 1
+_ACEOF
+
+else
+  cat >>confdefs.h <<\_ACEOF
+#define HAVE_MALLOC 0
+_ACEOF
+
+   case $LIBOBJS in
+    "malloc.$ac_objext"   | \
+  *" malloc.$ac_objext"   | \
+    "malloc.$ac_objext "* | \
+  *" malloc.$ac_objext "* ) ;;
+  *) LIBOBJS="$LIBOBJS malloc.$ac_objext" ;;
+esac
+
+
+cat >>confdefs.h <<\_ACEOF
+#define malloc rpl_malloc
+_ACEOF
+
+fi
+
+
+
+
+
+
+for ac_header in stdlib.h sys/time.h unistd.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+  echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+else
+  # Is the header compilable?
+echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+$ac_includes_default
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
+  (eval $ac_compile) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest.$ac_objext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_header_compiler=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_header_compiler=no
+fi
+rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6
+
+# Is the header present?
+echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#include <$ac_header>
+_ACEOF
+if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5
+  (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } >/dev/null; then
+  if test -s conftest.err; then
+    ac_cpp_err=$ac_c_preproc_warn_flag
+    ac_cpp_err=$ac_cpp_err$ac_c_werror_flag
+  else
+    ac_cpp_err=
+  fi
+else
+  ac_cpp_err=yes
+fi
+if test -z "$ac_cpp_err"; then
+  ac_header_preproc=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+  ac_header_preproc=no
+fi
+rm -f conftest.err conftest.$ac_ext
+echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6
+
+# So?  What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+  yes:no: )
+    { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
+echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
+    { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
+    ac_header_preproc=yes
+    ;;
+  no:yes:* )
+    { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
+echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
+    { echo "$as_me:$LINENO: WARNING: $ac_header:     check for missing prerequisite headers?" >&5
+echo "$as_me: WARNING: $ac_header:     check for missing prerequisite headers?" >&2;}
+    { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
+echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
+    { echo "$as_me:$LINENO: WARNING: $ac_header:     section \"Present But Cannot Be Compiled\"" >&5
+echo "$as_me: WARNING: $ac_header:     section \"Present But Cannot Be Compiled\"" >&2;}
+    { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
+    { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
+echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
+    (
+      cat <<\_ASBOX
+## -------------------------------------- ##
+## Report this to Holger Zuleger hznet.de ##
+## -------------------------------------- ##
+_ASBOX
+    ) |
+      sed "s/^/$as_me: WARNING:     /" >&2
+    ;;
+esac
+echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6
+if eval "test \"\${$as_ac_Header+set}\" = set"; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  eval "$as_ac_Header=\$ac_header_preproc"
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6
+
+fi
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+  cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
+for ac_func in alarm
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
+if eval "test \"\${$as_ac_var+set}\" = set"; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func (); below.
+    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+    <limits.h> exists even on freestanding compilers.  */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any gcc2 internal prototype to avoid an error.  */
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+/* We use char because int might match the return type of a gcc2
+   builtin and then its argument prototype would still apply.  */
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+char (*f) () = $ac_func;
+#endif
+#ifdef __cplusplus
+}
+#endif
+
+int
+main ()
+{
+return f != $ac_func;
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  eval "$as_ac_var=yes"
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+eval "$as_ac_var=no"
+fi
+rm -f conftest.err conftest.$ac_objext \
+      conftest$ac_exeext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+  cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+echo "$as_me:$LINENO: checking for working mktime" >&5
+echo $ECHO_N "checking for working mktime... $ECHO_C" >&6
+if test "${ac_cv_func_working_mktime+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  if test "$cross_compiling" = yes; then
+  ac_cv_func_working_mktime=no
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+/* Test program from Paul Eggert and Tony Leneis.  */
+#if TIME_WITH_SYS_TIME
+# include <sys/time.h>
+# include <time.h>
+#else
+# if HAVE_SYS_TIME_H
+#  include <sys/time.h>
+# else
+#  include <time.h>
+# endif
+#endif
+
+#if HAVE_STDLIB_H
+# include <stdlib.h>
+#endif
+
+#if HAVE_UNISTD_H
+# include <unistd.h>
+#endif
+
+#if !HAVE_ALARM
+# define alarm(X) /* empty */
+#endif
+
+/* Work around redefinition to rpl_putenv by other config tests.  */
+#undef putenv
+
+static time_t time_t_max;
+static time_t time_t_min;
+
+/* Values we'll use to set the TZ environment variable.  */
+static char *tz_strings[] = {
+  (char *) 0, "TZ=GMT0", "TZ=JST-9",
+  "TZ=EST+3EDT+2,M10.1.0/00:00:00,M2.3.0/00:00:00"
+};
+#define N_STRINGS (sizeof (tz_strings) / sizeof (tz_strings[0]))
+
+/* Fail if mktime fails to convert a date in the spring-forward gap.
+   Based on a problem report from Andreas Jaeger.  */
+static void
+spring_forward_gap ()
+{
+  /* glibc (up to about 1998-10-07) failed this test. */
+  struct tm tm;
+
+  /* Use the portable POSIX.1 specification "TZ=PST8PDT,M4.1.0,M10.5.0"
+     instead of "TZ=America/Vancouver" in order to detect the bug even
+     on systems that don't support the Olson extension, or don't have the
+     full zoneinfo tables installed.  */
+  putenv ("TZ=PST8PDT,M4.1.0,M10.5.0");
+
+  tm.tm_year = 98;
+  tm.tm_mon = 3;
+  tm.tm_mday = 5;
+  tm.tm_hour = 2;
+  tm.tm_min = 0;
+  tm.tm_sec = 0;
+  tm.tm_isdst = -1;
+  if (mktime (&tm) == (time_t)-1)
+    exit (1);
+}
+
+static void
+mktime_test1 (now)
+     time_t now;
+{
+  struct tm *lt;
+  if ((lt = localtime (&now)) && mktime (lt) != now)
+    exit (1);
+}
+
+static void
+mktime_test (now)
+     time_t now;
+{
+  mktime_test1 (now);
+  mktime_test1 ((time_t) (time_t_max - now));
+  mktime_test1 ((time_t) (time_t_min + now));
+}
+
+static void
+irix_6_4_bug ()
+{
+  /* Based on code from Ariel Faigon.  */
+  struct tm tm;
+  tm.tm_year = 96;
+  tm.tm_mon = 3;
+  tm.tm_mday = 0;
+  tm.tm_hour = 0;
+  tm.tm_min = 0;
+  tm.tm_sec = 0;
+  tm.tm_isdst = -1;
+  mktime (&tm);
+  if (tm.tm_mon != 2 || tm.tm_mday != 31)
+    exit (1);
+}
+
+static void
+bigtime_test (j)
+     int j;
+{
+  struct tm tm;
+  time_t now;
+  tm.tm_year = tm.tm_mon = tm.tm_mday = tm.tm_hour = tm.tm_min = tm.tm_sec = j;
+  now = mktime (&tm);
+  if (now != (time_t) -1)
+    {
+      struct tm *lt = localtime (&now);
+      if (! (lt
+	     && lt->tm_year == tm.tm_year
+	     && lt->tm_mon == tm.tm_mon
+	     && lt->tm_mday == tm.tm_mday
+	     && lt->tm_hour == tm.tm_hour
+	     && lt->tm_min == tm.tm_min
+	     && lt->tm_sec == tm.tm_sec
+	     && lt->tm_yday == tm.tm_yday
+	     && lt->tm_wday == tm.tm_wday
+	     && ((lt->tm_isdst < 0 ? -1 : 0 < lt->tm_isdst)
+		  == (tm.tm_isdst < 0 ? -1 : 0 < tm.tm_isdst))))
+	exit (1);
+    }
+}
+
+int
+main ()
+{
+  time_t t, delta;
+  int i, j;
+
+  /* This test makes some buggy mktime implementations loop.
+     Give up after 60 seconds; a mktime slower than that
+     isn't worth using anyway.  */
+  alarm (60);
+
+  for (time_t_max = 1; 0 < time_t_max; time_t_max *= 2)
+    continue;
+  time_t_max--;
+  if ((time_t) -1 < 0)
+    for (time_t_min = -1; (time_t) (time_t_min * 2) < 0; time_t_min *= 2)
+      continue;
+  delta = time_t_max / 997; /* a suitable prime number */
+  for (i = 0; i < N_STRINGS; i++)
+    {
+      if (tz_strings[i])
+	putenv (tz_strings[i]);
+
+      for (t = 0; t <= time_t_max - delta; t += delta)
+	mktime_test (t);
+      mktime_test ((time_t) 1);
+      mktime_test ((time_t) (60 * 60));
+      mktime_test ((time_t) (60 * 60 * 24));
+
+      for (j = 1; 0 < j; j *= 2)
+	bigtime_test (j);
+      bigtime_test (j - 1);
+    }
+  irix_6_4_bug ();
+  spring_forward_gap ();
+  exit (0);
+}
+_ACEOF
+rm -f conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_func_working_mktime=yes
+else
+  echo "$as_me: program exited with status $ac_status" >&5
+echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+( exit $ac_status )
+ac_cv_func_working_mktime=no
+fi
+rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+fi
+fi
+echo "$as_me:$LINENO: result: $ac_cv_func_working_mktime" >&5
+echo "${ECHO_T}$ac_cv_func_working_mktime" >&6
+if test $ac_cv_func_working_mktime = no; then
+  case $LIBOBJS in
+    "mktime.$ac_objext"   | \
+  *" mktime.$ac_objext"   | \
+    "mktime.$ac_objext "* | \
+  *" mktime.$ac_objext "* ) ;;
+  *) LIBOBJS="$LIBOBJS mktime.$ac_objext" ;;
+esac
+
+fi
+
+echo "$as_me:$LINENO: checking whether lstat dereferences a symlink specified with a trailing slash" >&5
+echo $ECHO_N "checking whether lstat dereferences a symlink specified with a trailing slash... $ECHO_C" >&6
+if test "${ac_cv_func_lstat_dereferences_slashed_symlink+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  rm -f conftest.sym conftest.file
+echo >conftest.file
+if test "$as_ln_s" = "ln -s" && ln -s conftest.file conftest.sym; then
+  if test "$cross_compiling" = yes; then
+  ac_cv_func_lstat_dereferences_slashed_symlink=no
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+$ac_includes_default
+int
+main ()
+{
+struct stat sbuf;
+     /* Linux will dereference the symlink and fail.
+	That is better in the sense that it means we will not
+	have to compile and use the lstat wrapper.  */
+     exit (lstat ("conftest.sym/", &sbuf) ? 0 : 1);
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_func_lstat_dereferences_slashed_symlink=yes
+else
+  echo "$as_me: program exited with status $ac_status" >&5
+echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+( exit $ac_status )
+ac_cv_func_lstat_dereferences_slashed_symlink=no
+fi
+rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+fi
+else
+  # If the `ln -s' command failed, then we probably don't even
+  # have an lstat function.
+  ac_cv_func_lstat_dereferences_slashed_symlink=no
+fi
+rm -f conftest.sym conftest.file
+
+fi
+echo "$as_me:$LINENO: result: $ac_cv_func_lstat_dereferences_slashed_symlink" >&5
+echo "${ECHO_T}$ac_cv_func_lstat_dereferences_slashed_symlink" >&6
+
+test $ac_cv_func_lstat_dereferences_slashed_symlink = yes &&
+
+cat >>confdefs.h <<_ACEOF
+#define LSTAT_FOLLOWS_SLASHED_SYMLINK 1
+_ACEOF
+
+
+if test $ac_cv_func_lstat_dereferences_slashed_symlink = no; then
+  case $LIBOBJS in
+    "lstat.$ac_objext"   | \
+  *" lstat.$ac_objext"   | \
+    "lstat.$ac_objext "* | \
+  *" lstat.$ac_objext "* ) ;;
+  *) LIBOBJS="$LIBOBJS lstat.$ac_objext" ;;
+esac
+
+fi
+
+echo "$as_me:$LINENO: checking whether stat accepts an empty string" >&5
+echo $ECHO_N "checking whether stat accepts an empty string... $ECHO_C" >&6
+if test "${ac_cv_func_stat_empty_string_bug+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  if test "$cross_compiling" = yes; then
+  ac_cv_func_stat_empty_string_bug=yes
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+$ac_includes_default
+int
+main ()
+{
+struct stat sbuf;
+  exit (stat ("", &sbuf) ? 1 : 0);
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_func_stat_empty_string_bug=yes
+else
+  echo "$as_me: program exited with status $ac_status" >&5
+echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+( exit $ac_status )
+ac_cv_func_stat_empty_string_bug=no
+fi
+rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+fi
+fi
+echo "$as_me:$LINENO: result: $ac_cv_func_stat_empty_string_bug" >&5
+echo "${ECHO_T}$ac_cv_func_stat_empty_string_bug" >&6
+if test $ac_cv_func_stat_empty_string_bug = yes; then
+  case $LIBOBJS in
+    "stat.$ac_objext"   | \
+  *" stat.$ac_objext"   | \
+    "stat.$ac_objext "* | \
+  *" stat.$ac_objext "* ) ;;
+  *) LIBOBJS="$LIBOBJS stat.$ac_objext" ;;
+esac
+
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_STAT_EMPTY_STRING_BUG 1
+_ACEOF
+
+fi
+
+
+for ac_func in strftime
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
+if eval "test \"\${$as_ac_var+set}\" = set"; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func (); below.
+    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+    <limits.h> exists even on freestanding compilers.  */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any gcc2 internal prototype to avoid an error.  */
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+/* We use char because int might match the return type of a gcc2
+   builtin and then its argument prototype would still apply.  */
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+char (*f) () = $ac_func;
+#endif
+#ifdef __cplusplus
+}
+#endif
+
+int
+main ()
+{
+return f != $ac_func;
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  eval "$as_ac_var=yes"
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+eval "$as_ac_var=no"
+fi
+rm -f conftest.err conftest.$ac_objext \
+      conftest$ac_exeext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+  cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+else
+  # strftime is in -lintl on SCO UNIX.
+echo "$as_me:$LINENO: checking for strftime in -lintl" >&5
+echo $ECHO_N "checking for strftime in -lintl... $ECHO_C" >&6
+if test "${ac_cv_lib_intl_strftime+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lintl  $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+/* Override any gcc2 internal prototype to avoid an error.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+   builtin and then its argument prototype would still apply.  */
+char strftime ();
+int
+main ()
+{
+strftime ();
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_lib_intl_strftime=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_intl_strftime=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+      conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_intl_strftime" >&5
+echo "${ECHO_T}$ac_cv_lib_intl_strftime" >&6
+if test $ac_cv_lib_intl_strftime = yes; then
+  cat >>confdefs.h <<\_ACEOF
+#define HAVE_STRFTIME 1
+_ACEOF
+
+LIBS="-lintl $LIBS"
+fi
+
+fi
+done
+
+echo "$as_me:$LINENO: checking whether utime accepts a null argument" >&5
+echo $ECHO_N "checking whether utime accepts a null argument... $ECHO_C" >&6
+if test "${ac_cv_func_utime_null+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  rm -f conftest.data; >conftest.data
+# Sequent interprets utime(file, 0) to mean use start of epoch.  Wrong.
+if test "$cross_compiling" = yes; then
+  ac_cv_func_utime_null=no
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+$ac_includes_default
+int
+main ()
+{
+struct stat s, t;
+  exit (!(stat ("conftest.data", &s) == 0
+	  && utime ("conftest.data", (long *)0) == 0
+	  && stat ("conftest.data", &t) == 0
+	  && t.st_mtime >= s.st_mtime
+	  && t.st_mtime - s.st_mtime < 120));
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_func_utime_null=yes
+else
+  echo "$as_me: program exited with status $ac_status" >&5
+echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+( exit $ac_status )
+ac_cv_func_utime_null=no
+fi
+rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core *.core
+fi
+echo "$as_me:$LINENO: result: $ac_cv_func_utime_null" >&5
+echo "${ECHO_T}$ac_cv_func_utime_null" >&6
+if test $ac_cv_func_utime_null = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_UTIME_NULL 1
+_ACEOF
+
+fi
+rm -f conftest.data
+
+
+for ac_func in vprintf
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
+if eval "test \"\${$as_ac_var+set}\" = set"; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func (); below.
+    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+    <limits.h> exists even on freestanding compilers.  */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any gcc2 internal prototype to avoid an error.  */
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+/* We use char because int might match the return type of a gcc2
+   builtin and then its argument prototype would still apply.  */
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+char (*f) () = $ac_func;
+#endif
+#ifdef __cplusplus
+}
+#endif
+
+int
+main ()
+{
+return f != $ac_func;
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  eval "$as_ac_var=yes"
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+eval "$as_ac_var=no"
+fi
+rm -f conftest.err conftest.$ac_objext \
+      conftest$ac_exeext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+  cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+echo "$as_me:$LINENO: checking for _doprnt" >&5
+echo $ECHO_N "checking for _doprnt... $ECHO_C" >&6
+if test "${ac_cv_func__doprnt+set}" = set; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+/* Define _doprnt to an innocuous variant, in case <limits.h> declares _doprnt.
+   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
+#define _doprnt innocuous__doprnt
+
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char _doprnt (); below.
+    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+    <limits.h> exists even on freestanding compilers.  */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef _doprnt
+
+/* Override any gcc2 internal prototype to avoid an error.  */
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+/* We use char because int might match the return type of a gcc2
+   builtin and then its argument prototype would still apply.  */
+char _doprnt ();
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub__doprnt) || defined (__stub____doprnt)
+choke me
+#else
+char (*f) () = _doprnt;
+#endif
+#ifdef __cplusplus
+}
+#endif
+
+int
+main ()
+{
+return f != _doprnt;
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  ac_cv_func__doprnt=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_func__doprnt=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+      conftest$ac_exeext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: $ac_cv_func__doprnt" >&5
+echo "${ECHO_T}$ac_cv_func__doprnt" >&6
+if test $ac_cv_func__doprnt = yes; then
+
+cat >>confdefs.h <<\_ACEOF
+#define HAVE_DOPRNT 1
+_ACEOF
+
+fi
+
+fi
+done
+
+
+# 2008-07-04 getopt_long added
+
+
+
+
+
+
+
+
+
+
+
+
+
+for ac_func in getopt_long gettimeofday memset setenv socket strcasecmp strchr strdup strerror strncasecmp strrchr tzset utime
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
+if eval "test \"\${$as_ac_var+set}\" = set"; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func (); below.
+    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+    <limits.h> exists even on freestanding compilers.  */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any gcc2 internal prototype to avoid an error.  */
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+/* We use char because int might match the return type of a gcc2
+   builtin and then its argument prototype would still apply.  */
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+char (*f) () = $ac_func;
+#endif
+#ifdef __cplusplus
+}
+#endif
+
+int
+main ()
+{
+return f != $ac_func;
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+  (eval $ac_link) 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } &&
+	 { ac_try='test -z "$ac_c_werror_flag"
+			 || test ! -s conftest.err'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; } &&
+	 { ac_try='test -s conftest$ac_exeext'
+  { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+  (eval $ac_try) 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  eval "$as_ac_var=yes"
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+eval "$as_ac_var=no"
+fi
+rm -f conftest.err conftest.$ac_objext \
+      conftest$ac_exeext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+  cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+
+
+          ac_config_files="$ac_config_files Makefile"
+
+cat >confcache <<\_ACEOF
+# This file is a shell script that caches the results of configure
+# tests run on this system so they can be shared between configure
+# scripts and configure runs, see configure's option --config-cache.
+# It is not useful on other systems.  If it contains results you don't
+# want to keep, you may remove or edit it.
+#
+# config.status only pays attention to the cache file if you give it
+# the --recheck option to rerun configure.
+#
+# `ac_cv_env_foo' variables (set or unset) will be overridden when
+# loading this file, other *unset* `ac_cv_foo' will be assigned the
+# following values.
+
+_ACEOF
+
+# The following way of writing the cache mishandles newlines in values,
+# but we know of no workaround that is simple, portable, and efficient.
+# So, don't put newlines in cache variables' values.
+# Ultrix sh set writes to stderr and can't be redirected directly,
+# and sets the high bit in the cache file unless we assign to the vars.
+{
+  (set) 2>&1 |
+    case `(ac_space=' '; set | grep ac_space) 2>&1` in
+    *ac_space=\ *)
+      # `set' does not quote correctly, so add quotes (double-quote
+      # substitution turns \\\\ into \\, and sed turns \\ into \).
+      sed -n \
+	"s/'/'\\\\''/g;
+	  s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p"
+      ;;
+    *)
+      # `set' quotes correctly as required by POSIX, so do not add quotes.
+      sed -n \
+	"s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1=\\2/p"
+      ;;
+    esac;
+} |
+  sed '
+     t clear
+     : clear
+     s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/
+     t end
+     /^ac_cv_env/!s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/
+     : end' >>confcache
+if diff $cache_file confcache >/dev/null 2>&1; then :; else
+  if test -w $cache_file; then
+    test "x$cache_file" != "x/dev/null" && echo "updating cache $cache_file"
+    cat confcache >$cache_file
+  else
+    echo "not updating unwritable cache $cache_file"
+  fi
+fi
+rm -f confcache
+
+test "x$prefix" = xNONE && prefix=$ac_default_prefix
+# Let make expand exec_prefix.
+test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
+
+# VPATH may cause trouble with some makes, so we remove $(srcdir),
+# ${srcdir} and @srcdir@ from VPATH if srcdir is ".", strip leading and
+# trailing colons and then remove the whole line if VPATH becomes empty
+# (actually we leave an empty line to preserve line numbers).
+if test "x$srcdir" = x.; then
+  ac_vpsub='/^[	 ]*VPATH[	 ]*=/{
+s/:*\$(srcdir):*/:/;
+s/:*\${srcdir}:*/:/;
+s/:*@srcdir@:*/:/;
+s/^\([^=]*=[	 ]*\):*/\1/;
+s/:*$//;
+s/^[^=]*=[	 ]*$//;
+}'
+fi
+
+DEFS=-DHAVE_CONFIG_H
+
+ac_libobjs=
+ac_ltlibobjs=
+for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue
+  # 1. Remove the extension, and $U if already installed.
+  ac_i=`echo "$ac_i" |
+	 sed 's/\$U\././;s/\.o$//;s/\.obj$//'`
+  # 2. Add them.
+  ac_libobjs="$ac_libobjs $ac_i\$U.$ac_objext"
+  ac_ltlibobjs="$ac_ltlibobjs $ac_i"'$U.lo'
+done
+LIBOBJS=$ac_libobjs
+
+LTLIBOBJS=$ac_ltlibobjs
+
+
+
+: ${CONFIG_STATUS=./config.status}
+ac_clean_files_save=$ac_clean_files
+ac_clean_files="$ac_clean_files $CONFIG_STATUS"
+{ echo "$as_me:$LINENO: creating $CONFIG_STATUS" >&5
+echo "$as_me: creating $CONFIG_STATUS" >&6;}
+cat >$CONFIG_STATUS <<_ACEOF
+#! $SHELL
+# Generated by $as_me.
+# Run this file to recreate the current configuration.
+# Compiler output produced by configure, useful for debugging
+# configure, is in config.log if it exists.
+
+debug=false
+ac_cs_recheck=false
+ac_cs_silent=false
+SHELL=\${CONFIG_SHELL-$SHELL}
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF
+## --------------------- ##
+## M4sh Initialization.  ##
+## --------------------- ##
+
+# Be Bourne compatible
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
+  emulate sh
+  NULLCMD=:
+  # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which
+  # is contrary to our usage.  Disable this feature.
+  alias -g '${1+"$@"}'='"$@"'
+elif test -n "${BASH_VERSION+set}" && (set -o posix) >/dev/null 2>&1; then
+  set -o posix
+fi
+DUALCASE=1; export DUALCASE # for MKS sh
+
+# Support unset when possible.
+if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
+  as_unset=unset
+else
+  as_unset=false
+fi
+
+
+# Work around bugs in pre-3.0 UWIN ksh.
+$as_unset ENV MAIL MAILPATH
+PS1='$ '
+PS2='> '
+PS4='+ '
+
+# NLS nuisances.
+for as_var in \
+  LANG LANGUAGE LC_ADDRESS LC_ALL LC_COLLATE LC_CTYPE LC_IDENTIFICATION \
+  LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER \
+  LC_TELEPHONE LC_TIME
+do
+  if (set +x; test -z "`(eval $as_var=C; export $as_var) 2>&1`"); then
+    eval $as_var=C; export $as_var
+  else
+    $as_unset $as_var
+  fi
+done
+
+# Required to use basename.
+if expr a : '\(a\)' >/dev/null 2>&1; then
+  as_expr=expr
+else
+  as_expr=false
+fi
+
+if (basename /) >/dev/null 2>&1 && test "X`basename / 2>&1`" = "X/"; then
+  as_basename=basename
+else
+  as_basename=false
+fi
+
+
+# Name of the executable.
+as_me=`$as_basename "$0" ||
+$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
+	 X"$0" : 'X\(//\)$' \| \
+	 X"$0" : 'X\(/\)$' \| \
+	 .     : '\(.\)' 2>/dev/null ||
+echo X/"$0" |
+    sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/; q; }
+  	  /^X\/\(\/\/\)$/{ s//\1/; q; }
+  	  /^X\/\(\/\).*/{ s//\1/; q; }
+  	  s/.*/./; q'`
+
+
+# PATH needs CR, and LINENO needs CR and PATH.
+# Avoid depending upon Character Ranges.
+as_cr_letters='abcdefghijklmnopqrstuvwxyz'
+as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
+as_cr_Letters=$as_cr_letters$as_cr_LETTERS
+as_cr_digits='0123456789'
+as_cr_alnum=$as_cr_Letters$as_cr_digits
+
+# The user is always right.
+if test "${PATH_SEPARATOR+set}" != set; then
+  echo "#! /bin/sh" >conf$$.sh
+  echo  "exit 0"   >>conf$$.sh
+  chmod +x conf$$.sh
+  if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then
+    PATH_SEPARATOR=';'
+  else
+    PATH_SEPARATOR=:
+  fi
+  rm -f conf$$.sh
+fi
+
+
+  as_lineno_1=$LINENO
+  as_lineno_2=$LINENO
+  as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null`
+  test "x$as_lineno_1" != "x$as_lineno_2" &&
+  test "x$as_lineno_3"  = "x$as_lineno_2"  || {
+  # Find who we are.  Look in the path if we contain no path at all
+  # relative or not.
+  case $0 in
+    *[\\/]* ) as_myself=$0 ;;
+    *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
+done
+
+       ;;
+  esac
+  # We did not find ourselves, most probably we were run as `sh COMMAND'
+  # in which case we are not to be found in the path.
+  if test "x$as_myself" = x; then
+    as_myself=$0
+  fi
+  if test ! -f "$as_myself"; then
+    { { echo "$as_me:$LINENO: error: cannot find myself; rerun with an absolute path" >&5
+echo "$as_me: error: cannot find myself; rerun with an absolute path" >&2;}
+   { (exit 1); exit 1; }; }
+  fi
+  case $CONFIG_SHELL in
+  '')
+    as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  for as_base in sh bash ksh sh5; do
+	 case $as_dir in
+	 /*)
+	   if ("$as_dir/$as_base" -c '
+  as_lineno_1=$LINENO
+  as_lineno_2=$LINENO
+  as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null`
+  test "x$as_lineno_1" != "x$as_lineno_2" &&
+  test "x$as_lineno_3"  = "x$as_lineno_2" ') 2>/dev/null; then
+	     $as_unset BASH_ENV || test "${BASH_ENV+set}" != set || { BASH_ENV=; export BASH_ENV; }
+	     $as_unset ENV || test "${ENV+set}" != set || { ENV=; export ENV; }
+	     CONFIG_SHELL=$as_dir/$as_base
+	     export CONFIG_SHELL
+	     exec "$CONFIG_SHELL" "$0" ${1+"$@"}
+	   fi;;
+	 esac
+       done
+done
+;;
+  esac
+
+  # Create $as_me.lineno as a copy of $as_myself, but with $LINENO
+  # uniformly replaced by the line number.  The first 'sed' inserts a
+  # line-number line before each line; the second 'sed' does the real
+  # work.  The second script uses 'N' to pair each line-number line
+  # with the numbered line, and appends trailing '-' during
+  # substitution so that $LINENO is not a special case at line end.
+  # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the
+  # second 'sed' script.  Blame Lee E. McMahon for sed's syntax.  :-)
+  sed '=' <$as_myself |
+    sed '
+      N
+      s,$,-,
+      : loop
+      s,^\(['$as_cr_digits']*\)\(.*\)[$]LINENO\([^'$as_cr_alnum'_]\),\1\2\1\3,
+      t loop
+      s,-$,,
+      s,^['$as_cr_digits']*\n,,
+    ' >$as_me.lineno &&
+  chmod +x $as_me.lineno ||
+    { { echo "$as_me:$LINENO: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&5
+echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2;}
+   { (exit 1); exit 1; }; }
+
+  # Don't try to exec as it changes $[0], causing all sort of problems
+  # (the dirname of $[0] is not the place where we might find the
+  # original and so on.  Autoconf is especially sensible to this).
+  . ./$as_me.lineno
+  # Exit status is that of the last command.
+  exit
+}
+
+
+case `echo "testing\c"; echo 1,2,3`,`echo -n testing; echo 1,2,3` in
+  *c*,-n*) ECHO_N= ECHO_C='
+' ECHO_T='	' ;;
+  *c*,*  ) ECHO_N=-n ECHO_C= ECHO_T= ;;
+  *)       ECHO_N= ECHO_C='\c' ECHO_T= ;;
+esac
+
+if expr a : '\(a\)' >/dev/null 2>&1; then
+  as_expr=expr
+else
+  as_expr=false
+fi
+
+rm -f conf$$ conf$$.exe conf$$.file
+echo >conf$$.file
+if ln -s conf$$.file conf$$ 2>/dev/null; then
+  # We could just check for DJGPP; but this test a) works b) is more generic
+  # and c) will remain valid once DJGPP supports symlinks (DJGPP 2.04).
+  if test -f conf$$.exe; then
+    # Don't use ln at all; we don't have any links
+    as_ln_s='cp -p'
+  else
+    as_ln_s='ln -s'
+  fi
+elif ln conf$$.file conf$$ 2>/dev/null; then
+  as_ln_s=ln
+else
+  as_ln_s='cp -p'
+fi
+rm -f conf$$ conf$$.exe conf$$.file
+
+if mkdir -p . 2>/dev/null; then
+  as_mkdir_p=:
+else
+  test -d ./-p && rmdir ./-p
+  as_mkdir_p=false
+fi
+
+as_executable_p="test -f"
+
+# Sed expression to map a string onto a valid CPP name.
+as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
+
+# Sed expression to map a string onto a valid variable name.
+as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
+
+
+# IFS
+# We need space, tab and new line, in precisely that order.
+as_nl='
+'
+IFS=" 	$as_nl"
+
+# CDPATH.
+$as_unset CDPATH
+
+exec 6>&1
+
+# Open the log real soon, to keep \$[0] and so on meaningful, and to
+# report actual input values of CONFIG_FILES etc. instead of their
+# values after options handling.  Logging --version etc. is OK.
+exec 5>>config.log
+{
+  echo
+  sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX
+## Running $as_me. ##
+_ASBOX
+} >&5
+cat >&5 <<_CSEOF
+
+This file was extended by ZKT $as_me 0.97, which was
+generated by GNU Autoconf 2.59.  Invocation command line was
+
+  CONFIG_FILES    = $CONFIG_FILES
+  CONFIG_HEADERS  = $CONFIG_HEADERS
+  CONFIG_LINKS    = $CONFIG_LINKS
+  CONFIG_COMMANDS = $CONFIG_COMMANDS
+  $ $0 $@
+
+_CSEOF
+echo "on `(hostname || uname -n) 2>/dev/null | sed 1q`" >&5
+echo >&5
+_ACEOF
+
+# Files that config.status was made for.
+if test -n "$ac_config_files"; then
+  echo "config_files=\"$ac_config_files\"" >>$CONFIG_STATUS
+fi
+
+if test -n "$ac_config_headers"; then
+  echo "config_headers=\"$ac_config_headers\"" >>$CONFIG_STATUS
+fi
+
+if test -n "$ac_config_links"; then
+  echo "config_links=\"$ac_config_links\"" >>$CONFIG_STATUS
+fi
+
+if test -n "$ac_config_commands"; then
+  echo "config_commands=\"$ac_config_commands\"" >>$CONFIG_STATUS
+fi
+
+cat >>$CONFIG_STATUS <<\_ACEOF
+
+ac_cs_usage="\
+\`$as_me' instantiates files from templates according to the
+current configuration.
+
+Usage: $0 [OPTIONS] [FILE]...
+
+  -h, --help       print this help, then exit
+  -V, --version    print version number, then exit
+  -q, --quiet      do not print progress messages
+  -d, --debug      don't remove temporary files
+      --recheck    update $as_me by reconfiguring in the same conditions
+  --file=FILE[:TEMPLATE]
+		   instantiate the configuration file FILE
+  --header=FILE[:TEMPLATE]
+		   instantiate the configuration header FILE
+
+Configuration files:
+$config_files
+
+Configuration headers:
+$config_headers
+
+Report bugs to <bug-autoconf@gnu.org>."
+_ACEOF
+
+cat >>$CONFIG_STATUS <<_ACEOF
+ac_cs_version="\\
+ZKT config.status 0.97
+configured by $0, generated by GNU Autoconf 2.59,
+  with options \\"`echo "$ac_configure_args" | sed 's/[\\""\`\$]/\\\\&/g'`\\"
+
+Copyright (C) 2003 Free Software Foundation, Inc.
+This config.status script is free software; the Free Software Foundation
+gives unlimited permission to copy, distribute and modify it."
+srcdir=$srcdir
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF
+# If no file are specified by the user, then we need to provide default
+# value.  By we need to know if files were specified by the user.
+ac_need_defaults=:
+while test $# != 0
+do
+  case $1 in
+  --*=*)
+    ac_option=`expr "x$1" : 'x\([^=]*\)='`
+    ac_optarg=`expr "x$1" : 'x[^=]*=\(.*\)'`
+    ac_shift=:
+    ;;
+  -*)
+    ac_option=$1
+    ac_optarg=$2
+    ac_shift=shift
+    ;;
+  *) # This is not an option, so the user has probably given explicit
+     # arguments.
+     ac_option=$1
+     ac_need_defaults=false;;
+  esac
+
+  case $ac_option in
+  # Handling of the options.
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF
+  -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r)
+    ac_cs_recheck=: ;;
+  --version | --vers* | -V )
+    echo "$ac_cs_version"; exit 0 ;;
+  --he | --h)
+    # Conflict between --help and --header
+    { { echo "$as_me:$LINENO: error: ambiguous option: $1
+Try \`$0 --help' for more information." >&5
+echo "$as_me: error: ambiguous option: $1
+Try \`$0 --help' for more information." >&2;}
+   { (exit 1); exit 1; }; };;
+  --help | --hel | -h )
+    echo "$ac_cs_usage"; exit 0 ;;
+  --debug | --d* | -d )
+    debug=: ;;
+  --file | --fil | --fi | --f )
+    $ac_shift
+    CONFIG_FILES="$CONFIG_FILES $ac_optarg"
+    ac_need_defaults=false;;
+  --header | --heade | --head | --hea )
+    $ac_shift
+    CONFIG_HEADERS="$CONFIG_HEADERS $ac_optarg"
+    ac_need_defaults=false;;
+  -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+  | -silent | --silent | --silen | --sile | --sil | --si | --s)
+    ac_cs_silent=: ;;
+
+  # This is an error.
+  -*) { { echo "$as_me:$LINENO: error: unrecognized option: $1
+Try \`$0 --help' for more information." >&5
+echo "$as_me: error: unrecognized option: $1
+Try \`$0 --help' for more information." >&2;}
+   { (exit 1); exit 1; }; } ;;
+
+  *) ac_config_targets="$ac_config_targets $1" ;;
+
+  esac
+  shift
+done
+
+ac_configure_extra_args=
+
+if $ac_cs_silent; then
+  exec 6>/dev/null
+  ac_configure_extra_args="$ac_configure_extra_args --silent"
+fi
+
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF
+if \$ac_cs_recheck; then
+  echo "running $SHELL $0 " $ac_configure_args \$ac_configure_extra_args " --no-create --no-recursion" >&6
+  exec $SHELL $0 $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion
+fi
+
+_ACEOF
+
+
+
+
+
+cat >>$CONFIG_STATUS <<\_ACEOF
+for ac_config_target in $ac_config_targets
+do
+  case "$ac_config_target" in
+  # Handling of arguments.
+  "Makefile" ) CONFIG_FILES="$CONFIG_FILES Makefile" ;;
+  "config.h" ) CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;;
+  *) { { echo "$as_me:$LINENO: error: invalid argument: $ac_config_target" >&5
+echo "$as_me: error: invalid argument: $ac_config_target" >&2;}
+   { (exit 1); exit 1; }; };;
+  esac
+done
+
+# If the user did not use the arguments to specify the items to instantiate,
+# then the envvar interface is used.  Set only those that are not.
+# We use the long form for the default assignment because of an extremely
+# bizarre bug on SunOS 4.1.3.
+if $ac_need_defaults; then
+  test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files
+  test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers
+fi
+
+# Have a temporary directory for convenience.  Make it in the build tree
+# simply because there is no reason to put it here, and in addition,
+# creating and moving files from /tmp can sometimes cause problems.
+# Create a temporary directory, and hook for its removal unless debugging.
+$debug ||
+{
+  trap 'exit_status=$?; rm -rf $tmp && exit $exit_status' 0
+  trap '{ (exit 1); exit 1; }' 1 2 13 15
+}
+
+# Create a (secure) tmp directory for tmp files.
+
+{
+  tmp=`(umask 077 && mktemp -d -q "./confstatXXXXXX") 2>/dev/null` &&
+  test -n "$tmp" && test -d "$tmp"
+}  ||
+{
+  tmp=./confstat$$-$RANDOM
+  (umask 077 && mkdir $tmp)
+} ||
+{
+   echo "$me: cannot create a temporary directory in ." >&2
+   { (exit 1); exit 1; }
+}
+
+_ACEOF
+
+cat >>$CONFIG_STATUS <<_ACEOF
+
+#
+# CONFIG_FILES section.
+#
+
+# No need to generate the scripts if there are no CONFIG_FILES.
+# This happens for instance when ./config.status config.h
+if test -n "\$CONFIG_FILES"; then
+  # Protect against being on the right side of a sed subst in config.status.
+  sed 's/,@/@@/; s/@,/@@/; s/,;t t\$/@;t t/; /@;t t\$/s/[\\\\&,]/\\\\&/g;
+   s/@@/,@/; s/@@/@,/; s/@;t t\$/,;t t/' >\$tmp/subs.sed <<\\CEOF
+s,@SHELL@,$SHELL,;t t
+s,@PATH_SEPARATOR@,$PATH_SEPARATOR,;t t
+s,@PACKAGE_NAME@,$PACKAGE_NAME,;t t
+s,@PACKAGE_TARNAME@,$PACKAGE_TARNAME,;t t
+s,@PACKAGE_VERSION@,$PACKAGE_VERSION,;t t
+s,@PACKAGE_STRING@,$PACKAGE_STRING,;t t
+s,@PACKAGE_BUGREPORT@,$PACKAGE_BUGREPORT,;t t
+s,@exec_prefix@,$exec_prefix,;t t
+s,@prefix@,$prefix,;t t
+s,@program_transform_name@,$program_transform_name,;t t
+s,@bindir@,$bindir,;t t
+s,@sbindir@,$sbindir,;t t
+s,@libexecdir@,$libexecdir,;t t
+s,@datadir@,$datadir,;t t
+s,@sysconfdir@,$sysconfdir,;t t
+s,@sharedstatedir@,$sharedstatedir,;t t
+s,@localstatedir@,$localstatedir,;t t
+s,@libdir@,$libdir,;t t
+s,@includedir@,$includedir,;t t
+s,@oldincludedir@,$oldincludedir,;t t
+s,@infodir@,$infodir,;t t
+s,@mandir@,$mandir,;t t
+s,@build_alias@,$build_alias,;t t
+s,@host_alias@,$host_alias,;t t
+s,@target_alias@,$target_alias,;t t
+s,@DEFS@,$DEFS,;t t
+s,@ECHO_C@,$ECHO_C,;t t
+s,@ECHO_N@,$ECHO_N,;t t
+s,@ECHO_T@,$ECHO_T,;t t
+s,@LIBS@,$LIBS,;t t
+s,@CC@,$CC,;t t
+s,@CFLAGS@,$CFLAGS,;t t
+s,@LDFLAGS@,$LDFLAGS,;t t
+s,@CPPFLAGS@,$CPPFLAGS,;t t
+s,@ac_ct_CC@,$ac_ct_CC,;t t
+s,@EXEEXT@,$EXEEXT,;t t
+s,@OBJEXT@,$OBJEXT,;t t
+s,@SIGNZONE_PROG@,$SIGNZONE_PROG,;t t
+s,@CPP@,$CPP,;t t
+s,@EGREP@,$EGREP,;t t
+s,@LIBOBJS@,$LIBOBJS,;t t
+s,@LTLIBOBJS@,$LTLIBOBJS,;t t
+CEOF
+
+_ACEOF
+
+  cat >>$CONFIG_STATUS <<\_ACEOF
+  # Split the substitutions into bite-sized pieces for seds with
+  # small command number limits, like on Digital OSF/1 and HP-UX.
+  ac_max_sed_lines=48
+  ac_sed_frag=1 # Number of current file.
+  ac_beg=1 # First line for current file.
+  ac_end=$ac_max_sed_lines # Line after last line for current file.
+  ac_more_lines=:
+  ac_sed_cmds=
+  while $ac_more_lines; do
+    if test $ac_beg -gt 1; then
+      sed "1,${ac_beg}d; ${ac_end}q" $tmp/subs.sed >$tmp/subs.frag
+    else
+      sed "${ac_end}q" $tmp/subs.sed >$tmp/subs.frag
+    fi
+    if test ! -s $tmp/subs.frag; then
+      ac_more_lines=false
+    else
+      # The purpose of the label and of the branching condition is to
+      # speed up the sed processing (if there are no `@' at all, there
+      # is no need to browse any of the substitutions).
+      # These are the two extra sed commands mentioned above.
+      (echo ':t
+  /@[a-zA-Z_][a-zA-Z_0-9]*@/!b' && cat $tmp/subs.frag) >$tmp/subs-$ac_sed_frag.sed
+      if test -z "$ac_sed_cmds"; then
+	ac_sed_cmds="sed -f $tmp/subs-$ac_sed_frag.sed"
+      else
+	ac_sed_cmds="$ac_sed_cmds | sed -f $tmp/subs-$ac_sed_frag.sed"
+      fi
+      ac_sed_frag=`expr $ac_sed_frag + 1`
+      ac_beg=$ac_end
+      ac_end=`expr $ac_end + $ac_max_sed_lines`
+    fi
+  done
+  if test -z "$ac_sed_cmds"; then
+    ac_sed_cmds=cat
+  fi
+fi # test -n "$CONFIG_FILES"
+
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF
+for ac_file in : $CONFIG_FILES; do test "x$ac_file" = x: && continue
+  # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in".
+  case $ac_file in
+  - | *:- | *:-:* ) # input from stdin
+	cat >$tmp/stdin
+	ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'`
+	ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;;
+  *:* ) ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'`
+	ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;;
+  * )   ac_file_in=$ac_file.in ;;
+  esac
+
+  # Compute @srcdir@, @top_srcdir@, and @INSTALL@ for subdirectories.
+  ac_dir=`(dirname "$ac_file") 2>/dev/null ||
+$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$ac_file" : 'X\(//\)[^/]' \| \
+	 X"$ac_file" : 'X\(//\)$' \| \
+	 X"$ac_file" : 'X\(/\)' \| \
+	 .     : '\(.\)' 2>/dev/null ||
+echo X"$ac_file" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
+  	  /^X\(\/\/\)[^/].*/{ s//\1/; q; }
+  	  /^X\(\/\/\)$/{ s//\1/; q; }
+  	  /^X\(\/\).*/{ s//\1/; q; }
+  	  s/.*/./; q'`
+  { if $as_mkdir_p; then
+    mkdir -p "$ac_dir"
+  else
+    as_dir="$ac_dir"
+    as_dirs=
+    while test ! -d "$as_dir"; do
+      as_dirs="$as_dir $as_dirs"
+      as_dir=`(dirname "$as_dir") 2>/dev/null ||
+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$as_dir" : 'X\(//\)[^/]' \| \
+	 X"$as_dir" : 'X\(//\)$' \| \
+	 X"$as_dir" : 'X\(/\)' \| \
+	 .     : '\(.\)' 2>/dev/null ||
+echo X"$as_dir" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
+  	  /^X\(\/\/\)[^/].*/{ s//\1/; q; }
+  	  /^X\(\/\/\)$/{ s//\1/; q; }
+  	  /^X\(\/\).*/{ s//\1/; q; }
+  	  s/.*/./; q'`
+    done
+    test ! -n "$as_dirs" || mkdir $as_dirs
+  fi || { { echo "$as_me:$LINENO: error: cannot create directory \"$ac_dir\"" >&5
+echo "$as_me: error: cannot create directory \"$ac_dir\"" >&2;}
+   { (exit 1); exit 1; }; }; }
+
+  ac_builddir=.
+
+if test "$ac_dir" != .; then
+  ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'`
+  # A "../" for each directory in $ac_dir_suffix.
+  ac_top_builddir=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,../,g'`
+else
+  ac_dir_suffix= ac_top_builddir=
+fi
+
+case $srcdir in
+  .)  # No --srcdir option.  We are building in place.
+    ac_srcdir=.
+    if test -z "$ac_top_builddir"; then
+       ac_top_srcdir=.
+    else
+       ac_top_srcdir=`echo $ac_top_builddir | sed 's,/$,,'`
+    fi ;;
+  [\\/]* | ?:[\\/]* )  # Absolute path.
+    ac_srcdir=$srcdir$ac_dir_suffix;
+    ac_top_srcdir=$srcdir ;;
+  *) # Relative path.
+    ac_srcdir=$ac_top_builddir$srcdir$ac_dir_suffix
+    ac_top_srcdir=$ac_top_builddir$srcdir ;;
+esac
+
+# Do not use `cd foo && pwd` to compute absolute paths, because
+# the directories may not exist.
+case `pwd` in
+.) ac_abs_builddir="$ac_dir";;
+*)
+  case "$ac_dir" in
+  .) ac_abs_builddir=`pwd`;;
+  [\\/]* | ?:[\\/]* ) ac_abs_builddir="$ac_dir";;
+  *) ac_abs_builddir=`pwd`/"$ac_dir";;
+  esac;;
+esac
+case $ac_abs_builddir in
+.) ac_abs_top_builddir=${ac_top_builddir}.;;
+*)
+  case ${ac_top_builddir}. in
+  .) ac_abs_top_builddir=$ac_abs_builddir;;
+  [\\/]* | ?:[\\/]* ) ac_abs_top_builddir=${ac_top_builddir}.;;
+  *) ac_abs_top_builddir=$ac_abs_builddir/${ac_top_builddir}.;;
+  esac;;
+esac
+case $ac_abs_builddir in
+.) ac_abs_srcdir=$ac_srcdir;;
+*)
+  case $ac_srcdir in
+  .) ac_abs_srcdir=$ac_abs_builddir;;
+  [\\/]* | ?:[\\/]* ) ac_abs_srcdir=$ac_srcdir;;
+  *) ac_abs_srcdir=$ac_abs_builddir/$ac_srcdir;;
+  esac;;
+esac
+case $ac_abs_builddir in
+.) ac_abs_top_srcdir=$ac_top_srcdir;;
+*)
+  case $ac_top_srcdir in
+  .) ac_abs_top_srcdir=$ac_abs_builddir;;
+  [\\/]* | ?:[\\/]* ) ac_abs_top_srcdir=$ac_top_srcdir;;
+  *) ac_abs_top_srcdir=$ac_abs_builddir/$ac_top_srcdir;;
+  esac;;
+esac
+
+
+
+  if test x"$ac_file" != x-; then
+    { echo "$as_me:$LINENO: creating $ac_file" >&5
+echo "$as_me: creating $ac_file" >&6;}
+    rm -f "$ac_file"
+  fi
+  # Let's still pretend it is `configure' which instantiates (i.e., don't
+  # use $as_me), people would be surprised to read:
+  #    /* config.h.  Generated by config.status.  */
+  if test x"$ac_file" = x-; then
+    configure_input=
+  else
+    configure_input="$ac_file.  "
+  fi
+  configure_input=$configure_input"Generated from `echo $ac_file_in |
+				     sed 's,.*/,,'` by configure."
+
+  # First look for the input files in the build tree, otherwise in the
+  # src tree.
+  ac_file_inputs=`IFS=:
+    for f in $ac_file_in; do
+      case $f in
+      -) echo $tmp/stdin ;;
+      [\\/$]*)
+	 # Absolute (can't be DOS-style, as IFS=:)
+	 test -f "$f" || { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5
+echo "$as_me: error: cannot find input file: $f" >&2;}
+   { (exit 1); exit 1; }; }
+	 echo "$f";;
+      *) # Relative
+	 if test -f "$f"; then
+	   # Build tree
+	   echo "$f"
+	 elif test -f "$srcdir/$f"; then
+	   # Source tree
+	   echo "$srcdir/$f"
+	 else
+	   # /dev/null tree
+	   { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5
+echo "$as_me: error: cannot find input file: $f" >&2;}
+   { (exit 1); exit 1; }; }
+	 fi;;
+      esac
+    done` || { (exit 1); exit 1; }
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF
+  sed "$ac_vpsub
+$extrasub
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF
+:t
+/@[a-zA-Z_][a-zA-Z_0-9]*@/!b
+s,@configure_input@,$configure_input,;t t
+s,@srcdir@,$ac_srcdir,;t t
+s,@abs_srcdir@,$ac_abs_srcdir,;t t
+s,@top_srcdir@,$ac_top_srcdir,;t t
+s,@abs_top_srcdir@,$ac_abs_top_srcdir,;t t
+s,@builddir@,$ac_builddir,;t t
+s,@abs_builddir@,$ac_abs_builddir,;t t
+s,@top_builddir@,$ac_top_builddir,;t t
+s,@abs_top_builddir@,$ac_abs_top_builddir,;t t
+" $ac_file_inputs | (eval "$ac_sed_cmds") >$tmp/out
+  rm -f $tmp/stdin
+  if test x"$ac_file" != x-; then
+    mv $tmp/out $ac_file
+  else
+    cat $tmp/out
+    rm -f $tmp/out
+  fi
+
+done
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF
+
+#
+# CONFIG_HEADER section.
+#
+
+# These sed commands are passed to sed as "A NAME B NAME C VALUE D", where
+# NAME is the cpp macro being defined and VALUE is the value it is being given.
+#
+# ac_d sets the value in "#define NAME VALUE" lines.
+ac_dA='s,^\([	 ]*\)#\([	 ]*define[	 ][	 ]*\)'
+ac_dB='[	 ].*$,\1#\2'
+ac_dC=' '
+ac_dD=',;t'
+# ac_u turns "#undef NAME" without trailing blanks into "#define NAME VALUE".
+ac_uA='s,^\([	 ]*\)#\([	 ]*\)undef\([	 ][	 ]*\)'
+ac_uB='$,\1#\2define\3'
+ac_uC=' '
+ac_uD=',;t'
+
+for ac_file in : $CONFIG_HEADERS; do test "x$ac_file" = x: && continue
+  # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in".
+  case $ac_file in
+  - | *:- | *:-:* ) # input from stdin
+	cat >$tmp/stdin
+	ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'`
+	ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;;
+  *:* ) ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'`
+	ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;;
+  * )   ac_file_in=$ac_file.in ;;
+  esac
+
+  test x"$ac_file" != x- && { echo "$as_me:$LINENO: creating $ac_file" >&5
+echo "$as_me: creating $ac_file" >&6;}
+
+  # First look for the input files in the build tree, otherwise in the
+  # src tree.
+  ac_file_inputs=`IFS=:
+    for f in $ac_file_in; do
+      case $f in
+      -) echo $tmp/stdin ;;
+      [\\/$]*)
+	 # Absolute (can't be DOS-style, as IFS=:)
+	 test -f "$f" || { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5
+echo "$as_me: error: cannot find input file: $f" >&2;}
+   { (exit 1); exit 1; }; }
+	 # Do quote $f, to prevent DOS paths from being IFS'd.
+	 echo "$f";;
+      *) # Relative
+	 if test -f "$f"; then
+	   # Build tree
+	   echo "$f"
+	 elif test -f "$srcdir/$f"; then
+	   # Source tree
+	   echo "$srcdir/$f"
+	 else
+	   # /dev/null tree
+	   { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5
+echo "$as_me: error: cannot find input file: $f" >&2;}
+   { (exit 1); exit 1; }; }
+	 fi;;
+      esac
+    done` || { (exit 1); exit 1; }
+  # Remove the trailing spaces.
+  sed 's/[	 ]*$//' $ac_file_inputs >$tmp/in
+
+_ACEOF
+
+# Transform confdefs.h into two sed scripts, `conftest.defines' and
+# `conftest.undefs', that substitutes the proper values into
+# config.h.in to produce config.h.  The first handles `#define'
+# templates, and the second `#undef' templates.
+# And first: Protect against being on the right side of a sed subst in
+# config.status.  Protect against being in an unquoted here document
+# in config.status.
+rm -f conftest.defines conftest.undefs
+# Using a here document instead of a string reduces the quoting nightmare.
+# Putting comments in sed scripts is not portable.
+#
+# `end' is used to avoid that the second main sed command (meant for
+# 0-ary CPP macros) applies to n-ary macro definitions.
+# See the Autoconf documentation for `clear'.
+cat >confdef2sed.sed <<\_ACEOF
+s/[\\&,]/\\&/g
+s,[\\$`],\\&,g
+t clear
+: clear
+s,^[	 ]*#[	 ]*define[	 ][	 ]*\([^	 (][^	 (]*\)\(([^)]*)\)[	 ]*\(.*\)$,${ac_dA}\1${ac_dB}\1\2${ac_dC}\3${ac_dD},gp
+t end
+s,^[	 ]*#[	 ]*define[	 ][	 ]*\([^	 ][^	 ]*\)[	 ]*\(.*\)$,${ac_dA}\1${ac_dB}\1${ac_dC}\2${ac_dD},gp
+: end
+_ACEOF
+# If some macros were called several times there might be several times
+# the same #defines, which is useless.  Nevertheless, we may not want to
+# sort them, since we want the *last* AC-DEFINE to be honored.
+uniq confdefs.h | sed -n -f confdef2sed.sed >conftest.defines
+sed 's/ac_d/ac_u/g' conftest.defines >conftest.undefs
+rm -f confdef2sed.sed
+
+# This sed command replaces #undef with comments.  This is necessary, for
+# example, in the case of _POSIX_SOURCE, which is predefined and required
+# on some systems where configure will not decide to define it.
+cat >>conftest.undefs <<\_ACEOF
+s,^[	 ]*#[	 ]*undef[	 ][	 ]*[a-zA-Z_][a-zA-Z_0-9]*,/* & */,
+_ACEOF
+
+# Break up conftest.defines because some shells have a limit on the size
+# of here documents, and old seds have small limits too (100 cmds).
+echo '  # Handle all the #define templates only if necessary.' >>$CONFIG_STATUS
+echo '  if grep "^[	 ]*#[	 ]*define" $tmp/in >/dev/null; then' >>$CONFIG_STATUS
+echo '  # If there are no defines, we may have an empty if/fi' >>$CONFIG_STATUS
+echo '  :' >>$CONFIG_STATUS
+rm -f conftest.tail
+while grep . conftest.defines >/dev/null
+do
+  # Write a limited-size here document to $tmp/defines.sed.
+  echo '  cat >$tmp/defines.sed <<CEOF' >>$CONFIG_STATUS
+  # Speed up: don't consider the non `#define' lines.
+  echo '/^[	 ]*#[	 ]*define/!b' >>$CONFIG_STATUS
+  # Work around the forget-to-reset-the-flag bug.
+  echo 't clr' >>$CONFIG_STATUS
+  echo ': clr' >>$CONFIG_STATUS
+  sed ${ac_max_here_lines}q conftest.defines >>$CONFIG_STATUS
+  echo 'CEOF
+  sed -f $tmp/defines.sed $tmp/in >$tmp/out
+  rm -f $tmp/in
+  mv $tmp/out $tmp/in
+' >>$CONFIG_STATUS
+  sed 1,${ac_max_here_lines}d conftest.defines >conftest.tail
+  rm -f conftest.defines
+  mv conftest.tail conftest.defines
+done
+rm -f conftest.defines
+echo '  fi # grep' >>$CONFIG_STATUS
+echo >>$CONFIG_STATUS
+
+# Break up conftest.undefs because some shells have a limit on the size
+# of here documents, and old seds have small limits too (100 cmds).
+echo '  # Handle all the #undef templates' >>$CONFIG_STATUS
+rm -f conftest.tail
+while grep . conftest.undefs >/dev/null
+do
+  # Write a limited-size here document to $tmp/undefs.sed.
+  echo '  cat >$tmp/undefs.sed <<CEOF' >>$CONFIG_STATUS
+  # Speed up: don't consider the non `#undef'
+  echo '/^[	 ]*#[	 ]*undef/!b' >>$CONFIG_STATUS
+  # Work around the forget-to-reset-the-flag bug.
+  echo 't clr' >>$CONFIG_STATUS
+  echo ': clr' >>$CONFIG_STATUS
+  sed ${ac_max_here_lines}q conftest.undefs >>$CONFIG_STATUS
+  echo 'CEOF
+  sed -f $tmp/undefs.sed $tmp/in >$tmp/out
+  rm -f $tmp/in
+  mv $tmp/out $tmp/in
+' >>$CONFIG_STATUS
+  sed 1,${ac_max_here_lines}d conftest.undefs >conftest.tail
+  rm -f conftest.undefs
+  mv conftest.tail conftest.undefs
+done
+rm -f conftest.undefs
+
+cat >>$CONFIG_STATUS <<\_ACEOF
+  # Let's still pretend it is `configure' which instantiates (i.e., don't
+  # use $as_me), people would be surprised to read:
+  #    /* config.h.  Generated by config.status.  */
+  if test x"$ac_file" = x-; then
+    echo "/* Generated by configure.  */" >$tmp/config.h
+  else
+    echo "/* $ac_file.  Generated by configure.  */" >$tmp/config.h
+  fi
+  cat $tmp/in >>$tmp/config.h
+  rm -f $tmp/in
+  if test x"$ac_file" != x-; then
+    if diff $ac_file $tmp/config.h >/dev/null 2>&1; then
+      { echo "$as_me:$LINENO: $ac_file is unchanged" >&5
+echo "$as_me: $ac_file is unchanged" >&6;}
+    else
+      ac_dir=`(dirname "$ac_file") 2>/dev/null ||
+$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$ac_file" : 'X\(//\)[^/]' \| \
+	 X"$ac_file" : 'X\(//\)$' \| \
+	 X"$ac_file" : 'X\(/\)' \| \
+	 .     : '\(.\)' 2>/dev/null ||
+echo X"$ac_file" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
+  	  /^X\(\/\/\)[^/].*/{ s//\1/; q; }
+  	  /^X\(\/\/\)$/{ s//\1/; q; }
+  	  /^X\(\/\).*/{ s//\1/; q; }
+  	  s/.*/./; q'`
+      { if $as_mkdir_p; then
+    mkdir -p "$ac_dir"
+  else
+    as_dir="$ac_dir"
+    as_dirs=
+    while test ! -d "$as_dir"; do
+      as_dirs="$as_dir $as_dirs"
+      as_dir=`(dirname "$as_dir") 2>/dev/null ||
+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$as_dir" : 'X\(//\)[^/]' \| \
+	 X"$as_dir" : 'X\(//\)$' \| \
+	 X"$as_dir" : 'X\(/\)' \| \
+	 .     : '\(.\)' 2>/dev/null ||
+echo X"$as_dir" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; }
+  	  /^X\(\/\/\)[^/].*/{ s//\1/; q; }
+  	  /^X\(\/\/\)$/{ s//\1/; q; }
+  	  /^X\(\/\).*/{ s//\1/; q; }
+  	  s/.*/./; q'`
+    done
+    test ! -n "$as_dirs" || mkdir $as_dirs
+  fi || { { echo "$as_me:$LINENO: error: cannot create directory \"$ac_dir\"" >&5
+echo "$as_me: error: cannot create directory \"$ac_dir\"" >&2;}
+   { (exit 1); exit 1; }; }; }
+
+      rm -f $ac_file
+      mv $tmp/config.h $ac_file
+    fi
+  else
+    cat $tmp/config.h
+    rm -f $tmp/config.h
+  fi
+done
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF
+
+{ (exit 0); exit 0; }
+_ACEOF
+chmod +x $CONFIG_STATUS
+ac_clean_files=$ac_clean_files_save
+
+
+# configure is writing to config.log, and then calls config.status.
+# config.status does its own redirection, appending to config.log.
+# Unfortunately, on DOS this fails, as config.log is still kept open
+# by configure, so config.status won't be able to write to it; its
+# output is simply discarded.  So we exec the FD to /dev/null,
+# effectively closing config.log, so it can be properly (re)opened and
+# appended to by config.status.  When coming back to configure, we
+# need to make the FD available again.
+if test "$no_create" != yes; then
+  ac_cs_success=:
+  ac_config_status_args=
+  test "$silent" = yes &&
+    ac_config_status_args="$ac_config_status_args --quiet"
+  exec 5>/dev/null
+  $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false
+  exec 5>>config.log
+  # Use ||, not &&, to avoid exiting from the if with $? = 1, which
+  # would make configure fail if this is the last instruction.
+  $ac_cs_success || { (exit 1); exit 1; }
+fi
+
diff --git a/contrib/zkt/debug.h b/contrib/zkt/debug.h
new file mode 100644
index 0000000..e0c47dc
--- /dev/null
+++ b/contrib/zkt/debug.h
@@ -0,0 +1,66 @@
+/*****************************************************************
+**
+**	@(#) debug.h -- macros for debug messages
+**
+**	compile with cc -DDBG to activate
+**
+**	Copyright (c) Jan 2005, Holger Zuleger HZnet. All rights reserved.
+**
+**	This software is open source.
+**
+**	Redistribution and use in source and binary forms, with or without
+**	modification, are permitted provided that the following conditions
+**	are met:
+**
+**	Redistributions of source code must retain the above copyright notice,
+**	this list of conditions and the following disclaimer.
+**
+**	Redistributions in binary form must reproduce the above copyright notice,
+**	this list of conditions and the following disclaimer in the documentation
+**	and/or other materials provided with the distribution.
+**
+**	Neither the name of Holger Zuleger HZnet nor the names of its contributors may
+**	be used to endorse or promote products derived from this software without
+**	specific prior written permission.
+**
+**	THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+**	"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+**	TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+**	PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
+**	LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+**	CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+**	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+**	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+**	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+**	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+**	POSSIBILITY OF SUCH DAMAGE.
+**
+*****************************************************************/
+#ifndef DEBUG_H
+# define DEBUG_H
+
+# ifdef DBG
+#  define	dbg_line()	fprintf (stderr, "DBG: %s(%d) reached\n", __FILE__, __LINE__)
+#  define	dbg_msg(msg)	fprintf (stderr, "DBG: %s(%d) %s\n", __FILE__, __LINE__, msg)
+#  define	dbg_val0(text)	fprintf (stderr, "DBG: %s(%d) %s", __FILE__, __LINE__, text)
+#  define	dbg_val1(fmt, var)	dbg_val (fmt, var)
+#  define	dbg_val(fmt, var)	fprintf (stderr, "DBG: %s(%d) " fmt, __FILE__, __LINE__, var)
+#  define	dbg_val2(fmt, v1, v2)	fprintf (stderr, "DBG: %s(%d) " fmt, __FILE__, __LINE__, v1, v2)
+#  define	dbg_val3(fmt, v1, v2, v3)	fprintf (stderr, "DBG: %s(%d) " fmt, __FILE__, __LINE__, v1, v2, v3)
+#  define	dbg_val4(fmt, v1, v2, v3, v4)	fprintf (stderr, "DBG: %s(%d) " fmt, __FILE__, __LINE__, v1, v2, v3, v4)
+#  define	dbg_val5(fmt, v1, v2, v3, v4, v5)	fprintf (stderr, "DBG: %s(%d) " fmt, __FILE__, __LINE__, v1, v2, v3, v4, v5)
+#  define	dbg_val6(fmt, v1, v2, v3, v4, v5, v6)	fprintf (stderr, "DBG: %s(%d) " fmt, __FILE__, __LINE__, v1, v2, v3, v4, v5, v6)
+# else
+#  define	dbg_line()
+#  define	dbg_msg(msg)
+#  define	dbg_val0(text)
+#  define	dbg_val1(fmt, var)
+#  define	dbg_val(fmt, str)
+#  define	dbg_val2(fmt, v1, v2)
+#  define	dbg_val3(fmt, v1, v2, v3)
+#  define	dbg_val4(fmt, v1, v2, v3, v4)
+#  define	dbg_val5(fmt, v1, v2, v3, v4, v5)
+#  define	dbg_val6(fmt, v1, v2, v3, v4, v5, v6)
+# endif
+
+#endif
diff --git a/contrib/zkt/dki.c b/contrib/zkt/dki.c
new file mode 100644
index 0000000..81498ae
--- /dev/null
+++ b/contrib/zkt/dki.c
@@ -0,0 +1,1185 @@
+/*****************************************************************
+**
+**	@(#) dki.c  (c) Jan 2005  Holger Zuleger  hznet.de
+**
+**	A library for managing BIND dnssec key files.
+**
+**	Copyright (c) Jan 2005, Holger Zuleger HZnet. All rights reserved.
+**
+**	This software is open source.
+**
+**	Redistribution and use in source and binary forms, with or without
+**	modification, are permitted provided that the following conditions
+**	are met:
+**
+**	Redistributions of source code must retain the above copyright notice,
+**	this list of conditions and the following disclaimer.
+**
+**	Redistributions in binary form must reproduce the above copyright notice,
+**	this list of conditions and the following disclaimer in the documentation
+**	and/or other materials provided with the distribution.
+**
+**	Neither the name of Holger Zuleger HZnet nor the names of its contributors may
+**	be used to endorse or promote products derived from this software without
+**	specific prior written permission.
+**
+**	THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+**	"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+**	TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+**	PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
+**	LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+**	CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+**	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+**	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+**	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+**	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+**	POSSIBILITY OF SUCH DAMAGE.
+**
+**
+*****************************************************************/
+
+# include <stdio.h>
+# include <string.h>
+# include <ctype.h>	/* tolower(), ... */
+# include <unistd.h>	/* link(), unlink(), ... */
+# include <stdlib.h>
+# include <sys/types.h>
+# include <sys/time.h>
+# include <sys/stat.h>
+# include <dirent.h>
+# include <assert.h>
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+# include "config_zkt.h"
+# include "debug.h"
+# include "domaincmp.h"
+# include "misc.h"
+# include "zconf.h"
+#define	extern
+# include "dki.h"
+#undef	extern
+
+/*****************************************************************
+**	private (static) function declaration and definition
+*****************************************************************/
+static	char	dki_estr[255+1];
+
+static	dki_t	*dki_alloc ()
+{
+	dki_estr[0] = '\0';
+	dki_t	*dkp = malloc (sizeof (dki_t));
+
+	if ( (dkp = malloc (sizeof (dki_t))) )
+	{
+		memset (dkp, 0, sizeof (dki_t));
+		return dkp;
+	}
+
+	snprintf (dki_estr, sizeof (dki_estr),
+			"dki_alloc: Out of memory");
+	return NULL;
+}
+
+static	int	dki_readfile (FILE *fp, dki_t *dkp)
+{
+	int	algo,	flags,	type;
+	int	c;
+	char	*p;
+	char	buf[4095+1];
+	char	tag[25+1];
+	char	val[14+1];	/* e.g. "YYYYMMDDhhmmss" | "60d" */
+
+	assert (dkp != NULL);
+	assert (fp != NULL);
+
+	while ( (c = getc (fp)) == ';' )	/* line start with comment ? */
+	{	
+		tag[0] = val[0] = '\0';
+		if ( (c = getc (fp)) == '%' )	/* special comment? */
+		{
+			while ( (c = getc (fp)) == ' ' || c == '\t' )
+				;
+			ungetc (c, fp);
+			/* then try to read in the creation, expire and lifetime */
+			if ( fscanf (fp, "%25[a-zA-Z]=%14s", tag, val) == 2 )
+			{
+				dbg_val2 ("dki_readfile: tag=%s val=%s \n", tag, val);
+				switch ( tolower (tag[0]) )
+				{
+				case 'g': dkp->gentime = timestr2time (val);	break;
+				case 'e': dkp->exptime = timestr2time (val);	break;
+				case 'l': dkp->lifetime = atoi (val) * DAYSEC;	break;
+				}
+			}
+		}
+		else
+			ungetc (c, fp);
+		while ( (c = getc (fp)) != EOF && c != '\n' )	/* eat up rest of the line */
+			;
+	}
+	ungetc (c, fp);	/* push back last char */
+
+	if ( fscanf (fp, "%4095s", buf) != 1 )	/* read label */
+		return -1;
+
+	if ( strcmp (buf, dkp->name) != 0 )
+		return -2;
+
+#if defined(TTL_IN_KEYFILE_ALLOWED) && TTL_IN_KEYFILE_ALLOWED
+	/* skip optional TTL value */
+	while ( (c = getc (fp)) != EOF && isspace (c) )	/* skip spaces */
+		;
+	if ( isdigit (c) )				/* skip ttl */
+		fscanf (fp, "%*d");
+	else
+		ungetc (c, fp);				/* oops, no ttl */
+#endif
+
+	if ( (c = fscanf (fp, " IN DNSKEY %d %d %d", &flags, &type, &algo)) != 3 &&
+	     (c = fscanf (fp, "KEY %d %d %d", &flags, &type, &algo)) != 3 )
+		return -3;
+	if ( type != 3 || algo != dkp->algo )
+		return -4;		/* no DNSKEY or algorithm mismatch */
+	if ( ((flags >> 8) & 0xFF) != 01 )
+		return -5;		/* no ZONE key */
+	dkp->flags = flags;
+
+	if ( fgets (buf, sizeof buf, fp) == NULL || buf[0] == '\0' )
+		return -6;
+	p = buf + strlen (buf);
+	*--p = '\0';		/* delete trailing \n */
+	/* delete leading ws */
+	for ( p = buf; *p  && isspace (*p); p++ )
+		;
+
+	dkp->pubkey = strdup (p);
+
+	return 0;
+}
+
+static	int	dki_writeinfo (const dki_t *dkp, const char *path)
+{
+	FILE	*fp;
+
+	assert (dkp != NULL);
+	assert (path != NULL && path[0] != '\0');
+
+	if ( (fp = fopen (path, "w")) == NULL )
+		return 0;
+	dbg_val1 ("dki_writeinfo %s\n", path);
+	if ( dki_prt_dnskey_raw (dkp, fp) == 0 )
+		return 0;
+	fclose (fp);
+	touch (path, dkp->time);	/* restore time of key file */
+
+	return 1;
+}
+
+static	int	dki_setstat (dki_t *dkp, int status, int preserve_time);
+
+/*****************************************************************
+**	public function definition
+*****************************************************************/
+
+/*****************************************************************
+**	dki_free ()
+*****************************************************************/
+void	dki_free (dki_t *dkp)
+{
+	assert (dkp != NULL);
+
+	if ( dkp->pubkey )
+		free (dkp->pubkey);
+	free (dkp);
+}
+
+/*****************************************************************
+**	dki_freelist ()
+*****************************************************************/
+void	dki_freelist (dki_t **listp)
+{
+	dki_t	*curr;
+	dki_t	*next;
+
+	assert (listp != NULL);
+
+	curr = *listp;
+	while ( curr )
+	{
+		next = curr->next;
+		dki_free (curr);
+		curr = next;
+	}
+	if ( *listp )
+		*listp = NULL;
+}
+
+#if defined(USE_TREE) && USE_TREE
+/*****************************************************************
+**	dki_tfree ()
+*****************************************************************/
+void	dki_tfree (dki_t **tree)
+{
+	assert (tree != NULL);
+	// TODO: tdestroy is a GNU extension
+	// tdestroy (*tree, dki_free);
+}
+#endif
+
+/*****************************************************************
+**	dki_new ()
+**	create new keyfile
+**	allocate memory for new dki key and init with keyfile
+*****************************************************************/
+dki_t	*dki_new (const char *dir, const char *name, int ksk, int algo, int bitsize, const char *rfile, int lf_days)
+{
+	char	cmdline[511+1];
+	char	fname[254+1];
+	char	randfile[254+1];
+	FILE	*fp;
+	int	len;
+	char	*flag = "";
+	char	*expflag = "";
+	dki_t	*new;
+
+	if ( ksk )
+		flag = "-f KSK";
+
+	randfile[0] = '\0';
+	if ( rfile && *rfile )
+		snprintf (randfile, sizeof (randfile), "-r %.250s ", rfile);
+		
+	if ( algo == DK_ALGO_RSA || algo == DK_ALGO_RSASHA1 )
+		expflag = "-e ";
+
+	if ( dir && *dir )
+		snprintf (cmdline, sizeof (cmdline), "cd %s ; %s %s%s-n ZONE -a %s -b %d %s %s",
+			dir, KEYGENCMD, randfile, expflag, dki_algo2str(algo), bitsize, flag, name);
+	else
+		snprintf (cmdline, sizeof (cmdline), "%s %s%s-n ZONE -a %s -b %d %s %s",
+			KEYGENCMD, randfile, expflag, dki_algo2str(algo), bitsize, flag, name);
+
+	dbg_msg (cmdline);
+
+	if ( (fp = popen (cmdline, "r")) == NULL || fgets (fname, sizeof fname, fp) == NULL )
+		return NULL;
+	pclose (fp);
+
+	len = strlen (fname) - 1;
+	if ( len >= 0 && fname[len] == '\n' )
+		fname[len] = '\0';
+
+	new = dki_read (dir, fname);
+	if ( new )
+		dki_setlifetime (new, lf_days);	/* sets gentime + proposed lifetime */
+	
+	return new;
+}
+
+/*****************************************************************
+**	dki_read ()
+**	read key from file 'filename' (independed of the extension)
+*****************************************************************/
+dki_t	*dki_read (const char *dirname, const char *filename)
+{
+	dki_t	*dkp;
+	FILE	*fp;
+	struct	stat	st;
+	int	len;
+	int	err;
+	char	fname[MAX_FNAMESIZE+1];
+	char	path[MAX_PATHSIZE+1];
+
+	dki_estr[0] = '\0';
+	if ( (dkp = dki_alloc ()) == NULL )
+		return (NULL);
+
+	len = sizeof (fname) - 1;
+	fname[len] = '\0';
+	strncpy (fname, filename, len);
+
+	len = strlen (fname);			/* delete extension */
+	if ( len > 4 && strcmp (&fname[len - 4], DKI_KEY_FILEEXT) == 0 )
+		fname[len - 4] = '\0';
+	else if ( len > 10 && strcmp (&fname[len - 10], DKI_PUB_FILEEXT) == 0 )
+		fname[len - 10] = '\0';
+	else if ( len > 8 && strcmp (&fname[len - 8], DKI_ACT_FILEEXT) == 0 )
+		fname[len - 8] = '\0';
+	else if ( len > 12 && strcmp (&fname[len - 12], DKI_DEP_FILEEXT) == 0 )
+		fname[len - 12] = '\0';
+	dbg_line ();
+
+	assert (strlen (dirname)+1 < sizeof (dkp->dname));
+	strcpy (dkp->dname, dirname);
+
+	assert (strlen (fname)+1 < sizeof (dkp->fname));
+	strcpy (dkp->fname, fname);
+	dbg_line ();
+	if ( sscanf (fname, "K%254[^+]+%hd+%d", dkp->name, &dkp->algo, &dkp->tag) != 3 )
+	{
+		snprintf (dki_estr, sizeof (dki_estr),
+			"dki_read: Filename don't match expected format (%s)", fname);
+		return (NULL);
+	}
+
+	pathname (path, sizeof (path), dkp->dname, dkp->fname, DKI_KEY_FILEEXT);
+	dbg_val ("dki_read: path \"%s\"\n", path);
+	if ( (fp = fopen (path, "r")) == NULL )
+	{
+		snprintf (dki_estr, sizeof (dki_estr),
+			"dki_read: Can\'t open file \"%s\" for reading", path);
+		return (NULL);
+	}
+	
+	dbg_line ();
+	if ( (err = dki_readfile (fp, dkp)) != 0 )
+	{
+		dbg_line ();
+		snprintf (dki_estr, sizeof (dki_estr),
+			"dki_read: Can\'t read key from file %s (errno %d)", path, err);
+		fclose (fp);
+		return (NULL);
+	}
+
+	dbg_line ();
+	if ( fstat (fileno(fp), &st) )
+	{
+		snprintf (dki_estr, sizeof (dki_estr),
+			"dki_read: Can\'t stat file %s", fname);
+		return (NULL);
+	}
+	dkp->time = st.st_mtime;
+
+	dbg_line ();
+	pathname (path, sizeof (path), dkp->dname, dkp->fname, DKI_ACT_FILEEXT);
+	if ( fileexist (path) )
+	{
+		if ( dki_isrevoked (dkp) )
+			dkp->status = DKI_REV;
+		else
+			dkp->status = DKI_ACT;
+	}
+	else
+	{
+		pathname (path, sizeof (path), dkp->dname, dkp->fname, DKI_PUB_FILEEXT);
+		if ( fileexist (path) )
+			dkp->status = DKI_PUB;
+		else
+		{
+			pathname (path, sizeof (path), dkp->dname, dkp->fname, DKI_DEP_FILEEXT);
+			if ( fileexist (path) )
+				dkp->status = DKI_DEP;
+			else
+				dkp->status = DKI_SEP;
+		}
+	}
+
+	dbg_line ();
+	fclose (fp);
+
+	dbg_line ();
+	return dkp;
+}
+
+/*****************************************************************
+**	dki_readdir ()
+**	read key files from directory 'dir' and, if recursive is
+**	true, from all directorys below that.
+*****************************************************************/
+int	dki_readdir (const char *dir, dki_t **listp, int recursive)
+{
+	dki_t	*dkp;
+	DIR	*dirp;
+	struct  dirent  *dentp;
+	char	path[MAX_PATHSIZE+1];
+
+	dbg_val ("directory: opendir(%s)\n", dir);
+	if ( (dirp = opendir (dir)) == NULL )
+		return 0;
+
+	while ( (dentp = readdir (dirp)) != NULL )
+	{
+		if ( is_dotfile (dentp->d_name) )
+			continue;
+
+		dbg_val ("directory: check %s\n", dentp->d_name);
+		pathname (path, sizeof (path), dir, dentp->d_name, NULL);
+		if ( is_directory (path) && recursive )
+		{
+			dbg_val ("directory: recursive %s\n", path);
+			dki_readdir (path, listp, recursive);
+		}
+		else if ( is_keyfilename (dentp->d_name) )
+			if ( (dkp = dki_read (dir, dentp->d_name)) )
+				dki_add (listp, dkp);
+	}
+	closedir (dirp);
+	return 1;
+}
+
+/*****************************************************************
+**	dki_setstatus_preservetime ()
+**	set status of key and change extension to
+**	".published", ".private" or ".depreciated"
+*****************************************************************/
+int	dki_setstatus_preservetime (dki_t *dkp, int status)
+{
+	return dki_setstat (dkp, status, 1);
+}
+
+/*****************************************************************
+**	dki_setstatus ()
+**	set status of key and change extension to
+**	".published", ".private" or ".depreciated"
+*****************************************************************/
+int	dki_setstatus (dki_t *dkp, int status)
+{
+	return dki_setstat (dkp, status, 0);
+}
+
+/*****************************************************************
+**	dki_setstat ()
+**	low level function of dki_setstatus and dki_setstatus_preservetime
+*****************************************************************/
+static	int	dki_setstat (dki_t *dkp, int status, int preserve_time)
+{
+	char	frompath[MAX_PATHSIZE+1];
+	char	topath[MAX_PATHSIZE+1];
+	time_t	totime;
+	time_t	currtime;
+
+	if ( dkp == NULL )
+		return 0;
+
+	currtime = time (NULL);
+	status = tolower (status);
+	switch ( dkp->status )	/* look at old status */
+	{
+	case 'r':
+		if ( status == 'r' )
+			return 1;
+		break;
+	case 'a':
+		if ( status == 'a' )
+			return 1;
+		pathname (frompath, sizeof (frompath), dkp->dname, dkp->fname, DKI_ACT_FILEEXT);
+		break;
+	case 'd':
+		if ( status == 'd' )
+			return 1;
+		pathname (frompath, sizeof (frompath), dkp->dname, dkp->fname, DKI_DEP_FILEEXT);
+		break;
+	case 'p':	/* or 's' */
+		if ( status == 'p' || status == 's' )
+			return 1;
+		pathname (frompath, sizeof (frompath), dkp->dname, dkp->fname, DKI_PUB_FILEEXT);
+		break;
+	default:
+		/* TODO: set error code */
+		return 0;
+	}
+
+	dbg_val ("dki_setstat: \"%s\"\n", frompath);
+	dbg_val ("dki_setstat: to status \"%c\"\n", status);
+
+	/* a state change could result in different things: */
+	/* 1) write a new keyfile when the REVOKE bit is set or unset */
+	if ( status == 'r' || (status == 'a' && dki_isrevoked (dkp)) )
+	{
+		pathname (topath, sizeof (topath), dkp->dname, dkp->fname, DKI_KEY_FILEEXT);
+
+		if ( status == 'r' )
+			dki_setflag (dkp, DK_FLAG_REVOKE);	/* set REVOKE bit */
+		else
+			dki_unsetflag (dkp, DK_FLAG_REVOKE);	/* clear REVOKE bit */
+			
+
+		dki_writeinfo (dkp, topath);	/* ..and write it to the key file */
+		
+		if ( !preserve_time )
+			touch (topath, time (NULL));
+			
+		return 0;
+	}
+
+
+	/* 2) change the filename of the private key in all other cases */
+	totime = 0L;
+	if ( preserve_time )
+		totime = file_mtime (frompath);    /* get original timestamp */
+	topath[0] = '\0';
+	switch ( status )
+	{
+	case 'a':
+		pathname (topath, sizeof (topath), dkp->dname, dkp->fname, DKI_ACT_FILEEXT);
+		break;
+	case 'd':
+		pathname (topath, sizeof (topath), dkp->dname, dkp->fname, DKI_DEP_FILEEXT);
+		break;
+	case 's':		/* standby means a "published KSK" */
+		if ( !dki_isksk (dkp) )
+			return 2;
+		status = 'p';
+		/* fall through */
+	case 'p':
+		pathname (topath, sizeof (topath), dkp->dname, dkp->fname, DKI_PUB_FILEEXT);
+		break;
+	}
+
+	if ( topath[0] )
+	{
+		dbg_val ("dki_setstat: to  \"%s\"\n", topath);
+		if ( link (frompath, topath) == 0 )
+			unlink (frompath);
+		dkp->status = status;
+		if ( !totime )
+			totime = time (NULL);	/* set .key file to current time */
+		pathname (topath, sizeof (topath), dkp->dname, dkp->fname, DKI_KEY_FILEEXT);
+		touch (topath, totime);	/* store/restore time of status change */
+	}
+
+	return 0;
+}
+
+/*****************************************************************
+**	dki_remove ()
+**	rename files associated with key, so that the keys are not
+**	recognized by the zkt tools e.g.
+**	Kdo.ma.in.+001+12345.key ==> kdo.ma.in.+001+12345.key 
+**	(second one starts with a lower case 'k')
+*****************************************************************/
+dki_t	*dki_remove (dki_t *dkp)
+{
+	char	path[MAX_PATHSIZE+1];
+	char	newpath[MAX_PATHSIZE+1];
+	char	newfile[MAX_FNAMESIZE+1];
+	dki_t	*next;
+	const	char	**pext;
+	static	const	char	*ext[] = {
+		DKI_KEY_FILEEXT, DKI_PUB_FILEEXT, 
+		DKI_ACT_FILEEXT, DKI_DEP_FILEEXT, 
+		NULL
+	};
+
+	if ( dkp == NULL )
+		return NULL;
+
+	strncpy (newfile, dkp->fname, sizeof (newfile));
+	*newfile = tolower (*newfile);
+	for ( pext = ext; *pext; pext++ )
+	{
+		pathname (path, sizeof (path), dkp->dname, dkp->fname, *pext);
+		if ( fileexist (path) )
+		{
+			pathname (newpath, sizeof (newpath), dkp->dname, newfile, *pext);
+			
+			dbg_val2 ("dki_remove: %s ==> %s \n", path, newpath);
+			rename (path, newpath);
+		}
+	}
+	next = dkp->next;
+	dki_free (dkp);
+
+	return next;
+}
+
+/*****************************************************************
+**	dki_destroy ()
+**	delete files associated with key and free allocated memory
+*****************************************************************/
+dki_t	*dki_destroy (dki_t *dkp)
+{
+	char	path[MAX_PATHSIZE+1];
+	dki_t	*next;
+	const	char	**pext;
+	static	const	char	*ext[] = {
+		DKI_KEY_FILEEXT, DKI_PUB_FILEEXT, 
+		DKI_ACT_FILEEXT, DKI_DEP_FILEEXT, 
+		NULL
+	};
+
+	if ( dkp == NULL )
+		return NULL;
+
+	for ( pext = ext; *pext; pext++ )
+	{
+		pathname (path, sizeof (path), dkp->dname, dkp->fname, *pext);
+		if ( fileexist (path) )
+		{
+			dbg_val ("dki_remove: %s \n", path);
+			unlink (path);
+		}
+	}
+	next = dkp->next;
+	dki_free (dkp);
+
+	return next;
+}
+
+/*****************************************************************
+**	dki_algo2str ()
+**	return a string describing the key algorithm
+*****************************************************************/
+char	*dki_algo2str (int algo)
+{
+	switch ( algo )
+	{
+	case DK_ALGO_RSA:	return ("RSAMD5");
+	case DK_ALGO_DH:	return ("DH");
+	case DK_ALGO_DSA:	return ("DSA");
+	case DK_ALGO_EC:	return ("EC");
+	case DK_ALGO_RSASHA1:	return ("RSASHA1");
+	}
+	return ("unknown");
+}
+
+/*****************************************************************
+**	dki_geterrstr ()
+**	return error string 
+*****************************************************************/
+const	char	*dki_geterrstr ()
+{
+	return dki_estr;
+}
+
+/*****************************************************************
+**	dki_prt_dnskey ()
+*****************************************************************/
+int	dki_prt_dnskey (const dki_t *dkp, FILE *fp)
+{
+	return dki_prt_dnskeyttl (dkp, fp, 0);
+}
+
+/*****************************************************************
+**	dki_prt_dnskeyttl ()
+*****************************************************************/
+int	dki_prt_dnskeyttl (const dki_t *dkp, FILE *fp, int ttl)
+{
+	char	*p;
+
+	dki_estr[0] = '\0';
+	if ( dkp == NULL )
+		return 0;
+
+	fprintf (fp, "%s ", dkp->name);
+	if ( ttl > 0 )
+		fprintf (fp, "%d ", ttl);
+	fprintf (fp, "IN DNSKEY  ");
+	fprintf (fp, "%d 3 %d (", dkp->flags, dkp->algo);
+	fprintf (fp, "\n\t\t\t"); 
+	for ( p = dkp->pubkey; *p ; p++ )
+		if ( *p == ' ' )
+			fprintf (fp, "\n\t\t\t"); 
+		else
+			putc (*p, fp);
+	fprintf (fp, "\n\t\t");
+	if ( dki_isrevoked (dkp) )
+		fprintf (fp, ") ; key id = %u (original key id = %u)", (dkp->tag + 128) % 65535, dkp->tag); 
+	else
+		fprintf (fp, ") ; key id = %u", dkp->tag); 
+	fprintf (fp, "\n"); 
+
+	return 1;
+}
+
+/*****************************************************************
+**	dki_prt_dnskey_raw ()
+*****************************************************************/
+int	dki_prt_dnskey_raw (const dki_t *dkp, FILE *fp)
+{
+	int	days;
+
+	dki_estr[0] = '\0';
+	if ( dkp == NULL )
+		return 0;
+
+	if ( dkp->gentime  )
+		fprintf (fp, ";%%\tgenerationtime=%s\n", time2isostr (dkp->gentime, 's'));
+	if ( (days = dki_lifetimedays (dkp)) )
+		fprintf (fp, ";%%\tlifetime=%dd\n", days);
+	if ( dkp->exptime  )
+		fprintf (fp, ";%%\texpirationtime=%s\n", time2isostr (dkp->exptime, 's'));
+
+	fprintf (fp, "%s ", dkp->name);
+#if 0
+	if ( ttl > 0 )
+		fprintf (fp, "%d ", ttl);
+#endif
+	fprintf (fp, "IN DNSKEY  ");
+	fprintf (fp, "%d 3 %d ", dkp->flags, dkp->algo);
+	fprintf (fp, "%s\n", dkp->pubkey); 
+
+	return 1;
+}
+
+/*****************************************************************
+**	dki_prt_comment ()
+*****************************************************************/
+int	dki_prt_comment (const dki_t *dkp, FILE *fp)
+{
+	int	len = 0;
+
+	dki_estr[0] = '\0';
+	if ( dkp == NULL )
+		return len;
+	len += fprintf (fp, "; %s  ", dkp->name);
+	len += fprintf (fp, "tag=%u  ", dkp->tag);
+	len += fprintf (fp, "algo=%s  ", dki_algo2str(dkp->algo));
+	len += fprintf (fp, "generated %s\n", time2str (dkp->time, 's')); 
+
+	return len;
+}
+
+/*****************************************************************
+**	dki_prt_trustedkey ()
+*****************************************************************/
+int	dki_prt_trustedkey (const dki_t *dkp, FILE *fp)
+{
+	char	*p;
+	int	spaces;
+	int	len = 0;
+
+	dki_estr[0] = '\0';
+	if ( dkp == NULL )
+		return len;
+	len += fprintf (fp, "\"%s\"  ", dkp->name);
+	spaces = 22 - (strlen (dkp->name) + 3);
+	len += fprintf (fp, "%*s", spaces > 0 ? spaces : 0 , " ");
+	len += fprintf (fp, "%d 3 %d ", dkp->flags, dkp->algo);
+	if ( spaces < 0 )
+		len += fprintf (fp, "\n\t\t\t%7s", " "); 
+	len += fprintf (fp, "\"");
+	for ( p = dkp->pubkey; *p ; p++ )
+		if ( *p == ' ' )
+			len += fprintf (fp, "\n\t\t\t\t"); 
+		else
+			putc (*p, fp), len += 1;
+
+	if ( dki_isrevoked (dkp) )
+		len += fprintf (fp, "\" ; # key id = %u (original key id = %u)\n\n", (dkp->tag + 128) % 65535, dkp->tag); 
+	else
+		len += fprintf (fp, "\" ; # key id = %u\n\n", dkp->tag); 
+	return len;
+}
+
+
+/*****************************************************************
+**	dki_cmp () 	return <0 | 0 | >0
+*****************************************************************/
+int	dki_cmp (const dki_t *a, const dki_t *b)
+{
+	int	res;
+
+	dki_estr[0] = '\0';
+	if ( a == NULL ) return -1;
+	if ( b == NULL ) return 1;
+
+	/* sort by domain name, */
+	if ( (res = domaincmp (a->name, b->name)) != 0 )
+		return res; 
+
+	/* then by key type, */
+	if ( (res = dki_isksk (b) - dki_isksk (a)) != 0 )
+		return res;
+
+	/* and last by creation time,  */
+	return (ulong)a->time - (ulong)b->time;
+}
+
+#if defined(USE_TREE) && USE_TREE
+/*****************************************************************
+**	dki_allcmp () 	return <0 | 0 | >0
+*****************************************************************/
+int	dki_allcmp (const dki_t *a, const dki_t *b)
+{
+	int	res;
+
+	dki_estr[0] = '\0';
+	if ( a == NULL ) return -1;
+	if ( b == NULL ) return 1;
+
+// fprintf (stderr, "dki_allcmp %s, %s)\n", a->name, b->name);
+	/* sort by domain name, */
+	if ( (res = domaincmp (a->name, b->name)) != 0 )
+		return res; 
+
+	/* then by key type, */
+	if ( (res = dki_isksk (b) - dki_isksk (a)) != 0 )
+		return res;
+
+	/* creation time,  */
+	if ( (res = (ulong)a->time - (ulong)b->time) != 0 )
+		return res;
+
+	/* and last by tag */
+	return a->tag - b->tag;
+}
+
+/*****************************************************************
+**	dki_namecmp () 	return <0 | 0 | >0
+*****************************************************************/
+int	dki_namecmp (const dki_t *a, const dki_t *b)
+{
+	dki_estr[0] = '\0';
+	if ( a == NULL ) return -1;
+	if ( b == NULL ) return 1;
+
+	return domaincmp (a->name, b->name);
+}
+/*****************************************************************
+**	dki_tagcmp () 	return <0 | 0 | >0
+*****************************************************************/
+int	dki_tagcmp (const dki_t *a, const dki_t *b)
+{
+	dki_estr[0] = '\0';
+	if ( a == NULL ) return -1;
+	if ( b == NULL ) return 1;
+
+	return a->tag - b->tag;
+}
+#endif
+
+/*****************************************************************
+**	dki_timecmp ()
+*****************************************************************/
+int	dki_timecmp (const dki_t *a, const dki_t *b)
+{
+	dki_estr[0] = '\0';
+	if ( a == NULL ) return -1;
+	if ( b == NULL ) return 1;
+
+	return ((ulong)a->time - (ulong)b->time);
+}
+
+/*****************************************************************
+**	dki_time ()	return the timestamp of the key
+*****************************************************************/
+time_t	dki_time (const dki_t *dkp)
+{
+	dki_estr[0] = '\0';
+	assert (dkp != NULL);
+	return (dkp->time);
+}
+
+/*****************************************************************
+**	dki_exptime ()	return the expiration timestamp of the key
+*****************************************************************/
+time_t	dki_exptime (const dki_t *dkp)
+{
+	dki_estr[0] = '\0';
+	assert (dkp != NULL);
+	return (dkp->exptime);
+}
+
+/*****************************************************************
+**	dki_lifetime (dkp)	return the lifetime of the key in sec!
+*****************************************************************/
+time_t	dki_lifetime (const dki_t *dkp)
+{
+	dki_estr[0] = '\0';
+	assert (dkp != NULL);
+	return (dkp->lifetime);
+}
+
+/*****************************************************************
+**	dki_lifetimedays (dkp)	return the lifetime of the key in days!
+*****************************************************************/
+ushort	dki_lifetimedays (const dki_t *dkp)
+{
+	dki_estr[0] = '\0';
+	assert (dkp != NULL);
+	return (dkp->lifetime / DAYSEC);
+}
+
+/*****************************************************************
+**	dki_gentime (dkp)	return the generation timestamp of the key
+*****************************************************************/
+time_t	dki_gentime (const dki_t *dkp)
+{
+	dki_estr[0] = '\0';
+	assert (dkp != NULL);
+	return (dkp->gentime > 0L ? dkp->gentime: dkp->time);
+}
+
+/*****************************************************************
+**	dki_setlifetime (dkp, int days)
+**	set the lifetime in days (and also the gentime if not set)
+**	return the old lifetime of the key in days!
+*****************************************************************/
+ushort	dki_setlifetime (dki_t *dkp, int days)
+{
+	ulong	lifetsec;
+	char	path[MAX_PATHSIZE+1];
+
+	dki_estr[0] = '\0';
+	assert (dkp != NULL);
+
+	lifetsec = dkp->lifetime;		/* old lifetime */
+	dkp->lifetime = days * DAYSEC;		/* set new lifetime */
+
+	dbg_val1 ("dki_setlifetime (%d)\n", days);
+	if ( lifetsec == 0 )	/* initial setup (old lifetime was zero)? */
+		dkp->gentime = dkp->time;
+
+	pathname (path, sizeof (path), dkp->dname, dkp->fname, DKI_KEY_FILEEXT);
+	dki_writeinfo (dkp, path);
+
+	return (lifetsec / DAYSEC);
+}
+
+/*****************************************************************
+**	dki_setexptime (dkp, time_t sec)
+**	set the expiration time of the key in seconds since the epoch
+**	return the old exptime 
+*****************************************************************/
+time_t	dki_setexptime (dki_t *dkp, time_t sec)
+{
+	char	path[MAX_PATHSIZE+1];
+	time_t	oldexptime;
+
+	dki_estr[0] = '\0';
+	assert (dkp != NULL);
+
+	dbg_val1 ("dki_setexptime (%ld)\n", sec);
+	oldexptime = dkp->exptime;
+	dkp->exptime = sec;
+
+	pathname (path, sizeof (path), dkp->dname, dkp->fname, DKI_KEY_FILEEXT);
+	dki_writeinfo (dkp, path);
+
+#if 0	/* not necessary ? */
+	touch (path, time (NULL));
+#endif
+	return (oldexptime);
+}
+
+/*****************************************************************
+**	dki_age ()	return age of key in seconds since 'curr'
+*****************************************************************/
+int	dki_age (const dki_t *dkp, time_t curr)
+{
+	dki_estr[0] = '\0';
+	assert (dkp != NULL);
+	return ((ulong)curr - (ulong)dkp->time);
+}
+
+/*****************************************************************
+**	dki_getflag ()	return the flags field of a key 
+*****************************************************************/
+dk_flag_t	dki_getflag (const dki_t *dkp, time_t curr)
+{
+	dki_estr[0] = '\0';
+	return dkp->flags;
+}
+
+/*****************************************************************
+**	dki_setflag ()	set a flag of a key 
+*****************************************************************/
+dk_flag_t	dki_setflag (dki_t *dkp, dk_flag_t flag)
+{
+	dki_estr[0] = '\0';
+	return dkp->flags |= (ushort)flag;
+}
+
+/*****************************************************************
+**	dki_unsetflag ()	unset a flag of a key 
+*****************************************************************/
+dk_flag_t	dki_unsetflag (dki_t *dkp, dk_flag_t flag)
+{
+	dki_estr[0] = '\0';
+	return dkp->flags &= ~((ushort)flag);
+}
+
+/*****************************************************************
+**	dki_isksk ()
+*****************************************************************/
+int	dki_isksk (const dki_t *dkp)
+{
+	dki_estr[0] = '\0';
+	assert (dkp != NULL);
+	return (dkp->flags & DK_FLAG_KSK) == DK_FLAG_KSK;
+}
+
+/*****************************************************************
+**	dki_isrevoked ()
+*****************************************************************/
+int	dki_isrevoked (const dki_t *dkp)
+{
+	dki_estr[0] = '\0';
+	assert (dkp != NULL);
+	return (dkp->flags & DK_FLAG_REVOKE) == DK_FLAG_REVOKE;
+}
+
+/*****************************************************************
+**	dki_isdepreciated ()
+*****************************************************************/
+int	dki_isdepreciated (const dki_t *dkp)
+{
+	dki_estr[0] = '\0';
+	return dki_status (dkp) == DKI_DEPRECIATED;
+}
+
+/*****************************************************************
+**	dki_isactive ()
+*****************************************************************/
+int	dki_isactive (const dki_t *dkp)
+{
+	dki_estr[0] = '\0';
+	return dki_status (dkp) == DKI_ACTIVE;
+}
+
+/*****************************************************************
+**	dki_ispublished ()
+*****************************************************************/
+int	dki_ispublished (const dki_t *dkp)
+{
+	dki_estr[0] = '\0';
+	return dki_status (dkp) == DKI_PUBLISHED;
+}
+
+
+/*****************************************************************
+**	dki_status ()	return key status
+*****************************************************************/
+dk_status_t	dki_status (const dki_t *dkp)
+{
+	dki_estr[0] = '\0';
+	assert (dkp != NULL);
+	return (dkp->status);
+}
+
+/*****************************************************************
+**	dki_statusstr ()	return key status as string
+*****************************************************************/
+const	char	*dki_statusstr (const dki_t *dkp)
+{
+	dki_estr[0] = '\0';
+	assert (dkp != NULL);
+	switch ( dkp->status )
+	{
+	case DKI_ACT:	return "active";
+	case DKI_PUB:   if ( dki_isksk (dkp) )
+				return "standby";
+			else
+				return "published";
+	case DKI_DEP:   return "depreciated";
+	case DKI_REV:   return "revoked";
+	case DKI_SEP:   return "sep";
+	}
+	return "unknown";
+}
+
+/*****************************************************************
+**	dki_add ()	add a key to the given list
+*****************************************************************/
+dki_t	*dki_add (dki_t **list, dki_t *new)
+{
+	dki_t	*curr;
+	dki_t	*last;
+
+	dki_estr[0] = '\0';
+	if ( list == NULL )
+		return NULL;
+	if ( new == NULL )
+		return *list;
+
+	last = curr = *list;
+	while ( curr && dki_cmp (curr, new) < 0 )
+	{
+		last = curr;
+		curr = curr->next;
+	}
+
+	if ( curr == *list )	/* add node at start of list */
+		*list = new;
+	else			/* add node at end or between two nodes */
+		last->next = new;
+	new->next = curr;
+	
+	return *list;
+}
+
+/*****************************************************************
+**	dki_search ()	search a key with the given tag, or the first
+**			occurence of a key with the given name
+*****************************************************************/
+const dki_t	*dki_search (const dki_t *list, int tag, const char *name)
+{
+	const dki_t	*curr;
+
+	dki_estr[0] = '\0';
+	curr = list;
+	if ( tag )
+		while ( curr && (tag != curr->tag ||
+				(name && *name && strcmp (name, curr->name) != 0)) )
+			curr = curr->next;
+	else if ( name && *name )
+		while ( curr && strcmp (name, curr->name) != 0 )
+			curr = curr->next;
+	else
+		curr = NULL;
+
+	return curr;
+}
+
+#if defined(USE_TREE) && USE_TREE
+/*****************************************************************
+**	dki_tadd ()	add a key to the given tree
+*****************************************************************/
+dki_t	*dki_tadd (dki_t **tree, dki_t *new)
+{
+	dki_t	**p;
+
+	dki_estr[0] = '\0';
+	p = tsearch (new, tree, dki_namecmp);
+	if ( *p == new )
+		dbg_val ("dki_tadd: New entry %s added\n", new->name);
+	else
+	{
+		dbg_val ("dki_tadd: New key added to %s\n", new->name);
+		dki_add (p, new);
+	}
+
+	return *p;
+}
+
+/*****************************************************************
+**	dki_tsearch ()	search a key with the given tag, or the first
+**			occurence of a key with the given name
+*****************************************************************/
+const dki_t	*dki_tsearch (const dki_t *tree, int tag, const char *name)
+{
+	dki_t	search;
+	dki_t	**p;
+
+	dki_estr[0] = '\0';
+	search.tag = tag;
+	snprintf (search.name, sizeof (search.name), "%s", name);
+	p = tfind (&search, &tree, dki_namecmp);
+	if ( p == NULL )
+		return NULL;
+
+	return dki_search (*p, tag, name);
+}
+#endif
+
+/*****************************************************************
+**	dki_find ()	find the n'th ksk or zsk key with given status
+*****************************************************************/
+const dki_t	*dki_find (const dki_t *list, int ksk, int status, int no)
+{
+	const	dki_t	*dkp;
+	const	dki_t	*last;
+
+	dki_estr[0] = '\0';
+	last = NULL;
+	for ( dkp = list; no > 0 && dkp; dkp = dkp->next )
+		if ( dki_isksk (dkp) == ksk && dki_status (dkp) == status )
+		{
+			no--;
+			last = dkp;
+		}
+
+	return last;
+}
diff --git a/contrib/zkt/dki.h b/contrib/zkt/dki.h
new file mode 100644
index 0000000..548ce68
--- /dev/null
+++ b/contrib/zkt/dki.h
@@ -0,0 +1,185 @@
+/*****************************************************************
+**
+**	@(#) dki.h -- Header file for DNSsec Key info/manipulation
+**
+**	Copyright (c) July 2004 - Jan 2005, Holger Zuleger HZnet. All rights reserved.
+**
+**	This software is open source.
+**
+**	Redistribution and use in source and binary forms, with or without
+**	modification, are permitted provided that the following conditions
+**	are met:
+**
+**	Redistributions of source code must retain the above copyright notice,
+**	this list of conditions and the following disclaimer.
+**
+**	Redistributions in binary form must reproduce the above copyright notice,
+**	this list of conditions and the following disclaimer in the documentation
+**	and/or other materials provided with the distribution.
+**
+**	Neither the name of Holger Zuleger HZnet nor the names of its contributors may
+**	be used to endorse or promote products derived from this software without
+**	specific prior written permission.
+**
+**	THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+**	"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+**	TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+**	PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
+**	LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+**	CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+**	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+**	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+**	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+**	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+**	POSSIBILITY OF SUCH DAMAGE.
+**
+*****************************************************************/
+#ifndef DKI_H
+# define DKI_H
+
+# ifndef TYPES_H
+#  include <sys/types.h>
+#  include <stdio.h>
+#  include <time.h>
+# endif
+
+# define	MAX_LABELSIZE	(255)	
+# define	MAX_FNAMESIZE	(1+255+2+3+1+5+1+11)
+				/* Kdomain.+ALG+KEYID.type  */
+				/* domain == FQDN (max 255) */
+				/* ALG == 3; KEYID == 5 chars */
+				/* type == key||published|private|depreciated == 11 chars */
+//# define	MAX_DNAMESIZE	(254)
+# define	MAX_DNAMESIZE	(1023)
+				/*   /path/name  /   filename  */
+# define	MAX_PATHSIZE	(MAX_DNAMESIZE + 1 + MAX_FNAMESIZE)
+
+/* algorithm types */
+# define	DK_ALGO_RSA	1	/* RFC2537 */
+# define	DK_ALGO_DH	2	/* RFC2539 */
+# define	DK_ALGO_DSA	3	/* RFC2536 (mandatory) */
+# define	DK_ALGO_EC	4	/* */
+# define	DK_ALGO_RSASHA1	5	/* RFC3110 */
+
+/* protocol types */
+# define	DK_PROTO_DNS	3
+
+/* flag bits */
+typedef enum {			/*             11 1111 */
+				/* 0123 4567 8901 2345 */
+	DK_FLAG_KSK=	01,	/* 0000 0000 0000 0001	Bit 15 RFC4034/RFC3757 */
+	DK_FLAG_REVOKE=	0200,	/* 0000 0000 1000 0000	Bit 8  RFC5011 */
+	DK_FLAG_ZONE=	0400,	/* 0000 0001 0000 0000	Bit 7  RFC4034 */
+} dk_flag_t;
+
+/* status types */
+typedef enum {
+	DKI_SEP=	'e',
+	DKI_SECUREENTRYPOINT=	'e',
+	DKI_PUB=	'p',
+	DKI_PUBLISHED=	'p',
+	DKI_ACT=	'a',
+	DKI_ACTIVE=	'a',
+	DKI_DEP=	'd',
+	DKI_DEPRECIATED=	'd',
+	DKI_REV=	'r',
+	DKI_REVOKED=	'r',
+} dk_status_t;
+
+# define	DKI_KEY_FILEEXT	".key"
+# define	DKI_PUB_FILEEXT	".published"
+# define	DKI_ACT_FILEEXT	".private"
+# define	DKI_DEP_FILEEXT	".depreciated"
+
+# define	DKI_KSK	1
+# define	DKI_ZSK	0
+
+typedef	struct	dki {
+	char	dname[MAX_DNAMESIZE+1];	/* directory */
+	char	fname[MAX_FNAMESIZE+1];	/* file name without extension */
+	char	name[MAX_LABELSIZE+1];	/* domain name or label */
+	ushort	algo;			/* key algorithm */
+	ushort	proto;			/* must be 3 (DNSSEC) */
+	dk_flag_t	flags;		/* ZONE, optional SEP or REVOKE flag */
+	time_t	time;			/* key file time */
+	time_t	gentime;		/* key generation time (will be set on key generation and never changed) */
+	time_t	exptime;		/* time the key was expired (0L if not) */
+	ulong	lifetime;		/* proposed key life time at time of generation */
+	uint	tag;			/* key id */
+	dk_status_t	status;		/* key exist (".key") and name of private */
+					/* key file is ".published", ".private" */
+					/* or ".depreciated" */
+	char	*pubkey;		/* base64 public key */
+	struct	dki	*next;		/* ptr to next entry in list */
+} dki_t;
+
+#if defined(USE_TREE) && USE_TREE
+/*
+ *	Instead of including <search.h>, which contains horrible false function
+ *	declarations, we declared it for our usage (Yes, these functions return
+ *	the adress of a pointer variable)
+ */
+typedef enum
+{
+	/* we change the naming to the new, and more predictive one, used by Knuth */
+	PREORDER,	/* preorder,	*/
+	INORDER,	/* postorder,	*/
+	POSTORDER,	/* endorder,	*/
+	LEAF		/* leaf		*/
+}
+VISIT;
+
+dki_t	**tsearch (const dki_t *dkp, dki_t **tree, int(*compar)(const dki_t *, const dki_t *));
+dki_t	**tfind (const dki_t *dkp, const dki_t **tree, int(*compar)(const dki_t *, const dki_t *));
+dki_t	**tdelete (const dki_t *dkp, dki_t **tree, int(*compar)(const dki_t *, const dki_t *));
+void	twalk (const dki_t *root, void (*action)(const dki_t **nodep, VISIT which, int depth));
+
+extern	void	dki_tfree (dki_t **tree);
+extern	dki_t	*dki_tadd (dki_t **tree, dki_t *new);
+extern	int	dki_tagcmp (const dki_t *a, const dki_t *b);
+extern	int	dki_namecmp (const dki_t *a, const dki_t *b);
+extern	int	dki_allcmp (const dki_t *a, const dki_t *b);
+#endif
+
+extern	dki_t	*dki_read (const char *dir, const char *fname);
+extern	int	dki_readdir (const char *dir, dki_t **listp, int recursive);
+extern	int	dki_prt_trustedkey (const dki_t *dkp, FILE *fp);
+extern	int	dki_prt_dnskey (const dki_t *dkp, FILE *fp);
+extern	int	dki_prt_dnskeyttl (const dki_t *dkp, FILE *fp, int ttl);
+extern	int	dki_prt_dnskey_raw (const dki_t *dkp, FILE *fp);
+extern	int	dki_prt_comment (const dki_t *dkp, FILE *fp);
+extern	int	dki_cmp (const dki_t *a, const dki_t *b);
+extern	int	dki_timecmp (const dki_t *a, const dki_t *b);
+extern	int	dki_age (const dki_t *dkp, time_t curr);
+extern	dk_flag_t	dki_getflag (const dki_t *dkp, time_t curr);
+extern	dk_flag_t	dki_setflag (dki_t *dkp, dk_flag_t flag);
+extern	dk_flag_t	dki_unsetflag (dki_t *dkp, dk_flag_t flag);
+extern	dk_status_t	dki_status (const dki_t *dkp);
+extern	const	char	*dki_statusstr (const dki_t *dkp);
+extern	int	dki_isksk (const dki_t *dkp);
+extern	int	dki_isdepreciated (const dki_t *dkp);
+extern	int	dki_isrevoked (const dki_t *dkp);
+extern	int	dki_isactive (const dki_t *dkp);
+extern	int	dki_ispublished (const dki_t *dkp);
+extern	time_t	dki_time (const dki_t *dkp);
+extern	time_t	dki_exptime (const dki_t *dkp);
+extern	time_t	dki_gentime (const dki_t *dkp);
+extern	time_t	dki_lifetime (const dki_t *dkp);
+extern	ushort	dki_lifetimedays (const dki_t *dkp);
+extern	ushort	dki_setlifetime (dki_t *dkp, int days);
+extern	time_t	dki_setexptime (dki_t *dkp, time_t sec);
+extern	dki_t	*dki_new (const char *dir, const char *name, int ksk, int algo, int bitsize, const char *rfile, int lf_days);
+extern	dki_t	*dki_remove (dki_t *dkp);
+extern	dki_t	*dki_destroy (dki_t *dkp);
+extern	int	dki_setstatus (dki_t *dkp, int status);
+extern	int	dki_setstatus_preservetime (dki_t *dkp, int status);
+extern	dki_t	*dki_add (dki_t **dkp, dki_t *new);
+extern	const dki_t	*dki_tsearch (const dki_t *tree, int tag, const char *name);
+extern	const dki_t	*dki_search (const dki_t *list, int tag, const char *name);
+extern	const dki_t	*dki_find (const dki_t *list, int ksk, int status, int first);
+extern	void	dki_free (dki_t *dkp);
+extern	void	dki_freelist (dki_t **listp);
+extern	char	*dki_algo2str (int algo);
+extern	const char	*dki_geterrstr (void);
+
+#endif
diff --git a/contrib/zkt/dnssec-signer.8 b/contrib/zkt/dnssec-signer.8
new file mode 100644
index 0000000..07c3c6c
--- /dev/null
+++ b/contrib/zkt/dnssec-signer.8
@@ -0,0 +1,436 @@
+.TH dnssec-signer 8 "June 27, 2008" "ZKT 0.96" ""
+\" turn off hyphenation
+.\"	if n .nh
+.nh
+.SH NAME
+dnssec-signer \(em Secure DNS zone signing tool 
+
+.SH SYNOPSYS
+.na
+.B dnssec-signer
+.RB [ \-L|--logfile
+.IR "file" ]
+.RB [ \-V|--view
+.IR "view" ]
+.RB [ \-c
+.IR "file" ]
+.RB [ \-fhnr ]
+.RB [ \-v
+.RB [ \-v ]]
+.B \-N
+.I "named.conf"
+.RI [ zone
+.RI "" ... ]
+.br
+.B dnssec-signer
+.RB [ \-L|--logfile
+.IR "file" ]
+.RB [ \-V|--view
+.IR "view" ]
+.RB [ \-c
+.IR "file" ]
+.RB [ \-fhnr ]
+.RB [ \-v
+.RB [ \-v ]]
+.RB [ \-D
+.IR "directory" ]
+.RI [ zone
+.RI "" ... ]
+.br
+.B dnssec-signer
+.RB [ \-L|--logfile
+.IR "file" ]
+.RB [ \-V|--view
+.IR "view" ]
+.RB [ \-c
+.IR "file" ]
+.RB [ \-fhnr ]
+.RB [ \-v
+.RB [ \-v ]]
+.B \-o 
+.IR "origin"
+.RI [ zonefile ]
+
+.SH DESCRIPTION
+The 
+.I dnssec-signer
+command is a wrapper around
+.I dnssec-signzone(8)
+and
+.I dnssec-keygen(8)
+to sign a zone and manage the necessary zone keys.
+It's able to increment the serial number before signing the zone
+and can trigger
+.I named(8)
+to reload the signed zone file.
+The command controls several secure zones and, if started in regular
+intervals via
+.IR cron(8) ,
+can do all that stuff automatically.
+.PP
+In the most useful usage scenario the command will be called with option
+.B \-N 
+to read the secure zones out of the given
+.I named.conf
+file.
+If you have a configuration file with views, you have to use option
+-V viewname or --view viewname to specify the name of the view.
+Alternatively you could link the executable file to a second name like
+.I dnssec-signer-viewname
+and use that command to specify the name of the view.
+All master zone statements will be scanned for filenames
+ending with ".signed".
+These zones will be checked if the necessary zone- and key signing keys
+are existent and fresh enough to be used in the signing process.
+If some out-dated keys where found, new keying material will be generated via
+the
+.I dnssec-keygen(8)
+command and the old ones will be marked as depreciated.
+So the command do anything needed for a zone key rollover as defined by [2].
+.PP
+If the resigning interval is reached or any new key must be announced,
+the serial number of the zone will be incremented and the
+.I dnssec-signzone(8)
+command will be evoked to sign the zone.
+After that, if the option
+.B \-r
+is given, the
+.I rndc(8)
+command will be called to reload the zone on the
+nameserver.
+.PP
+In the second form of the command it's possible to specify a directory
+tree with the option
+.B \-D
+.IR dir .
+Every secure zone found in a subdirectory below
+.I dir
+will be signed.
+However, it's also possible to reduce the signing to those
+zones given as arguments.
+In directory mode the pre-requisite is, that the directory name is
+exactly (including the trailing dot) the same as the zone name.
+.PP
+In the last form of the command, the functionality is more or less the same
+as the
+.I dnssec-signzone (8)
+command.
+The parameter specify the zone file name and the option
+.B \-o
+takes the name of the zone.
+.PP
+If neither
+.B \-N
+nor
+.B \-D
+nor
+.B \-o
+is given, then the default directory specified in the
+.I dnssec.conf
+file by the parameter
+.I zonedir
+will be used as the top level directory.
+
+.SH OPTIONS
+.TP
+.BI \-L " file|dir" ", \-\-logfile=" file|dir
+Specify the name of a log file or a directory where
+logfiles are created with a name like
+.fam C
+.\"#  define	LOG_FNAMETMPL	"/zkt-%04d-%02d-%02dT%02d%02d%02dZ.log"
+.RI zkt- YYYY-MM-DD T hhmmss Z.log .
+.fam T
+.\" \&.
+If the argument is not an absolute path name and a zone directory
+is specified in the config file, this will prepend the given name.
+This option is also settable in the dnssec.conf file via the parameter
+.BI LogFile .
+.br
+The default is no file logging, but error logging to syslog with facility
+.BI USER
+at level
+.BI ERROR
+is enabled by default.
+These parameters are settable via the config file parameter
+.BI "SyslogFacility:" ,
+.BI "SyslogLevel:" ,
+.BI "LogFile:"
+and
+.BI "Loglevel" .
+.br
+There is an additional parameter
+.BI VerboseLog:
+which specifies the verbosity (0|1|2) of messages that will be logged
+with level
+.BI DEBUG
+to file and syslog.
+
+.TP
+.BI \-V " view" ", \-\-view=" view
+Try to read the default configuration out of a file named
+.I dnssec-<view>.conf .
+Instead of specifying the \-V or --view option every time,
+it's also possible to create a hard or softlink to the
+executable file with an additional name like 
+.I dnssec-zkt-<view> .
+.TP
+.BI \-c " file" ", \-\-config=" file
+Read configuration values out of the specified file.
+Otherwise the default config file is read or build-in defaults
+will be used.
+.TP
+.BI \-O " optstr" ", \-\-config-option=" optstr
+Set any config file option via the commandline.
+Several config file options could be specified at the argument string
+but have to be delimited by semicolon (or newline).
+.TP
+.BR \-f ", " \-\-force
+Force a resigning of the zone, regardless if the resigning interval
+is reached, or any new keys must be announced.
+.TP
+.BR \-n ", " \-\-noexec
+Don't execute the
+.I dnssec-signzone(8)
+command.
+Currently this option is of very limited usage.
+.TP
+.BR \-r ", " \-\-reload
+Reload the zone via
+.I rndc(8)
+after successful signing.
+In a production environment it's recommended to use this option
+to be sure that a freshly signed zone will be immediately propagated.
+However, that's only feasable if the named runs on the signing
+machine, which is not recommended.
+Otherwise the signed zonefile must be copied to the production
+server before reloading the zone.
+If this is the case, the parameter
+.I propagation
+in the
+.I dnssec.conf
+file must be set to a reasonable value.
+.TP
+.BR \-v ", " \-\-verbose
+Verbose mode (recommended).
+A second
+.B \-v
+will be a little more verbose.
+.TP
+.BR \-h ", " \-\-help
+Print out the online help.
+
+.SH SAMPLE USAGE
+.TP 
+.fam C
+.B "dnssec-signer \-N /var/named/named.conf \-r \-v \-v 
+.fam T
+Sign all secure zones found in the named.conf file and, if necessary,
+trigger a reload of the zone.
+Print some explanatory remarks on stdout.
+.TP
+.fam C
+.B "dnssec-signer \-D zonedir/example.net. \-f \-v \-v 
+.fam T
+Force the signing of the zone found in the directory
+.I zonedir/example.net .
+Do not reload the zone.
+.TP
+.fam C
+.B "dnssec-signer \-D zonedir \-f \-v \-v example.net.
+.fam T
+Same as above.
+.TP
+.fam C
+.B "dnssec-signer \-f \-v \-v example.net.
+.fam T
+Same as above if the
+.I dnssec.conf
+file contains the path of the parent directory of the
+.I example.net
+zone.
+.TP
+.fam C
+.B "dnssec-signer \-f \-v \-v \-o example.net. zone.db
+.fam T
+Same as above if we are in the directory containing the
+.I example.net
+files.
+.TP
+.fam C
+.B "dnssec-signer \-\-config-option='ResignInterval 1d; Sigvalidity 28h; \e
+.B ZSK_lifetime 2d;' \-v \-v \-o example.net. zone.db
+.fam T
+.br
+Sign the example.net zone but overwrite some config file values with the parameters
+given on the commandline.
+
+.SH Zone setup and initial preparation
+.TP
+Create a separate directory for every secure zone.
+.br
+This is useful because there are many additional files needed to
+secure a zone.
+Besides the zone file
+.RI ( zone.db ),
+there is a signed zone file
+.RI ( zone.db.signed),
+a minimum of four files containing the keying material,
+a file called
+.I dnskey.db
+with the current used keys,
+and the
+.I dsset-
+and
+.IR keyset- files
+created by the
+.I dnssec-signzone(8)
+command.
+So in summary there is a minimum of nine files used per secure zone.
+For every additional key there are two extra files and
+every delegated subzone creates also two or three files.
+.TP
+Name the directory just like the zone.
+.br
+That's only needed if you want to use the dnssec-signer command in
+directory mode
+.RB ( \-D ).
+Then the name of the zone will be parsed out of the directory name.
+.TP
+Change the name of the zone file to \fIzone.db\fP
+Otherwise you have to set the name via the
+.I dnssec.conf
+parameter
+.IR zonefile ,
+or you have to use the option
+.B \-o
+to name the zone and specify the zone file as argument.
+.TP
+Add the name of the signed zonefile to the \fInamed.conf\fP file
+The filename is the name of the zone file with the 
+extension
+.IR .signed .
+Create an empty file with the name
+.IB zonefile .signed
+in the zone directory.
+.TP
+Include the keyfile in the zone.
+The name of the keyfile is settable by the
+.I dnssec.conf
+parameter
+.I keyfile .
+The default is
+.I dnskey.db .
+.br
+.if t \{\
+.nf
+.fam C
+   ...
+		IN  NS		ns1.example.net.
+		IN  NS		ns2.example.net.
+$INCLUDE dnskey.db
+   ...
+.fi
+.fam T
+.\}
+.TP
+Control the format of the SOA-Record
+For automatic incrementation of the serial number, the SOA-Record
+must be formated, so that the serial number is on a single line and
+left justified in a field of at least 10 spaces!
+.if t \{\
+.fam C
+.fi 0
+@  IN SOA  ns1.example.net. hostmaster.example.net.  (
+		60        ; Serial    
+		43200 ; Refresh
+		1800  ; Retry
+		2W    ; Expire
+		7200 ); Minimum
+.fi
+.fam T
+.\}
+If you use a BIND Verison of 9.4 or greater and
+use the unixtime format for the serial number (See parameter
+Serialformat in 
+.IR dnssec.conf )
+than this is not necessary.
+.TP
+Try to sign the zone
+If the current working directory is the directory of the zone
+.IR example.net ,
+use the command
+.fam C
+.nf
+.sp 0.5
+    $  dnssec-signer \-D .. \-v \-v example.net
+    $  dnssec-signer \-o example.net.
+.sp 0.5
+.fi
+.fam T
+to create the initial keying material and a signed zone file.
+Then try to load the file on the name server.
+
+.SH ENVIRONMENT VARIABLES
+.TP
+ZKT_CONFFILE
+Specifies the name of the default global configuration files.
+
+.SH FILES
+.TP
+.I /var/named/dnssec.conf
+Built-in default global configuration file.
+The name of the default global config file is settable via
+the environment variable ZKT_CONFFILE.
+Use
+.I dnssec-zkt(8)
+with option
+.B \-Z
+to create an initial config file.
+.TP
+.I /var/named/dnssec-<view>.conf
+View specific global configuration file.
+.TP
+.I ./dnssec.conf
+Local configuration file.
+.TP
+.I dnskey.db
+The file contains the currently used key and zone signing keys.
+It will be created by
+.IR dnsssec-signer(8) .
+The name of the file is settable via the dnssec configuration
+file (parameter
+.IR keyfile ).
+.TP
+.I zone.db
+This is the zone file.
+The name of the file is settable via the dnssec configuration
+file (parameter
+.IR zonefile ).
+
+.SH BUGS
+.PP
+The zone name given as an argument must be ending with a dot.
+.PP
+The named.conf parser is a little bit rudimental and not
+very well tested.
+
+.SH AUTHOR
+Holger Zuleger 
+
+.SH COPYRIGHT
+Copyright (c) 2005 \- 2008 by Holger Zuleger.
+Licensed under the GPL 2. There is NO warranty; not even for MERCHANTABILITY or
+FITNESS FOR A PARTICULAR PURPOSE.
+.\"--------------------------------------------------
+.SH SEE ALSO
+dnssec-keygen(8), dnssec-signzone(8), rndc(8), named.conf(5), dnssec-zkt(8)
+.br
+RFC4033, RFC4034, RFC4035
+.br
+[1] DNSSEC HOWTO Tutorial by Olaf Kolkman, RIPE NCC
+.br
+(http://www.nlnetlabs.nl/dnssec_howto/)
+.br
+[2] RFC4641 "DNSSEC Operational Practices" by Miek Gieben and Olaf Kolkman
+.br
+(http://www.ietf.org/rfc/rfc4641.txt)
diff --git a/contrib/zkt/dnssec-signer.c b/contrib/zkt/dnssec-signer.c
new file mode 100644
index 0000000..5b2b8f6
--- /dev/null
+++ b/contrib/zkt/dnssec-signer.c
@@ -0,0 +1,1002 @@
+/*****************************************************************
+**
+**	@(#) dnssec-signer.c  (c) Jan 2005  Holger Zuleger hznet.de
+**
+**	A wrapper around the BIND dnssec-signzone command which is able
+**	to resign a zone if neccessary and doing a zone or key signing key rollover.
+**
+**	Copyright (c) 2005 - 2008, Holger Zuleger HZnet. All rights reserved.
+**	This software is open source.
+**
+**	Redistribution and use in source and binary forms, with or without
+**	modification, are permitted provided that the following conditions
+**	are met:
+**
+**	Redistributions of source code must retain the above copyright notice,
+**	this list of conditions and the following disclaimer.
+**
+**	Redistributions in binary form must reproduce the above copyright notice,
+**	this list of conditions and the following disclaimer in the documentation
+**	and/or other materials provided with the distribution.
+**
+**	Neither the name of Holger Zuleger HZnet nor the names of its contributors may
+**	be used to endorse or promote products derived from this software without
+**	specific prior written permission.
+**
+**	THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+**	"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+**	TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+**	PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
+**	LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+**	CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+**	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+**	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+**	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+**	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+**	POSSIBILITY OF SUCH DAMAGE.
+**
+*****************************************************************/
+
+# include <stdio.h>
+# include <string.h>
+# include <stdlib.h>
+# include <assert.h>
+# include <dirent.h>
+# include <errno.h>	
+# include <unistd.h>	
+# include <ctype.h>	
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+# include "config_zkt.h"
+#if defined(HAVE_GETOPT_LONG) && HAVE_GETOPT_LONG
+# include <getopt.h>
+#endif
+# include "zconf.h"
+# include "debug.h"
+# include "misc.h"
+# include "ncparse.h"
+# include "zone.h"
+# include "dki.h"
+# include "rollover.h"
+# include "log.h"
+
+#if defined(BIND_VERSION) && BIND_VERSION >= 940
+# define	short_options	"c:L:V:D:N:o:O:dfHhnrv"
+#else
+# define	short_options	"c:L:V:D:N:o:O:fHhnrv"
+#endif
+#if defined(HAVE_GETOPT_LONG) && HAVE_GETOPT_LONG
+static struct option long_options[] = {
+	{"reload",		no_argument, NULL, 'r'},
+	{"force",		no_argument, NULL, 'f'},
+	{"noexec",		no_argument, NULL, 'n'},
+	{"verbose",		no_argument, NULL, 'v'},
+	{"directory",		no_argument, NULL, 'd'},
+	{"config",		required_argument, NULL, 'c'},
+	{"option",		required_argument, NULL, 'O'},
+	{"config-option",	required_argument, NULL, 'O'},
+	{"logfile",		required_argument, NULL, 'L' },
+	{"view",		required_argument, NULL, 'V' },
+	{"directory",		required_argument, NULL, 'D'},
+	{"named-conf",		required_argument, NULL, 'N'},
+	{"origin",		required_argument, NULL, 'o'},
+#if defined(BIND_VERSION) && BIND_VERSION >= 940
+	{"dynamic",		no_argument, NULL, 'd' },
+#endif
+	{"help",		no_argument, NULL, 'h'},
+	{0, 0, 0, 0}
+};
+#endif
+
+
+/**	function declaration	**/
+static	void	usage (char *mesg, zconf_t *conf);
+static	int	add2zonelist (const char *dir, const char *view, const char *zone, const char *file);
+static	int	parsedir (const char *dir, zone_t **zp, const zconf_t *conf);
+static	int	dosigning (zone_t *zonelist, zone_t *zp);
+static	int	check_keydb_timestamp (dki_t *keylist, time_t reftime);
+static	int	new_keysetfiles (const char *dir, time_t zone_signing_time);
+static	int	writekeyfile (const char *fname, const dki_t *list, int key_ttl);
+static	int	sign_zone (const char *dir, const char *domain, const char *file, const zconf_t *conf);
+static	int	dyn_update_freeze (const char *domain, const zconf_t *z, int freeze);
+static	int	reload_zone (const char *domain, const zconf_t *z);
+static	int	dist_and_reload (const zone_t *zp);
+static	void	register_key (dki_t *listp, const zconf_t *z);
+static	void	copy_keyset (const char *dir, const char *domain, const zconf_t *conf);
+
+/**	global command line options	**/
+extern  int	optopt;
+extern  int	opterr;
+extern  int	optind;
+extern  char	*optarg;
+const	char	*progname;
+const	char	*viewname = NULL;
+const	char	*logfile = NULL;
+const	char	*origin = NULL;
+const	char	*namedconf = NULL;
+const	char	*dirname = NULL;
+static	int	verbose = 0;
+static	int	force = 0;
+static	int	reloadflag = 0;
+static	int	noexec = 0;
+static	int	dynamic_zone = 0;	/* dynamic zone ? */
+static	zone_t	*zonelist = NULL;	/* must be static global because add2zonelist use it */
+static	zconf_t	*config;
+
+int	main (int argc, char *const argv[])
+{
+	int	c;
+	int	errcnt;
+	int	opt_index;
+	char	errstr[255+1];
+	char	*p;
+	const	char	*defconfname;
+	zone_t	*zp;
+
+	progname = *argv;
+	if ( (p = strrchr (progname, '/')) )
+		progname = ++p;
+	viewname = getnameappendix (progname, "dnssec-signer");
+
+	defconfname = getdefconfname (viewname);
+	config = loadconfig ("", (zconf_t *)NULL);	/* load built in config */
+	if ( fileexist (defconfname) )			/* load default config file */
+		config = loadconfig (defconfname, config);
+	if ( config == NULL )
+		fatal ("Couldn't load config: Out of memory\n");
+
+	zonelist = NULL;
+        opterr = 0;
+#if defined(HAVE_GETOPT_LONG) && HAVE_GETOPT_LONG
+	while ( (c = getopt_long (argc, argv, short_options, long_options, &opt_index)) != -1 )
+#else
+	while ( (c = getopt (argc, argv, short_options)) != -1 )
+#endif
+	{
+		switch ( c )
+		{
+		case 'V':		/* view name */
+			viewname = optarg;
+			defconfname = getdefconfname (viewname);
+			if ( fileexist (defconfname) )		/* load default config file */
+				config = loadconfig (defconfname, config);
+			if ( config == NULL )
+				fatal ("Out of memory\n");
+			break;
+		case 'c':		/* load config from file */
+			config = loadconfig (optarg, config);
+			if ( config == NULL )
+				fatal ("Out of memory\n");
+			break;
+		case 'O':		/* load config option from commandline */
+			config = loadconfig_fromstr (optarg, config);
+			if ( config == NULL )
+				fatal ("Out of memory\n");
+			break;
+		case 'o':
+			origin = optarg;
+			break;
+		case 'N':
+			namedconf = optarg;
+			break;
+		case 'D':
+			dirname = optarg;
+			break;
+		case 'L':		/* error log file|directory */
+			logfile = optarg;
+			break;
+		case 'f':
+			force++;
+			break;
+		case 'H':
+		case 'h':
+			usage (NULL, config);
+			break;
+#if defined(BIND_VERSION) && BIND_VERSION >= 940
+		case 'd':
+			dynamic_zone = 1;
+			/* dynamic zone requires a name server reload... */
+			reloadflag = 0;		/* ...but "rndc thaw" reloads the zone anyway */
+			break;
+#endif
+		case 'n':
+			noexec = 1;
+			break;
+		case 'r':
+			reloadflag = 1;
+			break;
+		case 'v':
+			verbose++;
+			break;
+		case '?':
+			if ( isprint (optopt) )
+				snprintf (errstr, sizeof(errstr),
+					"Unknown option \"-%c\".\n", optopt);
+			else
+				snprintf (errstr, sizeof (errstr),
+					"Unknown option char \\x%x.\n", optopt);
+			usage (errstr, config);
+			break;
+		default:
+			abort();
+		}
+	}
+	dbg_line();
+
+	/* store some of the commandline parameter in the config structure */
+	setconfigpar (config, "--view", viewname);
+	setconfigpar (config, "-v", &verbose);
+	if ( logfile == NULL )
+		logfile = config->logfile;
+
+	if ( lg_open (progname, config->syslogfacility, config->sysloglevel, config->zonedir, logfile, config->loglevel) < -1 )
+		fatal ("Couldn't open logfile %s in dir %s\n", logfile, config->zonedir);
+
+#if defined(DBG) && DBG
+	for ( zp = zonelist; zp; zp = zp->next )
+		zone_print ("in main: ", zp);
+#endif
+	lg_args (LG_NOTICE, argc, argv);
+
+	if ( origin )		/* option -o ? */
+	{
+		if ( (argc - optind) <= 0 )	/* no arguments left ? */
+			zone_readdir (".", origin, NULL, &zonelist, config, dynamic_zone);
+		else
+			zone_readdir (".", origin, argv[optind], &zonelist, config, dynamic_zone);
+
+		/* anyway, "delete" all (remaining) arguments */
+		optind = argc;
+
+		/* complain if nothing could read in */
+		if ( zonelist == NULL )
+		{
+			lg_mesg (LG_FATAL, "\"%s\": couldn't read", origin);
+			fatal ("Couldn't read zone \"%s\"\n", origin);
+		}
+	}
+	if ( namedconf )	/* option -N ? */
+	{
+		char	dir[255+1];
+
+		memset (dir, '\0', sizeof (dir));
+		if ( config->zonedir )
+			strncpy (dir, config->zonedir, sizeof(dir));
+		if ( !parse_namedconf (namedconf, dir, sizeof (dir), add2zonelist) )
+			fatal ("Can't read file %s as namedconf file\n", namedconf);
+		if ( zonelist == NULL )
+			fatal ("No signed zone found in file %s\n", namedconf);
+	}
+	if ( dirname )		/* option -D ? */
+	{
+		if ( !parsedir (dirname, &zonelist, config) )
+			fatal ("Can't read directory tree %s\n", dirname);
+		if ( zonelist == NULL )
+			fatal ("No signed zone found in directory tree %s\n", dirname);
+	}
+
+	/* none of the above: read current directory tree */
+	if ( zonelist == NULL )
+		parsedir (config->zonedir, &zonelist, config);
+
+	for ( zp = zonelist; zp; zp = zp->next )
+		if ( in_strarr (zp->zone, &argv[optind], argc - optind) )
+		{
+			dosigning (zonelist, zp);
+			verbmesg (1, zp->conf, "\n");
+		}
+
+	zone_freelist (&zonelist);
+
+	errcnt = lg_geterrcnt ();
+	lg_mesg (LG_NOTICE, "end of run: %d error%s occured", errcnt, errcnt == 1 ? "" : "s");
+	lg_close ();
+
+	return errcnt < 64 ? errcnt : 64;
+}
+
+# define	sopt_usage(mesg, value) fprintf (stderr, mesg, value)
+#if defined(HAVE_GETOPT_LONG) && HAVE_GETOPT_LONG
+# define	lopt_usage(mesg, value) fprintf (stderr, mesg, value)
+# define	loptstr(lstr, sstr)     lstr
+#else
+# define	lopt_usage(mesg, value)
+# define	loptstr(lstr, sstr)     sstr
+#endif
+static	void	usage (char *mesg, zconf_t *conf)
+{
+	fprintf (stderr, "%s version %s\n", progname, ZKT_VERSION);
+	fprintf (stderr, "\n");
+
+	fprintf (stderr, "usage: %s [-c file] [-O optstr] ", progname);
+	fprintf (stderr, "[-D directorytree] ");
+	fprintf (stderr, "[-fhnr] [-v [-v]] [zone ...]\n");
+
+	fprintf (stderr, "usage: %s [-c file] [-O optstr] ", progname);
+	fprintf (stderr, "-N named.conf ");
+	fprintf (stderr, "[-fhnr] [-v [-v]] [zone ...]\n");
+
+	fprintf (stderr, "usage: %s [-c file] [-O optstr] ", progname);
+	fprintf (stderr, "-o origin ");
+	fprintf (stderr, "[-fhnr] [-v [-v]] [zonefile.signed]\n");
+
+	fprintf (stderr, "\t-c file%s", loptstr (", --config=file\n", ""));
+	fprintf (stderr, "\t\t read config from <file> instead of %s\n", CONFIG_FILE);
+	fprintf (stderr, "\t-O optstr%s", loptstr (", --config-option=\"optstr\"\n", ""));
+	fprintf (stderr, "\t\t set config options on the commandline\n");
+	fprintf (stderr, "\t-L file|dir%s", loptstr (", --logfile=file|dir\n", ""));
+	fprintf (stderr, "\t\t specify file or directory for the log output\n");
+	fprintf (stderr, "\t-D dir%s", loptstr (", --directory=dir\n", ""));
+	fprintf (stderr, "\t\t parse the given directory tree for a list of secure zones \n");
+	fprintf (stderr, "\t-N file%s", loptstr (", --named-conf=file\n", ""));
+	fprintf (stderr, "\t\t get the list of secure zones out of the named like config file \n");
+	fprintf (stderr, "\t-o zone%s", loptstr (", --origin=zone", ""));
+	fprintf (stderr, "\tspecify the name of the zone \n");
+	fprintf (stderr, "\t\t The file to sign should be given as an argument (default is \"%s.signed\")\n", conf->zonefile);
+	fprintf (stderr, "\t-h%s\t print this help\n", loptstr (", --help", "\t"));
+	fprintf (stderr, "\t-f%s\t force re-signing\n", loptstr (", --force", "\t"));
+	fprintf (stderr, "\t-n%s\t no execution of external signing command\n", loptstr (", --noexec", "\t"));
+	// fprintf (stderr, "\t-r%s\t reload zone via <rndc reload zone> (or via the external distribution command)\n", loptstr (", --reload", "\t"));
+	fprintf (stderr, "\t-r%s\t reload zone via %s\n", loptstr (", --reload", "\t"), conf->dist_cmd ? conf->dist_cmd: "rndc");
+        fprintf (stderr, "\t-v%s\t be verbose (use twice to be very verbose)\n", loptstr (", --verbose", "\t"));
+
+        fprintf (stderr, "\t[zone]\t sign only those zones given as argument\n");
+
+        fprintf (stderr, "\n");
+        fprintf (stderr, "\tif neither -D nor -N nor -o is given, the directory tree specified\n");
+	fprintf (stderr, "\tin the dnssec config file (\"%s\") will be parsed\n", conf->zonedir);
+
+	if ( mesg && *mesg )
+		fprintf (stderr, "%s\n", mesg);
+	exit (127);
+}
+
+/**	fill zonelist with infos coming out of named.conf	**/
+static	int	add2zonelist (const char *dir, const char *view, const char *zone, const char *file)
+{
+#ifdef DBG
+	fprintf (stderr, "printzone ");
+	fprintf (stderr, "view \"%s\" " , view);
+	fprintf (stderr, "zone \"%s\" " , zone);
+	fprintf (stderr, "file ");
+	if ( dir && *dir )
+		fprintf (stderr, "%s/", dir);
+	fprintf (stderr, "%s", file);
+	fprintf (stderr, "\n");
+#endif
+	dbg_line ();
+	if ( view[0] != '\0' )	/* view found in named.conf */
+	{
+		if ( viewname == NULL || viewname[0] == '\0' )	/* viewname wasn't set on startup ? */
+		{
+			dbg_line ();
+			error ("zone \"%s\" in view \"%s\" found in name server config, but no matching view was set on startup\n", zone, view);
+			lg_mesg (LG_ERROR, "\"%s\" in view \"%s\" found in name server config, but no matching view was set on startup", zone, view);
+			return 0;
+		}
+		dbg_line ();
+		if ( strcmp (viewname, view) != 0 )	/* zone is _not_ in current view */
+			return 0;
+	}
+	return zone_readdir (dir, zone, file, &zonelist, config, dynamic_zone);
+}
+
+static	int	parsedir (const char *dir, zone_t **zp, const zconf_t *conf)
+{
+	DIR	*dirp;
+	struct  dirent  *dentp;
+	char	path[MAX_PATHSIZE+1];
+
+	dbg_val ("parsedir: (%s)\n", dir);
+	if ( !is_directory (dir) )
+		return 0;
+
+	dbg_line ();
+	zone_readdir (dir, NULL, NULL, zp, conf, dynamic_zone);
+
+	dbg_val ("parsedir: opendir(%s)\n", dir);
+	if ( (dirp = opendir (dir)) == NULL )
+		return 0;
+
+	while ( (dentp = readdir (dirp)) != NULL )
+	{
+		if ( is_dotfile (dentp->d_name) )
+			continue;
+
+		pathname (path, sizeof (path), dir, dentp->d_name, NULL);
+		if ( !is_directory (path) )
+			continue;
+
+		dbg_val ("parsedir: recursive %s\n", path);
+		parsedir (path, zp, conf);
+	}
+	closedir (dirp);
+	return 1;
+}
+
+static	int	dosigning (zone_t *zonelist, zone_t *zp)
+{
+	char	path[MAX_PATHSIZE+1];
+	int	err;
+	int	newkey;
+	int	newkeysetfile;
+	int	use_unixtime;
+	time_t	currtime;
+	time_t	zfile_time;
+	time_t	zfilesig_time;
+	char	mesg[255+1];
+
+	verbmesg (1, zp->conf, "parsing zone \"%s\" in dir \"%s\"\n", zp->zone, zp->dir);
+
+	pathname (path, sizeof (path), zp->dir, zp->sfile, NULL);
+	dbg_val("parsezonedir fileexist (%s)\n", path);
+	if ( !fileexist (path) )
+	{
+		error ("Not a secure zone directory (%s)!\n", zp->dir);
+		lg_mesg (LG_ERROR, "\"%s\": not a secure zone directory (%s)!", zp->zone, zp->dir);
+		return 1;
+	}
+	zfilesig_time = file_mtime (path);
+
+	pathname (path, sizeof (path), zp->dir, zp->file, NULL);
+	dbg_val("parsezonedir fileexist (%s)\n", path);
+	if ( !fileexist (path) )
+	{
+		error ("No zone file found (%s)!\n", path);
+		lg_mesg (LG_ERROR, "\"%s\": no zone file found (%s)!", zp->zone, path);
+		return 2;
+	}
+	
+	zfile_time = file_mtime (path);
+	currtime = time (NULL);
+
+	/* check rfc5011 key signing keys, create new one if neccessary */
+	dbg_msg("parsezonedir check rfc 5011 ksk ");
+	newkey = ksk5011status (&zp->keys, zp->dir, zp->zone, zp->conf);
+	if ( (newkey & 02) != 02 )	/* not a rfc 5011 zone ? */
+	{
+		verbmesg (2, zp->conf, "\t\t->not a rfc5011 zone, looking for a regular ksk rollover\n");
+		/* check key signing keys, create new one if neccessary */
+		dbg_msg("parsezonedir check ksk ");
+		newkey |= kskstatus (zonelist, zp);
+	}
+	else
+		newkey &= ~02;		/* reset bit 2 */
+
+	/* check age of zone keys, probably retire (depreciate) or remove old keys */
+	dbg_msg("parsezonedir check zsk ");
+	newkey += zskstatus (&zp->keys, zp->dir, zp->zone, zp->conf);
+
+	/* check age of "dnskey.db" file against age of keyfiles */
+	pathname (path, sizeof (path), zp->dir, zp->conf->keyfile, NULL);
+	dbg_val("parsezonedir check_keydb_timestamp (%s)\n", path);
+	if ( !newkey )
+		newkey = check_keydb_timestamp (zp->keys, file_mtime (path));
+
+	/* if we work in subdir mode, check if there is a new keyset- file */
+	newkeysetfile = 0;
+	if ( !newkey && zp->conf->keysetdir && strcmp (zp->conf->keysetdir, "..") == 0 )
+		newkeysetfile = new_keysetfiles (zp->dir, zfilesig_time);
+
+	/**
+	** Check if it is time to do a re-sign. This is the case if
+	**	a) the command line flag -f is set, or
+	**	b) new keys are generated, or
+	**	c) we found a new KSK of a delegated domain, or
+	**	d) the "dnskey.db" file is newer than "zone.db" 
+	**	e) the "zone.db" is newer than "zone.db.signed" or
+	**	f) "zone.db.signed" is older than the re-sign interval
+	**/
+	mesg[0] = '\0';
+	if ( force )
+		snprintf (mesg, sizeof(mesg), "Option -f"); 
+	else if ( newkey )
+		snprintf (mesg, sizeof(mesg), "New zone key"); 
+	else if ( newkeysetfile )
+		snprintf (mesg, sizeof(mesg), "Modified KSK in delegated domain"); 
+	else if ( file_mtime (path) > zfilesig_time )
+		snprintf (mesg, sizeof(mesg), "Modified keys");
+	else if ( zfile_time > zfilesig_time )
+		snprintf (mesg, sizeof(mesg), "Zone file edited");
+	else if ( (currtime - zfilesig_time) > zp->conf->resign - (OFFSET) )
+		snprintf (mesg, sizeof(mesg), "re-signing interval (%s) reached",
+						str_delspace (age2str (zp->conf->resign)));
+	else if ( dynamic_zone )
+		snprintf (mesg, sizeof(mesg), "dynamic zone");
+
+	if ( *mesg )
+		verbmesg (1, zp->conf, "\tRe-signing necessary: %s\n", mesg);
+	else
+		verbmesg (1, zp->conf, "\tRe-signing not necessary!\n");
+
+	if ( *mesg )
+		lg_mesg (LG_NOTICE, "\"%s\": re-signing triggered: %s", zp->zone,  mesg);
+
+	dbg_line ();
+	if ( !(force || newkey || newkeysetfile || zfile_time > zfilesig_time ||	
+	     file_mtime (path) > zfilesig_time ||
+	     (currtime - zfilesig_time) > zp->conf->resign - (OFFSET) || dynamic_zone) )
+	{
+		verbmesg (2, zp->conf, "\tCheck if there is a parent file to copy\n");
+		if ( zp->conf->keysetdir && strcmp (zp->conf->keysetdir, "..") == 0 )
+			copy_keyset (zp->dir, zp->zone, zp->conf);	/* copy the parent- file if it exist */
+		return 0;	/* nothing to do */
+	}
+
+	/* let's start signing the zone */
+	dbg_line ();
+
+	/* create new "dnskey.db" file  */
+	pathname (path, sizeof (path), zp->dir, zp->conf->keyfile, NULL);
+	verbmesg (1, zp->conf, "\tWriting key file \"%s\"\n", path);
+	if ( !writekeyfile (path, zp->keys, zp->conf->key_ttl) )
+	{
+		error ("Can't create keyfile %s \n", path);
+		lg_mesg (LG_ERROR, "\"%s\": can't create keyfile %s", zp->zone , path);
+	}
+
+	err = 1;
+	use_unixtime = ( zp->conf->serialform == Unixtime );
+	dbg_val1 ("Use unixtime = %d\n", use_unixtime);
+#if defined(BIND_VERSION) && BIND_VERSION >= 940
+	if ( !dynamic_zone && !use_unixtime ) /* increment serial no in static zone files */
+#else
+	if ( !dynamic_zone ) /* increment serial no in static zone files */
+#endif
+	{
+		pathname (path, sizeof (path), zp->dir, zp->file, NULL);
+		err = 0;
+		if ( noexec == 0 )
+		{
+			if ( (err = inc_serial (path, use_unixtime)) < 0 )
+			{
+				error ("could not increment serialno of domain %s in file %s: %s!\n",
+								zp->zone, path, inc_errstr (err));
+				lg_mesg (LG_ERROR,
+					"zone \"%s\": couldn't increment serialno in file %s: %s",
+							zp->zone, path, inc_errstr (err));
+			}
+			else 
+			verbmesg (1, zp->conf, "\tIncrementing serial number in file \"%s\"\n", path);
+		}
+		else 
+			verbmesg (1, zp->conf, "\tIncrementing serial number in file \"%s\"\n", path);
+	}
+
+	/* at last, sign the zone file */
+	if ( err > 0 )
+	{
+		time_t	timer;
+
+		verbmesg (1, zp->conf, "\tSigning zone \"%s\"\n", zp->zone);
+		logflush ();
+
+		/* dynamic zones uses incremental signing, so we have to */
+		/* prepare the old (signed) file as new input file */
+		if ( dynamic_zone )
+		{
+			char	zfile[MAX_PATHSIZE+1];
+
+			dyn_update_freeze (zp->zone, zp->conf, 1);	/* freeze dynamic zone ! */
+
+			pathname (zfile, sizeof (zfile), zp->dir, zp->file, NULL);
+			pathname (path, sizeof (path), zp->dir, zp->sfile, NULL);
+			if ( filesize (path) == 0L )	/* initial signing request */
+			{
+				verbmesg (1, zp->conf, "\tDynamic Zone signing: Initial signing request: Add DNSKEYs to zonefile\n");
+				copyfile (zfile, path, zp->conf->keyfile);
+			}
+			verbmesg (1, zp->conf, "\tDynamic Zone signing: copy old signed zone file %s to new input file %s\n",
+										path, zfile); 
+			if ( newkey )	/* if we have new keys, they should be added to the zone file */
+				copyzonefile (path, zfile, zp->conf->keyfile);
+			else		/* else we can do a simple file copy */
+				copyfile (path, zfile, NULL);
+		}
+
+		timer = start_timer ();
+		if ( (err = sign_zone (zp->dir, zp->zone, zp->file, zp->conf)) < 0 )
+		{
+			error ("Signing of zone %s failed (%d)!\n", zp->zone, err);
+			lg_mesg (LG_ERROR, "\"%s\": signing failed!", zp->zone);
+		}
+		timer = stop_timer (timer);
+
+		if ( dynamic_zone )
+			dyn_update_freeze (zp->zone, zp->conf, 0);	/* thaw dynamic zone file */
+
+		{
+		const	char	*tstr = str_delspace (age2str (timer));
+
+		if ( !tstr || *tstr == '\0' )
+			tstr = "0s";
+		verbmesg (1, zp->conf, "\tSigning completed after %s.\n", tstr);
+		}
+	}
+
+	copy_keyset (zp->dir, zp->zone, zp->conf);
+
+	if ( err >= 0 && reloadflag )
+	{
+		if ( zp->conf->dist_cmd )
+			dist_and_reload (zp);
+		else
+			reload_zone (zp->zone, zp->conf);
+
+		register_key (zp->keys, zp->conf);
+	}
+
+	return err;
+}
+
+static	void	register_key (dki_t *list, const zconf_t *z)
+{
+	dki_t	*dkp;
+	time_t	currtime;
+	time_t	age;
+
+	assert ( list != NULL );
+	assert ( z != NULL );
+
+	currtime = time (NULL);
+	for ( dkp = list; dkp && dki_isksk (dkp); dkp = dkp->next )
+	{
+		age = dki_age (dkp, currtime);
+#if 0
+		/* announce "new" and active key signing keys */
+		if ( REG_URL && *REG_URL && dki_status (dkp) == DKI_ACT && age <= z->resign * 4 )
+		{
+			if ( verbose )
+				logmesg ("\tRegister new KSK with tag %d for domain %s\n",
+								dkp->tag, dkp->name);
+		}
+#endif
+	}
+}
+
+/*
+ *	This function is not working with symbolic links to keyset- files,
+ *	because file_mtime() returns the mtime of the underlying file, and *not*
+ *	that of the symlink file.
+ *	This is bad, because the keyset-file will be newly generated by dnssec-signzone
+ *	on every re-signing call.
+ *	Instead, in the case of a hierarchical directory structure, we copy the file
+ *	(and so we change the timestamp) only if it was modified after the last
+ *	generation (checked with cmpfile(), see func sign_zone()).
+ */
+# define	KEYSET_FILE_PFX	"keyset-"
+static	int	new_keysetfiles (const char *dir, time_t zone_signing_time)
+{
+	DIR	*dirp;
+	struct  dirent  *dentp;
+	char	path[MAX_PATHSIZE+1];
+	int	newkeysetfile;
+
+	if ( (dirp = opendir (dir)) == NULL )
+		return 0;
+
+	newkeysetfile = 0;
+	dbg_val2 ("new_keysetfile (%s, %s)\n", dir, time2str (zone_signing_time, 's')); 
+	while ( !newkeysetfile && (dentp = readdir (dirp)) != NULL )
+	{
+		if ( strncmp (dentp->d_name, KEYSET_FILE_PFX, strlen (KEYSET_FILE_PFX)) != 0 )
+			continue;
+
+		pathname (path, sizeof (path), dir, dentp->d_name, NULL);
+		dbg_val2 ("newkeysetfile timestamp of %s = %s\n", path, time2str (file_mtime(path), 's')); 
+		if ( file_mtime (path) > zone_signing_time )
+			newkeysetfile = 1;
+	}
+	closedir (dirp);
+
+	return newkeysetfile;
+}
+
+static	int	check_keydb_timestamp (dki_t *keylist, time_t reftime)
+{
+	dki_t	*key;
+
+	assert ( keylist != NULL );
+	if ( reftime == 0 )
+		return 1;
+
+	for ( key = keylist; key; key = key->next )
+		if ( dki_time (key) > reftime )
+			return 1;
+
+	return 0;
+}
+
+static	int	writekeyfile (const char *fname, const dki_t *list, int key_ttl)
+{
+	FILE	*fp;
+	const	dki_t	*dkp;
+	time_t	curr = time (NULL);
+	int	ksk;
+
+	if ( (fp = fopen (fname, "w")) == NULL )
+		return 0;
+	fprintf (fp, ";\n");
+	fprintf (fp, ";\t!!! Don\'t edit this file by hand.\n");
+	fprintf (fp, ";\t!!! It will be generated by %s.\n", progname);
+	fprintf (fp, ";\n");
+	fprintf (fp, ";\t Last generation time %s\n", time2str (curr, 's'));
+	fprintf (fp, ";\n");
+
+	fprintf (fp, "\n");
+	fprintf (fp, ";  ***  List of Key Signing Keys  ***\n");
+	ksk = 1;
+	for ( dkp = list; dkp; dkp = dkp->next )
+	{
+		if ( ksk && !dki_isksk (dkp) )
+		{
+			fprintf (fp, "; ***  List of Zone Signing Keys  ***\n");
+			ksk = 0;
+		}
+		dki_prt_comment (dkp, fp);
+		dki_prt_dnskeyttl (dkp, fp, key_ttl);
+		putc ('\n', fp);
+	}
+	
+	fclose (fp);
+	return 1;
+}
+
+static	int	sign_zone (const char *dir, const char *domain, const char *file, const zconf_t *conf)
+{
+	char	cmd[1023+1];
+	char	str[1023+1];
+	char	rparam[254+1];
+	char	keysetdir[254+1];
+	const	char	*gends;
+	const	char	*pseudo;
+	const	char	*param;
+	int	len;
+	FILE	*fp;
+
+	assert (conf != NULL);
+	assert (domain != NULL);
+
+	len = 0;
+	str[0] = '\0';
+	if ( conf->lookaside && conf->lookaside[0] )
+		len = snprintf (str, sizeof (str), "-l %.250s", conf->lookaside);
+
+	dbg_line();
+#if defined(BIND_VERSION) && BIND_VERSION >= 940
+	if ( !dynamic_zone && conf->serialform == Unixtime )
+		snprintf (str+len, sizeof (str) - len, " -N unixtime");
+#endif
+
+	gends = "";
+	if ( conf->sig_gends )
+		gends = "-g ";
+
+	pseudo = "";
+	if ( conf->sig_pseudo )
+		pseudo = "-p ";
+
+	param = "";
+	if ( conf->sig_param && conf->sig_param[0] )
+		param = conf->sig_param;
+
+	dbg_line();
+	rparam[0] = '\0';
+	if ( conf->sig_random && conf->sig_random[0] )
+		snprintf (rparam, sizeof (rparam), "-r %.250s ", conf->sig_random);
+
+	dbg_line();
+	keysetdir[0] = '\0';
+	if ( conf->keysetdir && conf->keysetdir[0] && strcmp (conf->keysetdir, "..") != 0 )
+		snprintf (keysetdir, sizeof (keysetdir), "-d %.250s ", conf->keysetdir);
+
+	if ( dir == NULL || *dir == '\0' )
+		dir = ".";
+
+	dbg_line();
+#if defined(BIND_VERSION) && BIND_VERSION >= 940
+	if ( dynamic_zone )
+		snprintf (cmd, sizeof (cmd), "cd %s; %s %s %s%s%s%s-o %s -e +%d %s -N increment -f %s.dsigned %s K*.private",
+			dir, SIGNCMD, param, gends, pseudo, rparam, keysetdir, domain, conf->sigvalidity, str, file, file);
+	else
+#endif
+		snprintf (cmd, sizeof (cmd), "cd %s; %s %s %s%s%s%s-o %s -e +%d %s %s K*.private",
+			dir, SIGNCMD, param, gends, pseudo, rparam, keysetdir, domain, conf->sigvalidity, str, file);
+	verbmesg (2, conf, "\t  Run cmd \"%s\"\n", cmd);
+	*str = '\0';
+	if ( noexec == 0 )
+	{
+		if ( (fp = popen (cmd, "r")) == NULL || fgets (str, sizeof str, fp) == NULL )
+			return -1;
+		pclose (fp);
+	}
+
+	dbg_line();
+	verbmesg (2, conf, "\t  Cmd dnssec-signzone return: \"%s\"\n", str_chop (str, '\n'));
+
+	return 0;
+}
+
+static	void	copy_keyset (const char *dir, const char *domain, const zconf_t *conf)
+{
+	char	fromfile[1024];
+	char	tofile[1024];
+	int	ret;
+
+	/* propagate "keyset"-file to parent dir */
+	if ( conf->keysetdir && strcmp (conf->keysetdir, "..") == 0 )
+	{
+		/* check if special parent-file exist (ksk rollover) */
+		snprintf (fromfile, sizeof (fromfile), "%s/parent-%s", dir, domain);
+		if ( !fileexist (fromfile) )	/* use "normal" keyset-file */
+			snprintf (fromfile, sizeof (fromfile), "%s/keyset-%s", dir, domain);
+
+		/* verbmesg (2, conf, "\t  check \"%s\" against parent dir\n", fromfile); */
+		snprintf (tofile, sizeof (tofile), "%s/../keyset-%s", dir, domain);
+		if ( cmpfile (fromfile, tofile) != 0 )
+		{
+			verbmesg (2, conf, "\t  copy \"%s\" to parent dir\n", fromfile);
+			if ( (ret = copyfile (fromfile, tofile, NULL)) != 0 )
+			{
+				error ("Couldn't copy \"%s\" to parent dir (%d:%s)\n",
+					fromfile, ret, strerror(errno));
+				lg_mesg (LG_ERROR, "\%s\": can't copy \"%s\" to parent dir (%d:%s)",
+					domain, fromfile, ret, strerror(errno));
+			}
+		}
+	}
+}
+
+static	int	dyn_update_freeze (const char *domain, const zconf_t *z, int freeze)
+{
+	char	cmdline[254+1];
+	char	str[254+1];
+	char	*action;
+	FILE	*fp;
+
+	assert (z != NULL);
+	if ( freeze )
+		action = "freeze";
+	else
+		action = "thaw";
+
+	if ( z->view )
+		snprintf (str, sizeof (str), "\"%s\" in view \"%s\"", domain, z->view);
+	else
+		snprintf (str, sizeof (str), "\"%s\"", domain);
+
+	lg_mesg (LG_NOTICE, "%s: %s dynamic zone", str, action);
+	verbmesg (1, z, "\t%s dynamic zone %s\n", action, str);
+
+	if ( z->view )
+		snprintf (cmdline, sizeof (cmdline), "%s %s %s IN %s", RELOADCMD, action, domain, z->view);
+	else
+		snprintf (cmdline, sizeof (cmdline), "%s %s %s", RELOADCMD, action, domain);
+
+	verbmesg (2, z, "\t  Run cmd \"%s\"\n", cmdline);
+	*str = '\0';
+	if ( noexec == 0 )
+	{
+		if ( (fp = popen (cmdline, "r")) == NULL || fgets (str, sizeof str, fp) == NULL )
+			return -1;
+		pclose (fp);
+	}
+
+	verbmesg (2, z, "\t  rndc %s return: \"%s\"\n", action, str_chop (str, '\n'));
+
+	return 0;
+}
+
+/*****************************************************************
+**	distribute and reload a zone via "distribute_command"
+*****************************************************************/
+static	int	dist_and_reload (const zone_t *zp)
+{
+	char	path[MAX_PATHSIZE+1];
+	char	cmdline[254+1];
+	char	zone[254+1];
+	char	str[254+1];
+	FILE	*fp;
+
+	assert (zp != NULL);
+	assert (zp->conf->dist_cmd != NULL);
+
+	if ( !is_exec_ok (zp->conf->dist_cmd) )
+	{
+		char	*mesg;
+
+		if ( getuid () == 0 )
+			mesg = "\tDistribution command %s not run as root\n";
+		else
+			mesg = "\tDistribution command %s not run due to strange file mode settings\n";
+
+		verbmesg (1, zp->conf, mesg, zp->conf->dist_cmd);
+		lg_mesg (LG_ERROR, "exec of distribution command %s disabled due to security reasons", zp->conf->dist_cmd);
+
+		return -1;
+	}
+
+	if ( zp->conf->view )
+		snprintf (zone, sizeof (zone), "\"%s\" in view \"%s\"", zp->zone, zp->conf->view);
+	else
+		snprintf (zone, sizeof (zone), "\"%s\"", zp->zone);
+
+
+	pathname (path, sizeof (path), zp->dir, zp->sfile, NULL);
+
+	lg_mesg (LG_NOTICE, "%s: distribution triggered", zone);
+	verbmesg (1, zp->conf, "\tDistribute zone %s\n", zone);
+	if ( zp->conf->view )
+		snprintf (cmdline, sizeof (cmdline), "%s distribute %s %s %s", zp->conf->dist_cmd, zp->zone, path, zp->conf->view);
+	else
+		snprintf (cmdline, sizeof (cmdline), "%s distribute %s %s", zp->conf->dist_cmd, zp->zone, path);
+
+	*str = '\0';
+	if ( noexec == 0 )
+	{
+		verbmesg (2, zp->conf, "\t  Run cmd \"%s\"\n", cmdline);
+		if ( (fp = popen (cmdline, "r")) == NULL || fgets (str, sizeof str, fp) == NULL )
+			return -2;
+		pclose (fp);
+		verbmesg (2, zp->conf, "\t  %s distribute return: \"%s\"\n", zp->conf->dist_cmd, str_chop (str, '\n'));
+	}
+
+
+	lg_mesg (LG_NOTICE, "%s: reload triggered", zone);
+	verbmesg (1, zp->conf, "\tReload zone %s\n", zone);
+	if ( zp->conf->view )
+		snprintf (cmdline, sizeof (cmdline), "%s reload %s %s %s", zp->conf->dist_cmd, zp->zone, path, zp->conf->view);
+	else
+		snprintf (cmdline, sizeof (cmdline), "%s reload %s %s", zp->conf->dist_cmd, zp->zone, path);
+
+	*str = '\0';
+	if ( noexec == 0 )
+	{
+		verbmesg (2, zp->conf, "\t  Run cmd \"%s\"\n", cmdline);
+		if ( (fp = popen (cmdline, "r")) == NULL || fgets (str, sizeof str, fp) == NULL )
+			return -2;
+		pclose (fp);
+		verbmesg (2, zp->conf, "\t  %s reload return: \"%s\"\n", zp->conf->dist_cmd, str_chop (str, '\n'));
+	}
+
+	return 0;
+}
+
+/*****************************************************************
+**	reload a zone via "rndc"
+*****************************************************************/
+static	int	reload_zone (const char *domain, const zconf_t *z)
+{
+	char	cmdline[254+1];
+	char	str[254+1];
+	FILE	*fp;
+
+	assert (z != NULL);
+	// fprintf (stderr, "reload_zone %d :%s: :%s:\n", z->verbosity, domain, z->view);
+	if ( z->view )
+		snprintf (str, sizeof (str), "\"%s\" in view \"%s\"", domain, z->view);
+	else
+		snprintf (str, sizeof (str), "\"%s\"", domain);
+
+	lg_mesg (LG_NOTICE, "%s: reload triggered", str);
+	verbmesg (1, z, "\tReload zone %s\n", str);
+
+	if ( z->view )
+		snprintf (cmdline, sizeof (cmdline), "%s reload %s IN %s", RELOADCMD, domain, z->view);
+	else
+		snprintf (cmdline, sizeof (cmdline), "%s reload %s", RELOADCMD, domain);
+
+	*str = '\0';
+	if ( noexec == 0 )
+	{
+		verbmesg (2, z, "\t  Run cmd \"%s\"\n", cmdline);
+		if ( (fp = popen (cmdline, "r")) == NULL || fgets (str, sizeof str, fp) == NULL )
+			return -1;
+		pclose (fp);
+		verbmesg (2, z, "\t  rndc reload return: \"%s\"\n", str_chop (str, '\n'));
+	}
+
+	return 0;
+}
diff --git a/contrib/zkt/dnssec-zkt.8 b/contrib/zkt/dnssec-zkt.8
new file mode 100644
index 0000000..b53f8bb
--- /dev/null
+++ b/contrib/zkt/dnssec-zkt.8
@@ -0,0 +1,481 @@
+.TH dnssec-zkt 8 "July 27, 2008" "ZKT 0.97" ""
+\" turn off hyphenation
+.\"	if n .nh
+.nh
+.SH NAME
+dnssec-zkt \(em Secure DNS zone key tool 
+
+.SH SYNOPSYS
+.na
+.B dnssec-zkt
+.RB [ \-V|--view
+.IR "view" ]
+.RB [ \-c
+.IR "file" ]
+.RB [ \-l
+.IR "list" ]
+.RB [ \-adefhkLrptz ]
+.RI [{ keyfile | dir }
+.RI "" ... ]
+
+.B dnssec-zkt
+.BR \-C <label>
+.RB [ \-V|--view
+.IR "view" ]
+.RB [ \-c
+.IR "file" ]
+.RB [ \-krpz ]
+.RI [{ keyfile | dir }
+.RI "" ... ]
+.br
+.B dnssec-zkt
+.BR \-\-create= <label>
+.RB [ \-V|--view
+.IR "view" ]
+.RB [ \-c
+.IR "file" ]
+.RB [ \-krpz ]
+.RI [{ keyfile | dir }
+.RI "" ... ]
+
+.B dnssec-zkt
+.BR \-  { P | A | D | R } <keytag>
+.RB [ \-V|--view
+.IR "view" ]
+.RB [ \-c
+.IR "file" ]
+.RB [ \-r ]
+.RI [{ keyfile | dir }
+.RI "" ... ]
+.br
+.B dnssec-zkt
+.BR \-\-published= <keytag>
+.RB [ \-V|--view
+.IR "view" ]
+.RB [ \-c
+.IR "file" ]
+.RB [ \-r ]
+.RI [{ keyfile | dir }
+.RI "" ... ]
+.br
+.B dnssec-zkt
+.BR \-\-active= <keytag>
+.RB [ \-V|--view
+.IR "view" ]
+.RB [ \-c
+.IR "file" ]
+.RB [ \-r ]
+.RI [{ keyfile | dir }
+.RI "" ... ]
+.br
+.B dnssec-zkt
+.BR \-\-depreciate= <keytag>
+.RB [ \-V|--view
+.IR "view" ]
+.RB [ \-c
+.IR "file" ]
+.RB [ \-r ]
+.RI [{ keyfile | dir }
+.RI "" ... ]
+.br
+.B dnssec-zkt
+.BR \-\-rename= <keytag>
+.RB [ \-V|--view
+.IR "view" ]
+.RB [ \-c
+.IR "file" ]
+.RB [ \-r ]
+.RI [{ keyfile | dir }
+.RI "" ... ]
+
+.B dnssec-zkt
+.BR \-\-destroy= <keytag>
+.RB [ \-V|--view
+.IR "view" ]
+.RB [ \-c
+.IR "file" ]
+.RB [ \-r ]
+.RI [{ keyfile | dir }
+.RI "" ... ]
+
+.B dnssec-zkt
+.B \-T
+.RB [ \-V|--view
+.IR "view" ]
+.RB [ \-c
+.IR "file" ]
+.RB [ \-l
+.IR "list" ]
+.RB [ \-hr ]
+.RI [{ keyfile | dir }
+.RI "" ... ]
+.br
+.B dnssec-zkt
+.B \-\-list-trustedkeys
+.RB [ \-V|--view
+.IR "view" ]
+.RB [ \-c
+.IR "file" ]
+.RB [ \-l
+.IR "list" ]
+.RB [ \-hr ]
+.RI [{ keyfile | dir }
+.RI "" ... ]
+
+.B dnssec-zkt
+.B \-K
+.RB [ \-V|--view
+.IR "view" ]
+.RB [ \-c
+.IR "file" ]
+.RB [ \-l
+.IR "list" ]
+.RB [ \-hkzr ]
+.RI [{ keyfile | dir }
+.RI "" ... ]
+.br
+.B dnssec-zkt
+.B \-\-list-dnskeys
+.RB [ \-V|--view
+.IR "view" ]
+.RB [ \-c
+.IR "file" ]
+.RB [ \-l
+.IR "list" ]
+.RB [ \-hkzr ]
+.RI [{ keyfile | dir }
+.RI "" ... ]
+
+.B dnssec-zkt
+.B \-Z
+.RB [ \-V|--view
+.IR "view" ]
+.RB [ \-c
+.IR "file" ]
+.br
+.B dnssec-zkt
+.B \-\-zone-config
+.RB [ \-V|--view
+.IR "view" ]
+.RB [ \-c
+.IR "file" ]
+
+.B dnssec-zkt
+.B \-9 | \-\-ksk-rollover
+.br
+.B dnssec-zkt
+.B \-1 | \-\-ksk-roll-phase1
+.I "do.ma.in."
+.RB [ \-V|--view
+.IR "view" ]
+.RB [ \-c
+.IR "file" ]
+.br
+.B dnssec-zkt
+.B \-2 | \-\-ksk-roll-phase2
+.I "do.ma.in."
+.RB [ \-V|--view
+.IR "view" ]
+.RB [ \-c
+.IR "file" ]
+.br
+.B dnssec-zkt
+.B \-3 | \-\-ksk-roll-phase3
+.I do.ma.in.
+.RB [ \-V|--view
+.IR "view" ]
+.RB [ \-c
+.IR "file" ]
+.br
+.B dnssec-zkt
+.B \-0 | \-\-ksk-roll-stat
+.I do.ma.in.
+.RB [ \-V|--view
+.IR "view" ]
+.RB [ \-c
+.IR "file" ]
+.br
+.ad
+
+.SH DESCRIPTION
+The 
+.I dnssec-zkt
+command is a wrapper around 
+.I dnssec-keygen(8)
+to assist in dnssec zone key management.
+.PP
+In the common usage the command prints out information about
+all dnssec (zone) keys found in the given (or predefined default) directory.
+It's also possible to specify keyfiles (K*.key) as arguments.
+With option
+.B \-r
+subdirectories will be searched recursively, and all dnssec keys found
+will be listed sorted by domain name, key type and generation time.
+In that mode the use of the
+.B \-p
+option may be helpful to find the location of the keyfile in the directory tree.
+.PP
+Other forms of the command print out keys in a format suitable for
+a trusted-key section or as a DNSKEY resource record.
+.PP
+The command is also useful in dns key management.
+It allows key livetime monitoring and status change.
+
+.SH GENERAL OPTIONS
+.TP
+.BI \-V " view" ", \-\-view=" view
+Try to read the default configuration out of a file named
+.I dnssec-<view>.conf .
+Instead of specifying the \-V or --view option every time,
+it's also possible to create a hard or softlink to the
+executable file to give it an additional name like 
+.I dnssec-zkt-<view> .
+.TP
+.BI \-c " file" ", \-\-config=" file
+Read default values from the specified config file.
+Otherwise the default config file is read or build in defaults
+will be used.
+.TP
+.BI \-O " optstr" ", \-\-config-option=" optstr
+Set any config file option via the commandline.
+Several config file options could be specified at the argument string
+but have to be delimited by semicolon (or newline).
+.TP
+.BI \-l " list"
+Print out information solely about domains given in the comma or space separated
+list.
+Take care of, that every domain name has a trailing dot.
+.TP
+.BR \-d ", " \-\-directory
+Skip directory arguments.
+This will be useful in combination with wildcard arguments
+to prevent dnsssec-zkt to list all keys found in subdirectories. 
+For example "dnssec-zkt -d *" will print out a list of all keys only found in
+the current directory.
+Maybe it's easier to use "dnssec-zkt ." instead (without -r set).
+The option works similar to the \-d option of
+.IR ls(1) .
+.TP
+.BR \-L ", " \-\-left-justify
+Print out the domain name left justified.
+.TP
+.BR \-k ", " \-\-ksk
+Select and print key signing keys only (default depends on command mode).
+.TP
+.BR \-z ", " \-\-zsk
+Select and print zone signing keys only (default depends on command mode).
+.TP
+.BR \-r ", " \-\-recursive
+Recursive mode (default is off).
+.br
+Also settable in the dnssec.conf file (Parameter: Recursive).
+.TP
+.BR \-p ", " \-\-path
+Print pathname in listing mode.
+In -C mode, don't create the new key in the same directory as (already existing)
+keys with the same label.
+.TP
+.BR \-a ", " \-\-age
+Print age of key in weeks, days, hours, minutes and seconds (default is off).
+.br
+Also settable in the dnssec.conf file (Parameter: PrintAge).
+.TP
+.BR \-f ", " \-\-lifetime
+Print the key lifetime.
+.TP
+.BR \-F ", " \-\-setlifetime
+Set the key lifetime of all the selected keys.
+Use option -k, -z, -l or the file and dir argument for key selection.
+.TP
+.BR \-e ", " \-\-exptime
+Print the key expiration time.
+.TP
+.BR \-t ", " \-\-time
+Print the key generation time (default is on).
+.br
+Also settable in the dnssec.conf file (Parameter: PrintTime).
+.TP
+.B \-h
+No header or trusted-key section header and trailer in -T mode
+.PP
+
+.SH COMMAND OPTIONS
+.TP
+.BR \-H ", " \-\-help
+Print out the online help.
+.TP
+.BR \-T ", " \-\-list-trustedkeys
+List all key signing keys as a
+.I named.conf
+trusted-key section.
+Use
+.B \-h
+to supress the section header/trailer.
+.TP
+.BR \-K ", " \-\-list-dnskeys
+List the public part of all the keys in DNSKEY resource record format.
+Use
+.B \-h
+to suppress comment lines.
+.TP
+.BI \-C " zone" ",  \-\-create=" zone
+Create a new zone signing key for the given zone.
+Add option
+.B \-k
+to create a key signing key.
+The key algorithm and key length will be examined from built-in default values
+or from the parameter settings in the
+.I dnssec.conf
+file.
+.br
+The keyfile will be created in the current directory if
+the
+.B \-p
+option is specified.
+.TP
+.BI \-R " keyid" ", \-\-revoke=" keyid
+Revoke the key signing key with the given keyid.
+A revoked key has bit 8 in the flags filed set (see RFC5011).
+The keyid is the numeric keytag with an optionally added zone name separated by a colon.
+.TP
+.BI \-\-rename=" keyid
+Rename the key files of the key with the given keyid
+(Look at key file names starting with an lower 'k').
+The keyid is the numeric keytag with an optionally added zone name separated by a colon.
+.TP
+.BI \-\-destroy= keyid
+Deletes the key with the given keyid.
+The keyid is the numeric keytag with an optionally added zone name separated by a colon.
+Beware that this deletes both private and public keyfiles, thus the key is
+unrecoverable lost.
+.TP
+.BI \-P|A|D " keyid," " \-\-published=" keyid, " \-\-active=" keyid, " \-\-depreciated=" keyid
+Change the status of the given dnssec key to
+published
+.RB ( \-P ),
+active
+.RB ( \-A )
+or depreciated
+.RB ( \-D ).
+The
+.I keyid
+is the numeric keytag with an optionally added zone name separated by a colon.
+Setting the status to "published" or "depreciate" will change the filename
+of the private key file to ".published" or ".depreciated" respectivly.
+This prevents the usage of the key as a signing key by the use of
+.IR dnssec-signzone(8) .
+The time of status change will be stored in the 'mtime' field of the corresponding
+".key" file.
+Key activation via option
+.B \-A
+will restore the original timestamp and file name (".private").
+.TP
+.BR \-Z ", " \-\-zone-config
+Write all config parameters to stdout.
+The output is suitable as a template for the
+.I dnssec.conf
+file, so the easiest way to create a
+.I dnssec.conf
+file is to redirect the standard output of the above command.
+Pay attention not to overwrite an existing file.
+.TP
+.BI \-\-ksk-roll-phase[123] " do.ma.in."
+Initiate a key signing key rollover of the specified domain.
+This feature is currently in experimental status and is mainly for the use
+in an hierachical environment.
+Use --ksk-rollover for a little more detailed description.
+
+
+.SH SAMPLE USAGE
+.TP 
+.fam C
+.B "dnssec-zkt \-r . 
+.fam T
+Print out a list of all zone keys found below the current directory.
+.TP
+.fam C
+.B "dnssec-zkt \-Z \-c """"
+.fam T
+Print out the compiled in default parameters.
+.TP
+.fam C
+.B "dnssec-zkt \-C example.net \-k \-r ./zonedir
+.fam T
+Create a new key signing key for the zone "example.net".
+Store the key in the same directory below "zonedir" where the other
+"example.net" keys live.
+.TP
+.fam C
+.B "dnssec-zkt \-T ./zonedir/example.net
+.fam T
+Print out a trusted-key section containing the key signing keys of "example.net".
+.TP
+.fam C
+.B "dnssec-zkt \-D 123245 \-r . 
+.fam T
+Depreciate the key with tag "12345" below the current directory,
+.TP
+.fam C
+.B "dnssec-zkt --view intern 
+Print out a list of all zone keys found below the directory where all
+the zones of view intern live.
+There should be a seperate dnssec config file
+.I dnssec-intern.conf
+with a directory option to take affect of this.
+.TP
+.fam C
+.B "dnssec-zkt-intern 
+.fam T
+Same as above.
+The binary file
+.I dnssec-zkt
+have linked to
+.I dnssec-zkt-intern .
+
+.SH ENVIRONMENT VARIABLES
+.TP
+ZKT_CONFFILE
+Specifies the name of the default global configuration files.
+
+.SH FILES
+.TP
+.I /var/named/dnssec.conf
+Built-in default global configuration file.
+The name of the default global config file is settable via
+the environment variable ZKT_CONFFILE.
+.TP
+.I /var/named/dnssec-<view>.conf
+View specific global configuration file.
+.TP
+.I ./dnssec.conf
+Local configuration file (only used in
+.B \-C
+mode).
+
+.SH BUGS
+.PP
+Some of the general options will not be meaningful in all of the command modes.
+.br
+The option
+.B \-l
+and the ksk rollover options
+insist on domain names ending with a dot.
+.PP
+
+.SH AUTHOR
+Holger Zuleger 
+
+.SH COPYRIGHT
+Copyright (c) 2005 \- 2007 by Holger Zuleger.
+Licensed under the GPL 2. There is NO warranty; not even for MERCHANTABILITY or
+FITNESS FOR A PARTICULAR PURPOSE.
+.\"--------------------------------------------------
+.SH SEE ALSO
+dnssec-keygen(8), dnssec-signzone(8), rndc(8), named.conf(5), dnssec-signer(8),
+.br
+RFC4641 
+"DNSSEC Operational Practices" by Miek Gieben and Olaf Kolkman,
+.br
+DNSSEC HOWTO Tutorial by Olaf Kolkman, RIPE NCC
+.br
+(http://www.nlnetlabs.nl/dnssec_howto/)
diff --git a/contrib/zkt/dnssec-zkt.c b/contrib/zkt/dnssec-zkt.c
new file mode 100644
index 0000000..803cbc3
--- /dev/null
+++ b/contrib/zkt/dnssec-zkt.c
@@ -0,0 +1,823 @@
+/*****************************************************************
+**
+**	@(#) dnssec-zkt.c (c) Jan 2005  Holger Zuleger  hznet.de
+**
+**	Secure DNS zone key tool
+**	A wrapper command around the BIND dnssec-keygen utility
+**
+**	Copyright (c) 2005 - 2008, Holger Zuleger HZnet. All rights reserved.
+**
+**	This software is open source.
+**
+**	Redistribution and use in source and binary forms, with or without
+**	modification, are permitted provided that the following conditions
+**	are met:
+**
+**	Redistributions of source code must retain the above copyright notice,
+**	this list of conditions and the following disclaimer.
+**
+**	Redistributions in binary form must reproduce the above copyright notice,
+**	this list of conditions and the following disclaimer in the documentation
+**	and/or other materials provided with the distribution.
+**
+**	Neither the name of Holger Zuleger HZnet nor the names of its contributors may
+**	be used to endorse or promote products derived from this software without
+**	specific prior written permission.
+**
+**	THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+**	"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+**	TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+**	PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
+**	LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+**	CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+**	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+**	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+**	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+**	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+**	POSSIBILITY OF SUCH DAMAGE.
+**
+*****************************************************************/
+
+# include <stdio.h>
+# include <stdlib.h>	/* abort(), exit(), ... */
+# include <string.h>
+# include <dirent.h>
+# include <assert.h>
+# include <unistd.h>
+# include <ctype.h>
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+# include "config_zkt.h"
+#if defined(HAVE_GETOPT_LONG) && HAVE_GETOPT_LONG
+# include <getopt.h>
+#endif
+
+# include "debug.h"
+# include "misc.h"
+# include "strlist.h"
+# include "zconf.h"
+# include "dki.h"
+# include "zkt.h"
+
+extern  int	optopt;
+extern  int	opterr;
+extern  int	optind;
+extern  char	*optarg;
+const	char	*progname;
+
+char	*labellist = NULL;
+
+int	headerflag = 1;
+int	ageflag = 0;
+int	lifetime = 0;
+int	lifetimeflag = 0;
+int	timeflag = 1;
+int	exptimeflag = 0;
+int	pathflag = 0;
+int	kskflag = 1;
+int	zskflag = 1;
+int	ljustflag = 0;
+
+static	int	dirflag = 0;
+static	int	recflag = RECURSIVE;
+static	int	trustedkeyflag = 0;
+static	char	*kskdomain = "";
+static	const	char	*view = "";
+
+# define	short_options	":0:1:2:3:9A:C:D:P:S:R:HKTs:ZV:afF:c:O:dhkLl:prtez"
+#if defined(HAVE_GETOPT_LONG) && HAVE_GETOPT_LONG
+static struct option long_options[] = {
+	{"ksk-rollover",	no_argument, NULL, '9'},
+	{"ksk-status",		required_argument, NULL, '0'},
+	{"ksk-roll-status",	required_argument, NULL, '0'},
+	{"ksk-newkey",		required_argument, NULL, '1'},
+	{"ksk-publish",		required_argument, NULL, '2'},
+	{"ksk-delkey",		required_argument, NULL, '3'},
+	{"ksk-roll-phase1",	required_argument, NULL, '1'},
+	{"ksk-roll-phase2",	required_argument, NULL, '2'},
+	{"ksk-roll-phase3",	required_argument, NULL, '3'},
+	{"list-dnskeys",	no_argument, NULL, 'K'},
+	{"list-trustedkeys",	no_argument, NULL, 'T'},
+	{"ksk",			no_argument, NULL, 'k'},
+	{"zsk",			no_argument, NULL, 'z'},
+	{"age",			no_argument, NULL, 'a'},
+	{"lifetime",		no_argument, NULL, 'f'},
+	{"time",		no_argument, NULL, 't'},
+	{"expire",		no_argument, NULL, 'e'},
+	{"recursive",		no_argument, NULL, 'r'},
+	{"zone-config",		no_argument, NULL, 'Z'},
+	{"leftjust",		no_argument, NULL, 'L'},
+	{"path",		no_argument, NULL, 'p'},
+	{"nohead",		no_argument, NULL, 'h'},
+	{"directory",		no_argument, NULL, 'd'},
+	{"config",		required_argument, NULL, 'c'},
+	{"option",		required_argument, NULL, 'O'},
+	{"config-option",	required_argument, NULL, 'O'},
+	{"published",		required_argument, NULL, 'P'},
+	{"standby",		required_argument, NULL, 'S'},
+	{"active",		required_argument, NULL, 'A'},
+	{"depreciated",		required_argument, NULL, 'D'},
+	{"create",		required_argument, NULL, 'C'},
+	{"revoke",		required_argument, NULL, 'R'},
+	{"remove",		required_argument, NULL, 19 },
+	{"destroy",		required_argument, NULL, 20 },
+	{"setlifetime",		required_argument, NULL, 'F' },
+	{"view",		required_argument, NULL, 'V' },
+	{"help",		no_argument, NULL, 'H'},
+	{0, 0, 0, 0}
+};
+#endif
+
+static	int	parsedirectory (const char *dir, dki_t **listp);
+static	void	parsefile (const char *file, dki_t **listp);
+static	void	createkey (const char *keyname, const dki_t *list, const zconf_t *conf);
+static	void	ksk_roll (const char *keyname, int phase, const dki_t *list, const zconf_t *conf);
+static	int	create_parent_file (const char *fname, int phase, int ttl, const dki_t *dkp);
+static	void    usage (char *mesg, zconf_t *cp);
+static	const char *parsetag (const char *str, int *tagp);
+
+static	void	setglobalflags (zconf_t *config)
+{
+	recflag = config->recursive;
+	ageflag = config->printage;
+	timeflag = config->printtime;
+	ljustflag = config->ljust;
+}
+
+int	main (int argc, char *argv[])
+{
+	dki_t	*data = NULL;
+	dki_t	*dkp;
+	int	c;
+	int	opt_index;
+	int	action;
+	const	char	*file;
+	const	char	*defconfname = NULL;
+	char	*p;
+	char	str[254+1];
+	const char	*keyname = NULL;
+	int		searchtag;
+	zconf_t	*config;
+
+	progname = *argv;
+	if ( (p = strrchr (progname, '/')) )
+		progname = ++p;
+	view = getnameappendix (progname, "dnssec-zkt");
+
+	defconfname = getdefconfname (view);
+	config = loadconfig ("", (zconf_t *)NULL);	/* load built in config */
+	if ( fileexist (defconfname) )			/* load default config file */
+		config = loadconfig (defconfname, config);
+	if ( config == NULL )
+		fatal ("Out of memory\n");
+	setglobalflags (config);
+
+        opterr = 0;
+	opt_index = 0;
+	action = 0;
+#if defined(HAVE_GETOPT_LONG) && HAVE_GETOPT_LONG
+	while ( (c = getopt_long (argc, argv, short_options, long_options, &opt_index)) != -1 )
+#else
+	while ( (c = getopt (argc, argv, short_options)) != -1 )
+#endif
+	{
+		switch ( c )
+		{
+		case '9':		/* ksk rollover help */
+			ksk_roll ("help", c - '0', NULL, NULL);
+			exit (1);
+		case '1':		/* ksk rollover: create new key */
+		case '2':		/* ksk rollover: publish DS */
+		case '3':		/* ksk rollover: delete old key */
+		case '0':		/* ksk rollover: show current status */
+			action = c;
+			if ( !optarg )
+				usage ("ksk rollover requires an domain argument", config);
+			kskdomain = str_tolowerdup (optarg);
+			break;
+		case 'T':
+			trustedkeyflag = 1;
+			zskflag = pathflag = 0;
+			/* fall through */
+		case 'H':
+		case 'K':
+		case 'Z':
+			action = c;
+			break;
+		case 'C':
+			pathflag = !pathflag;
+			/* fall through */
+		case 'P':
+		case 'S':
+		case 'A':
+		case 'D':
+		case 'R':
+		case 's':
+		case 19:
+		case 20:
+			if ( (keyname = parsetag (optarg, &searchtag)) != NULL )
+			{
+				int len = strlen (keyname);
+				if ( len > 0 && keyname[len-1] != '.' )
+				{
+					snprintf (str, sizeof(str), "%s.", keyname);
+					keyname = str;
+				}
+			}
+			keyname = str_tolowerdup (keyname);
+			action = c;
+			break;
+		case 'a':		/* age */
+			ageflag = !ageflag;
+			break;
+		case 'f':		/* key lifetime */
+			lifetimeflag = !lifetimeflag;
+			break;
+		case 'F':		/* set key lifetime */
+			lifetime = atoi (optarg);
+			lifetimeflag = 1;	/* set some flags for more informative output */
+			exptimeflag = 1;
+			timeflag = 1;
+			action = c;
+			break;
+		case 'V':		/* view name */
+			view = optarg;
+			defconfname = getdefconfname (view);
+			if ( fileexist (defconfname) )		/* load default config file */
+				config = loadconfig (defconfname, config);
+			if ( config == NULL )
+				fatal ("Out of memory\n");
+			setglobalflags (config);
+			break;
+		case 'c':
+			config = loadconfig (optarg, config);
+			setglobalflags (config);
+			checkconfig (config);
+			break;
+		case 'O':		/* read option from commandline */
+			config = loadconfig_fromstr (optarg, config);
+			setglobalflags (config);
+			checkconfig (config);
+			break;
+		case 'd':		/* ignore directory arg */
+			dirflag = 1;
+			break;
+		case 'h':		/* print no headline */
+			headerflag = 0;
+			break;
+		case 'k':		/* ksk only */
+			zskflag = 0;
+			break;
+		case 'L':		/* ljust */
+			ljustflag = !ljustflag;
+			break;
+		case 'l':		/* label list */
+			labellist = prepstrlist (optarg, LISTDELIM);
+			if ( labellist == NULL )
+				fatal ("Out of memory\n");
+			break;
+		case 'p':		/* print path */
+			pathflag = 1;
+			break;
+		case 'r':		/* switch recursive flag */
+			recflag = !recflag;
+			break;
+		case 't':		/* time */
+			timeflag = !timeflag;
+			break;
+		case 'e':		/* expire time */
+			exptimeflag = !exptimeflag;
+			break;
+		case 'z':		/* zsk only */
+			kskflag = 0;
+			break;
+		case ':':
+			snprintf (str, sizeof(str), "option \"-%c\" requires an argument.\n",
+										optopt);
+			usage (str, config);
+			break;
+		case '?':
+			if ( isprint (optopt) )
+				snprintf (str, sizeof(str), "Unknown option \"-%c\".\n",
+										optopt);
+			else
+				snprintf (str, sizeof (str), "Unknown option char \\x%x.\n",
+										optopt);
+			usage (str, config);
+			break;
+		default:
+			abort();
+		}
+	}
+
+	/* it's better to do this before we read the whole directory tree */
+	if ( action == 'Z' )
+	{
+		printconfig ("stdout", config);
+		return 0;
+	}
+
+	if ( kskflag == 0 && zskflag == 0 )
+		kskflag = zskflag = 1;
+
+	c = optind;
+	do {
+		if ( c >= argc )		/* no args left */
+			file = config->zonedir;	/* use default directory */
+		else
+			file = argv[c++];
+
+		if ( is_directory (file) )
+			parsedirectory (file, &data);
+		else
+			parsefile (file, &data);
+
+	}  while ( c < argc );	/* for all arguments */
+
+	switch ( action )
+	{
+	case 'H':
+		usage ("", config);
+	case 'C':
+		createkey (keyname, data, config);
+		break;
+	case 'P':
+	case 'S':
+	case 'A':
+	case 'D':
+		if ( (dkp = (dki_t*)zkt_search (data, searchtag, keyname)) == NULL )
+			fatal ("Key with tag %u not found\n", searchtag);
+		else if ( dkp == (void *) 01 )
+			fatal ("Key with tag %u found multiple times\n", searchtag);
+		if ( (c = dki_setstatus_preservetime (dkp, action)) != 0 )
+			fatal ("Couldn't change status of key %u: %d\n", searchtag, c);
+		break;
+	case 19:	/* remove (rename) key file */
+		if ( (dkp = (dki_t *)zkt_search (data, searchtag, keyname)) == NULL )
+			fatal ("Key with tag %u not found\n", searchtag);
+		else if ( dkp == (void *) 01 )
+			fatal ("Key with tag %u found multiple times\n", searchtag);
+		dki_remove (dkp);
+		break;
+	case 20:	/* destroy the key (remove the files!) */
+		if ( (dkp = (dki_t *)zkt_search (data, searchtag, keyname)) == NULL )
+			fatal ("Key with tag %u not found\n", searchtag);
+		else if ( dkp == (void *) 01 )
+			fatal ("Key with tag %u found multiple times\n", searchtag);
+		dki_destroy (dkp);
+		break;
+	case 'R':
+		if ( (dkp = (dki_t *)zkt_search (data, searchtag, keyname)) == NULL )
+			fatal ("Key with tag %u not found\n", searchtag);
+		else if ( dkp == (void *) 01 )
+			fatal ("Key with tag %u found multiple times\n", searchtag);
+		if ( (c = dki_setstatus (dkp, action)) != 0 )
+			fatal ("Couldn't change status of key %u: %d\n", searchtag, c);
+		break;
+	case 's':
+		if ( (dkp = (dki_t *)zkt_search (data, searchtag, keyname)) == NULL )
+			fatal ("Key with tag %u not found\n", searchtag);
+		else if ( dkp == (void *) 01 )
+			fatal ("Key with tag %u found multiple times\n", searchtag);
+		dki_prt_dnskey (dkp, stdout);
+		break;
+	case 'K':
+		zkt_list_dnskeys (data);
+		break;
+	case 'T':
+		zkt_list_trustedkeys (data);
+		break;
+	case '1':	/* ksk rollover new key */
+	case '2':	/* ksk rollover publish DS */
+	case '3':	/* ksk rollover delete old key */
+	case '0':	/* ksk rollover status */
+		ksk_roll (kskdomain, action - '0', data, config);
+		break;
+	case 'F':
+		zkt_setkeylifetime (data);
+		/* fall through */
+	default:
+		zkt_list_keys (data);
+	}
+
+	return 0;
+}
+
+# define	sopt_usage(mesg, value)	fprintf (stderr, mesg, value)
+#if defined(HAVE_GETOPT_LONG) && HAVE_GETOPT_LONG
+# define	lopt_usage(mesg, value)	fprintf (stderr, mesg, value)
+# define	loptstr(lstr, sstr)	lstr
+#else
+# define	lopt_usage(mesg, value)
+# define	loptstr(lstr, sstr)	sstr
+#endif
+static	void    usage (char *mesg, zconf_t *cp)
+{
+        fprintf (stderr, "Secure DNS Zone Key Tool %s\n", ZKT_VERSION);
+        fprintf (stderr, "\n");
+        fprintf (stderr, "Show zone config parameter as %s file\n", LOCALCONF_FILE);
+        sopt_usage ("\tusage: %s -Z\n", progname);
+        lopt_usage ("\tusage: %s --zone-config\n", progname);
+        fprintf (stderr, "\n");
+        fprintf (stderr, "List keys in current or given directory (-r for recursive mode)\n");
+        sopt_usage ("\tusage: %s [-dhatkzpr] [-c config] [file|dir ...]\n", progname);
+        fprintf (stderr, "\n");
+        fprintf (stderr, "List public part of keys in DNSKEY RR format\n");
+        sopt_usage ("\tusage: %s -K [-dhkzr] [-c config] [file|dir ...]\n", progname);
+        lopt_usage ("\tusage: %s --list-dnskeys [-dhkzr] [-c config] [file|dir ...]\n", progname);
+        fprintf (stderr, "\n");
+        fprintf (stderr, "List keys (output is suitable for trusted-keys section)\n");
+        sopt_usage ("\tusage: %s -T [-dhzr] [-c config] [file|dir ...]\n", progname);
+        lopt_usage ("\tusage: %s --list-trustedkeys [-dhzr] [-c config] [file|dir ...]\n", progname);
+        fprintf (stderr, "\n");
+        fprintf (stderr, "Create a new key \n");
+        sopt_usage ("\tusage: %s -C <name> [-k] [-dpr] [-c config] [dir ...]\n", progname);
+        lopt_usage ("\tusage: %s --create=<name> [-k] [-dpr] [-c config] [dir ...]\n", progname);
+        fprintf (stderr, "\t\tKSK (use -k):  %s %d bits\n", dki_algo2str (cp->k_algo), cp->k_bits);
+        fprintf (stderr, "\t\tZSK (default): %s %d bits\n", dki_algo2str (cp->z_algo), cp->z_bits);
+        fprintf (stderr, "\n");
+        fprintf (stderr, "Change key status of specified key to published, active or depreciated\n");
+        fprintf (stderr, "\t(<keyspec> := tag | tag:name) \n");
+        sopt_usage ("\tusage: %s -P|-A|-D <keyspec> [-dr] [-c config] [dir ...]\n", progname);
+        lopt_usage ("\tusage: %s --published=<keyspec> [-dr] [-c config] [dir ...]\n", progname);
+        lopt_usage ("\tusage: %s --active=<keyspec> [-dr] [-c config] [dir ...]\n", progname);
+        lopt_usage ("\tusage: %s --depreciated=<keyspec> [-dr] [-c config] [dir ...]\n", progname);
+        fprintf (stderr, "\n");
+        fprintf (stderr, "Revoke specified key (<keyspec> := tag | tag:name) \n");
+        sopt_usage ("\tusage: %s -R <keyspec> [-dr] [-c config] [dir ...]\n", progname);
+        lopt_usage ("\tusage: %s --revoke=<keyspec> [-dr] [-c config] [dir ...]\n", progname);
+        fprintf (stderr, "\n");
+        fprintf (stderr, "Remove (rename) or destroy (delete) specified key (<keyspec> := tag | tag:name) \n");
+        lopt_usage ("\tusage: %s --remove=<keyspec> [-dr] [-c config] [dir ...]\n", progname);
+        lopt_usage ("\tusage: %s --destroy=<keyspec> [-dr] [-c config] [dir ...]\n", progname);
+        fprintf (stderr, "\n");
+        fprintf (stderr, "Initiate a semi-automated KSK rollover");
+        fprintf (stderr, "('%s -9%s' prints out a short description)\n", progname, loptstr ("|--ksk-rollover", ""));
+        sopt_usage ("\tusage: %s {-1} do.ma.in.\n", progname);
+        lopt_usage ("\tusage: %s {--ksk-roll-phase1|--ksk-newkey} do.ma.in.\n", progname);
+        sopt_usage ("\tusage: %s {-2} do.ma.in.\n", progname);
+        lopt_usage ("\tusage: %s {--ksk-roll-phase2|--ksk-publish} do.ma.in.\n", progname);
+        sopt_usage ("\tusage: %s {-3} do.ma.in.\n", progname);
+        lopt_usage ("\tusage: %s {--ksk-roll-phase3|--ksk-delkey} do.ma.in.\n", progname);
+        sopt_usage ("\tusage: %s {-0} do.ma.in.\n", progname);
+        lopt_usage ("\tusage: %s {--ksk-roll-status|--ksk-status} do.ma.in.\n", progname);
+        fprintf (stderr, "\n");
+
+        fprintf (stderr, "\n");
+        fprintf (stderr, "General options \n");
+        fprintf (stderr, "\t-c file%s", loptstr (", --config=file\n", ""));
+	fprintf (stderr, "\t\t read config from <file> instead of %s\n", CONFIG_FILE);
+        fprintf (stderr, "\t-O optstr%s", loptstr (", --config-option=\"optstr\"\n", ""));
+	fprintf (stderr, "\t\t read config options from commandline\n");
+        fprintf (stderr, "\t-h%s\t no headline or trusted-key section header/trailer in -T mode\n", loptstr (", --nohead", "\t"));
+        fprintf (stderr, "\t-d%s\t skip directory arguments\n", loptstr (", --directory", "\t"));
+        fprintf (stderr, "\t-L%s\t print the domain name left justified (default: %s)\n", loptstr (", --leftjust", "\t"), ljustflag ? "on": "off");
+        fprintf (stderr, "\t-l list\t\t print out only zone keys out of the given domain list\n");
+        fprintf (stderr, "\t-p%s\t show path of keyfile / create key in current directory\n", loptstr (", --path", "\t"));
+        fprintf (stderr, "\t-r%s\t recursive mode on/off (default: %s)\n", loptstr(", --recursive", "\t"), recflag ? "on": "off");
+        fprintf (stderr, "\t-a%s\t print age of key (default: %s)\n", loptstr (", --age", "\t"), ageflag ? "on": "off");
+        fprintf (stderr, "\t-t%s\t print key generation time (default: %s)\n", loptstr (", --time", "\t"),
+								timeflag ? "on": "off");
+        fprintf (stderr, "\t-e%s\t print key expiration time\n", loptstr (", --expire", "\t"));
+        fprintf (stderr, "\t-f%s\t print key lifetime\n", loptstr (", --lifetime", "\t"));
+        fprintf (stderr, "\t-F days%s=days\t set key lifetime\n", loptstr (", --setlifetime", "\t"));
+        fprintf (stderr, "\t-k%s\t key signing keys only\n", loptstr (", --ksk", "\t"));
+        fprintf (stderr, "\t-z%s\t zone signing keys only\n", loptstr (", --zsk", "\t"));
+        if ( mesg && *mesg )
+                fprintf (stderr, "%s\n", mesg);
+        exit (1);
+}
+
+static	void	createkey (const char *keyname, const dki_t *list, const zconf_t *conf)
+{
+	const char *dir = "";
+	dki_t	*dkp;
+
+	if ( keyname == NULL || *keyname == '\0' )
+		fatal ("Create key: no keyname!");
+
+	dbg_val2 ("createkey: keyname %s, pathflag = %d\n", keyname, pathflag);
+	/* search for already existent key to get the directory name */
+	if ( pathflag && (dkp = (dki_t *)zkt_search (list, 0, keyname)) != NULL )
+	{
+		char    path[MAX_PATHSIZE+1];
+		zconf_t localconf;
+
+		dir = dkp->dname;
+		pathname (path, sizeof (path), dir, LOCALCONF_FILE, NULL);
+		if ( fileexist (path) )                 /* load local config file */
+		{
+			dbg_val ("Load local config file \"%s\"\n", path);
+			memcpy (&localconf, conf, sizeof (zconf_t));
+			conf = loadconfig (path, &localconf);
+		}
+	}
+	
+	if  ( zskflag )
+		dkp = dki_new (dir, keyname, DKI_ZSK, conf->z_algo, conf->z_bits, conf->z_random, conf->z_life / DAYSEC);
+	else
+		dkp = dki_new (dir, keyname, DKI_KSK, conf->k_algo, conf->k_bits, conf->k_random, conf->k_life / DAYSEC);
+	if ( dkp == NULL )
+		fatal ("Can't create key %s: %s!\n", keyname, dki_geterrstr ());
+
+	/* create a new key always in state published, which means "standby" for ksk */
+	dki_setstatus (dkp, DKI_PUB);
+}
+
+static	int	get_parent_phase (const char *file)
+{
+	FILE	*fp;
+	int	phase;
+
+	if ( (fp = fopen (file, "r")) == NULL )
+		return -1;
+
+	phase = 0;
+	if ( fscanf (fp, "; KSK rollover phase%d", &phase) != 1 )
+		phase = 0;
+
+	fclose (fp);
+	return phase;
+}
+
+static	void	ksk_roll (const char *keyname, int phase, const dki_t *list, const zconf_t *conf)
+{
+	char    path[MAX_PATHSIZE+1];
+	zconf_t localconf;
+	const char *dir;
+	dki_t	*keylist;
+	dki_t	*dkp;
+	dki_t	*standby;
+	int	parent_exist;
+	int	parent_age;
+	int	parent_phase;
+	int	parent_propagation;
+	int	key_ttl;
+	int	ksk;
+
+	if ( phase == 9 )	/* usage */
+	{
+		fprintf (stderr, "A KSK rollover requires three consecutive steps:\n");
+		fprintf (stderr, "\n");
+		fprintf (stderr, "-1%s", loptstr ("|--ksk-roll-phase1 (--ksk-newkey)\n", ""));
+		fprintf (stderr, "\t Create a new KSK.\n");
+		fprintf (stderr, "\t This step also creates a parent-<domain> file which contains only\n");
+		fprintf (stderr, "\t the _old_ key.  This file will be copied in hierarchical mode\n");
+		fprintf (stderr, "\t by dnssec-signer to the parent directory as keyset-<domain> file.\n");
+		fprintf (stderr, "\t Wait until the new keyset is propagated, before going to the next step.\n");
+		fprintf (stderr, "\n");
+		fprintf (stderr, "-2%s", loptstr ("|--ksk-roll-phase2 (--ksk-publish)\n", ""));
+		fprintf (stderr, "\t This step creates a parent-<domain> file with the _new_ key only.\n");
+		fprintf (stderr, "\t Please send this file immediately to the parent (In hierarchical\n");
+		fprintf (stderr, "\t mode this will be done automatically by the dnssec-signer command).\n");
+		fprintf (stderr, "\t Then wait until the new DS is generated by the parent and propagated\n");
+		fprintf (stderr, "\t to all the parent name server, plus the old DS TTL before going to step three.\n");
+		fprintf (stderr, "\n");
+		fprintf (stderr, "-3%s", loptstr ("|--ksk-roll-phase3 (--ksk-delkey)\n", ""));
+		fprintf (stderr, "\t Remove (rename) the old KSK and the parent-<domain> file.\n");
+		fprintf (stderr, "\t You have to manually delete the old KSK (look at file names beginning\n");
+		fprintf (stderr, "\t with an lower 'k').\n");
+		fprintf (stderr, "\n");
+		fprintf (stderr, "-0%s", loptstr ("|--ksk-roll-stat (--ksk-status)\n", ""));
+		fprintf (stderr, "\t Show the current KSK rollover state of a domain.\n");
+
+		fprintf (stderr, "\n");
+
+		return;
+	}
+
+	if ( keyname == NULL || *keyname == '\0' )
+		fatal ("ksk rollover: no domain!");
+
+	dbg_val2 ("ksk_roll: keyname %s, phase = %d\n", keyname, phase);
+
+	/* search for already existent key to get the directory name */
+	if ( (keylist = (dki_t *)zkt_search (list, 0, keyname)) == NULL )
+		fatal ("ksk rollover: domain %s not found!\n", keyname);
+	dkp = keylist;
+
+	/* try to read local config file */
+	dir = dkp->dname;
+	pathname (path, sizeof (path), dir, LOCALCONF_FILE, NULL);
+	if ( fileexist (path) )                 /* load local config file */
+	{
+		dbg_val ("Load local config file \"%s\"\n", path);
+		memcpy (&localconf, conf, sizeof (zconf_t));
+		conf = loadconfig (path, &localconf);
+	}
+	key_ttl = conf->key_ttl;
+
+	/* check if parent-file already exist */
+	pathname (path, sizeof (path), dir, "parent-", keyname);
+	parent_phase = parent_age = 0;
+	if ( (parent_exist = fileexist (path)) != 0 )
+	{
+		parent_phase = get_parent_phase (path);
+		parent_age = file_age (path);
+	}
+	// parent_propagation = 2 * DAYSEC;
+	parent_propagation = 5 * MINSEC;
+
+	ksk = 0;	/* count active(!) key signing keys */
+	standby = NULL;	/* find standby key if available */
+	for ( dkp = keylist; dkp; dkp = dkp->next )
+		if ( dki_isksk (dkp) )
+		 {
+			if ( dki_status (dkp) == DKI_ACT )
+				ksk++;
+			else if ( dki_status (dkp) == DKI_PUB )
+				standby = dkp;
+		}
+
+	switch ( phase )
+	{
+	case 0:	/* print status (debug) */
+		fprintf (stdout, "ksk_rollover:\n");
+		fprintf (stdout, "\t domain = %s\n", keyname);
+		fprintf (stdout, "\t phase = %d\n", parent_phase);
+		fprintf (stdout, "\t parent_file %s %s\n", path, parent_exist ? "exist": "not exist");
+		if ( parent_exist )
+			fprintf (stdout, "\t age of parent_file %d %s\n", parent_age, str_delspace (age2str (parent_age)));
+		fprintf (stdout, "\t # of active key signing keys %d\n", ksk);
+		fprintf (stdout, "\t parent_propagation %d %s\n", parent_propagation, str_delspace (age2str (parent_propagation)));
+		fprintf (stdout, "\t keys ttl %d %s\n", key_ttl, age2str (key_ttl));
+
+		for ( dkp = keylist; dkp; dkp = dkp->next )
+		{
+			/* TODO: Nur zum testen */
+			dki_prt_dnskey (dkp, stdout);
+		}
+		break;
+	case 1:
+		if ( parent_exist || ksk > 1 )
+			fatal ("Can\'t create new ksk because there is already an ksk rollover in progress\n");
+
+		fprintf (stdout, "create new ksk \n");
+		dkp = dki_new (dir, keyname, DKI_KSK, conf->k_algo, conf->k_bits, conf->k_random, conf->k_life / DAYSEC);
+		if ( dkp == NULL )
+			fatal ("Can't create key %s: %s!\n", keyname, dki_geterrstr ());
+		if ( standby )
+		{
+			dki_setstatus (standby, DKI_ACT);	/* activate standby key */
+			dki_setstatus (dkp, DKI_PUB);	/* new key will be the new standby */
+		}
+
+		// dkp = keylist;	/* use old key to create the parent file */
+		if ( (dkp = (dki_t *)dki_find (keylist, 1, 'a', 1)) == NULL )	/* find the oldest active ksk to create the parent file */
+			fatal ("ksk_rollover phase1: Couldn't find the old active key\n");
+		if ( !create_parent_file (path, phase, key_ttl, dkp) )
+			fatal ("Couldn't create parentfile %s\n", path);
+		break;
+
+	case 2:
+		if ( ksk < 2 )
+			fatal ("Can\'t publish new key because no one exist\n");
+		if ( !parent_exist )
+			fatal ("More than one KSK but no parent file found!\n");
+		if ( parent_phase != 1 )
+			fatal ("Parent file exists but is in wrong state (phase = %d)\n", parent_phase);
+		if ( parent_age < conf->proptime + key_ttl )
+			fatal ("ksk_rollover (phase2): you have to wait for the propagation of the new KSK (at least %dsec or %s)\n",
+				conf->proptime + key_ttl - parent_age,
+				str_delspace (age2str (conf->proptime + key_ttl - parent_age)));
+
+		fprintf (stdout, "save new ksk in parent file\n");
+		dkp = keylist->next;	/* set dkp to new ksk */
+		if ( !create_parent_file (path, phase, key_ttl, dkp) )
+			fatal ("Couldn't create parentfile %s\n", path);
+		break;
+	case 3:
+		if ( !parent_exist || ksk < 2 )
+			fatal ("ksk-delkey only allowed after ksk-publish\n");
+		if ( parent_phase != 2 )
+			fatal ("Parent file exists but is in wrong state (phase = %d)\n", parent_phase);
+		if ( parent_age < parent_propagation + key_ttl )
+			fatal ("ksk_rollover (phase3): you have to wait for DS propagation (at least %dsec or %s)\n",
+				parent_propagation + key_ttl - parent_age,
+				str_delspace (age2str (parent_propagation + key_ttl - parent_age)));
+		/* remove the parentfile */
+		fprintf (stdout, "remove parentfile \n");
+		unlink (path);
+		/* remove or rename the old key */
+		fprintf (stdout, "old ksk renamed \n");
+		dkp = keylist;	/* set dkp to old ksk */
+		dki_remove (dkp);
+		break;
+	default:	assert (phase == 1 || phase == 2 || phase == 3);
+	}
+}
+
+/*****************************************************************
+**	create_parent_file ()
+*****************************************************************/
+static	int	create_parent_file (const char *fname, int phase, int ttl, const dki_t *dkp)
+{
+	FILE	*fp;
+
+	assert ( fname != NULL );
+
+	if ( dkp == NULL || (phase != 1 && phase != 2) )
+		return 0;
+
+	if ( (fp = fopen (fname, "w")) == NULL )
+		fatal ("can\'t create new parentfile \"%s\"\n", fname);
+
+	if ( phase == 1 )
+		fprintf (fp, "; KSK rollover phase1 (old key)\n");
+	else
+		fprintf (fp, "; KSK rollover phase2 (new key)\n");
+
+	dki_prt_dnskeyttl (dkp, fp, ttl);
+	fclose (fp);
+
+	return phase;
+}
+
+static	int	parsedirectory (const char *dir, dki_t **listp)
+{
+	dki_t	*dkp;
+	DIR	*dirp;
+	struct  dirent  *dentp;
+	char	path[MAX_PATHSIZE+1];
+
+	if ( dirflag )
+		return 0;
+
+	dbg_val ("directory: opendir(%s)\n", dir);
+	if ( (dirp = opendir (dir)) == NULL )
+		return 0;
+
+	while ( (dentp = readdir (dirp)) != NULL )
+	{
+		if ( is_dotfile (dentp->d_name) )
+			continue;
+
+		dbg_val ("directory: check %s\n", dentp->d_name);
+		pathname (path, sizeof (path), dir, dentp->d_name, NULL);
+		if ( is_directory (path) && recflag )
+		{
+			dbg_val ("directory: recursive %s\n", path);
+			parsedirectory (path, listp);
+		}
+		else if ( is_keyfilename (dentp->d_name) )
+			if ( (dkp = dki_read (dir, dentp->d_name)) )
+			{
+				// fprintf (stderr, "parsedir: tssearch (%d %s)\n", dkp, dkp->name);
+#if defined (USE_TREE) && USE_TREE
+				dki_tadd (listp, dkp);
+#else
+				dki_add (listp, dkp);
+#endif
+			}
+	}
+	closedir (dirp);
+	return 1;
+}
+
+static	void	parsefile (const char *file, dki_t **listp)
+{
+	char	path[MAX_PATHSIZE+1];
+	dki_t	*dkp;
+
+	/* file arg contains path ? ... */
+	file = splitpath (path, sizeof (path), file);	/* ... then split of */
+
+	if ( is_keyfilename (file) )	/* plain file name looks like DNS key file ? */
+	{
+		if ( (dkp = dki_read (path, file)) )	/* read DNS key file ... */
+#if defined (USE_TREE) && USE_TREE
+			dki_tadd (listp, dkp);		/* ... and add to tree */
+#else
+			dki_add (listp, dkp);		/* ... and add to list */
+#endif
+		else
+			error ("error parsing %s: (%s)\n", file, dki_geterrstr());
+	}
+}
+
+static	const char *parsetag (const char *str, int *tagp)
+{
+	const	char	*p;
+
+	*tagp = 0;
+	while ( isspace (*str) )	/* skip leading ws */
+		str++;
+
+	p = str;
+	if ( isdigit (*p) )		/* keytag starts with digit */
+	{
+		sscanf (p, "%u", tagp);	/* read keytag as number */
+		do			/* eat up to the end of the number */
+			p++;
+		while ( isdigit (*p) );
+
+		if ( *p == ':' )	/* label follows ? */
+			return p+1;	/* return that */
+		if ( *p == '\0' )
+			return NULL;	/* no label */
+	}
+	return str;	/* return as label string if not a numeric keytag */
+}
+
diff --git a/contrib/zkt/domaincmp.c b/contrib/zkt/domaincmp.c
new file mode 100644
index 0000000..7d2486f
--- /dev/null
+++ b/contrib/zkt/domaincmp.c
@@ -0,0 +1,190 @@
+/*****************************************************************
+**
+**	@(#) domaincmp.c -- compare two domain names
+**
+**	Copyright (c) Aug 2005, Karle Boss, Holger Zuleger (kaho).
+**	All rights reserved.
+**	
+**	This software is open source.
+**	
+**	Redistribution and use in source and binary forms, with or without
+**	modification, are permitted provided that the following conditions
+**	are met:
+**	
+**	Redistributions of source code must retain the above copyright notice,
+**	this list of conditions and the following disclaimer.
+**	
+**	Redistributions in binary form must reproduce the above copyright notice,
+**	this list of conditions and the following disclaimer in the documentation
+**	and/or other materials provided with the distribution.
+**	
+**	Neither the name of Karle Boss or Holger Zuleger (kaho) nor the
+**	names of its contributors may be used to endorse or promote products
+**	derived from this software without specific prior written permission.
+**	
+**	THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+**	"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+**	TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+**	PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
+**	LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+**	CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+**	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+**	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+**	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+**	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+**	POSSIBILITY OF SUCH DAMAGE.
+**
+*****************************************************************/
+# include <stdio.h>
+# include <string.h>
+# include <assert.h>
+# include <ctype.h>
+#define extern
+# include "domaincmp.h"
+#undef extern
+
+
+#define	goto_labelstart(str, p)	while ( (p) > (str) && *((p)-1) != '.' ) \
+					(p)--
+
+/*****************************************************************
+**      int domaincmp (a, b)
+**      compare a and b as fqdns.
+**      return <0 | 0 | >0 as in strcmp
+**      A subdomain is less than the corresponding parent domain,
+**      thus domaincmp ("z.example.net", "example.net") return < 0 !!
+*****************************************************************/
+int     domaincmp (const char *a, const char *b)
+{
+	register const  char    *pa;
+	register const  char    *pb;
+
+	if ( a == NULL ) return -1;
+	if ( b == NULL ) return 1;
+
+	if ( *a == '.' )	/* skip a leading dot */
+		a++;
+	if ( *b == '.' )	/* same at the other string */
+		b++;
+
+	/* let pa and pb point to the last non dot char */
+	pa = a + strlen (a);
+	do 
+		pa--;
+	while ( pa > a && *pa == '.' );	
+
+	pb = b + strlen (b);
+	do 
+		pb--;
+	while ( pb > b && *pb == '.' );
+
+	/* cmp  both domains starting at the end */
+	while ( *pa == *pb && pa > a && pb > b )
+		pa--, pb--;
+
+	if ( *pa != *pb )	/* both domains are different ? */
+	{
+		if ( *pa == '.' )
+			pa++;			/* set to beginning of next label */
+		else
+			goto_labelstart (a, pa);	/* find begin of current label */
+		if ( *pb == '.' )
+			pb++;			/* set to beginning of next label */
+		else
+			goto_labelstart (b, pb);	/* find begin of current label */
+	}
+	else		/* maybe one of them has a subdomain */
+	{
+		if ( pa > a )
+			if ( pa[-1] == '.' )
+				return -1;
+			else
+				goto_labelstart (a, pa);
+		else if ( pb > b )
+			if ( pb[-1] == '.' )
+				return 1;
+			else
+				goto_labelstart (b, pb);
+		else
+			return 0;	/* both are at the beginning, so they are equal */
+	}
+
+	/* both domains are definitly unequal */
+	while ( *pa == *pb )	/* so we have to look at the point where they differ */
+		pa++, pb++;
+
+	return *pa - *pb;
+}
+
+#ifdef DOMAINCMP_TEST
+static  struct {
+         char    *a;
+         char    *b;
+         int     res;
+} ex[] = {
+         { ".",          ".",    0 },
+         { "test",       "",   1 },
+         { "",			 "test2", -1 },
+         { "",			 "",     0 },
+         { "de",         "de",   0 },
+         { ".de",         "de",   0 },
+         { "de.",        "de.",  0 },
+         { ".de",        ".de",  0 },
+         { ".de.",       ".de.", 0 },
+         { ".de",        "zde",  -1 },
+         { ".de",        "ade",  1 },
+         { "zde",        ".de",  1 },
+         { "ade",        ".de",  -1 },
+         { "a.de",       ".de",  -1 },
+         { ".de",        "a.de",  1 },
+         { "a.de",       "b.de", -1 },
+         { "a.de.",       "b.de", -1 },
+         { "a.de",       "b.de.", -1 },
+         { "a.de",       "a.de.", 0 },
+         { "aa.de",      "b.de", -1 },
+         { "ba.de",      "b.de", 1 },
+         { "a.de",       "a.dk", -1 },
+         { "anna.example.de",    "anna.example.de",      0 },
+         { "anna.example.de",    "annamirl.example.de",  -1 },
+         { "anna.example.de",    "ann.example.de",       1 },
+         { "example.de.",        "xy.example.de.",       1 },
+         { "example.de.",        "ab.example.de.",       1 },
+         { "example.de",        "ab.example.de",       1 },
+         { "ab.example.de",        "example.de",       -1 },
+         { "ab.mast.de",          "axt.de",             1 },
+         { "ab.mast.de",          "obt.de",             -1 },
+         { "abc.example.de.",    "xy.example.de.",       -1 },
+         { NULL, NULL,   0 }
+};
+
+const char	*progname;
+main (int argc, char *argv[])
+{
+	
+	int	expect;
+	int	res;
+	int	c;
+	int	i;
+
+	progname = *argv;
+
+	for ( i = 0; ex[i].a; i++ )
+	{
+		expect = ex[i].res;
+		if ( expect < 0 )
+			c = '<'; 
+		else if ( expect > 0 )
+			c = '>'; 
+		else 
+			c = '='; 
+		printf ("%-20s %-20s ==> %c 0 ", ex[i].a, ex[i].b, c);
+		fflush (stdout);
+		res = domaincmp (ex[i].a, ex[i].b);
+		printf ("%3d  ", res);
+		if ( res < 0 && expect < 0 || res > 0 && expect > 0 || res == 0 && expect == 0 ) 
+			puts ("ok");
+		else
+			puts ("not ok");
+	}
+}
+#endif
diff --git a/contrib/zkt/domaincmp.h b/contrib/zkt/domaincmp.h
new file mode 100644
index 0000000..7051f54
--- /dev/null
+++ b/contrib/zkt/domaincmp.h
@@ -0,0 +1,40 @@
+/*****************************************************************
+**
+**	@(#) domaincmp.h -- compare two domain names
+**
+**	Copyright (c) Aug 2005, Karle Boss (kaho). All rights reserved.
+**	
+**	This software is open source.
+**	
+**	Redistribution and use in source and binary forms, with or without
+**	modification, are permitted provided that the following conditions
+**	are met:
+**	
+**	Redistributions of source code must retain the above copyright notice,
+**	this list of conditions and the following disclaimer.
+**	
+**	Redistributions in binary form must reproduce the above copyright notice,
+**	this list of conditions and the following disclaimer in the documentation
+**	and/or other materials provided with the distribution.
+**	
+**	Neither the name of Holger Zuleger HZnet nor the names of its contributors may
+**	be used to endorse or promote products derived from this software without
+**	specific prior written permission.
+**	
+**	THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+**	"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+**	TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+**	PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
+**	LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+**	CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+**	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+**	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+**	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+**	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+**	POSSIBILITY OF SUCH DAMAGE.
+**
+*****************************************************************/
+#ifndef DOMAINCMP_H
+# define DOMAINCMP_H
+extern	int	domaincmp (const char *a, const char *b);
+#endif
diff --git a/contrib/zkt/examples/dnskey.db b/contrib/zkt/examples/dnskey.db
new file mode 100644
index 0000000..2822e6a
--- /dev/null
+++ b/contrib/zkt/examples/dnskey.db
@@ -0,0 +1,24 @@
+;
+;	!!! Don't edit this file by hand.
+;	!!! It will be generated by dnssec-signer.
+;
+;	 Last generation time Jun 24 2008 09:58:34
+;
+
+;  ***  List of Key Signing Keys  ***
+; example.net.  tag=31674  algo=RSASHA1  generated Jun 24 2008 09:58:34
+example.net. 14400 IN DNSKEY  257 3 5 (
+			BQEAAAABC23icFZAD3DFBLoEw7DWKl8Hig7azmEbpXHYyAV98l+QQaTA
+			b98Ob3YbrVJ9IU8E0KBFb5iYpHobxowPsI8FjUH2oL/7PfhtN1E3NlL6
+			Uhbo8Umf6H0UULEsUTlTT8dnX+ikjAr8bN71YJP7BXlszezsFHuMEspN
+			dOPyMr93230+R2KTEzC2H4CQzSRIr5xXSIq8kkrJ3miGjTyj5awvXfJ+
+			eQ==
+		) ; key id = 31674
+
+; ***  List of Zone Signing Keys  ***
+; example.net.  tag=33755  algo=RSASHA1  generated Jun 24 2008 09:58:34
+example.net. 14400 IN DNSKEY  256 3 5 (
+			BQEAAAABzN8pvZb5GSy8AozXt4L8HK/x59TQjh9IaZS+mIyyuHDX2iaF
+			UigOqHixIJtDLD1r/MfelgJ/Mh6+vCu+XmMQuw==
+		) ; key id = 33755
+
diff --git a/contrib/zkt/examples/dnssec-signer.sh b/contrib/zkt/examples/dnssec-signer.sh
new file mode 100755
index 0000000..ee4bfc0
--- /dev/null
+++ b/contrib/zkt/examples/dnssec-signer.sh
@@ -0,0 +1,12 @@
+#!/bin/sh
+#
+#	Shell script to start the dnssec-signer
+#	command out of the example directory
+#
+
+if test ! -f dnssec.conf
+then
+	echo Please start this skript out of the flat or hierarchical sub directory
+	exit 1
+fi
+ZKT_CONFFILE=`pwd`/dnssec.conf ../../dnssec-signer "$@"
diff --git a/contrib/zkt/examples/dnssec-zkt.sh b/contrib/zkt/examples/dnssec-zkt.sh
new file mode 100755
index 0000000..f3976ce
--- /dev/null
+++ b/contrib/zkt/examples/dnssec-zkt.sh
@@ -0,0 +1,12 @@
+#!/bin/sh
+#
+#	Shell script to start the dnssec-zkt command
+#	out of the example directory
+#
+
+if test ! -f dnssec.conf
+then
+	echo Please start this skript out of the flat or hierarchical sub directory
+	exit 1
+fi
+ZKT_CONFFILE=`pwd`/dnssec.conf ../../dnssec-zkt "$@"
diff --git a/contrib/zkt/examples/flat/dist.sh b/contrib/zkt/examples/flat/dist.sh
new file mode 100755
index 0000000..c112f55
--- /dev/null
+++ b/contrib/zkt/examples/flat/dist.sh
@@ -0,0 +1,70 @@
+#################################################################
+#
+#	@(#) dist.sh -- distribute and reload command for dnssec-signer
+#
+#	(c) Jul 2008 Holger Zuleger  hznet.de
+#
+#	This shell script will be run by dnssec-signer as a distribution
+#	and reload command if:
+#
+#		a) the dnssec.conf file parameter Distribute_Cmd: points
+#		   to this file
+#	and
+#		b) the user running the dnssec-signer command is not
+#		   root (uid==0)
+#	and
+#		c) the owner of this shell script is the same as the
+#		   running user and the access rights don't allow writing
+#		   for anyone except the owner
+#	or
+#		d) the group of this shell script is the same as the
+#		   running user and the access rights don't allow writing
+#		   for anyone except the group
+#
+#################################################################
+
+# set path to rndc and scp
+PATH="/bin:/usr/bin:/usr/local/sbin"
+
+# remote server and directory
+server=localhost	# fqdn of remote name server
+dir=/var/named		# zone directory on remote name server
+
+progname=$0
+usage()
+{
+	echo "usage: $progname distribute|reload <domain> <path_to_zonefile> [<viewname>]" 1>&2
+	test $# -gt 0 && echo $* 1>&2
+	exit 1
+}
+
+if test $# -lt 3
+then
+	usage
+fi
+action="$1"
+domain="$2"
+zonefile="$3"
+view=""
+test $# -gt 3 && view="$4"
+
+case $action in
+distribute)
+	if test -n "$view"
+	then
+		echo "scp $zonefile $server:$dir/$view/$domain/"
+		: scp $zonefile $server:$dir/$view/$domain/
+	else
+		echo "scp $zonefile $server:$dir/$domain/"
+		: scp $zonefile $server:$dir/$domain/
+	fi
+	;;
+reload)
+	echo "rndc $action $zone $view"
+	: rndc $action $zone $view
+	;;
+*)
+	usage "illegal action $action"
+	;;
+esac
+
diff --git a/contrib/zkt/examples/flat/dnssec.conf b/contrib/zkt/examples/flat/dnssec.conf
new file mode 100644
index 0000000..2bd9c58
--- /dev/null
+++ b/contrib/zkt/examples/flat/dnssec.conf
@@ -0,0 +1,41 @@
+#   
+#   	@(#) dnssec.conf vT0.96 (c) Feb 2005 - May 2008 Holger Zuleger hznet.de
+#   
+
+#   dnssec-zkt options
+Zonedir:	"."
+Recursive:	True
+PrintTime:	False
+PrintAge:	True
+LeftJustify:	False
+
+#   zone specific values
+ResignInterval:	2d	# (172800 seconds)
+Sigvalidity:	6d	# (518400 seconds)
+Max_TTL:	8h	# (28800 seconds)
+Propagation:	5m	# (300 seconds)
+KEY_TTL:	1h	# (3600 seconds)
+Serialformat:	incremental
+
+#   signing key parameters
+KSK_lifetime:	60d	# (5184000 seconds)
+KSK_algo:	RSASHA1	# (Algorithm ID 5)
+KSK_bits:	1300
+KSK_randfile:	"/dev/urandom"
+ZSK_lifetime:	2w	# (1209600 seconds)
+ZSK_algo:	RSASHA1	# (Algorithm ID 5)
+ZSK_bits:	512
+ZSK_randfile:	"/dev/urandom"
+
+#   dnssec-signer options
+LogFile:	"zkt.log"
+LogLevel:	debug
+SyslogFacility:	USER
+SyslogLevel:	notice
+VerboseLog:	2
+Keyfile:	"dnskey.db"
+Zonefile:	"zone.db"
+KeySetDir:	"../keysets"
+DLV_Domain:	""
+Sig_Pseudorand:	True
+Distribute_Cmd:	"./dist.sh"
diff --git a/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+003+42138.key b/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+003+42138.key
new file mode 100644
index 0000000..6a64c44
--- /dev/null
+++ b/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+003+42138.key
@@ -0,0 +1,3 @@
+;%	generationtime=20080609224426
+;%	lifetime=60d
+dyn.example.net. IN DNSKEY  257 3 3 CNtFdVrUUJ9MPDyzGoPm+tSKUgnX4bble5+VNGd4RjwWpEDj8RhEAhQ7 LybJzr0wtHXT2Q/KS55xARkUtcH2TVO/ayMupa30pM38rd8uF38sm+AB KLEvCbPjaLZyW+s10di8nLp1aAxKFFfAEfXkIhl3Wm5g9CvjrMlrxAOf Ny/jtz4v+asIr6/d992V80G9wMKMvTMQoCr4Sp9s2JubW79i4RBVWgHH JMmtyqq+SqEkPhZvsTuo2sXgIH9vRS3XgfkGtw/KyTUM29bhZ2eB+Ldq +bggp1gbBDiSsxZPjxciizI/mCzXWbq8BdfZ6LsddMjAolJwCtaPCD4e 4infmw+YSxjGau+YGgI0Cc0uItzQmNNpSoejM3IWGV+SN/YuPJIzw8wi xDfO6kCNiPsW45Fvq31148cAvUvwiqYPQ3fONeOTdQjsJWLLdLTApVEH 10kjAGfa30Tm92lQhhG5ovWrWCMbFlw4Lbvlon+X2snWPNut0a1Pz4Wd clDcmNU8dxi1lFvGbcJ0E4qBoJVBIzDh4HX1
diff --git a/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+003+42138.private b/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+003+42138.private
new file mode 100644
index 0000000..4f7ec3d
--- /dev/null
+++ b/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+003+42138.private
@@ -0,0 +1,7 @@
+Private-key-format: v1.2
+Algorithm: 3 (DSA)
+Prime(p): 4bble5+VNGd4RjwWpEDj8RhEAhQ7LybJzr0wtHXT2Q/KS55xARkUtcH2TVO/ayMupa30pM38rd8uF38sm+ABKLEvCbPjaLZyW+s10di8nLp1aAxKFFfAEfXkIhl3Wm5g9CvjrMlrxAOfNy/jtz4v+asIr6/d992V80G9wMKMvTM=
+Subprime(q): 20V1WtRQn0w8PLMag+b61IpSCdc=
+Base(g): EKAq+EqfbNibm1u/YuEQVVoBxyTJrcqqvkqhJD4Wb7E7qNrF4CB/b0Ut14H5BrcPysk1DNvW4Wdngfi3avm4IKdYGwQ4krMWT48XIosyP5gs11m6vAXX2ei7HXTIwKJScArWjwg+HuIp35sPmEsYxmrvmBoCNAnNLiLc0JjTaUo=
+Private_value(x): xY/GSk3U4oHIsvUiAs/9/n+6ttk=
+Public_value(y): h6MzchYZX5I39i48kjPDzCLEN87qQI2I+xbjkW+rfXXjxwC9S/CKpg9Dd84145N1COwlYst0tMClUQfXSSMAZ9rfROb3aVCGEbmi9atYIxsWXDgtu+Wif5faydY8263RrU/PhZ1yUNyY1Tx3GLWUW8ZtwnQTioGglUEjMOHgdfU=
diff --git a/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+005+01355.key b/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+005+01355.key
new file mode 100644
index 0000000..d129398
--- /dev/null
+++ b/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+005+01355.key
@@ -0,0 +1,3 @@
+;%	generationtime=20080609224426
+;%	lifetime=14d
+dyn.example.net. IN DNSKEY  256 3 5 BQEAAAAB1hmOomNafbJ3H76e8V4qmFvlFWQuIkM+jbh+s79ZpErpCR7w BS5TswdoTeglX9UjP0D6hLmHfTcsdHQLLeMidQ==
diff --git a/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+005+01355.private b/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+005+01355.private
new file mode 100644
index 0000000..3692946
--- /dev/null
+++ b/contrib/zkt/examples/flat/dyn.example.net./Kdyn.example.net.+005+01355.private
@@ -0,0 +1,10 @@
+Private-key-format: v1.2
+Algorithm: 5 (RSASHA1)
+Modulus: 1hmOomNafbJ3H76e8V4qmFvlFWQuIkM+jbh+s79ZpErpCR7wBS5TswdoTeglX9UjP0D6hLmHfTcsdHQLLeMidQ==
+PublicExponent: AQAAAAE=
+PrivateExponent: dAiTob6wk4h5l6frfh49NAzd3RBsVRxqqCsMao52fJvlK06wmOb9PkqOaEMTDroJEGgN6zD/sWcGPK7nYwDMHQ==
+Prime1: 731n5xPK9UQqQsQtattcC4MxtL6+OP1CyLy8e2tsd/8=
+Prime2: 5NwPUBy32o2zzpw4TDH3omB6yk0fmFItJx4ek3RaBYs=
+Exponent1: jzq6en2c8SwS5uQwY3/vFY549HMSTxP58kyS/GJ9hqE=
+Exponent2: y52KLCquniy3EwUypKRkPZPftjBoqZkXeQLXSk4b850=
+Coefficient: vHnxG4D4n+IKETXrutOFT+iREDDcfj6GpYubIP/goZc=
diff --git a/contrib/zkt/examples/flat/dyn.example.net./dnskey.db b/contrib/zkt/examples/flat/dyn.example.net./dnskey.db
new file mode 100644
index 0000000..e0f978e
--- /dev/null
+++ b/contrib/zkt/examples/flat/dyn.example.net./dnskey.db
@@ -0,0 +1,29 @@
+;
+;	!!! Don't edit this file by hand.
+;	!!! It will be generated by dnssec-signer.
+;
+;	 Last generation time Jun 12 2008 18:28:38
+;
+
+;  ***  List of Key Signing Keys  ***
+; dyn.example.net.  tag=42138  algo=DSA  generated Jun 10 2008 00:44:26
+dyn.example.net. 14400 IN DNSKEY  257 3 3 (
+			CNtFdVrUUJ9MPDyzGoPm+tSKUgnX4bble5+VNGd4RjwWpEDj8RhEAhQ7
+			LybJzr0wtHXT2Q/KS55xARkUtcH2TVO/ayMupa30pM38rd8uF38sm+AB
+			KLEvCbPjaLZyW+s10di8nLp1aAxKFFfAEfXkIhl3Wm5g9CvjrMlrxAOf
+			Ny/jtz4v+asIr6/d992V80G9wMKMvTMQoCr4Sp9s2JubW79i4RBVWgHH
+			JMmtyqq+SqEkPhZvsTuo2sXgIH9vRS3XgfkGtw/KyTUM29bhZ2eB+Ldq
+			+bggp1gbBDiSsxZPjxciizI/mCzXWbq8BdfZ6LsddMjAolJwCtaPCD4e
+			4infmw+YSxjGau+YGgI0Cc0uItzQmNNpSoejM3IWGV+SN/YuPJIzw8wi
+			xDfO6kCNiPsW45Fvq31148cAvUvwiqYPQ3fONeOTdQjsJWLLdLTApVEH
+			10kjAGfa30Tm92lQhhG5ovWrWCMbFlw4Lbvlon+X2snWPNut0a1Pz4Wd
+			clDcmNU8dxi1lFvGbcJ0E4qBoJVBIzDh4HX1
+		) ; key id = 42138
+
+; ***  List of Zone Signing Keys  ***
+; dyn.example.net.  tag=1355  algo=RSASHA1  generated Jun 10 2008 00:44:26
+dyn.example.net. 14400 IN DNSKEY  256 3 5 (
+			BQEAAAAB1hmOomNafbJ3H76e8V4qmFvlFWQuIkM+jbh+s79ZpErpCR7w
+			BS5TswdoTeglX9UjP0D6hLmHfTcsdHQLLeMidQ==
+		) ; key id = 1355
+
diff --git a/contrib/zkt/examples/flat/dyn.example.net./dnssec.conf b/contrib/zkt/examples/flat/dyn.example.net./dnssec.conf
new file mode 100644
index 0000000..0998fda
--- /dev/null
+++ b/contrib/zkt/examples/flat/dyn.example.net./dnssec.conf
@@ -0,0 +1,5 @@
+#   signing key parameters
+KSK_lifetime:	60d	# (5184000 seconds)
+KSK_algo:	DSA
+KSK_bits:	1024
+KSK_randfile:	"/dev/urandom"
diff --git a/contrib/zkt/examples/flat/dyn.example.net./dsset-dyn.example.net. b/contrib/zkt/examples/flat/dyn.example.net./dsset-dyn.example.net.
new file mode 100644
index 0000000..f94666a
--- /dev/null
+++ b/contrib/zkt/examples/flat/dyn.example.net./dsset-dyn.example.net.
@@ -0,0 +1,2 @@
+dyn.example.net.	IN DS 42138 3 1 0F49FCDB683D1903F69B6779DB55CA3472974879
+dyn.example.net.	IN DS 42138 3 2 94AC94BFE3AFA17F7485F5F741274074FF2E26A360D776D8884F2689 CCED34C6
diff --git a/contrib/zkt/examples/flat/dyn.example.net./keyset-dyn.example.net. b/contrib/zkt/examples/flat/dyn.example.net./keyset-dyn.example.net.
new file mode 100644
index 0000000..002217b
--- /dev/null
+++ b/contrib/zkt/examples/flat/dyn.example.net./keyset-dyn.example.net.
@@ -0,0 +1,18 @@
+$ORIGIN .
+dyn.example.net		7200	IN DNSKEY 257 3 3 (
+					CNtFdVrUUJ9MPDyzGoPm+tSKUgnX4bble5+V
+					NGd4RjwWpEDj8RhEAhQ7LybJzr0wtHXT2Q/K
+					S55xARkUtcH2TVO/ayMupa30pM38rd8uF38s
+					m+ABKLEvCbPjaLZyW+s10di8nLp1aAxKFFfA
+					EfXkIhl3Wm5g9CvjrMlrxAOfNy/jtz4v+asI
+					r6/d992V80G9wMKMvTMQoCr4Sp9s2JubW79i
+					4RBVWgHHJMmtyqq+SqEkPhZvsTuo2sXgIH9v
+					RS3XgfkGtw/KyTUM29bhZ2eB+Ldq+bggp1gb
+					BDiSsxZPjxciizI/mCzXWbq8BdfZ6LsddMjA
+					olJwCtaPCD4e4infmw+YSxjGau+YGgI0Cc0u
+					ItzQmNNpSoejM3IWGV+SN/YuPJIzw8wixDfO
+					6kCNiPsW45Fvq31148cAvUvwiqYPQ3fONeOT
+					dQjsJWLLdLTApVEH10kjAGfa30Tm92lQhhG5
+					ovWrWCMbFlw4Lbvlon+X2snWPNut0a1Pz4Wd
+					clDcmNU8dxi1lFvGbcJ0E4qBoJVBIzDh4HX1
+					) ; key id = 42138
diff --git a/contrib/zkt/examples/flat/dyn.example.net./zone.db b/contrib/zkt/examples/flat/dyn.example.net./zone.db
new file mode 100644
index 0000000..ee557b8
--- /dev/null
+++ b/contrib/zkt/examples/flat/dyn.example.net./zone.db
@@ -0,0 +1,136 @@
+; File written on Thu Jun 12 18:28:34 2008
+; dnssec_signzone version 9.5.0
+dyn.example.net.	7200	IN SOA	ns1.example.net. hostmaster.example.net. (
+					7          ; serial
+					43200      ; refresh (12 hours)
+					1800       ; retry (30 minutes)
+					1209600    ; expire (2 weeks)
+					7200       ; minimum (2 hours)
+					)
+			7200	RRSIG	SOA 5 3 7200 20080622152834 (
+					20080612152834 1355 dyn.example.net.
+					h8oKA1I7aC378Cll7LdhM2XZzrtsoxOdPaas
+					SMAd5Ok2zobl8i4nTpxUzmJE27U+yEeOJkf+
+					SXgsy934gAaYLw== )
+			7200	NS	ns1.example.net.
+			7200	NS	ns2.example.net.
+			7200	RRSIG	NS 5 3 7200 20080615214426 (
+					20080609214426 1355 dyn.example.net.
+					xuEEg3kN7hAVIwdQ8l8lmeEzNhrtz5Ow1PQK
+					Sm3KTIxXI8RLcqZgc4pMlCWq+gWwxekvxJwz
+					lU0C+J4VPkA8pA== )
+			7200	NSEC	localhost.dyn.example.net. NS SOA RRSIG NSEC DNSKEY
+			7200	RRSIG	NSEC 5 3 7200 20080615214426 (
+					20080609214426 1355 dyn.example.net.
+					XFDBfmcN874qUtNsGwD9Ir0QAzjYMw3BI40I
+					HFEOkTBJouhQ8RBpR6YqgWpkLqg1khvES5DH
+					+6XuqA8u/xPmbw== )
+			3600	DNSKEY	256 3 5 (
+					BQEAAAAB1hmOomNafbJ3H76e8V4qmFvlFWQu
+					IkM+jbh+s79ZpErpCR7wBS5TswdoTeglX9Uj
+					P0D6hLmHfTcsdHQLLeMidQ==
+					) ; key id = 1355
+			3600	DNSKEY	257 3 3 (
+					CNtFdVrUUJ9MPDyzGoPm+tSKUgnX4bble5+V
+					NGd4RjwWpEDj8RhEAhQ7LybJzr0wtHXT2Q/K
+					S55xARkUtcH2TVO/ayMupa30pM38rd8uF38s
+					m+ABKLEvCbPjaLZyW+s10di8nLp1aAxKFFfA
+					EfXkIhl3Wm5g9CvjrMlrxAOfNy/jtz4v+asI
+					r6/d992V80G9wMKMvTMQoCr4Sp9s2JubW79i
+					4RBVWgHHJMmtyqq+SqEkPhZvsTuo2sXgIH9v
+					RS3XgfkGtw/KyTUM29bhZ2eB+Ldq+bggp1gb
+					BDiSsxZPjxciizI/mCzXWbq8BdfZ6LsddMjA
+					olJwCtaPCD4e4infmw+YSxjGau+YGgI0Cc0u
+					ItzQmNNpSoejM3IWGV+SN/YuPJIzw8wixDfO
+					6kCNiPsW45Fvq31148cAvUvwiqYPQ3fONeOT
+					dQjsJWLLdLTApVEH10kjAGfa30Tm92lQhhG5
+					ovWrWCMbFlw4Lbvlon+X2snWPNut0a1Pz4Wd
+					clDcmNU8dxi1lFvGbcJ0E4qBoJVBIzDh4HX1
+					) ; key id = 42138
+			3600	RRSIG	DNSKEY 3 3 3600 20080615214426 (
+					20080609214426 42138 dyn.example.net.
+					CIIuZ4cbwEWxoPGO6KDcLRO4Z3y0i2VhXy+5
+					1X+nmHSkpcKJrUty/wY= )
+			3600	RRSIG	DNSKEY 5 3 3600 20080615214426 (
+					20080609214426 1355 dyn.example.net.
+					xGL6ZjA7v2RjPj7BnYjCvsgMRm/Z94j4c5K4
+					7twJsUZ0AO/mURIpdbCigDfFJuK2fy/8X4Vi
+					9K8P4EgCcj52Jw== )
+localhost.dyn.example.net. 7200	IN A	127.0.0.1
+			7200	RRSIG	A 5 4 7200 20080615214426 (
+					20080609214426 1355 dyn.example.net.
+					s+RvcycC8aAYgRcR5qBdVXhpRxBMTFS5Q0Pk
+					FN7OAdfmJ/3nV7+ehu0eOZ2ZjO2Pm4ZFcSM1
+					Sm1ttNxSTe2M8A== )
+			7200	NSEC	ns1.dyn.example.net. A RRSIG NSEC
+			7200	RRSIG	NSEC 5 4 7200 20080615214426 (
+					20080609214426 1355 dyn.example.net.
+					ZhXlmS/WJPbIiXwLKzNFOxw7RU3owfTA8vEM
+					+/SDZO/7+aVSj5IgbsUs3qLAuFrMN8BFEAWt
+					AqArf+M3STbO9g== )
+ns1.dyn.example.net.	7200	IN A	1.0.0.5
+			7200	RRSIG	A 5 4 7200 20080615214426 (
+					20080609214426 1355 dyn.example.net.
+					gPY1vUcxdWRJ1YbFMg/8rgoPZwta6rFrxQZl
+					KbyBNctNmlbXxeynP6j3qjwq9dydzbNt+sjO
+					TdWtXSZIlU2JKQ== )
+			7200	AAAA	2001:db8::53
+			7200	RRSIG	AAAA 5 4 7200 20080615214426 (
+					20080609214426 1355 dyn.example.net.
+					Y/PZmvaKPq4CqDvdG7eA2sxlnCPeNKHkZOB4
+					eDvK1x+q/WfTs3BDd3+g4zlG5nMC+NRSlXeO
+					Q4Pxd2rI9ud1hA== )
+			7200	NSEC	ns2.dyn.example.net. A AAAA RRSIG NSEC
+			7200	RRSIG	NSEC 5 4 7200 20080615214426 (
+					20080609214426 1355 dyn.example.net.
+					pLgxecgjqGdhVmCcUl59FljWsnC4bjkslUdt
+					0etzeGD1SNGUqhFcW10EgZE4Y9pXwvLvw68R
+					sj80tqtN0NHi/Q== )
+ns2.dyn.example.net.	7200	IN A	1.2.0.6
+			7200	RRSIG	A 5 4 7200 20080615214426 (
+					20080609214426 1355 dyn.example.net.
+					pHtJzfj0HU/AkLE70xT0UG8M/Gvvsia61TnC
+					UrxR/61uQk1X4Vy2+oPA14Yb2QJ7ZHG5D1cn
+					LrVtjyQbfimbOA== )
+			7200	NSEC	x.dyn.example.net. A RRSIG NSEC
+			7200	RRSIG	NSEC 5 4 7200 20080615214426 (
+					20080609214426 1355 dyn.example.net.
+					vjPL9Mb6oUyg9y8m+BpVpTRpac9+WJxu8FHd
+					Xv4xk67NN+L+Zpukm0D8LSOrk4hZk0X5JkLD
+					Pz/gpH280yQJFA== )
+x.dyn.example.net.	7200	IN A	1.2.3.4
+			7200	RRSIG	A 5 4 7200 20080615214426 (
+					20080609214426 1355 dyn.example.net.
+					tFyv0gmTKt8/IXdH9VA1H1ymBQ8EIviN2xbC
+					P8vzWZbay3Az2GPObYmaHKb1dm+Sq1dQUJsb
+					jn6fdB+T2Zs9Pw== )
+			7200	NSEC	y.dyn.example.net. A RRSIG NSEC
+			7200	RRSIG	NSEC 5 4 7200 20080615214426 (
+					20080609214426 1355 dyn.example.net.
+					bWhiuA+4V86k/bfw7XQ7qDHwxTwbTyN+2gu5
+					MeYQA/WeHdb+3QUOYr6aERRJlbD4q431d4f7
+					0sIwBMHOsDjTSA== )
+y.dyn.example.net.	7200	IN A	1.2.3.5
+			7200	RRSIG	A 5 4 7200 20080615214426 (
+					20080609214426 1355 dyn.example.net.
+					KQbZCcMcXWwGUyHyubt0VRhrpgiOel/0rQpF
+					18PyCNIAUIdRra1+Tj12ZaCBT2x5fu+/rtki
+					qA5CzWo8HIPwmA== )
+			7200	NSEC	z.dyn.example.net. A RRSIG NSEC
+			7200	RRSIG	NSEC 5 4 7200 20080615214426 (
+					20080609214426 1355 dyn.example.net.
+					e/zPTQ1WxvSJymZ/QSyPYFRYpc8gScTbwfXY
+					mSyhQGyn1FjfLodAvyicNYbKF/oxR7IaXKLn
+					lO6C9gQ+Iu9wyw== )
+z.dyn.example.net.	7200	IN A	1.2.3.6
+			7200	RRSIG	A 5 4 7200 20080615214426 (
+					20080609214426 1355 dyn.example.net.
+					hv9KA2BS+b97KSebN4h/nrP8cU4FUASHdsZj
+					E2GMTf1aV3gpUyPf8LizKhLbUo/LF0bO3CpJ
+					rWBT4VggwE8blQ== )
+			7200	NSEC	dyn.example.net. A RRSIG NSEC
+			7200	RRSIG	NSEC 5 4 7200 20080615214426 (
+					20080609214426 1355 dyn.example.net.
+					r8f5dzQcdnn8gvr0jiExt/n4IUCVKID9Nahx
+					XMDPLrA7ZH7omol+hKz6wlumYmjphlP2mHUU
+					TNZYnWKCkD3hAQ== )
diff --git a/contrib/zkt/examples/flat/dyn.example.net./zone.db.dsigned b/contrib/zkt/examples/flat/dyn.example.net./zone.db.dsigned
new file mode 100644
index 0000000..9e4c5c8
--- /dev/null
+++ b/contrib/zkt/examples/flat/dyn.example.net./zone.db.dsigned
@@ -0,0 +1,136 @@
+; File written on Thu Jun 12 18:28:39 2008
+; dnssec_signzone version 9.5.0
+dyn.example.net.	7200	IN SOA	ns1.example.net. hostmaster.example.net. (
+					8          ; serial
+					43200      ; refresh (12 hours)
+					1800       ; retry (30 minutes)
+					1209600    ; expire (2 weeks)
+					7200       ; minimum (2 hours)
+					)
+			7200	RRSIG	SOA 5 3 7200 20080622152838 (
+					20080612152838 1355 dyn.example.net.
+					GXyAKsmJ3D+pFic86kQxw+ASoAeGwuGj2rY+
+					fby0HR5ud3i/Iq857ZlluDbQbg1EKZuar0l5
+					e7HwrB59bxKAuw== )
+			7200	NS	ns1.example.net.
+			7200	NS	ns2.example.net.
+			7200	RRSIG	NS 5 3 7200 20080615214426 (
+					20080609214426 1355 dyn.example.net.
+					xuEEg3kN7hAVIwdQ8l8lmeEzNhrtz5Ow1PQK
+					Sm3KTIxXI8RLcqZgc4pMlCWq+gWwxekvxJwz
+					lU0C+J4VPkA8pA== )
+			7200	NSEC	localhost.dyn.example.net. NS SOA RRSIG NSEC DNSKEY
+			7200	RRSIG	NSEC 5 3 7200 20080615214426 (
+					20080609214426 1355 dyn.example.net.
+					XFDBfmcN874qUtNsGwD9Ir0QAzjYMw3BI40I
+					HFEOkTBJouhQ8RBpR6YqgWpkLqg1khvES5DH
+					+6XuqA8u/xPmbw== )
+			3600	DNSKEY	256 3 5 (
+					BQEAAAAB1hmOomNafbJ3H76e8V4qmFvlFWQu
+					IkM+jbh+s79ZpErpCR7wBS5TswdoTeglX9Uj
+					P0D6hLmHfTcsdHQLLeMidQ==
+					) ; key id = 1355
+			3600	DNSKEY	257 3 3 (
+					CNtFdVrUUJ9MPDyzGoPm+tSKUgnX4bble5+V
+					NGd4RjwWpEDj8RhEAhQ7LybJzr0wtHXT2Q/K
+					S55xARkUtcH2TVO/ayMupa30pM38rd8uF38s
+					m+ABKLEvCbPjaLZyW+s10di8nLp1aAxKFFfA
+					EfXkIhl3Wm5g9CvjrMlrxAOfNy/jtz4v+asI
+					r6/d992V80G9wMKMvTMQoCr4Sp9s2JubW79i
+					4RBVWgHHJMmtyqq+SqEkPhZvsTuo2sXgIH9v
+					RS3XgfkGtw/KyTUM29bhZ2eB+Ldq+bggp1gb
+					BDiSsxZPjxciizI/mCzXWbq8BdfZ6LsddMjA
+					olJwCtaPCD4e4infmw+YSxjGau+YGgI0Cc0u
+					ItzQmNNpSoejM3IWGV+SN/YuPJIzw8wixDfO
+					6kCNiPsW45Fvq31148cAvUvwiqYPQ3fONeOT
+					dQjsJWLLdLTApVEH10kjAGfa30Tm92lQhhG5
+					ovWrWCMbFlw4Lbvlon+X2snWPNut0a1Pz4Wd
+					clDcmNU8dxi1lFvGbcJ0E4qBoJVBIzDh4HX1
+					) ; key id = 42138
+			3600	RRSIG	DNSKEY 3 3 3600 20080615214426 (
+					20080609214426 42138 dyn.example.net.
+					CIIuZ4cbwEWxoPGO6KDcLRO4Z3y0i2VhXy+5
+					1X+nmHSkpcKJrUty/wY= )
+			3600	RRSIG	DNSKEY 5 3 3600 20080615214426 (
+					20080609214426 1355 dyn.example.net.
+					xGL6ZjA7v2RjPj7BnYjCvsgMRm/Z94j4c5K4
+					7twJsUZ0AO/mURIpdbCigDfFJuK2fy/8X4Vi
+					9K8P4EgCcj52Jw== )
+localhost.dyn.example.net. 7200	IN A	127.0.0.1
+			7200	RRSIG	A 5 4 7200 20080615214426 (
+					20080609214426 1355 dyn.example.net.
+					s+RvcycC8aAYgRcR5qBdVXhpRxBMTFS5Q0Pk
+					FN7OAdfmJ/3nV7+ehu0eOZ2ZjO2Pm4ZFcSM1
+					Sm1ttNxSTe2M8A== )
+			7200	NSEC	ns1.dyn.example.net. A RRSIG NSEC
+			7200	RRSIG	NSEC 5 4 7200 20080615214426 (
+					20080609214426 1355 dyn.example.net.
+					ZhXlmS/WJPbIiXwLKzNFOxw7RU3owfTA8vEM
+					+/SDZO/7+aVSj5IgbsUs3qLAuFrMN8BFEAWt
+					AqArf+M3STbO9g== )
+ns1.dyn.example.net.	7200	IN A	1.0.0.5
+			7200	RRSIG	A 5 4 7200 20080615214426 (
+					20080609214426 1355 dyn.example.net.
+					gPY1vUcxdWRJ1YbFMg/8rgoPZwta6rFrxQZl
+					KbyBNctNmlbXxeynP6j3qjwq9dydzbNt+sjO
+					TdWtXSZIlU2JKQ== )
+			7200	AAAA	2001:db8::53
+			7200	RRSIG	AAAA 5 4 7200 20080615214426 (
+					20080609214426 1355 dyn.example.net.
+					Y/PZmvaKPq4CqDvdG7eA2sxlnCPeNKHkZOB4
+					eDvK1x+q/WfTs3BDd3+g4zlG5nMC+NRSlXeO
+					Q4Pxd2rI9ud1hA== )
+			7200	NSEC	ns2.dyn.example.net. A AAAA RRSIG NSEC
+			7200	RRSIG	NSEC 5 4 7200 20080615214426 (
+					20080609214426 1355 dyn.example.net.
+					pLgxecgjqGdhVmCcUl59FljWsnC4bjkslUdt
+					0etzeGD1SNGUqhFcW10EgZE4Y9pXwvLvw68R
+					sj80tqtN0NHi/Q== )
+ns2.dyn.example.net.	7200	IN A	1.2.0.6
+			7200	RRSIG	A 5 4 7200 20080615214426 (
+					20080609214426 1355 dyn.example.net.
+					pHtJzfj0HU/AkLE70xT0UG8M/Gvvsia61TnC
+					UrxR/61uQk1X4Vy2+oPA14Yb2QJ7ZHG5D1cn
+					LrVtjyQbfimbOA== )
+			7200	NSEC	x.dyn.example.net. A RRSIG NSEC
+			7200	RRSIG	NSEC 5 4 7200 20080615214426 (
+					20080609214426 1355 dyn.example.net.
+					vjPL9Mb6oUyg9y8m+BpVpTRpac9+WJxu8FHd
+					Xv4xk67NN+L+Zpukm0D8LSOrk4hZk0X5JkLD
+					Pz/gpH280yQJFA== )
+x.dyn.example.net.	7200	IN A	1.2.3.4
+			7200	RRSIG	A 5 4 7200 20080615214426 (
+					20080609214426 1355 dyn.example.net.
+					tFyv0gmTKt8/IXdH9VA1H1ymBQ8EIviN2xbC
+					P8vzWZbay3Az2GPObYmaHKb1dm+Sq1dQUJsb
+					jn6fdB+T2Zs9Pw== )
+			7200	NSEC	y.dyn.example.net. A RRSIG NSEC
+			7200	RRSIG	NSEC 5 4 7200 20080615214426 (
+					20080609214426 1355 dyn.example.net.
+					bWhiuA+4V86k/bfw7XQ7qDHwxTwbTyN+2gu5
+					MeYQA/WeHdb+3QUOYr6aERRJlbD4q431d4f7
+					0sIwBMHOsDjTSA== )
+y.dyn.example.net.	7200	IN A	1.2.3.5
+			7200	RRSIG	A 5 4 7200 20080615214426 (
+					20080609214426 1355 dyn.example.net.
+					KQbZCcMcXWwGUyHyubt0VRhrpgiOel/0rQpF
+					18PyCNIAUIdRra1+Tj12ZaCBT2x5fu+/rtki
+					qA5CzWo8HIPwmA== )
+			7200	NSEC	z.dyn.example.net. A RRSIG NSEC
+			7200	RRSIG	NSEC 5 4 7200 20080615214426 (
+					20080609214426 1355 dyn.example.net.
+					e/zPTQ1WxvSJymZ/QSyPYFRYpc8gScTbwfXY
+					mSyhQGyn1FjfLodAvyicNYbKF/oxR7IaXKLn
+					lO6C9gQ+Iu9wyw== )
+z.dyn.example.net.	7200	IN A	1.2.3.6
+			7200	RRSIG	A 5 4 7200 20080615214426 (
+					20080609214426 1355 dyn.example.net.
+					hv9KA2BS+b97KSebN4h/nrP8cU4FUASHdsZj
+					E2GMTf1aV3gpUyPf8LizKhLbUo/LF0bO3CpJ
+					rWBT4VggwE8blQ== )
+			7200	NSEC	dyn.example.net. A RRSIG NSEC
+			7200	RRSIG	NSEC 5 4 7200 20080615214426 (
+					20080609214426 1355 dyn.example.net.
+					r8f5dzQcdnn8gvr0jiExt/n4IUCVKID9Nahx
+					XMDPLrA7ZH7omol+hKz6wlumYmjphlP2mHUU
+					TNZYnWKCkD3hAQ== )
diff --git a/contrib/zkt/examples/flat/dyn.example.net./zone.org b/contrib/zkt/examples/flat/dyn.example.net./zone.org
new file mode 100644
index 0000000..c536fc8
--- /dev/null
+++ b/contrib/zkt/examples/flat/dyn.example.net./zone.org
@@ -0,0 +1,30 @@
+;-----------------------------------------------------------------
+;
+;       @(#)    dyn.example.net/zone.org
+;
+;-----------------------------------------------------------------
+
+$TTL	7200
+
+@	IN SOA	ns1.example.net. hostmaster.example.net.  (
+				1       ; Serial	
+				43200	; Refresh
+				1800	; Retry
+				2W	; Expire
+				7200 )	; Minimum
+
+		IN  NS		ns1.example.net.
+		IN  NS		ns2.example.net.
+
+ns1		IN  A		1.0.0.5
+		IN  AAAA	2001:db8::53
+ns2		IN  A		1.2.0.6
+
+localhost	IN  A		127.0.0.1
+
+x		IN  A	1.2.3.4
+y		IN  A	1.2.3.5
+z		IN  A	1.2.3.6
+
+$INCLUDE dnskey.db
+
diff --git a/contrib/zkt/examples/flat/example.net./Kexample.net.+005+01764.key b/contrib/zkt/examples/flat/example.net./Kexample.net.+005+01764.key
new file mode 100644
index 0000000..bd273d3
--- /dev/null
+++ b/contrib/zkt/examples/flat/example.net./Kexample.net.+005+01764.key
@@ -0,0 +1,3 @@
+;%	generationtime=20080506212634
+;%	lifetime=60d
+example.net. IN DNSKEY  257 3 5 BQEAAAABDUi2uSUlDjESbnrnY5wd8+pXxhYVY4wCi2UVjhcehvIb2bF8 VJH2Q9/0ubQR1vQ2VJhsGUj3A7bdTfbMETPxKkZaDpc9lCYrm0z5HDrs lyx4bSb4JX/iCyhgYZXrTVb9WyLXjUtmDUktDjZgsyVshFHVJShBUSj+ YpnfQkndGViDAbJRycXDYEF1hCNmTK3KsR1JS9dXMKI3WidH+B9rLlBU 8w==
diff --git a/contrib/zkt/examples/flat/example.net./Kexample.net.+005+01764.published b/contrib/zkt/examples/flat/example.net./Kexample.net.+005+01764.published
new file mode 100644
index 0000000..42b8b80
--- /dev/null
+++ b/contrib/zkt/examples/flat/example.net./Kexample.net.+005+01764.published
@@ -0,0 +1,10 @@
+Private-key-format: v1.2
+Algorithm: 5 (RSASHA1)
+Modulus: DUi2uSUlDjESbnrnY5wd8+pXxhYVY4wCi2UVjhcehvIb2bF8VJH2Q9/0ubQR1vQ2VJhsGUj3A7bdTfbMETPxKkZaDpc9lCYrm0z5HDrslyx4bSb4JX/iCyhgYZXrTVb9WyLXjUtmDUktDjZgsyVshFHVJShBUSj+YpnfQkndGViDAbJRycXDYEF1hCNmTK3KsR1JS9dXMKI3WidH+B9rLlBU8w==
+PublicExponent: AQAAAAE=
+PrivateExponent: AzPR74ljfqsl7qB92XeCowR3igYQrN59a2Z8VGB1PegjagkBltDzudzYyDKpvqdigjeFLL54f1MN5JCPo4J2Q6Ij49LAQ5GsXiEd/FWlwR+UztOcW/uZ3W6DNIwuMbSY7ruZmpv/zVPpyeY1PVXgCsJlX2Zj/Wt8QHASHp5rUugGQSPQfVSQ/mBdDXMZw2tEb3b10quziCmKuHegopRYeuNXwQ==
+Prime1: A+5jXfxmP0Mfnjr4m8BPrPkDyokgFXZB3dXibxeZqp4ypcwpXeO0xTf1FjSZeIOi2RJOzpym914IYa3wPx4zbxmsGeozr1hTIWE+6Xuz0qjE0w==
+Prime2: A2EOffOaSvEoTUf/0dF8Z9/dYxIrE9HBbXRjgrlPc+WoG57lCkjxe/KO5Eclg9o5nrTFcsxpsjrdxOAcIcyTIHsXW8YgxDAb1mFJ0V6tBsabYQ==
+Exponent1: vmRAN3zHGTV28Oj4gslB/xA58sDyieCkDrpGaGChsPo7yUPOEeZQ8ep/FDnQoZLhLCn6XkKcN4D99Yo3JxVECBJOHZp8HrFsfF9BzpXk2yH9
+Exponent2: Aj8x3YdZJ0/KzwX2m6G2qZ5WktmkDITa+XHxvSashqlBm2niBCRFN5kNQNhkIO5ZAFWKEPuHSB5BZWTzgj8jeB8mRoYtbPlJom4KbNtCiZ6BYQ==
+Coefficient: A87WfUPUBfYDuSAu6kcHLAyr0OnqoXnMeXSgyq28CJXdh3Vg39Al8me07wWeRDjMzfpZGdKEhxyvVIS8WhY3du0FYoGI5YhJMqaYq3XjwLfpsQ==
diff --git a/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41151.key b/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41151.key
new file mode 100644
index 0000000..d72baa9
--- /dev/null
+++ b/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41151.key
@@ -0,0 +1,3 @@
+;%	generationtime=20080420205422
+;%	lifetime=60d
+example.net. IN DNSKEY  257 3 5 BQEAAAABDAnSCbSyScZdP2M6OQTbTGvZRD5avmDYgAwXv0EsnNautYn7 kzDGwY3oVTXWDTdII+syK0pt0unjUn2ActoXtyFzIk61VRKDroANM9/W O0PO/y50vNIGMJUL1TiMR6jCp23eSxQ39/1A+BeiU+fMjoJK0/Yc7hbM HWwD8myU0IEX8R2iVUTXNPNbmUV2M836Eu5SRLIVTc7P4vjKT1YYVnoQ qw==
diff --git a/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41151.private b/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41151.private
new file mode 100644
index 0000000..554cd12
--- /dev/null
+++ b/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41151.private
@@ -0,0 +1,10 @@
+Private-key-format: v1.2
+Algorithm: 5 (RSASHA1)
+Modulus: DAnSCbSyScZdP2M6OQTbTGvZRD5avmDYgAwXv0EsnNautYn7kzDGwY3oVTXWDTdII+syK0pt0unjUn2ActoXtyFzIk61VRKDroANM9/WO0PO/y50vNIGMJUL1TiMR6jCp23eSxQ39/1A+BeiU+fMjoJK0/Yc7hbMHWwD8myU0IEX8R2iVUTXNPNbmUV2M836Eu5SRLIVTc7P4vjKT1YYVnoQqw==
+PublicExponent: AQAAAAE=
+PrivateExponent: CJPcx+j7bWxMzKCl395v2PxQRYc/YurHU25oJL9i+B/bkxC8sRzSrTe4rRW61vhtAE3R6+CGz1336igirbEWKjHbPyBg42QHu2OCHWcKv4jq8k9yvtYGb9rKVvSUj4HAfZolr130loWW+CNp5soQQcJG0qxP+YkdI/Z+GDQ9kDbn80+r3wtCtVzjhoq0RoUSH3UnKUbs+DvacQmvepMLcM3PgQ==
+Prime1: A413lN4gpI+7Imn2Krm4CGyRCBoNwFa2PSr1ZQN195W5enKVZAkKg+49G7hoduMgjW2RAzwoJp0/4cGPx5nugSv93QT/mTMhYupL9KdGKcYUIQ==
+Prime2: A2N7TbYY1Q67CsoqHPvogKEP0XtlN421eF+88Yu/YnAZ3Ikd1nMad7rO1bVWptabsNuw0JFkpOmrS3u/GvaWmKCNGBlGjF/XlKr8Bh63V/zLSw==
+Exponent1: Aa0C6ssN8NTZIKsoGJEJLVbb9uB48nXtaMq2FxFARogrnmY0Gi/n8AWFc+ulPvAzJhhrjWF3VW38GcuPe3Ss8l3fpAbAexEnrJHOXxKLlOgmwQ==
+Exponent2: j78LKeDXSgTL5WmsffdJHSRe32GfaX6SgTF0BKzKVRuNIiOf7vHjzkDn4gdcTsMLTSNVp/Zj4vkWMkfJNq+AqosHpBFvhmd+boUG4Xde4jSp
+Coefficient: A1RWhKCgowdNAWs9OF3Q5CBBzC2Fq6O0CspJJD3cmNTEQVbxEbzSWyW7S1NsBgp+6de/HQ72IFtEAL9ChSy6pXWx27PGK6wE89rGbfaJ9Y2gzQ==
diff --git a/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41300.key b/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41300.key
new file mode 100644
index 0000000..235a5df
--- /dev/null
+++ b/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41300.key
@@ -0,0 +1,3 @@
+;%	generationtime=20080721221039
+;%	lifetime=14d
+example.net. IN DNSKEY  256 3 5 BQEAAAABz+XkYpKYKuMPi7jA8Y/qfzDuGKdGVadO1kBAK6UnrK+WbxP3 LjoOtWm13QuS8fHsuZipXs2ouT2S9dhdEArKfw==
diff --git a/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41300.private b/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41300.private
new file mode 100644
index 0000000..b5041c0
--- /dev/null
+++ b/contrib/zkt/examples/flat/example.net./Kexample.net.+005+41300.private
@@ -0,0 +1,10 @@
+Private-key-format: v1.2
+Algorithm: 5 (RSASHA1)
+Modulus: z+XkYpKYKuMPi7jA8Y/qfzDuGKdGVadO1kBAK6UnrK+WbxP3LjoOtWm13QuS8fHsuZipXs2ouT2S9dhdEArKfw==
+PublicExponent: AQAAAAE=
+PrivateExponent: MF8+pDySZKCy1bZvgH9me1xf6cMd7V7FYgIWqRTSGuGpRWdtnIoltaBWjj2UlCshJYiwT0Y5g3obAsorqBC3wQ==
+Prime1: 6M83fhmfDJmatbG+texk1m/E7Aj8yOTLommXQYC/18M=
+Prime2: 5JtrNfEt434OYY/aIFo+LpKQ4YHmni1IODDoP9sHkpU=
+Exponent1: nCZRKBmE9YucwPIw6E1yLiAJ87fqm9IGNLez0kmtV+0=
+Exponent2: 4rEtpIoEBRymA2/iJbg+UmyCd1MKp5Mx4WhFTv1KOS0=
+Coefficient: v0eWAC3cl0XllkeNGaq5thp02OnHsxVU8Xwtss3dCMw=
diff --git a/contrib/zkt/examples/flat/example.net./dnskey.db b/contrib/zkt/examples/flat/example.net./dnskey.db
new file mode 100644
index 0000000..6bd2ba0
--- /dev/null
+++ b/contrib/zkt/examples/flat/example.net./dnskey.db
@@ -0,0 +1,33 @@
+;
+;	!!! Don't edit this file by hand.
+;	!!! It will be generated by dnssec-signer.
+;
+;	 Last generation time Jul 31 2008 00:25:53
+;
+
+;  ***  List of Key Signing Keys  ***
+; example.net.  tag=1764  algo=RSASHA1  generated Jun 19 2008 00:32:22
+example.net. 3600 IN DNSKEY  257 3 5 (
+			BQEAAAABDUi2uSUlDjESbnrnY5wd8+pXxhYVY4wCi2UVjhcehvIb2bF8
+			VJH2Q9/0ubQR1vQ2VJhsGUj3A7bdTfbMETPxKkZaDpc9lCYrm0z5HDrs
+			lyx4bSb4JX/iCyhgYZXrTVb9WyLXjUtmDUktDjZgsyVshFHVJShBUSj+
+			YpnfQkndGViDAbJRycXDYEF1hCNmTK3KsR1JS9dXMKI3WidH+B9rLlBU
+			8w==
+		) ; key id = 1764
+
+; example.net.  tag=41151  algo=RSASHA1  generated Jun 19 2008 00:32:22
+example.net. 3600 IN DNSKEY  257 3 5 (
+			BQEAAAABDAnSCbSyScZdP2M6OQTbTGvZRD5avmDYgAwXv0EsnNautYn7
+			kzDGwY3oVTXWDTdII+syK0pt0unjUn2ActoXtyFzIk61VRKDroANM9/W
+			O0PO/y50vNIGMJUL1TiMR6jCp23eSxQ39/1A+BeiU+fMjoJK0/Yc7hbM
+			HWwD8myU0IEX8R2iVUTXNPNbmUV2M836Eu5SRLIVTc7P4vjKT1YYVnoQ
+			qw==
+		) ; key id = 41151
+
+; ***  List of Zone Signing Keys  ***
+; example.net.  tag=41300  algo=RSASHA1  generated Jul 24 2008 00:13:57
+example.net. 3600 IN DNSKEY  256 3 5 (
+			BQEAAAABz+XkYpKYKuMPi7jA8Y/qfzDuGKdGVadO1kBAK6UnrK+WbxP3
+			LjoOtWm13QuS8fHsuZipXs2ouT2S9dhdEArKfw==
+		) ; key id = 41300
+
diff --git a/contrib/zkt/examples/flat/example.net./dsset-example.net. b/contrib/zkt/examples/flat/example.net./dsset-example.net.
new file mode 100644
index 0000000..d4a01ed
--- /dev/null
+++ b/contrib/zkt/examples/flat/example.net./dsset-example.net.
@@ -0,0 +1,4 @@
+example.net.		IN DS 1764 5 1 A6F060DDE8DE45CA7FD1C21E2F39C477F214795F
+example.net.		IN DS 1764 5 2 B7109245C60ACEDD1630E145477FDF574D5BD9CABE530AAC6D7192DB 7FBFAA3F
+example.net.		IN DS 41151 5 1 BBB692EA07571E412F9385A618C1CAD9BFC1469A
+example.net.		IN DS 41151 5 2 4D22B44C3DC09BD9EEADFFB917EFCE8E45F22E89FF0C096CD14F4405 CA1CAE3F
diff --git a/contrib/zkt/examples/flat/example.net./kexample.net.+005+14829.key b/contrib/zkt/examples/flat/example.net./kexample.net.+005+14829.key
new file mode 100644
index 0000000..fdf427b
--- /dev/null
+++ b/contrib/zkt/examples/flat/example.net./kexample.net.+005+14829.key
@@ -0,0 +1,4 @@
+;%	generationtime=20080415164557
+;%	lifetime=20d
+;%	expirationtime=20080506212633
+example.net. IN DNSKEY  385 3 5 BQEAAAABCrDt76ODmeteohszxggclH3vAXO/NXOnXjOzIivP5LaUL4/U uAtafg5JXypl/nCUVap9FG0K1ebCCBCMJaPCoi7pIgD5EgFzHPnxZo2w GvtmWYwK3MaBP4U8YzwpVbGpJIBAW+IZyM89LD6b2cvkJL5YEviPNfMp rMTLo7BOMVjMBpG2IuULOHq7dzyIe/ym/RXKuuYc5AVtHCBBfGKU/Wzn 0Q==
diff --git a/contrib/zkt/examples/flat/example.net./kexample.net.+005+14829.private b/contrib/zkt/examples/flat/example.net./kexample.net.+005+14829.private
new file mode 100644
index 0000000..1018561
--- /dev/null
+++ b/contrib/zkt/examples/flat/example.net./kexample.net.+005+14829.private
@@ -0,0 +1,10 @@
+Private-key-format: v1.2
+Algorithm: 5 (RSASHA1)
+Modulus: CrDt76ODmeteohszxggclH3vAXO/NXOnXjOzIivP5LaUL4/UuAtafg5JXypl/nCUVap9FG0K1ebCCBCMJaPCoi7pIgD5EgFzHPnxZo2wGvtmWYwK3MaBP4U8YzwpVbGpJIBAW+IZyM89LD6b2cvkJL5YEviPNfMprMTLo7BOMVjMBpG2IuULOHq7dzyIe/ym/RXKuuYc5AVtHCBBfGKU/Wzn0Q==
+PublicExponent: AQAAAAE=
+PrivateExponent: CWC6hC61oQC954Dcu2Z0NNmLk6Wnr33yh7VCuT7kh5fSOgA6Fm0qQgH+nvW2sv9fpy8JB4WBaa/CnysKkLwjDBFcWkrMw7wDR0KAiixe8bjXCZUy95x2t3B/o23jQtS/ejJgaSSOJFioRcPoT5sv9mm6QCe3ir3g9+3n4COrzf0DY1oGfDLzuhrYDT/AM5MuEjSamlblTPHHsKlI3UCl+AHDLQ==
+Prime1: A3ZcDeyxt/SDgmgg4Yk7v66MbFU4GWreYp4/MYhEDsE4jA0cqEY28cAoN8FyPCB1H1t10IVqOs7/LSKrWdXMUKUv57DPMHJp539Wx2HYLmVIfw==
+Prime2: AxZ8J01/Sbij24nloiVsDJdjFTAVApr4S6n/QRdBkWumQTLexnQ1ErcTEVc3Fn0po04ZToIO5JNINrWNdAuNiaHYLuiD4pkkHuSAmTajbVsnrw==
+Exponent1: Iw7WPWd3zZeJ/b3zQcQtSosUXUWFy430aEsQWimMnibFm+qOVpsjhRkTHW/yZp227Y4sVb/ZhzCZWFGr6qWe0sdHIv5Yx6SkvIxv4rUiHdOL
+Exponent2: AhiPWhKq+Iyy/HRZuWpIAalUZ7yE7FeHWFQYQLocatTCnY91VsgNxRLXRwcci6mflhIVoLBDHJal7x4SCRq0Xbze5PeMlMUhsDQdCT+QYTgCRw==
+Coefficient: Auw2b1lPzp3gWxpnDNZWeuiwGcWTd9fNfN/4kBrCbulFngYTNVBpqathFqdwtojYXHfM2HZDKHqmZVZgON+FfxvauGvTDWO6MTBxUleeBlLmcg==
diff --git a/contrib/zkt/examples/flat/example.net./keyset-example.net. b/contrib/zkt/examples/flat/example.net./keyset-example.net.
new file mode 100644
index 0000000..c832578
--- /dev/null
+++ b/contrib/zkt/examples/flat/example.net./keyset-example.net.
@@ -0,0 +1,19 @@
+$ORIGIN .
+example.net		7200	IN DNSKEY 257 3 5 (
+					BQEAAAABDAnSCbSyScZdP2M6OQTbTGvZRD5a
+					vmDYgAwXv0EsnNautYn7kzDGwY3oVTXWDTdI
+					I+syK0pt0unjUn2ActoXtyFzIk61VRKDroAN
+					M9/WO0PO/y50vNIGMJUL1TiMR6jCp23eSxQ3
+					9/1A+BeiU+fMjoJK0/Yc7hbMHWwD8myU0IEX
+					8R2iVUTXNPNbmUV2M836Eu5SRLIVTc7P4vjK
+					T1YYVnoQqw==
+					) ; key id = 41151
+			7200	IN DNSKEY 257 3 5 (
+					BQEAAAABDUi2uSUlDjESbnrnY5wd8+pXxhYV
+					Y4wCi2UVjhcehvIb2bF8VJH2Q9/0ubQR1vQ2
+					VJhsGUj3A7bdTfbMETPxKkZaDpc9lCYrm0z5
+					HDrslyx4bSb4JX/iCyhgYZXrTVb9WyLXjUtm
+					DUktDjZgsyVshFHVJShBUSj+YpnfQkndGViD
+					AbJRycXDYEF1hCNmTK3KsR1JS9dXMKI3WidH
+					+B9rLlBU8w==
+					) ; key id = 1764
diff --git a/contrib/zkt/examples/flat/example.net./zone.db b/contrib/zkt/examples/flat/example.net./zone.db
new file mode 100644
index 0000000..42ad067
--- /dev/null
+++ b/contrib/zkt/examples/flat/example.net./zone.db
@@ -0,0 +1,43 @@
+;-----------------------------------------------------------------
+;
+;       @(#)    example.net/zone.db
+;
+;-----------------------------------------------------------------
+
+$TTL	7200
+
+;	Be sure that the serial number below is left
+;	justified in a field of at least 10 chars!!
+;				0123456789;
+;	It's also possible to use the date form e.g. 2005040101
+@	IN SOA	ns1.example.net. hostmaster.example.net.  (
+				306       ; Serial	
+				43200	; Refresh
+				1800	; Retry
+				2W	; Expire
+				7200 )	; Minimum
+
+		IN  NS		ns1.example.net.
+		IN  NS		ns2.example.net.
+
+ns1		IN  A		1.0.0.5
+		IN  AAAA	2001:db8::53
+ns2		IN  A		1.2.0.6
+
+localhost	IN  A		127.0.0.1
+
+a		IN  A		1.2.3.1
+b		IN  MX		10 a
+;c		IN  A		1.2.3.2
+d		IN  A		1.2.3.3
+		IN  AAAA	2001:0db8::3
+
+; Delegation to secure zone; The DS resource record will
+; be added by dnssec-signzone automatically if the
+; keyset-sub.example.net file is present (run dnssec-signzone
+; with option -g or use the dnssec-signer tool) ;-)
+sub		IN NS      ns1.example.net.
+
+; this file will have all the zone keys
+$INCLUDE dnskey.db
+
diff --git a/contrib/zkt/examples/flat/example.net./zone.db.signed b/contrib/zkt/examples/flat/example.net./zone.db.signed
new file mode 100644
index 0000000..b10d122
--- /dev/null
+++ b/contrib/zkt/examples/flat/example.net./zone.db.signed
@@ -0,0 +1,166 @@
+; File written on Thu Jul 31 00:25:53 2008
+; dnssec_signzone version 9.5.1b1
+example.net.		7200	IN SOA	ns1.example.net. hostmaster.example.net. (
+					306        ; serial
+					43200      ; refresh (12 hours)
+					1800       ; retry (30 minutes)
+					1209600    ; expire (2 weeks)
+					7200       ; minimum (2 hours)
+					)
+			7200	RRSIG	SOA 5 2 7200 20080805212553 (
+					20080730212553 41300 example.net.
+					eRpET793mGv1lKjHoaL/woHNxqFx8mFg1LlT
+					x3ISMuUH7BJCHI4urjNMIJCOKwTeDsstlmvt
+					llflqikDp8uLmQ== )
+			7200	NS	ns1.example.net.
+			7200	NS	ns2.example.net.
+			7200	RRSIG	NS 5 2 7200 20080805212553 (
+					20080730212553 41300 example.net.
+					t7lt/MCYy2plJXQXeZFapUjzkhtYi0NIa4/i
+					sJInZYv78nT2981zrlYCX5UKswGy6VAchtgu
+					WDdVL5V3nirNiA== )
+			7200	NSEC	a.example.net. NS SOA RRSIG NSEC DNSKEY
+			7200	RRSIG	NSEC 5 2 7200 20080805212553 (
+					20080730212553 41300 example.net.
+					TNq3FKjB7brjHQDD1vReNNddof1UmsAOdioU
+					vL1alQJa1zXVpL9Yl2NUbtuV3kKVpxxLAZM4
+					8fjJ1uPzW3KVJQ== )
+			3600	DNSKEY	256 3 5 (
+					BQEAAAABz+XkYpKYKuMPi7jA8Y/qfzDuGKdG
+					VadO1kBAK6UnrK+WbxP3LjoOtWm13QuS8fHs
+					uZipXs2ouT2S9dhdEArKfw==
+					) ; key id = 41300
+			3600	DNSKEY	257 3 5 (
+					BQEAAAABDAnSCbSyScZdP2M6OQTbTGvZRD5a
+					vmDYgAwXv0EsnNautYn7kzDGwY3oVTXWDTdI
+					I+syK0pt0unjUn2ActoXtyFzIk61VRKDroAN
+					M9/WO0PO/y50vNIGMJUL1TiMR6jCp23eSxQ3
+					9/1A+BeiU+fMjoJK0/Yc7hbMHWwD8myU0IEX
+					8R2iVUTXNPNbmUV2M836Eu5SRLIVTc7P4vjK
+					T1YYVnoQqw==
+					) ; key id = 41151
+			3600	DNSKEY	257 3 5 (
+					BQEAAAABDUi2uSUlDjESbnrnY5wd8+pXxhYV
+					Y4wCi2UVjhcehvIb2bF8VJH2Q9/0ubQR1vQ2
+					VJhsGUj3A7bdTfbMETPxKkZaDpc9lCYrm0z5
+					HDrslyx4bSb4JX/iCyhgYZXrTVb9WyLXjUtm
+					DUktDjZgsyVshFHVJShBUSj+YpnfQkndGViD
+					AbJRycXDYEF1hCNmTK3KsR1JS9dXMKI3WidH
+					+B9rLlBU8w==
+					) ; key id = 1764
+			3600	RRSIG	DNSKEY 5 2 3600 20080805212553 (
+					20080730212553 41151 example.net.
+					AoLzL97D0rw8R5leKTNH7XuKyLPUdmX2nmfb
+					Q9RV9mV1mcM7cV37C8nNp1xNqY91frjCiUtd
+					PjFa95U2B1ZVU6j2CgWzPLRidRTU/aKJy2MZ
+					dwkAx4P6MGXemCwi5xGY1JLP3WTtdW1ERBjE
+					tgOT8mOOA8pDk+1S2zUAGbT4WGLx09hf16n+
+					b9YR+mNVyEyJ8qJGvWm6U8niyhHOZWFj6QkL
+					Tw== )
+			3600	RRSIG	DNSKEY 5 2 3600 20080805212553 (
+					20080730212553 41300 example.net.
+					up151hyvd84qGvWxziVwgzuLHvZ9os27gqSU
+					hMeplk+Q2coXShZ219zSQKfZHRYRQF0Hujwi
+					FSHnJW5dlBhMow== )
+a.example.net.		7200	IN A	1.2.3.1
+			7200	RRSIG	A 5 3 7200 20080805212553 (
+					20080730212553 41300 example.net.
+					EOJulnvULgDyx+WXIPkkoAcBot3lKKIHplAM
+					aa2K3QIXak75/IxCh+K/yUpqgsbeU0wHJakd
+					vo0cFjkPvCCrHA== )
+			7200	NSEC	b.example.net. A RRSIG NSEC
+			7200	RRSIG	NSEC 5 3 7200 20080805212553 (
+					20080730212553 41300 example.net.
+					Vb+ZkjqQ+TzXmhsVEE1490F6O3Mww5z0GiO/
+					1CtMb+qfUNS0RavmHVnm5rBYs3WyQmG04vQr
+					2MS4wJguPpznEg== )
+b.example.net.		7200	IN MX	10 a.example.net.
+			7200	RRSIG	MX 5 3 7200 20080805212553 (
+					20080730212553 41300 example.net.
+					RG6GDR1HAKQeG6TaWbIlp97FYZSp8Xf7ySxi
+					Q+OJaPw209RmlNFySWt/HQ6XiwPQ3OJUU9KJ
+					V1VbEaZnFVXu2Q== )
+			7200	NSEC	d.example.net. MX RRSIG NSEC
+			7200	RRSIG	NSEC 5 3 7200 20080805212553 (
+					20080730212553 41300 example.net.
+					MxxrqKlQWoN1PgC6g/VkzTQYRFZpeJfjtm9L
+					jbnNPVNUJoRFA2knURkrTB4nmQc6k9bms9Na
+					G1yt/jdFB699yg== )
+d.example.net.		7200	IN A	1.2.3.3
+			7200	RRSIG	A 5 3 7200 20080805212553 (
+					20080730212553 41300 example.net.
+					LHAxOSR8B+5D4nPxGn3zr4w8E+sSffCRbiqS
+					8Giafiugn+FKRRO+QrCBytSF/YBmwfuz7uQF
+					Xqk7op11oye7fA== )
+			7200	AAAA	2001:db8::3
+			7200	RRSIG	AAAA 5 3 7200 20080805212553 (
+					20080730212553 41300 example.net.
+					VkBfSCLQGwOsCdzJTCgNenXpIHQ1OfOHhqib
+					2UHf/kPtCRxONFQUcKfTC10XSbnOJ7oWcyVC
+					sJOAIxxNQOefZg== )
+			7200	NSEC	localhost.example.net. A AAAA RRSIG NSEC
+			7200	RRSIG	NSEC 5 3 7200 20080805212553 (
+					20080730212553 41300 example.net.
+					e9HXw+0oV/wa8dobs1lstE68JgCzdlmnGUAh
+					/0878kn5nyoLBaFEW3u6LU1E1YY277Ox2jZD
+					X51lgVvrlOsMaw== )
+localhost.example.net.	7200	IN A	127.0.0.1
+			7200	RRSIG	A 5 3 7200 20080805212553 (
+					20080730212553 41300 example.net.
+					cx0NJFy0/RjCjhlU1X3S0na2q9hMyHmvFLhv
+					zLk+LqSaK1rHW4GNCCsGlNxQIb9uJjQJuUq1
+					U9ZdHxUEqeRRtQ== )
+			7200	NSEC	ns1.example.net. A RRSIG NSEC
+			7200	RRSIG	NSEC 5 3 7200 20080805212553 (
+					20080730212553 41300 example.net.
+					nDPwYL/05NLxkY4iuyzH8ASiBq8FcY0uNQAg
+					F+bjdtm1xt1uyqTROl5JQ1P3SUb/EuoxCMII
+					hS9tIVb0spHDuQ== )
+ns1.example.net.	7200	IN A	1.0.0.5
+			7200	RRSIG	A 5 3 7200 20080805212553 (
+					20080730212553 41300 example.net.
+					swMfIxbBfSCr4ACCa3dJ8d0gtoHD7Z0L0sTp
+					TFEZ9miQFFN9zxKHGRpk6fBjkiMI3bSAMbtM
+					bBUOTYWJIMT50g== )
+			7200	AAAA	2001:db8::53
+			7200	RRSIG	AAAA 5 3 7200 20080805212553 (
+					20080730212553 41300 example.net.
+					w+weJuOzg5fQ15RGdNQ/7Gf4DxkcKq4Drx0l
+					CZ16TKV3/fR8ROCzIP9HulPsNJtEFK+J+CbM
+					5P5ZMXieZrh+xQ== )
+			7200	NSEC	ns2.example.net. A AAAA RRSIG NSEC
+			7200	RRSIG	NSEC 5 3 7200 20080805212553 (
+					20080730212553 41300 example.net.
+					xe9q0umSSgBNQ5H0yLSQ9tONsw2hORQpxMGT
+					rrfxEcPm86SLMM40dithZQeajNucRlmuadKX
+					HREpYT/DVVBT0A== )
+ns2.example.net.	7200	IN A	1.2.0.6
+			7200	RRSIG	A 5 3 7200 20080805212553 (
+					20080730212553 41300 example.net.
+					gOU5QjhdfwBBNHi5uQOs53GoxU7eiSt9I/yk
+					06EzlFU2gJ+1cmhYKqrSZM7XC7/c5I61AZDS
+					2LaOiuqMIPm8Hw== )
+			7200	NSEC	sub.example.net. A RRSIG NSEC
+			7200	RRSIG	NSEC 5 3 7200 20080805212553 (
+					20080730212553 41300 example.net.
+					dT90BIfl/AJ6gVSbrU0TiOacE5ZffS4N4B5+
+					HQzwNup6HfL7ZwBEO/vhKJjSgwd+Oetfc76+
+					/l+dJFZ8FtdZTA== )
+sub.example.net.	7200	IN NS	ns1.example.net.
+			7200	DS	54876 5 1 (
+					CAB6127E303A8A8D7D5A29AE05DB60F4C506
+					0B10 )
+			7200	DS	54876 5 2 (
+					7C8CAF1844479F3600213173BB5D1E2A4414
+					3D63B6E0B3E10D8C5310ADF84D30 )
+			7200	RRSIG	DS 5 3 7200 20080805212553 (
+					20080730212553 41300 example.net.
+					DjNb5DNaKyPMWJgfiLxXbw/BhuxxKd58tHv+
+					TQqrp6STx8jZRWNsigEh4QTyx8lyYcAPaYEt
+					X6JnkVWr89s82A== )
+			7200	NSEC	example.net. NS DS RRSIG NSEC
+			7200	RRSIG	NSEC 5 3 7200 20080805212553 (
+					20080730212553 41300 example.net.
+					kDm+cYjtem6aZSTTsLdSQZnJJVfASXdIsrom
+					fViO1QIHNSZodbtWT9cqMvhMhmQ1rO5GVRGg
+					KaG0bEo8TpOAUw== )
diff --git a/contrib/zkt/examples/flat/keysets/dlvset-sub.example.net. b/contrib/zkt/examples/flat/keysets/dlvset-sub.example.net.
new file mode 100644
index 0000000..8e00719
--- /dev/null
+++ b/contrib/zkt/examples/flat/keysets/dlvset-sub.example.net.
@@ -0,0 +1,2 @@
+sub.example.net.dlv.trusted-keys.de. IN	DLV 54876 5 1 CAB6127E303A8A8D7D5A29AE05DB60F4C5060B10
+sub.example.net.dlv.trusted-keys.de. IN	DLV 54876 5 2 7C8CAF1844479F3600213173BB5D1E2A44143D63B6E0B3E10D8C5310 ADF84D30
diff --git a/contrib/zkt/examples/flat/keysets/dsset-dyn.example.net. b/contrib/zkt/examples/flat/keysets/dsset-dyn.example.net.
new file mode 100644
index 0000000..f94666a
--- /dev/null
+++ b/contrib/zkt/examples/flat/keysets/dsset-dyn.example.net.
@@ -0,0 +1,2 @@
+dyn.example.net.	IN DS 42138 3 1 0F49FCDB683D1903F69B6779DB55CA3472974879
+dyn.example.net.	IN DS 42138 3 2 94AC94BFE3AFA17F7485F5F741274074FF2E26A360D776D8884F2689 CCED34C6
diff --git a/contrib/zkt/examples/flat/keysets/dsset-example.net. b/contrib/zkt/examples/flat/keysets/dsset-example.net.
new file mode 100644
index 0000000..d4a01ed
--- /dev/null
+++ b/contrib/zkt/examples/flat/keysets/dsset-example.net.
@@ -0,0 +1,4 @@
+example.net.		IN DS 1764 5 1 A6F060DDE8DE45CA7FD1C21E2F39C477F214795F
+example.net.		IN DS 1764 5 2 B7109245C60ACEDD1630E145477FDF574D5BD9CABE530AAC6D7192DB 7FBFAA3F
+example.net.		IN DS 41151 5 1 BBB692EA07571E412F9385A618C1CAD9BFC1469A
+example.net.		IN DS 41151 5 2 4D22B44C3DC09BD9EEADFFB917EFCE8E45F22E89FF0C096CD14F4405 CA1CAE3F
diff --git a/contrib/zkt/examples/flat/keysets/dsset-sub.example.net. b/contrib/zkt/examples/flat/keysets/dsset-sub.example.net.
new file mode 100644
index 0000000..9bed62a
--- /dev/null
+++ b/contrib/zkt/examples/flat/keysets/dsset-sub.example.net.
@@ -0,0 +1,2 @@
+sub.example.net.	IN DS 54876 5 1 CAB6127E303A8A8D7D5A29AE05DB60F4C5060B10
+sub.example.net.	IN DS 54876 5 2 7C8CAF1844479F3600213173BB5D1E2A44143D63B6E0B3E10D8C5310 ADF84D30
diff --git a/contrib/zkt/examples/flat/keysets/keyset-dyn.example.net. b/contrib/zkt/examples/flat/keysets/keyset-dyn.example.net.
new file mode 100644
index 0000000..002217b
--- /dev/null
+++ b/contrib/zkt/examples/flat/keysets/keyset-dyn.example.net.
@@ -0,0 +1,18 @@
+$ORIGIN .
+dyn.example.net		7200	IN DNSKEY 257 3 3 (
+					CNtFdVrUUJ9MPDyzGoPm+tSKUgnX4bble5+V
+					NGd4RjwWpEDj8RhEAhQ7LybJzr0wtHXT2Q/K
+					S55xARkUtcH2TVO/ayMupa30pM38rd8uF38s
+					m+ABKLEvCbPjaLZyW+s10di8nLp1aAxKFFfA
+					EfXkIhl3Wm5g9CvjrMlrxAOfNy/jtz4v+asI
+					r6/d992V80G9wMKMvTMQoCr4Sp9s2JubW79i
+					4RBVWgHHJMmtyqq+SqEkPhZvsTuo2sXgIH9v
+					RS3XgfkGtw/KyTUM29bhZ2eB+Ldq+bggp1gb
+					BDiSsxZPjxciizI/mCzXWbq8BdfZ6LsddMjA
+					olJwCtaPCD4e4infmw+YSxjGau+YGgI0Cc0u
+					ItzQmNNpSoejM3IWGV+SN/YuPJIzw8wixDfO
+					6kCNiPsW45Fvq31148cAvUvwiqYPQ3fONeOT
+					dQjsJWLLdLTApVEH10kjAGfa30Tm92lQhhG5
+					ovWrWCMbFlw4Lbvlon+X2snWPNut0a1Pz4Wd
+					clDcmNU8dxi1lFvGbcJ0E4qBoJVBIzDh4HX1
+					) ; key id = 42138
diff --git a/contrib/zkt/examples/flat/keysets/keyset-example.net. b/contrib/zkt/examples/flat/keysets/keyset-example.net.
new file mode 100644
index 0000000..c832578
--- /dev/null
+++ b/contrib/zkt/examples/flat/keysets/keyset-example.net.
@@ -0,0 +1,19 @@
+$ORIGIN .
+example.net		7200	IN DNSKEY 257 3 5 (
+					BQEAAAABDAnSCbSyScZdP2M6OQTbTGvZRD5a
+					vmDYgAwXv0EsnNautYn7kzDGwY3oVTXWDTdI
+					I+syK0pt0unjUn2ActoXtyFzIk61VRKDroAN
+					M9/WO0PO/y50vNIGMJUL1TiMR6jCp23eSxQ3
+					9/1A+BeiU+fMjoJK0/Yc7hbMHWwD8myU0IEX
+					8R2iVUTXNPNbmUV2M836Eu5SRLIVTc7P4vjK
+					T1YYVnoQqw==
+					) ; key id = 41151
+			7200	IN DNSKEY 257 3 5 (
+					BQEAAAABDUi2uSUlDjESbnrnY5wd8+pXxhYV
+					Y4wCi2UVjhcehvIb2bF8VJH2Q9/0ubQR1vQ2
+					VJhsGUj3A7bdTfbMETPxKkZaDpc9lCYrm0z5
+					HDrslyx4bSb4JX/iCyhgYZXrTVb9WyLXjUtm
+					DUktDjZgsyVshFHVJShBUSj+YpnfQkndGViD
+					AbJRycXDYEF1hCNmTK3KsR1JS9dXMKI3WidH
+					+B9rLlBU8w==
+					) ; key id = 1764
diff --git a/contrib/zkt/examples/flat/keysets/keyset-sub.example.net. b/contrib/zkt/examples/flat/keysets/keyset-sub.example.net.
new file mode 100644
index 0000000..77aacd6
--- /dev/null
+++ b/contrib/zkt/examples/flat/keysets/keyset-sub.example.net.
@@ -0,0 +1,8 @@
+$ORIGIN .
+sub.example.net		7200	IN DNSKEY 257 3 5 (
+					AQOjGNN0/hLA20+W2qo0sktVActYKf1Opnx+
+					bmkWSrsmJHMBHlT8hL507pGTmDoyH0Ae9+3M
+					ZSTBL1S+HhA12B0htiTp8IbtN/gZOBbwD36c
+					BpPe72uDQoUy/TdSn1HLtoqUSMTB+saqCTZW
+					CfIEqcbHRn0T6PhgqLyCvLzbZ/avYw==
+					) ; key id = 54876
diff --git a/contrib/zkt/examples/flat/named.conf b/contrib/zkt/examples/flat/named.conf
new file mode 100644
index 0000000..0e8551c
--- /dev/null
+++ b/contrib/zkt/examples/flat/named.conf
@@ -0,0 +1,99 @@
+/*****************************************************************
+**
+**      #(@)    named.conf	(c) 6. May 2004 (hoz)
+**
+*****************************************************************/
+
+/*****************************************************************
+**      logging options
+*****************************************************************/
+logging {
+        channel "named-log" {
+                file "/var/log/named" versions 3 size 2m;
+                print-time yes;
+                print-category yes;
+                print-severity yes;
+                severity info;
+        };
+        channel "resolver-log" {
+                file "/var/log/named";
+                print-time yes;
+                print-category yes;
+                print-severity yes;
+                severity debug 1;
+        };
+        channel "dnssec-log" {
+#                file "/var/log/named-dnssec" ;
+                file "/var/log/named" ;
+                print-time yes;
+                print-category yes;
+                print-severity yes;
+                severity debug 3;
+        };
+        category "dnssec" { "dnssec-log"; };
+        category "default" { "named-log"; };
+        category "resolver" { "resolver-log"; };
+        category "client" { "resolver-log"; };
+        category "queries" { "resolver-log"; };
+};
+
+/*****************************************************************
+**      name server options
+*****************************************************************/
+options {
+	directory ".";
+
+	dump-file "/var/log/named_dump.db";
+	statistics-file "/var/log/named.stats";
+
+	listen-on-v6 { any; };
+
+	query-source address * port 53;
+	transfer-source * port 53;
+	notify-source * port 53;
+
+	recursion yes;
+	dnssec-enable yes;
+	edns-udp-size 4096;
+
+#	dnssec-lookaside "." trust-anchor "trusted-keys.de.";
+
+	querylog yes;
+
+};
+
+/*****************************************************************
+**      include shared secrets...
+*****************************************************************/
+/**      for control sessions ...	**/
+controls {
+ 	inet 127.0.0.1 
+ 		allow { localhost; };
+ 	inet ::1 
+ 		allow { localhost; };
+};
+
+/*****************************************************************
+**      ... and trusted_keys
+*****************************************************************/
+# include "trusted-keys.conf" ;
+
+/*****************************************************************
+**      root server hints and required 127 stuff
+*****************************************************************/
+zone "." in {
+	type hint;
+	file "root.hint";
+};
+
+zone "localhost" in {
+	type master;
+	file "localhost.zone";
+};
+
+zone "0.0.127.in-addr.ARPA" in {
+	type master;
+	file "127.0.0.zone";
+};
+
+include "zone.conf";
diff --git a/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+04254.key b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+04254.key
new file mode 100644
index 0000000..a255a7b
--- /dev/null
+++ b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+04254.key
@@ -0,0 +1,3 @@
+;%	generationtime=20080725213107
+;%	lifetime=3d
+sub.example.net. IN DNSKEY  256 3 1 BQEAAAAB4Z/siqZTvCFKzaOrB8+HHTlR9is+/+/Sem6gxhZt/vpWkNMy aSpAT8LjR7nNHr9vNYsJ2KCQtY2dUFjT5BCeqQ==
diff --git a/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+04254.private b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+04254.private
new file mode 100644
index 0000000..e636e05
--- /dev/null
+++ b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+04254.private
@@ -0,0 +1,10 @@
+Private-key-format: v1.2
+Algorithm: 1 (RSA)
+Modulus: 4Z/siqZTvCFKzaOrB8+HHTlR9is+/+/Sem6gxhZt/vpWkNMyaSpAT8LjR7nNHr9vNYsJ2KCQtY2dUFjT5BCeqQ==
+PublicExponent: AQAAAAE=
+PrivateExponent: fcaPYDDCumWIaPKV7FY0JB/PofSCo8amWw5u+eXFxh149WE5PeXYOOS2+x41keA5Z1PhYme4Ma5rcCMRN7n+sQ==
+Prime1: /RbDZdmt2zlsChJiLR+Brweas6L1jnzUsJFm78HlSnM=
+Prime2: 5DhKYbovzYbkIFhp1b9lt22+ymAU8LOGvFXdfb1y33M=
+Exponent1: yw61YMxuJGzEAgxVmlAm6oEH0WaaJ5T1PvZGut1xCU0=
+Exponent2: wYNtwOUtI0UQWQF1ZCBiVsquBIkPvI5eR2GQypHaK08=
+Coefficient: NqkVvrZjnJ/jVWDEykJ2XYuslJOIJPi1+7+sTUyBhPU=
diff --git a/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+56744.key b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+56744.key
new file mode 100644
index 0000000..4e7c3e5
--- /dev/null
+++ b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+56744.key
@@ -0,0 +1,3 @@
+;%	generationtime=20080730222553
+;%	lifetime=3d
+sub.example.net. IN DNSKEY  256 3 1 BQEAAAABxZS/DJA1BUdYVj5cOmMMnA5W/SHlkb4sEZkca3uIqV4gTzgv guftN+M1ZgwyPwarn7DQR1Eb92uW3ALxwN2o6w==
diff --git a/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+56744.published b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+56744.published
new file mode 100644
index 0000000..2a3ae65
--- /dev/null
+++ b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+001+56744.published
@@ -0,0 +1,10 @@
+Private-key-format: v1.2
+Algorithm: 1 (RSA)
+Modulus: xZS/DJA1BUdYVj5cOmMMnA5W/SHlkb4sEZkca3uIqV4gTzgvguftN+M1ZgwyPwarn7DQR1Eb92uW3ALxwN2o6w==
+PublicExponent: AQAAAAE=
+PrivateExponent: aSglUr7DxsGNZMOhyoyN6W0xGps+JGfI3ErXbewlvflVSFSHrA19x0OafvR6eFzqmzKKGIyZBJkYT5NHqKIG6Q==
+Prime1: 4yqINEZm3xDdHGyv31umolirJtS4X2teORhzWDE/r6U=
+Prime2: 3qjiidKP41FSrOsXXgkj3XBi+OAH0cpVBZxCuP+ykU8=
+Exponent1: p8nyeR3ldgpw7A6tebr6okucM6324S5LPOWlC8ygxp0=
+Exponent2: a1qTrKaBO6pN7UI/mHimSYLoevjQBWeX8jB0tmG0NIc=
+Coefficient: NB2eeh6Z+a9qMf1w5UY2z9ME+ZyYtvRbYZSkedB4Q4Y=
diff --git a/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+005+54876.key b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+005+54876.key
new file mode 100644
index 0000000..21098f8
--- /dev/null
+++ b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+005+54876.key
@@ -0,0 +1 @@
+sub.example.net. IN DNSKEY 257 3 5 AQOjGNN0/hLA20+W2qo0sktVActYKf1Opnx+bmkWSrsmJHMBHlT8hL50 7pGTmDoyH0Ae9+3MZSTBL1S+HhA12B0htiTp8IbtN/gZOBbwD36cBpPe 72uDQoUy/TdSn1HLtoqUSMTB+saqCTZWCfIEqcbHRn0T6PhgqLyCvLzb Z/avYw==
diff --git a/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+005+54876.private b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+005+54876.private
new file mode 100644
index 0000000..ad5b363
--- /dev/null
+++ b/contrib/zkt/examples/flat/sub.example.net./Ksub.example.net.+005+54876.private
@@ -0,0 +1,10 @@
+Private-key-format: v1.2
+Algorithm: 5 (RSASHA1)
+Modulus: oxjTdP4SwNtPltqqNLJLVQHLWCn9TqZ8fm5pFkq7JiRzAR5U/IS+dO6Rk5g6Mh9AHvftzGUkwS9Uvh4QNdgdIbYk6fCG7Tf4GTgW8A9+nAaT3u9rg0KFMv03Up9Ry7aKlEjEwfrGqgk2VgnyBKnGx0Z9E+j4YKi8gry822f2r2M=
+PublicExponent: Aw==
+PrivateExponent: bLs3o1QMgJI1DzxxeHbc41aHkBv+NG79qZ7wuYcnbsL3VhQ4qFh++J8Lt7rRdr+AFKVJMu4YgMo4fr61eTq+FWije4t8PrILH6qzNdwCqOLsQYyKRUODTPsE+2BU6TZVBsBOBPlpJP9hTBj1DCoUTE6y8Evkkmf4C4Y6U7frF/s=
+Prime1: 1t2pJC/eQzdhrLR4qHlaaT6vPmBC+7eNPg8zjdZDA03TKMd/V4kw6XtB6QYQZRi/CXg7JjoLr3dpUgyMY0l8tw==
+Prime2: wlIHexyw6bAIC1WmnQFESPLNXjvYYYiyRqCmAPwq4b02/4g7LR/BoKkh+3xiBY+VxvhwUOd5XVEIIVjRcMyOtQ==
+Exponent1: jz5wwsqULM+WcyL7GvuRm38ffurXUnpeKV93s+QsrN6MxdpU5QYgm6eBRgQK7hB/W6V8xCaydPpGNrMIQjD9zw==
+Exponent2: gYwE/L3LRnVasjkZvgDYMKHePtKQQQXMLxXEAKgcln4kqlrSHhUrwHDBUlLsA7UOhKWgNe+mPjYFa5CLoIhfIw==
+Coefficient: DWng17udd0Q2STNt5gshQ6PjNQxEQmQMnCwltkosf8rJhl/rQuYULz0elnWhADcMBDYw7Y6Kb7xjpL4FdR0YnA==
diff --git a/contrib/zkt/examples/flat/sub.example.net./dlvset-sub.example.net. b/contrib/zkt/examples/flat/sub.example.net./dlvset-sub.example.net.
new file mode 100644
index 0000000..8e00719
--- /dev/null
+++ b/contrib/zkt/examples/flat/sub.example.net./dlvset-sub.example.net.
@@ -0,0 +1,2 @@
+sub.example.net.dlv.trusted-keys.de. IN	DLV 54876 5 1 CAB6127E303A8A8D7D5A29AE05DB60F4C5060B10
+sub.example.net.dlv.trusted-keys.de. IN	DLV 54876 5 2 7C8CAF1844479F3600213173BB5D1E2A44143D63B6E0B3E10D8C5310 ADF84D30
diff --git a/contrib/zkt/examples/flat/sub.example.net./dnskey.db b/contrib/zkt/examples/flat/sub.example.net./dnskey.db
new file mode 100644
index 0000000..396e7d3
--- /dev/null
+++ b/contrib/zkt/examples/flat/sub.example.net./dnskey.db
@@ -0,0 +1,29 @@
+;
+;	!!! Don't edit this file by hand.
+;	!!! It will be generated by dnssec-signer.
+;
+;	 Last generation time Jul 31 2008 13:19:17
+;
+
+;  ***  List of Key Signing Keys  ***
+; sub.example.net.  tag=54876  algo=RSASHA1  generated Jun 19 2008 00:32:22
+sub.example.net. 3600 IN DNSKEY  257 3 5 (
+			AQOjGNN0/hLA20+W2qo0sktVActYKf1Opnx+bmkWSrsmJHMBHlT8hL50
+			7pGTmDoyH0Ae9+3MZSTBL1S+HhA12B0htiTp8IbtN/gZOBbwD36cBpPe
+			72uDQoUy/TdSn1HLtoqUSMTB+saqCTZWCfIEqcbHRn0T6PhgqLyCvLzb
+			Z/avYw==
+		) ; key id = 54876
+
+; ***  List of Zone Signing Keys  ***
+; sub.example.net.  tag=4254  algo=RSAMD5  generated Jul 31 2008 00:25:52
+sub.example.net. 3600 IN DNSKEY  256 3 1 (
+			BQEAAAAB4Z/siqZTvCFKzaOrB8+HHTlR9is+/+/Sem6gxhZt/vpWkNMy
+			aSpAT8LjR7nNHr9vNYsJ2KCQtY2dUFjT5BCeqQ==
+		) ; key id = 4254
+
+; sub.example.net.  tag=56744  algo=RSAMD5  generated Jul 31 2008 00:25:53
+sub.example.net. 3600 IN DNSKEY  256 3 1 (
+			BQEAAAABxZS/DJA1BUdYVj5cOmMMnA5W/SHlkb4sEZkca3uIqV4gTzgv
+			guftN+M1ZgwyPwarn7DQR1Eb92uW3ALxwN2o6w==
+		) ; key id = 56744
+
diff --git a/contrib/zkt/examples/flat/sub.example.net./dnssec.conf b/contrib/zkt/examples/flat/sub.example.net./dnssec.conf
new file mode 100644
index 0000000..4a045ad
--- /dev/null
+++ b/contrib/zkt/examples/flat/sub.example.net./dnssec.conf
@@ -0,0 +1,14 @@
+
+resigninterval	1d
+sigvalidity 	2d
+max_ttl 	90s
+
+Serialformat:	unixtime
+ksk_algo 	RSASHA1
+ksk_bits 	1024
+
+zsk_lifetime 	3d
+zsk_algo 	RSAMD5
+zsk_bits 	512
+
+dlv_domain	"dlv.trusted-keys.de"
diff --git a/contrib/zkt/examples/flat/sub.example.net./zone.db b/contrib/zkt/examples/flat/sub.example.net./zone.db
new file mode 100644
index 0000000..c9ec01e
--- /dev/null
+++ b/contrib/zkt/examples/flat/sub.example.net./zone.db
@@ -0,0 +1,25 @@
+;-----------------------------------------------------------------
+;
+;       @(#)    sec.example.net/zone.db
+;
+;-----------------------------------------------------------------
+
+$TTL 7200
+
+@ 	IN SOA	ns1.example.net. hostmaster.example.net.  (
+				0	; Serial
+				86400	; Refresh	(RIPE recommendation if NOTIFY is used)
+				1800	; Retry
+				2W	; Expire
+				7200 )	; Minimum
+
+
+		IN  NS		ns1.example.net.
+
+$INCLUDE dnskey.db
+
+localhost	IN  A		127.0.0.1
+
+a		IN  A		1.2.3.4
+b		IN  A		1.2.3.5
+c		IN  A		1.2.3.6
diff --git a/contrib/zkt/examples/flat/sub.example.net./zone.db.signed b/contrib/zkt/examples/flat/sub.example.net./zone.db.signed
new file mode 100644
index 0000000..0560d2b
--- /dev/null
+++ b/contrib/zkt/examples/flat/sub.example.net./zone.db.signed
@@ -0,0 +1,103 @@
+; File written on Thu Jul 31 13:19:17 2008
+; dnssec_signzone version 9.5.1b1
+sub.example.net.	7200	IN SOA	ns1.example.net. hostmaster.example.net. (
+					1217503157 ; serial
+					86400      ; refresh (1 day)
+					1800       ; retry (30 minutes)
+					1209600    ; expire (2 weeks)
+					7200       ; minimum (2 hours)
+					)
+			7200	RRSIG	SOA 1 3 7200 20080802101917 (
+					20080731101917 4254 sub.example.net.
+					pAevIprv5lPMcSSR4l0cGzaYTY2pG3HsT6z9
+					RkSwssWSyyMxRqgYCuR2gErA1THGJNPlT8Qa
+					9bvrMVOXpd0Q1g== )
+			7200	NS	ns1.example.net.
+			7200	RRSIG	NS 1 3 7200 20080802101917 (
+					20080731101917 4254 sub.example.net.
+					zB0f/bN5fvezT404pT+ArKVIW2QHKzTC2osb
+					k2sUpJiuhKtdJBx1kfBNmyaIuFaZsLtWacJn
+					1S/A2bV4S3No7Q== )
+			7200	NSEC	a.sub.example.net. NS SOA RRSIG NSEC DNSKEY
+			7200	RRSIG	NSEC 1 3 7200 20080802101917 (
+					20080731101917 4254 sub.example.net.
+					ElgI6LCNWdDWM3OKh4vNDN9EiSns1bpnmOPK
+					TmAPb/tStfHfmNOuwBleW6irtDexizZcZFl8
+					feRHQBEYFpgvhA== )
+			3600	DNSKEY	256 3 1 (
+					BQEAAAABxZS/DJA1BUdYVj5cOmMMnA5W/SHl
+					kb4sEZkca3uIqV4gTzgvguftN+M1ZgwyPwar
+					n7DQR1Eb92uW3ALxwN2o6w==
+					) ; key id = 56744
+			3600	DNSKEY	256 3 1 (
+					BQEAAAAB4Z/siqZTvCFKzaOrB8+HHTlR9is+
+					/+/Sem6gxhZt/vpWkNMyaSpAT8LjR7nNHr9v
+					NYsJ2KCQtY2dUFjT5BCeqQ==
+					) ; key id = 4254
+			3600	DNSKEY	257 3 5 (
+					AQOjGNN0/hLA20+W2qo0sktVActYKf1Opnx+
+					bmkWSrsmJHMBHlT8hL507pGTmDoyH0Ae9+3M
+					ZSTBL1S+HhA12B0htiTp8IbtN/gZOBbwD36c
+					BpPe72uDQoUy/TdSn1HLtoqUSMTB+saqCTZW
+					CfIEqcbHRn0T6PhgqLyCvLzbZ/avYw==
+					) ; key id = 54876
+			3600	RRSIG	DNSKEY 1 3 3600 20080802101917 (
+					20080731101917 4254 sub.example.net.
+					ASLViHuAWYqnzkZ4i6eywTuKvHyk93xsQBba
+					4VjRCKc93KzvkWUA6SgOcwGvuRuAGCGb60VT
+					UW2clZMFj/Fy6g== )
+			3600	RRSIG	DNSKEY 5 3 3600 20080802101917 (
+					20080731101917 54876 sub.example.net.
+					B2w2YAkeV2vx159FnG+B/H36Vnx8L1WwHt3E
+					0YV1yYj2s5ZV6B6Gq34Ahm6y+zs7TsVxeYpO
+					OCoYCck/D+ehpuHOzZRR7xS2Rz/xLIvfASAK
+					7NT/aIOlNPWH6I1J3ZAwhfAwF680KEFHPksv
+					oFMHe/OpIq7x/a4NdMn3yIWbFtg= )
+a.sub.example.net.	7200	IN A	1.2.3.4
+			7200	RRSIG	A 1 4 7200 20080802101917 (
+					20080731101917 4254 sub.example.net.
+					1bTDrFSMIV8H8HTfEFQiG7dqYGr3a8UvK5fQ
+					owoh0VJuG4+DCUZU8edUSwnzMW8Yza4Ev0j+
+					M4ESPnoKxli7YQ== )
+			7200	NSEC	b.sub.example.net. A RRSIG NSEC
+			7200	RRSIG	NSEC 1 4 7200 20080802101917 (
+					20080731101917 4254 sub.example.net.
+					nmJGbJWWaChlNmTTk5TgWEYRETeSJFiCoYHv
+					USKfEwLn13LfKk/lRZJarWIkDh7mxoismPOt
+					2ODgeGLhUTap7A== )
+b.sub.example.net.	7200	IN A	1.2.3.5
+			7200	RRSIG	A 1 4 7200 20080802101917 (
+					20080731101917 4254 sub.example.net.
+					ojTCQ+aB8WClC7ncJsVGaN5RY6lczR7/Q0uz
+					bydmXQBjGUdF/GsuJvhR26mVbPzJNmF7uDNN
+					S0Et3ivWZSAVOg== )
+			7200	NSEC	c.sub.example.net. A RRSIG NSEC
+			7200	RRSIG	NSEC 1 4 7200 20080802101917 (
+					20080731101917 4254 sub.example.net.
+					a6adIifDPjibbLme8dVzcKymxSARsIs2pz7B
+					jHXl0NCH9tmPBc/cBnjHxnSaes3QVDeok04k
+					+SzjVQtJfxUDsA== )
+c.sub.example.net.	7200	IN A	1.2.3.6
+			7200	RRSIG	A 1 4 7200 20080802101917 (
+					20080731101917 4254 sub.example.net.
+					ZeYTG7C6eEXhcHaBS4oIcwWGA5NayJs9aqhb
+					eWLRoZ75LxgIxhMQYU6A22PQf+zIWLADd0ID
+					z5HLpC+KbfpJxw== )
+			7200	NSEC	localhost.sub.example.net. A RRSIG NSEC
+			7200	RRSIG	NSEC 1 4 7200 20080802101917 (
+					20080731101917 4254 sub.example.net.
+					IypmujoPBPhfEJqJdst5ZBazYfrr5l8nzrIh
+					a6xQYUDcw8aI96rVxn0pjeeiGBHuge2HbAAh
+					4AnYjZlHjfe+MA== )
+localhost.sub.example.net. 7200	IN A	127.0.0.1
+			7200	RRSIG	A 1 4 7200 20080802101917 (
+					20080731101917 4254 sub.example.net.
+					o8kEv5q2Xus/jL8w8gB/M3VSvz7eTP67u38T
+					X+JO2yRn7W8gIxPo46yYfgr3qB7WXYD8jB8Y
+					vw4b+pdoWMi0+g== )
+			7200	NSEC	sub.example.net. A RRSIG NSEC
+			7200	RRSIG	NSEC 1 4 7200 20080802101917 (
+					20080731101917 4254 sub.example.net.
+					XbQQpoL8oV9kgpIKHyX2KoCmtMm2Wub1lVu9
+					PP0RM4QO5bpWls0ify3KgNiAg0g6qV86UQIr
+					SgFnqsd6YTxxpw== )
diff --git a/contrib/zkt/examples/flat/zkt.log b/contrib/zkt/examples/flat/zkt.log
new file mode 100644
index 0000000..9276f94
--- /dev/null
+++ b/contrib/zkt/examples/flat/zkt.log
@@ -0,0 +1,2501 @@
+2008-06-10 00:36:45.086: warning: zone "sub.example.net.": lifetime of key signing key 54876 exceeded
+2008-06-10 00:37:09.073: warning: zone "sub.example.net.": lifetime of key signing key 54876 exceeded
+2008-06-10 00:37:09.074: error: zone "example.net.": couldn't increment serialno in file ./example.net./zone.db: not enough space left for serialno
+2008-06-10 00:37:24.586: warning: zone "sub.example.net.": lifetime of key signing key 54876 exceeded
+2008-06-10 00:37:24.588: error: zone "example.net.": couldn't increment serialno in file ./example.net./zone.db: not enough space left for serialno
+2008-06-10 00:38:02.499: warning: zone "sub.example.net.": lifetime of key signing key 54876 exceeded
+2008-06-10 00:38:14.016: warning: zone "sub.example.net.": lifetime of key signing key 54876 exceeded
+2008-06-10 00:38:14.018: error: zone "example.net.": couldn't increment serialno in file ./example.net./zone.db: couldn't find serialnumber in zone file
+2008-06-10 00:38:40.235: warning: zone "sub.example.net.": lifetime of key signing key 54876 exceeded
+2008-06-10 00:38:40.236: error: zone "example.net.": couldn't increment serialno in file ./example.net./zone.db: unexpected end of file
+2008-06-10 00:38:49.975: warning: zone "sub.example.net.": lifetime of key signing key 54876 exceeded
+2008-06-11 13:47:16.909: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded ()
+2008-06-11 13:51:06.959: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded -16781202()
+2008-06-11 13:54:29.680: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded (27w5d5h30m5s)
+2008-06-11 13:56:36.990: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w5d5h32m12s
+2008-06-11 22:39:48.053: notice: running as ../../dnssec-signer -v -v
+2008-06-11 22:39:48.056: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w5d14h15m24s
+2008-06-11 22:39:48.056: notice: "sub.example.net.": lifetime of zone signing key 44833 exceeded since 2h30m54s: ZSK rollover done
+2008-06-11 22:39:48.143: notice: "sub.example.net.": re-signing triggered: New zone key
+2008-06-11 22:39:48.617: notice: end of run: 0 errors occured
+2008-06-11 22:41:14.103: notice: running as ../../dnssec-signer -v -v
+2008-06-11 22:41:14.106: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w5d14h16m50s
+2008-06-11 22:41:14.106: notice: end of run: 0 errors occured
+2008-06-11 22:48:18.445: notice: running as ../../dnssec-signer -v -v
+2008-06-11 22:48:18.448: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w5d14h23m54s
+2008-06-11 22:48:18.448: notice: "sub.example.net.": re-signing triggered: New zone key
+2008-06-11 22:48:19.087: notice: end of run: 0 errors occured
+2008-06-11 22:56:53.295: notice: running as ../../dnssec-signer -v -v
+2008-06-11 22:56:53.297: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w5d14h32m29s
+2008-06-11 22:56:53.297: notice: end of run: 0 errors occured
+2008-06-11 23:01:41.451: notice: running as ../../dnssec-signer -v -v
+2008-06-11 23:01:41.454: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w5d14h37m17s
+2008-06-11 23:01:41.454: notice: end of run: 0 errors occured
+2008-06-11 23:04:25.909: notice: running as ../../dnssec-signer -c dnssec.conf -v -v
+2008-06-11 23:04:25.911: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w5d14h40m1s
+2008-06-11 23:04:25.911: notice: end of run: 0 errors occured
+2008-06-12 13:06:54.007: notice: running as ../../dnssec-signer -v -v
+2008-06-12 13:06:54.055: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d4h42m30s
+2008-06-12 13:06:54.056: notice: end of run: 0 errors occured
+2008-06-12 13:07:45.126: notice: running as ../../dnssec-signer -v -v
+2008-06-12 13:07:45.129: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+
+2008-06-12 13:07:45.129: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d4h43m21s
+2008-06-12 13:07:45.130: debug: parsing zone "example.net." in dir "./example.net."
+
+2008-06-12 13:07:45.130: notice: end of run: 0 errors occured
+2008-06-12 13:22:02.251: notice: running as ../../dnssec-signer -v -v
+2008-06-12 13:22:02.253: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+
+2008-06-12 13:22:02.253: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d4h57m38s
+2008-06-12 13:22:02.253: debug: parsing zone "example.net." in dir "./example.net."
+
+2008-06-12 13:22:02.253: notice: end of run: 0 errors occured
+2008-06-12 13:24:37.956: notice: running as ../../dnssec-signer -v -v
+2008-06-12 13:24:37.958: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-06-12 13:24:37.958: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d5h13s
+2008-06-12 13:24:37.958: debug: parsing zone "example.net." in dir "./example.net."
+2008-06-12 13:24:37.958: notice: end of run: 0 errors occured
+2008-06-12 13:25:32.993: notice: running as ../../dnssec-signer --config-option verboselog: 0; -v -v
+2008-06-12 13:25:32.997: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d5h1m8s
+2008-06-12 13:25:32.997: notice: end of run: 0 errors occured
+2008-06-12 13:26:49.861: notice: running as ../../dnssec-signer -O verboselog: 0; -v -v
+2008-06-12 13:26:49.864: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d5h2m25s
+2008-06-12 13:26:49.864: notice: end of run: 0 errors occured
+2008-06-12 16:28:01.977: notice: running as ../../dnssec-signer --config-option verboselog: 0; -v -v
+2008-06-12 16:28:01.979: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h3m37s
+2008-06-12 16:28:01.979: notice: end of run: 0 errors occured
+2008-06-12 16:28:13.626: notice: running as ../../dnssec-signer --config-option verboselog: 0; -v
+2008-06-12 16:28:13.629: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h3m49s
+2008-06-12 16:28:13.630: notice: end of run: 0 errors occured
+2008-06-12 16:28:30.318: notice: running as ../../dnssec-signer --config-option verboselog: 0; -v -v
+2008-06-12 16:28:30.320: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h4m6s
+2008-06-12 16:28:30.320: notice: end of run: 0 errors occured
+2008-06-12 16:34:06.968: notice: running as ../../dnssec-signer -v -v
+2008-06-12 16:34:06.971: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-06-12 16:34:06.971: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h9m42s
+2008-06-12 16:34:06.972: debug: parsing zone "example.net." in dir "./example.net."
+2008-06-12 16:34:06.972: notice: end of run: 0 errors occured
+2008-06-12 16:34:15.816: notice: running as ../../dnssec-signer
+2008-06-12 16:34:15.818: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-06-12 16:34:15.818: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h9m51s
+2008-06-12 16:34:15.818: debug: parsing zone "example.net." in dir "./example.net."
+2008-06-12 16:34:15.818: notice: end of run: 0 errors occured
+2008-06-12 16:35:27.777: notice: running as ../../dnssec-signer --config-option verboselog: 0; -v -v
+2008-06-12 16:35:27.780: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h11m3s
+2008-06-12 16:35:27.780: notice: end of run: 0 errors occured
+2008-06-12 16:44:56.266: notice: running as ../../dnssec-signer -v -v
+2008-06-12 16:44:56.269: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-06-12 16:44:56.269: debug: 		->ksk5011status returns 0
+2008-06-12 16:44:56.269: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h20m32s
+2008-06-12 16:44:56.269: debug: 	Re-signing not necessary!
+2008-06-12 16:44:56.269: debug: parsing zone "example.net." in dir "./example.net."
+2008-06-12 16:44:56.269: debug: 		->ksk5011status returns 2
+2008-06-12 16:44:56.269: debug: 	Re-signing not necessary!
+2008-06-12 16:44:56.270: notice: end of run: 0 errors occured
+2008-06-12 16:49:23.380: notice: running as ../../dnssec-signer -v -v
+2008-06-12 16:49:23.385: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-06-12 16:49:23.385: debug: 		->ksk5011status returns 0
+2008-06-12 16:49:23.386: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h24m59s
+2008-06-12 16:49:23.386: debug: 	Re-signing not necessary!
+2008-06-12 16:49:23.386: debug: parsing zone "example.net." in dir "./example.net."
+2008-06-12 16:49:23.386: debug: 		->ksk5011status returns 2
+2008-06-12 16:49:23.386: debug: 	Re-signing not necessary!
+2008-06-12 16:49:23.386: notice: end of run: 0 errors occured
+2008-06-12 16:49:28.284: notice: running as ../../dnssec-signer -r -v -v
+2008-06-12 16:49:28.288: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-06-12 16:49:28.288: debug: 		->ksk5011status returns 0
+2008-06-12 16:49:28.288: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h25m4s
+2008-06-12 16:49:28.288: debug: 	Re-signing not necessary!
+2008-06-12 16:49:28.288: debug: parsing zone "example.net." in dir "./example.net."
+2008-06-12 16:49:28.288: debug: 		->ksk5011status returns 2
+2008-06-12 16:49:28.288: debug: 	Re-signing not necessary!
+2008-06-12 16:49:28.288: notice: end of run: 0 errors occured
+2008-06-12 16:49:32.079: notice: running as ../../dnssec-signer -f -v -v
+2008-06-12 16:49:32.081: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-06-12 16:49:32.081: debug: 		->ksk5011status returns 0
+2008-06-12 16:49:32.081: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h25m8s
+2008-06-12 16:49:32.082: debug: 	Re-signing necessary: Option -f
+2008-06-12 16:49:32.082: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-06-12 16:49:32.082: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-06-12 16:49:32.082: debug: 	Signing zone "sub.example.net."
+2008-06-12 16:49:32.082: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o sub.example.net. -e +172800 -g -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-06-12 16:49:32.222: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-06-12 16:49:32.222: debug: 	Signing completed after 0s.
+2008-06-12 16:49:32.222: debug: 
+2008-06-12 16:49:32.222: debug: parsing zone "example.net." in dir "./example.net."
+2008-06-12 16:49:32.222: debug: 		->ksk5011status returns 2
+2008-06-12 16:49:32.223: debug: 	Re-signing necessary: Option -f
+2008-06-12 16:49:32.223: notice: "example.net.": re-signing triggered: Option -f
+2008-06-12 16:49:32.223: debug: 	Writing key file "./example.net./dnskey.db"
+2008-06-12 16:49:32.223: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-06-12 16:49:32.223: debug: 	Signing zone "example.net."
+2008-06-12 16:49:32.223: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o example.net. -e +518400 -g  zone.db K*.private"
+2008-06-12 16:49:32.335: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-06-12 16:49:32.335: debug: 	Signing completed after 0s.
+2008-06-12 16:49:32.335: debug: 
+2008-06-12 16:49:32.335: notice: end of run: 0 errors occured
+2008-06-12 17:02:15.076: notice: running as ../../dnssec-signer -f -v -v
+2008-06-12 17:02:15.078: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-06-12 17:02:15.078: debug: 	Check RFC5011 status
+2008-06-12 17:02:15.078: debug: 		->ksk5011status returns 0
+2008-06-12 17:02:15.078: debug: 	Check ksk status
+2008-06-12 17:02:15.078: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d8h37m51s
+2008-06-12 17:02:15.078: debug: 	Re-signing necessary: Option -f
+2008-06-12 17:02:15.078: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-06-12 17:02:15.078: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-06-12 17:02:15.079: debug: 	Signing zone "sub.example.net."
+2008-06-12 17:02:15.079: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o sub.example.net. -e +172800 -g -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-06-12 17:02:15.254: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-06-12 17:02:15.254: debug: 	Signing completed after 0s.
+2008-06-12 17:02:15.254: debug: 
+2008-06-12 17:02:15.254: debug: parsing zone "example.net." in dir "./example.net."
+2008-06-12 17:02:15.255: debug: 	Check RFC5011 status
+2008-06-12 17:02:15.255: debug: 		->ksk5011status returns 2
+2008-06-12 17:02:15.255: debug: 	Re-signing necessary: Option -f
+2008-06-12 17:02:15.255: notice: "example.net.": re-signing triggered: Option -f
+2008-06-12 17:02:15.255: debug: 	Writing key file "./example.net./dnskey.db"
+2008-06-12 17:02:15.255: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-06-12 17:02:15.255: debug: 	Signing zone "example.net."
+2008-06-12 17:02:15.255: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o example.net. -e +518400 -g  zone.db K*.private"
+2008-06-12 17:02:15.368: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-06-12 17:02:15.368: debug: 	Signing completed after 0s.
+2008-06-12 17:02:15.368: debug: 
+2008-06-12 17:02:15.368: notice: end of run: 0 errors occured
+2008-06-12 17:43:50.388: notice: running as ../../dnssec-signer -f -f
+2008-06-12 17:43:50.390: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-06-12 17:43:50.390: debug: 	Check RFC5011 status
+2008-06-12 17:43:50.390: debug: 		->ksk5011status returns 0
+2008-06-12 17:43:50.390: debug: 	Check ksk status
+2008-06-12 17:43:50.390: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d9h19m26s
+2008-06-12 17:43:50.390: debug: 	Re-signing necessary: Option -f
+2008-06-12 17:43:50.390: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-06-12 17:43:50.390: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-06-12 17:43:50.390: debug: 	Signing zone "sub.example.net."
+2008-06-12 17:43:50.390: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o sub.example.net. -e +172800 -g -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-06-12 17:43:50.533: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-06-12 17:43:50.533: debug: 	Signing completed after 0s.
+2008-06-12 17:43:50.533: debug: 
+2008-06-12 17:43:50.533: debug: parsing zone "example.net." in dir "./example.net."
+2008-06-12 17:43:50.533: debug: 	Check RFC5011 status
+2008-06-12 17:43:50.533: debug: 		->ksk5011status returns 2
+2008-06-12 17:43:50.533: debug: 	Re-signing necessary: Option -f
+2008-06-12 17:43:50.533: notice: "example.net.": re-signing triggered: Option -f
+2008-06-12 17:43:50.533: debug: 	Writing key file "./example.net./dnskey.db"
+2008-06-12 17:43:50.534: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-06-12 17:43:50.534: debug: 	Signing zone "example.net."
+2008-06-12 17:43:50.534: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o example.net. -e +518400 -g  zone.db K*.private"
+2008-06-12 17:43:50.645: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-06-12 17:43:50.645: debug: 	Signing completed after 0s.
+2008-06-12 17:43:50.645: debug: 
+2008-06-12 17:43:50.645: notice: end of run: 0 errors occured
+2008-06-12 17:49:43.188: notice: running as ../../dnssec-signer -O verboselog: 2 -v -v
+2008-06-12 17:49:43.190: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-06-12 17:49:43.190: debug: 	Check RFC5011 status
+2008-06-12 17:49:43.190: debug: 		->ksk5011status returns 0
+2008-06-12 17:49:43.190: debug: 	Check ksk status
+2008-06-12 17:49:43.190: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d9h25m19s
+2008-06-12 17:49:43.190: debug: 	Re-signing not necessary!
+2008-06-12 17:49:43.190: debug: parsing zone "example.net." in dir "./example.net."
+2008-06-12 17:49:43.190: debug: 	Check RFC5011 status
+2008-06-12 17:49:43.190: debug: 		->ksk5011status returns 2
+2008-06-12 17:49:43.190: debug: 	Re-signing not necessary!
+2008-06-12 17:49:43.190: notice: end of run: 0 errors occured
+2008-06-12 17:50:09.325: notice: running as ../../dnssec-signer -v -v
+2008-06-12 17:50:09.327: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-06-12 17:50:09.327: debug: 	Check RFC5011 status
+2008-06-12 17:50:09.327: debug: 		->ksk5011status returns 0
+2008-06-12 17:50:09.327: debug: 	Check ksk status
+2008-06-12 17:50:09.327: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d9h25m45s
+2008-06-12 17:50:09.327: debug: 	Re-signing not necessary!
+2008-06-12 17:50:09.327: debug: parsing zone "example.net." in dir "./example.net."
+2008-06-12 17:50:09.327: debug: 	Check RFC5011 status
+2008-06-12 17:50:09.327: debug: 		->ksk5011status returns 2
+2008-06-12 17:50:09.327: debug: 	Re-signing not necessary!
+2008-06-12 17:50:09.327: notice: end of run: 0 errors occured
+2008-06-12 17:52:29.309: notice: running as ../../dnssec-signer -v -v
+2008-06-12 17:52:29.311: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-06-12 17:52:29.312: debug: 	Check RFC5011 status
+2008-06-12 17:52:29.312: debug: 		->ksk5011status returns 0
+2008-06-12 17:52:29.312: debug: 	Check ksk status
+2008-06-12 17:52:29.312: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d9h28m5s
+2008-06-12 17:52:29.312: debug: 	Re-signing not necessary!
+2008-06-12 17:52:29.312: debug: parsing zone "example.net." in dir "./example.net."
+2008-06-12 17:52:29.313: debug: 	Check RFC5011 status
+2008-06-12 17:52:29.313: debug: 		->ksk5011status returns 2
+2008-06-12 17:52:29.313: debug: 	Re-signing not necessary!
+2008-06-12 17:52:29.313: notice: end of run: 0 errors occured
+2008-06-12 18:24:57.405: notice: running as ../../dnssec-signer -v -v
+2008-06-12 18:24:57.409: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-06-12 18:24:57.409: debug: 	Check RFC5011 status
+2008-06-12 18:24:57.409: debug: 		->ksk5011status returns 0
+2008-06-12 18:24:57.409: debug: 	Check ksk status
+2008-06-12 18:24:57.409: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 27w6d10h33s
+2008-06-12 18:24:57.409: debug: 	Re-signing not necessary!
+2008-06-12 18:24:57.409: debug: parsing zone "example.net." in dir "./example.net."
+2008-06-12 18:24:57.409: debug: 	Check RFC5011 status
+2008-06-12 18:24:57.409: debug: 		->ksk5011status returns 2
+2008-06-12 18:24:57.410: debug: 	Re-signing not necessary!
+2008-06-12 18:24:57.410: notice: end of run: 0 errors occured
+2008-06-16 23:12:32.309: notice: 
+2008-06-16 23:12:32.309: notice:  running as ../../dnssec-signer -v -v 
+2008-06-16 23:12:32.654: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-06-16 23:12:32.654: debug: 	Check RFC5011 status
+2008-06-16 23:12:32.654: debug: 		->ksk5011status returns 0
+2008-06-16 23:12:32.654: debug: 	Check ksk status
+2008-06-16 23:12:32.654: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 28w3d14h48m8s
+2008-06-16 23:12:32.654: debug: 	Lifetime(259200 +/-150 sec) of active key 44833 exceeded (433964 sec)
+2008-06-16 23:12:32.654: debug: 		->depreciate it
+2008-06-16 23:12:32.654: debug: 		->activate pre-publish key 55267
+2008-06-16 23:12:32.654: notice: "sub.example.net.": lifetime of zone signing key 55267 exceeded since 2d32m44s: ZSK rollover done
+2008-06-16 23:12:32.654: debug: 	New pre-publish key needed
+2008-06-16 23:12:32.790: debug: 		->creating new pre-publish key 56149
+2008-06-16 23:12:32.791: debug: 	Re-signing necessary: New zone key
+2008-06-16 23:12:32.791: notice: "sub.example.net.": re-signing triggered: New zone key
+2008-06-16 23:12:32.791: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-06-16 23:12:32.792: debug: 	Signing zone "sub.example.net."
+2008-06-16 23:12:32.792: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o sub.example.net. -e +172800 -g -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-06-16 23:12:33.022: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-06-16 23:12:33.022: debug: 	Signing completed after 1s.
+2008-06-16 23:12:33.022: debug: 
+2008-06-16 23:12:33.023: debug: parsing zone "example.net." in dir "./example.net."
+2008-06-16 23:12:33.023: debug: 	Check RFC5011 status
+2008-06-16 23:12:33.023: debug: 		->ksk5011status returns 2
+2008-06-16 23:12:33.023: debug: 	Re-signing necessary: re-signing interval (2d) reached
+2008-06-16 23:12:33.023: notice: "example.net.": re-signing triggered: re-signing interval (2d) reached
+2008-06-16 23:12:33.023: debug: 	Writing key file "./example.net./dnskey.db"
+2008-06-16 23:12:33.024: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-06-16 23:12:33.024: debug: 	Signing zone "example.net."
+2008-06-16 23:12:33.024: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone -p -d ../keysets -o example.net. -e +518400 -g  zone.db K*.private"
+2008-06-16 23:12:33.169: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-06-16 23:12:33.170: debug: 	Signing completed after 0s.
+2008-06-16 23:12:33.170: debug: 
+2008-06-16 23:12:33.170: notice: end of run: 0 errors occured
+2008-06-16 23:13:24.119: notice: ===> running as ../../dnssec-signer -v -v <===
+2008-06-16 23:13:24.121: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-06-16 23:13:24.121: debug: 	Check RFC5011 status
+2008-06-16 23:13:24.121: debug: 		->ksk5011status returns 0
+2008-06-16 23:13:24.121: debug: 	Check ksk status
+2008-06-16 23:13:24.121: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 28w3d14h49m
+2008-06-16 23:13:24.121: debug: 	Re-signing not necessary!
+2008-06-16 23:13:24.121: debug: parsing zone "example.net." in dir "./example.net."
+2008-06-16 23:13:24.121: debug: 	Check RFC5011 status
+2008-06-16 23:13:24.121: debug: 		->ksk5011status returns 2
+2008-06-16 23:13:24.121: debug: 	Re-signing not necessary!
+2008-06-16 23:13:24.121: notice: end of run: 0 errors occured
+2008-06-16 23:13:56.970: notice: =====> running as ../../dnssec-signer -v -v <=====
+2008-06-16 23:13:56.972: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-06-16 23:13:56.972: debug: 	Check RFC5011 status
+2008-06-16 23:13:56.972: debug: 		->ksk5011status returns 0
+2008-06-16 23:13:56.972: debug: 	Check ksk status
+2008-06-16 23:13:56.973: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 28w3d14h49m32s
+2008-06-16 23:13:56.973: debug: 	Re-signing not necessary!
+2008-06-16 23:13:56.973: debug: parsing zone "example.net." in dir "./example.net."
+2008-06-16 23:13:56.973: debug: 	Check RFC5011 status
+2008-06-16 23:13:56.973: debug: 		->ksk5011status returns 2
+2008-06-16 23:13:56.973: debug: 	Re-signing not necessary!
+2008-06-16 23:13:56.973: notice: end of run: 0 errors occured
+2008-06-16 23:15:16.980: notice: ------------------------------------------------------------
+2008-06-16 23:15:16.982: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-06-16 23:15:16.982: debug: 	Check RFC5011 status
+2008-06-16 23:15:16.982: debug: 		->ksk5011status returns 0
+2008-06-16 23:15:16.982: debug: 	Check ksk status
+2008-06-16 23:15:16.982: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 28w3d14h50m52s
+2008-06-16 23:15:16.982: debug: 	Re-signing not necessary!
+2008-06-16 23:15:16.982: debug: parsing zone "example.net." in dir "./example.net."
+2008-06-16 23:15:16.982: debug: 	Check RFC5011 status
+2008-06-16 23:15:16.982: debug: 		->ksk5011status returns 2
+2008-06-16 23:15:16.982: debug: 	Re-signing not necessary!
+2008-06-16 23:15:16.983: notice: end of run: 0 errors occured
+2008-06-16 23:18:48.101: notice: ------------------------------------------------------------
+2008-06-16 23:18:48.101: notice:  running as ../../dnssec-signer -v -v 
+2008-06-16 23:18:48.103: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-06-16 23:18:48.103: debug: 	Check RFC5011 status
+2008-06-16 23:18:48.103: debug: 		->ksk5011status returns 0
+2008-06-16 23:18:48.103: debug: 	Check ksk status
+2008-06-16 23:18:48.103: warning: "sub.example.net.": lifetime of key signing key 54876 exceeded since 28w3d14h54m24s
+2008-06-16 23:18:48.103: debug: 	Re-signing not necessary!
+2008-06-16 23:18:48.103: debug: 
+2008-06-16 23:18:48.103: debug: parsing zone "example.net." in dir "./example.net."
+2008-06-16 23:18:48.104: debug: 	Check RFC5011 status
+2008-06-16 23:18:48.104: debug: 		->ksk5011status returns 2
+2008-06-16 23:18:48.104: debug: 	Re-signing not necessary!
+2008-06-16 23:18:48.104: debug: 
+2008-06-16 23:18:48.104: notice: end of run: 0 errors occured
+2008-06-24 14:55:16.347: notice: ------------------------------------------------------------
+2008-06-24 14:55:16.347: notice: running ../../dnssec-signer -v -v 
+2008-06-24 14:55:16.349: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-06-24 14:55:16.349: debug: 	Check RFC5011 status
+2008-06-24 14:55:16.349: debug: 		->ksk5011status returns 0
+2008-06-24 14:55:16.349: debug: 	Check ksk status
+2008-06-24 14:55:16.349: debug: 	Lifetime(390 sec) of depreciated key 44833 exceeded (483774 sec)
+2008-06-24 14:55:16.350: debug: 		->remove it
+2008-06-24 14:55:16.350: debug: 	Lifetime(259200 +/-150 sec) of active key 55267 exceeded (483774 sec)
+2008-06-24 14:55:16.350: debug: 		->depreciate it
+2008-06-24 14:55:16.350: debug: 		->activate pre-publish key 56149
+2008-06-24 14:55:16.350: notice: "sub.example.net.": lifetime of zone signing key 55267 exceeded: ZSK rollover done
+2008-06-24 14:55:16.350: notice: "sub.example.net.": lifetime of zone signing key 56149 exceeded since 2d14h22m54s: ZSK rollover deferred: waiting for pre-publish key
+2008-06-24 14:55:16.350: debug: 	New pre-publish key needed
+2008-06-24 14:55:16.532: debug: 		->creating new pre-publish key 2338
+2008-06-24 14:55:16.532: debug: 	Re-signing necessary: New zone key
+2008-06-24 14:55:16.533: notice: "sub.example.net.": re-signing triggered: New zone key
+2008-06-24 14:55:16.533: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-06-24 14:55:16.533: debug: 	Signing zone "sub.example.net."
+2008-06-24 14:55:16.533: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -p -d ../keysets -o sub.example.net. -e +172800 -g -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-06-24 14:55:16.776: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-06-24 14:55:16.776: debug: 	Signing completed after 0s.
+2008-06-24 14:55:16.776: debug: 
+2008-06-24 14:55:16.776: debug: parsing zone "example.net." in dir "./example.net."
+2008-06-24 14:55:16.776: debug: 	Check RFC5011 status
+2008-06-24 14:55:16.776: debug: 		->ksk5011status returns 2
+2008-06-24 14:55:16.776: debug: 	Re-signing necessary: re-signing interval (2d) reached
+2008-06-24 14:55:16.776: notice: "example.net.": re-signing triggered: re-signing interval (2d) reached
+2008-06-24 14:55:16.776: debug: 	Writing key file "./example.net./dnskey.db"
+2008-06-24 14:55:16.777: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-06-24 14:55:16.777: debug: 	Signing zone "example.net."
+2008-06-24 14:55:16.777: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -p -d ../keysets -o example.net. -e +518400 -g  zone.db K*.private"
+2008-06-24 14:55:16.922: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-06-24 14:55:16.922: debug: 	Signing completed after 0s.
+2008-06-24 14:55:16.922: debug: 
+2008-06-24 14:55:16.922: notice: end of run: 0 errors occured
+2008-06-24 14:57:56.093: notice: ------------------------------------------------------------
+2008-06-24 14:57:56.094: notice: running ../../dnssec-signer -v -v 
+2008-06-24 14:57:56.096: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-06-24 14:57:56.096: debug: 	Check RFC5011 status
+2008-06-24 14:57:56.096: debug: 		->ksk5011status returns 0
+2008-06-24 14:57:56.096: debug: 	Check ksk status
+2008-06-24 14:57:56.097: debug: 	Re-signing not necessary!
+2008-06-24 14:57:56.097: debug: 
+2008-06-24 14:57:56.097: debug: parsing zone "example.net." in dir "./example.net."
+2008-06-24 14:57:56.097: debug: 	Check RFC5011 status
+2008-06-24 14:57:56.097: debug: 		->ksk5011status returns 2
+2008-06-24 14:57:56.097: debug: 	Re-signing not necessary!
+2008-06-24 14:57:56.097: debug: 
+2008-06-24 14:57:56.098: notice: end of run: 0 errors occured
+2008-06-24 23:26:12.632: notice: ------------------------------------------------------------
+2008-06-24 23:26:12.632: notice: running ../../dnssec-signer -v -v 
+2008-06-24 23:26:12.648: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-06-24 23:26:12.648: debug: 	Check RFC5011 status
+2008-06-24 23:26:12.648: debug: 		->ksk5011status returns 0
+2008-06-24 23:26:12.648: debug: 	Check ksk status
+2008-06-24 23:26:12.648: debug: 	Lifetime(390 sec) of depreciated key 55267 exceeded (30656 sec)
+2008-06-24 23:26:12.648: debug: 		->remove it
+2008-06-24 23:26:12.648: debug: 	Re-signing necessary: New zone key
+2008-06-24 23:26:12.649: notice: "sub.example.net.": re-signing triggered: New zone key
+2008-06-24 23:26:12.649: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-06-24 23:26:12.655: debug: 	Signing zone "sub.example.net."
+2008-06-24 23:26:12.655: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -p -d ../keysets -o sub.example.net. -e +172800 -g -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-06-24 23:26:13.030: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-06-24 23:26:13.030: debug: 	Signing completed after 1s.
+2008-06-24 23:26:13.030: debug: 
+2008-06-24 23:26:13.030: debug: parsing zone "example.net." in dir "./example.net."
+2008-06-24 23:26:13.030: debug: 	Check RFC5011 status
+2008-06-24 23:26:13.030: debug: 		->ksk5011status returns 2
+2008-06-24 23:26:13.030: debug: 	Re-signing not necessary!
+2008-06-24 23:26:13.030: debug: 
+2008-06-24 23:26:13.030: notice: end of run: 0 errors occured
+2008-07-08 00:53:55.013: notice: ------------------------------------------------------------
+2008-07-08 00:53:55.013: notice: running ../../dnssec-signer -v -v 
+2008-07-08 00:53:55.015: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-08 00:53:55.015: debug: 	Check RFC5011 status
+2008-07-08 00:53:55.015: debug: 		->ksk5011status returns 0
+2008-07-08 00:53:55.015: debug: 	Check KSK status
+2008-07-08 00:53:55.015: debug: 	Check ZSK status
+2008-07-08 00:53:55.015: debug: 	Lifetime(259200 +/-150 sec) of active key 56149 exceeded (1159119 sec)
+2008-07-08 00:53:55.015: debug: 		->depreciate it
+2008-07-08 00:53:55.015: debug: 		->activate pre-publish key 2338
+2008-07-08 00:53:55.018: notice: "sub.example.net.": lifetime of zone signing key 56149 exceeded: ZSK rollover done
+2008-07-08 00:53:55.018: debug: 	New pre-publish key needed
+2008-07-08 00:53:55.547: debug: 		->creating new pre-publish key 9198
+2008-07-08 00:53:55.547: info: "sub.example.net.": new pre-publish key 9198 created
+2008-07-08 00:53:55.547: debug: 	Re-signing necessary: New zone key
+2008-07-08 00:53:55.548: notice: "sub.example.net.": re-signing triggered: New zone key
+2008-07-08 00:53:55.548: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-08 00:53:55.578: debug: 	Signing zone "sub.example.net."
+2008-07-08 00:53:55.578: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-08 00:53:55.708: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-08 00:53:55.708: debug: 	Signing completed after 0s.
+2008-07-08 00:53:55.708: debug: 
+2008-07-08 00:53:55.708: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-08 00:53:55.708: debug: 	Check RFC5011 status
+2008-07-08 00:53:55.708: debug: 		->ksk5011status returns 2
+2008-07-08 00:53:55.708: debug: 	Check ZSK status
+2008-07-08 00:53:55.708: debug: 	Lifetime(1209600 +/-150 sec) of active key 14939 exceeded (1642893 sec)
+2008-07-08 00:53:55.708: debug: 		->waiting for pre-publish key
+2008-07-08 00:53:55.708: notice: "example.net.": lifetime of zone signing key 14939 exceeded since 5d21m33s: ZSK rollover deferred: waiting for pre-publish key
+2008-07-08 00:53:55.708: debug: 	New pre-publish key needed
+2008-07-08 00:53:55.747: debug: 		->creating new pre-publish key 16682
+2008-07-08 00:53:55.747: info: "example.net.": new pre-publish key 16682 created
+2008-07-08 00:53:55.747: debug: 	Re-signing necessary: New zone key
+2008-07-08 00:53:55.747: notice: "example.net.": re-signing triggered: New zone key
+2008-07-08 00:53:55.747: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-08 00:53:55.748: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-08 00:53:55.748: debug: 	Signing zone "example.net."
+2008-07-08 00:53:55.748: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-08 00:53:55.899: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-08 00:53:55.899: debug: 	Signing completed after 0s.
+2008-07-08 00:53:55.899: debug: 
+2008-07-08 00:53:55.899: notice: end of run: 0 errors occured
+2008-07-08 00:53:57.597: notice: ------------------------------------------------------------
+2008-07-08 00:53:57.597: notice: running ../../dnssec-signer -v -v 
+2008-07-08 00:53:57.599: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-08 00:53:57.599: debug: 	Check RFC5011 status
+2008-07-08 00:53:57.599: debug: 		->ksk5011status returns 0
+2008-07-08 00:53:57.599: debug: 	Check KSK status
+2008-07-08 00:53:57.599: debug: 	Check ZSK status
+2008-07-08 00:53:57.599: debug: 	Re-signing not necessary!
+2008-07-08 00:53:57.599: debug: 	Check if there is a parent file to copy
+2008-07-08 00:53:57.599: debug: 
+2008-07-08 00:53:57.599: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-08 00:53:57.599: debug: 	Check RFC5011 status
+2008-07-08 00:53:57.599: debug: 		->ksk5011status returns 2
+2008-07-08 00:53:57.599: debug: 	Check ZSK status
+2008-07-08 00:53:57.599: debug: 	Lifetime(1209600 +/-150 sec) of active key 14939 exceeded (1642895 sec)
+2008-07-08 00:53:57.599: debug: 		->waiting for pre-publish key
+2008-07-08 00:53:57.600: notice: "example.net.": lifetime of zone signing key 14939 exceeded since 5d21m35s: ZSK rollover deferred: waiting for pre-publish key
+2008-07-08 00:53:57.600: debug: 	Re-signing not necessary!
+2008-07-08 00:53:57.600: debug: 	Check if there is a parent file to copy
+2008-07-08 00:53:57.600: debug: 
+2008-07-08 00:53:57.600: notice: end of run: 0 errors occured
+2008-07-08 20:28:20.476: notice: ------------------------------------------------------------
+2008-07-08 20:28:20.476: notice: running ../../dnssec-signer -v -v -N named.conf 
+2008-07-08 20:28:20.476: debug: parsing zone "sub.example.net." in dir "././sub.example.net."
+2008-07-08 20:28:20.476: debug: 	Check RFC5011 status
+2008-07-08 20:28:20.476: debug: 		->ksk5011status returns 0
+2008-07-08 20:28:20.476: debug: 	Check KSK status
+2008-07-08 20:28:20.476: debug: 	Check ZSK status
+2008-07-08 20:28:20.476: debug: 	Lifetime(390 sec) of depreciated key 56149 exceeded (70465 sec)
+2008-07-08 20:28:20.476: info: "sub.example.net.": removed old ZSK 56149
+
+2008-07-08 20:28:20.656: debug: 		->remove it
+2008-07-08 20:28:20.656: debug: 	Re-signing necessary: New zone key
+2008-07-08 20:28:20.656: notice: "sub.example.net.": re-signing triggered: New zone key
+2008-07-08 20:28:20.656: debug: 	Writing key file "././sub.example.net./dnskey.db"
+2008-07-08 20:28:20.656: debug: 	Signing zone "sub.example.net."
+2008-07-08 20:28:20.656: debug: 	  Run cmd "cd ././sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-08 20:28:20.990: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-08 20:28:20.990: debug: 	Signing completed after 0s.
+2008-07-08 20:28:20.990: debug: 
+2008-07-08 20:28:20.990: debug: parsing zone "example.net." in dir "././example.net."
+2008-07-08 20:28:20.990: debug: 	Check RFC5011 status
+2008-07-08 20:28:20.990: debug: 		->ksk5011status returns 2
+2008-07-08 20:28:20.990: debug: 	Check ZSK status
+2008-07-08 20:28:20.990: debug: 	Lifetime(1209600 +/-150 sec) of active key 14939 exceeded (1713358 sec)
+2008-07-08 20:28:20.990: debug: 		->depreciate it
+2008-07-08 20:28:20.990: debug: 		->activate pre-publish key 16682
+2008-07-08 20:28:20.990: notice: "example.net.": lifetime of zone signing key 14939 exceeded: ZSK rollover done
+2008-07-08 20:28:20.990: debug: 	Re-signing necessary: New zone key
+2008-07-08 20:28:20.990: notice: "example.net.": re-signing triggered: New zone key
+2008-07-08 20:28:20.990: debug: 	Writing key file "././example.net./dnskey.db"
+2008-07-08 20:28:20.991: debug: 	Incrementing serial number in file "././example.net./zone.db"
+2008-07-08 20:28:20.991: debug: 	Signing zone "example.net."
+2008-07-08 20:28:20.991: debug: 	  Run cmd "cd ././example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-08 20:28:21.112: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-08 20:28:21.112: debug: 	Signing completed after 1s.
+2008-07-08 20:28:21.112: debug: 
+2008-07-08 20:28:21.113: notice: end of run: 0 errors occured
+2008-07-08 20:32:23.121: notice: ------------------------------------------------------------
+2008-07-08 20:32:23.121: notice: running ../../dnssec-signer -v -v 
+2008-07-08 20:32:23.123: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-08 20:32:23.123: debug: 	Check RFC5011 status
+2008-07-08 20:32:23.124: debug: 		->ksk5011status returns 0
+2008-07-08 20:32:23.124: debug: 	Check KSK status
+2008-07-08 20:32:23.124: debug: 	Check ZSK status
+2008-07-08 20:32:23.124: debug: 	Re-signing not necessary!
+2008-07-08 20:32:23.124: debug: 	Check if there is a parent file to copy
+2008-07-08 20:32:23.124: debug: 
+2008-07-08 20:32:23.124: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-08 20:32:23.124: debug: 	Check RFC5011 status
+2008-07-08 20:32:23.124: debug: 		->ksk5011status returns 2
+2008-07-08 20:32:23.124: debug: 	Check ZSK status
+2008-07-08 20:32:23.124: debug: 	Re-signing not necessary!
+2008-07-08 20:32:23.124: debug: 	Check if there is a parent file to copy
+2008-07-08 20:32:23.124: debug: 
+2008-07-08 20:32:23.124: notice: end of run: 0 errors occured
+2008-07-08 20:32:30.246: notice: ------------------------------------------------------------
+2008-07-08 20:32:30.246: notice: running ../../dnssec-signer -v -v -N named.conf 
+2008-07-08 20:32:30.246: debug: parsing zone "sub.example.net." in dir "././sub.example.net."
+2008-07-08 20:32:30.246: debug: 	Check RFC5011 status
+2008-07-08 20:32:30.246: debug: 		->ksk5011status returns 0
+2008-07-08 20:32:30.246: debug: 	Check KSK status
+2008-07-08 20:32:30.246: debug: 	Check ZSK status
+2008-07-08 20:32:30.246: debug: 	Re-signing not necessary!
+2008-07-08 20:32:30.246: debug: 	Check if there is a parent file to copy
+2008-07-08 20:32:30.246: debug: 
+2008-07-08 20:32:30.246: debug: parsing zone "example.net." in dir "././example.net."
+2008-07-08 20:32:30.246: debug: 	Check RFC5011 status
+2008-07-08 20:32:30.246: debug: 		->ksk5011status returns 2
+2008-07-08 20:32:30.247: debug: 	Check ZSK status
+2008-07-08 20:32:30.247: debug: 	Re-signing not necessary!
+2008-07-08 20:32:30.247: debug: 	Check if there is a parent file to copy
+2008-07-08 20:32:30.247: debug: 
+2008-07-08 20:32:30.247: notice: end of run: 0 errors occured
+2008-07-08 20:35:51.512: notice: ------------------------------------------------------------
+2008-07-08 20:35:51.512: notice: running ../../dnssec-signer -v -v -N named.conf 
+2008-07-08 20:35:51.512: debug: parsing zone "sub.example.net." in dir "././sub.example.net."
+2008-07-08 20:35:51.512: debug: 	Check RFC5011 status
+2008-07-08 20:35:51.512: debug: 		->ksk5011status returns 0
+2008-07-08 20:35:51.513: debug: 	Check KSK status
+2008-07-08 20:35:51.513: debug: 	Check ZSK status
+2008-07-08 20:35:51.513: debug: 	Re-signing not necessary!
+2008-07-08 20:35:51.513: debug: 	Check if there is a parent file to copy
+2008-07-08 20:35:51.513: debug: 
+2008-07-08 20:35:51.513: debug: parsing zone "example.net." in dir "././example.net."
+2008-07-08 20:35:51.513: debug: 	Check RFC5011 status
+2008-07-08 20:35:51.513: debug: 		->ksk5011status returns 2
+2008-07-08 20:35:51.513: debug: 	Check ZSK status
+2008-07-08 20:35:51.513: debug: 	Re-signing not necessary!
+2008-07-08 20:35:51.513: debug: 	Check if there is a parent file to copy
+2008-07-08 20:35:51.513: debug: 
+2008-07-08 20:35:51.513: notice: end of run: 0 errors occured
+2008-07-08 20:37:16.569: notice: ------------------------------------------------------------
+2008-07-08 20:37:16.569: notice: running ../../dnssec-signer -v -v -N named.conf 
+2008-07-08 20:37:16.569: debug: parsing zone "sub.example.net." in dir "././sub.example.net."
+2008-07-08 20:37:16.569: debug: 	Check RFC5011 status
+2008-07-08 20:37:16.569: debug: 		->ksk5011status returns 0
+2008-07-08 20:37:16.570: debug: 	Check KSK status
+2008-07-08 20:37:16.570: debug: 	Check ZSK status
+2008-07-08 20:37:16.570: debug: 	Re-signing not necessary!
+2008-07-08 20:37:16.570: debug: 	Check if there is a parent file to copy
+2008-07-08 20:37:16.570: debug: 
+2008-07-08 20:37:16.570: debug: parsing zone "example.net." in dir "././example.net."
+2008-07-08 20:37:16.570: debug: 	Check RFC5011 status
+2008-07-08 20:37:16.570: debug: 		->ksk5011status returns 2
+2008-07-08 20:37:16.570: debug: 	Check ZSK status
+2008-07-08 20:37:16.570: debug: 	Re-signing not necessary!
+2008-07-08 20:37:16.570: debug: 	Check if there is a parent file to copy
+2008-07-08 20:37:16.570: debug: 
+2008-07-08 20:37:16.570: notice: end of run: 0 errors occured
+2008-07-08 20:37:29.134: notice: ------------------------------------------------------------
+2008-07-08 20:37:29.134: notice: running ../../dnssec-signer -v -v 
+2008-07-08 20:37:29.137: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-08 20:37:29.137: debug: 	Check RFC5011 status
+2008-07-08 20:37:29.137: debug: 		->ksk5011status returns 0
+2008-07-08 20:37:29.137: debug: 	Check KSK status
+2008-07-08 20:37:29.137: debug: 	Check ZSK status
+2008-07-08 20:37:29.137: debug: 	Re-signing not necessary!
+2008-07-08 20:37:29.138: debug: 	Check if there is a parent file to copy
+2008-07-08 20:37:29.138: debug: 
+2008-07-08 20:37:29.138: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-08 20:37:29.138: debug: 	Check RFC5011 status
+2008-07-08 20:37:29.138: debug: 		->ksk5011status returns 2
+2008-07-08 20:37:29.138: debug: 	Check ZSK status
+2008-07-08 20:37:29.138: debug: 	Re-signing not necessary!
+2008-07-08 20:37:29.139: debug: 	Check if there is a parent file to copy
+2008-07-08 20:37:29.139: debug: 
+2008-07-08 20:37:29.139: notice: end of run: 0 errors occured
+2008-07-08 20:39:39.895: notice: ------------------------------------------------------------
+2008-07-08 20:39:39.895: notice: running ../../dnssec-signer -N named.conf -v -v 
+2008-07-08 20:39:39.895: debug: parsing zone "sub.example.net." in dir "././sub.example.net."
+2008-07-08 20:39:39.895: debug: 	Check RFC5011 status
+2008-07-08 20:39:39.895: debug: 		->ksk5011status returns 0
+2008-07-08 20:39:39.895: debug: 	Check KSK status
+2008-07-08 20:39:39.895: debug: 	Check ZSK status
+2008-07-08 20:39:39.895: debug: 	Re-signing not necessary!
+2008-07-08 20:39:39.895: debug: 	Check if there is a parent file to copy
+2008-07-08 20:39:39.895: debug: 
+2008-07-08 20:39:39.895: debug: parsing zone "example.net." in dir "././example.net."
+2008-07-08 20:39:39.895: debug: 	Check RFC5011 status
+2008-07-08 20:39:39.895: debug: 		->ksk5011status returns 2
+2008-07-08 20:39:39.895: debug: 	Check ZSK status
+2008-07-08 20:39:39.895: debug: 	Re-signing not necessary!
+2008-07-08 20:39:39.895: debug: 	Check if there is a parent file to copy
+2008-07-08 20:39:39.895: debug: 
+2008-07-08 20:39:39.895: notice: end of run: 0 errors occured
+2008-07-08 20:42:54.377: notice: ------------------------------------------------------------
+2008-07-08 20:42:54.377: notice: running ../../dnssec-signer -v -v -D . 
+2008-07-08 20:42:54.377: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-08 20:42:54.377: debug: 	Check RFC5011 status
+2008-07-08 20:42:54.377: debug: 		->ksk5011status returns 0
+2008-07-08 20:42:54.377: debug: 	Check KSK status
+2008-07-08 20:42:54.377: debug: 	Check ZSK status
+2008-07-08 20:42:54.377: debug: 	Re-signing not necessary!
+2008-07-08 20:42:54.377: debug: 	Check if there is a parent file to copy
+2008-07-08 20:42:54.377: debug: 
+2008-07-08 20:42:54.377: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-08 20:42:54.378: debug: 	Check RFC5011 status
+2008-07-08 20:42:54.378: debug: 		->ksk5011status returns 2
+2008-07-08 20:42:54.378: debug: 	Check ZSK status
+2008-07-08 20:42:54.378: debug: 	Re-signing not necessary!
+2008-07-08 20:42:54.378: debug: 	Check if there is a parent file to copy
+2008-07-08 20:42:54.378: debug: 
+2008-07-08 20:42:54.378: notice: end of run: 0 errors occured
+2008-07-08 20:53:40.414: notice: ------------------------------------------------------------
+2008-07-08 20:53:40.414: notice: running ../../dnssec-signer -v -v -D . 
+2008-07-08 20:53:40.417: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-08 20:53:40.417: debug: 	Check RFC5011 status
+2008-07-08 20:53:40.417: debug: 		->ksk5011status returns 0
+2008-07-08 20:53:40.417: debug: 	Check KSK status
+2008-07-08 20:53:40.417: debug: 	Check ZSK status
+2008-07-08 20:53:40.417: debug: 	Re-signing not necessary!
+2008-07-08 20:53:40.417: debug: 	Check if there is a parent file to copy
+2008-07-08 20:53:40.417: debug: 
+2008-07-08 20:53:40.417: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-08 20:53:40.417: debug: 	Check RFC5011 status
+2008-07-08 20:53:40.417: debug: 		->ksk5011status returns 2
+2008-07-08 20:53:40.417: debug: 	Check ZSK status
+2008-07-08 20:53:40.417: debug: 	Re-signing not necessary!
+2008-07-08 20:53:40.418: debug: 	Check if there is a parent file to copy
+2008-07-08 20:53:40.418: debug: 
+2008-07-08 20:53:40.418: notice: end of run: 0 errors occured
+2008-07-08 20:53:49.488: notice: ------------------------------------------------------------
+2008-07-08 20:53:49.488: notice: running ../../dnssec-signer -v -v -N named.conf 
+2008-07-08 20:53:49.490: debug: parsing zone "sub.example.net." in dir "././sub.example.net."
+2008-07-08 20:53:49.490: debug: 	Check RFC5011 status
+2008-07-08 20:53:49.490: debug: 		->ksk5011status returns 0
+2008-07-08 20:53:49.491: debug: 	Check KSK status
+2008-07-08 20:53:49.491: debug: 	Check ZSK status
+2008-07-08 20:53:49.491: debug: 	Re-signing not necessary!
+2008-07-08 20:53:49.491: debug: 	Check if there is a parent file to copy
+2008-07-08 20:53:49.491: debug: 
+2008-07-08 20:53:49.491: debug: parsing zone "example.net." in dir "././example.net."
+2008-07-08 20:53:49.492: debug: 	Check RFC5011 status
+2008-07-08 20:53:49.492: debug: 		->ksk5011status returns 2
+2008-07-08 20:53:49.492: debug: 	Check ZSK status
+2008-07-08 20:53:49.492: debug: 	Re-signing not necessary!
+2008-07-08 20:53:49.492: debug: 	Check if there is a parent file to copy
+2008-07-08 20:53:49.492: debug: 
+2008-07-08 20:53:49.492: notice: end of run: 0 errors occured
+2008-07-09 00:42:08.103: notice: ------------------------------------------------------------
+2008-07-09 00:42:08.103: notice: running ../../dnssec-signer -v -v 
+2008-07-09 00:42:08.106: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-09 00:42:08.106: debug: 	Check RFC5011 status
+2008-07-09 00:42:08.106: debug: 		->ksk5011status returns 0
+2008-07-09 00:42:08.106: debug: 	Check KSK status
+2008-07-09 00:42:08.106: debug: ksk_rollover
+2008-07-09 00:42:08.106: debug: 	Check ZSK status
+2008-07-09 00:42:08.106: debug: 	Re-signing not necessary!
+2008-07-09 00:42:08.106: debug: 	Check if there is a parent file to copy
+2008-07-09 00:42:08.106: debug: 
+2008-07-09 00:42:08.106: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-09 00:42:08.106: debug: 	Check RFC5011 status
+2008-07-09 00:42:08.106: debug: 		->ksk5011status returns 2
+2008-07-09 00:42:08.106: debug: 	Check ZSK status
+2008-07-09 00:42:08.106: debug: 	Re-signing not necessary!
+2008-07-09 00:42:08.106: debug: 	Check if there is a parent file to copy
+2008-07-09 00:42:08.106: debug: 
+2008-07-09 00:42:08.106: notice: end of run: 0 errors occured
+2008-07-09 00:45:19.663: notice: ------------------------------------------------------------
+2008-07-09 00:45:19.663: notice: running ../../dnssec-signer -v -v 
+2008-07-09 00:45:19.665: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-09 00:45:19.665: debug: 	Check RFC5011 status
+2008-07-09 00:45:19.665: debug: 		->ksk5011status returns 0
+2008-07-09 00:45:19.665: debug: 	Check KSK status
+2008-07-09 00:45:19.665: debug: 	Check ZSK status
+2008-07-09 00:45:19.665: debug: 	Re-signing not necessary!
+2008-07-09 00:45:19.665: debug: 	Check if there is a parent file to copy
+2008-07-09 00:45:19.665: debug: 
+2008-07-09 00:45:19.665: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-09 00:45:19.665: debug: 	Check RFC5011 status
+2008-07-09 00:45:19.665: debug: 		->ksk5011status returns 2
+2008-07-09 00:45:19.665: debug: 	Check ZSK status
+2008-07-09 00:45:19.665: debug: 	Re-signing not necessary!
+2008-07-09 00:45:19.665: debug: 	Check if there is a parent file to copy
+2008-07-09 00:45:19.665: debug: 
+2008-07-09 00:45:19.665: notice: end of run: 0 errors occured
+2008-07-09 23:46:12.682: notice: ------------------------------------------------------------
+2008-07-09 23:46:12.682: notice: running ../../dnssec-signer -v -v -D /home/hoz/named/dnssec-signer/zkt-0.97/examples/flat/ 
+2008-07-09 23:46:12.702: debug: parsing zone "sub.example.net." in dir "/home/hoz/named/dnssec-signer/zkt-0.97/examples/flat/sub.example.net."
+2008-07-09 23:46:12.702: debug: 	Check RFC5011 status
+2008-07-09 23:46:12.702: debug: 		->ksk5011status returns 0
+2008-07-09 23:46:12.702: debug: 	Check KSK status
+2008-07-09 23:46:12.702: debug: 	Check ZSK status
+2008-07-09 23:46:12.702: debug: 	Re-signing necessary: re-signing interval (1d) reached
+2008-07-09 23:46:12.702: notice: "sub.example.net.": re-signing triggered: re-signing interval (1d) reached
+2008-07-09 23:46:12.702: debug: 	Writing key file "/home/hoz/named/dnssec-signer/zkt-0.97/examples/flat/sub.example.net./dnskey.db"
+2008-07-09 23:46:12.702: debug: 	Signing zone "sub.example.net."
+2008-07-09 23:46:12.702: debug: 	  Run cmd "cd /home/hoz/named/dnssec-signer/zkt-0.97/examples/flat/sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-09 23:46:13.222: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-09 23:46:13.222: debug: 	Signing completed after 1s.
+2008-07-09 23:46:13.222: debug: 
+2008-07-09 23:46:13.222: debug: parsing zone "example.net." in dir "/home/hoz/named/dnssec-signer/zkt-0.97/examples/flat/example.net."
+2008-07-09 23:46:13.222: debug: 	Check RFC5011 status
+2008-07-09 23:46:13.222: debug: 		->ksk5011status returns 2
+2008-07-09 23:46:13.222: debug: 	Check ZSK status
+2008-07-09 23:46:13.222: debug: 	Lifetime(29100 sec) of depreciated key 14939 exceeded (98273 sec)
+2008-07-09 23:46:13.222: info: "example.net.": removed old ZSK 14939
+
+2008-07-09 23:46:13.222: debug: 		->remove it
+2008-07-09 23:46:13.222: debug: 	Re-signing necessary: New zone key
+2008-07-09 23:46:13.222: notice: "example.net.": re-signing triggered: New zone key
+2008-07-09 23:46:13.222: debug: 	Writing key file "/home/hoz/named/dnssec-signer/zkt-0.97/examples/flat/example.net./dnskey.db"
+2008-07-09 23:46:13.223: debug: 	Incrementing serial number in file "/home/hoz/named/dnssec-signer/zkt-0.97/examples/flat/example.net./zone.db"
+2008-07-09 23:46:13.223: debug: 	Signing zone "example.net."
+2008-07-09 23:46:13.223: debug: 	  Run cmd "cd /home/hoz/named/dnssec-signer/zkt-0.97/examples/flat/example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-09 23:46:13.374: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-09 23:46:13.374: debug: 	Signing completed after 0s.
+2008-07-09 23:46:13.374: debug: 
+2008-07-09 23:46:13.374: notice: end of run: 0 errors occured
+2008-07-15 00:21:04.641: notice: ------------------------------------------------------------
+2008-07-15 00:21:04.641: notice: running ../../dnssec-signer -r -v -v 
+2008-07-15 00:21:05.071: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-15 00:21:05.071: debug: 	Check RFC5011 status
+2008-07-15 00:21:05.071: debug: 		->ksk5011status returns 0
+2008-07-15 00:21:05.071: debug: 	Check KSK status
+2008-07-15 00:21:05.071: debug: 	Check ZSK status
+2008-07-15 00:21:05.071: debug: 	Lifetime(259200 +/-150 sec) of active key 2338 exceeded (602830 sec)
+2008-07-15 00:21:05.071: debug: 		->depreciate it
+2008-07-15 00:21:05.072: debug: 		->activate published key 9198
+2008-07-15 00:21:05.072: notice: "sub.example.net.": lifetime of zone signing key 2338 exceeded: ZSK rollover done
+2008-07-15 00:21:05.072: debug: 	New published key needed
+2008-07-15 00:21:05.128: debug: 		->creating new published key 8397
+2008-07-15 00:21:05.128: info: "sub.example.net.": new published key 8397 created
+2008-07-15 00:21:05.128: debug: 	Re-signing necessary: New zone key
+2008-07-15 00:21:05.128: notice: "sub.example.net.": re-signing triggered: New zone key
+2008-07-15 00:21:05.129: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-15 00:21:05.129: debug: 	Signing zone "sub.example.net."
+2008-07-15 00:21:05.129: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-15 00:21:05.274: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-15 00:21:05.274: debug: 	Signing completed after 0s.
+2008-07-15 00:21:05.274: notice: "sub.example.net.": distribution triggered
+2008-07-15 00:21:05.275: debug: 	Distribute zone "sub.example.net."
+2008-07-15 00:21:05.275: debug: 	  Run cmd "./dist.sh reload sub.example.net."
+2008-07-15 00:21:05.279: debug: 
+2008-07-15 00:21:05.279: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-15 00:21:05.279: debug: 	Check RFC5011 status
+2008-07-15 00:21:05.279: debug: 		->ksk5011status returns 2
+2008-07-15 00:21:05.279: debug: 	Check ZSK status
+2008-07-15 00:21:05.279: debug: 	Re-signing necessary: re-signing interval (2d) reached
+2008-07-15 00:21:05.279: notice: "example.net.": re-signing triggered: re-signing interval (2d) reached
+2008-07-15 00:21:05.279: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-15 00:21:05.280: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-15 00:21:05.280: debug: 	Signing zone "example.net."
+2008-07-15 00:21:05.280: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-15 00:21:05.418: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-15 00:21:05.419: debug: 	Signing completed after 0s.
+2008-07-15 00:21:05.419: notice: "example.net.": distribution triggered
+2008-07-15 00:21:05.419: debug: 	Distribute zone "example.net."
+2008-07-15 00:21:05.419: debug: 	  Run cmd "./dist.sh reload example.net."
+2008-07-15 00:21:05.423: debug: 
+2008-07-15 00:21:05.423: notice: end of run: 0 errors occured
+2008-07-15 00:21:18.128: notice: ------------------------------------------------------------
+2008-07-15 00:21:18.128: notice: running ../../dnssec-signer -r -v -v 
+2008-07-15 00:21:18.130: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-15 00:21:18.130: debug: 	Check RFC5011 status
+2008-07-15 00:21:18.130: debug: 		->ksk5011status returns 0
+2008-07-15 00:21:18.130: debug: 	Check KSK status
+2008-07-15 00:21:18.130: debug: 	Check ZSK status
+2008-07-15 00:21:18.130: debug: 	Re-signing not necessary!
+2008-07-15 00:21:18.130: debug: 	Check if there is a parent file to copy
+2008-07-15 00:21:18.130: debug: 
+2008-07-15 00:21:18.130: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-15 00:21:18.131: debug: 	Check RFC5011 status
+2008-07-15 00:21:18.131: debug: 		->ksk5011status returns 2
+2008-07-15 00:21:18.131: debug: 	Check ZSK status
+2008-07-15 00:21:18.131: debug: 	Re-signing not necessary!
+2008-07-15 00:21:18.131: debug: 	Check if there is a parent file to copy
+2008-07-15 00:21:18.131: debug: 
+2008-07-15 00:21:18.131: notice: end of run: 0 errors occured
+2008-07-15 00:21:26.360: notice: ------------------------------------------------------------
+2008-07-15 00:21:26.360: notice: running ../../dnssec-signer -f -r -v -v 
+2008-07-15 00:21:26.362: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-15 00:21:26.362: debug: 	Check RFC5011 status
+2008-07-15 00:21:26.362: debug: 		->ksk5011status returns 0
+2008-07-15 00:21:26.362: debug: 	Check KSK status
+2008-07-15 00:21:26.362: debug: 	Check ZSK status
+2008-07-15 00:21:26.362: debug: 	Re-signing necessary: Option -f
+2008-07-15 00:21:26.362: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-15 00:21:26.362: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-15 00:21:26.363: debug: 	Signing zone "sub.example.net."
+2008-07-15 00:21:26.363: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-15 00:21:26.978: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-15 00:21:26.978: debug: 	Signing completed after 0s.
+2008-07-15 00:21:26.978: notice: "sub.example.net.": distribution triggered
+2008-07-15 00:21:26.978: debug: 	Distribute zone "sub.example.net."
+2008-07-15 00:21:26.978: debug: 	  Run cmd "./dist.sh reload sub.example.net."
+2008-07-15 00:21:26.983: debug: 
+2008-07-15 00:21:26.983: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-15 00:21:26.983: debug: 	Check RFC5011 status
+2008-07-15 00:21:26.983: debug: 		->ksk5011status returns 2
+2008-07-15 00:21:26.983: debug: 	Check ZSK status
+2008-07-15 00:21:26.983: debug: 	Re-signing necessary: Option -f
+2008-07-15 00:21:26.983: notice: "example.net.": re-signing triggered: Option -f
+2008-07-15 00:21:26.983: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-15 00:21:26.983: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-15 00:21:26.983: debug: 	Signing zone "example.net."
+2008-07-15 00:21:26.983: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-15 00:21:27.122: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-15 00:21:27.122: debug: 	Signing completed after 1s.
+2008-07-15 00:21:27.122: notice: "example.net.": distribution triggered
+2008-07-15 00:21:27.122: debug: 	Distribute zone "example.net."
+2008-07-15 00:21:27.122: debug: 	  Run cmd "./dist.sh reload example.net."
+2008-07-15 00:21:27.127: debug: 
+2008-07-15 00:21:27.127: notice: end of run: 0 errors occured
+2008-07-15 00:21:52.947: notice: ------------------------------------------------------------
+2008-07-15 00:21:52.947: notice: running ../../dnssec-signer -f -r -v -v 
+2008-07-15 00:21:52.951: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-15 00:21:52.951: debug: 	Check RFC5011 status
+2008-07-15 00:21:52.951: debug: 		->ksk5011status returns 0
+2008-07-15 00:21:52.951: debug: 	Check KSK status
+2008-07-15 00:21:52.951: debug: 	Check ZSK status
+2008-07-15 00:21:52.951: debug: 	Re-signing necessary: Option -f
+2008-07-15 00:21:52.951: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-15 00:21:52.951: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-15 00:21:52.952: debug: 	Signing zone "sub.example.net."
+2008-07-15 00:21:52.952: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-15 00:21:53.119: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-15 00:21:53.119: debug: 	Signing completed after 1s.
+2008-07-15 00:21:53.120: notice: "sub.example.net.": distribution triggered
+2008-07-15 00:21:53.120: debug: 	Distribute zone "sub.example.net."
+2008-07-15 00:21:53.120: debug: 	  Run cmd "./dist.sh reload sub.example.net."
+2008-07-15 00:21:53.126: debug: 
+2008-07-15 00:21:53.126: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-15 00:21:53.126: debug: 	Check RFC5011 status
+2008-07-15 00:21:53.126: debug: 		->ksk5011status returns 2
+2008-07-15 00:21:53.126: debug: 	Check ZSK status
+2008-07-15 00:21:53.126: debug: 	Re-signing necessary: Option -f
+2008-07-15 00:21:53.126: notice: "example.net.": re-signing triggered: Option -f
+2008-07-15 00:21:53.126: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-15 00:21:53.126: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-15 00:21:53.126: debug: 	Signing zone "example.net."
+2008-07-15 00:21:53.126: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-15 00:21:53.262: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-15 00:21:53.262: debug: 	Signing completed after 0s.
+2008-07-15 00:21:53.262: notice: "example.net.": distribution triggered
+2008-07-15 00:21:53.262: debug: 	Distribute zone "example.net."
+2008-07-15 00:21:53.262: debug: 	  Run cmd "./dist.sh reload example.net."
+2008-07-15 00:21:53.268: debug: 
+2008-07-15 00:21:53.268: notice: end of run: 0 errors occured
+2008-07-15 00:23:40.781: notice: ------------------------------------------------------------
+2008-07-15 00:23:40.781: notice: running ../../dnssec-signer -f -r -v -v 
+2008-07-15 00:23:40.783: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-15 00:23:40.783: debug: 	Check RFC5011 status
+2008-07-15 00:23:40.783: debug: 		->ksk5011status returns 0
+2008-07-15 00:23:40.783: debug: 	Check KSK status
+2008-07-15 00:23:40.783: debug: 	Check ZSK status
+2008-07-15 00:23:40.783: debug: 	Re-signing necessary: Option -f
+2008-07-15 00:23:40.783: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-15 00:23:40.783: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-15 00:23:40.786: debug: 	Signing zone "sub.example.net."
+2008-07-15 00:23:40.786: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-15 00:23:41.281: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-15 00:23:41.281: debug: 	Signing completed after 1s.
+2008-07-15 00:23:41.281: notice: "sub.example.net.": distribution triggered
+2008-07-15 00:23:41.281: debug: 	Distribute zone "sub.example.net."
+2008-07-15 00:23:41.281: debug: 	  Run cmd "./dist.sh reload sub.example.net."
+2008-07-15 00:23:41.287: debug: 
+2008-07-15 00:23:41.287: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-15 00:23:41.287: debug: 	Check RFC5011 status
+2008-07-15 00:23:41.287: debug: 		->ksk5011status returns 2
+2008-07-15 00:23:41.287: debug: 	Check ZSK status
+2008-07-15 00:23:41.287: debug: 	Re-signing necessary: Option -f
+2008-07-15 00:23:41.287: notice: "example.net.": re-signing triggered: Option -f
+2008-07-15 00:23:41.288: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-15 00:23:41.288: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-15 00:23:41.288: debug: 	Signing zone "example.net."
+2008-07-15 00:23:41.289: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-15 00:23:41.561: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-15 00:23:41.561: debug: 	Signing completed after 0s.
+2008-07-15 00:23:41.561: notice: "example.net.": distribution triggered
+2008-07-15 00:23:41.561: debug: 	Distribute zone "example.net."
+2008-07-15 00:23:41.561: debug: 	  Run cmd "./dist.sh reload example.net."
+2008-07-15 00:23:41.566: debug: 
+2008-07-15 00:23:41.567: notice: end of run: 0 errors occured
+2008-07-15 00:31:10.917: notice: ------------------------------------------------------------
+2008-07-15 00:31:10.917: notice: running ../../dnssec-signer -f -r -v -v 
+2008-07-15 00:31:10.923: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-15 00:31:10.923: debug: 	Check RFC5011 status
+2008-07-15 00:31:10.923: debug: 		->ksk5011status returns 0
+2008-07-15 00:31:10.923: debug: 	Check KSK status
+2008-07-15 00:31:10.923: debug: 	Check ZSK status
+2008-07-15 00:31:10.923: debug: 	Lifetime(390 sec) of depreciated key 2338 exceeded (605 sec)
+2008-07-15 00:31:10.923: info: "sub.example.net.": removed old ZSK 2338
+
+2008-07-15 00:31:10.924: debug: 		->remove it
+2008-07-15 00:31:10.924: debug: 	Re-signing necessary: Option -f
+2008-07-15 00:31:10.924: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-15 00:31:10.924: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-15 00:31:11.347: debug: 	Signing zone "sub.example.net."
+2008-07-15 00:31:11.347: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-15 00:31:11.571: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-15 00:31:11.571: debug: 	Signing completed after 0s.
+2008-07-15 00:31:11.571: notice: "sub.example.net.": distribution triggered
+2008-07-15 00:31:11.571: debug: 	Distribute zone "sub.example.net."
+2008-07-15 00:31:11.571: debug: 	  Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-15 00:31:11.579: debug: 	  ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed :/sub.example.net."
+2008-07-15 00:31:11.579: debug: 
+2008-07-15 00:31:11.580: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-15 00:31:11.580: debug: 	Check RFC5011 status
+2008-07-15 00:31:11.580: debug: 		->ksk5011status returns 2
+2008-07-15 00:31:11.580: debug: 	Check ZSK status
+2008-07-15 00:31:11.580: debug: 	Re-signing necessary: Option -f
+2008-07-15 00:31:11.580: notice: "example.net.": re-signing triggered: Option -f
+2008-07-15 00:31:11.580: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-15 00:31:11.581: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-15 00:31:11.581: debug: 	Signing zone "example.net."
+2008-07-15 00:31:11.581: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-15 00:31:11.698: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-15 00:31:11.698: debug: 	Signing completed after 0s.
+2008-07-15 00:31:11.698: notice: "example.net.": distribution triggered
+2008-07-15 00:31:11.698: debug: 	Distribute zone "example.net."
+2008-07-15 00:31:11.698: debug: 	  Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
+2008-07-15 00:31:11.704: debug: 	  ./dist.sh reload return: "scp ./example.net./zone.db.signed :/example.net."
+2008-07-15 00:31:11.704: debug: 
+2008-07-15 00:31:11.704: notice: end of run: 0 errors occured
+2008-07-15 00:32:00.676: notice: ------------------------------------------------------------
+2008-07-15 00:32:00.676: notice: running ../../dnssec-signer -f -r -v -v 
+2008-07-15 00:32:00.678: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-15 00:32:00.678: debug: 	Check RFC5011 status
+2008-07-15 00:32:00.678: debug: 		->ksk5011status returns 0
+2008-07-15 00:32:00.678: debug: 	Check KSK status
+2008-07-15 00:32:00.678: debug: 	Check ZSK status
+2008-07-15 00:32:00.678: debug: 	Re-signing necessary: Option -f
+2008-07-15 00:32:00.678: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-15 00:32:00.678: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-15 00:32:00.679: debug: 	Signing zone "sub.example.net."
+2008-07-15 00:32:00.679: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-15 00:32:01.282: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-15 00:32:01.282: debug: 	Signing completed after 1s.
+2008-07-15 00:32:01.282: notice: "sub.example.net.": distribution triggered
+2008-07-15 00:32:01.282: debug: 	Distribute zone "sub.example.net."
+2008-07-15 00:32:01.282: debug: 	  Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-15 00:32:01.289: debug: 	  ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/sub.example.net."
+2008-07-15 00:32:01.289: debug: 
+2008-07-15 00:32:01.289: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-15 00:32:01.289: debug: 	Check RFC5011 status
+2008-07-15 00:32:01.289: debug: 		->ksk5011status returns 2
+2008-07-15 00:32:01.289: debug: 	Check ZSK status
+2008-07-15 00:32:01.290: debug: 	Re-signing necessary: Option -f
+2008-07-15 00:32:01.290: notice: "example.net.": re-signing triggered: Option -f
+2008-07-15 00:32:01.290: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-15 00:32:01.291: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-15 00:32:01.291: debug: 	Signing zone "example.net."
+2008-07-15 00:32:01.291: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-15 00:32:01.405: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-15 00:32:01.405: debug: 	Signing completed after 0s.
+2008-07-15 00:32:01.406: notice: "example.net.": distribution triggered
+2008-07-15 00:32:01.406: debug: 	Distribute zone "example.net."
+2008-07-15 00:32:01.406: debug: 	  Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
+2008-07-15 00:32:01.412: debug: 	  ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/example.net."
+2008-07-15 00:32:01.412: debug: 
+2008-07-15 00:32:01.412: notice: end of run: 0 errors occured
+2008-07-15 00:33:00.866: notice: ------------------------------------------------------------
+2008-07-15 00:33:00.867: notice: running ../../dnssec-signer -f -r -v -v 
+2008-07-15 00:33:00.869: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-15 00:33:00.869: debug: 	Check RFC5011 status
+2008-07-15 00:33:00.869: debug: 		->ksk5011status returns 0
+2008-07-15 00:33:00.869: debug: 	Check KSK status
+2008-07-15 00:33:00.869: debug: 	Check ZSK status
+2008-07-15 00:33:00.869: debug: 	Re-signing necessary: Option -f
+2008-07-15 00:33:00.870: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-15 00:33:00.870: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-15 00:33:00.870: debug: 	Signing zone "sub.example.net."
+2008-07-15 00:33:00.870: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-15 00:33:01.531: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-15 00:33:01.531: debug: 	Signing completed after 1s.
+2008-07-15 00:33:01.531: notice: "sub.example.net.": distribution triggered
+2008-07-15 00:33:01.531: debug: 	Distribute zone "sub.example.net."
+2008-07-15 00:33:01.531: debug: 	  Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-15 00:33:01.537: debug: 	  ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net."
+2008-07-15 00:33:01.537: debug: 
+2008-07-15 00:33:01.537: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-15 00:33:01.538: debug: 	Check RFC5011 status
+2008-07-15 00:33:01.538: debug: 		->ksk5011status returns 2
+2008-07-15 00:33:01.538: debug: 	Check ZSK status
+2008-07-15 00:33:01.538: debug: 	Re-signing necessary: Option -f
+2008-07-15 00:33:01.538: notice: "example.net.": re-signing triggered: Option -f
+2008-07-15 00:33:01.538: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-15 00:33:01.539: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-15 00:33:01.539: debug: 	Signing zone "example.net."
+2008-07-15 00:33:01.539: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-15 00:33:01.655: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-15 00:33:01.655: debug: 	Signing completed after 0s.
+2008-07-15 00:33:01.655: notice: "example.net.": distribution triggered
+2008-07-15 00:33:01.655: debug: 	Distribute zone "example.net."
+2008-07-15 00:33:01.656: debug: 	  Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
+2008-07-15 00:33:01.661: debug: 	  ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net."
+2008-07-15 00:33:01.662: debug: 
+2008-07-15 00:33:01.662: notice: end of run: 0 errors occured
+2008-07-15 00:34:09.259: notice: ------------------------------------------------------------
+2008-07-15 00:34:09.259: notice: running ../../dnssec-signer -f -r -v -v 
+2008-07-15 00:34:09.261: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-15 00:34:09.261: debug: 	Check RFC5011 status
+2008-07-15 00:34:09.261: debug: 		->ksk5011status returns 0
+2008-07-15 00:34:09.261: debug: 	Check KSK status
+2008-07-15 00:34:09.261: debug: 	Check ZSK status
+2008-07-15 00:34:09.261: debug: 	Re-signing necessary: Option -f
+2008-07-15 00:34:09.261: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-15 00:34:09.261: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-15 00:34:09.261: debug: 	Signing zone "sub.example.net."
+2008-07-15 00:34:09.261: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-15 00:34:10.245: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-15 00:34:10.245: debug: 	Signing completed after 1s.
+2008-07-15 00:34:10.245: notice: "sub.example.net.": distribution triggered
+2008-07-15 00:34:10.245: debug: 	Distribute zone "sub.example.net."
+2008-07-15 00:34:10.245: debug: 	  Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-15 00:34:10.251: debug: 	  ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./"
+2008-07-15 00:34:10.252: debug: 
+2008-07-15 00:34:10.252: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-15 00:34:10.252: debug: 	Check RFC5011 status
+2008-07-15 00:34:10.252: debug: 		->ksk5011status returns 2
+2008-07-15 00:34:10.252: debug: 	Check ZSK status
+2008-07-15 00:34:10.252: debug: 	Re-signing necessary: Option -f
+2008-07-15 00:34:10.252: notice: "example.net.": re-signing triggered: Option -f
+2008-07-15 00:34:10.252: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-15 00:34:10.252: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-15 00:34:10.252: debug: 	Signing zone "example.net."
+2008-07-15 00:34:10.252: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-15 00:34:10.369: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-15 00:34:10.369: debug: 	Signing completed after 0s.
+2008-07-15 00:34:10.369: notice: "example.net.": distribution triggered
+2008-07-15 00:34:10.369: debug: 	Distribute zone "example.net."
+2008-07-15 00:34:10.369: debug: 	  Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
+2008-07-15 00:34:10.375: debug: 	  ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./"
+2008-07-15 00:34:10.375: debug: 
+2008-07-15 00:34:10.375: notice: end of run: 0 errors occured
+2008-07-18 00:38:52.860: notice: ------------------------------------------------------------
+2008-07-18 00:38:52.860: notice: running ../../dnssec-signer -v -v 
+2008-07-18 00:38:52.862: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-18 00:38:52.862: debug: 	Check RFC5011 status
+2008-07-18 00:38:52.862: debug: 		->ksk5011status returns 0
+2008-07-18 00:38:52.862: debug: 	Check KSK status
+2008-07-18 00:38:52.862: debug: 	Check ZSK status
+2008-07-18 00:38:52.862: debug: 	Lifetime(259200 +/-150 sec) of active key 9198 exceeded (260267 sec)
+2008-07-18 00:38:52.862: debug: 		->depreciate it
+2008-07-18 00:38:52.862: debug: 		->activate published key 8397
+2008-07-18 00:38:52.862: notice: "sub.example.net.": lifetime of zone signing key 9198 exceeded: ZSK rollover done
+2008-07-18 00:38:52.862: debug: 	New published key needed
+2008-07-18 00:38:53.418: debug: 		->creating new published key 31081
+2008-07-18 00:38:53.418: info: "sub.example.net.": new key 31081 generated for publishing
+2008-07-18 00:38:53.418: debug: 	Re-signing necessary: New zone key
+2008-07-18 00:38:53.418: notice: "sub.example.net.": re-signing triggered: New zone key
+2008-07-18 00:38:53.418: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-18 00:38:53.419: debug: 	Signing zone "sub.example.net."
+2008-07-18 00:38:53.419: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-18 00:38:53.556: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-18 00:38:53.556: debug: 	Signing completed after 0s.
+2008-07-18 00:38:53.556: debug: 
+2008-07-18 00:38:53.556: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-18 00:38:53.557: debug: 	Check RFC5011 status
+2008-07-18 00:38:53.557: debug: 		->ksk5011status returns 2
+2008-07-18 00:38:53.557: debug: 	Check ZSK status
+2008-07-18 00:38:53.557: debug: 	Re-signing necessary: re-signing interval (2d) reached
+2008-07-18 00:38:53.557: notice: "example.net.": re-signing triggered: re-signing interval (2d) reached
+2008-07-18 00:38:53.557: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-18 00:38:53.558: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-18 00:38:53.558: debug: 	Signing zone "example.net."
+2008-07-18 00:38:53.559: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-18 00:38:53.715: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-18 00:38:53.715: debug: 	Signing completed after 0s.
+2008-07-18 00:38:53.715: debug: 
+2008-07-18 00:38:53.716: notice: end of run: 0 errors occured
+2008-07-18 00:39:29.824: notice: ------------------------------------------------------------
+2008-07-18 00:39:29.824: notice: running ../../dnssec-signer -r -v -v 
+2008-07-18 00:39:29.827: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-18 00:39:29.827: debug: 	Check RFC5011 status
+2008-07-18 00:39:29.827: debug: 		->ksk5011status returns 0
+2008-07-18 00:39:29.827: debug: 	Check KSK status
+2008-07-18 00:39:29.827: debug: 	Check ZSK status
+2008-07-18 00:39:29.827: debug: 	Re-signing not necessary!
+2008-07-18 00:39:29.827: debug: 	Check if there is a parent file to copy
+2008-07-18 00:39:29.827: debug: 
+2008-07-18 00:39:29.827: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-18 00:39:29.827: debug: 	Check RFC5011 status
+2008-07-18 00:39:29.827: debug: 		->ksk5011status returns 2
+2008-07-18 00:39:29.827: debug: 	Check ZSK status
+2008-07-18 00:39:29.827: debug: 	Re-signing not necessary!
+2008-07-18 00:39:29.827: debug: 	Check if there is a parent file to copy
+2008-07-18 00:39:29.827: debug: 
+2008-07-18 00:39:29.828: notice: end of run: 0 errors occured
+2008-07-18 00:39:36.641: notice: ------------------------------------------------------------
+2008-07-18 00:39:36.641: notice: running ../../dnssec-signer -r -f -v -v 
+2008-07-18 00:39:36.644: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-18 00:39:36.644: debug: 	Check RFC5011 status
+2008-07-18 00:39:36.644: debug: 		->ksk5011status returns 0
+2008-07-18 00:39:36.644: debug: 	Check KSK status
+2008-07-18 00:39:36.644: debug: 	Check ZSK status
+2008-07-18 00:39:36.644: debug: 	Re-signing necessary: Option -f
+2008-07-18 00:39:36.644: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-18 00:39:36.644: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-18 00:39:36.644: debug: 	Signing zone "sub.example.net."
+2008-07-18 00:39:36.644: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-18 00:39:37.144: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-18 00:39:37.144: debug: 	Signing completed after 1s.
+2008-07-18 00:39:37.144: notice: "sub.example.net.": distribution triggered
+2008-07-18 00:39:37.144: debug: 	Distribute zone "sub.example.net."
+2008-07-18 00:39:37.144: debug: 	  Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-18 00:39:37.151: debug: 	  ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./"
+2008-07-18 00:39:37.151: debug: 
+2008-07-18 00:39:37.151: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-18 00:39:37.151: debug: 	Check RFC5011 status
+2008-07-18 00:39:37.151: debug: 		->ksk5011status returns 2
+2008-07-18 00:39:37.151: debug: 	Check ZSK status
+2008-07-18 00:39:37.151: debug: 	Re-signing necessary: Option -f
+2008-07-18 00:39:37.151: notice: "example.net.": re-signing triggered: Option -f
+2008-07-18 00:39:37.151: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-18 00:39:37.152: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-18 00:39:37.152: debug: 	Signing zone "example.net."
+2008-07-18 00:39:37.152: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-18 00:39:37.313: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-18 00:39:37.313: debug: 	Signing completed after 0s.
+2008-07-18 00:39:37.313: notice: "example.net.": distribution triggered
+2008-07-18 00:39:37.313: debug: 	Distribute zone "example.net."
+2008-07-18 00:39:37.313: debug: 	  Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
+2008-07-18 00:39:37.319: debug: 	  ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./"
+2008-07-18 00:39:37.319: debug: 
+2008-07-18 00:39:37.319: notice: end of run: 0 errors occured
+2008-07-18 00:42:39.912: notice: ------------------------------------------------------------
+2008-07-18 00:42:39.912: notice: running ../../dnssec-signer -v -v 
+2008-07-18 00:42:39.914: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-18 00:42:39.914: debug: 	Check RFC5011 status
+2008-07-18 00:42:39.914: debug: 		->ksk5011status returns 0
+2008-07-18 00:42:39.914: debug: 	Check KSK status
+2008-07-18 00:42:39.914: debug: 	Check ZSK status
+2008-07-18 00:42:39.914: debug: 	Re-signing not necessary!
+2008-07-18 00:42:39.914: debug: 	Check if there is a parent file to copy
+2008-07-18 00:42:39.914: debug: 
+2008-07-18 00:42:39.914: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-18 00:42:39.914: debug: 	Check RFC5011 status
+2008-07-18 00:42:39.914: debug: 		->ksk5011status returns 2
+2008-07-18 00:42:39.914: debug: 	Check ZSK status
+2008-07-18 00:42:39.914: debug: 	Re-signing not necessary!
+2008-07-18 00:42:39.914: debug: 	Check if there is a parent file to copy
+2008-07-18 00:42:39.914: debug: 
+2008-07-18 00:42:39.914: notice: end of run: 0 errors occured
+2008-07-22 00:10:38.346: notice: ------------------------------------------------------------
+2008-07-22 00:10:38.346: notice: running ../../dnssec-signer -v -v 
+2008-07-22 00:10:38.349: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-22 00:10:38.349: debug: 	Check RFC5011 status
+2008-07-22 00:10:38.349: debug: 		->ksk5011status returns 0
+2008-07-22 00:10:38.349: debug: 	Check KSK status
+2008-07-22 00:10:38.349: debug: 	Check ZSK status
+2008-07-22 00:10:38.349: debug: 	Lifetime(390 sec) of depreciated key 9198 exceeded (343906 sec)
+2008-07-22 00:10:38.349: info: "sub.example.net.": removed old ZSK 9198
+
+2008-07-22 00:10:38.349: debug: 		->remove it
+2008-07-22 00:10:38.349: debug: 	Lifetime(259200 +/-150 sec) of active key 8397 exceeded (343906 sec)
+2008-07-22 00:10:38.349: debug: 		->depreciate it
+2008-07-22 00:10:38.349: debug: 		->activate published key 31081
+2008-07-22 00:10:38.349: notice: "sub.example.net.": lifetime of zone signing key 8397 exceeded: ZSK rollover done
+2008-07-22 00:10:38.349: debug: 	New published key needed
+2008-07-22 00:10:38.870: debug: 		->creating new published key 3615
+2008-07-22 00:10:38.870: info: "sub.example.net.": new key 3615 generated for publishing
+2008-07-22 00:10:38.870: debug: 	Re-signing necessary: New zone key
+2008-07-22 00:10:38.870: notice: "sub.example.net.": re-signing triggered: New zone key
+2008-07-22 00:10:38.870: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-22 00:10:38.871: debug: 	Signing zone "sub.example.net."
+2008-07-22 00:10:38.871: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-22 00:10:39.208: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 00:10:39.208: debug: 	Signing completed after 1s.
+2008-07-22 00:10:39.208: debug: 
+2008-07-22 00:10:39.208: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-22 00:10:39.208: debug: 	Check RFC5011 status
+2008-07-22 00:10:39.208: debug: 		->ksk5011status returns 2
+2008-07-22 00:10:39.208: debug: 	Check ZSK status
+2008-07-22 00:10:39.208: debug: 	New published key needed
+2008-07-22 00:10:39.255: debug: 		->creating new published key 41300
+2008-07-22 00:10:39.255: info: "example.net.": new key 41300 generated for publishing
+2008-07-22 00:10:39.255: debug: 	Re-signing necessary: New zone key
+2008-07-22 00:10:39.255: notice: "example.net.": re-signing triggered: New zone key
+2008-07-22 00:10:39.255: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-22 00:10:39.256: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-22 00:10:39.256: debug: 	Signing zone "example.net."
+2008-07-22 00:10:39.256: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-22 00:10:39.414: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 00:10:39.414: debug: 	Signing completed after 0s.
+2008-07-22 00:10:39.414: debug: 
+2008-07-22 00:10:39.414: notice: end of run: 0 errors occured
+2008-07-22 00:16:04.680: notice: ------------------------------------------------------------
+2008-07-22 00:16:04.680: notice: running ../../dnssec-signer -v -v 
+2008-07-22 00:16:04.682: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-22 00:16:04.682: debug: 	Check RFC5011 status
+2008-07-22 00:16:04.682: debug: 		->ksk5011status returns 0
+2008-07-22 00:16:04.683: debug: 	Check KSK status
+2008-07-22 00:16:04.683: debug: 	Check ZSK status
+2008-07-22 00:16:04.683: debug: 	Re-signing not necessary!
+2008-07-22 00:16:04.683: debug: 	Check if there is a parent file to copy
+2008-07-22 00:16:04.683: debug: 
+2008-07-22 00:16:04.683: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-22 00:16:04.683: debug: 	Check RFC5011 status
+2008-07-22 00:16:04.683: debug: 		->ksk5011status returns 2
+2008-07-22 00:16:04.684: debug: 	Check ZSK status
+2008-07-22 00:16:04.684: debug: 	Re-signing not necessary!
+2008-07-22 00:16:04.684: debug: 	Check if there is a parent file to copy
+2008-07-22 00:16:04.684: debug: 
+2008-07-22 00:16:04.684: notice: end of run: 0 errors occured
+2008-07-22 00:16:09.309: notice: ------------------------------------------------------------
+2008-07-22 00:16:09.309: notice: running ../../dnssec-signer -r -v -v 
+2008-07-22 00:16:09.311: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-22 00:16:09.311: debug: 	Check RFC5011 status
+2008-07-22 00:16:09.311: debug: 		->ksk5011status returns 0
+2008-07-22 00:16:09.312: debug: 	Check KSK status
+2008-07-22 00:16:09.312: debug: 	Check ZSK status
+2008-07-22 00:16:09.312: debug: 	Re-signing not necessary!
+2008-07-22 00:16:09.312: debug: 	Check if there is a parent file to copy
+2008-07-22 00:16:09.312: debug: 
+2008-07-22 00:16:09.312: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-22 00:16:09.312: debug: 	Check RFC5011 status
+2008-07-22 00:16:09.312: debug: 		->ksk5011status returns 2
+2008-07-22 00:16:09.313: debug: 	Check ZSK status
+2008-07-22 00:16:09.313: debug: 	Re-signing not necessary!
+2008-07-22 00:16:09.313: debug: 	Check if there is a parent file to copy
+2008-07-22 00:16:09.313: debug: 
+2008-07-22 00:16:09.313: notice: end of run: 0 errors occured
+2008-07-22 00:16:13.285: notice: ------------------------------------------------------------
+2008-07-22 00:16:13.285: notice: running ../../dnssec-signer -r -f -v -v 
+2008-07-22 00:16:13.287: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-22 00:16:13.287: debug: 	Check RFC5011 status
+2008-07-22 00:16:13.287: debug: 		->ksk5011status returns 0
+2008-07-22 00:16:13.287: debug: 	Check KSK status
+2008-07-22 00:16:13.287: debug: 	Check ZSK status
+2008-07-22 00:16:13.287: debug: 	Re-signing necessary: Option -f
+2008-07-22 00:16:13.287: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-22 00:16:13.287: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-22 00:16:13.287: debug: 	Signing zone "sub.example.net."
+2008-07-22 00:16:13.287: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-22 00:16:13.822: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 00:16:13.822: debug: 	Signing completed after 0s.
+2008-07-22 00:16:13.822: notice: "sub.example.net.": distribution triggered
+2008-07-22 00:16:13.822: debug: 	Distribute zone "sub.example.net."
+2008-07-22 00:16:13.822: debug: 	  Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-22 00:16:13.828: debug: 	  ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./"
+2008-07-22 00:16:13.828: debug: 
+2008-07-22 00:16:13.829: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-22 00:16:13.829: debug: 	Check RFC5011 status
+2008-07-22 00:16:13.829: debug: 		->ksk5011status returns 2
+2008-07-22 00:16:13.829: debug: 	Check ZSK status
+2008-07-22 00:16:13.829: debug: 	Re-signing necessary: Option -f
+2008-07-22 00:16:13.829: notice: "example.net.": re-signing triggered: Option -f
+2008-07-22 00:16:13.829: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-22 00:16:13.830: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-22 00:16:13.830: debug: 	Signing zone "example.net."
+2008-07-22 00:16:13.830: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-22 00:16:13.976: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 00:16:13.976: debug: 	Signing completed after 0s.
+2008-07-22 00:16:13.977: notice: "example.net.": distribution triggered
+2008-07-22 00:16:13.977: debug: 	Distribute zone "example.net."
+2008-07-22 00:16:13.977: debug: 	  Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
+2008-07-22 00:16:13.983: debug: 	  ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./"
+2008-07-22 00:16:13.983: debug: 
+2008-07-22 00:16:13.983: notice: end of run: 0 errors occured
+2008-07-22 00:20:56.119: notice: ------------------------------------------------------------
+2008-07-22 00:20:56.119: notice: running ../../dnssec-signer -r -f -v -v 
+2008-07-22 00:20:56.121: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-22 00:20:56.121: debug: 	Check RFC5011 status
+2008-07-22 00:20:56.121: debug: 		->ksk5011status returns 0
+2008-07-22 00:20:56.121: debug: 	Check KSK status
+2008-07-22 00:20:56.121: debug: 	Check ZSK status
+2008-07-22 00:20:56.121: debug: 	Lifetime(390 sec) of depreciated key 8397 exceeded (618 sec)
+2008-07-22 00:20:56.121: info: "sub.example.net.": removed old ZSK 8397
+
+2008-07-22 00:20:56.122: debug: 		->remove it
+2008-07-22 00:20:56.122: debug: 	Re-signing necessary: Option -f
+2008-07-22 00:20:56.122: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-22 00:20:56.122: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-22 00:20:56.122: debug: 	Signing zone "sub.example.net."
+2008-07-22 00:20:56.122: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-22 00:20:56.627: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 00:20:56.627: debug: 	Signing completed after 0s.
+2008-07-22 00:20:56.627: notice: "sub.example.net.": distribution triggered
+2008-07-22 00:20:56.627: debug: 	Distribute zone "sub.example.net."
+2008-07-22 00:20:56.627: debug: 	  Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-22 00:20:56.634: debug: 	  ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./"
+2008-07-22 00:20:56.635: debug: 
+2008-07-22 00:20:56.635: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-22 00:20:56.635: debug: 	Check RFC5011 status
+2008-07-22 00:20:56.635: debug: 		->ksk5011status returns 2
+2008-07-22 00:20:56.635: debug: 	Check ZSK status
+2008-07-22 00:20:56.635: debug: 	Re-signing necessary: Option -f
+2008-07-22 00:20:56.635: notice: "example.net.": re-signing triggered: Option -f
+2008-07-22 00:20:56.635: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-22 00:20:56.636: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-22 00:20:56.636: debug: 	Signing zone "example.net."
+2008-07-22 00:20:56.637: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-22 00:20:56.760: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 00:20:56.760: debug: 	Signing completed after 0s.
+2008-07-22 00:20:56.760: notice: "example.net.": distribution triggered
+2008-07-22 00:20:56.760: debug: 	Distribute zone "example.net."
+2008-07-22 00:20:56.760: debug: 	  Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
+2008-07-22 00:20:56.768: debug: 	  ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./"
+2008-07-22 00:20:56.769: debug: 
+2008-07-22 00:20:56.769: notice: end of run: 0 errors occured
+2008-07-22 00:23:51.528: notice: ------------------------------------------------------------
+2008-07-22 00:23:51.528: notice: running ../../dnssec-signer -r -f -v -v 
+2008-07-22 00:23:51.530: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-22 00:23:51.530: debug: 	Check RFC5011 status
+2008-07-22 00:23:51.530: debug: 		->ksk5011status returns 0
+2008-07-22 00:23:51.531: debug: 	Check KSK status
+2008-07-22 00:23:51.531: debug: 	Check ZSK status
+2008-07-22 00:23:51.531: debug: 	Re-signing necessary: Option -f
+2008-07-22 00:23:51.531: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-22 00:23:51.531: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-22 00:23:51.531: debug: 	Signing zone "sub.example.net."
+2008-07-22 00:23:51.532: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-22 00:23:52.042: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 00:23:52.042: debug: 	Signing completed after 1s.
+2008-07-22 00:23:52.042: notice: "sub.example.net.": distribution triggered
+2008-07-22 00:23:52.042: debug: 	Distribute zone "sub.example.net."
+2008-07-22 00:23:52.043: debug: 	  Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-22 00:23:52.049: debug: 	  ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./"
+2008-07-22 00:23:52.049: debug: 
+2008-07-22 00:23:52.049: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-22 00:23:52.049: debug: 	Check RFC5011 status
+2008-07-22 00:23:52.049: debug: 		->ksk5011status returns 2
+2008-07-22 00:23:52.049: debug: 	Check ZSK status
+2008-07-22 00:23:52.049: debug: 	Re-signing necessary: Option -f
+2008-07-22 00:23:52.049: notice: "example.net.": re-signing triggered: Option -f
+2008-07-22 00:23:52.049: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-22 00:23:52.050: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-22 00:23:52.050: debug: 	Signing zone "example.net."
+2008-07-22 00:23:52.050: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-22 00:23:52.176: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 00:23:52.176: debug: 	Signing completed after 0s.
+2008-07-22 00:23:52.176: notice: "example.net.": distribution triggered
+2008-07-22 00:23:52.176: debug: 	Distribute zone "example.net."
+2008-07-22 00:23:52.176: debug: 	  Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
+2008-07-22 00:23:52.185: debug: 	  ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./"
+2008-07-22 00:23:52.185: debug: 
+2008-07-22 00:23:52.185: notice: end of run: 0 errors occured
+2008-07-22 00:24:09.609: notice: ------------------------------------------------------------
+2008-07-22 00:24:09.609: notice: running ../../dnssec-signer -r -f -v -v 
+2008-07-22 00:24:09.614: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-22 00:24:09.614: debug: 	Check RFC5011 status
+2008-07-22 00:24:09.614: debug: 		->ksk5011status returns 0
+2008-07-22 00:24:09.614: debug: 	Check KSK status
+2008-07-22 00:24:09.614: debug: 	Check ZSK status
+2008-07-22 00:24:09.614: debug: 	Re-signing necessary: Option -f
+2008-07-22 00:24:09.614: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-22 00:24:09.614: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-22 00:24:09.614: debug: 	Signing zone "sub.example.net."
+2008-07-22 00:24:09.614: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-22 00:24:10.692: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 00:24:10.692: debug: 	Signing completed after 1s.
+2008-07-22 00:24:10.692: notice: "sub.example.net.": distribution triggered
+2008-07-22 00:24:10.692: debug: 	Distribute zone "sub.example.net."
+2008-07-22 00:24:10.692: debug: 	  Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-22 00:24:10.698: debug: 	  ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./"
+2008-07-22 00:24:10.698: debug: 
+2008-07-22 00:24:10.698: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-22 00:24:10.698: debug: 	Check RFC5011 status
+2008-07-22 00:24:10.698: debug: 		->ksk5011status returns 2
+2008-07-22 00:24:10.698: debug: 	Check ZSK status
+2008-07-22 00:24:10.698: debug: 	Re-signing necessary: Option -f
+2008-07-22 00:24:10.698: notice: "example.net.": re-signing triggered: Option -f
+2008-07-22 00:24:10.698: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-22 00:24:10.699: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-22 00:24:10.699: debug: 	Signing zone "example.net."
+2008-07-22 00:24:10.699: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-22 00:24:10.883: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 00:24:10.883: debug: 	Signing completed after 0s.
+2008-07-22 00:24:10.883: notice: "example.net.": distribution triggered
+2008-07-22 00:24:10.883: debug: 	Distribute zone "example.net."
+2008-07-22 00:24:10.883: debug: 	  Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
+2008-07-22 00:24:10.889: debug: 	  ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./"
+2008-07-22 00:24:10.889: debug: 
+2008-07-22 00:24:10.889: notice: end of run: 0 errors occured
+2008-07-22 00:28:44.300: notice: ------------------------------------------------------------
+2008-07-22 00:28:44.300: notice: running ../../dnssec-signer -r -f -v -v 
+2008-07-22 00:28:44.302: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-22 00:28:44.302: debug: 	Check RFC5011 status
+2008-07-22 00:28:44.302: debug: 		->ksk5011status returns 0
+2008-07-22 00:28:44.302: debug: 	Check KSK status
+2008-07-22 00:28:44.302: debug: 	Check ZSK status
+2008-07-22 00:28:44.302: debug: 	Re-signing necessary: Option -f
+2008-07-22 00:28:44.302: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-22 00:28:44.302: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-22 00:28:44.306: debug: 	Signing zone "sub.example.net."
+2008-07-22 00:28:44.306: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-22 00:28:44.898: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 00:28:44.898: debug: 	Signing completed after 0s.
+2008-07-22 00:28:44.898: notice: "sub.example.net.": distribution triggered
+2008-07-22 00:28:44.899: debug: 	Distribute zone "sub.example.net."
+2008-07-22 00:28:44.899: debug: 	  Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-22 00:28:44.904: debug: 	  ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./"
+2008-07-22 00:28:44.905: debug: 
+2008-07-22 00:28:44.905: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-22 00:28:44.905: debug: 	Check RFC5011 status
+2008-07-22 00:28:44.905: debug: 		->ksk5011status returns 2
+2008-07-22 00:28:44.905: debug: 	Check ZSK status
+2008-07-22 00:28:44.905: debug: 	Re-signing necessary: Option -f
+2008-07-22 00:28:44.905: notice: "example.net.": re-signing triggered: Option -f
+2008-07-22 00:28:44.905: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-22 00:28:44.906: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-22 00:28:44.906: debug: 	Signing zone "example.net."
+2008-07-22 00:28:44.907: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-22 00:28:45.039: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 00:28:45.039: debug: 	Signing completed after 1s.
+2008-07-22 00:28:45.039: notice: "example.net.": distribution triggered
+2008-07-22 00:28:45.039: debug: 	Distribute zone "example.net."
+2008-07-22 00:28:45.040: debug: 	  Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
+2008-07-22 00:28:45.046: debug: 	  ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./"
+2008-07-22 00:28:45.046: debug: 
+2008-07-22 00:28:45.046: notice: end of run: 0 errors occured
+2008-07-22 00:39:15.968: notice: ------------------------------------------------------------
+2008-07-22 00:39:15.968: notice: running ../../dnssec-signer -r -v -v 
+2008-07-22 00:39:16.005: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-22 00:39:16.006: debug: 	Check RFC5011 status
+2008-07-22 00:39:16.006: debug: 		->ksk5011status returns 0
+2008-07-22 00:39:16.006: debug: 	Check KSK status
+2008-07-22 00:39:16.006: debug: 	Check ZSK status
+2008-07-22 00:39:16.006: debug: 	Re-signing not necessary!
+2008-07-22 00:39:16.006: debug: 	Check if there is a parent file to copy
+2008-07-22 00:39:16.006: debug: 
+2008-07-22 00:39:16.006: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-22 00:39:16.006: debug: 	Check RFC5011 status
+2008-07-22 00:39:16.006: debug: 		->ksk5011status returns 2
+2008-07-22 00:39:16.007: debug: 	Check ZSK status
+2008-07-22 00:39:16.007: debug: 	Re-signing not necessary!
+2008-07-22 00:39:16.007: debug: 	Check if there is a parent file to copy
+2008-07-22 00:39:16.007: debug: 
+2008-07-22 00:39:16.007: notice: end of run: 0 errors occured
+2008-07-22 00:39:31.578: notice: ------------------------------------------------------------
+2008-07-22 00:39:31.578: notice: running ../../dnssec-signer -r -f -v -v 
+2008-07-22 00:39:31.580: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-22 00:39:31.580: debug: 	Check RFC5011 status
+2008-07-22 00:39:31.580: debug: 		->ksk5011status returns 0
+2008-07-22 00:39:31.580: debug: 	Check KSK status
+2008-07-22 00:39:31.581: debug: 	Check ZSK status
+2008-07-22 00:39:31.581: debug: 	Re-signing necessary: Option -f
+2008-07-22 00:39:31.581: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-22 00:39:31.581: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-22 00:39:31.581: debug: 	Signing zone "sub.example.net."
+2008-07-22 00:39:31.582: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-22 00:39:32.216: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 00:39:32.216: debug: 	Signing completed after 1s.
+2008-07-22 00:39:32.216: notice: "sub.example.net.": distribution triggered
+2008-07-22 00:39:32.216: debug: 	Distribute zone "sub.example.net."
+2008-07-22 00:39:32.217: debug: 	  Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-22 00:39:32.223: debug: 	  ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./"
+2008-07-22 00:39:32.223: debug: 
+2008-07-22 00:39:32.223: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-22 00:39:32.223: debug: 	Check RFC5011 status
+2008-07-22 00:39:32.223: debug: 		->ksk5011status returns 2
+2008-07-22 00:39:32.223: debug: 	Check ZSK status
+2008-07-22 00:39:32.223: debug: 	Re-signing necessary: Option -f
+2008-07-22 00:39:32.223: notice: "example.net.": re-signing triggered: Option -f
+2008-07-22 00:39:32.223: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-22 00:39:32.224: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-22 00:39:32.224: debug: 	Signing zone "example.net."
+2008-07-22 00:39:32.225: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-22 00:39:32.360: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 00:39:32.361: debug: 	Signing completed after 0s.
+2008-07-22 00:39:32.361: notice: "example.net.": distribution triggered
+2008-07-22 00:39:32.361: debug: 	Distribute zone "example.net."
+2008-07-22 00:39:32.361: debug: 	  Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
+2008-07-22 00:39:32.367: debug: 	  ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./"
+2008-07-22 00:39:32.367: debug: 
+2008-07-22 00:39:32.367: notice: end of run: 0 errors occured
+2008-07-22 00:41:53.710: notice: ------------------------------------------------------------
+2008-07-22 00:41:53.710: notice: running ../../dnssec-signer -r -f -v -v 
+2008-07-22 00:41:53.712: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-22 00:41:53.712: debug: 	Check RFC5011 status
+2008-07-22 00:41:53.712: debug: 		->ksk5011status returns 0
+2008-07-22 00:41:53.712: debug: 	Check KSK status
+2008-07-22 00:41:53.712: debug: 	Check ZSK status
+2008-07-22 00:41:53.712: debug: 	Re-signing necessary: Option -f
+2008-07-22 00:41:53.712: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-22 00:41:53.712: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-22 00:41:53.712: debug: 	Signing zone "sub.example.net."
+2008-07-22 00:41:53.713: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-22 00:41:53.866: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 00:41:53.866: debug: 	Signing completed after 0s.
+2008-07-22 00:41:53.866: notice: "sub.example.net.": distribution triggered
+2008-07-22 00:41:53.866: debug: 	Distribute zone "sub.example.net."
+2008-07-22 00:41:53.867: debug: 	  Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-22 00:41:53.873: debug: 	  ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./"
+2008-07-22 00:41:53.873: debug: 
+2008-07-22 00:41:53.873: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-22 00:41:53.873: debug: 	Check RFC5011 status
+2008-07-22 00:41:53.873: debug: 		->ksk5011status returns 2
+2008-07-22 00:41:53.873: debug: 	Check ZSK status
+2008-07-22 00:41:53.873: debug: 	Re-signing necessary: Option -f
+2008-07-22 00:41:53.873: notice: "example.net.": re-signing triggered: Option -f
+2008-07-22 00:41:53.873: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-22 00:41:53.873: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-22 00:41:53.873: debug: 	Signing zone "example.net."
+2008-07-22 00:41:53.873: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-22 00:41:53.989: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 00:41:53.989: debug: 	Signing completed after 0s.
+2008-07-22 00:41:53.989: notice: "example.net.": distribution triggered
+2008-07-22 00:41:53.989: debug: 	Distribute zone "example.net."
+2008-07-22 00:41:53.989: debug: 	  Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
+2008-07-22 00:41:53.995: debug: 	  ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./"
+2008-07-22 00:41:53.995: debug: 
+2008-07-22 00:41:53.995: notice: end of run: 0 errors occured
+2008-07-22 00:45:46.509: notice: ------------------------------------------------------------
+2008-07-22 00:45:46.509: notice: running ../../dnssec-signer -r -f -v -v 
+2008-07-22 00:45:46.511: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-22 00:45:46.512: debug: 	Check RFC5011 status
+2008-07-22 00:45:46.512: debug: 		->ksk5011status returns 0
+2008-07-22 00:45:46.512: debug: 	Check KSK status
+2008-07-22 00:45:46.512: debug: 	Check ZSK status
+2008-07-22 00:45:46.512: debug: 	Re-signing necessary: Option -f
+2008-07-22 00:45:46.512: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-22 00:45:46.512: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-22 00:45:46.513: debug: 	Signing zone "sub.example.net."
+2008-07-22 00:45:46.513: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-22 00:45:46.734: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 00:45:46.734: debug: 	Signing completed after 0s.
+2008-07-22 00:45:46.734: notice: "sub.example.net.": distribution triggered
+2008-07-22 00:45:46.734: debug: 	Distribute zone "sub.example.net."
+2008-07-22 00:45:46.734: debug: 	  Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-22 00:45:46.740: debug: 	  ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./"
+2008-07-22 00:45:46.740: debug: 
+2008-07-22 00:45:46.740: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-22 00:45:46.740: debug: 	Check RFC5011 status
+2008-07-22 00:45:46.741: debug: 		->ksk5011status returns 2
+2008-07-22 00:45:46.741: debug: 	Check ZSK status
+2008-07-22 00:45:46.741: debug: 	Re-signing necessary: Option -f
+2008-07-22 00:45:46.741: notice: "example.net.": re-signing triggered: Option -f
+2008-07-22 00:45:46.741: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-22 00:45:46.742: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-22 00:45:46.742: debug: 	Signing zone "example.net."
+2008-07-22 00:45:46.742: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-22 00:45:47.013: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 00:45:47.013: debug: 	Signing completed after 1s.
+2008-07-22 00:45:47.013: notice: "example.net.": distribution triggered
+2008-07-22 00:45:47.013: debug: 	Distribute zone "example.net."
+2008-07-22 00:45:47.013: debug: 	  Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
+2008-07-22 00:45:47.019: debug: 	  ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./"
+2008-07-22 00:45:47.019: debug: 
+2008-07-22 00:45:47.019: notice: end of run: 0 errors occured
+2008-07-22 00:48:02.761: notice: ------------------------------------------------------------
+2008-07-22 00:48:02.761: notice: running ../../dnssec-signer -r -f -v -v 
+2008-07-22 00:48:02.763: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-22 00:48:02.763: debug: 	Check RFC5011 status
+2008-07-22 00:48:02.763: debug: 		->ksk5011status returns 0
+2008-07-22 00:48:02.763: debug: 	Check KSK status
+2008-07-22 00:48:02.763: debug: 	Check ZSK status
+2008-07-22 00:48:02.763: debug: 	Re-signing necessary: Option -f
+2008-07-22 00:48:02.763: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-22 00:48:02.763: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-22 00:48:02.763: debug: 	Signing zone "sub.example.net."
+2008-07-22 00:48:02.763: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-22 00:48:02.907: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 00:48:02.907: debug: 	Signing completed after 0s.
+2008-07-22 00:48:02.907: notice: "sub.example.net.": distribution triggered
+2008-07-22 00:48:02.907: debug: 	Distribute zone "sub.example.net."
+2008-07-22 00:48:02.907: debug: 
+2008-07-22 00:48:02.907: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-22 00:48:02.907: debug: 	Check RFC5011 status
+2008-07-22 00:48:02.907: debug: 		->ksk5011status returns 2
+2008-07-22 00:48:02.907: debug: 	Check ZSK status
+2008-07-22 00:48:02.907: debug: 	Re-signing necessary: Option -f
+2008-07-22 00:48:02.907: notice: "example.net.": re-signing triggered: Option -f
+2008-07-22 00:48:02.907: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-22 00:48:02.908: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-22 00:48:02.908: debug: 	Signing zone "example.net."
+2008-07-22 00:48:02.908: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-22 00:48:03.029: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 00:48:03.029: debug: 	Signing completed after 1s.
+2008-07-22 00:48:03.029: notice: "example.net.": distribution triggered
+2008-07-22 00:48:03.029: debug: 	Distribute zone "example.net."
+2008-07-22 00:48:03.029: debug: 
+2008-07-22 00:48:03.029: notice: end of run: 0 errors occured
+2008-07-22 00:48:56.098: notice: ------------------------------------------------------------
+2008-07-22 00:48:56.098: notice: running ../../dnssec-signer -r -f -v -v 
+2008-07-22 00:48:56.100: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-22 00:48:56.101: debug: 	Check RFC5011 status
+2008-07-22 00:48:56.101: debug: 		->ksk5011status returns 0
+2008-07-22 00:48:56.101: debug: 	Check KSK status
+2008-07-22 00:48:56.101: debug: 	Check ZSK status
+2008-07-22 00:48:56.101: debug: 	Re-signing necessary: Option -f
+2008-07-22 00:48:56.101: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-22 00:48:56.101: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-22 00:48:56.102: debug: 	Signing zone "sub.example.net."
+2008-07-22 00:48:56.102: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-22 00:48:56.244: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 00:48:56.244: debug: 	Signing completed after 0s.
+2008-07-22 00:48:56.244: notice: "sub.example.net.": distribution triggered
+2008-07-22 00:48:56.244: debug: 	Distribute zone "sub.example.net."
+2008-07-22 00:48:56.245: debug: 
+2008-07-22 00:48:56.245: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-22 00:48:56.245: debug: 	Check RFC5011 status
+2008-07-22 00:48:56.245: debug: 		->ksk5011status returns 2
+2008-07-22 00:48:56.245: debug: 	Check ZSK status
+2008-07-22 00:48:56.245: debug: 	Re-signing necessary: Option -f
+2008-07-22 00:48:56.245: notice: "example.net.": re-signing triggered: Option -f
+2008-07-22 00:48:56.246: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-22 00:48:56.246: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-22 00:48:56.246: debug: 	Signing zone "example.net."
+2008-07-22 00:48:56.247: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-22 00:48:56.367: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 00:48:56.367: debug: 	Signing completed after 0s.
+2008-07-22 00:48:56.367: notice: "example.net.": distribution triggered
+2008-07-22 00:48:56.367: debug: 	Distribute zone "example.net."
+2008-07-22 00:48:56.367: debug: 
+2008-07-22 00:48:56.367: notice: end of run: 0 errors occured
+2008-07-22 08:07:30.993: notice: ------------------------------------------------------------
+2008-07-22 08:07:30.993: notice: running ../../dnssec-signer -r -f -v -v 
+2008-07-22 08:07:30.995: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-22 08:07:30.995: debug: 	Check RFC5011 status
+2008-07-22 08:07:30.995: debug: 		->ksk5011status returns 0
+2008-07-22 08:07:30.995: debug: 	Check KSK status
+2008-07-22 08:07:30.995: debug: 	Check ZSK status
+2008-07-22 08:07:30.995: debug: 	Re-signing necessary: Option -f
+2008-07-22 08:07:30.996: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-22 08:07:30.996: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-22 08:07:30.996: debug: 	Signing zone "sub.example.net."
+2008-07-22 08:07:30.996: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-22 08:07:31.454: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 08:07:31.454: debug: 	Signing completed after 1s.
+2008-07-22 08:07:31.454: notice: "sub.example.net.": distribution triggered
+2008-07-22 08:07:31.454: debug: 	Distribute zone "sub.example.net."
+2008-07-22 08:07:31.454: debug: 
+2008-07-22 08:07:31.454: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-22 08:07:31.454: debug: 	Check RFC5011 status
+2008-07-22 08:07:31.454: debug: 		->ksk5011status returns 2
+2008-07-22 08:07:31.454: debug: 	Check ZSK status
+2008-07-22 08:07:31.454: debug: 	Re-signing necessary: Option -f
+2008-07-22 08:07:31.454: notice: "example.net.": re-signing triggered: Option -f
+2008-07-22 08:07:31.454: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-22 08:07:31.454: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-22 08:07:31.454: debug: 	Signing zone "example.net."
+2008-07-22 08:07:31.455: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-22 08:07:31.588: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 08:07:31.589: debug: 	Signing completed after 0s.
+2008-07-22 08:07:31.589: notice: "example.net.": distribution triggered
+2008-07-22 08:07:31.589: debug: 	Distribute zone "example.net."
+2008-07-22 08:07:31.589: debug: 
+2008-07-22 08:07:31.589: notice: end of run: 0 errors occured
+2008-07-22 08:08:09.237: notice: ------------------------------------------------------------
+2008-07-22 08:08:09.237: notice: running ../../dnssec-signer -r -f -v -v 
+2008-07-22 08:08:09.239: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-22 08:08:09.239: debug: 	Check RFC5011 status
+2008-07-22 08:08:09.239: debug: 		->ksk5011status returns 0
+2008-07-22 08:08:09.239: debug: 	Check KSK status
+2008-07-22 08:08:09.239: debug: 	Check ZSK status
+2008-07-22 08:08:09.239: debug: 	Re-signing necessary: Option -f
+2008-07-22 08:08:09.239: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-22 08:08:09.239: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-22 08:08:09.240: debug: 	Signing zone "sub.example.net."
+2008-07-22 08:08:09.240: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-22 08:08:09.506: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 08:08:09.507: debug: 	Signing completed after 0s.
+2008-07-22 08:08:09.507: notice: "sub.example.net.": distribution triggered
+2008-07-22 08:08:09.507: debug: 	Distribute zone "sub.example.net."
+2008-07-22 08:10:10.328: notice: ------------------------------------------------------------
+2008-07-22 08:10:10.328: notice: running ../../dnssec-signer -r -f -v -v 
+2008-07-22 08:10:10.330: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-22 08:10:10.330: debug: 	Check RFC5011 status
+2008-07-22 08:10:10.330: debug: 		->ksk5011status returns 0
+2008-07-22 08:10:10.330: debug: 	Check KSK status
+2008-07-22 08:10:10.330: debug: 	Check ZSK status
+2008-07-22 08:10:10.330: debug: 	Re-signing necessary: Option -f
+2008-07-22 08:10:10.330: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-22 08:10:10.330: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-22 08:10:10.331: debug: 	Signing zone "sub.example.net."
+2008-07-22 08:10:10.331: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-22 08:10:10.950: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 08:10:10.950: debug: 	Signing completed after 0s.
+2008-07-22 08:10:10.950: notice: "sub.example.net.": distribution triggered
+2008-07-22 08:10:10.950: debug: 	Distribute zone "sub.example.net."
+2008-07-22 08:11:17.247: notice: ------------------------------------------------------------
+2008-07-22 08:11:17.247: notice: running ../../dnssec-signer -r -f -v -v 
+2008-07-22 08:11:17.249: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-22 08:11:17.250: debug: 	Check RFC5011 status
+2008-07-22 08:11:17.250: debug: 		->ksk5011status returns 0
+2008-07-22 08:11:17.250: debug: 	Check KSK status
+2008-07-22 08:11:17.250: debug: 	Check ZSK status
+2008-07-22 08:11:17.250: debug: 	Re-signing necessary: Option -f
+2008-07-22 08:11:17.250: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-22 08:11:17.250: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-22 08:11:17.251: debug: 	Signing zone "sub.example.net."
+2008-07-22 08:11:17.251: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-22 08:11:17.883: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 08:11:17.883: debug: 	Signing completed after 0s.
+2008-07-22 08:11:17.883: notice: "sub.example.net.": distribution triggered
+2008-07-22 08:11:17.883: debug: 	Distribute zone "sub.example.net."
+2008-07-22 08:11:17.883: debug: 
+2008-07-22 08:11:17.883: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-22 08:11:17.884: debug: 	Check RFC5011 status
+2008-07-22 08:11:17.884: debug: 		->ksk5011status returns 2
+2008-07-22 08:11:17.884: debug: 	Check ZSK status
+2008-07-22 08:11:17.884: debug: 	Re-signing necessary: Option -f
+2008-07-22 08:11:17.884: notice: "example.net.": re-signing triggered: Option -f
+2008-07-22 08:11:17.884: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-22 08:11:17.884: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-22 08:11:17.884: debug: 	Signing zone "example.net."
+2008-07-22 08:11:17.884: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-22 08:11:18.005: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-22 08:11:18.005: debug: 	Signing completed after 1s.
+2008-07-22 08:11:18.006: notice: "example.net.": distribution triggered
+2008-07-22 08:11:18.006: debug: 	Distribute zone "example.net."
+2008-07-22 08:11:18.006: debug: 
+2008-07-22 08:11:18.006: notice: end of run: 0 errors occured
+2008-07-24 00:13:56.493: notice: ------------------------------------------------------------
+2008-07-24 00:13:56.493: notice: running ../../dnssec-signer -v -v 
+2008-07-24 00:13:56.495: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-24 00:13:56.495: debug: 	Check RFC5011 status
+2008-07-24 00:13:56.495: debug: 		->ksk5011status returns 0
+2008-07-24 00:13:56.495: debug: 	Check KSK status
+2008-07-24 00:13:56.495: debug: 	Check ZSK status
+2008-07-24 00:13:56.495: debug: 	Re-signing necessary: re-signing interval (1d) reached
+2008-07-24 00:13:56.495: notice: "sub.example.net.": re-signing triggered: re-signing interval (1d) reached
+2008-07-24 00:13:56.495: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-24 00:13:56.495: debug: 	Signing zone "sub.example.net."
+2008-07-24 00:13:56.495: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-24 00:13:57.439: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 00:13:57.439: debug: 	Signing completed after 1s.
+2008-07-24 00:13:57.439: debug: 
+2008-07-24 00:13:57.439: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-24 00:13:57.439: debug: 	Check RFC5011 status
+2008-07-24 00:13:57.439: debug: 		->ksk5011status returns 2
+2008-07-24 00:13:57.439: debug: 	Check ZSK status
+2008-07-24 00:13:57.440: debug: 	Lifetime(1209600 +/-150 sec) of active key 16682 exceeded (1309537 sec)
+2008-07-24 00:13:57.440: debug: 		->depreciate it
+2008-07-24 00:13:57.440: debug: 		->activate published key 41300
+2008-07-24 00:13:57.440: notice: "example.net.": lifetime of zone signing key 16682 exceeded: ZSK rollover done
+2008-07-24 00:13:57.440: debug: 	Re-signing necessary: New zone key
+2008-07-24 00:13:57.440: notice: "example.net.": re-signing triggered: New zone key
+2008-07-24 00:13:57.441: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-24 00:13:57.441: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-24 00:13:57.441: debug: 	Signing zone "example.net."
+2008-07-24 00:13:57.442: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-24 00:13:57.562: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 00:13:57.562: debug: 	Signing completed after 0s.
+2008-07-24 00:13:57.562: debug: 
+2008-07-24 00:13:57.562: notice: end of run: 0 errors occured
+2008-07-24 00:14:08.862: notice: ------------------------------------------------------------
+2008-07-24 00:14:08.862: notice: running ../../dnssec-signer -r -v -v 
+2008-07-24 00:14:08.864: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-24 00:14:08.864: debug: 	Check RFC5011 status
+2008-07-24 00:14:08.864: debug: 		->ksk5011status returns 0
+2008-07-24 00:14:08.864: debug: 	Check KSK status
+2008-07-24 00:14:08.864: debug: 	Check ZSK status
+2008-07-24 00:14:08.864: debug: 	Re-signing not necessary!
+2008-07-24 00:14:08.864: debug: 	Check if there is a parent file to copy
+2008-07-24 00:14:08.864: debug: 
+2008-07-24 00:14:08.864: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-24 00:14:08.864: debug: 	Check RFC5011 status
+2008-07-24 00:14:08.864: debug: 		->ksk5011status returns 2
+2008-07-24 00:14:08.864: debug: 	Check ZSK status
+2008-07-24 00:14:08.864: debug: 	Re-signing not necessary!
+2008-07-24 00:14:08.864: debug: 	Check if there is a parent file to copy
+2008-07-24 00:14:08.864: debug: 
+2008-07-24 00:14:08.864: notice: end of run: 0 errors occured
+2008-07-24 00:14:12.963: notice: ------------------------------------------------------------
+2008-07-24 00:14:12.963: notice: running ../../dnssec-signer -r -f -v -v 
+2008-07-24 00:14:12.965: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-24 00:14:12.965: debug: 	Check RFC5011 status
+2008-07-24 00:14:12.965: debug: 		->ksk5011status returns 0
+2008-07-24 00:14:12.965: debug: 	Check KSK status
+2008-07-24 00:14:12.965: debug: 	Check ZSK status
+2008-07-24 00:14:12.965: debug: 	Re-signing necessary: Option -f
+2008-07-24 00:14:12.965: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-24 00:14:12.966: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-24 00:14:12.966: debug: 	Signing zone "sub.example.net."
+2008-07-24 00:14:12.966: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-24 00:14:13.488: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 00:14:13.488: debug: 	Signing completed after 1s.
+2008-07-24 00:14:13.488: error: exec of distribution command Ìö÷¿ forbidden due to strange file mode settings
+2008-07-24 00:14:13.488: debug: 
+2008-07-24 00:14:13.488: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-24 00:14:13.488: debug: 	Check RFC5011 status
+2008-07-24 00:14:13.488: debug: 		->ksk5011status returns 2
+2008-07-24 00:14:13.488: debug: 	Check ZSK status
+2008-07-24 00:14:13.488: debug: 	Re-signing necessary: Option -f
+2008-07-24 00:14:13.488: notice: "example.net.": re-signing triggered: Option -f
+2008-07-24 00:14:13.488: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-24 00:14:13.489: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-24 00:14:13.489: debug: 	Signing zone "example.net."
+2008-07-24 00:14:13.489: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-24 00:14:13.601: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 00:14:13.601: debug: 	Signing completed after 0s.
+2008-07-24 00:14:13.601: error: exec of distribution command Ìö÷¿ forbidden due to strange file mode settings
+2008-07-24 00:14:13.602: debug: 
+2008-07-24 00:14:13.602: notice: end of run: 2 errors occured
+2008-07-24 00:15:38.304: notice: ------------------------------------------------------------
+2008-07-24 00:15:38.304: notice: running ../../dnssec-signer -f -v -v 
+2008-07-24 00:15:38.306: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-24 00:15:38.306: debug: 	Check RFC5011 status
+2008-07-24 00:15:38.307: debug: 		->ksk5011status returns 0
+2008-07-24 00:15:38.307: debug: 	Check KSK status
+2008-07-24 00:15:38.307: debug: 	Check ZSK status
+2008-07-24 00:15:38.307: debug: 	Re-signing necessary: Option -f
+2008-07-24 00:15:38.307: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-24 00:15:38.307: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-24 00:15:38.308: debug: 	Signing zone "sub.example.net."
+2008-07-24 00:15:38.308: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-24 00:15:39.280: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 00:15:39.280: debug: 	Signing completed after 1s.
+2008-07-24 00:15:39.281: debug: 
+2008-07-24 00:15:39.281: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-24 00:15:39.281: debug: 	Check RFC5011 status
+2008-07-24 00:15:39.281: debug: 		->ksk5011status returns 2
+2008-07-24 00:15:39.281: debug: 	Check ZSK status
+2008-07-24 00:15:39.281: debug: 	Re-signing necessary: Option -f
+2008-07-24 00:15:39.281: notice: "example.net.": re-signing triggered: Option -f
+2008-07-24 00:15:39.281: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-24 00:15:39.282: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-24 00:15:39.282: debug: 	Signing zone "example.net."
+2008-07-24 00:15:39.282: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-24 00:15:39.402: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 00:15:39.402: debug: 	Signing completed after 0s.
+2008-07-24 00:15:39.403: debug: 
+2008-07-24 00:15:39.403: notice: end of run: 0 errors occured
+2008-07-24 00:18:59.568: notice: ------------------------------------------------------------
+2008-07-24 00:18:59.568: notice: running ../../dnssec-signer -r -f -v -v 
+2008-07-24 00:18:59.570: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-24 00:18:59.573: debug: 	Check RFC5011 status
+2008-07-24 00:18:59.573: debug: 		->ksk5011status returns 0
+2008-07-24 00:18:59.573: debug: 	Check KSK status
+2008-07-24 00:18:59.573: debug: 	Check ZSK status
+2008-07-24 00:18:59.573: debug: 	Re-signing necessary: Option -f
+2008-07-24 00:18:59.573: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-24 00:18:59.573: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-24 00:18:59.573: debug: 	Signing zone "sub.example.net."
+2008-07-24 00:18:59.573: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-24 00:19:00.167: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 00:19:00.167: debug: 	Signing completed after 1s.
+2008-07-24 00:19:00.168: error: exec of distribution command ./dist.sh forbidden due to strange file mode settings
+2008-07-24 00:19:00.168: debug: 
+2008-07-24 00:19:00.168: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-24 00:19:00.168: debug: 	Check RFC5011 status
+2008-07-24 00:19:00.168: debug: 		->ksk5011status returns 2
+2008-07-24 00:19:00.168: debug: 	Check ZSK status
+2008-07-24 00:19:00.168: debug: 	Re-signing necessary: Option -f
+2008-07-24 00:19:00.168: notice: "example.net.": re-signing triggered: Option -f
+2008-07-24 00:19:00.168: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-24 00:19:00.169: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-24 00:19:00.169: debug: 	Signing zone "example.net."
+2008-07-24 00:19:00.169: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-24 00:19:00.280: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 00:19:00.280: debug: 	Signing completed after 0s.
+2008-07-24 00:19:00.280: error: exec of distribution command ./dist.sh forbidden due to strange file mode settings
+2008-07-24 00:19:00.280: debug: 
+2008-07-24 00:19:00.280: notice: end of run: 2 errors occured
+2008-07-24 00:22:24.567: notice: ------------------------------------------------------------
+2008-07-24 00:22:24.567: notice: running ../../dnssec-signer -r -f -v -v 
+2008-07-24 00:22:24.569: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-24 00:22:24.569: debug: 	Check RFC5011 status
+2008-07-24 00:22:24.569: debug: 		->ksk5011status returns 0
+2008-07-24 00:22:24.569: debug: 	Check KSK status
+2008-07-24 00:22:24.570: debug: 	Check ZSK status
+2008-07-24 00:22:24.570: debug: 	Re-signing necessary: Option -f
+2008-07-24 00:22:24.570: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-24 00:22:24.570: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-24 00:22:24.570: debug: 	Signing zone "sub.example.net."
+2008-07-24 00:22:24.571: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-24 00:22:25.147: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 00:22:25.148: debug: 	Signing completed after 1s.
+2008-07-24 00:22:25.148: error: exec of distribution command ./dist.sh forbidden due to strange file mode settings
+2008-07-24 00:22:25.148: debug: 	not running distribution command ./dist.sh because of strange file mode settings
+2008-07-24 00:22:25.148: debug: 
+2008-07-24 00:22:25.148: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-24 00:22:25.148: debug: 	Check RFC5011 status
+2008-07-24 00:22:25.148: debug: 		->ksk5011status returns 2
+2008-07-24 00:22:25.148: debug: 	Check ZSK status
+2008-07-24 00:22:25.149: debug: 	Re-signing necessary: Option -f
+2008-07-24 00:22:25.149: notice: "example.net.": re-signing triggered: Option -f
+2008-07-24 00:22:25.149: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-24 00:22:25.150: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-24 00:22:25.150: debug: 	Signing zone "example.net."
+2008-07-24 00:22:25.150: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-24 00:22:25.271: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 00:22:25.271: debug: 	Signing completed after 0s.
+2008-07-24 00:22:25.271: error: exec of distribution command ./dist.sh forbidden due to strange file mode settings
+2008-07-24 00:22:25.271: debug: 	not running distribution command ./dist.sh because of strange file mode settings
+2008-07-24 00:22:25.271: debug: 
+2008-07-24 00:22:25.271: notice: end of run: 2 errors occured
+2008-07-24 00:23:08.907: notice: ------------------------------------------------------------
+2008-07-24 00:23:08.907: notice: running ../../dnssec-signer -r -f -v -v 
+2008-07-24 00:23:08.909: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-24 00:23:08.909: debug: 	Check RFC5011 status
+2008-07-24 00:23:08.909: debug: 		->ksk5011status returns 0
+2008-07-24 00:23:08.909: debug: 	Check KSK status
+2008-07-24 00:23:08.909: debug: 	Check ZSK status
+2008-07-24 00:23:08.909: debug: 	Re-signing necessary: Option -f
+2008-07-24 00:23:08.909: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-24 00:23:08.909: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-24 00:23:08.910: debug: 	Signing zone "sub.example.net."
+2008-07-24 00:23:08.910: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-24 00:23:09.510: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 00:23:09.510: debug: 	Signing completed after 1s.
+2008-07-24 00:23:09.511: notice: "sub.example.net.": distribution triggered
+2008-07-24 00:23:09.511: debug: 	Distribute zone "sub.example.net."
+2008-07-24 00:23:09.511: debug: 	  Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-24 00:23:09.517: debug: 	  ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./"
+2008-07-24 00:23:09.517: debug: 
+2008-07-24 00:23:09.517: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-24 00:23:09.517: debug: 	Check RFC5011 status
+2008-07-24 00:23:09.517: debug: 		->ksk5011status returns 2
+2008-07-24 00:23:09.517: debug: 	Check ZSK status
+2008-07-24 00:23:09.517: debug: 	Re-signing necessary: Option -f
+2008-07-24 00:23:09.517: notice: "example.net.": re-signing triggered: Option -f
+2008-07-24 00:23:09.517: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-24 00:23:09.518: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-24 00:23:09.518: debug: 	Signing zone "example.net."
+2008-07-24 00:23:09.518: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-24 00:23:09.633: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 00:23:09.633: debug: 	Signing completed after 0s.
+2008-07-24 00:23:09.634: notice: "example.net.": distribution triggered
+2008-07-24 00:23:09.634: debug: 	Distribute zone "example.net."
+2008-07-24 00:23:09.634: debug: 	  Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
+2008-07-24 00:23:09.640: debug: 	  ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./"
+2008-07-24 00:23:09.640: debug: 
+2008-07-24 00:23:09.640: notice: end of run: 0 errors occured
+2008-07-24 00:33:30.818: notice: ------------------------------------------------------------
+2008-07-24 00:33:30.818: notice: running ../../dnssec-signer -r -f -v -v 
+2008-07-24 00:33:30.820: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-24 00:33:30.820: debug: 	Check RFC5011 status
+2008-07-24 00:33:30.821: debug: 		->ksk5011status returns 0
+2008-07-24 00:33:30.821: debug: 	Check KSK status
+2008-07-24 00:33:30.821: debug: 	Check ZSK status
+2008-07-24 00:33:30.821: debug: 	Re-signing necessary: Option -f
+2008-07-24 00:33:30.821: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-24 00:33:30.821: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-24 00:33:30.822: debug: 	Signing zone "sub.example.net."
+2008-07-24 00:33:30.822: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-24 00:33:31.320: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 00:33:31.320: debug: 	Signing completed after 1s.
+2008-07-24 00:33:31.320: error: exec of distribution command ./dist.sh forbidden due to running as root
+2008-07-24 00:33:31.320: debug: 	Not running distribution command ./dist.sh as root
+2008-07-24 00:33:31.320: debug: 
+2008-07-24 00:33:31.320: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-24 00:33:31.320: debug: 	Check RFC5011 status
+2008-07-24 00:33:31.320: debug: 		->ksk5011status returns 2
+2008-07-24 00:33:31.320: debug: 	Check ZSK status
+2008-07-24 00:33:31.320: debug: 	Re-signing necessary: Option -f
+2008-07-24 00:33:31.320: notice: "example.net.": re-signing triggered: Option -f
+2008-07-24 00:33:31.320: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-24 00:33:31.321: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-24 00:33:31.321: debug: 	Signing zone "example.net."
+2008-07-24 00:33:31.321: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-24 00:33:31.443: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 00:33:31.443: debug: 	Signing completed after 0s.
+2008-07-24 00:33:31.443: error: exec of distribution command ./dist.sh forbidden due to running as root
+2008-07-24 00:33:31.443: debug: 	Not running distribution command ./dist.sh as root
+2008-07-24 00:33:31.443: debug: 
+2008-07-24 00:33:31.443: notice: end of run: 2 errors occured
+2008-07-24 23:21:55.189: notice: ------------------------------------------------------------
+2008-07-24 23:21:55.189: notice: running ../../dnssec-signer -r -v -v 
+2008-07-24 23:21:55.196: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-24 23:21:55.196: debug: 	Check RFC5011 status
+2008-07-24 23:21:55.196: debug: 		->not a rfc5011 zone, looking for a regular ksk rollover
+2008-07-24 23:21:55.196: debug: 	Check KSK status
+2008-07-24 23:21:55.196: debug: 	Check ZSK status
+2008-07-24 23:21:55.196: debug: 	Re-signing not necessary!
+2008-07-24 23:21:55.196: debug: 	Check if there is a parent file to copy
+2008-07-24 23:21:55.196: debug: 
+2008-07-24 23:21:55.196: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-24 23:21:55.196: debug: 	Check RFC5011 status
+2008-07-24 23:21:55.196: debug: 	Check ZSK status
+2008-07-24 23:21:55.196: debug: 	Lifetime(29100 sec) of depreciated key 16682 exceeded (83278 sec)
+2008-07-24 23:21:55.196: info: "example.net.": old ZSK 16682 removed
+2008-07-24 23:21:55.196: debug: 		->remove it
+2008-07-24 23:21:55.196: debug: 	Re-signing necessary: New zone key
+2008-07-24 23:21:55.197: notice: "example.net.": re-signing triggered: New zone key
+2008-07-24 23:21:55.197: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-24 23:21:55.197: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-24 23:21:55.197: debug: 	Signing zone "example.net."
+2008-07-24 23:21:55.197: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-24 23:21:55.873: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 23:21:55.873: debug: 	Signing completed after 0s.
+2008-07-24 23:21:55.873: debug: 	Distribution command ./dist.sh not run as root
+2008-07-24 23:21:55.873: error: exec of distribution command ./dist.sh suppressed because of security reasons
+2008-07-24 23:21:55.873: debug: 
+2008-07-24 23:21:55.874: notice: end of run: 1 error occured
+2008-07-24 23:23:06.278: notice: ------------------------------------------------------------
+2008-07-24 23:23:06.278: notice: running ../../dnssec-signer -r -v -v 
+2008-07-24 23:23:06.279: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-24 23:23:06.280: debug: 	Check RFC5011 status
+2008-07-24 23:23:06.280: debug: 		->not a rfc5011 zone, looking for a regular ksk rollover
+2008-07-24 23:23:06.280: debug: 	Check KSK status
+2008-07-24 23:23:06.280: debug: 	Check ZSK status
+2008-07-24 23:23:06.280: debug: 	Re-signing not necessary!
+2008-07-24 23:23:06.280: debug: 	Check if there is a parent file to copy
+2008-07-24 23:23:06.280: debug: 
+2008-07-24 23:23:06.280: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-24 23:23:06.280: debug: 	Check RFC5011 status
+2008-07-24 23:23:06.280: debug: 	Check ZSK status
+2008-07-24 23:23:06.280: debug: 	Re-signing not necessary!
+2008-07-24 23:23:06.280: debug: 	Check if there is a parent file to copy
+2008-07-24 23:23:06.280: debug: 
+2008-07-24 23:23:06.280: notice: end of run: 0 errors occured
+2008-07-24 23:25:21.930: notice: ------------------------------------------------------------
+2008-07-24 23:25:21.930: notice: running ../../dnssec-signer -r -v -v 
+2008-07-24 23:25:21.932: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-24 23:25:21.932: debug: 	Check RFC5011 status
+2008-07-24 23:25:21.932: debug: 		->not a rfc5011 zone, looking for a regular ksk rollover
+2008-07-24 23:25:21.932: debug: 	Check KSK status
+2008-07-24 23:25:21.932: debug: 	Check ZSK status
+2008-07-24 23:25:21.932: debug: 	Re-signing not necessary!
+2008-07-24 23:25:21.932: debug: 	Check if there is a parent file to copy
+2008-07-24 23:25:21.932: debug: 
+2008-07-24 23:25:21.932: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-24 23:25:21.932: debug: 	Check RFC5011 status
+2008-07-24 23:25:21.932: debug: 	Check ZSK status
+2008-07-24 23:25:21.932: debug: 	Re-signing not necessary!
+2008-07-24 23:25:21.932: debug: 	Check if there is a parent file to copy
+2008-07-24 23:25:21.932: debug: 
+2008-07-24 23:25:21.932: notice: end of run: 0 errors occured
+2008-07-24 23:25:39.009: notice: ------------------------------------------------------------
+2008-07-24 23:25:39.009: notice: running ../../dnssec-signer -f -r -v -v 
+2008-07-24 23:25:39.011: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-24 23:25:39.011: debug: 	Check RFC5011 status
+2008-07-24 23:25:39.011: debug: 		->not a rfc5011 zone, looking for a regular ksk rollover
+2008-07-24 23:25:39.011: debug: 	Check KSK status
+2008-07-24 23:25:39.011: debug: 	Check ZSK status
+2008-07-24 23:25:39.011: debug: 	Re-signing necessary: Option -f
+2008-07-24 23:25:39.011: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-24 23:25:39.011: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-24 23:25:39.011: debug: 	Signing zone "sub.example.net."
+2008-07-24 23:25:39.012: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-24 23:25:39.591: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 23:25:39.591: debug: 	Signing completed after 0s.
+2008-07-24 23:25:39.591: debug: 	Distribution command ./dist.sh not run as root
+2008-07-24 23:25:39.591: error: exec of distribution command ./dist.sh suppressed because of security reasons
+2008-07-24 23:25:39.592: debug: 
+2008-07-24 23:25:39.592: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-24 23:25:39.592: debug: 	Check RFC5011 status
+2008-07-24 23:25:39.592: debug: 	Check ZSK status
+2008-07-24 23:25:39.592: debug: 	Re-signing necessary: Option -f
+2008-07-24 23:25:39.592: notice: "example.net.": re-signing triggered: Option -f
+2008-07-24 23:25:39.592: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-24 23:25:39.592: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-24 23:25:39.592: debug: 	Signing zone "example.net."
+2008-07-24 23:25:39.592: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-24 23:25:39.703: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 23:25:39.703: debug: 	Signing completed after 0s.
+2008-07-24 23:25:39.703: debug: 	Distribution command ./dist.sh not run as root
+2008-07-24 23:25:39.703: error: exec of distribution command ./dist.sh suppressed because of security reasons
+2008-07-24 23:25:39.703: debug: 
+2008-07-24 23:25:39.703: notice: end of run: 2 errors occured
+2008-07-24 23:28:16.436: notice: ------------------------------------------------------------
+2008-07-24 23:28:16.436: notice: running ../../dnssec-signer -r -f -v -v 
+2008-07-24 23:28:16.438: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-24 23:28:16.438: debug: 	Check RFC5011 status
+2008-07-24 23:28:16.438: debug: 		->not a rfc5011 zone, looking for a regular ksk rollover
+2008-07-24 23:28:16.438: debug: 	Check KSK status
+2008-07-24 23:28:16.438: debug: 	Check ZSK status
+2008-07-24 23:28:16.438: debug: 	Re-signing necessary: Option -f
+2008-07-24 23:28:16.438: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-24 23:28:16.438: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-24 23:28:16.438: debug: 	Signing zone "sub.example.net."
+2008-07-24 23:28:16.439: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-24 23:28:17.008: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 23:28:17.008: debug: 	Signing completed after 1s.
+2008-07-24 23:28:17.009: notice: "sub.example.net.": distribution triggered
+2008-07-24 23:28:17.009: debug: 	Distribute zone "sub.example.net."
+2008-07-24 23:28:17.009: debug: 	  Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-24 23:28:17.015: debug: 	  ./dist.sh reload return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./"
+2008-07-24 23:28:17.015: debug: 
+2008-07-24 23:28:17.015: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-24 23:28:17.015: debug: 	Check RFC5011 status
+2008-07-24 23:28:17.015: debug: 	Check ZSK status
+2008-07-24 23:28:17.015: debug: 	Re-signing necessary: Option -f
+2008-07-24 23:28:17.015: notice: "example.net.": re-signing triggered: Option -f
+2008-07-24 23:28:17.015: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-24 23:28:17.016: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-24 23:28:17.016: debug: 	Signing zone "example.net."
+2008-07-24 23:28:17.016: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-24 23:28:17.132: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 23:28:17.132: debug: 	Signing completed after 0s.
+2008-07-24 23:28:17.132: notice: "example.net.": distribution triggered
+2008-07-24 23:28:17.132: debug: 	Distribute zone "example.net."
+2008-07-24 23:28:17.132: debug: 	  Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
+2008-07-24 23:28:17.138: debug: 	  ./dist.sh reload return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./"
+2008-07-24 23:28:17.138: debug: 
+2008-07-24 23:28:17.138: notice: end of run: 0 errors occured
+2008-07-24 23:31:17.354: notice: ------------------------------------------------------------
+2008-07-24 23:31:17.354: notice: running ../../dnssec-signer -r -f -v -v 
+2008-07-24 23:31:17.364: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-24 23:31:17.364: debug: 	Check RFC5011 status
+2008-07-24 23:31:17.364: debug: 		->not a rfc5011 zone, looking for a regular ksk rollover
+2008-07-24 23:31:17.364: debug: 	Check KSK status
+2008-07-24 23:31:17.364: debug: 	Check ZSK status
+2008-07-24 23:31:17.364: debug: 	Re-signing necessary: Option -f
+2008-07-24 23:31:17.364: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-24 23:31:17.364: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-24 23:31:17.364: debug: 	Signing zone "sub.example.net."
+2008-07-24 23:31:17.364: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-24 23:31:18.032: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 23:31:18.032: debug: 	Signing completed after 1s.
+2008-07-24 23:31:18.032: notice: "sub.example.net.": distribution triggered
+2008-07-24 23:31:18.032: debug: 	Distribute zone "sub.example.net."
+2008-07-24 23:31:18.032: debug: 	  Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-24 23:31:18.039: debug: 	  ./dist.sh reload return: "rndc reload  "
+2008-07-24 23:31:18.039: debug: 
+2008-07-24 23:31:18.039: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-24 23:31:18.039: debug: 	Check RFC5011 status
+2008-07-24 23:31:18.039: debug: 	Check ZSK status
+2008-07-24 23:31:18.039: debug: 	Re-signing necessary: Option -f
+2008-07-24 23:31:18.039: notice: "example.net.": re-signing triggered: Option -f
+2008-07-24 23:31:18.039: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-24 23:31:18.040: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-24 23:31:18.040: debug: 	Signing zone "example.net."
+2008-07-24 23:31:18.040: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-24 23:31:18.155: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 23:31:18.155: debug: 	Signing completed after 0s.
+2008-07-24 23:31:18.155: notice: "example.net.": distribution triggered
+2008-07-24 23:31:18.155: debug: 	Distribute zone "example.net."
+2008-07-24 23:31:18.155: debug: 	  Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
+2008-07-24 23:31:18.161: debug: 	  ./dist.sh reload return: "rndc reload  "
+2008-07-24 23:31:18.161: debug: 
+2008-07-24 23:31:18.162: notice: end of run: 0 errors occured
+2008-07-24 23:31:28.467: notice: ------------------------------------------------------------
+2008-07-24 23:31:28.467: notice: running ../../dnssec-signer -r -f -v -v 
+2008-07-24 23:31:28.470: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-24 23:31:28.470: debug: 	Check RFC5011 status
+2008-07-24 23:31:28.470: debug: 		->not a rfc5011 zone, looking for a regular ksk rollover
+2008-07-24 23:31:28.470: debug: 	Check KSK status
+2008-07-24 23:31:28.470: debug: 	Check ZSK status
+2008-07-24 23:31:28.470: debug: 	Re-signing necessary: Option -f
+2008-07-24 23:31:28.470: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-24 23:31:28.470: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-24 23:31:28.471: debug: 	Signing zone "sub.example.net."
+2008-07-24 23:31:28.471: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-24 23:31:29.058: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 23:31:29.059: debug: 	Signing completed after 1s.
+2008-07-24 23:31:29.059: notice: "sub.example.net.": distribution triggered
+2008-07-24 23:31:29.059: debug: 	Distribute zone "sub.example.net."
+2008-07-24 23:31:29.059: debug: 	  Run cmd "./dist.sh distribute sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-24 23:31:29.066: debug: 	  ./dist.sh distribute return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./"
+2008-07-24 23:31:29.066: notice: scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./: distribution triggered
+2008-07-24 23:31:29.066: debug: 	Distribute zone scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./
+2008-07-24 23:31:29.066: debug: 	  Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-24 23:31:29.072: debug: 	  ./dist.sh reload return: "rndc reload  "
+2008-07-24 23:31:29.072: debug: 
+2008-07-24 23:31:29.073: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-24 23:31:29.073: debug: 	Check RFC5011 status
+2008-07-24 23:31:29.073: debug: 	Check ZSK status
+2008-07-24 23:31:29.073: debug: 	Re-signing necessary: Option -f
+2008-07-24 23:31:29.073: notice: "example.net.": re-signing triggered: Option -f
+2008-07-24 23:31:29.073: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-24 23:31:29.074: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-24 23:31:29.074: debug: 	Signing zone "example.net."
+2008-07-24 23:31:29.075: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-24 23:31:29.204: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 23:31:29.204: debug: 	Signing completed after 0s.
+2008-07-24 23:31:29.204: notice: "example.net.": distribution triggered
+2008-07-24 23:31:29.204: debug: 	Distribute zone "example.net."
+2008-07-24 23:31:29.205: debug: 	  Run cmd "./dist.sh distribute example.net. ./example.net./zone.db.signed"
+2008-07-24 23:31:29.211: debug: 	  ./dist.sh distribute return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./"
+2008-07-24 23:31:29.211: notice: scp ./example.net./zone.db.signed localhost:/var/named/example.net./: distribution triggered
+2008-07-24 23:31:29.211: debug: 	Distribute zone scp ./example.net./zone.db.signed localhost:/var/named/example.net./
+2008-07-24 23:31:29.211: debug: 	  Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
+2008-07-24 23:31:29.217: debug: 	  ./dist.sh reload return: "rndc reload  "
+2008-07-24 23:31:29.217: debug: 
+2008-07-24 23:31:29.217: notice: end of run: 0 errors occured
+2008-07-24 23:35:48.844: notice: ------------------------------------------------------------
+2008-07-24 23:35:48.844: notice: running ../../dnssec-signer -r -f -v -v 
+2008-07-24 23:35:48.846: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-24 23:35:48.846: debug: 	Check RFC5011 status
+2008-07-24 23:35:48.846: debug: 		->not a rfc5011 zone, looking for a regular ksk rollover
+2008-07-24 23:35:48.846: debug: 	Check KSK status
+2008-07-24 23:35:48.846: debug: 	Check ZSK status
+2008-07-24 23:35:48.846: debug: 	Re-signing necessary: Option -f
+2008-07-24 23:35:48.846: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-24 23:35:48.846: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-24 23:35:48.846: debug: 	Signing zone "sub.example.net."
+2008-07-24 23:35:48.846: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-24 23:35:49.455: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 23:35:49.455: debug: 	Signing completed after 1s.
+2008-07-24 23:35:49.455: notice: "sub.example.net.": distribution triggered
+2008-07-24 23:35:49.455: debug: 	Distribute zone "sub.example.net."
+2008-07-24 23:35:49.455: debug: 	  Run cmd "./dist.sh distribute sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-24 23:35:49.462: notice: "sub.example.net.": distribution triggered
+2008-07-24 23:35:49.462: debug: 	Distribute zone "sub.example.net."
+2008-07-24 23:35:49.462: debug: 	  ./dist.sh distribute return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./"
+2008-07-24 23:35:49.462: debug: 	  Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-24 23:35:49.468: notice: "sub.example.net.": reload triggered
+2008-07-24 23:35:49.468: debug: 	Reload zone "sub.example.net."
+2008-07-24 23:35:49.468: debug: 	  ./dist.sh reload return: "rndc reload  "
+2008-07-24 23:35:49.468: debug: 
+2008-07-24 23:35:49.468: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-24 23:35:49.468: debug: 	Check RFC5011 status
+2008-07-24 23:35:49.469: debug: 	Check ZSK status
+2008-07-24 23:35:49.469: debug: 	Re-signing necessary: Option -f
+2008-07-24 23:35:49.469: notice: "example.net.": re-signing triggered: Option -f
+2008-07-24 23:35:49.469: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-24 23:35:49.470: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-24 23:35:49.470: debug: 	Signing zone "example.net."
+2008-07-24 23:35:49.470: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-24 23:35:49.600: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 23:35:49.600: debug: 	Signing completed after 0s.
+2008-07-24 23:35:49.600: notice: "example.net.": distribution triggered
+2008-07-24 23:35:49.600: debug: 	Distribute zone "example.net."
+2008-07-24 23:35:49.600: debug: 	  Run cmd "./dist.sh distribute example.net. ./example.net./zone.db.signed"
+2008-07-24 23:35:49.606: notice: "example.net.": distribution triggered
+2008-07-24 23:35:49.606: debug: 	Distribute zone "example.net."
+2008-07-24 23:35:49.606: debug: 	  ./dist.sh distribute return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./"
+2008-07-24 23:35:49.606: debug: 	  Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
+2008-07-24 23:35:49.613: notice: "example.net.": reload triggered
+2008-07-24 23:35:49.613: debug: 	Reload zone "example.net."
+2008-07-24 23:35:49.613: debug: 	  ./dist.sh reload return: "rndc reload  "
+2008-07-24 23:35:49.613: debug: 
+2008-07-24 23:35:49.613: notice: end of run: 0 errors occured
+2008-07-24 23:37:41.081: notice: ------------------------------------------------------------
+2008-07-24 23:37:41.081: notice: running ../../dnssec-signer -r -f -v -v 
+2008-07-24 23:37:41.083: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-24 23:37:41.083: debug: 	Check RFC5011 status
+2008-07-24 23:37:41.083: debug: 		->not a rfc5011 zone, looking for a regular ksk rollover
+2008-07-24 23:37:41.083: debug: 	Check KSK status
+2008-07-24 23:37:41.083: debug: 	Check ZSK status
+2008-07-24 23:37:41.083: debug: 	Re-signing necessary: Option -f
+2008-07-24 23:37:41.083: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-24 23:37:41.083: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-24 23:37:41.084: debug: 	Signing zone "sub.example.net."
+2008-07-24 23:37:41.084: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-24 23:37:41.688: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 23:37:41.688: debug: 	Signing completed after 0s.
+2008-07-24 23:37:41.689: notice: "sub.example.net.": distribution triggered
+2008-07-24 23:37:41.689: debug: 	Distribute zone "sub.example.net."
+2008-07-24 23:37:41.689: debug: 	  Run cmd "./dist.sh distribute sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-24 23:37:41.695: debug: 	  ./dist.sh distribute return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./"
+2008-07-24 23:37:41.695: notice: "sub.example.net.": reload triggered
+2008-07-24 23:37:41.695: debug: 	Reload zone "sub.example.net."
+2008-07-24 23:37:41.695: debug: 	  Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-24 23:37:41.701: debug: 	  ./dist.sh reload return: "rndc reload  "
+2008-07-24 23:37:41.701: debug: 
+2008-07-24 23:37:41.701: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-24 23:37:41.701: debug: 	Check RFC5011 status
+2008-07-24 23:37:41.701: debug: 	Check ZSK status
+2008-07-24 23:37:41.701: debug: 	Re-signing necessary: Option -f
+2008-07-24 23:37:41.701: notice: "example.net.": re-signing triggered: Option -f
+2008-07-24 23:37:41.701: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-24 23:37:41.702: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-24 23:37:41.702: debug: 	Signing zone "example.net."
+2008-07-24 23:37:41.702: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-24 23:37:41.823: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 23:37:41.824: debug: 	Signing completed after 0s.
+2008-07-24 23:37:41.824: notice: "example.net.": distribution triggered
+2008-07-24 23:37:41.824: debug: 	Distribute zone "example.net."
+2008-07-24 23:37:41.824: debug: 	  Run cmd "./dist.sh distribute example.net. ./example.net./zone.db.signed"
+2008-07-24 23:37:41.830: debug: 	  ./dist.sh distribute return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./"
+2008-07-24 23:37:41.831: notice: "example.net.": reload triggered
+2008-07-24 23:37:41.831: debug: 	Reload zone "example.net."
+2008-07-24 23:37:41.831: debug: 	  Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
+2008-07-24 23:37:41.837: debug: 	  ./dist.sh reload return: "rndc reload  "
+2008-07-24 23:37:41.837: debug: 
+2008-07-24 23:37:41.837: notice: end of run: 0 errors occured
+2008-07-24 23:37:51.742: notice: ------------------------------------------------------------
+2008-07-24 23:37:51.742: notice: running ../../dnssec-signer -r -f -v 
+2008-07-24 23:37:51.744: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-24 23:37:51.744: debug: 	Check RFC5011 status
+2008-07-24 23:37:51.744: debug: 		->not a rfc5011 zone, looking for a regular ksk rollover
+2008-07-24 23:37:51.744: debug: 	Check KSK status
+2008-07-24 23:37:51.744: debug: 	Check ZSK status
+2008-07-24 23:37:51.744: debug: 	Re-signing necessary: Option -f
+2008-07-24 23:37:51.744: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-24 23:37:51.744: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-24 23:37:51.745: debug: 	Signing zone "sub.example.net."
+2008-07-24 23:37:51.745: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-24 23:37:52.263: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 23:37:52.264: debug: 	Signing completed after 1s.
+2008-07-24 23:37:52.264: notice: "sub.example.net.": distribution triggered
+2008-07-24 23:37:52.264: debug: 	Distribute zone "sub.example.net."
+2008-07-24 23:37:52.264: debug: 	  Run cmd "./dist.sh distribute sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-24 23:37:52.270: debug: 	  ./dist.sh distribute return: "scp ./sub.example.net./zone.db.signed localhost:/var/named/sub.example.net./"
+2008-07-24 23:37:52.271: notice: "sub.example.net.": reload triggered
+2008-07-24 23:37:52.271: debug: 	Reload zone "sub.example.net."
+2008-07-24 23:37:52.271: debug: 	  Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-24 23:37:52.276: debug: 	  ./dist.sh reload return: "rndc reload  "
+2008-07-24 23:37:52.277: debug: 
+2008-07-24 23:37:52.277: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-24 23:37:52.277: debug: 	Check RFC5011 status
+2008-07-24 23:37:52.277: debug: 	Check ZSK status
+2008-07-24 23:37:52.277: debug: 	Re-signing necessary: Option -f
+2008-07-24 23:37:52.277: notice: "example.net.": re-signing triggered: Option -f
+2008-07-24 23:37:52.277: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-24 23:37:52.277: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-24 23:37:52.277: debug: 	Signing zone "example.net."
+2008-07-24 23:37:52.277: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-24 23:37:52.397: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-24 23:37:52.398: debug: 	Signing completed after 0s.
+2008-07-24 23:37:52.398: notice: "example.net.": distribution triggered
+2008-07-24 23:37:52.398: debug: 	Distribute zone "example.net."
+2008-07-24 23:37:52.398: debug: 	  Run cmd "./dist.sh distribute example.net. ./example.net./zone.db.signed"
+2008-07-24 23:37:52.404: debug: 	  ./dist.sh distribute return: "scp ./example.net./zone.db.signed localhost:/var/named/example.net./"
+2008-07-24 23:37:52.404: notice: "example.net.": reload triggered
+2008-07-24 23:37:52.404: debug: 	Reload zone "example.net."
+2008-07-24 23:37:52.404: debug: 	  Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
+2008-07-24 23:37:52.410: debug: 	  ./dist.sh reload return: "rndc reload  "
+2008-07-24 23:37:52.410: debug: 
+2008-07-24 23:37:52.410: notice: end of run: 0 errors occured
+2008-07-24 23:44:51.717: notice: ------------------------------------------------------------
+2008-07-24 23:44:51.717: notice: running ../../dnssec-signer -n -r -f -v 
+2008-07-24 23:44:51.719: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-24 23:44:51.719: debug: 	Check RFC5011 status
+2008-07-24 23:44:51.719: debug: 		->not a rfc5011 zone, looking for a regular ksk rollover
+2008-07-24 23:44:51.719: debug: 	Check KSK status
+2008-07-24 23:44:51.720: debug: 	Check ZSK status
+2008-07-24 23:44:51.720: debug: 	Re-signing necessary: Option -f
+2008-07-24 23:44:51.720: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-24 23:44:51.720: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-24 23:44:51.720: debug: 	Signing zone "sub.example.net."
+2008-07-24 23:44:51.720: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-24 23:44:51.720: debug: 	  Cmd dnssec-signzone return: ""
+2008-07-24 23:44:51.720: debug: 	Signing completed after 0s.
+2008-07-24 23:44:51.721: notice: "sub.example.net.": distribution triggered
+2008-07-24 23:44:51.721: debug: 	Distribute zone "sub.example.net."
+2008-07-24 23:44:51.721: debug: 	  Run cmd "./dist.sh distribute sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-24 23:44:51.721: debug: 	  ./dist.sh distribute return: ""
+2008-07-24 23:44:51.721: notice: "sub.example.net.": reload triggered
+2008-07-24 23:44:51.721: debug: 	Reload zone "sub.example.net."
+2008-07-24 23:44:51.721: debug: 	  Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-24 23:44:51.721: debug: 	  ./dist.sh reload return: ""
+2008-07-24 23:44:51.721: debug: 
+2008-07-24 23:44:51.721: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-24 23:44:51.721: debug: 	Check RFC5011 status
+2008-07-24 23:44:51.721: debug: 	Check ZSK status
+2008-07-24 23:44:51.721: debug: 	Re-signing necessary: Option -f
+2008-07-24 23:44:51.722: notice: "example.net.": re-signing triggered: Option -f
+2008-07-24 23:44:51.722: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-24 23:44:51.722: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-24 23:44:51.722: notice: "example.net.": distribution triggered
+2008-07-24 23:44:51.722: debug: 	Distribute zone "example.net."
+2008-07-24 23:44:51.722: debug: 	  Run cmd "./dist.sh distribute example.net. ./example.net./zone.db.signed"
+2008-07-24 23:44:51.722: debug: 	  ./dist.sh distribute return: ""
+2008-07-24 23:44:51.722: notice: "example.net.": reload triggered
+2008-07-24 23:44:51.722: debug: 	Reload zone "example.net."
+2008-07-24 23:44:51.722: debug: 	  Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
+2008-07-24 23:44:51.722: debug: 	  ./dist.sh reload return: ""
+2008-07-24 23:44:51.723: debug: 
+2008-07-24 23:44:51.723: notice: end of run: 0 errors occured
+2008-07-24 23:44:57.039: notice: ------------------------------------------------------------
+2008-07-24 23:44:57.040: notice: running ../../dnssec-signer -n -r -f -v -v 
+2008-07-24 23:44:57.042: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-24 23:44:57.042: debug: 	Check RFC5011 status
+2008-07-24 23:44:57.042: debug: 		->not a rfc5011 zone, looking for a regular ksk rollover
+2008-07-24 23:44:57.042: debug: 	Check KSK status
+2008-07-24 23:44:57.042: debug: 	Check ZSK status
+2008-07-24 23:44:57.042: debug: 	Re-signing necessary: Option -f
+2008-07-24 23:44:57.042: notice: "sub.example.net.": re-signing triggered: Option -f
+2008-07-24 23:44:57.042: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-24 23:44:57.042: debug: 	Signing zone "sub.example.net."
+2008-07-24 23:44:57.042: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-24 23:44:57.042: debug: 	  Cmd dnssec-signzone return: ""
+2008-07-24 23:44:57.042: debug: 	Signing completed after 0s.
+2008-07-24 23:44:57.042: notice: "sub.example.net.": distribution triggered
+2008-07-24 23:44:57.042: debug: 	Distribute zone "sub.example.net."
+2008-07-24 23:44:57.042: debug: 	  Run cmd "./dist.sh distribute sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-24 23:44:57.042: debug: 	  ./dist.sh distribute return: ""
+2008-07-24 23:44:57.043: notice: "sub.example.net.": reload triggered
+2008-07-24 23:44:57.043: debug: 	Reload zone "sub.example.net."
+2008-07-24 23:44:57.043: debug: 	  Run cmd "./dist.sh reload sub.example.net. ./sub.example.net./zone.db.signed"
+2008-07-24 23:44:57.043: debug: 	  ./dist.sh reload return: ""
+2008-07-24 23:44:57.043: debug: 
+2008-07-24 23:44:57.043: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-24 23:44:57.043: debug: 	Check RFC5011 status
+2008-07-24 23:44:57.043: debug: 	Check ZSK status
+2008-07-24 23:44:57.043: debug: 	Re-signing necessary: Option -f
+2008-07-24 23:44:57.043: notice: "example.net.": re-signing triggered: Option -f
+2008-07-24 23:44:57.043: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-24 23:44:57.043: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-24 23:44:57.043: notice: "example.net.": distribution triggered
+2008-07-24 23:44:57.043: debug: 	Distribute zone "example.net."
+2008-07-24 23:44:57.043: debug: 	  Run cmd "./dist.sh distribute example.net. ./example.net./zone.db.signed"
+2008-07-24 23:44:57.043: debug: 	  ./dist.sh distribute return: ""
+2008-07-24 23:44:57.043: notice: "example.net.": reload triggered
+2008-07-24 23:44:57.043: debug: 	Reload zone "example.net."
+2008-07-24 23:44:57.043: debug: 	  Run cmd "./dist.sh reload example.net. ./example.net./zone.db.signed"
+2008-07-24 23:44:57.043: debug: 	  ./dist.sh reload return: ""
+2008-07-24 23:44:57.043: debug: 
+2008-07-24 23:44:57.043: notice: end of run: 0 errors occured
+2008-07-25 23:31:07.235: notice: ------------------------------------------------------------
+2008-07-25 23:31:07.236: notice: running ../../dnssec-signer -v -v 
+2008-07-25 23:31:07.238: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-25 23:31:07.238: debug: 	Check RFC5011 status
+2008-07-25 23:31:07.238: debug: 		->not a rfc5011 zone, looking for a regular ksk rollover
+2008-07-25 23:31:07.238: debug: 	Check KSK status
+2008-07-25 23:31:07.238: debug: 	Check ZSK status
+2008-07-25 23:31:07.238: debug: 	Lifetime(259200 +/-150 sec) of active key 31081 exceeded (343229 sec)
+2008-07-25 23:31:07.239: debug: 		->depreciate it
+2008-07-25 23:31:07.239: debug: 		->activate published key 3615
+2008-07-25 23:31:07.239: notice: "sub.example.net.": lifetime of zone signing key 31081 exceeded: ZSK rollover done
+2008-07-25 23:31:07.239: debug: 	New published key needed
+2008-07-25 23:31:07.397: debug: 		->creating new published key 4254
+2008-07-25 23:31:07.397: info: "sub.example.net.": new key 4254 generated for publishing
+2008-07-25 23:31:07.397: debug: 	Re-signing necessary: New zone key
+2008-07-25 23:31:07.397: notice: "sub.example.net.": re-signing triggered: New zone key
+2008-07-25 23:31:07.398: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-25 23:31:07.398: debug: 	Signing zone "sub.example.net."
+2008-07-25 23:31:07.398: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-25 23:31:07.639: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-25 23:31:07.639: debug: 	Signing completed after 0s.
+2008-07-25 23:31:07.639: debug: 
+2008-07-25 23:31:07.639: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-25 23:31:07.639: debug: 	Check RFC5011 status
+2008-07-25 23:31:07.639: debug: 	Check ZSK status
+2008-07-25 23:31:07.639: debug: 	Re-signing necessary: Modified keys
+2008-07-25 23:31:07.639: notice: "example.net.": re-signing triggered: Modified keys
+2008-07-25 23:31:07.639: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-25 23:31:07.640: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-25 23:31:07.640: debug: 	Signing zone "example.net."
+2008-07-25 23:31:07.640: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-25 23:31:07.783: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-25 23:31:07.783: debug: 	Signing completed after 0s.
+2008-07-25 23:31:07.783: debug: 
+2008-07-25 23:31:07.783: notice: end of run: 0 errors occured
+2008-07-25 23:32:27.052: notice: ------------------------------------------------------------
+2008-07-25 23:32:27.052: notice: running ../../dnssec-signer -v -v 
+2008-07-25 23:32:27.054: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-25 23:32:27.054: debug: 	Check RFC5011 status
+2008-07-25 23:32:27.054: debug: 		->not a rfc5011 zone, looking for a regular ksk rollover
+2008-07-25 23:32:27.054: debug: 	Check KSK status
+2008-07-25 23:32:27.054: debug: 	Check ZSK status
+2008-07-25 23:32:27.054: debug: 	Re-signing not necessary!
+2008-07-25 23:32:27.054: debug: 	Check if there is a parent file to copy
+2008-07-25 23:32:27.054: debug: 
+2008-07-25 23:32:27.054: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-25 23:32:27.054: debug: 	Check RFC5011 status
+2008-07-25 23:32:27.054: debug: 	Check ZSK status
+2008-07-25 23:32:27.054: debug: 	Re-signing not necessary!
+2008-07-25 23:32:27.054: debug: 	Check if there is a parent file to copy
+2008-07-25 23:32:27.057: debug: 
+2008-07-25 23:32:27.057: notice: end of run: 0 errors occured
+2008-07-31 00:25:52.601: notice: ------------------------------------------------------------
+2008-07-31 00:25:52.601: notice: running ../../dnssec-signer -v -v 
+2008-07-31 00:25:52.604: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-31 00:25:52.604: debug: 	Check RFC5011 status
+2008-07-31 00:25:52.604: debug: 		->not a rfc5011 zone, looking for a regular ksk rollover
+2008-07-31 00:25:52.604: debug: 	Check KSK status
+2008-07-31 00:25:52.604: debug: 	Check ZSK status
+2008-07-31 00:25:52.604: debug: 	Lifetime(390 sec) of depreciated key 31081 exceeded (435285 sec)
+2008-07-31 00:25:52.604: info: "sub.example.net.": old ZSK 31081 removed
+2008-07-31 00:25:52.605: debug: 		->remove it
+2008-07-31 00:25:52.605: debug: 	Lifetime(259200 +/-150 sec) of active key 3615 exceeded (435285 sec)
+2008-07-31 00:25:52.605: debug: 		->depreciate it
+2008-07-31 00:25:52.605: debug: 		->activate published key 4254
+2008-07-31 00:25:52.605: notice: "sub.example.net.": lifetime of zone signing key 3615 exceeded: ZSK rollover done
+2008-07-31 00:25:52.605: debug: 	New key for publishing needed
+2008-07-31 00:25:53.128: debug: 		->creating new key 56744
+2008-07-31 00:25:53.128: info: "sub.example.net.": new key 56744 generated for publishing
+2008-07-31 00:25:53.128: debug: 	Re-signing necessary: New zone key
+2008-07-31 00:25:53.128: notice: "sub.example.net.": re-signing triggered: New zone key
+2008-07-31 00:25:53.128: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-31 00:25:53.128: debug: 	Signing zone "sub.example.net."
+2008-07-31 00:25:53.128: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-31 00:25:53.332: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-31 00:25:53.332: debug: 	Signing completed after 0s.
+2008-07-31 00:25:53.332: debug: 
+2008-07-31 00:25:53.332: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-31 00:25:53.332: debug: 	Check RFC5011 status
+2008-07-31 00:25:53.332: debug: 	Check ZSK status
+2008-07-31 00:25:53.332: debug: 	Re-signing necessary: re-signing interval (2d) reached
+2008-07-31 00:25:53.332: notice: "example.net.": re-signing triggered: re-signing interval (2d) reached
+2008-07-31 00:25:53.332: debug: 	Writing key file "./example.net./dnskey.db"
+2008-07-31 00:25:53.333: debug: 	Incrementing serial number in file "./example.net./zone.db"
+2008-07-31 00:25:53.333: debug: 	Signing zone "example.net."
+2008-07-31 00:25:53.333: debug: 	  Run cmd "cd ./example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o example.net. -e +518400  zone.db K*.private"
+2008-07-31 00:25:53.477: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-31 00:25:53.477: debug: 	Signing completed after 0s.
+2008-07-31 00:25:53.477: debug: 
+2008-07-31 00:25:53.477: notice: end of run: 0 errors occured
+2008-07-31 13:19:17.447: notice: ------------------------------------------------------------
+2008-07-31 13:19:17.447: notice: running ../../dnssec-signer -v -v 
+2008-07-31 13:19:17.449: debug: parsing zone "sub.example.net." in dir "./sub.example.net."
+2008-07-31 13:19:17.449: debug: 	Check RFC5011 status
+2008-07-31 13:19:17.450: debug: 		->not a rfc5011 zone, looking for a regular ksk rollover
+2008-07-31 13:19:17.450: debug: 	Check KSK status
+2008-07-31 13:19:17.450: debug: 	Check ZSK status
+2008-07-31 13:19:17.450: debug: 	Lifetime(390 sec) of depreciated key 3615 exceeded (46405 sec)
+2008-07-31 13:19:17.450: info: "sub.example.net.": old ZSK 3615 removed
+2008-07-31 13:19:17.450: debug: 		->remove it
+2008-07-31 13:19:17.450: debug: 	Re-signing necessary: New zone key
+2008-07-31 13:19:17.451: notice: "sub.example.net.": re-signing triggered: New zone key
+2008-07-31 13:19:17.451: debug: 	Writing key file "./sub.example.net./dnskey.db"
+2008-07-31 13:19:17.451: debug: 	Signing zone "sub.example.net."
+2008-07-31 13:19:17.451: debug: 	  Run cmd "cd ./sub.example.net.; /usr/local/sbin/dnssec-signzone  -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
+2008-07-31 13:19:17.943: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-07-31 13:19:17.944: debug: 	Signing completed after 0s.
+2008-07-31 13:19:17.944: debug: 
+2008-07-31 13:19:17.944: debug: parsing zone "example.net." in dir "./example.net."
+2008-07-31 13:19:17.944: debug: 	Check RFC5011 status
+2008-07-31 13:19:17.944: debug: 	Check ZSK status
+2008-07-31 13:19:17.944: debug: 	Re-signing not necessary!
+2008-07-31 13:19:17.944: debug: 	Check if there is a parent file to copy
+2008-07-31 13:19:17.944: debug: 
+2008-07-31 13:19:17.945: notice: end of run: 0 errors occured
diff --git a/contrib/zkt/examples/flat/zone.conf b/contrib/zkt/examples/flat/zone.conf
new file mode 100644
index 0000000..0ccc7f6
--- /dev/null
+++ b/contrib/zkt/examples/flat/zone.conf
@@ -0,0 +1,10 @@
+
+zone "example.NET." in {
+	type master;
+	file "example.net./zone.db.signed";
+};
+
+zone "sub.example.NET." in {
+	type master;
+	file "sub.example.net./zone.db.signed";
+};
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+11867.key b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+11867.key
new file mode 100644
index 0000000..a824208
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+11867.key
@@ -0,0 +1,3 @@
+;%	generationtime=20080717083652
+;%	lifetime=28d
+example.de. IN DNSKEY  256 3 5 BQEAAAAByN2rMrazHwh+sNOv8cBef3HUotAQTS9QW4Y5NjNuyYNraJBA OqV8KSaGQqIhkh0ZD0oIm2h0JowdyERZVj6ZZQ==
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+11867.published b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+11867.published
new file mode 100644
index 0000000..8703816
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+11867.published
@@ -0,0 +1,10 @@
+Private-key-format: v1.2
+Algorithm: 5 (RSASHA1)
+Modulus: yN2rMrazHwh+sNOv8cBef3HUotAQTS9QW4Y5NjNuyYNraJBAOqV8KSaGQqIhkh0ZD0oIm2h0JowdyERZVj6ZZQ==
+PublicExponent: AQAAAAE=
+PrivateExponent: PUJ1+zrJn3r8Z+GcNmxwyHaNeLivsjSiSoGZu2FnlJHgHV3Kq5ZL+d5jeGpbPyW6Bc5z+NpkqGPuz/DG9C6OhQ==
+Prime1: 8NWUn++L7p45k/tgcIoVKWe9Jgwtn4m8K8PkNQG1H4s=
+Prime2: 1YPE6Nw/KsuDHPkM6NAqtnMWugaG9kDq348eSTkhSM8=
+Exponent1: tF/x51phYle6xgqBLw3ixmkQJCSpCa3F51pb/zGieV0=
+Exponent2: PeU/PmlccGmtux9ZC9rEdu/xmMERXZri3QdBtCzYDLs=
+Coefficient: gMF5l8BpGn2VBO7XqZNTJWOkx1lBOytfBc4y6yh+Cn8=
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+17439.key b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+17439.key
new file mode 100644
index 0000000..1986117
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+17439.key
@@ -0,0 +1,4 @@
+;%	generationtime=20080506225722
+;%	lifetime=20d
+;%	expirationtime=20080711220959
+example.de. IN DNSKEY  385 3 5 BQEAAAABCyg92L7v21N3lc/gR07/2iLmvt6dUn1KKauLvmkRuT040XT+ Rd3Iq20iq6BqVPsPS+hCOTRA3xikTIn5YzmPLPutIRtjIodHhsrML4D9 Pp1dzgEDKWLam96v+E7KC0GGH/BI6/WelqeqjS5BjI4Gjv4roaTyDCi6 3oXwcMFDVwrSjws4A/5AGANka41Aky+UCGse6+64YmNP/QkSXDAeBZqw rw==
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+17439.private b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+17439.private
new file mode 100644
index 0000000..62b7ca4
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+17439.private
@@ -0,0 +1,10 @@
+Private-key-format: v1.2
+Algorithm: 5 (RSASHA1)
+Modulus: Cyg92L7v21N3lc/gR07/2iLmvt6dUn1KKauLvmkRuT040XT+Rd3Iq20iq6BqVPsPS+hCOTRA3xikTIn5YzmPLPutIRtjIodHhsrML4D9Pp1dzgEDKWLam96v+E7KC0GGH/BI6/WelqeqjS5BjI4Gjv4roaTyDCi63oXwcMFDVwrSjws4A/5AGANka41Aky+UCGse6+64YmNP/QkSXDAeBZqwrw==
+PublicExponent: AQAAAAE=
+PrivateExponent: CGYBtGSIMmSFoqnh6yYuoYlvTP2O7vkBdRrfkN43NwdlQVhco+wQO55QxCZNhCcbp2xau9IdejetNH0pQ3Zfg2Vllx78F8VMTMqkgw2HudWS/RahkMg+Hq6DBUaX/LYt90ToGyy5+FmyBm4fOV8FxJVrmTFMw4m7ULp3FgRcxmzS5zNjKYP2LKU/pYz0wFpyAr88DGNjChgwvRN/GE4obsoJgQ==
+Prime1: A18v8idXV3o9tpIzalTEpOeDX7OxKumhUsoDpPhOJf7XqHLS6hYoYwFbRObF23Zi/3kHiAoGffR1Dkd+ji3xZhFOSEcUDuikQ2jdzdY8NxbzQQ==
+Prime2: A08XMjIEpsViYvYB+ChuYxPbq7Z/eHtT/r5f8zS+nuEUwYAlKeq/i+U5sIydC1txv5XQuRPqpjtlZTClJ85BpS0GnSspG5PcY3OMwkA2smLX7w==
+Exponent1: AcLu8YM68M8LtP7Dr7vYI+vJK6RK5SN/mAnz4ALt53igCUB/iVrfvBWCHp7hEgkRZUQQoItbT9C6YXrC3G9DW+IldSP8vrtqYva4YDBD2X1LAQ==
+Exponent2: JdJVp3CAJPPcx0KiKDS8gHDiu22CBV2w1cycnXgwFmJl4aQkbTA7/xlgl15r3lByacAc19JreArqgCQRQV3bS7NG2PiQmzO26XkwCq+Kj7OJ
+Coefficient: i6sKgv2zpCvdY9fChryaf5nZyb4nFd2dG/vnjQScBz8YVw4LnfL/XqKIego0Ez6/KlL4AnvkcafzogJ+MtmBB7V4RXEyObcbR6M/MLGMhpL8
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+35672.key b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+35672.key
new file mode 100644
index 0000000..4836d51
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+35672.key
@@ -0,0 +1,3 @@
+;%	generationtime=20080608210458
+;%	lifetime=28d
+example.de. IN DNSKEY  256 3 5 BQEAAAABnRJdmY7dzRKi93pVkLToV5FK4Ffm8YnY0c6IHKcAmb5t8FLv pNijniIclCPXTpfio+HNa59a4UA8jTdJb+kT0w==
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+35672.private b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+35672.private
new file mode 100644
index 0000000..3b1b32e
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+35672.private
@@ -0,0 +1,10 @@
+Private-key-format: v1.2
+Algorithm: 5 (RSASHA1)
+Modulus: nRJdmY7dzRKi93pVkLToV5FK4Ffm8YnY0c6IHKcAmb5t8FLvpNijniIclCPXTpfio+HNa59a4UA8jTdJb+kT0w==
+PublicExponent: AQAAAAE=
+PrivateExponent: I2jMbjLfEzJ4iZHvXDTRZKM2/SXOLH9dTWkzH8zfbW+jzsKObfnt7/yJYaIHv0gQOvOAfQ46RutqryjQpLPtoQ==
+Prime1: 0TgZK52tc+JlhyG5229kjntpXP0enYcMqROdLM9lSoM=
+Prime2: wDFNEVHv0GDU7L7ZLPIuRewnHg9SHgSnQ+kOWDhZEHE=
+Exponent1: aVdC0HyDAG7bvUkwx468HhrL/00lGXQYvnxoKqV3/dU=
+Exponent2: quQ/NY7YkT3jYi649bQ9hsWDkaAoBf1FrIVPcf3FSXE=
+Coefficient: Td8UjaaoC44Qt0jCQ4uULI1YUQRNdPYH3024NghryrE=
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+41145.key b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+41145.key
new file mode 100644
index 0000000..3a636d4
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+41145.key
@@ -0,0 +1,3 @@
+;%	generationtime=20080608210458
+;%	lifetime=20d
+example.de. IN DNSKEY  257 3 5 BQEAAAABDrm5aXRPuZOmwT4nINnY2qXyXWLtutggFAJgBW5Ua7uzAR+7 r/DcOE7IfjnT5FQhbYXIuKy61uOEqPu1TYvDsGb1pseKSB4J0jmXDU9N tu9TDp6X6ZXE11+cFdATa4TPnsAUMSxVkLZanrbyACmcNr1gjT3dz6qI VBVPb5OnUldndbgtlOX3wcE0aR/MIsIjz1UQl/QoxbVclZVOUNdJQGb9 zQ==
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+41145.private b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+41145.private
new file mode 100644
index 0000000..b0466be
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+41145.private
@@ -0,0 +1,10 @@
+Private-key-format: v1.2
+Algorithm: 5 (RSASHA1)
+Modulus: Drm5aXRPuZOmwT4nINnY2qXyXWLtutggFAJgBW5Ua7uzAR+7r/DcOE7IfjnT5FQhbYXIuKy61uOEqPu1TYvDsGb1pseKSB4J0jmXDU9Ntu9TDp6X6ZXE11+cFdATa4TPnsAUMSxVkLZanrbyACmcNr1gjT3dz6qIVBVPb5OnUldndbgtlOX3wcE0aR/MIsIjz1UQl/QoxbVclZVOUNdJQGb9zQ==
+PublicExponent: AQAAAAE=
+PrivateExponent: AQM2fRAmc6coPLeTHAK1DCHOYCRPSjsHYXoOzwMzzdIpHschjfxka35UdNSGKYpqM9E+VTZmV96w9ZZK5recxYak/6F72ZYTIYtsWYqCkej18nzhpnlt4nASnRt0nsS9UVVwc1Y7QxqRtSVXEcgcbiW3lr0jq+PSBf/HjY9qOHV4ExXlz7KPYOWbJa1YLFnvGlMd/W7hmQvXNEfTvOwjKURV4Q==
+Prime1: A/0Yax4evJzC7VSw0Swt0KNM7gtIJ9nwzDCrTymulzKhu6Wgeu0veU9OAGDhv0Yfmn0kr1JLITpMu4uo3a5jfLb18yZEAyPphejZBA+wPIll+Q==
+Prime2: A7EcplBfPWZmeCeL6UnFz4h45nxi3jRfQT00k34Nu5aFt5v+ngExbatcoOMnEKZSq2SQKDQRTp6XBOiwPNB9mVaLmzl9k9tyX6JvkCBEDrM7dQ==
+Exponent1: AjoJbjmJarH7I4Zj5UPc9r0I5NtVgrAx4ZltcqPN07/1cBS2QAnZuMSLUvv8pkK+Lng9Wdy9c2FL0XjWY5Q+ORYj4ONGl9OWpi2zKqpTw4WgOQ==
+Exponent2: AZfFGuYsztbn6tHFUIdIeXfaFTYyVbSfCEUp2Uv8N75QMyyuT4dzAlkU2cfSg3oAefrlCKWqXtLv9XlOJ1hTeXZOz8jyYAyhvGWGoHmSbeaNKQ==
+Coefficient: AX6DKJRk0GXwCnkpfbn91myfZ2wgsUTXKjqasdlTqm3JL9Rtpq8J2MWPhexcSSz8DNa5LQlGduE1nh4eqqntnSNckD6CeImMdWgTNbQS3zV8Bw==
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+59244.key b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+59244.key
new file mode 100644
index 0000000..35d4c6a
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+59244.key
@@ -0,0 +1,3 @@
+;%	generationtime=20080711221000
+;%	lifetime=20d
+example.de. IN DNSKEY  257 3 5 BQEAAAABDfaBERX9p+FUi1OXYVig7zLCQFZoRYpwDDuLzBcC7k+G1+wW dftyA1vBm5HMpyq0OifT0Hsez4+H+0CIWHZP8oPCYfKrq+wM2EgMzDDO Yv+O1TQU4i3G+iONxB1RAwH/J2lA+U0zCbrdf0KLq/enNquchhPw4gCX 0RB9HC+TkpoPf2u7aKFcjlpw4C4uhDl1s6FpfdXe6NQWW6c+ONUcLAEt +w==
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+59244.published b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+59244.published
new file mode 100644
index 0000000..b7f28db
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de./example.de./Kexample.de.+005+59244.published
@@ -0,0 +1,10 @@
+Private-key-format: v1.2
+Algorithm: 5 (RSASHA1)
+Modulus: DfaBERX9p+FUi1OXYVig7zLCQFZoRYpwDDuLzBcC7k+G1+wWdftyA1vBm5HMpyq0OifT0Hsez4+H+0CIWHZP8oPCYfKrq+wM2EgMzDDOYv+O1TQU4i3G+iONxB1RAwH/J2lA+U0zCbrdf0KLq/enNquchhPw4gCX0RB9HC+TkpoPf2u7aKFcjlpw4C4uhDl1s6FpfdXe6NQWW6c+ONUcLAEt+w==
+PublicExponent: AQAAAAE=
+PrivateExponent: /MDd0rAZf9mm/3cDi6TjTqeegMmnidhKYIzxyz1+quzwOA16L3jLf3ucWjz/BlEiOYh1CZbAroGRYqBAskys8u7FDinOQEP5cEn5NUyL5z0WebSCO+qnaqaQSokRs0oUx3+e9tJc9GhhmZIVNXQe4mYxfeYCl6KZS9CXe22y31PkvJ+SQIBh/I+SQnM4rbW012rKroAxdHfTvmalofx+Qb1h
+Prime1: A/5Pkk5UAGvEa06GrEcATMOjsxZ0BbgalPuJKLLTFzvtYhdlJY738oY0QfsHba9hEC+iiSwfjWYyNlH/7bcVqSFtbLJiJ0aUfvObj75qw4HjXQ==
+Prime2: A38aQzy3UrARKcwUqCiQrSOTM5P7xIDfbruW7ywmaWA1lXCvP3EJAal6MYs0pG2vx1cxVTIPva3Se26NkGaBqZw+RgHxmRmfgxvSoCfWXGZZNw==
+Exponent1: OvPYJBkVUbncb0mBtTe5uwa9RgGlCgW4ges93zf3UQuHGvAesUFNnMh6y9zi4vgyVNbz2KOSnA91onc9l42b6NwqRNbExGhDsMc8NQi16vnF
+Exponent2: AkkCNzHuGv3HaQ4MpRT/PLPA2UONseMBvJHWlgK+aO2xb6/7I09sPqKnJ4f6Bj5jL8efNZYHWsaN4l335V9lc5791opU+07LHHpULn2qVRpJYw==
+Coefficient: An94juF2F5cDtoMC6gwI5iaWDH/qxkeuZ62fnMFoMY18XO0/clTVfdW7XvXCOn1DQyDLDOYpxR5MfeDKkbxtGGYKABWBOWlyaS1A5D5wTQRJzw==
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./dnskey.db b/contrib/zkt/examples/hierarchical/de./example.de./dnskey.db
new file mode 100644
index 0000000..bd106bd
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de./example.de./dnskey.db
@@ -0,0 +1,48 @@
+;
+;	!!! Don't edit this file by hand.
+;	!!! It will be generated by dnssec-signer.
+;
+;	 Last generation time Jul 29 2008 12:44:06
+;
+
+;  ***  List of Key Signing Keys  ***
+; example.de.  tag=17439  algo=RSASHA1  generated Jun 19 2008 00:32:22
+example.de. 3600 IN DNSKEY  385 3 5 (
+			BQEAAAABCyg92L7v21N3lc/gR07/2iLmvt6dUn1KKauLvmkRuT040XT+
+			Rd3Iq20iq6BqVPsPS+hCOTRA3xikTIn5YzmPLPutIRtjIodHhsrML4D9
+			Pp1dzgEDKWLam96v+E7KC0GGH/BI6/WelqeqjS5BjI4Gjv4roaTyDCi6
+			3oXwcMFDVwrSjws4A/5AGANka41Aky+UCGse6+64YmNP/QkSXDAeBZqw
+			rw==
+		) ; key id = 17567 (original key id = 17439)
+
+; example.de.  tag=41145  algo=RSASHA1  generated Jul 12 2008 00:10:00
+example.de. 3600 IN DNSKEY  257 3 5 (
+			BQEAAAABDrm5aXRPuZOmwT4nINnY2qXyXWLtutggFAJgBW5Ua7uzAR+7
+			r/DcOE7IfjnT5FQhbYXIuKy61uOEqPu1TYvDsGb1pseKSB4J0jmXDU9N
+			tu9TDp6X6ZXE11+cFdATa4TPnsAUMSxVkLZanrbyACmcNr1gjT3dz6qI
+			VBVPb5OnUldndbgtlOX3wcE0aR/MIsIjz1UQl/QoxbVclZVOUNdJQGb9
+			zQ==
+		) ; key id = 41145
+
+; example.de.  tag=59244  algo=RSASHA1  generated Jul 12 2008 00:10:00
+example.de. 3600 IN DNSKEY  257 3 5 (
+			BQEAAAABDfaBERX9p+FUi1OXYVig7zLCQFZoRYpwDDuLzBcC7k+G1+wW
+			dftyA1vBm5HMpyq0OifT0Hsez4+H+0CIWHZP8oPCYfKrq+wM2EgMzDDO
+			Yv+O1TQU4i3G+iONxB1RAwH/J2lA+U0zCbrdf0KLq/enNquchhPw4gCX
+			0RB9HC+TkpoPf2u7aKFcjlpw4C4uhDl1s6FpfdXe6NQWW6c+ONUcLAEt
+			+w==
+		) ; key id = 59244
+
+; ***  List of Zone Signing Keys  ***
+; example.de.  tag=35672  algo=RSASHA1  generated Jul 17 2008 10:36:52
+example.de. 3600 IN DNSKEY  256 3 5 (
+			BQEAAAABnRJdmY7dzRKi93pVkLToV5FK4Ffm8YnY0c6IHKcAmb5t8FLv
+			pNijniIclCPXTpfio+HNa59a4UA8jTdJb+kT0w==
+		) ; key id = 35672
+
+; example.de.  tag=11867  algo=RSASHA1  generated Jul 17 2008 10:36:52
+example.de. 3600 IN DNSKEY  256 3 5 (
+			BQEAAAAByN2rMrazHwh+sNOv8cBef3HUotAQTS9QW4Y5NjNuyYNraJBA
+			OqV8KSaGQqIhkh0ZD0oIm2h0JowdyERZVj6ZZQ==
+		) ; key id = 11867
+
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./dsset-example.de. b/contrib/zkt/examples/hierarchical/de./example.de./dsset-example.de.
new file mode 100644
index 0000000..a2cb04a
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de./example.de./dsset-example.de.
@@ -0,0 +1,6 @@
+example.de.		IN DS 17567 5 1 D2AE03CF2A76AA0A28AE8593B3D96E497C6508E5
+example.de.		IN DS 17567 5 2 A9F2D82927721257F7C4325B402F664BBFE58780A786BB7B7188A0DB FD5D7008
+example.de.		IN DS 41145 5 1 8F18A5F2A59AEF518DBA5A0CD0F0E259DD0F8C05
+example.de.		IN DS 41145 5 2 BA5A78FB98E5A38554B4D73B32F15C4794AEE9E25934B3696B999451 A534102A
+example.de.		IN DS 59244 5 1 56F34A865AFA3A183D3C008490B94CB1D238BB9A
+example.de.		IN DS 59244 5 2 08C1BFC17C4634BE4A03A297D65E44CC8EB375B4027534541B7E0596 5E985313
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./keyset-example.de. b/contrib/zkt/examples/hierarchical/de./example.de./keyset-example.de.
new file mode 100644
index 0000000..2b40c68
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de./example.de./keyset-example.de.
@@ -0,0 +1,28 @@
+$ORIGIN .
+example.de		7200	IN DNSKEY 257 3 5 (
+					BQEAAAABDfaBERX9p+FUi1OXYVig7zLCQFZo
+					RYpwDDuLzBcC7k+G1+wWdftyA1vBm5HMpyq0
+					OifT0Hsez4+H+0CIWHZP8oPCYfKrq+wM2EgM
+					zDDOYv+O1TQU4i3G+iONxB1RAwH/J2lA+U0z
+					Cbrdf0KLq/enNquchhPw4gCX0RB9HC+TkpoP
+					f2u7aKFcjlpw4C4uhDl1s6FpfdXe6NQWW6c+
+					ONUcLAEt+w==
+					) ; key id = 59244
+			7200	IN DNSKEY 257 3 5 (
+					BQEAAAABDrm5aXRPuZOmwT4nINnY2qXyXWLt
+					utggFAJgBW5Ua7uzAR+7r/DcOE7IfjnT5FQh
+					bYXIuKy61uOEqPu1TYvDsGb1pseKSB4J0jmX
+					DU9Ntu9TDp6X6ZXE11+cFdATa4TPnsAUMSxV
+					kLZanrbyACmcNr1gjT3dz6qIVBVPb5OnUldn
+					dbgtlOX3wcE0aR/MIsIjz1UQl/QoxbVclZVO
+					UNdJQGb9zQ==
+					) ; key id = 41145
+			7200	IN DNSKEY 385 3 5 (
+					BQEAAAABCyg92L7v21N3lc/gR07/2iLmvt6d
+					Un1KKauLvmkRuT040XT+Rd3Iq20iq6BqVPsP
+					S+hCOTRA3xikTIn5YzmPLPutIRtjIodHhsrM
+					L4D9Pp1dzgEDKWLam96v+E7KC0GGH/BI6/We
+					lqeqjS5BjI4Gjv4roaTyDCi63oXwcMFDVwrS
+					jws4A/5AGANka41Aky+UCGse6+64YmNP/QkS
+					XDAeBZqwrw==
+					) ; key id = 17567
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./keyset-sub.example.de. b/contrib/zkt/examples/hierarchical/de./example.de./keyset-sub.example.de.
new file mode 100644
index 0000000..04ed33a
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de./example.de./keyset-sub.example.de.
@@ -0,0 +1,8 @@
+$ORIGIN .
+sub.example.de		7200	IN DNSKEY 257 3 5 (
+					BQEAAAABpL4/T8z6mCbTm46Y9+KJOgCAk+dG
+					HBoyg75N1f0lwYSZOLyyyOLWwDxlsfkb5Wwv
+					Z1ZG6NFmg/3o5N3Zd7TEkkvHZafRMrzHFicd
+					IMSvjmOWVBR0GsEb+reREu5X0sdZbqOuxT6C
+					kKoTXRpRZgU9ouus6W5bSWQAfdQIegTBBKk=
+					) ; key id = 40998
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+19793.key b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+19793.key
new file mode 100644
index 0000000..6b6aca1
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+19793.key
@@ -0,0 +1,3 @@
+;%	generationtime=20080729104405
+;%	lifetime=2d
+sub.example.de. IN DNSKEY  256 3 1 BQEAAAABny2+yO3erGn/4hCJyG031zbeZa91KPPsQRfqgx3eNgyaQjfD 7NTKuAfJjbSTbHnvXF008duYET+UU9+hS01RIw==
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+19793.private b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+19793.private
new file mode 100644
index 0000000..2377635
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+19793.private
@@ -0,0 +1,10 @@
+Private-key-format: v1.2
+Algorithm: 1 (RSA)
+Modulus: ny2+yO3erGn/4hCJyG031zbeZa91KPPsQRfqgx3eNgyaQjfD7NTKuAfJjbSTbHnvXF008duYET+UU9+hS01RIw==
+PublicExponent: AQAAAAE=
+PrivateExponent: njIKbIVXtg54r7CRULxKaNXpW0BUus3VYh/JBkMgd+runwCUtXUccG14jHrZ/H2M6Yx46EIYxebzoi0rStisAQ==
+Prime1: zsU5EgehqDuowoV/yRkMTDa/b3unK6hUy4AnqCpumtE=
+Prime2: xRPHnd4KuW4H4SueCLf3oduoTfOp6pl6cKdJyjooQbM=
+Exponent1: WbbHa11huZfttfhiiocYX0zKzy+2hTHb8vXBJ27mIcE=
+Exponent2: JrXRbJt0aQuZ7PEcBuYpcLp0d4WZFD0htANku1j9xHc=
+Coefficient: y0cK7SB3Usly0yku3wY50DpxX0k+qPu8HztqHeGCXpg=
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+51977.depreciated b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+51977.depreciated
new file mode 100644
index 0000000..934f630
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+51977.depreciated
@@ -0,0 +1,10 @@
+Private-key-format: v1.2
+Algorithm: 1 (RSA)
+Modulus: rPRVqWxFqCoVRrtQ8XYrbeogdBKBvEus359hPgFqYdGHvR1Kkyl8EhioksP/Tze5cGBHTSFCjIh+lGMPEssJCQ==
+PublicExponent: AQAAAAE=
+PrivateExponent: OGFXm5oxuztSyLrcmyhrWs14NTOKh745RZMjIUVyoem0SLRjkJWdqGlPnMsR+lmyVieKx6OhFTOZnbjRaeu2AQ==
+Prime1: 1epbg5Yr1USYkwGu9zV7AXpB74Wfu7I3WDzPabBFQ+k=
+Prime2: zvsD4Q/+PCmzXiRwsSlwZwtwpcSump1fuIve+REOCCE=
+Exponent1: kMpHQJed0XNHcNZ2hcEZ1/yG3Ex4MZbdJ9DsK2Rgosk=
+Exponent2: LEK4vqbV5lWlccULSqR0puA/1lFWmvRbS0yu7qp4OGE=
+Coefficient: gXEyODoVUSbHQP2mar5cwP3BDdi1LwDYVvdvKYEPIrw=
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+51977.key b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+51977.key
new file mode 100644
index 0000000..2c662a9
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+51977.key
@@ -0,0 +1,3 @@
+;%	generationtime=20080726213646
+;%	lifetime=2d
+sub.example.de. IN DNSKEY  256 3 1 BQEAAAABrPRVqWxFqCoVRrtQ8XYrbeogdBKBvEus359hPgFqYdGHvR1K kyl8EhioksP/Tze5cGBHTSFCjIh+lGMPEssJCQ==
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+55699.key b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+55699.key
new file mode 100644
index 0000000..3a0fcec
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+55699.key
@@ -0,0 +1,3 @@
+;%	generationtime=20080731111645
+;%	lifetime=2d
+sub.example.de. IN DNSKEY  256 3 1 BQEAAAABwutYROLC3W5wyq8jZEN7Fjgn2bLMoUAVJoteHeTZgfc11ekm /T+TEsR0L1Eazfc/MP+8X0OzdEl97NGOPtmT9w==
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+55699.published b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+55699.published
new file mode 100644
index 0000000..b45db1f
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+001+55699.published
@@ -0,0 +1,10 @@
+Private-key-format: v1.2
+Algorithm: 1 (RSA)
+Modulus: wutYROLC3W5wyq8jZEN7Fjgn2bLMoUAVJoteHeTZgfc11ekm/T+TEsR0L1Eazfc/MP+8X0OzdEl97NGOPtmT9w==
+PublicExponent: AQAAAAE=
+PrivateExponent: f7ufWzg6L93T6LUD9P4Enjv0YvfQoIAJwO3OLdaMTuvz7ehqy+FWuAzy4fQwBxr768pDWv/EZqpqPuDIifUCUQ==
+Prime1: 50l7b5UFq5ejhH7Y/ZTA03M0JMZiIQDrpJdWL89sn6M=
+Prime2: 178TrVx2Of4cF18K9sbgdrbQCL82IotrErwo5YAsb50=
+Exponent1: Gs/D3DZdG7gy9INcfyIBH8pOHkcITjxJQbEJotYtp48=
+Exponent2: xVkRB61kvgdvwcowk4UnL6FqBPi5p9Jk1AlNteSksMU=
+Coefficient: Z9dHWKQ4b7QgZt5kzJNs4gW4iZPvD2pdm31V0jEbPoA=
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+005+40998.key b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+005+40998.key
new file mode 100644
index 0000000..9c7c36c
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+005+40998.key
@@ -0,0 +1,3 @@
+;%	generationtime=20080726221746
+;%	lifetime=5d
+sub.example.de. IN DNSKEY  257 3 5 BQEAAAABpL4/T8z6mCbTm46Y9+KJOgCAk+dGHBoyg75N1f0lwYSZOLyy yOLWwDxlsfkb5WwvZ1ZG6NFmg/3o5N3Zd7TEkkvHZafRMrzHFicdIMSv jmOWVBR0GsEb+reREu5X0sdZbqOuxT6CkKoTXRpRZgU9ouus6W5bSWQA fdQIegTBBKk=
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+005+40998.private b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+005+40998.private
new file mode 100644
index 0000000..3e39f5a
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./Ksub.example.de.+005+40998.private
@@ -0,0 +1,10 @@
+Private-key-format: v1.2
+Algorithm: 5 (RSASHA1)
+Modulus: pL4/T8z6mCbTm46Y9+KJOgCAk+dGHBoyg75N1f0lwYSZOLyyyOLWwDxlsfkb5WwvZ1ZG6NFmg/3o5N3Zd7TEkkvHZafRMrzHFicdIMSvjmOWVBR0GsEb+reREu5X0sdZbqOuxT6CkKoTXRpRZgU9ouus6W5bSWQAfdQIegTBBKk=
+PublicExponent: AQAAAAE=
+PrivateExponent: CrFKdhkCOgyF27Jc4GPfo7A6v2q0OgRE2nBdkw7XFUEADEHSVLA6XYUm3AZmAOWxTmrGU8EK+76hfC22DjA6O0BljTNdxLB5cGRL2Dxey603jCIEVt/ahIqyb2STr0pWYEVc3qAKJL93iP4v5r7fJt157sJhQF8F5Zpqj24QvmE=
+Prime1: 1EpVvo011F2qgjesKSKplhqtvbmRPjTuhijb7531zIbxDzBF+lXCDyjt3Y/LrWS240t74vbZpo9FUZIETIf/FQ==
+Prime2: xqm8Bk18u2WJZ9uUr+/MMPKfh6OgAFqtBwFi81FFJ62kHGL9i8AcychE9tD5IRu74KLCGW+Vk87lyLOF3WU0RQ==
+Exponent1: JmLNa+QmMjHVDmAM833bF024/+NIyZgfNSDLnGXxTqYZ3PK/llLHIwBChLMKAQgFvt5PP0id1Nkc9N16xjkuFQ==
+Exponent2: rZW7rMmQxQQRHD8TKQTAhCX+31n8jnq7gW9dyVpjY85GDuQe6+3rox6xvsMfUzEOgXk1lgnm46FAIHOH6DhMuQ==
+Coefficient: MPoirwMUkLzLWeynO1Izy+lff70hnDnOcZEckS+Sy1TlUkk22uHBF4uNLkgoF26XqeKzK9pG1rCGfccfWTCayQ==
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./dlvset-sub.example.de. b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./dlvset-sub.example.de.
new file mode 100644
index 0000000..c392b9a
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./dlvset-sub.example.de.
@@ -0,0 +1,2 @@
+sub.example.de.dlv.trusted-keys.net. IN	DLV 40998 5 1 1414E9C46F367D787EEF2EC91E1FC66DD087AEAE
+sub.example.de.dlv.trusted-keys.net. IN	DLV 40998 5 2 6FE53984AB75C31A06778E9944F8CDB4790527D36BBD08CC1E90DA7A E32EEE5F
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./dnskey.db b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./dnskey.db
new file mode 100644
index 0000000..e922c18
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./dnskey.db
@@ -0,0 +1,35 @@
+;
+;	!!! Don't edit this file by hand.
+;	!!! It will be generated by dnssec-signer.
+;
+;	 Last generation time Jul 31 2008 13:16:45
+;
+
+;  ***  List of Key Signing Keys  ***
+; sub.example.de.  tag=40998  algo=RSASHA1  generated Jul 27 2008 00:17:46
+sub.example.de. 3600 IN DNSKEY  257 3 5 (
+			BQEAAAABpL4/T8z6mCbTm46Y9+KJOgCAk+dGHBoyg75N1f0lwYSZOLyy
+			yOLWwDxlsfkb5WwvZ1ZG6NFmg/3o5N3Zd7TEkkvHZafRMrzHFicdIMSv
+			jmOWVBR0GsEb+reREu5X0sdZbqOuxT6CkKoTXRpRZgU9ouus6W5bSWQA
+			fdQIegTBBKk=
+		) ; key id = 40998
+
+; ***  List of Zone Signing Keys  ***
+; sub.example.de.  tag=51977  algo=RSAMD5  generated Jul 29 2008 12:44:04
+sub.example.de. 3600 IN DNSKEY  256 3 1 (
+			BQEAAAABrPRVqWxFqCoVRrtQ8XYrbeogdBKBvEus359hPgFqYdGHvR1K
+			kyl8EhioksP/Tze5cGBHTSFCjIh+lGMPEssJCQ==
+		) ; key id = 51977
+
+; sub.example.de.  tag=19793  algo=RSAMD5  generated Jul 29 2008 12:44:05
+sub.example.de. 3600 IN DNSKEY  256 3 1 (
+			BQEAAAABny2+yO3erGn/4hCJyG031zbeZa91KPPsQRfqgx3eNgyaQjfD
+			7NTKuAfJjbSTbHnvXF008duYET+UU9+hS01RIw==
+		) ; key id = 19793
+
+; sub.example.de.  tag=55699  algo=RSAMD5  generated Jul 31 2008 13:16:45
+sub.example.de. 3600 IN DNSKEY  256 3 1 (
+			BQEAAAABwutYROLC3W5wyq8jZEN7Fjgn2bLMoUAVJoteHeTZgfc11ekm
+			/T+TEsR0L1Eazfc/MP+8X0OzdEl97NGOPtmT9w==
+		) ; key id = 55699
+
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./dnssec.conf b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./dnssec.conf
new file mode 100644
index 0000000..d7d33ca
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./dnssec.conf
@@ -0,0 +1,17 @@
+##
+##   dnssec-zkt v0.4 (c) Jan 2005 hoz <at> hznet <dot> de   ##
+##
+
+resigninterval	36h
+sigvalidity 	2d
+max_ttl 	90s
+
+ksk_lifetime 	5d
+ksk_algo 	RSASHA1
+ksk_bits 	1024
+
+zsk_lifetime 	2d
+zsk_algo 	RSAMD5
+zsk_bits 	512
+
+dlv_domain	"dlv.trusted-keys.net"
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./dsset-sub.example.de. b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./dsset-sub.example.de.
new file mode 100644
index 0000000..b8ec77b
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./dsset-sub.example.de.
@@ -0,0 +1,2 @@
+sub.example.de.		IN DS 40998 5 1 1414E9C46F367D787EEF2EC91E1FC66DD087AEAE
+sub.example.de.		IN DS 40998 5 2 6FE53984AB75C31A06778E9944F8CDB4790527D36BBD08CC1E90DA7A E32EEE5F
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./keyset-sub.example.de. b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./keyset-sub.example.de.
new file mode 100644
index 0000000..04ed33a
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./keyset-sub.example.de.
@@ -0,0 +1,8 @@
+$ORIGIN .
+sub.example.de		7200	IN DNSKEY 257 3 5 (
+					BQEAAAABpL4/T8z6mCbTm46Y9+KJOgCAk+dG
+					HBoyg75N1f0lwYSZOLyyyOLWwDxlsfkb5Wwv
+					Z1ZG6NFmg/3o5N3Zd7TEkkvHZafRMrzHFicd
+					IMSvjmOWVBR0GsEb+reREu5X0sdZbqOuxT6C
+					kKoTXRpRZgU9ouus6W5bSWQAfdQIegTBBKk=
+					) ; key id = 40998
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./zone.db b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./zone.db
new file mode 100644
index 0000000..05489a4
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./zone.db
@@ -0,0 +1,25 @@
+;-----------------------------------------------------------------
+;
+;       @(#)    sub.example.de/zone.db
+;
+;-----------------------------------------------------------------
+
+$TTL 7200
+
+@ 	IN SOA	ns1.example.de. hostmaster.example.de.  (
+				2008073101; Serial (up to 10 digits)
+				86400	; Refresh	(RIPE recommendation if NOTIFY is used)
+				1800	; Retry
+				2W	; Expire
+				7200 )	; Minimum
+
+
+		IN  NS		ns1.example.de.
+
+$INCLUDE dnskey.db
+
+localhost	IN  A		127.0.0.1
+
+a		IN  A		1.2.3.4
+b		IN  A		1.2.3.5
+c		IN  A		1.2.3.6
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./zone.db.signed b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./zone.db.signed
new file mode 100644
index 0000000..d607de5
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de./example.de./sub.example.de./zone.db.signed
@@ -0,0 +1,108 @@
+; File written on Thu Jul 31 13:16:45 2008
+; dnssec_signzone version 9.5.1b1
+sub.example.de.		7200	IN SOA	ns1.example.de. hostmaster.example.de. (
+					2008073101 ; serial
+					86400      ; refresh (1 day)
+					1800       ; retry (30 minutes)
+					1209600    ; expire (2 weeks)
+					7200       ; minimum (2 hours)
+					)
+			7200	RRSIG	SOA 1 3 7200 20080802100259 (
+					20080731101645 19793 sub.example.de.
+					d/lRqmf+AWENEHoKbG+ABspEFH0UEHsyue0o
+					DPPUzkAw/gZcHcwoCuf4AsbUYHz1HKyHjeUz
+					g2+AsH8mPZKGvg== )
+			7200	NS	ns1.example.de.
+			7200	RRSIG	NS 1 3 7200 20080802095409 (
+					20080731101645 19793 sub.example.de.
+					VoXeajFhxMQjwVXspcxBN/lfM1R6hc1fIVdV
+					HjWlw0RSeCL7fBOY54HOIWcu6jHegMrjuB9y
+					KTOgEwv3r8kOiw== )
+			7200	NSEC	a.sub.example.de. NS SOA RRSIG NSEC DNSKEY
+			7200	RRSIG	NSEC 1 3 7200 20080802095639 (
+					20080731101645 19793 sub.example.de.
+					cmhtmISCv2bbpBkgwyMuKNnlrNsJ3GViYUxT
+					lhQ8ASHjNH74mIuenBIGy+w3RxyDzoMk1w6Y
+					J0qpEvDF3FNvRQ== )
+			3600	DNSKEY	256 3 1 (
+					BQEAAAABny2+yO3erGn/4hCJyG031zbeZa91
+					KPPsQRfqgx3eNgyaQjfD7NTKuAfJjbSTbHnv
+					XF008duYET+UU9+hS01RIw==
+					) ; key id = 19793
+			3600	DNSKEY	256 3 1 (
+					BQEAAAABrPRVqWxFqCoVRrtQ8XYrbeogdBKB
+					vEus359hPgFqYdGHvR1Kkyl8EhioksP/Tze5
+					cGBHTSFCjIh+lGMPEssJCQ==
+					) ; key id = 51977
+			3600	DNSKEY	256 3 1 (
+					BQEAAAABwutYROLC3W5wyq8jZEN7Fjgn2bLM
+					oUAVJoteHeTZgfc11ekm/T+TEsR0L1Eazfc/
+					MP+8X0OzdEl97NGOPtmT9w==
+					) ; key id = 55699
+			3600	DNSKEY	257 3 5 (
+					BQEAAAABpL4/T8z6mCbTm46Y9+KJOgCAk+dG
+					HBoyg75N1f0lwYSZOLyyyOLWwDxlsfkb5Wwv
+					Z1ZG6NFmg/3o5N3Zd7TEkkvHZafRMrzHFicd
+					IMSvjmOWVBR0GsEb+reREu5X0sdZbqOuxT6C
+					kKoTXRpRZgU9ouus6W5bSWQAfdQIegTBBKk=
+					) ; key id = 40998
+			3600	RRSIG	DNSKEY 1 3 3600 20080802100935 (
+					20080731101645 19793 sub.example.de.
+					WU1UIuqpuCLRe/46p4u2eqEvKrfsBvKpzKmx
+					TLG2AX+AOxWhRH5CqZ1zDiKUd+Xu6ekGxB/g
+					ZOu0rsPqvux2PA== )
+			3600	RRSIG	DNSKEY 5 3 3600 20080802100334 (
+					20080731101645 40998 sub.example.de.
+					WW23Oq06HTSt5R/4Ds/nOl1n0Egsbf4bztB8
+					MZQAv6khorlDzmy3B4WPG1f79yuc26Zb6/Z9
+					QxNH0s68kp3X/eBR7FTEfHehsKaoRtaxldhz
+					V0VjOKI2iu4mhA6n/P0bAEhfxFxxde5tymP/
+					Od6//GN4UmNi9LCwWtLbGnF4Gpc= )
+a.sub.example.de.	7200	IN A	1.2.3.4
+			7200	RRSIG	A 1 4 7200 20080802095159 (
+					20080731101645 19793 sub.example.de.
+					LxVthdAkEiBec6khr63+rufhSwtByBNvff8e
+					HEG/m+yusTBVqVoUp987aabxqaeW5v6f4GaB
+					4iK4mspVH4Md7A== )
+			7200	NSEC	b.sub.example.de. A RRSIG NSEC
+			7200	RRSIG	NSEC 1 4 7200 20080802100843 (
+					20080731101645 19793 sub.example.de.
+					HEqR2LChtQD2AeGCBhCsCemP3kjwAGi3RIXu
+					UpklHVo44Yu+JINnO/jxZ61CtlvBaZ25dpjt
+					4ldl+d6z3bs4pQ== )
+b.sub.example.de.	7200	IN A	1.2.3.5
+			7200	RRSIG	A 1 4 7200 20080802095415 (
+					20080731101645 19793 sub.example.de.
+					eLTaD1maS++Py3rybVftMtz0V8QnJenAH6tQ
+					PIcoZElIaLt8DGfwJYPmIPJlhwNlyqJH7d2A
+					SDEWBEFsFCnMkg== )
+			7200	NSEC	c.sub.example.de. A RRSIG NSEC
+			7200	RRSIG	NSEC 1 4 7200 20080802094836 (
+					20080731101645 19793 sub.example.de.
+					nHvo1ValqHljlwCiPI51hdl0lnd5WiDIHbo7
+					MMxxZrYLNAP9ECK5DCzht9UrEGgIpI/MAvsU
+					7S7eIlt0jBSehg== )
+c.sub.example.de.	7200	IN A	1.2.3.6
+			7200	RRSIG	A 1 4 7200 20080802095037 (
+					20080731101645 19793 sub.example.de.
+					eVluthAz6YLAJWSaroRGuf5IsjhHoLz60Ot9
+					1KTnw9zAFU16H6vuQ/TIH7ZzHOT0CgdwawF5
+					V0L4MAkK76H00w== )
+			7200	NSEC	localhost.sub.example.de. A RRSIG NSEC
+			7200	RRSIG	NSEC 1 4 7200 20080802100135 (
+					20080731101645 19793 sub.example.de.
+					KRTIiVJPkQayfB8k6sIWyZPm6fqQAZbs8BQ4
+					jz/EGrHj3oFPRULUpLMKUdLFAp0kU0qRqCwl
+					Ull//CFV9J272A== )
+localhost.sub.example.de. 7200	IN A	127.0.0.1
+			7200	RRSIG	A 1 4 7200 20080802095833 (
+					20080731101645 19793 sub.example.de.
+					fXGLRIRCvK/Q9D+dQTia3HUe1xlVBwBL1vcY
+					wRWdvNQgXQnOkpGtcb9fjKXkPz34SirmyESh
+					8kYWUvV1kghBzA== )
+			7200	NSEC	sub.example.de. A RRSIG NSEC
+			7200	RRSIG	NSEC 1 4 7200 20080802101452 (
+					20080731101645 19793 sub.example.de.
+					EqI9jcbxtroVBCVrCLWezzcxNvwm2xl/1nCt
+					6Nogs3WvBPpMExUX2tWvpJMV14vpFSW2qWQK
+					UoFq9NHsH2WSDw== )
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./zone.db b/contrib/zkt/examples/hierarchical/de./example.de./zone.db
new file mode 100644
index 0000000..c485181
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de./example.de./zone.db
@@ -0,0 +1,37 @@
+;-----------------------------------------------------------------
+;
+;       @(#)    example.de/zone.db
+;
+;-----------------------------------------------------------------
+
+$TTL	7200
+
+;	Be sure that the serial number below is left
+;	justified in a field of at least 10 chars!!
+;				0123456789;
+;	It's also possible to use the date form e.g. 2005040101
+@	IN SOA	ns1.example.de. hostmaster.example.de.  (
+				258       ; Serial	
+				43200	; Refresh
+				1800	; Retry
+				2W	; Expire
+				7200 )	; Minimum
+
+		IN  NS		ns1.example.de.
+		IN  NS		ns2.example.de.
+
+ns1		IN  A		1.0.0.5
+		IN  AAAA	2001:db8::53
+ns2		IN  A		1.2.0.6
+
+localhost	IN  A		127.0.0.1
+
+; Delegation to secure zone; The DS resource record will
+; be added by dnssec-signzone automatically if the
+; keyset-sub.example.de file is present (run dnssec-signzone
+; with option -g or use the dnssec-signer tool) ;-)
+sub		IN NS      ns1.example.de.
+
+; this file will have all the zone keys
+$INCLUDE dnskey.db
+
diff --git a/contrib/zkt/examples/hierarchical/de./example.de./zone.db.signed b/contrib/zkt/examples/hierarchical/de./example.de./zone.db.signed
new file mode 100644
index 0000000..4b9b3dc
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de./example.de./zone.db.signed
@@ -0,0 +1,147 @@
+; File written on Tue Jul 29 12:44:06 2008
+; dnssec_signzone version 9.5.1b1
+example.de.		7200	IN SOA	ns1.example.de. hostmaster.example.de. (
+					258        ; serial
+					43200      ; refresh (12 hours)
+					1800       ; retry (30 minutes)
+					1209600    ; expire (2 weeks)
+					7200       ; minimum (2 hours)
+					)
+			7200	RRSIG	SOA 5 2 7200 20080808092956 (
+					20080729094406 35672 example.de.
+					UufM9vATUwvqXJjvgt9WGAytmMhd7Pz/3DK0
+					6a9uReXHcU4NcO0BhTP9chwXAQC5pI2ucRxs
+					/4p/Vc/L91wUMA== )
+			7200	NS	ns1.example.de.
+			7200	NS	ns2.example.de.
+			7200	RRSIG	NS 5 2 7200 20080808091515 (
+					20080729094406 35672 example.de.
+					hpHATL81t7GASSKPPBuheQqBqXU688itETkN
+					QYfy/OwcE/7g+LvS1oHEBRds6neRkXxUpDa1
+					hsdbbCDo6UuHSg== )
+			7200	NSEC	localhost.example.de. NS SOA RRSIG NSEC DNSKEY
+			7200	RRSIG	NSEC 5 2 7200 20080808092007 (
+					20080729094406 35672 example.de.
+					aN9cYobVe+qJ5Gw0GPMQI3V7vPQaF7cBuX6T
+					+yWZ/TAHhKcJYqbwOQH2XQar2s+JwckEMSdI
+					HFPySUOtQaNNxA== )
+			3600	DNSKEY	256 3 5 (
+					BQEAAAABnRJdmY7dzRKi93pVkLToV5FK4Ffm
+					8YnY0c6IHKcAmb5t8FLvpNijniIclCPXTpfi
+					o+HNa59a4UA8jTdJb+kT0w==
+					) ; key id = 35672
+			3600	DNSKEY	256 3 5 (
+					BQEAAAAByN2rMrazHwh+sNOv8cBef3HUotAQ
+					TS9QW4Y5NjNuyYNraJBAOqV8KSaGQqIhkh0Z
+					D0oIm2h0JowdyERZVj6ZZQ==
+					) ; key id = 11867
+			3600	DNSKEY	257 3 5 (
+					BQEAAAABDfaBERX9p+FUi1OXYVig7zLCQFZo
+					RYpwDDuLzBcC7k+G1+wWdftyA1vBm5HMpyq0
+					OifT0Hsez4+H+0CIWHZP8oPCYfKrq+wM2EgM
+					zDDOYv+O1TQU4i3G+iONxB1RAwH/J2lA+U0z
+					Cbrdf0KLq/enNquchhPw4gCX0RB9HC+TkpoP
+					f2u7aKFcjlpw4C4uhDl1s6FpfdXe6NQWW6c+
+					ONUcLAEt+w==
+					) ; key id = 59244
+			3600	DNSKEY	257 3 5 (
+					BQEAAAABDrm5aXRPuZOmwT4nINnY2qXyXWLt
+					utggFAJgBW5Ua7uzAR+7r/DcOE7IfjnT5FQh
+					bYXIuKy61uOEqPu1TYvDsGb1pseKSB4J0jmX
+					DU9Ntu9TDp6X6ZXE11+cFdATa4TPnsAUMSxV
+					kLZanrbyACmcNr1gjT3dz6qIVBVPb5OnUldn
+					dbgtlOX3wcE0aR/MIsIjz1UQl/QoxbVclZVO
+					UNdJQGb9zQ==
+					) ; key id = 41145
+			3600	DNSKEY	385 3 5 (
+					BQEAAAABCyg92L7v21N3lc/gR07/2iLmvt6d
+					Un1KKauLvmkRuT040XT+Rd3Iq20iq6BqVPsP
+					S+hCOTRA3xikTIn5YzmPLPutIRtjIodHhsrM
+					L4D9Pp1dzgEDKWLam96v+E7KC0GGH/BI6/We
+					lqeqjS5BjI4Gjv4roaTyDCi63oXwcMFDVwrS
+					jws4A/5AGANka41Aky+UCGse6+64YmNP/QkS
+					XDAeBZqwrw==
+					) ; key id = 17567
+			3600	RRSIG	DNSKEY 5 2 3600 20080808092214 (
+					20080729094406 41145 example.de.
+					BMVp5vW7MgvrhoGfqQhdwGg1mBHNw4xnI+YX
+					XMYqOAMMRmFg7G6Vn+UcFmUoL1AdUKIdXPp7
+					t30UREHQspELWmnLVdJ36HRmzk1eNgwLFuUM
+					l+Lr+KeoufJ2QlF4TWeItozv0pgmkxaOr0Im
+					fzRmWKs84rwautwY+R/b5wrCMfZt96/JPGA0
+					4JWDls1wJ7iR0LtiJxe7mvtNRZ5krPFKXBRz
+					nA== )
+			3600	RRSIG	DNSKEY 5 2 3600 20080808092411 (
+					20080729094406 17567 example.de.
+					BmHQcJsmGmt7HZHqWPAHQuelDrWXASUy7tgc
+					W4RVIed4voZiHyvxfTPR3cldIWpdP2RqxMm8
+					Dj5hlYRqnVt3phSSnwpczcPkfQD4meTqK0DJ
+					kpX/mBCMHedfvATKf82A9wri13/Zi97N6sTK
+					4VZZIWaUH/YDYyMwxgK70+jU0m2N8Iebm3s6
+					RshTMxAZjiSH29mgow/HSHtf+cnaTUGAr83P
+					ug== )
+			3600	RRSIG	DNSKEY 5 2 3600 20080808093317 (
+					20080729094406 35672 example.de.
+					Q5UnfDMbzApCl/wOy9IDna25UVvjKhuV/dos
+					hFKPUArM4wDx9kJU5tc1Eatwh4MAXPM81kNW
+					6DbiKMXJpO7biQ== )
+localhost.example.de.	7200	IN A	127.0.0.1
+			7200	RRSIG	A 5 3 7200 20080808092724 (
+					20080729094406 35672 example.de.
+					JW8ScAtavvTR0fHI/ZDZTgARHSXM/QcLT+w6
+					dl6kaeR/9JqxTKpKnH6mtYYdfqom4siJnZCI
+					D66sltGHW/er+Q== )
+			7200	NSEC	ns1.example.de. A RRSIG NSEC
+			7200	RRSIG	NSEC 5 3 7200 20080808094047 (
+					20080729094406 35672 example.de.
+					XsTqHahVRcPPyrdffkdyBj0BFlTx2vkmfrvY
+					IIQcaNiUxrgZfyDBQ1GZbL4tDGK/ujValdz9
+					s2s+6ISxxobC3A== )
+ns1.example.de.		7200	IN A	1.0.0.5
+			7200	RRSIG	A 5 3 7200 20080808091743 (
+					20080729094406 35672 example.de.
+					ljYOmOC9r3RlsohXrHt40sIQuF98JSkRSFHb
+					xKlcToqEVSgxAKkMlwPKBQPaHtRdQhIVkxly
+					OpCYxAQSguB/MA== )
+			7200	AAAA	2001:db8::53
+			7200	RRSIG	AAAA 5 3 7200 20080808094144 (
+					20080729094406 35672 example.de.
+					nNchBWvoPtgRNxaz9bmFwvv/KtgloYq1SGti
+					59yQFFm6ixY0p0l0d+U5nnwgI1iS5h0JGYqI
+					0mOu0mNbxtt9gQ== )
+			7200	NSEC	ns2.example.de. A AAAA RRSIG NSEC
+			7200	RRSIG	NSEC 5 3 7200 20080808092537 (
+					20080729094406 35672 example.de.
+					MgnxPyKHMqQXnmfjh5ffr0FRvgRyl7D56phx
+					xKzTquSXDECP5ORpDxvybixbvHvM8R59LjYH
+					1OZ3fi+/kWVAJg== )
+ns2.example.de.		7200	IN A	1.2.0.6
+			7200	RRSIG	A 5 3 7200 20080808091624 (
+					20080729094406 35672 example.de.
+					MkrwvOLYJQvoNFNeqtLOOmDnVFY0n7qdTOUL
+					Ia2stlfOn7r/7f4lKQTE5UMM+SBN2iizV4qc
+					SFFUxREAI5UGkQ== )
+			7200	NSEC	sub.example.de. A RRSIG NSEC
+			7200	RRSIG	NSEC 5 3 7200 20080808094337 (
+					20080729094406 35672 example.de.
+					QE8DYRraVloZVQi2RTpYwxEY1P0u3ovHgC58
+					AR1NiLtbQ0YCsPJZeIhVSXbdd8qLZzb5gsJ2
+					9AU6m1TfAa5WSw== )
+sub.example.de.		7200	IN NS	ns1.example.de.
+			7200	DS	40998 5 1 (
+					1414E9C46F367D787EEF2EC91E1FC66DD087
+					AEAE )
+			7200	DS	40998 5 2 (
+					6FE53984AB75C31A06778E9944F8CDB47905
+					27D36BBD08CC1E90DA7AE32EEE5F )
+			7200	RRSIG	DS 5 3 7200 20080808092142 (
+					20080729094406 35672 example.de.
+					cdyXeVNOD5TBuab8JFkwcf4GiS2n9F4tgct/
+					ZedULbikEqO0CyJddPW3wSsNAZeP2tgXJNI8
+					H6SutDh0IiR5MA== )
+			7200	NSEC	example.de. NS DS RRSIG NSEC
+			7200	RRSIG	NSEC 5 3 7200 20080808091754 (
+					20080729094406 35672 example.de.
+					jkvn4NznbaH8S5PeWkPf/cHaq19kNav8Y78E
+					3GVQHD3ApcDAMs8gImjRrJMT1lqSB7yCu/5f
+					k3CPfTs/+p/8Og== )
diff --git a/contrib/zkt/examples/hierarchical/de./keyset-example.de. b/contrib/zkt/examples/hierarchical/de./keyset-example.de.
new file mode 100644
index 0000000..2b40c68
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/de./keyset-example.de.
@@ -0,0 +1,28 @@
+$ORIGIN .
+example.de		7200	IN DNSKEY 257 3 5 (
+					BQEAAAABDfaBERX9p+FUi1OXYVig7zLCQFZo
+					RYpwDDuLzBcC7k+G1+wWdftyA1vBm5HMpyq0
+					OifT0Hsez4+H+0CIWHZP8oPCYfKrq+wM2EgM
+					zDDOYv+O1TQU4i3G+iONxB1RAwH/J2lA+U0z
+					Cbrdf0KLq/enNquchhPw4gCX0RB9HC+TkpoP
+					f2u7aKFcjlpw4C4uhDl1s6FpfdXe6NQWW6c+
+					ONUcLAEt+w==
+					) ; key id = 59244
+			7200	IN DNSKEY 257 3 5 (
+					BQEAAAABDrm5aXRPuZOmwT4nINnY2qXyXWLt
+					utggFAJgBW5Ua7uzAR+7r/DcOE7IfjnT5FQh
+					bYXIuKy61uOEqPu1TYvDsGb1pseKSB4J0jmX
+					DU9Ntu9TDp6X6ZXE11+cFdATa4TPnsAUMSxV
+					kLZanrbyACmcNr1gjT3dz6qIVBVPb5OnUldn
+					dbgtlOX3wcE0aR/MIsIjz1UQl/QoxbVclZVO
+					UNdJQGb9zQ==
+					) ; key id = 41145
+			7200	IN DNSKEY 385 3 5 (
+					BQEAAAABCyg92L7v21N3lc/gR07/2iLmvt6d
+					Un1KKauLvmkRuT040XT+Rd3Iq20iq6BqVPsP
+					S+hCOTRA3xikTIn5YzmPLPutIRtjIodHhsrM
+					L4D9Pp1dzgEDKWLam96v+E7KC0GGH/BI6/We
+					lqeqjS5BjI4Gjv4roaTyDCi63oXwcMFDVwrS
+					jws4A/5AGANka41Aky+UCGse6+64YmNP/QkS
+					XDAeBZqwrw==
+					) ; key id = 17567
diff --git a/contrib/zkt/examples/hierarchical/dnssec.conf b/contrib/zkt/examples/hierarchical/dnssec.conf
new file mode 100644
index 0000000..12da654
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/dnssec.conf
@@ -0,0 +1,40 @@
+#   
+#   	@(#) dnssec.conf vT0.96 (c) Feb 2005 - May 2008 Holger Zuleger hznet.de
+#   
+
+#   dnssec-zkt options
+Zonedir:	"."
+Recursive:	True
+PrintTime:	False
+PrintAge:	True
+LeftJustify:	False
+
+#   zone specific values
+ResignInterval:	1w	# (604800 seconds)
+Sigvalidity:	10d	# (864000 seconds)
+Max_TTL:	6h	# (21600 seconds)
+Propagation:	5m	# (300 seconds)
+KEY_TTL:	1h	# (3600 seconds)
+Serialformat:	incremental
+
+#   signing key parameters
+KSK_lifetime:	20d	# (1728000 seconds)
+KSK_algo:	RSASHA1	# (Algorithm ID 5)
+KSK_bits:	1300
+KSK_randfile:	"/dev/urandom"
+ZSK_lifetime:	4w	# (2419200 seconds)
+ZSK_algo:	RSASHA1	# (Algorithm ID 5)
+ZSK_bits:	512
+ZSK_randfile:	"/dev/urandom"
+
+#   dnssec-signer options
+LogFile:	"log"
+LogLevel:	"info"
+SyslogFacility:	"user"
+SyslogLevel:	"notice"
+Keyfile:	"dnskey.db"
+Zonefile:	"zone.db"
+KeySetDir:	".."
+DLV_Domain:	""
+Sig_Pseudorand:	True
+Sig_Parameter:	"-j 1800"
diff --git a/contrib/zkt/examples/hierarchical/named.conf b/contrib/zkt/examples/hierarchical/named.conf
new file mode 100644
index 0000000..8bd3f9d
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/named.conf
@@ -0,0 +1,102 @@
+/*****************************************************************
+**
+**      #(@)    named.conf	(c) 6. May 2004 (hoz)
+**
+*****************************************************************/
+
+/*****************************************************************
+**      logging options
+*****************************************************************/
+logging {
+        channel "named-log" {
+                file "/var/log/named" versions 3 size 2m;
+                print-time yes;
+                print-category yes;
+                print-severity yes;
+                severity info;
+        };
+        channel "resolver-log" {
+                file "/var/log/named";
+                print-time yes;
+                print-category yes;
+                print-severity yes;
+                severity debug 1;
+        };
+        channel "dnssec-log" {
+#                file "/var/log/named-dnssec" ;
+                file "/var/log/named" ;
+                print-time yes;
+                print-category yes;
+                print-severity yes;
+                severity debug 3;
+        };
+        category "dnssec" { "dnssec-log"; };
+        category "default" { "named-log"; };
+        category "resolver" { "resolver-log"; };
+        category "client" { "resolver-log"; };
+        category "queries" { "resolver-log"; };
+};
+
+/*****************************************************************
+**      name server options
+*****************************************************************/
+options {
+	directory ".";
+
+	dump-file "/var/log/named_dump.db";
+	statistics-file "/var/log/named.stats";
+
+	listen-on-v6 { any; };
+
+	query-source address * port 53;
+	transfer-source * port 53;
+	notify-source * port 53;
+
+	recursion yes;
+	dnssec-enable yes;
+	edns-udp-size 4096;
+
+#	dnssec-lookaside "." trust-anchor "trusted-keys.de.";
+
+	querylog yes;
+
+};
+
+/*****************************************************************
+**      include shared secrets...
+*****************************************************************/
+/**      for control sessions ...	**/
+#	include "rndc.key";
+controls {
+ 	inet 127.0.0.1 
+ 		allow { localhost; }
+		keys { "rndc-key"; };
+ 	inet ::1 
+ 		allow { localhost; }
+		keys { "rndc-key"; };
+};
+
+/*****************************************************************
+**      ... and trusted_keys
+*****************************************************************/
+# include "trusted-keys.conf" ;
+
+/*****************************************************************
+**      root server hints and required 127 stuff
+*****************************************************************/
+zone "." in {
+	type hint;
+	file "root.hint";
+};
+
+zone "localhost" in {
+	type master;
+	file "localhost.zone";
+};
+
+zone "0.0.127.in-addr.arpa" in {
+	type master;
+	file "127.0.0.zone";
+};
+
+include "zone.conf";
diff --git a/contrib/zkt/examples/hierarchical/zone.conf b/contrib/zkt/examples/hierarchical/zone.conf
new file mode 100644
index 0000000..6944d5a
--- /dev/null
+++ b/contrib/zkt/examples/hierarchical/zone.conf
@@ -0,0 +1,10 @@
+
+zone "example.de." in {
+	type master;
+	file "de./example.de./zone.db.signed";
+};
+
+zone "sub.example.de." in {
+	type master;
+	file "de./example.de./sub.example.de./zone.db.signed";
+};
diff --git a/contrib/zkt/examples/views/dnssec-extern.conf b/contrib/zkt/examples/views/dnssec-extern.conf
new file mode 100644
index 0000000..728dcc9
--- /dev/null
+++ b/contrib/zkt/examples/views/dnssec-extern.conf
@@ -0,0 +1,39 @@
+#   
+#   	@(#) dnssec.conf vT0.96 (c) Feb 2005 - May 2008 Holger Zuleger hznet.de
+#   
+
+#   dnssec-zkt options
+Zonedir:	"extern"
+Recursive:	True
+PrintTime:	False
+PrintAge:	True
+LeftJustify:	False
+
+#   zone specific values
+ResignInterval:	1w	# (604800 seconds)
+Sigvalidity:	10d	# (864000 seconds)
+Max_TTL:	8h	# (28800 seconds)
+Propagation:	5m	# (300 seconds)
+KEY_TTL:	1h	# (3600 seconds)
+Serialformat:	unixtime
+
+#   signing key parameters
+KSK_lifetime:	1y	# (31536000 seconds)
+KSK_algo:	RSASHA1	# (Algorithm ID 5)
+KSK_bits:	1300
+KSK_randfile:	"/dev/urandom"
+ZSK_lifetime:	30d	# (2592000 seconds)
+ZSK_algo:	RSASHA1	# (Algorithm ID 5)
+ZSK_bits:	512
+ZSK_randfile:	"/dev/urandom"
+
+#   dnssec-signer options
+LogFile:	"zkt-ext.log"
+LogLevel:	"debug"
+SyslogFacility:	"none"
+SyslogLevel:	"notice"
+VerboseLog:	2
+Keyfile:	"dnskey.db"
+Zonefile:	"zone.db"
+DLV_Domain:	""
+Sig_Pseudorand:	True
diff --git a/contrib/zkt/examples/views/dnssec-intern.conf b/contrib/zkt/examples/views/dnssec-intern.conf
new file mode 100644
index 0000000..d49fc94
--- /dev/null
+++ b/contrib/zkt/examples/views/dnssec-intern.conf
@@ -0,0 +1,39 @@
+#   
+#   	@(#) dnssec.conf vT0.96 (c) Feb 2005 - May 2008 Holger Zuleger hznet.de
+#   
+
+#   dnssec-zkt options
+Zonedir:	"intern"
+Recursive:	True
+PrintTime:	False
+PrintAge:	True
+LeftJustify:	False
+
+#   zone specific values
+ResignInterval:	5h	# (18000 seconds)
+Sigvalidity:	1d	# (86400 seconds)
+Max_TTL:	30m	# (1800 seconds)
+Propagation:	1m	# (60 seconds)
+KEY_TTL:	30m	# (1800 seconds)
+Serialformat:	unixtime
+
+#   signing key parameters
+KSK_lifetime:	1y	# (31536000 seconds)
+KSK_algo:	RSASHA1	# (Algorithm ID 5)
+KSK_bits:	1300
+KSK_randfile:	"/dev/urandom"
+ZSK_lifetime:	30d	# (2592000 seconds)
+ZSK_algo:	RSASHA1	# (Algorithm ID 5)
+ZSK_bits:	512
+ZSK_randfile:	"/dev/urandom"
+
+#   dnssec-signer options
+LogFile:	"zkt-int.log"
+LogLevel:	"debug"
+SyslogFacility:	"none"
+SyslogLevel:	"notice"
+VerboseLog:	2
+Keyfile:	"dnskey.db"
+Zonefile:	"zone.db"
+DLV_Domain:	""
+Sig_Pseudorand:	True
diff --git a/contrib/zkt/examples/views/dnssec-signer-extern b/contrib/zkt/examples/views/dnssec-signer-extern
new file mode 100755
index 0000000..910e82a
--- /dev/null
+++ b/contrib/zkt/examples/views/dnssec-signer-extern
@@ -0,0 +1,7 @@
+#!/bin/sh
+#
+#	Shell script to start the dnssec-signer
+#	command out of the view directory
+#
+
+ZKT_CONFFILE=`pwd`/dnssec.conf ../../dnssec-signer -V extern "$@"
diff --git a/contrib/zkt/examples/views/dnssec-signer-intern b/contrib/zkt/examples/views/dnssec-signer-intern
new file mode 100755
index 0000000..915ed15
--- /dev/null
+++ b/contrib/zkt/examples/views/dnssec-signer-intern
@@ -0,0 +1,7 @@
+#!/bin/sh
+#
+#	Shell script to start the dnssec-signer
+#	command out of the view directory
+#
+
+ZKT_CONFFILE=`pwd`/dnssec.conf ../../dnssec-signer -V intern "$@"
diff --git a/contrib/zkt/examples/views/dnssec-zkt-extern b/contrib/zkt/examples/views/dnssec-zkt-extern
new file mode 100755
index 0000000..129b4e1
--- /dev/null
+++ b/contrib/zkt/examples/views/dnssec-zkt-extern
@@ -0,0 +1,7 @@
+#!/bin/sh
+#
+#	Shell script to start the dnssec-zkt command
+#	out of the view directory
+#
+
+ZKT_CONFFILE=`pwd`/dnssec.conf ../../dnssec-zkt --view extern "$@"
diff --git a/contrib/zkt/examples/views/dnssec-zkt-intern b/contrib/zkt/examples/views/dnssec-zkt-intern
new file mode 100755
index 0000000..1836840
--- /dev/null
+++ b/contrib/zkt/examples/views/dnssec-zkt-intern
@@ -0,0 +1,7 @@
+#!/bin/sh
+#
+#	Shell script to start the dnssec-zkt command
+#	out of the view directory
+#
+
+ZKT_CONFFILE=`pwd`/dnssec.conf ../../dnssec-zkt --view intern "$@"
diff --git a/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+10367.key b/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+10367.key
new file mode 100644
index 0000000..54ba934
--- /dev/null
+++ b/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+10367.key
@@ -0,0 +1,3 @@
+;%	generationtime=20080609231143
+;%	lifetime=30d
+example.net. IN DNSKEY  256 3 5 BQEAAAAB3U9DMT6BkywYADO+5p0lG4VFLLzNvJUMaOc++HqN2N1sKSX4 ZTf2V5gtamPZ/1kMrg8gYImKCl6n3K37EjXYBw==
diff --git a/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+10367.published b/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+10367.published
new file mode 100644
index 0000000..7240075
--- /dev/null
+++ b/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+10367.published
@@ -0,0 +1,10 @@
+Private-key-format: v1.2
+Algorithm: 5 (RSASHA1)
+Modulus: 3U9DMT6BkywYADO+5p0lG4VFLLzNvJUMaOc++HqN2N1sKSX4ZTf2V5gtamPZ/1kMrg8gYImKCl6n3K37EjXYBw==
+PublicExponent: AQAAAAE=
+PrivateExponent: Q3TKb2j5AMk4wn9q5vvgtEy7o1VAhCvv/Nw3QRpXi7xGeHb7WJHj2ia2I44vQQk9fB+Kck1M8KNRMgYt0d0xCQ==
+Prime1: 7l4yn7VYrTSOaZu+lubsFvE+JB7asyYyymAEQeod2p0=
+Prime2: 7a4LEAmrtZTI/PHjdk/Ij/hbpDmtOe1H0lnWTVG+GfM=
+Exponent1: DTpyBBW39+d9b8LqCo7hJf5KQ3oVw9tdnUuHNstGZd0=
+Exponent2: b+aBbhRPr/a9ZCNM2JTjZJrrSebtMQCy1GcE33o64HM=
+Coefficient: UdvxnKd2GL6In82yHG40rU35WTZ2SUYQ+1mfz3DQqnE=
diff --git a/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+23553.key b/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+23553.key
new file mode 100644
index 0000000..ec11dcb
--- /dev/null
+++ b/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+23553.key
@@ -0,0 +1 @@
+example.net. IN DNSKEY 257 3 5 BQEAAAABDEEycfY6uqWNTpQO8ygi9xms6NOFYGhCjijN109fVGJ4KDnI ZtLhoFrOKru9rZn+pyqurlyZG4vESg0BMty6xljVDlr/TegDYFTN19mQ uwvlasJhZPv9pjROPqQGnqLaw3O4OKCY9HgTTPdXK1hQ4Mg2rNU4SM2T u5ki91f5AQqiXF8KYMics0mwVvpj5C2YTDvE9SafLrce68JM6DaiC6E1 sQ==
diff --git a/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+23553.private b/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+23553.private
new file mode 100644
index 0000000..ea29447
--- /dev/null
+++ b/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+23553.private
@@ -0,0 +1,10 @@
+Private-key-format: v1.2
+Algorithm: 5 (RSASHA1)
+Modulus: DEEycfY6uqWNTpQO8ygi9xms6NOFYGhCjijN109fVGJ4KDnIZtLhoFrOKru9rZn+pyqurlyZG4vESg0BMty6xljVDlr/TegDYFTN19mQuwvlasJhZPv9pjROPqQGnqLaw3O4OKCY9HgTTPdXK1hQ4Mg2rNU4SM2Tu5ki91f5AQqiXF8KYMics0mwVvpj5C2YTDvE9SafLrce68JM6DaiC6E1sQ==
+PublicExponent: AQAAAAE=
+PrivateExponent: A3ZXTF8afjlxddgO/sDxotc0XLBMa3sNrXhCpdFzeDV1HszZbz1lP8rrZjA1wQgSo56DjiGRKTsHjAAm4xN1lGYKBZuVF4U3uiWie2PhJStt7kckNduKOfV9Nofow5Jh8I2lXKqcOJ8Qd+EJYIsajdBoGQ72PGGfDaHphbN/mW13n59PlilMF4RRRybcMA6jTAOfvIcv5Mes3+ADh0TktHdHQQ==
+Prime1: A+SKyrgtNzGVpAXPQysMQ9O/10B/+nhy6//1F5Epxihyuln+d2euh+TjVneojx4D2JUflDUSD5BQAdflDb+KiBXdQjBEmqfWwY+INwSQzv4M5Q==
+Prime2: AyXovkiIs7ywIRS6FfRolMMUeh3yeYNtCVAvLB6EC2MiNCzfkDOFB7rpmUkZR8HYUWuz1hQfR781RDO81Sp3RIpSyL7SwOqkpMZyaSgK/GKE3Q==
+Exponent1: D1vC405mkcUVfno92EuBXomRiOG7VeSyjwofgCpa0JKR6J2BThdCGrcVbq68ucIddn+cbkD8JsZB3k4aeDYFxm6d1En1Z2C1cVHrzCFi2zFV
+Exponent2: N+iliM1Qp3spcsR06kXImb/N4FosHrZkXtcbRIMWhV8NBcyqLDIfGlNluaiztv4rf6Kn2UyVeiGC822nqZHcW5PiXJnBEWs9AC4Di1QzZh0h
+Coefficient: AtZ4sYqGgyB5kfdcQBBlIkPbsRRNKrUVAsZkjabdZTQa+ox6tYnlVjh7BgPMHJlj/Z4VTRJ5rfAUPnB4ZwO/r1eAJLd+vxjJb9M7DaGMc+RqQA==
diff --git a/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+35744.key b/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+35744.key
new file mode 100644
index 0000000..1809a93
--- /dev/null
+++ b/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+35744.key
@@ -0,0 +1,4 @@
+;%	generationtime=20071217224527
+;%	lifetime=30
+;%	expiretime=20080116224527
+example.net. IN DNSKEY  256 3 5 BQEAAAABsQvn4MXvSlbajLPMJdGnczsX/Zw5yYSeERYtaO2Wxi+kHz6w iAyKkbBYFUGtmbPJ6JFt+4f9KnNPi1txiBg76Q==
diff --git a/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+35744.private b/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+35744.private
new file mode 100644
index 0000000..ca789eb
--- /dev/null
+++ b/contrib/zkt/examples/views/extern/example.net./Kexample.net.+005+35744.private
@@ -0,0 +1,10 @@
+Private-key-format: v1.2
+Algorithm: 5 (RSASHA1)
+Modulus: sQvn4MXvSlbajLPMJdGnczsX/Zw5yYSeERYtaO2Wxi+kHz6wiAyKkbBYFUGtmbPJ6JFt+4f9KnNPi1txiBg76Q==
+PublicExponent: AQAAAAE=
+PrivateExponent: fZs/S7/pOPP1C9Jjdb7KhnbfiLfCIXdc7d8LDWmm7d9rL2kZK77WMp+o5WRQhoIDDQPAdv+phoIdFEIiXKLN8Q==
+Prime1: 6NEgG3Z86nn9fNjG+3E9OqF/7oaCvrVnb1XogalZgr0=
+Prime2: wq0aosO1mWXo38HuxO5JiR2mX/9LWjxxqwK6I9gnJp0=
+Exponent1: ZvI2y//PImr1OqeVLoWfFHop2iorgT4+SYiz1Gw9FME=
+Exponent2: TBUeoolmnFcOfWO6T1v0S6za7LEib2H1Pgt95UvDA40=
+Coefficient: eHmKka0EVRfjDfEpcwRp5nZ36ZHfLxuKF5tGQ1YclBI=
diff --git a/contrib/zkt/examples/views/extern/example.net./dnskey.db b/contrib/zkt/examples/views/extern/example.net./dnskey.db
new file mode 100644
index 0000000..d46eff9
--- /dev/null
+++ b/contrib/zkt/examples/views/extern/example.net./dnskey.db
@@ -0,0 +1,30 @@
+;
+;	!!! Don't edit this file by hand.
+;	!!! It will be generated by dnssec-signer.
+;
+;	 Last generation time Jun 12 2008 17:56:05
+;
+
+;  ***  List of Key Signing Keys  ***
+; example.net.  tag=23553  algo=RSASHA1  generated Nov 20 2007 12:49:04
+example.net. 3600 IN DNSKEY  257 3 5 (
+			BQEAAAABDEEycfY6uqWNTpQO8ygi9xms6NOFYGhCjijN109fVGJ4KDnI
+			ZtLhoFrOKru9rZn+pyqurlyZG4vESg0BMty6xljVDlr/TegDYFTN19mQ
+			uwvlasJhZPv9pjROPqQGnqLaw3O4OKCY9HgTTPdXK1hQ4Mg2rNU4SM2T
+			u5ki91f5AQqiXF8KYMics0mwVvpj5C2YTDvE9SafLrce68JM6DaiC6E1
+			sQ==
+		) ; key id = 23553
+
+; ***  List of Zone Signing Keys  ***
+; example.net.  tag=35744  algo=RSASHA1  generated Jun 10 2008 01:11:43
+example.net. 3600 IN DNSKEY  256 3 5 (
+			BQEAAAABsQvn4MXvSlbajLPMJdGnczsX/Zw5yYSeERYtaO2Wxi+kHz6w
+			iAyKkbBYFUGtmbPJ6JFt+4f9KnNPi1txiBg76Q==
+		) ; key id = 35744
+
+; example.net.  tag=10367  algo=RSASHA1  generated Jun 10 2008 01:11:43
+example.net. 3600 IN DNSKEY  256 3 5 (
+			BQEAAAAB3U9DMT6BkywYADO+5p0lG4VFLLzNvJUMaOc++HqN2N1sKSX4
+			ZTf2V5gtamPZ/1kMrg8gYImKCl6n3K37EjXYBw==
+		) ; key id = 10367
+
diff --git a/contrib/zkt/examples/views/extern/example.net./dsset-example.net. b/contrib/zkt/examples/views/extern/example.net./dsset-example.net.
new file mode 100644
index 0000000..cbcd3d0
--- /dev/null
+++ b/contrib/zkt/examples/views/extern/example.net./dsset-example.net.
@@ -0,0 +1,2 @@
+example.net.		IN DS 23553 5 1 A1A6D06CB84D619730F605AEF2A6DD4148DD9D5B
+example.net.		IN DS 23553 5 2 B0DCAB8A32C230495CEC1FD61CEC03849450909CA6636FD9BC53D1B3 3B4F3A2D
diff --git a/contrib/zkt/examples/views/extern/example.net./keyset-example.net. b/contrib/zkt/examples/views/extern/example.net./keyset-example.net.
new file mode 100644
index 0000000..b845245
--- /dev/null
+++ b/contrib/zkt/examples/views/extern/example.net./keyset-example.net.
@@ -0,0 +1,10 @@
+$ORIGIN .
+example.net		7200	IN DNSKEY 257 3 5 (
+					BQEAAAABDEEycfY6uqWNTpQO8ygi9xms6NOF
+					YGhCjijN109fVGJ4KDnIZtLhoFrOKru9rZn+
+					pyqurlyZG4vESg0BMty6xljVDlr/TegDYFTN
+					19mQuwvlasJhZPv9pjROPqQGnqLaw3O4OKCY
+					9HgTTPdXK1hQ4Mg2rNU4SM2Tu5ki91f5AQqi
+					XF8KYMics0mwVvpj5C2YTDvE9SafLrce68JM
+					6DaiC6E1sQ==
+					) ; key id = 23553
diff --git a/contrib/zkt/examples/views/extern/example.net./zone.db b/contrib/zkt/examples/views/extern/example.net./zone.db
new file mode 100644
index 0000000..4c72928
--- /dev/null
+++ b/contrib/zkt/examples/views/extern/example.net./zone.db
@@ -0,0 +1,33 @@
+;-----------------------------------------------------------------
+;
+;       @(#)    extern/example.net/zone.db
+;
+;-----------------------------------------------------------------
+
+$TTL	7200
+
+@	IN SOA	ns1.example.net. hostmaster.example.net.  (
+				0       ; Serial	
+				43200	; Refresh
+				1800	; Retry
+				2W	; Expire
+				7200 )	; Minimum
+
+		IN  NS		ns1.example.net.
+		IN  NS		ns2.example.net.
+
+ns1		IN  A		1.0.0.5
+		IN  AAAA	2001:db8::53
+ns2		IN  A		1.2.0.6
+
+localhost	IN  A		127.0.0.1
+
+; Delegation to secure zone; The DS resource record will
+; be added by dnssec-signzone automatically if the
+; keyset-sub.example.net file is present (run dnssec-signzone
+; with option -g or use the dnssec-signer tool) ;-)
+sub		IN NS      ns1.example.net.
+
+; this file will have all the zone keys
+$INCLUDE dnskey.db
+
diff --git a/contrib/zkt/examples/views/extern/example.net./zone.db.signed b/contrib/zkt/examples/views/extern/example.net./zone.db.signed
new file mode 100644
index 0000000..c0e2801
--- /dev/null
+++ b/contrib/zkt/examples/views/extern/example.net./zone.db.signed
@@ -0,0 +1,109 @@
+; File written on Thu Jun 12 17:56:06 2008
+; dnssec_signzone version 9.5.0
+example.net.		7200	IN SOA	ns1.example.net. hostmaster.example.net. (
+					1213286165 ; serial
+					43200      ; refresh (12 hours)
+					1800       ; retry (30 minutes)
+					1209600    ; expire (2 weeks)
+					7200       ; minimum (2 hours)
+					)
+			7200	RRSIG	SOA 5 2 7200 20080622145605 (
+					20080612145605 35744 example.net.
+					iSF46kemTmJ62ipRyAzcVF0zlND4ZXdMSzAg
+					wGLfXN1xlgt0IwB8ypP1OjDyUx+YwBpbMlJt
+					tFsswvYaZtP11Q== )
+			7200	NS	ns1.example.net.
+			7200	NS	ns2.example.net.
+			7200	RRSIG	NS 5 2 7200 20080622145605 (
+					20080612145605 35744 example.net.
+					fmC9BXzFcy6TRXixIHk51TYTetGd69YcRguc
+					VlqTalvPJTJ99nKkRS5HdP2CZPJqv9bHOmSO
+					yQibjS4TA5Pr3g== )
+			7200	NSEC	localhost.example.net. NS SOA RRSIG NSEC DNSKEY
+			7200	RRSIG	NSEC 5 2 7200 20080622145605 (
+					20080612145605 35744 example.net.
+					kimcFA1awlsIou/66y2XLByBWKc2e7Wm8vis
+					Pz/i0NS4NFoe+oSKIeIjUorWOSf5AkpxxntV
+					91i/sxof6bc61w== )
+			3600	DNSKEY	256 3 5 (
+					BQEAAAABsQvn4MXvSlbajLPMJdGnczsX/Zw5
+					yYSeERYtaO2Wxi+kHz6wiAyKkbBYFUGtmbPJ
+					6JFt+4f9KnNPi1txiBg76Q==
+					) ; key id = 35744
+			3600	DNSKEY	256 3 5 (
+					BQEAAAAB3U9DMT6BkywYADO+5p0lG4VFLLzN
+					vJUMaOc++HqN2N1sKSX4ZTf2V5gtamPZ/1kM
+					rg8gYImKCl6n3K37EjXYBw==
+					) ; key id = 10367
+			3600	DNSKEY	257 3 5 (
+					BQEAAAABDEEycfY6uqWNTpQO8ygi9xms6NOF
+					YGhCjijN109fVGJ4KDnIZtLhoFrOKru9rZn+
+					pyqurlyZG4vESg0BMty6xljVDlr/TegDYFTN
+					19mQuwvlasJhZPv9pjROPqQGnqLaw3O4OKCY
+					9HgTTPdXK1hQ4Mg2rNU4SM2Tu5ki91f5AQqi
+					XF8KYMics0mwVvpj5C2YTDvE9SafLrce68JM
+					6DaiC6E1sQ==
+					) ; key id = 23553
+			3600	RRSIG	DNSKEY 5 2 3600 20080622145605 (
+					20080612145605 23553 example.net.
+					Bfg8AMvj3OmC7E5aMCfotsdL4eJ+hPqtH30E
+					+aGEJojZNgfhnSKZrolMJa5fij4oZ+Fp8U+a
+					V73egxkrYI+NnddGRVium+vT6NDVknYl6hx0
+					kgKmZ8oYMulF8CCmTaw6WXswIX0j/7e17Qtw
+					ZjbkWZagIXWotE5t0qel3doAQ37ZUaKMMAoc
+					SRgJ8s+w7OZ86f1kWyGNdhYeF8yY3AraSx7h
+					fg== )
+			3600	RRSIG	DNSKEY 5 2 3600 20080622145605 (
+					20080612145605 35744 example.net.
+					SrsmKW7eB+zWA+8j2DvlDktthDusinJP4QKV
+					ihsJN1Gq8fTcHsFX2+3EJLyGZfhKyW7Q5Z1W
+					dIM4sjx78Zjh5Q== )
+localhost.example.net.	7200	IN A	127.0.0.1
+			7200	RRSIG	A 5 3 7200 20080622145605 (
+					20080612145605 35744 example.net.
+					DUWSV0Wj/h1U4idKUoDLB+NXgj8M9et1E8BP
+					X0lhAu4CMrPhsiFU1NN+N3bhC16u7S+xxeEI
+					N/c7vC223ejn8A== )
+			7200	NSEC	ns1.example.net. A RRSIG NSEC
+			7200	RRSIG	NSEC 5 3 7200 20080622145605 (
+					20080612145605 35744 example.net.
+					qQ7FB0+O9Ve88VblRspGAm28JXurNAQ23HX9
+					rkmbFLL/Z7Xp7xO2899oJZrgHl3CWLcKRBV+
+					P50QYwYXET3byw== )
+ns1.example.net.	7200	IN A	1.0.0.5
+			7200	RRSIG	A 5 3 7200 20080622145605 (
+					20080612145605 35744 example.net.
+					qv8y5gEQg/5BpSTMoZvwW6AAzMIxT34ds4VK
+					QQ9ScfVYOwtKigsaFmr8Zs97R946rl5vh/cs
+					w8uw5x6/1ECflg== )
+			7200	AAAA	2001:db8::53
+			7200	RRSIG	AAAA 5 3 7200 20080622145605 (
+					20080612145605 35744 example.net.
+					T5MtLR9ZY0e6PKk+nU9cjRpSAWaccH2bGjzI
+					aYEvKRFcLQ0QPDww8gBZNimYL+BYfCSysyXz
+					LNjR7KqYQxrXmg== )
+			7200	NSEC	ns2.example.net. A AAAA RRSIG NSEC
+			7200	RRSIG	NSEC 5 3 7200 20080622145605 (
+					20080612145605 35744 example.net.
+					IlRZWwLVtf7oalaLBCMbqH4pxgqCJ7f0wQzO
+					ftS2jhMGVez+q7SgO8Vpw5f+vhNiSWe6noiN
+					ogRV1rxohxDyCw== )
+ns2.example.net.	7200	IN A	1.2.0.6
+			7200	RRSIG	A 5 3 7200 20080622145605 (
+					20080612145605 35744 example.net.
+					NR3Nkw9U12uZcZs8ChTY+u3a0QisLV/5okqR
+					Cy1Jpg8YkEzBJ0nEdxoGX6WUtnb0u5Kjxea1
+					iTZYEXffLBchmw== )
+			7200	NSEC	sub.example.net. A RRSIG NSEC
+			7200	RRSIG	NSEC 5 3 7200 20080622145605 (
+					20080612145605 35744 example.net.
+					eM1ckSfeiEg6pV8JxJEEkDeDo04i1iblO6a1
+					pWydc4IGMH0vaCuGHvLlfCmSOZK7TWMFSLJN
+					SqabEFO1114AyQ== )
+sub.example.net.	7200	IN NS	ns1.example.net.
+			7200	NSEC	example.net. NS RRSIG NSEC
+			7200	RRSIG	NSEC 5 3 7200 20080622145605 (
+					20080612145605 35744 example.net.
+					nwfqNjzYHKtWWsJgoiM9ZQFY9UKHMS6pkyNB
+					ISgm6pTLeG9QXuwf9vTrtfvhPYAp5DRz96AT
+					db/3/DXIwUnMnA== )
diff --git a/contrib/zkt/examples/views/extern/zkt-ext.log b/contrib/zkt/examples/views/extern/zkt-ext.log
new file mode 100644
index 0000000..04fa4fb
--- /dev/null
+++ b/contrib/zkt/examples/views/extern/zkt-ext.log
@@ -0,0 +1,28 @@
+2008-06-12 17:59:04.194: notice: running as ../../dnssec-signer -V extern -v -v
+2008-06-12 17:59:04.195: debug: parsing zone "example.net." in dir "extern/example.net."
+2008-06-12 17:59:04.196: debug: 	Check RFC5011 status
+2008-06-12 17:59:04.196: debug: 		->ksk5011status returns 0
+2008-06-12 17:59:04.196: debug: 	Check ksk status
+2008-06-12 17:59:04.196: debug: 	Re-signing not necessary!
+2008-06-12 17:59:04.196: notice: end of run: 0 errors occured
+2008-06-12 17:59:17.435: notice: running as ../../dnssec-signer -V extern -v -v
+2008-06-12 17:59:17.436: debug: parsing zone "example.net." in dir "extern/example.net."
+2008-06-12 17:59:17.436: debug: 	Check RFC5011 status
+2008-06-12 17:59:17.436: debug: 		->ksk5011status returns 0
+2008-06-12 17:59:17.436: debug: 	Check ksk status
+2008-06-12 17:59:17.436: debug: 	Re-signing not necessary!
+2008-06-12 17:59:17.436: notice: end of run: 0 errors occured
+2008-06-12 18:00:07.818: notice: running as ../../dnssec-signer -V extern -v -v
+2008-06-12 18:00:07.819: debug: parsing zone "example.net." in dir "extern/example.net."
+2008-06-12 18:00:07.819: debug: 	Check RFC5011 status
+2008-06-12 18:00:07.819: debug: 		->ksk5011status returns 0
+2008-06-12 18:00:07.819: debug: 	Check ksk status
+2008-06-12 18:00:07.819: debug: 	Re-signing not necessary!
+2008-06-12 18:00:07.819: notice: end of run: 0 errors occured
+2008-06-12 18:00:39.019: notice: running as ../../dnssec-signer -V extern -v -v
+2008-06-12 18:00:39.020: debug: parsing zone "example.net." in dir "extern/example.net."
+2008-06-12 18:00:39.020: debug: 	Check RFC5011 status
+2008-06-12 18:00:39.020: debug: 		->ksk5011status returns 0
+2008-06-12 18:00:39.020: debug: 	Check ksk status
+2008-06-12 18:00:39.020: debug: 	Re-signing not necessary!
+2008-06-12 18:00:39.020: notice: end of run: 0 errors occured
diff --git a/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+00126.key b/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+00126.key
new file mode 100644
index 0000000..316e4cf
--- /dev/null
+++ b/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+00126.key
@@ -0,0 +1 @@
+example.net. IN DNSKEY 257 3 5 BQEAAAABC+JLXRgWPqqGe0cta8CR95tz7PkkgRDlXyxESD+XkpVDkJ3W ey/1Lh7083Ve1WmIuUAo3N4d7HjLgrFVZxiumGGRz/aV3s01OFFS5JqI wF9BTNrNPGLPzzbBaQMHErO88HIbbg4sot7e6bSrtpAEf23MhZ3qZJC9 +nN+DknmsgTE6EpK6ZyUrZc64/0K68EWhtk1gf95NQEzTD4QgrOD6IYq Lw==
diff --git a/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+00126.private b/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+00126.private
new file mode 100644
index 0000000..96e1ff6
--- /dev/null
+++ b/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+00126.private
@@ -0,0 +1,10 @@
+Private-key-format: v1.2
+Algorithm: 5 (RSASHA1)
+Modulus: C+JLXRgWPqqGe0cta8CR95tz7PkkgRDlXyxESD+XkpVDkJ3Wey/1Lh7083Ve1WmIuUAo3N4d7HjLgrFVZxiumGGRz/aV3s01OFFS5JqIwF9BTNrNPGLPzzbBaQMHErO88HIbbg4sot7e6bSrtpAEf23MhZ3qZJC9+nN+DknmsgTE6EpK6ZyUrZc64/0K68EWhtk1gf95NQEzTD4QgrOD6IYqLw==
+PublicExponent: AQAAAAE=
+PrivateExponent: CF6/bss8OtQFdcjO6kJh9EamPFXAsaXFCdcYpHF55CU4H3jBuu7teLFEanvgm6M+wROYF0Yohiyb2aeSBdGLRIfTC9l3xfHD+XixuZVoNk6DqR1/8Wlxwu/a/hW9dq7pUXqDfTbzdZKR6SVRPa4MAdQ0p8aSF4S926NRqZC6E/anqhqNPSlBpxTs3TrRk+wY6u8wMXxPGNjJYoID8Y0Qau/H6Q==
+Prime1: A50B7etEtQCDudL8+KBxU1/2sVT3ORMfoZPsOe+ZLFrwcOO9Iyrr6saymuD4QvcIHECdLUM5rsT1JBo87wgvVysibco7oVLxlIfsTcbM70l2Kw==
+Prime2: A0n3+qM3ng3WAFzlpYRNUZpH/CW1pMq3nOHjx2olWwDxDZ4tAsUPKuW9n3kVZAR+4FkeUKn2ePR7xRtO3AzvA6QmZuZN6EHuLPlSKRufzeZ+DQ==
+Exponent1: Hk5KY5PiXs6pf8T8rSvVs6PJqDX491R01ZDdAIDYjmhIUHKWQ2STAlPEpSAGXi+oqOo4dD1eJWgw36hT0JakjXU4aIvPoSdmVPMs8aod0NUh
+Exponent2: AXKBZ5sYApCCj/0fGBTkmU6Zc89/ddQNrFm2lVLrwSTILHQWm/aXDvI+5icpF5kdrukVcNHUeCz1R/RTgeV4N9/qvr5YzbPWieqDNvpG1RcNRQ==
+Coefficient: BZxK+fKwUNWoJ5huBqLsi8UMWgrCMqAfXvge4+Y4n4IL0VCU1UUEXZQEEeiATh0g52CuetOMej6FZ4QKbNryWg036ZKl81ataMGtDX/i/yZG
diff --git a/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+05972.key b/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+05972.key
new file mode 100644
index 0000000..8be3973
--- /dev/null
+++ b/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+05972.key
@@ -0,0 +1 @@
+example.net. IN DNSKEY 256 3 5 BQEAAAABsMIdQ+yt52Q/OR1s+QPj7SuBydYb11l0HC5kGIDp+JPQIQHx pyCWa/LaLgcvK3IA1HR8YaO3QXB2LAHEz5B/CQ==
diff --git a/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+05972.private b/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+05972.private
new file mode 100644
index 0000000..b519641
--- /dev/null
+++ b/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+05972.private
@@ -0,0 +1,10 @@
+Private-key-format: v1.2
+Algorithm: 5 (RSASHA1)
+Modulus: sMIdQ+yt52Q/OR1s+QPj7SuBydYb11l0HC5kGIDp+JPQIQHxpyCWa/LaLgcvK3IA1HR8YaO3QXB2LAHEz5B/CQ==
+PublicExponent: AQAAAAE=
+PrivateExponent: fpWuYAOXJWdjMrZnI91hTi1wwuje4sKjDu8xvfnKvqKhr61QxK1gR9TB3mc2FM+Awivphb3xfi8+y2cacq9iUQ==
+Prime1: 6DE1tFJXGIm2SW3fSwQymX7Zcw8VSIMWiHQPCqX1FA0=
+Prime2: wuHS7u0I9aYOFkDAndfEVyDi8vOh96CcY/BuSvEZ6+0=
+Exponent1: sn7RttKPap3cgw2sddmgwcuVSaEpwOswF/O42Ou3fMk=
+Exponent2: LoJ305VksT7SWWR6bM5OybcdTm39PTZM0g3V2hOceK0=
+Coefficient: SwRF9S9ICVeyeYw3djxbg7kUZjz5AkbHIgz9VeX4mzM=
diff --git a/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+23375.key b/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+23375.key
new file mode 100644
index 0000000..160110e
--- /dev/null
+++ b/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+23375.key
@@ -0,0 +1,3 @@
+;%	generationtime=20080612154545
+;%	lifetime=30d
+example.net. IN DNSKEY  256 3 5 BQEAAAABzbx90CiFrOSh0/BkiRQYRC4rHL0QQv96Qwy5/zuOa/3Zy9Lc TpbE13DtEAqOfVGSQ79S4WgKalFJxq6lSk0xrw==
diff --git a/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+23375.published b/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+23375.published
new file mode 100644
index 0000000..60e4316
--- /dev/null
+++ b/contrib/zkt/examples/views/intern/example.net./Kexample.net.+005+23375.published
@@ -0,0 +1,10 @@
+Private-key-format: v1.2
+Algorithm: 5 (RSASHA1)
+Modulus: zbx90CiFrOSh0/BkiRQYRC4rHL0QQv96Qwy5/zuOa/3Zy9LcTpbE13DtEAqOfVGSQ79S4WgKalFJxq6lSk0xrw==
+PublicExponent: AQAAAAE=
+PrivateExponent: XZK4eHRUrFka7O0Q/RBuBG3iW8KFng5em4FnjCSBQpwSAvFzTBebqwfNSOcgqKihz8VzvKHxEd6BxVZRGI2dgQ==
+Prime1: 8Jji5R57Y4ROxrO5EuEFjxL723VQ/Ym+4KYG+tM3bP8=
+Prime2: 2uhGRdJU3UJvnPwx0gJGio6KmRBC6CmDqTMORhYrS1E=
+Exponent1: cqVno4KLgMmKN5VPWaYA+pB5e55r6UEIaxqj6WMXATs=
+Exponent2: EqSKzb/r02jmNCTv5aX7wHl+57LYR40rJvzgVTfh/tE=
+Coefficient: 37ywfYlNFmtR/jZwoZBHNdIEy+C+jIeJ+fEepesSpoI=
diff --git a/contrib/zkt/examples/views/intern/example.net./dnskey.db b/contrib/zkt/examples/views/intern/example.net./dnskey.db
new file mode 100644
index 0000000..9e2c47f
--- /dev/null
+++ b/contrib/zkt/examples/views/intern/example.net./dnskey.db
@@ -0,0 +1,30 @@
+;
+;	!!! Don't edit this file by hand.
+;	!!! It will be generated by dnssec-signer.
+;
+;	 Last generation time Jun 12 2008 18:13:43
+;
+
+;  ***  List of Key Signing Keys  ***
+; example.net.  tag=126  algo=RSASHA1  generated Nov 20 2007 12:44:27
+example.net. 1800 IN DNSKEY  257 3 5 (
+			BQEAAAABC+JLXRgWPqqGe0cta8CR95tz7PkkgRDlXyxESD+XkpVDkJ3W
+			ey/1Lh7083Ve1WmIuUAo3N4d7HjLgrFVZxiumGGRz/aV3s01OFFS5JqI
+			wF9BTNrNPGLPzzbBaQMHErO88HIbbg4sot7e6bSrtpAEf23MhZ3qZJC9
+			+nN+DknmsgTE6EpK6ZyUrZc64/0K68EWhtk1gf95NQEzTD4QgrOD6IYq
+			Lw==
+		) ; key id = 126
+
+; ***  List of Zone Signing Keys  ***
+; example.net.  tag=5972  algo=RSASHA1  generated Nov 20 2007 12:44:27
+example.net. 1800 IN DNSKEY  256 3 5 (
+			BQEAAAABsMIdQ+yt52Q/OR1s+QPj7SuBydYb11l0HC5kGIDp+JPQIQHx
+			pyCWa/LaLgcvK3IA1HR8YaO3QXB2LAHEz5B/CQ==
+		) ; key id = 5972
+
+; example.net.  tag=23375  algo=RSASHA1  generated Jun 12 2008 17:45:45
+example.net. 1800 IN DNSKEY  256 3 5 (
+			BQEAAAABzbx90CiFrOSh0/BkiRQYRC4rHL0QQv96Qwy5/zuOa/3Zy9Lc
+			TpbE13DtEAqOfVGSQ79S4WgKalFJxq6lSk0xrw==
+		) ; key id = 23375
+
diff --git a/contrib/zkt/examples/views/intern/example.net./dsset-example.net. b/contrib/zkt/examples/views/intern/example.net./dsset-example.net.
new file mode 100644
index 0000000..b61c1b6
--- /dev/null
+++ b/contrib/zkt/examples/views/intern/example.net./dsset-example.net.
@@ -0,0 +1,2 @@
+example.net.		IN DS 126 5 1 D32161DCFCA120944CB9C0394CBED1389FDB72CA
+example.net.		IN DS 126 5 2 351C6807B25E47223D7A6AA222291E8D7D7DDDA61D64CE839F937F22 47481FC9
diff --git a/contrib/zkt/examples/views/intern/example.net./keyset-example.net. b/contrib/zkt/examples/views/intern/example.net./keyset-example.net.
new file mode 100644
index 0000000..0aa2c7d
--- /dev/null
+++ b/contrib/zkt/examples/views/intern/example.net./keyset-example.net.
@@ -0,0 +1,10 @@
+$ORIGIN .
+example.net		7200	IN DNSKEY 257 3 5 (
+					BQEAAAABC+JLXRgWPqqGe0cta8CR95tz7Pkk
+					gRDlXyxESD+XkpVDkJ3Wey/1Lh7083Ve1WmI
+					uUAo3N4d7HjLgrFVZxiumGGRz/aV3s01OFFS
+					5JqIwF9BTNrNPGLPzzbBaQMHErO88HIbbg4s
+					ot7e6bSrtpAEf23MhZ3qZJC9+nN+DknmsgTE
+					6EpK6ZyUrZc64/0K68EWhtk1gf95NQEzTD4Q
+					grOD6IYqLw==
+					) ; key id = 126
diff --git a/contrib/zkt/examples/views/intern/example.net./zone.db b/contrib/zkt/examples/views/intern/example.net./zone.db
new file mode 100644
index 0000000..d3e90f7
--- /dev/null
+++ b/contrib/zkt/examples/views/intern/example.net./zone.db
@@ -0,0 +1,33 @@
+;-----------------------------------------------------------------
+;
+;       @(#)    intern/example.net/zone.db
+;
+;-----------------------------------------------------------------
+
+$TTL	7200
+
+@	IN SOA	ns1.example.net. hostmaster.example.net.  (
+				0       ; Serial	
+				43200	; Refresh
+				1800	; Retry
+				2W	; Expire
+				7200 )	; Minimum
+
+		IN  NS		ns1.example.net.
+		IN  NS		ns2.example.net.
+
+ns1		IN  A		192.168.1.53
+		IN  AAAA	fd12:063c:cdbb::53
+ns2		IN  A		10.1.2.3
+
+localhost	IN  A		127.0.0.1
+
+; Delegation to secure zone; The DS resource record will
+; be added by dnssec-signzone automatically if the
+; keyset-sub.example.net file is present (run dnssec-signzone
+; with option -g or use the dnssec-signer tool) ;-)
+sub		IN NS      ns1.example.net.
+
+; this file will have all the zone keys
+$INCLUDE dnskey.db
+
diff --git a/contrib/zkt/examples/views/intern/example.net./zone.db.signed b/contrib/zkt/examples/views/intern/example.net./zone.db.signed
new file mode 100644
index 0000000..88a42c6
--- /dev/null
+++ b/contrib/zkt/examples/views/intern/example.net./zone.db.signed
@@ -0,0 +1,109 @@
+; File written on Thu Jun 12 18:13:43 2008
+; dnssec_signzone version 9.5.0
+example.net.		7200	IN SOA	ns1.example.net. hostmaster.example.net. (
+					1213287223 ; serial
+					43200      ; refresh (12 hours)
+					1800       ; retry (30 minutes)
+					1209600    ; expire (2 weeks)
+					7200       ; minimum (2 hours)
+					)
+			7200	RRSIG	SOA 5 2 7200 20080613151343 (
+					20080612151343 5972 example.net.
+					Pc3wGwZm0n5gMs9lSHUiRG4EIpalC+UUJPwy
+					2LwHbyFkzCdGQz2RDJeL6mRKS4Z+gmt3oNUV
+					aV3H0KfNq6ITLg== )
+			7200	NS	ns1.example.net.
+			7200	NS	ns2.example.net.
+			7200	RRSIG	NS 5 2 7200 20080613151343 (
+					20080612151343 5972 example.net.
+					dUy23xqHx9shvAc20zW9uBOt8TnrI5ot31vS
+					Gas9s5ksxGZuQIIdpdYvbFtufp9jLfAQG98L
+					a6rQDFcnJ8xzng== )
+			7200	NSEC	localhost.example.net. NS SOA RRSIG NSEC DNSKEY
+			7200	RRSIG	NSEC 5 2 7200 20080613151343 (
+					20080612151343 5972 example.net.
+					gWt7VDw60E1q7qS4+pkor6RR2Dfc1sshGHia
+					UEJBt9F4PiHux3ICJbyWQ2USBLJMzO+uR8GH
+					kt2inbyQytbPDQ== )
+			1800	DNSKEY	256 3 5 (
+					BQEAAAABsMIdQ+yt52Q/OR1s+QPj7SuBydYb
+					11l0HC5kGIDp+JPQIQHxpyCWa/LaLgcvK3IA
+					1HR8YaO3QXB2LAHEz5B/CQ==
+					) ; key id = 5972
+			1800	DNSKEY	256 3 5 (
+					BQEAAAABzbx90CiFrOSh0/BkiRQYRC4rHL0Q
+					Qv96Qwy5/zuOa/3Zy9LcTpbE13DtEAqOfVGS
+					Q79S4WgKalFJxq6lSk0xrw==
+					) ; key id = 23375
+			1800	DNSKEY	257 3 5 (
+					BQEAAAABC+JLXRgWPqqGe0cta8CR95tz7Pkk
+					gRDlXyxESD+XkpVDkJ3Wey/1Lh7083Ve1WmI
+					uUAo3N4d7HjLgrFVZxiumGGRz/aV3s01OFFS
+					5JqIwF9BTNrNPGLPzzbBaQMHErO88HIbbg4s
+					ot7e6bSrtpAEf23MhZ3qZJC9+nN+DknmsgTE
+					6EpK6ZyUrZc64/0K68EWhtk1gf95NQEzTD4Q
+					grOD6IYqLw==
+					) ; key id = 126
+			1800	RRSIG	DNSKEY 5 2 1800 20080613151343 (
+					20080612151343 126 example.net.
+					CPj9rEcjTazkLm5yNpC4PatufPvKQdCkaIj9
+					EKFgYUpPftfvhP1MzKcHnKraVq8jU995e1vU
+					WZ3ac9M4KRynUoYYj4/nMFwWQu/xC9yaUjj0
+					XodXMEMlSjjN5BE/2Og3xzKJ9grim7riKClH
+					fixhNn6WGUXWT7TV1GKNnB7Ix/ZVCpzU4QAz
+					qr28rqTYvbmoowGXPf6OgafFdRQ6rdTRTzvK
+					xA== )
+			1800	RRSIG	DNSKEY 5 2 1800 20080613151343 (
+					20080612151343 5972 example.net.
+					dOdjm4GD0nzgoMgRYl8HiEqi4nxP/ocB7n/N
+					WRKdU4Tuk7OYacr2Bd+tVa2bKLJZ9JmMQR8v
+					VDkzRjT4eONxuA== )
+localhost.example.net.	7200	IN A	127.0.0.1
+			7200	RRSIG	A 5 3 7200 20080613151343 (
+					20080612151343 5972 example.net.
+					KRpkDBsuqC+WHv++YBsxW1rhkALl/LWyI24E
+					qJJevkm0+5tCmHgHa9WovZwDDMEn/tzxOaqi
+					rk8Mnbf6cYxSlw== )
+			7200	NSEC	ns1.example.net. A RRSIG NSEC
+			7200	RRSIG	NSEC 5 3 7200 20080613151343 (
+					20080612151343 5972 example.net.
+					GdpOVVyqa1nTaGFuN4ohqxnYs5yG+vGK9gK0
+					Tt4aenChFAmcuIvhX7ZcdejXM8x+imttnKCp
+					Smho3kSGf9gQRQ== )
+ns1.example.net.	7200	IN A	192.168.1.53
+			7200	RRSIG	A 5 3 7200 20080613151343 (
+					20080612151343 5972 example.net.
+					P4vZDd3DBZIEwk9mQWoR1qjqyFTNOvsp+yOt
+					z2OvdAjSnlVnYHC0lM0LY24RVTQlQPLRq75F
+					joAIP/0wvXihsA== )
+			7200	AAAA	fd12:63c:cdbb::53
+			7200	RRSIG	AAAA 5 3 7200 20080613151343 (
+					20080612151343 5972 example.net.
+					V04kA3VrzhcNfwCEXBpgKyu+eRFYGCIrXuty
+					XiRCHV2DCOlr9EBKGdXzpR8kUnpRZI2BuP17
+					2a3emgs9BHJJ6A== )
+			7200	NSEC	ns2.example.net. A AAAA RRSIG NSEC
+			7200	RRSIG	NSEC 5 3 7200 20080613151343 (
+					20080612151343 5972 example.net.
+					Y0DaMxmczQLNCtzKO/MA7Nvt4Rh3MdnEvcPJ
+					48blsqd3UWGlRcHD/yx1NFV2JxBFSNTsAkBs
+					JFhw+nVeZJdHJA== )
+ns2.example.net.	7200	IN A	10.1.2.3
+			7200	RRSIG	A 5 3 7200 20080613151343 (
+					20080612151343 5972 example.net.
+					GsvMGEozNeTjBPOuYM3thOZsQ+pPv7/8zQlj
+					FPnivBwkvkgrk+IyJxoh9xyTnVxd93mPY0Rv
+					Xsp5ITBTILSM6Q== )
+			7200	NSEC	sub.example.net. A RRSIG NSEC
+			7200	RRSIG	NSEC 5 3 7200 20080613151343 (
+					20080612151343 5972 example.net.
+					LYIa+Hhk4l6KnbT/QKS0Zqkfy8Ywpz8J9RLh
+					9VqzxFcdXrJswV4o/5fbZCT33sBqzebggBVR
+					LYF/o0HVi5uzJA== )
+sub.example.net.	7200	IN NS	ns1.example.net.
+			7200	NSEC	example.net. NS RRSIG NSEC
+			7200	RRSIG	NSEC 5 3 7200 20080613151343 (
+					20080612151343 5972 example.net.
+					nkGsdegvupGxCOpr/8K6kY/0iZH1ZC8y5HwQ
+					8Z3/aD0wJxaVK9iMjZ+jbIbQHg3Es5V0UYFR
+					RPdjTNk7YEC0Mg== )
diff --git a/contrib/zkt/examples/views/intern/zkt-int.log b/contrib/zkt/examples/views/intern/zkt-int.log
new file mode 100644
index 0000000..0729139
--- /dev/null
+++ b/contrib/zkt/examples/views/intern/zkt-int.log
@@ -0,0 +1,169 @@
+2008-06-12 18:02:13.593: notice: running as ../../dnssec-signer -V intern -v -v
+2008-06-12 18:02:13.594: debug: parsing zone "example.net." in dir "intern/example.net."
+2008-06-12 18:02:13.594: debug: 	Check RFC5011 status
+2008-06-12 18:02:13.595: debug: 		->ksk5011status returns 0
+2008-06-12 18:02:13.595: debug: 	Check ksk status
+2008-06-12 18:02:13.595: debug: 	Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17727466 sec)
+2008-06-12 18:02:13.595: debug: 		->waiting for pre-publish key
+2008-06-12 18:02:13.595: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h17m46s: ZSK rollover deferred: waiting for pre-publish key
+2008-06-12 18:02:13.595: debug: 	Re-signing necessary: Modified keys
+2008-06-12 18:02:13.595: notice: "example.net.": re-signing triggered: Modified keys
+2008-06-12 18:02:13.595: debug: 	Writing key file "intern/example.net./dnskey.db"
+2008-06-12 18:02:13.596: debug: 	Signing zone "example.net."
+2008-06-12 18:02:13.596: debug: 	  Run cmd "cd intern/example.net.; /usr/local/sbin/dnssec-signzone -p -o example.net. -e +86400 -g  -N unixtime zone.db K*.private"
+2008-06-12 18:02:13.705: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-06-12 18:02:13.705: debug: 	Signing completed after 0s.
+2008-06-12 18:02:13.705: debug: 
+2008-06-12 18:02:13.705: notice: end of run: 0 errors occured
+2008-06-12 18:03:13.208: notice: running as ../../dnssec-signer -V intern -r -v -v
+2008-06-12 18:03:13.209: debug: parsing zone "example.net." in dir "intern/example.net."
+2008-06-12 18:03:13.209: debug: 	Check RFC5011 status
+2008-06-12 18:03:13.209: debug: 		->ksk5011status returns 0
+2008-06-12 18:03:13.209: debug: 	Check ksk status
+2008-06-12 18:03:13.209: debug: 	Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17727526 sec)
+2008-06-12 18:03:13.209: debug: 		->waiting for pre-publish key
+2008-06-12 18:03:13.209: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h18m46s: ZSK rollover deferred: waiting for pre-publish key
+2008-06-12 18:03:13.209: debug: 	Re-signing not necessary!
+2008-06-12 18:03:13.209: notice: end of run: 0 errors occured
+2008-06-12 18:03:19.287: notice: running as ../../dnssec-signer -V intern -r -v -v
+2008-06-12 18:03:19.288: debug: parsing zone "example.net." in dir "intern/example.net."
+2008-06-12 18:03:19.288: debug: 	Check RFC5011 status
+2008-06-12 18:03:19.289: debug: 		->ksk5011status returns 0
+2008-06-12 18:03:19.289: debug: 	Check ksk status
+2008-06-12 18:03:19.289: debug: 	Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17727532 sec)
+2008-06-12 18:03:19.289: debug: 		->waiting for pre-publish key
+2008-06-12 18:03:19.289: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h18m52s: ZSK rollover deferred: waiting for pre-publish key
+2008-06-12 18:03:19.289: debug: 	Re-signing not necessary!
+2008-06-12 18:03:19.289: notice: end of run: 0 errors occured
+2008-06-12 18:03:23.617: notice: running as ../../dnssec-signer -V intern -f -r -v -v
+2008-06-12 18:03:23.618: debug: parsing zone "example.net." in dir "intern/example.net."
+2008-06-12 18:03:23.618: debug: 	Check RFC5011 status
+2008-06-12 18:03:23.618: debug: 		->ksk5011status returns 0
+2008-06-12 18:03:23.618: debug: 	Check ksk status
+2008-06-12 18:03:23.618: debug: 	Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17727536 sec)
+2008-06-12 18:03:23.618: debug: 		->waiting for pre-publish key
+2008-06-12 18:03:23.618: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h18m56s: ZSK rollover deferred: waiting for pre-publish key
+2008-06-12 18:03:23.618: debug: 	Re-signing necessary: Option -f
+2008-06-12 18:03:23.618: notice: "example.net.": re-signing triggered: Option -f
+2008-06-12 18:03:23.618: debug: 	Writing key file "intern/example.net./dnskey.db"
+2008-06-12 18:03:23.619: debug: 	Signing zone "example.net."
+2008-06-12 18:03:23.619: debug: 	  Run cmd "cd intern/example.net.; /usr/local/sbin/dnssec-signzone -p -o example.net. -e +86400 -g  -N unixtime zone.db K*.private"
+2008-06-12 18:03:23.719: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-06-12 18:03:23.719: debug: 	Signing completed after 0s.
+2008-06-12 18:03:23.720: notice: ""example.net." in view "intern"": reload triggered
+2008-06-12 18:03:23.772: debug: 
+2008-06-12 18:03:23.772: notice: end of run: 0 errors occured
+2008-06-12 18:05:39.532: notice: running as ../../dnssec-signer -V intern -f -r -v -v
+2008-06-12 18:05:39.533: debug: parsing zone "example.net." in dir "intern/example.net."
+2008-06-12 18:05:39.533: debug: 	Check RFC5011 status
+2008-06-12 18:05:39.533: debug: 		->ksk5011status returns 0
+2008-06-12 18:05:39.533: debug: 	Check ksk status
+2008-06-12 18:05:39.533: debug: 	Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17727672 sec)
+2008-06-12 18:05:39.533: debug: 		->waiting for pre-publish key
+2008-06-12 18:05:39.533: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h21m12s: ZSK rollover deferred: waiting for pre-publish key
+2008-06-12 18:05:39.533: debug: 	Re-signing necessary: Option -f
+2008-06-12 18:05:39.533: notice: "example.net.": re-signing triggered: Option -f
+2008-06-12 18:05:39.533: debug: 	Writing key file "intern/example.net./dnskey.db"
+2008-06-12 18:05:39.534: debug: 	Signing zone "example.net."
+2008-06-12 18:05:39.534: debug: 	  Run cmd "cd intern/example.net.; /usr/local/sbin/dnssec-signzone -p -o example.net. -e +86400 -g  -N unixtime zone.db K*.private"
+2008-06-12 18:05:39.629: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-06-12 18:05:39.630: debug: 	Signing completed after 0s.
+2008-06-12 18:05:39.630: notice: ""example.net."": reload triggered
+2008-06-12 18:05:39.640: debug: 
+2008-06-12 18:05:39.640: notice: end of run: 0 errors occured
+2008-06-12 18:07:47.753: notice: running as ../../dnssec-signer -V intern -f -r -v -v
+2008-06-12 18:07:47.754: debug: parsing zone "example.net." in dir "intern/example.net."
+2008-06-12 18:07:47.754: debug: 	Check RFC5011 status
+2008-06-12 18:07:47.754: debug: 		->ksk5011status returns 0
+2008-06-12 18:07:47.754: debug: 	Check ksk status
+2008-06-12 18:07:47.754: debug: 	Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17727800 sec)
+2008-06-12 18:07:47.754: debug: 		->waiting for pre-publish key
+2008-06-12 18:07:47.754: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h23m20s: ZSK rollover deferred: waiting for pre-publish key
+2008-06-12 18:07:47.754: debug: 	Re-signing necessary: Option -f
+2008-06-12 18:07:47.754: notice: "example.net.": re-signing triggered: Option -f
+2008-06-12 18:07:47.754: debug: 	Writing key file "intern/example.net./dnskey.db"
+2008-06-12 18:07:47.754: debug: 	Signing zone "example.net."
+2008-06-12 18:07:47.754: debug: 	  Run cmd "cd intern/example.net.; /usr/local/sbin/dnssec-signzone -p -o example.net. -e +86400 -g  -N unixtime zone.db K*.private"
+2008-06-12 18:07:47.856: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-06-12 18:07:47.856: debug: 	Signing completed after 0s.
+2008-06-12 18:07:47.856: notice: ""example.net."": reload triggered
+2008-06-12 18:07:47.866: debug: 
+2008-06-12 18:07:47.867: notice: end of run: 0 errors occured
+2008-06-12 18:10:57.978: notice: running as ../../dnssec-signer -V intern -f -r -v -v
+2008-06-12 18:10:57.978: debug: parsing zone "example.net." in dir "intern/example.net."
+2008-06-12 18:10:57.978: debug: 	Check RFC5011 status
+2008-06-12 18:10:57.978: debug: 		->ksk5011status returns 0
+2008-06-12 18:10:57.978: debug: 	Check ksk status
+2008-06-12 18:10:57.978: debug: 	Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17727990 sec)
+2008-06-12 18:10:57.978: debug: 		->waiting for pre-publish key
+2008-06-12 18:10:57.978: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h26m30s: ZSK rollover deferred: waiting for pre-publish key
+2008-06-12 18:10:57.978: debug: 	Re-signing necessary: Option -f
+2008-06-12 18:10:57.978: notice: "example.net.": re-signing triggered: Option -f
+2008-06-12 18:10:57.978: debug: 	Writing key file "intern/example.net./dnskey.db"
+2008-06-12 18:10:57.979: debug: 	Signing zone "example.net."
+2008-06-12 18:10:57.979: debug: 	  Run cmd "cd intern/example.net.; /usr/local/sbin/dnssec-signzone -p -o example.net. -e +86400 -g  -N unixtime zone.db K*.private"
+2008-06-12 18:10:58.081: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-06-12 18:10:58.081: debug: 	Signing completed after 1s.
+2008-06-12 18:10:58.081: notice: ""example.net." in view "intern"": reload triggered
+2008-06-12 18:10:58.093: debug: 
+2008-06-12 18:10:58.093: notice: end of run: 0 errors occured
+2008-06-12 18:13:29.511: notice: running as ../../dnssec-signer -V intern -f -r -v -v
+2008-06-12 18:13:29.512: debug: parsing zone "example.net." in dir "intern/example.net."
+2008-06-12 18:13:29.512: debug: 	Check RFC5011 status
+2008-06-12 18:13:29.512: debug: 		->ksk5011status returns 0
+2008-06-12 18:13:29.512: debug: 	Check ksk status
+2008-06-12 18:13:29.512: debug: 	Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17728142 sec)
+2008-06-12 18:13:29.512: debug: 		->waiting for pre-publish key
+2008-06-12 18:13:29.512: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h29m2s: ZSK rollover deferred: waiting for pre-publish key
+2008-06-12 18:13:29.512: debug: 	Re-signing necessary: Option -f
+2008-06-12 18:13:29.512: notice: "example.net.": re-signing triggered: Option -f
+2008-06-12 18:13:29.512: debug: 	Writing key file "intern/example.net./dnskey.db"
+2008-06-12 18:13:29.513: debug: 	Signing zone "example.net."
+2008-06-12 18:13:29.513: debug: 	  Run cmd "cd intern/example.net.; /usr/local/sbin/dnssec-signzone -p -o example.net. -e +86400 -g  -N unixtime zone.db K*.private"
+2008-06-12 18:13:29.612: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-06-12 18:13:29.612: debug: 	Signing completed after 0s.
+2008-06-12 18:13:29.612: notice: ""example.net." in view "intern"": reload triggered
+2008-06-12 18:13:29.612: debug: 	Reload zone "example.net." in view "intern"
+2008-06-12 18:13:29.612: debug: 	  Run cmd "/usr/local/sbin/rndc reload example.net. IN intern"
+2008-06-12 18:13:29.623: debug: 
+2008-06-12 18:13:29.623: notice: end of run: 0 errors occured
+2008-06-12 18:13:38.707: notice: running as ../../dnssec-signer -V intern -f -r -v
+2008-06-12 18:13:38.708: debug: parsing zone "example.net." in dir "intern/example.net."
+2008-06-12 18:13:38.709: debug: 	Check RFC5011 status
+2008-06-12 18:13:38.709: debug: 		->ksk5011status returns 0
+2008-06-12 18:13:38.709: debug: 	Check ksk status
+2008-06-12 18:13:38.709: debug: 	Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17728151 sec)
+2008-06-12 18:13:38.709: debug: 		->waiting for pre-publish key
+2008-06-12 18:13:38.709: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h29m11s: ZSK rollover deferred: waiting for pre-publish key
+2008-06-12 18:13:38.709: debug: 	Re-signing necessary: Option -f
+2008-06-12 18:13:38.709: notice: "example.net.": re-signing triggered: Option -f
+2008-06-12 18:13:38.709: debug: 	Writing key file "intern/example.net./dnskey.db"
+2008-06-12 18:13:38.710: debug: 	Signing zone "example.net."
+2008-06-12 18:13:38.710: debug: 	  Run cmd "cd intern/example.net.; /usr/local/sbin/dnssec-signzone -p -o example.net. -e +86400 -g  -N unixtime zone.db K*.private"
+2008-06-12 18:13:39.163: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-06-12 18:13:39.163: debug: 	Signing completed after 1s.
+2008-06-12 18:13:39.163: notice: ""example.net." in view "intern"": reload triggered
+2008-06-12 18:13:39.163: debug: 	Reload zone "example.net." in view "intern"
+2008-06-12 18:13:39.163: debug: 	  Run cmd "/usr/local/sbin/rndc reload example.net. IN intern"
+2008-06-12 18:13:39.174: debug: 
+2008-06-12 18:13:39.174: notice: end of run: 0 errors occured
+2008-06-12 18:13:43.163: notice: running as ../../dnssec-signer -V intern -f -r -v -v
+2008-06-12 18:13:43.164: debug: parsing zone "example.net." in dir "intern/example.net."
+2008-06-12 18:13:43.164: debug: 	Check RFC5011 status
+2008-06-12 18:13:43.164: debug: 		->ksk5011status returns 0
+2008-06-12 18:13:43.164: debug: 	Check ksk status
+2008-06-12 18:13:43.164: debug: 	Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17728156 sec)
+2008-06-12 18:13:43.164: debug: 		->waiting for pre-publish key
+2008-06-12 18:13:43.164: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h29m16s: ZSK rollover deferred: waiting for pre-publish key
+2008-06-12 18:13:43.164: debug: 	Re-signing necessary: Option -f
+2008-06-12 18:13:43.164: notice: "example.net.": re-signing triggered: Option -f
+2008-06-12 18:13:43.164: debug: 	Writing key file "intern/example.net./dnskey.db"
+2008-06-12 18:13:43.164: debug: 	Signing zone "example.net."
+2008-06-12 18:13:43.164: debug: 	  Run cmd "cd intern/example.net.; /usr/local/sbin/dnssec-signzone -p -o example.net. -e +86400 -g  -N unixtime zone.db K*.private"
+2008-06-12 18:13:43.262: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
+2008-06-12 18:13:43.262: debug: 	Signing completed after 0s.
+2008-06-12 18:13:43.262: notice: ""example.net." in view "intern"": reload triggered
+2008-06-12 18:13:43.262: debug: 	Reload zone "example.net." in view "intern"
+2008-06-12 18:13:43.262: debug: 	  Run cmd "/usr/local/sbin/rndc reload example.net. IN intern"
+2008-06-12 18:13:43.273: debug: 
+2008-06-12 18:13:43.273: notice: end of run: 0 errors occured
diff --git a/contrib/zkt/examples/views/named.conf b/contrib/zkt/examples/views/named.conf
new file mode 100644
index 0000000..1ec3d13
--- /dev/null
+++ b/contrib/zkt/examples/views/named.conf
@@ -0,0 +1,97 @@
+/*****************************************************************
+**
+**      #(@)    named.conf	(c) 6. May 2004 (hoz)
+*****************************************************************/
+
+/*****************************************************************
+**      logging options
+*****************************************************************/
+logging {
+        channel "named-log" {
+                file "named.log";
+                print-time yes;
+                print-category yes;
+                print-severity yes;
+                severity info;
+        };
+        category "dnssec" { "named-log"; };
+        category "edns-disabled" { "named-log"; };
+        category "default" { "named-log"; };
+};
+
+/*****************************************************************
+**      name server options
+*****************************************************************/
+options {
+	directory ".";
+
+	pid-file "named.pid"; 
+	listen-on-v6 port 1053 { any; };
+	listen-on port 1053 { any; };
+
+	empty-zones-enable no;
+
+	port 1053;
+	query-source address * port 1053;
+	query-source-v6 address * port 1053;
+	transfer-source * port 53;
+	transfer-source-v6 * port 53;
+	use-alt-transfer-source no;
+	notify-source * port 53;
+	notify-source-v6 * port 53;
+
+	recursion yes;
+	dnssec-enable yes;
+	dnssec-validation yes;		/* required by BIND 9.4.0 */
+	dnssec-accept-expired false;	/* added since BIND 9.5.0 */
+	edns-udp-size 1460;		/* (M4) */
+	max-udp-size 1460;		/* (M5) */
+
+	# allow-query { localhost; };	/* default in 9.4.0 */
+	# allow-query-cache { localhost; };	/* default in 9.4.0 */
+
+	dnssec-must-be-secure "." no;
+
+	querylog yes;
+
+	stats-server 127.0.0.1 port 8881;	/* added since BIND 9.5.0 */
+};
+
+/*****************************************************************
+**      view intern
+*****************************************************************/
+view "intern" {
+	match-clients { 127.0.0.1; ::1; };
+	recursion yes;
+	zone "." in {
+		type hint;
+		file "root.hint";
+	};
+
+	zone "0.0.127.in-addr.arpa" in {
+		type master;
+		file "127.0.0.zone";
+	};
+
+	zone "example.net" in {
+		type master;
+		file "intern/example.net./zone.db.signed";
+	};
+};
+
+/*****************************************************************
+**      view extern
+*****************************************************************/
+view "extern" {
+	match-clients { any; };
+	recursion no;
+	zone "." in {
+		type hint;
+		file "root.hint";
+	};
+
+	zone "example.net" in {
+		type master;
+		file "extern/example.net./zone.db.signed";
+	};
+};
diff --git a/contrib/zkt/examples/views/named.log b/contrib/zkt/examples/views/named.log
new file mode 100644
index 0000000..15d5f7b
--- /dev/null
+++ b/contrib/zkt/examples/views/named.log
@@ -0,0 +1,17 @@
+20-Nov-2007 17:12:58.092 general: critical: couldn't open pid file '/var/run/named.pid': Permission denied
+20-Nov-2007 17:12:58.092 general: critical: exiting (due to early fatal error)
+20-Nov-2007 17:20:24.941 general: critical: couldn't open pid file '/var/run/named.pid': Permission denied
+20-Nov-2007 17:20:24.941 general: critical: exiting (due to early fatal error)
+20-Nov-2007 17:28:22.686 general: critical: couldn't open pid file '/var/run/named.pid': Permission denied
+20-Nov-2007 17:28:22.686 general: critical: exiting (due to early fatal error)
+20-Nov-2007 17:40:12.389 general: error: zone 0.0.127.in-addr.arpa/IN/intern: loading from master file 127.0.0.zone failed: file not found
+20-Nov-2007 17:40:12.391 general: info: zone example.net/IN/intern: loaded serial 1195574789 (signed)
+20-Nov-2007 17:40:12.393 general: info: zone example.net/IN/extern: loaded serial 1195561217 (signed)
+20-Nov-2007 17:40:12.393 general: notice: running
+20-Nov-2007 17:40:12.393 notify: info: zone example.net/IN/intern: sending notifies (serial 1195574789)
+20-Nov-2007 17:40:12.394 notify: info: zone example.net/IN/extern: sending notifies (serial 1195561217)
+20-Nov-2007 19:07:04.016 general: info: shutting down
+20-Nov-2007 19:07:04.017 network: info: no longer listening on ::#1053
+20-Nov-2007 19:07:04.017 network: info: no longer listening on 127.0.0.1#1053
+20-Nov-2007 19:07:04.017 network: info: no longer listening on 145.253.100.51#1053
+20-Nov-2007 19:07:04.020 general: notice: exiting
diff --git a/contrib/zkt/examples/views/root.hint b/contrib/zkt/examples/views/root.hint
new file mode 100644
index 0000000..2b5c167
--- /dev/null
+++ b/contrib/zkt/examples/views/root.hint
@@ -0,0 +1,45 @@
+; <<>> DiG 9.5.0a6 <<>> ns . @a.root-servers.net
+;; global options:  printcmd
+;; Got answer:
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33355
+;; flags: qr aa rd; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 13
+;; WARNING: recursion requested but not available
+
+;; QUESTION SECTION:
+;.				IN	NS
+
+;; ANSWER SECTION:
+.			518400	IN	NS	H.ROOT-SERVERS.NET.
+.			518400	IN	NS	I.ROOT-SERVERS.NET.
+.			518400	IN	NS	J.ROOT-SERVERS.NET.
+.			518400	IN	NS	K.ROOT-SERVERS.NET.
+.			518400	IN	NS	L.ROOT-SERVERS.NET.
+.			518400	IN	NS	M.ROOT-SERVERS.NET.
+.			518400	IN	NS	A.ROOT-SERVERS.NET.
+.			518400	IN	NS	B.ROOT-SERVERS.NET.
+.			518400	IN	NS	C.ROOT-SERVERS.NET.
+.			518400	IN	NS	D.ROOT-SERVERS.NET.
+.			518400	IN	NS	E.ROOT-SERVERS.NET.
+.			518400	IN	NS	F.ROOT-SERVERS.NET.
+.			518400	IN	NS	G.ROOT-SERVERS.NET.
+
+;; ADDITIONAL SECTION:
+A.ROOT-SERVERS.NET.	3600000	IN	A	198.41.0.4
+B.ROOT-SERVERS.NET.	3600000	IN	A	192.228.79.201
+C.ROOT-SERVERS.NET.	3600000	IN	A	192.33.4.12
+D.ROOT-SERVERS.NET.	3600000	IN	A	128.8.10.90
+E.ROOT-SERVERS.NET.	3600000	IN	A	192.203.230.10
+F.ROOT-SERVERS.NET.	3600000	IN	A	192.5.5.241
+G.ROOT-SERVERS.NET.	3600000	IN	A	192.112.36.4
+H.ROOT-SERVERS.NET.	3600000	IN	A	128.63.2.53
+I.ROOT-SERVERS.NET.	3600000	IN	A	192.36.148.17
+J.ROOT-SERVERS.NET.	3600000	IN	A	192.58.128.30
+K.ROOT-SERVERS.NET.	3600000	IN	A	193.0.14.129
+L.ROOT-SERVERS.NET.	3600000	IN	A	199.7.83.42
+M.ROOT-SERVERS.NET.	3600000	IN	A	202.12.27.33
+
+;; Query time: 114 msec
+;; SERVER: 198.41.0.4#53(198.41.0.4)
+;; WHEN: Mon Nov  5 07:28:00 2007
+;; MSG SIZE  rcvd: 436
+
diff --git a/contrib/zkt/examples/views/viewtest.sh b/contrib/zkt/examples/views/viewtest.sh
new file mode 100755
index 0000000..f0a1754
--- /dev/null
+++ b/contrib/zkt/examples/views/viewtest.sh
@@ -0,0 +1,20 @@
+
+
+ZKT_CONFFILE=dnssec.conf
+export ZKT_CONFFILE
+
+if true
+then
+	echo "All internal keys:"
+	./dnssec-zkt-intern
+	echo
+
+	echo "All external keys:"
+	./dnssec-zkt-extern
+	echo
+fi
+
+echo "Sign both views"
+./dnssec-signer-intern -v -v -f -r
+echo
+./dnssec-signer-extern -v -v
diff --git a/contrib/zkt/examples/zone.db b/contrib/zkt/examples/zone.db
new file mode 100644
index 0000000..9864cb1
--- /dev/null
+++ b/contrib/zkt/examples/zone.db
@@ -0,0 +1,45 @@
+;-----------------------------------------------------------------
+;
+;       @(#)    example.net/zone.db
+;
+;-----------------------------------------------------------------
+
+$TTL	7200
+
+;	Be sure that the serial number below is left
+;	justified in a field of at least 10 chars!!
+;				0123456789;
+;	It's also possible to use the date form e.g. 2005040101
+@	IN SOA	ns1.example.net. hostmaster.example.net.  (
+				263       ; Serial	
+				43200	; Refresh
+				1800	; Retry
+				2W	; Expire
+				7200 )	; Minimum
+
+		IN  NS		ns1.example.net.
+		IN  NS		ns2.example.net.
+
+ns1		IN  A		1.0.0.5
+		IN  AAAA	2001:db8::53
+ns2		IN  A		1.2.0.6
+
+localhost	IN  A		127.0.0.1
+
+a		IN  A		1.2.3.1
+b		IN  MX		10 a
+;c		IN  A		1.2.3.2
+d		IN  A		1.2.3.3
+		IN  AAAA	2001:0db8::3
+
+; Delegation to secure zone; The DS resource record will
+; be added by dnssec-signzone automatically if the
+; keyset-sub.example.net file is present (run dnssec-signzone
+; with option -g or use the dnssec-signer tool) ;-)
+sub		IN NS      ns1.example.net.
+sub		IN DS 54876 5 1 CAB6127E303A8A8D7D5A29AE05DB60F4C5060B10
+sub		IN DS 54876 5 2 7C8CAF1844479F3600213173BB5D1E2A44143D63B6E0B3E10D8C5310 ADF84D30
+
+; this file will have all the zone keys
+$INCLUDE dnskey.db
+
diff --git a/contrib/zkt/examples/zone.db.signed b/contrib/zkt/examples/zone.db.signed
new file mode 100644
index 0000000..1e389ea
--- /dev/null
+++ b/contrib/zkt/examples/zone.db.signed
@@ -0,0 +1,146 @@
+; File written on Tue Jun 24 10:00:31 2008
+; dnssec_signzone version 9.5.0
+example.net.		7200	IN SOA	ns1.example.net. hostmaster.example.net. (
+					263        ; serial
+					43200      ; refresh (12 hours)
+					1800       ; retry (30 minutes)
+					1209600    ; expire (2 weeks)
+					7200       ; minimum (2 hours)
+					)
+			7200	RRSIG	SOA 5 2 7200 20080724070030 (
+					20080624070030 33755 example.net.
+					FFUGR4+nzjZbpDT/RAncV7dNvBy1xil4MO17
+					DU+gotHHV1Yq+4RRqEnRhOSWydDC9ENAjH7W
+					lmzr+igFHp8qiw== )
+			7200	NS	ns1.example.net.
+			7200	NS	ns2.example.net.
+			7200	RRSIG	NS 5 2 7200 20080724070030 (
+					20080624070030 33755 example.net.
+					mpT5zY57UtLMdl6iKVtvr78vINyaA3NkZ0af
+					E/TtUUBJeIEjLauzxA5jJBGqLWAiLj8HKWhS
+					dq1VfORhRh/Xng== )
+			7200	NSEC	a.example.net. NS SOA RRSIG NSEC DNSKEY
+			7200	RRSIG	NSEC 5 2 7200 20080724070030 (
+					20080624070030 33755 example.net.
+					Q5yxSoL+Df3UbGe1RSFFj01SoBGLgjXvgLd5
+					wKota7wnjO8CxidmrN+qcKQHjF+R+mH8GeQ7
+					xL1qZxKLQqxmwA== )
+			14400	DNSKEY	256 3 5 (
+					BQEAAAABzN8pvZb5GSy8AozXt4L8HK/x59TQ
+					jh9IaZS+mIyyuHDX2iaFUigOqHixIJtDLD1r
+					/MfelgJ/Mh6+vCu+XmMQuw==
+					) ; key id = 33755
+			14400	DNSKEY	257 3 5 (
+					BQEAAAABC23icFZAD3DFBLoEw7DWKl8Hig7a
+					zmEbpXHYyAV98l+QQaTAb98Ob3YbrVJ9IU8E
+					0KBFb5iYpHobxowPsI8FjUH2oL/7PfhtN1E3
+					NlL6Uhbo8Umf6H0UULEsUTlTT8dnX+ikjAr8
+					bN71YJP7BXlszezsFHuMEspNdOPyMr93230+
+					R2KTEzC2H4CQzSRIr5xXSIq8kkrJ3miGjTyj
+					5awvXfJ+eQ==
+					) ; key id = 31674
+			14400	RRSIG	DNSKEY 5 2 14400 20080724070030 (
+					20080624070030 31674 example.net.
+					BGed6Vivkmx/SM7HuXMy9ex+p0fDWcXW6uTH
+					SZLs9oAZMSkm8Xh2RNNI1sgZefGpsOc7AZJE
+					JuIWttqKm5VL57qpEKeTxZ9oE6Vpk4ko5lMo
+					yTJUoih7lTXo7a1OsNHMFZadE7Fu4Q8pjGUZ
+					ZJI4zBrT7JmgyPNCkgn1JdC2qJlc6ClHEb4E
+					6pQyH3BnSOFudZDz8MdVQnqdxpShGwucnf2i
+					oA== )
+			14400	RRSIG	DNSKEY 5 2 14400 20080724070030 (
+					20080624070030 33755 example.net.
+					f03G7Cq3CwWz7Lbe7cl61ciSsdEYv4heYnR3
+					binJ3xWO7jSiRAvUAfkIYDspdlF/PCOnv8sr
+					id8TL8q/qQ0MCg== )
+a.example.net.		7200	IN A	1.2.3.1
+			7200	RRSIG	A 5 3 7200 20080724070030 (
+					20080624070030 33755 example.net.
+					VuIrcft9jvWKORJy2SQ4UgWwRnUL4gIiaVpy
+					3i5hfjM6X38FHsy0SvGrjxQqiurwZZS4NxXG
+					ljUerawxMdHWWw== )
+			7200	NSEC	b.example.net. A RRSIG NSEC
+			7200	RRSIG	NSEC 5 3 7200 20080724070030 (
+					20080624070030 33755 example.net.
+					yc/tsRYQRaYsPp+5jPUj2NR0R3zHKvXBQ/RO
+					14b/eKL9i4NnuzS50qFZwzpcOBOJd6XITO4p
+					yJNZQKtryRJuSg== )
+b.example.net.		7200	IN MX	10 a.example.net.
+			7200	RRSIG	MX 5 3 7200 20080724070030 (
+					20080624070030 33755 example.net.
+					xVjOhCO2zJVp1SsoMdM6ePCZUkittsqEP7rI
+					7j8r2S1j4oiIdXaxCBBVwddhS/x1eziI/a2S
+					/HwVRJThIYIKnQ== )
+			7200	NSEC	d.example.net. MX RRSIG NSEC
+			7200	RRSIG	NSEC 5 3 7200 20080724070030 (
+					20080624070030 33755 example.net.
+					jC171VBU0dqcI1NnMUUqrUIjq09sVHnFo9CH
+					0jKNwxkj+K1Zkr7CBm6htH+EkKKhqKFW8kz7
+					b2r05FL1xakcnQ== )
+d.example.net.		7200	IN A	1.2.3.3
+			7200	RRSIG	A 5 3 7200 20080724070030 (
+					20080624070030 33755 example.net.
+					Q4C7HCpDR6fxIczzqGDnkpXUL5oxdPDYWF2H
+					vmAalL++9A5hVGz8S5IfX87dZAg71c1j8ZAe
+					5oS0pvLQnweoIw== )
+			7200	AAAA	2001:db8::3
+			7200	RRSIG	AAAA 5 3 7200 20080724070030 (
+					20080624070030 33755 example.net.
+					ECjxqQpJCbL6A9iBk/bImgzDNevUXFjq8n2L
+					14ewG5zQSz/0l0NqcHKtCiruBjHd+DEXjTEI
+					Qo8RvMm7Rn8OsA== )
+			7200	NSEC	localhost.example.net. A AAAA RRSIG NSEC
+			7200	RRSIG	NSEC 5 3 7200 20080724070030 (
+					20080624070030 33755 example.net.
+					k+AhslVfBZgXkTaWjDVB+3nLm2ye8UOGMNhY
+					QcKxJZaVYKnUZfyX1sJONN4UdFjmnkdNcRVC
+					6ouWrLbIwslqIQ== )
+localhost.example.net.	7200	IN A	127.0.0.1
+			7200	RRSIG	A 5 3 7200 20080724070030 (
+					20080624070030 33755 example.net.
+					wZjK9o3CElHLPSzynvzft/nQAEeBpNOj22vq
+					3TWa9HWQ0RqL55NRmzxuDtyMtPOFQpniVxgV
+					jizb8X3SPJ5V1g== )
+			7200	NSEC	ns1.example.net. A RRSIG NSEC
+			7200	RRSIG	NSEC 5 3 7200 20080724070030 (
+					20080624070030 33755 example.net.
+					e4nOW7PuqCQBYgSCBQH06V2XB7SF85jmfFIc
+					dSMbsLRK+1tN/Y2+85WKVSQrXZzWRHgjQ+Hw
+					iL/FWK5Zfq7ixg== )
+ns1.example.net.	7200	IN A	1.0.0.5
+			7200	RRSIG	A 5 3 7200 20080724070030 (
+					20080624070030 33755 example.net.
+					tTfMDk2ww2uWutlhjRMDPGo9ZPugjJqSbdyP
+					6cJcCDJUBce0UZFxjvDBZhfG7O2XUscooUjp
+					JpXsJ54ksPugXA== )
+			7200	AAAA	2001:db8::53
+			7200	RRSIG	AAAA 5 3 7200 20080724070030 (
+					20080624070030 33755 example.net.
+					x8iMgcICSOxgx4biLForfZxgMbMVpzwMQR6n
+					naFVK79GOwFFT8krAfo6K6Rg7Fyu0jSE/59H
+					3Y15F0ju6YvbAg== )
+			7200	NSEC	ns2.example.net. A AAAA RRSIG NSEC
+			7200	RRSIG	NSEC 5 3 7200 20080724070030 (
+					20080624070030 33755 example.net.
+					EYof9XuXHXuWgRF0MzgO/Z8FGYJEfLlJKWCV
+					IWh+b8XJejLO1Tt0vlJZl0orrs6yam/B8CWb
+					dgq8ktbqpNHmvg== )
+ns2.example.net.	7200	IN A	1.2.0.6
+			7200	RRSIG	A 5 3 7200 20080724070030 (
+					20080624070030 33755 example.net.
+					Uh93B1J7mOqBcW8sXWHA6vmeGszGJGE/BtFV
+					cdO4tBNoIDbIdkzBUJZphc6HfK7/gu7WFhAo
+					5v6cZr4bRDOf6A== )
+			7200	NSEC	sub.example.net. A RRSIG NSEC
+			7200	RRSIG	NSEC 5 3 7200 20080724070030 (
+					20080624070030 33755 example.net.
+					xOkV3aTsgrP7ZyaHfKhLmjJfhboQJpDYFdqV
+					y0zzZuGQr7Yr4PxWED5WJhm4fFf48agNWBmm
+					rk1OaFadv6m2uw== )
+sub.example.net.	7200	IN NS	ns1.example.net.
+			7200	NSEC	example.net. NS RRSIG NSEC
+			7200	RRSIG	NSEC 5 3 7200 20080724070030 (
+					20080624070030 33755 example.net.
+					Pr8KFvU/Fr2lp9W6Wqqq47VKrnh3tL90S8Eu
+					KIPsfmBE00g7eGPVswJUWShXMBZFLtfqI8z/
+					UBM6VzROSTtryA== )
diff --git a/contrib/zkt/log.c b/contrib/zkt/log.c
new file mode 100644
index 0000000..021be98
--- /dev/null
+++ b/contrib/zkt/log.c
@@ -0,0 +1,443 @@
+/*****************************************************************
+**
+**	@(#) log.c -- The ZKT error logging module
+**
+**	Copyright (c) June 2008, Holger Zuleger HZnet. All rights reserved.
+**
+**	This software is open source.
+**
+**	Redistribution and use in source and binary forms, with or without
+**	modification, are permitted provided that the following conditions
+**	are met:
+**
+**	Redistributions of source code must retain the above copyright notice,
+**	this list of conditions and the following disclaimer.
+**
+**	Redistributions in binary form must reproduce the above copyright notice,
+**	this list of conditions and the following disclaimer in the documentation
+**	and/or other materials provided with the distribution.
+**
+**	Neither the name of Holger Zuleger HZnet nor the names of its contributors may
+**	be used to endorse or promote products derived from this software without
+**	specific prior written permission.
+**
+**	THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+**	"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+**	TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+**	PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
+**	LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+**	CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+**	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+**	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+**	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+**	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+**	POSSIBILITY OF SUCH DAMAGE.
+**
+**
+*****************************************************************/
+# include <stdio.h>
+# include <string.h>
+# include <stdlib.h>
+# include <ctype.h>
+# include <sys/types.h>
+# include <sys/stat.h>
+# include <sys/time.h>
+# include <time.h>
+# include <assert.h>
+# include <errno.h>
+# include <syslog.h>
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+# include "config_zkt.h"
+# include "misc.h"
+# include "debug.h"
+#define extern
+# include "log.h"
+#undef extern
+
+/*****************************************************************
+**	module internal vars & declarations
+*****************************************************************/
+static	FILE	*lg_fp;
+static	int	lg_minfilelevel;
+static	int	lg_syslogging;
+static	int	lg_minsyslevel;
+static	long	lg_errcnt;
+static	const char	*lg_progname;
+
+typedef	struct {
+	lg_lvl_t	level;
+	const	char	*str;
+	int		syslog_level;
+} lg_symtbl_t;
+
+static	lg_symtbl_t	symtbl[] = {
+	{ LG_NONE,	"none",		-1 },
+	{ LG_DEBUG,	"debug",	LOG_DEBUG },
+	{ LG_INFO,	"info",		LOG_INFO },
+	{ LG_NOTICE,	"notice",	LOG_NOTICE },
+	{ LG_WARNING,	"warning",	LOG_WARNING },
+	{ LG_ERROR,	"error",	LOG_ERR },
+	{ LG_FATAL,	"fatal",	LOG_CRIT },
+
+	{ LG_NONE,	"user",		LOG_USER },
+	{ LG_NONE,	"daemon",	LOG_DAEMON },
+	{ LG_NONE,	"local0",	LOG_LOCAL0 },
+	{ LG_NONE,	"local1",	LOG_LOCAL1 },
+	{ LG_NONE,	"local2",	LOG_LOCAL2 },
+	{ LG_NONE,	"local3",	LOG_LOCAL3 },
+	{ LG_NONE,	"local4",	LOG_LOCAL4 },
+	{ LG_NONE,	"local5",	LOG_LOCAL5 },
+	{ LG_NONE,	"local6",	LOG_LOCAL6 },
+	{ LG_NONE,	"local7",	LOG_LOCAL7 },
+	{ LG_NONE,	NULL,		-1 }
+};
+
+# define	MAXFNAME	(1023)
+/*****************************************************************
+**	function definitions (for function declarations see log.h)
+*****************************************************************/
+
+/*****************************************************************
+**	lg_fileopen (path, name) -- open the log file
+**	Name is a (absolute or relative) file or directory name.
+**	If path is given and name is a relative path name then path
+**	is prepended to name.
+**	returns the open file pointer or NULL on error
+*****************************************************************/
+static	FILE	*lg_fileopen (const char *path, const char *name)
+{
+	int	len;
+	FILE	*fp;
+	struct	tm	*t;
+	time_t	sec;
+	char	fname[MAXFNAME+1];
+
+	if ( name == NULL || *name == '\0' )
+		return NULL;
+	else if ( *name == '/' || path == NULL )
+		snprintf (fname, MAXFNAME, "%s", name);
+	else
+		snprintf (fname, MAXFNAME, "%s/%s", path, name);
+
+# ifdef LOG_TEST
+	fprintf (stderr, "\t ==> \"%s\"", fname);
+# endif
+	if ( is_directory (fname) )
+	{
+		len = strlen (fname);
+
+		time (&sec);
+		t = gmtime (&sec);
+		snprintf (fname+len, MAXFNAME-len, LOG_FNAMETMPL,
+			t->tm_year + 1900, t->tm_mon+1, t->tm_mday,
+			t->tm_hour, t->tm_min, t->tm_sec);
+# ifdef LOG_TEST
+	fprintf (stderr, " isdir \"%s\"", fname);
+# endif
+	}
+
+# ifdef LOG_TEST
+	fprintf (stderr, "\n");
+# endif
+
+	if ( (fp = fopen (fname, "a")) == NULL )
+		return NULL;
+
+	return fp;
+}
+
+/*****************************************************************
+**	lg_str2lvl (level_name)
+*****************************************************************/
+lg_lvl_t	lg_str2lvl (const char *name)
+{
+	lg_symtbl_t	*p;
+
+	if ( !name )
+		return LG_NONE;
+
+	for ( p = symtbl; p->str; p++ )
+		if ( strcasecmp (name, p->str) == 0 )
+			return p->level;
+
+	return LG_NONE;
+}
+
+/*****************************************************************
+**	lg_lvl2syslog (level)
+*****************************************************************/
+lg_lvl_t	lg_lvl2syslog (lg_lvl_t level)
+{
+	lg_symtbl_t	*p;
+
+	for ( p = symtbl; p->str; p++ )
+		if ( level == p->level )
+			return p->syslog_level;
+
+	assert ( p->str != NULL );	/* we assume not to reach this! */
+
+	return LOG_DEBUG;	/* if not found, return DEBUG as default */
+}
+
+/*****************************************************************
+**	lg_str2syslog (facility_name)
+*****************************************************************/
+int	lg_str2syslog (const char *facility)
+{
+	lg_symtbl_t	*p;
+
+	dbg_val1 ("lg_str2syslog (%s)\n", facility);
+	if ( !facility )
+		return LG_NONE;
+
+	for ( p = symtbl; p->str; p++ )
+		if ( strcasecmp (facility, p->str) == 0 )
+			return p->syslog_level;
+
+	return LG_NONE;
+}
+
+/*****************************************************************
+**	lg_lvl2str (level)
+*****************************************************************/
+const	char	*lg_lvl2str (lg_lvl_t level)
+{
+	lg_symtbl_t	*p;
+
+	if ( level < LG_DEBUG )
+		return "none";
+
+	for ( p = symtbl; p->str; p++ )
+		if ( level == p->level )
+			return p->str;
+	return "fatal";
+}
+
+/*****************************************************************
+**	lg_geterrcnt () -- returns the current value of the internal
+**	error counter
+*****************************************************************/
+long	lg_geterrcnt ()
+{
+	return lg_errcnt;
+}
+
+/*****************************************************************
+**	lg_seterrcnt () -- sets the internal error counter
+**	returns the current value 
+*****************************************************************/
+long	lg_seterrcnt (long value)
+{
+	return lg_errcnt = value;
+}
+
+/*****************************************************************
+**	lg_reseterrcnt () -- resets the internal error counter to 0
+**	returns the current value 
+*****************************************************************/
+long	lg_reseterrcnt ()
+{
+	return lg_seterrcnt (0L);
+}
+
+
+/*****************************************************************
+**	lg_open (prog, facility, syslevel, path, file, filelevel)
+**		-- open the log channel
+**	return values:
+**		 0 on success
+**		 -1 on file open error
+*****************************************************************/
+int	lg_open (const char *progname, const char *facility, const char *syslevel, const char *path, const char *file, const char *filelevel)
+{
+	int	sysfacility;
+
+	dbg_val6 ("lg_open (%s, %s, %s, %s, %s, %s)\n", progname, facility, syslevel, path, file, filelevel);
+
+	lg_minsyslevel = lg_str2lvl (syslevel);
+	lg_minfilelevel = lg_str2lvl (filelevel);
+
+	sysfacility = lg_str2syslog (facility);
+	if ( sysfacility >= 0 )
+	{
+		lg_syslogging = 1;
+		dbg_val2 ("lg_open: openlog (%s, LOG_NDELAY, %d)\n", progname, lg_str2syslog (facility));
+		openlog (progname, LOG_NDELAY, lg_str2syslog (facility));
+	}
+	if ( file && * file )
+	{
+		if ( (lg_fp = lg_fileopen (path, file)) == NULL )
+			return -1;
+		lg_progname = progname;
+	}
+	
+	return 0;
+}
+
+/*****************************************************************
+**	lg_close () -- close the open filepointer for error logging
+**	return 0 if no error log file is currently open,
+**	otherwise the return code of fclose is returned.
+*****************************************************************/
+int	lg_close ()
+{
+	int	ret = 0;
+
+	if ( lg_syslogging )
+	{
+		closelog ();
+		lg_syslogging = 0;
+	}
+	if ( lg_fp )
+	{
+		ret = fclose (lg_fp);
+		lg_fp = NULL;
+	}
+
+	return ret;
+}
+
+/*****************************************************************
+**
+**	lg_args (level, argc, argv[])
+**	log all command line arguments (up to a length of 511 chars)
+**	with priority level 
+**
+*****************************************************************/
+void	lg_args (lg_lvl_t level, int argc, char * const argv[])
+{
+	char	cmdline[511+1];
+	int	len;
+	int	i;
+
+	len = 0;
+	for ( i = 0; i < argc && len < sizeof (cmdline); i++ )
+		len += snprintf (cmdline+len, sizeof (cmdline) - len, " %s", argv[i]);
+
+#if 1
+	lg_mesg (level, "------------------------------------------------------------");
+#else
+	lg_mesg (level, "");
+#endif
+	lg_mesg (level, "running%s ", cmdline);
+}
+
+/*****************************************************************
+**
+**	lg_mesg (level, fmt, ...)
+**
+**	Write a given message to the error log file and counts
+**	all messages written with an level greater than LOG_ERR.
+**
+**	All messages will be on one line in the logfile, so it's
+**	not necessary to add an '\n' to the message.
+**
+**	To call this function before an elog_open() is called is
+**	useless!
+**
+*****************************************************************/
+void	lg_mesg (int priority, char *fmt, ...)
+{
+	va_list ap;
+	struct	timeval	tv;
+	struct	tm	*t;
+	char	format[256];
+
+	assert (fmt != NULL);
+	assert (priority >= LG_DEBUG && priority <= LG_FATAL);
+
+	format[0] ='\0';
+
+	dbg_val3 ("syslog = %d prio = %d >= sysmin = %d\n", lg_syslogging, priority, lg_minsyslevel);
+	if ( lg_syslogging && priority >= lg_minsyslevel )
+	{
+#if defined (LOG_WITH_LEVEL) && LOG_WITH_LEVEL
+		snprintf (format, sizeof (format), "%s: %s", lg_lvl2str(priority), fmt);
+		fmt = format;
+#endif
+		va_start(ap, fmt);
+		vsyslog (lg_lvl2syslog (priority), fmt, ap);
+		va_end(ap);
+	}
+
+	dbg_val3 ("filelg = %d prio = %d >= filmin = %d\n", lg_fp!=NULL, priority, lg_minfilelevel);
+	if ( lg_fp && priority >= lg_minfilelevel )
+	{
+#if defined (LOG_WITH_TIMESTAMP) && LOG_WITH_TIMESTAMP
+		gettimeofday (&tv, NULL);
+		t = localtime ((time_t *) &tv.tv_sec);
+		fprintf (lg_fp, "%04d-%02d-%02d ",
+			t->tm_year+1900, t->tm_mon+1, t->tm_mday);
+		fprintf (lg_fp, "%02d:%02d:%02d.%03ld: ",
+			t->tm_hour, t->tm_min, t->tm_sec, tv.tv_usec / 1000);
+#endif
+#if defined (LOG_WITH_PROGNAME) && LOG_WITH_PROGNAME
+		if ( lg_progname )
+			fprintf (lg_fp, "%s: ", lg_progname);
+#endif
+#if defined (LOG_WITH_LEVEL) && LOG_WITH_LEVEL
+		if ( fmt != format )	/* level is not in fmt string */
+			fprintf (lg_fp, "%s: ", lg_lvl2str(priority));
+#endif
+		va_start(ap, fmt);
+		vfprintf (lg_fp, fmt, ap);
+		va_end(ap);
+		fprintf (lg_fp, "\n");
+	}
+
+	if ( priority >= LG_ERROR )
+		lg_errcnt++;
+}
+
+
+#ifdef LOG_TEST
+const char *progname;
+int	main (int argc, char *argv[])
+{
+	const	char	*levelstr;
+	const	char	*newlevelstr;
+	int	level;
+	int	err;
+
+	progname = *argv;
+
+	if ( --argc )
+		levelstr = *++argv;
+	else
+		levelstr = "fatal";
+
+	level = lg_str2lvl (levelstr);
+	newlevelstr = lg_lvl2str (level+1);
+	dbg_val4 ("base level = %s(%d) newlevel = %s(%d)\n", levelstr, level, newlevelstr, level+1);
+	if ( (err = lg_open (progname,
+#if 1
+				"user",
+#else
+				"none",
+#endif
+				levelstr, ".",
+#if 1
+				"test.log",
+#else
+				NULL,
+#endif
+				newlevelstr)) )
+		fprintf (stderr, "\topen error %d\n", err);
+	else
+	{
+		lg_mesg (LG_DEBUG, "debug message");
+		lg_mesg (LG_INFO, "INFO message");
+		lg_mesg (LG_NOTICE, "Notice message");
+		lg_mesg (LG_WARNING, "Warning message");
+		lg_mesg (LG_ERROR, "Error message");
+		lg_mesg (LG_FATAL, "Fatal message ");
+	}
+
+	if ( (err = lg_close ()) < 0 )
+		fprintf (stderr, "\tclose error %d\n", err);
+
+	return 0;
+}
+#endif
diff --git a/contrib/zkt/log.h b/contrib/zkt/log.h
new file mode 100644
index 0000000..9a5d3ab
--- /dev/null
+++ b/contrib/zkt/log.h
@@ -0,0 +1,66 @@
+/*****************************************************************
+**
+**	@(#) log.h  (c) June 2008  Holger Zuleger  hznet.de
+**
+**	Copyright (c) June 2008, Holger Zuleger HZnet. All rights reserved.
+**
+**	This software is open source.
+**
+**	Redistribution and use in source and binary forms, with or without
+**	modification, are permitted provided that the following conditions
+**	are met:
+**
+**	Redistributions of source code must retain the above copyright notice,
+**	this list of conditions and the following disclaimer.
+**
+**	Redistributions in binary form must reproduce the above copyright notice,
+**	this list of conditions and the following disclaimer in the documentation
+**	and/or other materials provided with the distribution.
+**
+**	Neither the name of Holger Zuleger HZnet nor the names of its contributors may
+**	be used to endorse or promote products derived from this software without
+**	specific prior written permission.
+**
+**	THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+**	"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+**	TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+**	PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
+**	LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+**	CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+**	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+**	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+**	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+**	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+**	POSSIBILITY OF SUCH DAMAGE.
+**
+*****************************************************************/
+#ifndef LOG_H
+# define LOG_H
+# include <sys/types.h>
+# include <stdarg.h>
+# include <stdio.h>
+# include <time.h>
+# include <syslog.h>
+
+typedef enum {
+	LG_NONE = 0,
+	LG_DEBUG,
+	LG_INFO,
+	LG_NOTICE,
+	LG_WARNING,
+	LG_ERROR,
+	LG_FATAL
+} lg_lvl_t;
+
+extern	lg_lvl_t	lg_str2lvl (const char *name);
+extern	int	lg_str2syslog (const char *facility);
+extern	const	char	*lg_lvl2str (lg_lvl_t level);
+extern	lg_lvl_t	lg_lvl2syslog (lg_lvl_t level);
+extern	long	lg_geterrcnt (void);
+extern	long	lg_seterrcnt (long value);
+extern	long	lg_reseterrcnt (void);
+extern	int	lg_open (const char *progname, const char *facility, const char *syslevel, const char *path, const char *file, const char *filelevel);
+extern	int	lg_close (void);
+extern	void	lg_args (lg_lvl_t level, int argc, char * const argv[]);
+extern	void	lg_mesg (int level, char *fmt, ...);
+#endif
diff --git a/contrib/zkt/misc.c b/contrib/zkt/misc.c
new file mode 100644
index 0000000..d2465c3
--- /dev/null
+++ b/contrib/zkt/misc.c
@@ -0,0 +1,1157 @@
+/*****************************************************************
+**
+**	@(#) misc.c -- helper functions for the dnssec zone key tools
+**
+**	Copyright (c) Jan 2005, Holger Zuleger HZnet. All rights reserved.
+**
+**	This software is open source.
+**
+**	Redistribution and use in source and binary forms, with or without
+**	modification, are permitted provided that the following conditions
+**	are met:
+**
+**	Redistributions of source code must retain the above copyright notice,
+**	this list of conditions and the following disclaimer.
+**
+**	Redistributions in binary form must reproduce the above copyright notice,
+**	this list of conditions and the following disclaimer in the documentation
+**	and/or other materials provided with the distribution.
+**
+**	Neither the name of Holger Zuleger HZnet nor the names of its contributors may
+**	be used to endorse or promote products derived from this software without
+**	specific prior written permission.
+**
+**	THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+**	"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+**	TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+**	PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
+**	LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+**	CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+**	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+**	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+**	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+**	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+**	POSSIBILITY OF SUCH DAMAGE.
+**
+*****************************************************************/
+# include <stdio.h>
+# include <string.h>
+# include <stdlib.h>
+# include <unistd.h>	/* for link(), unlink() */
+# include <ctype.h>
+# include <sys/types.h>
+# include <sys/stat.h>
+# include <time.h>
+# include <utime.h>
+# include <assert.h>
+# include <errno.h>
+# include <fcntl.h>
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+# include "config_zkt.h"
+# include "zconf.h"
+# include "log.h"
+# include "debug.h"
+#define extern
+# include "misc.h"
+#undef extern
+
+# define	TAINTEDCHARS	"`$@;&<>|"
+
+extern	const	char	*progname;
+
+static	int	inc_soa_serial (FILE *fp, int use_unixtime);
+
+/*****************************************************************
+**	getnameappendix (progname, basename)
+**	return a pointer to the substring in progname subsequent
+**	following basename "-".
+*****************************************************************/
+const	char	*getnameappendix (const char *progname, const char *basename)
+{
+	const	char	*p;
+	int	baselen;
+
+	assert (progname != NULL);
+	assert (basename != NULL);
+
+	if ( (p = strrchr (progname, '/')) != NULL )
+		p++;
+	else
+		p = progname;
+
+	baselen = strlen (basename);
+	if ( strncmp (p, basename, baselen-1) == 0 && *(p+baselen) == '-' )
+	{
+		p += baselen + 1;
+		if ( *p )
+			return p;
+	}
+
+	return NULL;
+}
+
+/*****************************************************************
+**	getdefconfname (view)
+**	returns the default configuration file name
+*****************************************************************/
+const	char	*getdefconfname (const char *view)
+{
+	char	*p;
+	char	*file;
+	char	*buf;
+	int	size;
+	
+	if ( (file = getenv ("ZKT_CONFFILE")) == NULL )
+		file = CONFIG_FILE;
+
+	if ( view == NULL || *view == '\0' || (p = strrchr (file, '.')) == NULL )
+		return strdup (file);
+
+	size = strlen (file) + strlen (view) + 1 + 1;
+	if ( (buf = malloc (size)) == NULL )
+		return file;
+
+	dbg_val1 ("0123456789o123456789o123456789\tsize=%d\n", size);
+	dbg_val4 ("%.*s-%s%s\n", p - file, file, view, p);
+
+	snprintf (buf, size, "%.*s-%s%s", p - file, file, view, p);
+	return buf;	
+}
+
+/*****************************************************************
+**	str_tolowerdup (s)
+*****************************************************************/
+char	*str_tolowerdup (const char *s)
+{
+	char	*new;
+	char	*p;
+
+	if ( s == NULL || (new = p = malloc (strlen (s) + 1)) == NULL )
+		return NULL;
+
+	while ( *s )
+		*p++ = tolower (*s++);
+	*p = '\0';
+
+	return new;
+}
+
+/*****************************************************************
+**	str_delspace (s)
+**	Remove in string 's' all white space char 
+*****************************************************************/
+char	*str_delspace (char *s)
+{
+	char	*start;
+	char	*p;
+
+	if ( !s )	/* is there a string ? */
+		return s;
+
+	start = s;
+	for ( p = s; *p; p++ )
+		if ( !isspace (*p) )
+			*s++ = *p;	/* copy each nonspace */
+
+	*s = '\0';	/* terminate string */
+
+	return start;
+}
+
+/*****************************************************************
+**	in_strarr (str, arr, cnt)
+**	check if string array 'arr' contains the string 'str'
+**	return 1 if true or 'arr' or 'str' is empty, otherwise 0
+*****************************************************************/
+int	in_strarr (const char *str, char *const arr[], int cnt)
+{
+	if ( arr == NULL || cnt <= 0 )
+		return 1;
+
+	if ( str == NULL || *str == '\0' )
+		return 0;
+
+	while ( --cnt >= 0 )
+		if ( strcmp (str, arr[cnt]) == 0 )
+			return 1;
+
+	return 0;
+}
+
+/*****************************************************************
+**	str_untaint (s)
+**	Remove in string 's' all TAINTED chars
+*****************************************************************/
+char	*str_untaint (char *str)
+{
+	char	*p;
+
+	assert (str != NULL);
+
+	for ( p = str; *p; p++ )
+		if ( strchr (TAINTEDCHARS, *p) )
+			*p = ' ';
+	return str;
+}
+
+/*****************************************************************
+**	str_chop (str, c)
+**	delete all occurrences of char 'c' at the end of string 's'
+*****************************************************************/
+char	*str_chop (char *str, char c)
+{
+	int	len;
+
+	assert (str != NULL);
+
+	len = strlen (str) - 1;
+	while ( len >= 0 && str[len] == c )
+		str[len--] = '\0';
+
+	return str;
+}
+
+/*****************************************************************
+**	parseurl (url, &proto, &host, &port, &para )
+**	parses the given url (e.g. "proto://host.with.domain:port/para")
+**	and set the pointer variables to the corresponding part of the string.
+*****************************************************************/
+void	parseurl (char *url, char **proto, char **host, char **port, char **para)
+{
+	char	*start;
+	char	*p;
+
+	assert ( url != NULL );
+
+	/* parse protocol */
+	if ( (p = strchr (url, ':')) == NULL )	/* no protocol string given ? */
+		p = url;
+	else					/* looks like a protocol string */
+		if ( p[1] == '/' && p[2] == '/' )	/* protocol string ? */
+		{
+			*p = '\0';
+			p += 3;
+			if ( proto )
+				*proto = url;
+		}
+		else				/* no protocol string found ! */
+			p = url;
+
+	/* parse host */
+	if ( *p == '[' )	/* ipv6 address as hostname ? */
+	{
+		for ( start = ++p; *p && *p != ']'; p++ )
+			;
+		if ( *p )
+			*p++ = '\0';
+	}
+	else
+		for ( start = p; *p && *p != ':' && *p != '/'; p++ )
+			;
+	if ( host )
+		*host = start;
+
+	/* parse port */
+	if ( *p == ':' )
+	{
+		*p++ = '\0';
+		for ( start = p; *p && isdigit (*p); p++ )
+			;
+		if ( *p )
+			*p++ = '\0';
+		if ( port )
+			*port = start;
+	}
+
+	if ( *p == '/' )
+		*p++ = '\0';
+
+	if ( *p && para )
+		*para = p;
+}
+
+/*****************************************************************
+**	splitpath (path, size, filename)
+*****************************************************************/
+const	char	*splitpath (char *path, size_t size, const char *filename)
+{
+	char 	*p;
+
+	if ( !path )
+		return filename;
+
+	*path = '\0';
+	if ( !filename )
+		return filename;
+
+	if ( (p = strrchr (filename, '/')) )	/* file arg contains path ? */
+	{
+		if ( strlen (filename) > size )
+			return filename;
+
+		strcpy (path, filename);
+		path[p-filename] = '\0';
+		filename = ++p;
+	}
+	return filename;
+}
+
+/*****************************************************************
+**	pathname (path, size, dir, file, ext)
+**	Concatenate 'dir', 'file' and 'ext' (if not null) to build
+**	a pathname, and store the result in the character array
+**	with length 'size' pointed to by 'path'.
+*****************************************************************/
+char	*pathname (char *path, size_t size, const char *dir, const char *file, const char *ext)
+{
+	int	len;
+
+	if ( path == NULL || file == NULL )
+		return path;
+
+	len = strlen (file) + 1;
+	if ( dir )
+		len += strlen (dir);
+	if ( ext )
+		len += strlen (ext);
+	if ( len > size )
+		return path;
+
+	*path = '\0';
+	if ( dir && *dir )
+	{
+		len = sprintf (path, "%s", dir);
+		if ( path[len-1] != '/' )
+		{
+			path[len++] = '/';
+			path[len] = '\0';
+		}
+	}
+	strcat (path, file);
+	if ( ext )
+		strcat (path, ext);
+	return path;
+}
+
+/*****************************************************************
+**	is_directory (name)
+**	Check if the given pathname 'name' exists and is a directory.
+**	returns 0 | 1
+*****************************************************************/
+int	is_directory (const char *name)
+{
+	struct	stat	st;
+
+	if ( !name || !*name )	
+		return 0;
+	
+	return ( stat (name, &st) == 0 && S_ISDIR (st.st_mode) );
+}
+
+/*****************************************************************
+**	fileexist (name)
+**	Check if a file with the given pathname 'name' exists.
+**	returns 0 | 1
+*****************************************************************/
+int	fileexist (const char *name)
+{
+	struct	stat	st;
+	return ( stat (name, &st) == 0 && S_ISREG (st.st_mode) );
+}
+
+/*****************************************************************
+**	filesize (name)
+**	return the size of the file with the given pathname 'name'.
+**	returns -1 if the file not exist 
+*****************************************************************/
+size_t	filesize (const char *name)
+{
+	struct	stat	st;
+	if  ( stat (name, &st) == -1 )
+		return -1L;
+	return ( st.st_size );
+}
+
+/*****************************************************************
+**	is_keyfilename (name)
+**	Check if the given name looks like a dnssec (public)
+**	keyfile name. Returns 0 | 1
+*****************************************************************/
+int	is_keyfilename (const char *name)
+{
+	int	len;
+
+	if ( name == NULL || *name != 'K' )
+		return 0;
+
+	len = strlen (name);
+	if ( len > 4 && strcmp (&name[len - 4], ".key") == 0 ) 
+		return 1;
+
+	return 0;
+}
+
+/*****************************************************************
+**	is_dotfile (name)
+**	Check if the given pathname 'name' looks like "." or "..".
+**	Returns 0 | 1
+*****************************************************************/
+int	is_dotfile (const char *name)
+{
+	if ( name && (
+	     (name[0] == '.' && name[1] == '\0') || 
+	     (name[0] == '.' && name[1] == '.' && name[2] == '\0')) )
+		return 1;
+
+	return 0;
+}
+
+/*****************************************************************
+**	touch (name, sec)
+**	Set the modification time of the given pathname 'fname' to
+**	'sec'.	Returns 0 on success.
+*****************************************************************/
+int	touch (const char *fname, time_t sec)
+{
+	struct	utimbuf	utb;
+
+	utb.actime = utb.modtime = sec;
+	return utime (fname, &utb);
+}
+
+/*****************************************************************
+**	linkfile (fromfile, tofile)
+*****************************************************************/
+int	linkfile (const char *fromfile, const char *tofile)
+{
+	int	ret;
+
+	/* fprintf (stderr, "linkfile (%s, %s)\n", fromfile, tofile); */
+	if ( (ret = link (fromfile, tofile)) == -1 && errno == EEXIST )
+		if ( unlink (tofile) == 0 )
+			ret = link (fromfile, tofile);
+
+	return ret;
+}
+
+/*****************************************************************
+**	copyfile (fromfile, tofile, dnskeyfile)
+*****************************************************************/
+int	copyfile (const char *fromfile, const char *tofile, const char *dnskeyfile)
+{
+	FILE	*infp;
+	FILE	*outfp;
+	int	c;
+
+	/* fprintf (stderr, "copyfile (%s, %s)\n", fromfile, tofile); */
+	if ( (infp = fopen (fromfile, "r")) == NULL )
+		return -1;
+	if ( (outfp = fopen (tofile, "w")) == NULL )
+	{
+		fclose (infp);
+		return -2;
+	}
+	while ( (c = getc (infp)) != EOF ) 
+		putc (c, outfp);
+
+	fclose (infp);
+	if ( dnskeyfile && *dnskeyfile && (infp = fopen (dnskeyfile, "r")) != NULL )
+	{
+		while ( (c = getc (infp)) != EOF ) 
+			putc (c, outfp);
+		fclose (infp);
+	}
+	fclose (outfp);
+
+	return 0;
+}
+
+/*****************************************************************
+**	copyzonefile (fromfile, tofile, dnskeyfile)
+**	copy a already signed zonefile and replace all zone DNSKEY
+**	resource records by one "$INCLUDE dnskey.db" line
+*****************************************************************/
+int	copyzonefile (const char *fromfile, const char *tofile, const char *dnskeyfile)
+{
+	FILE	*infp;
+	FILE	*outfp;
+	int	len;
+	int	dnskeys;
+	int	multi_line_dnskey;
+	int	bufoverflow;
+	char	buf[1024];
+	char	*p;
+
+	if ( fromfile == NULL )
+		infp = stdin;
+	else
+		if ( (infp = fopen (fromfile, "r")) == NULL )
+			return -1;
+	if ( tofile == NULL )
+		outfp = stdout;
+	else
+		if ( (outfp = fopen (tofile, "w")) == NULL )
+		{
+			if ( fromfile )
+				fclose (infp);
+			return -2;
+		}
+
+	multi_line_dnskey = 0;
+	dnskeys = 0;
+	bufoverflow = 0;
+	while ( fgets (buf, sizeof buf, infp) != NULL ) 
+	{
+		p = buf;
+		if ( !bufoverflow && !multi_line_dnskey && (*p == '@' || isspace (*p)) )	/* check if DNSKEY RR */
+		{
+			do
+				p++;
+			while ( isspace (*p) ) ;
+
+			/* skip TTL */
+			while ( isdigit (*p) )
+				p++;
+
+			while ( isspace (*p) )
+				p++;
+
+			/* skip Class */
+			if ( strncasecmp (p, "IN", 2) == 0 )
+			{
+				p += 2;
+				while ( isspace (*p) )
+					p++;
+			}
+
+			if ( strncasecmp (p, "DNSKEY", 6) == 0 )	/* bingo! */
+			{
+				dnskeys++;
+				p += 6;
+				while ( *p )
+				{
+					if ( *p == '(' )
+						multi_line_dnskey = 1;
+					if ( *p == ')' )
+						multi_line_dnskey = 0;
+					p++;
+				}
+				if ( dnskeys == 1 )
+					fprintf (outfp, "$INCLUDE %s\n", dnskeyfile);	
+			}
+			else 
+				fputs (buf, outfp);	
+		}
+		else
+		{
+			if ( bufoverflow )
+				fprintf (stderr, "!! buffer overflow in copyzonefile() !!\n");
+			if ( !multi_line_dnskey )
+				fputs (buf, outfp);	
+			else
+			{
+				while ( *p && *p != ')' )
+					p++;
+				if ( *p == ')' )
+					multi_line_dnskey = 0;
+			}
+		}
+		
+		len = strlen (buf);
+		bufoverflow = buf[len-1] != '\n';	/* line too long ? */
+	}
+
+	if ( fromfile )
+		fclose (infp);
+	if ( tofile )
+		fclose (outfp);
+
+	return 0;
+}
+
+/*****************************************************************
+**	cmpfile (file1, file2)
+**	returns -1 on error, 1 if the files differ and 0 if they
+**	are identical.
+*****************************************************************/
+int	cmpfile (const char *file1, const char *file2)
+{
+	FILE	*fp1;
+	FILE	*fp2;
+	int	c1;
+	int	c2;
+
+	/* fprintf (stderr, "cmpfile (%s, %s)\n", file1, file2); */
+	if ( (fp1 = fopen (file1, "r")) == NULL )
+		return -1;
+	if ( (fp2 = fopen (file2, "r")) == NULL )
+	{
+		fclose (fp1);
+		return -1;
+	}
+
+	do {
+		c1 = getc (fp1);
+		c2 = getc (fp2);
+	}  while ( c1 != EOF && c2 != EOF && c1 == c2 );
+
+	fclose (fp1);
+	fclose (fp2);
+
+	if ( c1 == c2 )
+		return 0;
+	return 1;
+}
+
+/*****************************************************************
+**	file_age (fname)
+*****************************************************************/
+int	file_age (const char *fname)
+{
+	time_t	curr = time (NULL);
+	time_t	mtime = file_mtime (fname);
+
+	return curr - mtime;
+}
+
+/*****************************************************************
+**	file_mtime (fname)
+*****************************************************************/
+time_t	file_mtime (const char *fname)
+{
+	struct	stat	st;
+
+	if ( stat (fname, &st) < 0 )
+		return 0;
+	return st.st_mtime;
+}
+
+/*****************************************************************
+**	is_exec_ok (prog)
+**	Check if we are running as root or if the file owner of
+**	"prog" do not match the current user or the file permissions
+**	allows file modification for others then the owner.
+**	The same condition will be checked for the group ownership.
+**	return 1 if the execution of the command "prog" will not
+**	open a big security whole, 0 otherwise
+*****************************************************************/
+int	is_exec_ok (const char *prog)
+{
+	uid_t	curr_uid;
+	struct	stat	st;
+
+	if ( stat (prog, &st) < 0 )
+		return 0;
+
+	curr_uid = getuid ();
+	if ( curr_uid == 0 )			/* don't run the cmd if we are root */
+		return 0;
+
+	/* if the file owner and the current user matches and */
+	/* the file mode is not writable except for the owner, we are save */
+	if ( curr_uid == st.st_uid && (st.st_mode & (S_IWGRP | S_IWOTH)) == 0 )
+		return 1;
+
+	/* if the file group and the current group matches and */
+	/* the file mode is not writable except for the group, we are also save */
+	if ( getgid() != st.st_gid && (st.st_mode & (S_IWUSR | S_IWOTH)) == 0 )
+		return 1;
+
+	return 0;
+}
+
+/*****************************************************************
+**	fatal (fmt, ...)
+*****************************************************************/
+void fatal (char *fmt, ...)
+{
+        va_list ap;
+
+        va_start(ap, fmt);
+        if ( progname )
+		fprintf (stderr, "%s: ", progname);
+        vfprintf (stderr, fmt, ap);
+        va_end(ap);
+        exit (127);
+}
+
+/*****************************************************************
+**	error (fmt, ...)
+*****************************************************************/
+void error (char *fmt, ...)
+{
+        va_list ap;
+
+        va_start(ap, fmt);
+        vfprintf (stderr, fmt, ap);
+        va_end(ap);
+}
+
+/*****************************************************************
+**	logmesg (fmt, ...)
+*****************************************************************/
+void logmesg (char *fmt, ...)
+{
+        va_list ap;
+
+#if defined (LOG_WITH_PROGNAME) && LOG_WITH_PROGNAME
+        fprintf (stdout, "%s: ", progname);
+#endif
+        va_start(ap, fmt);
+        vfprintf (stdout, fmt, ap);
+        va_end(ap);
+}
+
+/*****************************************************************
+**	verbmesg (verblvl, conf, fmt, ...)
+*****************************************************************/
+void	verbmesg (int verblvl, const zconf_t *conf, char *fmt, ...)
+{
+	char	str[511+1];
+        va_list ap;
+
+	str[0] = '\0';
+	va_start(ap, fmt);
+	vsnprintf (str, sizeof (str), fmt, ap);
+	va_end(ap);
+
+	//fprintf (stderr, "verbmesg (%d stdout=%d filelog=%d str = :%s:\n", verblvl, conf->verbosity, conf->verboselog, str);
+	if ( verblvl <= conf->verbosity )	/* check if we have to print this to stdout */
+		logmesg (str);
+
+	str_chop (str, '\n');
+	if ( verblvl <= conf->verboselog )	/* check logging to syslog and/or file */
+		lg_mesg (LG_DEBUG, str);
+}
+
+
+/*****************************************************************
+**	logflush ()
+*****************************************************************/
+void logflush ()
+{
+        fflush (stdout);
+}
+
+/*****************************************************************
+**	timestr2time (timestr)
+**	timestr should look like "20071211223901" for 12 dec 2007 22:39:01
+*****************************************************************/
+time_t	timestr2time (const char *timestr)
+{
+	struct	tm	t;
+	time_t	sec;
+
+	// fprintf (stderr, "timestr = \"%s\"\n", timestr);
+	if ( sscanf (timestr, "%4d%2d%2d%2d%2d%2d", 
+			&t.tm_year, &t.tm_mon, &t.tm_mday, 
+			&t.tm_hour, &t.tm_min, &t.tm_sec) != 6 )
+		return 0L;
+	t.tm_year -= 1900;
+	t.tm_mon -= 1;
+	t.tm_isdst = 0;
+
+#if defined(HAS_TIMEGM) && HAS_TIMEGM
+	sec = timegm (&t);
+#else
+	{
+	time_t ret;
+	char *tz;
+
+	tz = getenv("TZ");
+	// setenv("TZ", "", 1);
+	setenv("TZ", "UTC", 1);
+	tzset();
+	sec = mktime(&t);
+	if (tz)
+		setenv("TZ", tz, 1);
+	else
+		unsetenv("TZ");
+	tzset();
+	}
+#endif
+	
+	return sec < 0L ? 0L : sec;
+}
+
+/*****************************************************************
+**	time2str (sec, precison)
+**	sec is seconds since 1.1.1970
+**	precison is currently either 's' (for seconds) or 'm' (minutes)
+*****************************************************************/
+char	*time2str (time_t sec, int precision)
+{
+	struct	tm	*t;
+	static	char	timestr[31+1];	/* 27+1 should be enough */
+#if defined(HAVE_STRFTIME) && HAVE_STRFTIME
+	char	tformat[127+1];
+
+	timestr[0] = '\0';
+	if ( sec <= 0L )
+		return timestr;
+	t = localtime (&sec);
+	if ( precision == 's' )
+		strcpy (tformat, "%b %d %Y %T");
+	else
+		strcpy (tformat, "%b %d %Y %R");
+# if PRINT_TIMEZONE
+	strcat (tformat, " %z");
+# endif
+	strftime (timestr, sizeof (timestr), tformat, t);
+
+#else	/* no strftime available */
+	static	char	*mstr[] = {
+			"Jan", "Feb", "Mar", "Apr", "May", "Jun",
+			"Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
+	};
+
+	timestr[0] = '\0';
+	if ( sec <= 0L )
+		return timestr;
+	t = localtime (&sec);
+# if PRINT_TIMEZONE
+	{
+	int	h,	s;
+
+	s = abs (t->tm_gmtoff);
+	h = t->tm_gmtoff / 3600;
+	s = t->tm_gmtoff % 3600;
+	if ( precision == 's' )
+		snprintf (timestr, sizeof (timestr), "%s %2d %4d %02d:%02d:%02d %c%02d%02d",
+			mstr[t->tm_mon], t->tm_mday, t->tm_year + 1900, 
+			t->tm_hour, t->tm_min, t->tm_sec,
+			t->tm_gmtoff < 0 ? '-': '+',
+			h, s);
+	else
+		snprintf (timestr, sizeof (timestr), "%s %2d %4d %02d:%02d %c%02d%02d",
+			mstr[t->tm_mon], t->tm_mday, t->tm_year + 1900, 
+			t->tm_hour, t->tm_min, 
+			t->tm_gmtoff < 0 ? '-': '+',
+			h, s);
+	}
+# else
+	if ( precision == 's' )
+		snprintf (timestr, sizeof (timestr), "%s %2d %4d %02d:%02d:%02d",
+			mstr[t->tm_mon], t->tm_mday, t->tm_year + 1900, 
+			t->tm_hour, t->tm_min, t->tm_sec);
+	else
+		snprintf (timestr, sizeof (timestr), "%s %2d %4d %02d:%02d",
+			mstr[t->tm_mon], t->tm_mday, t->tm_year + 1900, 
+			t->tm_hour, t->tm_min);
+# endif
+#endif
+
+	return timestr;
+}
+
+/*****************************************************************
+**	time2isostr (sec, precison)
+**	sec is seconds since 1.1.1970
+**	precison is currently either 's' (for seconds) or 'm' (minutes)
+*****************************************************************/
+char	*time2isostr (time_t sec, int precision)
+{
+	struct	tm	*t;
+	static	char	timestr[31+1];	/* 27+1 should be enough */
+
+	timestr[0] = '\0';
+	if ( sec <= 0L )
+		return timestr;
+
+	t = gmtime (&sec);
+	if ( precision == 's' )
+		snprintf (timestr, sizeof (timestr), "%4d%02d%02d%02d%02d%02d",
+			t->tm_year + 1900, t->tm_mon+1, t->tm_mday,
+			t->tm_hour, t->tm_min, t->tm_sec);
+	else
+		snprintf (timestr, sizeof (timestr), "%4d%02d%02d%02d%02d",
+			t->tm_year + 1900, t->tm_mon+1, t->tm_mday,
+			t->tm_hour, t->tm_min);
+
+	return timestr;
+}
+
+/*****************************************************************
+**	age2str (sec)
+**	!!Attention: This function is not reentrant 
+*****************************************************************/
+char	*age2str (time_t sec)
+{
+	static	char	str[20+1];	/* "2y51w6d23h50m55s" == 16+1 chars */
+	int	len;
+	int	strsize = sizeof (str);
+
+	len = 0;
+# if PRINT_AGE_WITH_YEAR
+	if ( sec / (YEARSEC) > 0 )
+	{
+		len += snprintf (str+len, strsize - len, "%1luy", sec / YEARSEC );
+		sec %= (YEARSEC);
+	}
+	else
+		len += snprintf (str+len, strsize - len, "  ");
+# endif
+	if ( sec / WEEKSEC > 0 )
+	{
+		len += snprintf (str+len, strsize - len, "%2luw", (ulong) sec / WEEKSEC );
+		sec %= WEEKSEC;
+	}
+	else
+		len += snprintf (str+len, strsize - len, "   ");
+	if ( sec / DAYSEC > 0 )
+	{
+		len += snprintf (str+len, strsize - len, "%2lud", sec / (ulong)DAYSEC);
+		sec %= DAYSEC;
+	}
+	else
+		len += snprintf (str+len, strsize - len, "   ");
+	if ( sec / HOURSEC > 0 )
+	{
+		len += snprintf (str+len, strsize - len, "%2luh", sec / (ulong)HOURSEC);
+		sec %= HOURSEC;
+	}
+	else
+		len += snprintf (str+len, strsize - len, "   ");
+	if ( sec / MINSEC > 0 )
+	{
+		len += snprintf (str+len, strsize - len, "%2lum", sec / (ulong)MINSEC);
+		sec %= MINSEC;
+	}
+	else
+		len += snprintf (str+len, strsize - len, "   ");
+	if ( sec > 0 )
+		snprintf (str+len, strsize - len, "%2lus", (ulong) sec);
+	else
+		len += snprintf (str+len, strsize - len, "   ");
+
+	return str;
+}
+
+/*****************************************************************
+**	start_timer ()
+*****************************************************************/
+time_t	start_timer ()
+{
+	return (time(NULL));
+}
+
+/*****************************************************************
+**	stop_timer ()
+*****************************************************************/
+time_t	stop_timer (time_t start)
+{
+	time_t	stop = time (NULL);
+
+	return stop - start;
+}
+
+/****************************************************************
+**
+**	int	inc_serial (filename, use_unixtime)
+**
+**	This function depends on a special syntax formating the
+**	SOA record in the zone file!!
+**
+**	To match the SOA record, the SOA RR must be formatted
+**	like this:
+**	@    IN  SOA <master.fq.dn.> <hostmaster.fq.dn.> (
+**	<SPACEes or TABs>      1234567890; serial number 
+**	<SPACEes or TABs>      86400	 ; other values
+**				...
+**	The space from the first digit of the serial number to
+**	the first none white space char or to the end of the line
+**	must be at least 10 characters!
+**	So you have to left justify the serial number in a field
+**	of at least 10 characters like this:
+**	<SPACEes or TABs>      1         ; Serial 
+**
+****************************************************************/
+int	inc_serial (const char *fname, int use_unixtime)
+{
+	FILE	*fp;
+	char	buf[4095+1];
+	char	master[254+1];
+	int	error;
+
+	/**
+	   since BIND 9.4, there is a dnssec-signzone option available for
+	   serial number increment.
+	   If the user request "unixtime" than use this mechanism 
+	**/
+#if defined(BIND_VERSION) && BIND_VERSION >= 940
+	if ( use_unixtime )
+		return 0;
+#endif
+	if ( (fp = fopen (fname, "r+")) == NULL )
+		return -1;
+
+		/* read until the line matches the beginning of a soa record ... */
+	while ( fgets (buf, sizeof buf, fp) &&
+		    sscanf (buf, "@ IN SOA %255s %*s (\n", master) != 1 )
+		;
+
+	if ( feof (fp) )
+	{
+		fclose (fp);
+		return -2;
+	}
+
+	error = inc_soa_serial (fp, use_unixtime);	/* .. inc soa serial no ... */
+
+	if ( fclose (fp) != 0 )
+		return -5;
+	return error;
+}
+
+/*****************************************************************
+**	return the serial number of the current day in the form
+**	of YYYYmmdd00
+*****************************************************************/
+static	ulong	today_serialtime ()
+{
+	struct	tm	*t;
+	ulong	serialtime;
+	time_t	now;
+
+	now =  time (NULL);
+	t = gmtime (&now);
+	serialtime = (t->tm_year + 1900) * 10000;
+	serialtime += (t->tm_mon+1) * 100;
+	serialtime += t->tm_mday;
+	serialtime *= 100;
+
+	return serialtime;
+}
+
+/*****************************************************************
+**	inc_soa_serial (fp, use_unixtime)
+**	increment the soa serial number of the file 'fp'
+**	'fp' must be opened "r+"
+*****************************************************************/
+static	int	inc_soa_serial (FILE *fp, int use_unixtime)
+{
+	int	c;
+	long	pos,	eos;
+	ulong	serial;
+	int	digits;
+	ulong	today;
+
+	/* move forward until any non ws reached */
+	while ( (c = getc (fp)) != EOF && isspace (c) )
+		;
+	ungetc (c, fp);		/* push back the last char */
+
+	pos = ftell (fp);	/* mark position */
+
+	serial = 0L;	/* read in the current serial number */
+	/* be aware of the trailing space in the format string !! */
+	if ( fscanf (fp, "%lu ", &serial) != 1 )	/* try to get serial no */
+		return -3;
+	eos = ftell (fp);	/* mark first non digit/ws character pos */
+
+	digits = eos - pos;
+	if ( digits < 10 )	/* not enough space for serial no ? */
+		return -4;
+
+	if ( use_unixtime )
+		today = time (NULL);
+	else
+	{
+		today = today_serialtime ();	/* YYYYmmdd00 */
+		if ( serial > 1970010100L && serial < today )	
+			serial = today;			/* set to current time */
+		serial++;			/* increment anyway */
+	}
+
+	fseek (fp, pos, SEEK_SET);	/* go back to the beginning */
+	fprintf (fp, "%-*lu", digits, serial);	/* write as many chars as before */
+
+	return 1;	/* yep! */
+}
+
+/*****************************************************************
+**	return the error text of the inc_serial return coode
+*****************************************************************/
+const	char	*inc_errstr (int err)
+{
+	switch ( err )
+	{
+	case -1:	return "couldn't open zone file for modifying";
+	case -2:	return "unexpected end of file";
+	case -3:	return "no serial number found in zone file";
+	case -4:	return "not enough space left for serialno";
+	case -5:	return "error on closing zone file";
+	}
+	return "";
+}
+
+#ifdef SOA_TEST
+const char *progname;
+main (int argc, char *argv[])
+{
+	ulong	now;
+	int	err;
+	char	cmd[255];
+
+	progname = *argv;
+
+	now = today_serialtime ();
+	printf ("now = %lu\n", now);
+
+	if ( (err = inc_serial (argv[1]), 0) < 0 )
+		error ("can't change serial errno=%d\n", err);
+
+	snprintf (cmd, sizeof(cmd), "head -15 %s", argv[1]);
+	system (cmd);
+}
+#endif
+
+#ifdef COPYZONE_TEST
+const char *progname;
+main (int argc, char *argv[])
+{
+	progname = *argv;
+
+	if ( copyzonefile (argv[1], NULL) < 0 )
+		error ("can't copy zone file %s\n", argv[1]);
+}
+#endif
+
+#ifdef URL_TEST
+const char *progname;
+main (int argc, char *argv[])
+{
+	char	*proto;
+	char	*host;
+	char	*port;
+	char	*para;
+	char	url[1024];
+
+	progname = *argv;
+
+	proto = host = port = para = NULL;
+
+	if ( --argc <= 0 )
+	{
+		fprintf (stderr, "usage: url_test <url>\n");
+		fprintf (stderr, "e.g.: url_test http://www.hznet.de:80/zkt\n");
+		exit (1);
+	}
+	
+	strcpy (url, argv[1]);
+	parseurl (url, &proto, &host, &port, &para);
+
+	if ( proto )
+		printf ("proto: \"%s\"\n", proto);
+	if ( host )
+		printf ("host: \"%s\"\n", host);
+	if ( port )
+		printf ("port: \"%s\"\n", port);
+	if ( para )
+		printf ("para: \"%s\"\n", para);
+
+}
+#endif
+
diff --git a/contrib/zkt/misc.h b/contrib/zkt/misc.h
new file mode 100644
index 0000000..842a80d
--- /dev/null
+++ b/contrib/zkt/misc.h
@@ -0,0 +1,84 @@
+/*****************************************************************
+**
+**	@(#) misc.h  (c) 2005 - 2007  Holger Zuleger  hznet.de
+**
+**	Copyright (c) 2005 - 2007, Holger Zuleger HZnet. All rights reserved.
+**
+**	This software is open source.
+**
+**	Redistribution and use in source and binary forms, with or without
+**	modification, are permitted provided that the following conditions
+**	are met:
+**
+**	Redistributions of source code must retain the above copyright notice,
+**	this list of conditions and the following disclaimer.
+**
+**	Redistributions in binary form must reproduce the above copyright notice,
+**	this list of conditions and the following disclaimer in the documentation
+**	and/or other materials provided with the distribution.
+**
+**	Neither the name of Holger Zuleger HZnet nor the names of its contributors may
+**	be used to endorse or promote products derived from this software without
+**	specific prior written permission.
+**
+**	THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+**	"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+**	TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+**	PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
+**	LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+**	CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+**	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+**	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+**	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+**	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+**	POSSIBILITY OF SUCH DAMAGE.
+**
+*****************************************************************/
+#ifndef MISC_H
+# define MISC_H
+# include <sys/types.h>
+# include <stdarg.h>
+# include <stdio.h>
+# include "zconf.h"
+
+# define min(a, b)	((a) < (b) ? (a) : (b))
+# define max(a, b)	((a) > (b) ? (a) : (b))
+
+extern	const	char	*getnameappendix (const char *progname, const char *basename);
+extern	const	char	*getdefconfname (const char *view);
+extern	int	fileexist (const char *name);
+extern	size_t	filesize (const char *name);
+extern	int	file_age (const char *fname);
+extern	int	touch (const char *fname, time_t sec);
+extern	int	linkfile (const char *fromfile, const char *tofile);
+//extern	int	copyfile (const char *fromfile, const char *tofile);
+extern	int	copyfile (const char *fromfile, const char *tofile, const char *dnskeyfile);
+extern	int	copyzonefile (const char *fromfile, const char *tofile, const char *dnskeyfile);
+extern	int	cmpfile (const char *file1, const char *file2);
+extern	char	*str_delspace (char *s);
+extern	char	*str_tolowerdup (const char *s);
+extern	int	in_strarr (const char *str, char *const arr[], int cnt);
+extern	const	char	*splitpath (char *path, size_t  size, const char *filename);
+extern	char	*pathname (char *name, size_t size, const char *path, const char *file, const char *ext);
+extern	char	*time2str (time_t sec, int precision);
+extern	char	*time2isostr (time_t sec, int precision);
+extern	time_t	timestr2time (const char *timestr);
+extern	int	is_keyfilename (const char *name);
+extern	int	is_directory (const char *name);
+extern	time_t	file_mtime (const char *fname);
+extern	int	is_exec_ok (const char *prog);
+extern	char	*age2str (time_t sec);
+extern	time_t	stop_timer (time_t start);
+extern	time_t	start_timer (void);
+extern	void    error (char *fmt, ...);
+extern	void    fatal (char *fmt, ...);
+extern	void    logmesg (char *fmt, ...);
+extern	void	verbmesg (int verblvl, const zconf_t *conf, char *fmt, ...);
+extern	void	logflush (void);
+extern	int	inc_serial (const char *fname, int use_unixtime);
+extern	const	char	*inc_errstr (int err);
+extern	char	*str_untaint (char *str);
+extern	char	*str_chop (char *str, char c);
+extern	int	is_dotfile (const char *name);
+extern	void	parseurl (char *url, char **proto, char **host, char **port, char **para);
+#endif
diff --git a/contrib/zkt/ncparse.c b/contrib/zkt/ncparse.c
new file mode 100644
index 0000000..e67f4b0
--- /dev/null
+++ b/contrib/zkt/ncparse.c
@@ -0,0 +1,317 @@
+/*****************************************************************
+**	
+**	@(#) ncparse.c -- A very simple named.conf parser
+**
+**	Copyright (c) Apr 2005 - Nov 2007, Holger Zuleger HZnet. All rights reserved.
+**
+**	This software is open source.
+**
+**	Redistribution and use in source and binary forms, with or without
+**	modification, are permitted provided that the following conditions
+**	are met:
+**
+**	Redistributions of source code must retain the above copyright notice,
+**	this list of conditions and the following disclaimer.
+**
+**	Redistributions in binary form must reproduce the above copyright notice,
+**	this list of conditions and the following disclaimer in the documentation
+**	and/or other materials provided with the distribution.
+**
+**	Neither the name of Holger Zuleger HZnet nor the names of its contributors may
+**	be used to endorse or promote products derived from this software without
+**	specific prior written permission.
+**
+**	THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+**	"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+**	TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+**	PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
+**	LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+**	CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+**	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+**	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+**	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+**	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+**	POSSIBILITY OF SUCH DAMAGE.
+**
+*****************************************************************/
+# include <stdio.h>
+# include <string.h>
+# include <ctype.h>
+# include <assert.h>
+# include "debug.h"
+# include "misc.h"
+# include "log.h"
+#define extern
+# include "ncparse.h"
+#undef extern
+
+# define	TOK_STRING	257
+# define	TOK_DIR		258
+# define	TOK_INCLUDE	259
+
+# define	TOK_ZONE	260
+# define	TOK_TYPE	261
+# define	TOK_MASTER	262
+# define	TOK_SLAVE	263
+# define	TOK_STUB	264
+# define	TOK_HINT	265
+# define	TOK_FORWARD	266
+# define	TOK_DELEGATION	267
+# define	TOK_VIEW	268
+
+# define	TOK_FILE	270
+
+# define	TOK_UNKNOWN	511
+
+/* list of "named.conf" keywords we are interested in */
+static struct KeyWords {
+	char	*name;
+	int	tok;
+} kw[] = {
+	{ "STRING",	TOK_STRING },
+	{ "include",	TOK_INCLUDE },
+	{ "directory",	TOK_DIR },
+	{ "file",	TOK_FILE },
+	{ "zone",	TOK_ZONE },
+#if 0	/* we don't need the type keyword; master, slave etc. is sufficient */
+	{ "type",	TOK_TYPE },
+#endif
+	{ "master",	TOK_MASTER },
+	{ "slave",	TOK_SLAVE },
+	{ "stub",	TOK_STUB },
+	{ "hint",	TOK_HINT },
+	{ "forward",	TOK_FORWARD },
+	{ "delegation-only", TOK_DELEGATION },
+	{ "view",	TOK_VIEW },
+	{ NULL,		TOK_UNKNOWN },
+};
+
+#ifdef DBG
+static	const char	*tok2str (int  tok)
+{
+	int	i;
+
+	i = 0;
+	while ( kw[i].name && kw[i].tok != tok )
+		i++;
+
+	return kw[i].name;
+}
+#endif
+
+static	int	searchkw (const char *keyword)
+{
+	int	i;
+
+	dbg_val ("ncparse: searchkw (%s)\n", keyword);
+	i = 0;
+	while ( kw[i].name && strcmp (kw[i].name, keyword) != 0 )
+		i++;
+
+	return kw[i].tok;
+}
+
+static	int	gettok (FILE *fp, char *val, size_t valsize)
+{
+	int	lastc;
+	int	c;
+	char	buf[255+1];
+	char	*p;
+	char	*bufend;
+
+	*val = '\0';
+	do {
+		while ( (c = getc (fp)) != EOF && isspace (c) )
+			;
+
+		if ( c == '#' )		/* single line comment ? */
+		{
+			while ( (c = getc (fp)) != EOF && c != '\n' )
+				;
+			continue;
+		}
+
+		if ( c == EOF )
+			return EOF;
+
+		if ( c == '{' || c == '}' || c == ';' )
+			continue;
+
+		if ( c == '/' )		/* begin of C comment ? */
+		{
+			if ( (c = getc (fp)) == '*' )	/* yes! */
+			{
+				lastc = EOF;		/* read until end of c comment */
+				while ( (c = getc (fp)) != EOF && !(lastc == '*' && c == '/') )
+					lastc = c;
+			}	
+			else if ( c == '/' )	/* is it a C single line comment ? */
+			{
+				while ( (c = getc (fp)) != EOF && c != '\n' )
+					;
+			}
+			else		/* no ! */
+				ungetc (c, fp);
+			continue;
+		}
+
+		if ( c == '\"' )
+		{
+			p = val;
+			bufend = val + valsize - 1;
+			while ( (c = getc (fp)) != EOF && p < bufend && c != '\"' )
+				*p++ = c;
+			*p = '\0';
+			/* if string buffer is too small, eat up rest of string */
+			while ( c != EOF && c != '\"' )
+				c = getc (fp);
+			
+			return TOK_STRING;
+		}
+
+		p = buf;
+		bufend = buf + sizeof (buf) - 1;
+		do
+			*p++ = tolower (c);
+		while ( (c = getc (fp)) != EOF && p < bufend && isalpha (c) );
+		*p = '\0';
+		ungetc (c, fp);
+
+		if ( (c = searchkw (buf)) != TOK_UNKNOWN )
+			return c;
+	}  while ( c != EOF );
+
+	return EOF;
+}
+
+/*****************************************************************
+**
+**	parse_namedconf (const char *filename, int (*func) ())
+**
+**	Very dumb named.conf parser.
+**	- In a zone declaration the _first_ keyword MUST be "type"
+**	- For every master zone "func (directory, zone, filename)" will be called
+**
+*****************************************************************/
+int	parse_namedconf (const char *filename, char *dir, size_t dirsize, int (*func) ())
+{
+	FILE	*fp;
+	int	tok;
+	char	path[511+1];
+#if 1	/* this is potentialy too small for key data, but we don't need the keys... */
+	char	strval[255+1];		
+#else
+	char	strval[4095+1];
+#endif
+	char	view[255+1];
+	char	zone[255+1];
+	char	zonefile[255+1];
+
+	dbg_val ("parse_namedconf: parsing file \"%s\" \n", filename);
+
+	assert (filename != NULL);
+	assert (dir != NULL && dirsize != 0);
+	assert (func != NULL);
+
+	view[0] = '\0';
+	if ( (fp = fopen (filename, "r")) == NULL )
+		return 0;
+
+	while ( (tok = gettok (fp, strval, sizeof strval)) != EOF )
+	{
+		if ( tok > 0 && tok < 256 )
+		{
+			error ("parse_namedconf: token found with value %-10d: %c\n", tok, tok);
+			lg_mesg (LG_ERROR, "parse_namedconf: token found with value %-10d: %c", tok, tok);
+		}
+		else if ( tok == TOK_DIR )
+		{
+			if ( gettok (fp, strval, sizeof (strval)) == TOK_STRING )
+			{
+				dbg_val2 ("parse_namedconf: directory found \"%s\" (dir is %s)\n",
+										 strval, dir);
+				if ( *strval != '/' &&  *dir )
+					snprintf (path, sizeof (path), "%s/%s", dir, strval);
+				else
+					snprintf (path, sizeof (path), "%s", strval);
+				snprintf (dir, dirsize, "%s", path);
+				dbg_val ("parse_namedconf: new dir \"%s\" \n", dir);
+			}	
+		}	
+		else if ( tok == TOK_INCLUDE )
+		{
+			if ( gettok (fp, strval, sizeof (strval)) == TOK_STRING )
+			{
+				if ( *strval != '/' && *dir )
+					snprintf (path, sizeof (path), "%s/%s", dir, strval);
+				else
+					snprintf (path, sizeof (path), "%s", strval);
+				if ( !parse_namedconf (path, dir, dirsize, func) )
+					return 0;
+			}
+			else
+			{
+				error ("parse_namedconf: need a filename after \"include\"!\n");
+				lg_mesg (LG_ERROR, "parse_namedconf: need a filename after \"include\"!");
+			}
+		}
+		else if ( tok == TOK_VIEW )
+		{
+			if ( gettok (fp, strval, sizeof (strval)) != TOK_STRING )
+				continue;
+			snprintf (view, sizeof view, "%s", strval);	/* store the name of the view */
+		}
+		else if ( tok == TOK_ZONE )
+		{
+			if ( gettok (fp, strval, sizeof (strval)) != TOK_STRING )
+				continue;
+			snprintf (zone, sizeof zone, "%s", strval);	/* store the name of the zone */
+
+			if ( gettok (fp, strval, sizeof (strval)) != TOK_MASTER )
+				continue;
+			if ( gettok (fp, strval, sizeof (strval)) != TOK_FILE )
+				continue;
+			if ( gettok (fp, strval, sizeof (strval)) != TOK_STRING )
+				continue;
+			snprintf (zonefile, sizeof zonefile, "%s", strval);	/* this is the filename */
+
+			dbg_val4 ("dir %s view %s zone %s file %s\n", dir, view, zone, zonefile);
+			(*func) (dir, view, zone, zonefile);
+		}
+		else 
+			dbg_val3 ("%-10s(%d): %s\n", tok2str(tok), tok, strval);
+	}
+	fclose (fp);
+
+	return 1;
+}
+
+#ifdef TEST_NCPARSE
+int	printzone (const char *dir, const char *view, const char *zone, const char *file)
+{
+	printf ("printzone ");
+	printf ("view \"%s\" " , view);
+	printf ("zone \"%s\" " , zone);
+	printf ("file ");
+	if ( dir && *dir )
+		printf ("%s/", dir, file);
+	printf ("%s", file);
+	putchar ('\n');
+	return 1;
+}
+
+char	*progname;
+
+main (int argc, char *argv[])
+{
+	char	directory[255+1];
+
+	progname = argv[0];
+
+	directory[0] = '\0';
+	if ( --argc == 0 )
+		parse_namedconf ("/var/named/named.conf", directory, sizeof (directory), printzone);
+	else 
+		parse_namedconf (argv[1], directory, sizeof (directory), printzone);
+}
+#endif
diff --git a/contrib/zkt/ncparse.h b/contrib/zkt/ncparse.h
new file mode 100644
index 0000000..4383c63
--- /dev/null
+++ b/contrib/zkt/ncparse.h
@@ -0,0 +1,41 @@
+/*****************************************************************
+**
+**	@(#) ncparse.h -- headerfile for a simple named.conf parser
+**
+**	Copyright (c) Apr 2005 - Nov 2007, Holger Zuleger HZnet. All rights reserved.
+**
+**	This software is open source.
+**
+**	Redistribution and use in source and binary forms, with or without
+**	modification, are permitted provided that the following conditions
+**	are met:
+**
+**	Redistributions of source code must retain the above copyright notice,
+**	this list of conditions and the following disclaimer.
+**
+**	Redistributions in binary form must reproduce the above copyright notice,
+**	this list of conditions and the following disclaimer in the documentation
+**	and/or other materials provided with the distribution.
+**
+**	Neither the name of Holger Zuleger HZnet nor the names of its contributors may
+**	be used to endorse or promote products derived from this software without
+**	specific prior written permission.
+**
+**	THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+**	"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+**	TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+**	PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
+**	LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+**	CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+**	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+**	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+**	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+**	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+**	POSSIBILITY OF SUCH DAMAGE.
+**
+*****************************************************************/
+
+#ifndef NCPARSE_H
+# define NCPARSE_H
+extern	int	parse_namedconf (const char *filename, char *dir, size_t dirsize, int (*func) ());
+#endif
diff --git a/contrib/zkt/rollover.c b/contrib/zkt/rollover.c
new file mode 100644
index 0000000..0c9fee0
--- /dev/null
+++ b/contrib/zkt/rollover.c
@@ -0,0 +1,615 @@
+/*****************************************************************
+**
+**	@(#) rollover.c -- The key rollover functions
+**
+**	Copyright (c) Jan 2005 - May 2008, Holger Zuleger HZnet. All rights reserved.
+**
+**	This software is open source.
+**
+**	Redistribution and use in source and binary forms, with or without
+**	modification, are permitted provided that the following conditions
+**	are met:
+**
+**	Redistributions of source code must retain the above copyright notice,
+**	this list of conditions and the following disclaimer.
+**
+**	Redistributions in binary form must reproduce the above copyright notice,
+**	this list of conditions and the following disclaimer in the documentation
+**	and/or other materials provided with the distribution.
+**
+**	Neither the name of Holger Zuleger HZnet nor the names of its contributors may
+**	be used to endorse or promote products derived from this software without
+**	specific prior written permission.
+**
+**	THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+**	"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+**	TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+**	PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
+**	LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+**	CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+**	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+**	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+**	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+**	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+**	POSSIBILITY OF SUCH DAMAGE.
+**
+*****************************************************************/
+# include <stdio.h>
+# include <string.h>
+# include <stdlib.h>
+# include <ctype.h>
+# include <time.h>
+# include <assert.h>
+# include <dirent.h>
+# include <errno.h>	
+# include <unistd.h>	
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+# include "config_zkt.h"
+# include "zconf.h"
+# include "debug.h"
+
+# include "misc.h"
+# include "zone.h"
+# include "dki.h"
+# include "log.h"
+#define extern
+# include "rollover.h"
+#undef extern
+
+/*****************************************************************
+**	local function definition
+*****************************************************************/
+
+static	dki_t	*genkey (dki_t **listp, const char *dir, const char *domain, int ksk, const zconf_t *conf, int status)
+{
+	dki_t	*dkp;
+
+	if ( listp == NULL || domain == NULL )
+		return NULL;
+
+	if ( ksk )
+		dkp = dki_new (dir, domain, DKI_KSK, conf->k_algo, conf->k_bits, conf->k_random, conf->k_life / DAYSEC);
+	else
+		dkp = dki_new (dir, domain, DKI_ZSK, conf->z_algo, conf->z_bits, conf->z_random, conf->z_life / DAYSEC);
+	dki_add (listp, dkp);
+	dki_setstatus (dkp, status);
+
+	return dkp;
+}
+
+static	time_t	get_exptime (dki_t *key, const zconf_t *z)
+{
+	time_t	exptime;
+
+	exptime = dki_exptime (key);
+	if ( exptime == 0L )
+	{
+		if ( dki_lifetime (key) )
+			exptime = dki_time (key) + dki_lifetime (key);
+		else
+			exptime = dki_time (key) + z->k_life;
+	}
+
+	return exptime;
+}
+
+/*****************************************************************
+**	is_parentdirsigned (name)
+**	Check if the parent directory of the zone specified by zp
+**	is a directory with a signed zone
+**	Returns 0 | 1
+*****************************************************************/
+static	int	is_parentdirsigned (const zone_t *zonelist, const zone_t *zp)
+{
+	char	path[MAX_PATHSIZE+1];
+	const	char	*ext;
+#if 0
+	const	zconf_t	*conf;
+
+	/* check if there is a local config file to get the name of the zone file */
+	snprintf (path, sizeof (path), "%s/../%s", zp->dir, LOCALCONF_FILE);
+	if ( fileexist (path) )		/* parent dir has local config file ? */
+		conf = loadconfig (path, NULL);
+	else
+		conf = zp->conf;
+
+	/* build the path of the .signed zone file */
+	snprintf (path, sizeof (path), "%s/../%s.signed", conf->dir, conf->zonefile);
+	if ( conf != zp->conf )	/* if we read in a local config file.. */
+		free (conf);	/* ..free the memory used */
+
+#else
+	/* currently we use the signed zone file name of the
+	 * current directory for checking if the file exist.
+	 * TODO: Instead we have to use the name of the zone file
+	 * used in the parent dir (see above)
+	 */
+
+	ext = strrchr (zp->sfile, '.');
+	if ( ext && strcmp (zp->sfile, ".dsigned") == 0 )	/* is the current zone a dynamic one ? */
+		/* hack: we are using the standard zone file name for a static zone here */
+		snprintf (path, sizeof (path), "%s/../%s", zp->dir, "zone.db.signed");
+	else
+	{
+# if 1
+		const	zone_t	*parent;
+		const	char	*parentname;
+
+		/* find out name of parent */
+		parentname = strchr (zp->zone, '.');	/* find first dot in zone name */
+		if ( parentname == NULL )	/* no parent found! */
+			return 0;
+		parentname += 1;	/* skip '.' */
+
+		/* try to find parent zone in zonelist */
+		if ( (parent = zone_search (zonelist, parentname)) == NULL )
+			return 0;
+		snprintf (path, sizeof (path), "%s/%s", parent->dir, parent->sfile);
+# else
+		snprintf (path, sizeof (path), "%s/../%s", zp->dir, zp->sfile);
+# endif
+	}
+#endif
+lg_mesg (LG_DEBUG, "%s: is_parentdirsigned = %d fileexist (%s)\n", zp->zone, fileexist (path), path);
+	return fileexist (path);	/* parent dir has zone.db.signed file ? */
+}
+
+/*****************************************************************
+**	create_parent_file ()
+*****************************************************************/
+static	int	create_parent_file (const char *fname, int phase, int ttl, const dki_t *dkp)
+{
+	FILE	*fp;
+
+	assert ( fname != NULL );
+
+	if ( dkp == NULL || (phase != 1 && phase != 2) )
+		return 0;
+
+	if ( (fp = fopen (fname, "w")) == NULL )
+		fatal ("can\'t create new parentfile \"%s\"\n", fname);
+
+	if ( phase == 1 )
+		fprintf (fp, "; KSK rollover phase1 (new key generated but this is alread the old one)\n");
+	else
+		fprintf (fp, "; KSK rollover phase2 (this is the new key)\n");
+
+	dki_prt_dnskeyttl (dkp, fp, ttl);
+	fclose (fp);
+
+	return phase;
+}
+
+/*****************************************************************
+**	get_parent_phase ()
+*****************************************************************/
+static	int	get_parent_phase (const char *file)
+{
+	FILE	*fp;
+	int	phase;
+
+	if ( (fp = fopen (file, "r")) == NULL )
+		return -1;
+
+	phase = 0;
+	if ( fscanf (fp, "; KSK rollover phase%d", &phase) != 1 )
+		phase = 0;
+
+	fclose (fp);
+	return phase;
+}
+
+/*****************************************************************
+**	kskrollover ()
+*****************************************************************/
+static	int	kskrollover (dki_t *ksk, zone_t *zonelist, zone_t *zp)
+{
+	char	path[MAX_PATHSIZE+1];
+	const	zconf_t	*z;
+	time_t	lifetime;
+	time_t	currtime;
+	time_t	age;
+	int	currphase;
+	int	parfile_age;
+	int	parent_propagation;
+	int	parent_resign;
+	int	parent_keyttl;
+
+
+	assert ( ksk != NULL );
+	assert ( zp != NULL );
+
+	z = zp->conf;
+	/* check ksk lifetime */
+	if ( (lifetime = dki_lifetime (ksk)) == 0 )	/* if lifetime of key is not set.. */
+		lifetime = z->k_life;			/* ..use global configured lifetime */
+
+	currtime = time (NULL);
+	age = dki_age (ksk, currtime);
+
+	/* build path of parent-file */
+	pathname (path, sizeof (path), zp->dir, "parent-", zp->zone);
+
+	/* check if we have to change the ksk ? */
+	if ( lifetime > 0 && age > lifetime && !fileexist (path) )	/* lifetime is over and no kskrollover in progress */
+	{
+		/* we are using hierachical mode and the parent directory contains a signed zone ? */
+		if ( z->keysetdir && strcmp (z->keysetdir, "..") == 0 && is_parentdirsigned (zonelist, zp) )
+		{
+			verbmesg (2, z, "\t\tkskrollover: create new key signing key\n");
+			/* create a new key: this is phase one of a double signing key rollover */
+			ksk = genkey (&zp->keys, zp->dir, zp->zone, DKI_KSK, z, DKI_ACTIVE);
+			if ( ksk == NULL )
+			{
+				lg_mesg (LG_ERROR, "\"%s\": unable to generate new ksk for double signing rollover", zp->zone);
+				return 0;
+			}
+			lg_mesg (LG_INFO, "\"%s\": kskrollover phase1: New key %d generated", zp->zone, ksk->tag);
+
+			/* find the oldest active ksk to create the parent file */
+			if ( (ksk = (dki_t *)dki_find (zp->keys, 1, 'a', 1)) == NULL )
+				lg_mesg (LG_ERROR, "kskrollover phase1: Couldn't find the old active key\n");
+			if ( !create_parent_file (path, 1, z->key_ttl, ksk) )
+				lg_mesg (LG_ERROR, "Couldn't create parentfile %s\n", path);
+
+		}
+		else	/* print out a warning only */
+		{
+			logmesg ("\t\tWarning: Lifetime of Key Signing Key %d exceeded: %s\n",
+							ksk->tag, str_delspace (age2str (age)));
+			lg_mesg (LG_WARNING, "\"%s\": lifetime of key signing key %d exceeded since %s",
+							zp->zone, ksk->tag, str_delspace (age2str (age - lifetime)));
+		}
+		return 1;
+	}
+
+	/* now check if there is an ongoing key rollover */
+
+	/* check if parent-file already exist */
+	if ( !fileexist (path) )	/* no parent-<zone> file found ? */
+		return 0;	/* ok, that's it */
+
+	/* check the ksk rollover phase we are in */
+	currphase = get_parent_phase (path);	/* this is the actual state we are in */
+	parfile_age = file_age (path);
+
+	/* TODO: Set these values to the one found in the parent dnssec.conf file */
+	parent_propagation = 5 * MINSEC;
+	parent_resign = z->resign;
+	parent_keyttl = z->key_ttl;
+
+	switch ( currphase )
+	{
+	case 1:	/* we are currently in state one (new ksk already generated) */
+		if ( parfile_age > z->proptime + z->key_ttl )	/* can we go to phase 2 ? */
+		{
+			verbmesg (2, z, "\t\tkskrollover: save new ksk in parent file\n");
+			ksk = ksk->next;    /* set ksk to new ksk */
+			if ( !create_parent_file (path, currphase+1, z->key_ttl, ksk) )
+				lg_mesg (LG_ERROR, "Couldn't create parentfile %s\n", path);
+			lg_mesg (LG_INFO, "\"%s\": kskrollover phase2: send new key %d to the parent zone", zp->zone, ksk->tag);
+			return 1;
+		}
+		else
+			verbmesg (2, z, "\t\tkskrollover: we are in state 1 and waiting for propagation of the new key (parentfile %d < prop %d + keyttl %d\n", parfile_age, z->proptime, z->key_ttl);
+		break;
+	case 2:	/* we are currently in state two (propagation of new key to the parent) */
+#if 0
+		if ( parfile_age >= parent_propagation + parent_resign + parent_keyttl )	/* can we go to phase 3 ? */
+#else
+		if ( parfile_age >= parent_propagation + parent_keyttl )	/* can we go to phase 3 ? */
+#endif
+		{
+			/* remove the parentfile */
+			unlink (path);
+
+			/* remove oldest key from list and mark file as removed */
+			zp->keys = dki_remove (ksk);
+
+			// verbmesg (2, z, "kskrollover: remove parentfile and rename old key to k<zone>+<algo>+<tag>.key\n");
+			verbmesg (2, z, "\t\tkskrollover: remove parentfile and rename old key to k%s+%03d+%05d.key\n",
+									ksk->name, ksk->algo, ksk->tag);
+			lg_mesg (LG_INFO, "\"%s\": kskrollover phase3: Remove old key %d", zp->zone, ksk->tag);
+			return 1;
+		}
+		else
+#if 0
+			verbmesg (2, z, "\t\tkskrollover: we are in state 2 and  waiting for parent propagation (parentfile %d < parentprop %d + parentresig %d + parentkeyttl %d\n", parfile_age, parent_propagation, parent_resign, parent_keyttl);
+#else
+			verbmesg (2, z, "\t\tkskrollover: we are in state 2 and  waiting for parent propagation (parentfile %d < parentprop %d + parentkeyttl %d\n", parfile_age, parent_propagation, parent_keyttl);
+#endif
+		break;
+	default:
+		assert ( currphase == 1 || currphase == 2 );
+		/* NOTREACHED */
+	}
+	
+	return 0;
+}
+
+/*****************************************************************
+**	global function definition
+*****************************************************************/
+
+/*****************************************************************
+**	ksk5011status ()
+**	Check if the list of zone keys containing a revoked or a
+**	standby key.
+**	Remove the revoked key if it is older than 30 days.
+**	If the lifetime of the active key is reached, do a rfc5011
+**	keyrollover.
+**	Returns an int with the rightmost bit set if a resigning
+**	is required. The second rightmost bit is set, if it is an
+**	rfc5011 zone.
+*****************************************************************/
+int	ksk5011status (dki_t **listp, const char *dir, const char *domain, const zconf_t *z)
+{
+	dki_t	*standbykey;
+	dki_t	*activekey;
+	dki_t	*dkp;
+	dki_t	*prev;
+	time_t	currtime;
+	time_t	exptime;
+	int	ret;
+
+	assert ( listp != NULL );
+	assert ( z != NULL );
+
+	if ( z->k_life == 0 )
+		return 0;
+
+	verbmesg (1, z, "\tCheck RFC5011 status\n");
+
+	ret = 0;
+	currtime = time (NULL);
+
+	/* go through the list of key signing keys,	*/
+	/* remove revoked keys and set a pointer to standby and active key */
+	standbykey = activekey = NULL;
+	prev = NULL;
+	for ( dkp = *listp; dkp && dki_isksk (dkp); dkp = dkp->next )
+	{
+		exptime = get_exptime (dkp, z);
+		if ( dki_isrevoked (dkp) )
+			lg_mesg (LG_DEBUG, "Rev Exptime: %s", time2str (exptime, 's'));
+
+		/* revoked key is older than 30 days? */
+		if ( dki_isrevoked (dkp) && currtime > exptime + (DAYSEC * 30) )
+		{
+			verbmesg (1, z, "\tRemove revoked key %d which is older than 30 days\n", dkp->tag);
+			lg_mesg (LG_NOTICE, "zone \"%s\": removing revoked key %d", domain, dkp->tag);
+
+			/* remove key from list and mark file as removed */
+			if ( prev == NULL )		/* at the beginning of the list ? */
+				*listp = dki_remove (dkp);
+			else				/* anywhere in the middle of the list */
+				prev->next = dki_remove (dkp);
+
+			ret |= 01;		/* from now on a resigning is neccessary */
+		}
+
+		/* remember oldest standby and active key */
+		if ( dki_status (dkp) == DKI_PUBLISHED )
+			standbykey = dkp;
+		if ( dki_status (dkp) == DKI_ACTIVE )
+			activekey = dkp;
+	}
+
+	if ( standbykey == NULL && ret == 0 )	/* no standby key and also no revoked key found ? */
+		return ret;				/* Seems that this is a non rfc5011 zone! */
+
+	ret |= 02;		/* Zone looks like a rfc5011 zone */
+
+	exptime = get_exptime (activekey, z);
+#if 0
+	lg_mesg (LG_DEBUG, "Act Exptime: %s", time2str (exptime, 's'));
+	lg_mesg (LG_DEBUG, "Stb time: %s", time2str (dki_time (standbykey), 's'));
+	lg_mesg (LG_DEBUG, "Stb time+wait: %s", time2str (dki_time (standbykey) + min (DAYSEC * 30, z->key_ttl), 's'));
+#endif
+	/* At the time we first introduce a standby key, the lifetime of the current KSK should not be expired, */
+	/* otherwise we run into an (nearly) immediate key rollover!	*/
+	if ( currtime > exptime && currtime > dki_time (standbykey) + min (DAYSEC * 30, z->key_ttl) )
+	{
+		lg_mesg (LG_NOTICE, "\"%s\": starting rfc5011 rollover", domain);
+		verbmesg (1, z, "\tLifetime of Key Signing Key %d exceeded (%s): Starting rfc5011 rollover!\n",
+							activekey->tag, str_delspace (age2str (dki_age (activekey, currtime))));
+		verbmesg (2, z, "\t\t=>Generating new standby key signing key\n");
+		dkp = genkey (listp, dir, domain, DKI_KSK, z, DKI_PUBLISHED);	/* gentime == now; lifetime = z->k_life; exp = 0 */
+		if ( !dkp )
+		{
+			error ("\tcould not generate new standby KSK\n");
+			lg_mesg (LG_ERROR, "\%s\": can't generate new standby KSK", domain);
+		}
+		else
+			lg_mesg (LG_INFO, "\"%s\": generated new standby KSK %d", domain, dkp->tag);
+
+		/* standby key gets active  */
+		verbmesg (2, z, "\t\t=>Activating old standby key %d \n", standbykey->tag);
+		dki_setstatus (standbykey, DKI_ACT);
+
+		/* active key should be revoked */ 
+		verbmesg (2, z, "\t\t=>Revoking old active key %d \n", activekey->tag);
+		dki_setstatus (activekey, DKI_REVOKED);	
+		dki_setexptime (activekey, currtime);	/* now the key is expired */
+
+		ret |= 01;		/* resigning neccessary */
+	}
+
+	return ret;
+}
+
+/*****************************************************************
+**	kskstatus ()
+**	Check the ksk status of a zone if a ksk lifetime is set.
+**	If there is no key signing key present create a new one.
+**	Prints out a warning message if the lifetime of the current
+**	key signing key is over.
+**	Returns 1 if a resigning of the zone is neccessary, otherwise
+**	the function returns 0.
+*****************************************************************/
+int	kskstatus (zone_t *zonelist, zone_t *zp)
+{
+	dki_t	*akey;
+	const	zconf_t	*z;
+
+	assert ( zp != NULL );
+
+	z = zp->conf;
+	if ( z->k_life == 0 )
+		return 0;
+
+	verbmesg (1, z, "\tCheck KSK status\n");
+	/* check if a key signing key exist ? */
+	akey = (dki_t *)dki_find (zp->keys, 1, 'a', 1);
+	if ( akey == NULL )
+	{
+		verbmesg (1, z, "\tNo active KSK found: generate new one\n");
+		akey = genkey (&zp->keys, zp->dir, zp->zone, DKI_KSK, z, DKI_ACTIVE);
+		if ( !akey )
+		{
+			error ("\tcould not generate new KSK\n");
+			lg_mesg (LG_ERROR, "\"%s\": can't generate new KSK: \"%s\"",
+								zp->zone, dki_geterrstr());
+		}
+		else
+			lg_mesg (LG_INFO, "\"%s\": generated new KSK %d", zp->zone, akey->tag);
+		return akey != NULL;	/* return value of 1 forces a resigning of the zone */
+	}
+	else	/* try to start a full automatic ksk rollover */
+		kskrollover (akey, zonelist, zp);
+
+	return 0;
+}
+
+/*****************************************************************
+**	zskstatus ()
+**	Check the zsk status of a zone.
+**	Returns 1 if a resigning of the zone is neccessary, otherwise
+**	the function returns 0.
+*****************************************************************/
+int	zskstatus (dki_t **listp, const char *dir, const char *domain, const zconf_t *z)
+{
+	dki_t	*akey;
+	dki_t	*nextkey;
+	dki_t	*dkp, *last;
+	int	keychange;
+	time_t	lifetime;
+	time_t	age;
+	time_t	currtime;
+
+	assert ( listp != NULL );
+	/* dir can be NULL */
+	assert ( domain != NULL );
+	assert ( z != NULL );
+
+	currtime = time (NULL);
+
+	verbmesg (1, z, "\tCheck ZSK status\n");
+	dbg_val("zskstatus for %s \n", domain);
+	keychange = 0;
+	/* Is the depreciated key expired ? */
+	/* As mentioned by olaf, this is the max_ttl of all the rr in the zone */
+	lifetime = z->max_ttl + z->proptime;	/* draft kolkman/gieben */
+	last = NULL;
+	dkp = *listp;
+	while ( dkp )
+		if ( !dki_isksk (dkp) &&
+		     dki_status (dkp) == DKI_DEPRECIATED && 
+		     dki_age (dkp, currtime) > lifetime )
+		{
+			keychange = 1;
+			verbmesg (1, z, "\tLifetime(%d sec) of depreciated key %d exceeded (%d sec)\n",
+					 lifetime, dkp->tag, dki_age (dkp, currtime));
+			lg_mesg (LG_INFO, "\"%s\": old ZSK %d removed", domain, dkp->tag);
+			dkp = dki_destroy (dkp);	/* delete the keyfiles */
+			dbg_msg("zskstatus: depreciated key removed ");
+			if ( last )
+				last->next = dkp;
+			else
+				*listp = dkp;
+			verbmesg (1, z, "\t\t->remove it\n");
+		}
+		else
+		{
+			last = dkp;
+			dkp = dkp->next;
+		}
+
+	/* check status of active key */
+	dbg_msg("zskstatus check status of active key ");
+	lifetime = z->z_life;			/* global configured lifetime for zsk */
+	akey = (dki_t *)dki_find (*listp, 0, 'a', 1);
+	if ( akey == NULL && lifetime > 0 )	/* no active key found */
+	{
+		verbmesg (1, z, "\tNo active ZSK found: generate new one\n");
+		akey = genkey (listp, dir, domain, DKI_ZSK, z, DKI_ACTIVE);
+		lg_mesg (LG_INFO, "\"%s\": generated new ZSK %d", domain, akey->tag);
+	}
+	else	/* active key exist */
+	{
+		if ( dki_lifetime (akey) )
+			lifetime = dki_lifetime (akey);	/* set lifetime to lt of active key */
+
+		/* lifetime of active key is expired and published key exist ? */
+		age = dki_age (akey, currtime);
+		if ( lifetime > 0 && age > lifetime - (OFFSET) )
+		{
+			verbmesg (1, z, "\tLifetime(%d +/-%d sec) of active key %d exceeded (%d sec)\n",
+					lifetime, (OFFSET) , akey->tag, dki_age (akey, currtime) );
+
+			/* depreciate the key only if there is another active or published key */
+			if ( (nextkey = (dki_t *)dki_find (*listp, 0, 'a', 2)) == NULL ||
+			      nextkey == akey )
+				nextkey = (dki_t *)dki_find (*listp, 0, 'p', 1);
+
+			/* Is the published key sufficient long in the zone ? */
+			/* As mentioned by Olaf, this should be the ttl of the DNSKEY RR ! */
+			if ( nextkey && dki_age (nextkey, currtime) > z->key_ttl + z->proptime )
+			{
+				keychange = 1;
+				verbmesg (1, z, "\t\t->depreciate it\n");
+				dki_setstatus (akey, 'd');	/* depreciate the active key */
+				verbmesg (1, z, "\t\t->activate published key %d\n", nextkey->tag);
+				dki_setstatus (nextkey, 'a');	/* activate published key */
+				lg_mesg (LG_NOTICE, "\"%s\": lifetime of zone signing key %d exceeded: ZSK rollover done", domain, akey->tag);
+				akey = nextkey;
+				nextkey = NULL;
+			}
+			else
+			{
+				verbmesg (1, z, "\t\t->waiting for published key\n");
+				lg_mesg (LG_NOTICE, "\"%s\": lifetime of zone signing key %d exceeded since %s: ZSK rollover deferred: waiting for published key",
+						domain, akey->tag, str_delspace (age2str (age - lifetime)));
+			}
+		}
+	}
+	/* Should we add a new publish key?  This is neccessary if the active
+	 * key will be expired at the next re-signing interval (The published
+	 * time will be checked just before the active key will be removed.
+	 * See above).
+	 */
+	nextkey = (dki_t *)dki_find (*listp, 0, 'p', 1);
+	if ( nextkey == NULL && lifetime > 0 && (akey == NULL ||
+	     dki_age (akey, currtime + z->resign) > lifetime - (OFFSET)) )
+	{
+		keychange = 1;
+		verbmesg (1, z, "\tNew key for publishing needed\n");
+		nextkey = genkey (listp, dir, domain, DKI_ZSK, z, DKI_PUB);
+
+		if ( nextkey )
+		{
+			verbmesg (1, z, "\t\t->creating new key %d\n", nextkey->tag);
+			lg_mesg (LG_INFO, "\"%s\": new key %d generated for publishing", domain, nextkey->tag);
+		}
+		else
+		{
+			error ("\tcould not generate new ZSK: \"%s\"\n", dki_geterrstr());
+			lg_mesg (LG_ERROR, "\"%s\": can't generate new ZSK: \"%s\"",
+								domain, dki_geterrstr());
+		}
+	}
+	return keychange;
+}
+
diff --git a/contrib/zkt/rollover.h b/contrib/zkt/rollover.h
new file mode 100644
index 0000000..8d53293
--- /dev/null
+++ b/contrib/zkt/rollover.h
@@ -0,0 +1,52 @@
+/*****************************************************************
+**
+**	@(#) rollover.h  (c) 2005 - 2008  Holger Zuleger  hznet.de
+**
+**	Copyright (c) 2005 - 2008, Holger Zuleger HZnet. All rights reserved.
+**
+**	This software is open source.
+**
+**	Redistribution and use in source and binary forms, with or without
+**	modification, are permitted provided that the following conditions
+**	are met:
+**
+**	Redistributions of source code must retain the above copyright notice,
+**	this list of conditions and the following disclaimer.
+**
+**	Redistributions in binary form must reproduce the above copyright notice,
+**	this list of conditions and the following disclaimer in the documentation
+**	and/or other materials provided with the distribution.
+**
+**	Neither the name of Holger Zuleger HZnet nor the names of its contributors may
+**	be used to endorse or promote products derived from this software without
+**	specific prior written permission.
+**
+**	THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+**	"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+**	TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+**	PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
+**	LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+**	CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+**	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+**	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+**	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+**	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+**	POSSIBILITY OF SUCH DAMAGE.
+**
+*****************************************************************/
+#ifndef ROLLOVER_H
+# define ROLLOVER_H
+# include <sys/types.h>
+# include <stdarg.h>
+# include <stdio.h>
+
+#ifndef ZCONF_H
+# include "zconf.h"
+#endif
+
+# define	OFFSET	((int) (2.5 * MINSEC))
+
+extern	int	ksk5011status (dki_t **listp, const char *dir, const char *domain, const zconf_t *z);
+extern	int	kskstatus (zone_t *zonelist, zone_t *zp);
+extern	int	zskstatus (dki_t **listp, const char *dir, const char *domain, const zconf_t *z);
+#endif
diff --git a/contrib/zkt/strlist.c b/contrib/zkt/strlist.c
new file mode 100644
index 0000000..81a84bc
--- /dev/null
+++ b/contrib/zkt/strlist.c
@@ -0,0 +1,166 @@
+/*****************************************************************
+**
+**	@(#) strlist.c (c) Mar 2005  Holger Zuleger
+**
+**	TODO:	Maybe we should use a special type for the list:
+**		typedef struct { char cnt; char list[0+1]; } strlist__t;
+**		This results in better type control of the function parameters
+**
+**	Copyright (c) Mar 2005, Holger Zuleger HZnet. All rights reserved.
+**
+**	This software is open source.
+**
+**	Redistribution and use in source and binary forms, with or without
+**	modification, are permitted provided that the following conditions
+**	are met:
+**
+**	Redistributions of source code must retain the above copyright notice,
+**	this list of conditions and the following disclaimer.
+**
+**	Redistributions in binary form must reproduce the above copyright notice,
+**	this list of conditions and the following disclaimer in the documentation
+**	and/or other materials provided with the distribution.
+**
+**	Neither the name of Holger Zuleger HZnet nor the names of its contributors may
+**	be used to endorse or promote products derived from this software without
+**	specific prior written permission.
+**
+**	THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+**	"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+**	TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+**	PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
+**	LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+**	CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+**	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+**	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+**	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+**	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+**	POSSIBILITY OF SUCH DAMAGE.
+**
+*****************************************************************/
+
+#ifdef TEST
+# include <stdio.h>
+#endif
+#include <string.h>
+#include <stdlib.h>
+#include "strlist.h"
+
+
+/*****************************************************************
+**	prepstrlist (str, delim)
+**	prepare a string with delimeters to a so called strlist.
+**	'str' is a list of substrings delimeted by 'delim'
+**	The # of strings is stored at the first byte of the allocated
+**	memory. Every substring is stored as a '\0' terminated C-String.
+**	The function returns a pointer to dynamic allocated memory
+*****************************************************************/
+char	*prepstrlist (const char *str, const char *delim)
+{
+	char	*p;
+	char	*new;
+	int	len;
+	int	cnt;
+
+	if ( str == NULL )
+		return NULL;
+
+	len = strlen (str);
+	if ( (new = malloc (len + 2)) == NULL )
+		return new;
+
+	cnt = 0;
+	p = new;
+	for ( *p++ = '\0'; *str; str++ )
+	{
+		if ( strchr (delim, *str) == NULL )
+			*p++ = *str;
+		else if ( p[-1] != '\0' )
+		{
+			*p++ = '\0';
+			cnt++;
+		}
+	}
+	*p = '\0';	/*terminate string */
+	if ( p[-1] != '\0' )
+		cnt++;
+	*new = cnt & 0xFF;
+
+	return new;
+}
+
+/*****************************************************************
+**	isinlist (str, list)
+**	check if 'list' contains 'str'
+*****************************************************************/
+int	isinlist (const char *str, const char *list)
+{
+	int	cnt;
+
+	if ( list == NULL || *list == '\0' )
+		return 1;
+	if ( str == NULL || *str == '\0' )
+		return 0;
+
+	cnt = *list;
+	while ( cnt-- > 0 )
+	{
+		list++;
+		if ( strcmp (str, list) == 0 )
+			return 1;
+		list += strlen (list);
+	}
+
+	return 0;
+}
+
+/*****************************************************************
+**	unprepstrlist (list, delimc)
+*****************************************************************/
+char	*unprepstrlist (char *list, char delimc)
+{
+	char	*p;
+	int	cnt;
+
+	cnt = *list & 0xFF;
+	p = list;
+	for ( *p++ = delimc; cnt > 1; p++ )
+		if ( *p == '\0' )
+		{
+			*p = delimc;
+			cnt--;
+		}
+
+	return list;
+}
+
+#ifdef TEST
+main (int argc, char *argv[])
+{
+	FILE	*fp;
+	char	*p;
+	char	*searchlist = NULL;
+	char	group[255];
+
+	if ( argc > 1 )
+		searchlist = prepstrlist (argv[1], LISTDELIM);
+
+	printf ("searchlist: %d entrys: \n", searchlist[0]);
+	if ( (fp = fopen ("/etc/group", "r")) == NULL )
+		exit (fprintf (stderr, "can't open file\n"));
+
+	while ( fscanf (fp, "%[^:]:%*[^\n]\n", group) != EOF )
+		if ( isinlist (group, searchlist) )
+			printf ("%s\n", group);
+
+	fclose (fp);
+
+	printf ("searchlist: \"%s\"\n", unprepstrlist  (searchlist, *LISTDELIM));
+	for ( p = searchlist; *p; p++ )
+		if ( *p < 32 )
+			printf ("<%d>", *p);
+		else
+			printf ("%c", *p);
+	printf ("\n");
+}
+#endif
diff --git a/contrib/zkt/strlist.h b/contrib/zkt/strlist.h
new file mode 100644
index 0000000..fb87356
--- /dev/null
+++ b/contrib/zkt/strlist.h
@@ -0,0 +1,46 @@
+/*****************************************************************
+**
+**	@(#) strlist.h (c) Mar 2005  Holger Zuleger
+**
+**	Copyright (c) May 2005 Holger Zuleger HZnet. All rights reserved.
+**
+**	This software is open source.
+**
+**	Redistribution and use in source and binary forms, with or without
+**	modification, are permitted provided that the following conditions
+**	are met:
+**
+**	Redistributions of source code must retain the above copyright notice,
+**	this list of conditions and the following disclaimer.
+**
+**	Redistributions in binary form must reproduce the above copyright notice,
+**	this list of conditions and the following disclaimer in the documentation
+**	and/or other materials provided with the distribution.
+**
+**	Neither the name of Holger Zuleger HZnet nor the names of its contributors may
+**	be used to endorse or promote products derived from this software without
+**	specific prior written permission.
+**
+**	THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+**	"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+**	TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+**	PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
+**	LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+**	CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+**	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+**	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+**	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+**	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+**	POSSIBILITY OF SUCH DAMAGE.
+**
+*****************************************************************/
+
+#ifndef STRLIST_H
+# define STRLIST_H
+
+# define	LISTDELIM	" ,:;|^\t"
+
+char	*prepstrlist (const char *str, const char *delim);
+int	isinlist (const char *str, const char *list);
+char	*unprepstrlist (char *list, char delimc);
+#endif
diff --git a/contrib/zkt/tags b/contrib/zkt/tags
new file mode 100644
index 0000000..1471aff
--- /dev/null
+++ b/contrib/zkt/tags
@@ -0,0 +1,324 @@
+!_TAG_FILE_FORMAT	2	/extended format; --format=1 will not append ;" to lines/
+!_TAG_FILE_SORTED	1	/0=unsorted, 1=sorted, 2=foldcase/
+!_TAG_PROGRAM_AUTHOR	Darren Hiebert	/dhiebert@users.sourceforge.net/
+!_TAG_PROGRAM_NAME	Exuberant Ctags	//
+!_TAG_PROGRAM_URL	http://ctags.sourceforge.net	/official site/
+!_TAG_PROGRAM_VERSION	5.5.4	//
+CONF_ALGO	zconf.c	/^	CONF_ALGO,$/;"	e	file:
+CONF_BOOL	zconf.c	/^	CONF_BOOL,$/;"	e	file:
+CONF_COMMENT	zconf.c	/^	CONF_COMMENT,$/;"	e	file:
+CONF_END	zconf.c	/^	CONF_END = 0,$/;"	e	file:
+CONF_FACILITY	zconf.c	/^	CONF_FACILITY,$/;"	e	file:
+CONF_INT	zconf.c	/^	CONF_INT,$/;"	e	file:
+CONF_LEVEL	zconf.c	/^	CONF_LEVEL,$/;"	e	file:
+CONF_SERIAL	zconf.c	/^	CONF_SERIAL,$/;"	e	file:
+CONF_STRING	zconf.c	/^	CONF_STRING,$/;"	e	file:
+CONF_TIMEINT	zconf.c	/^	CONF_TIMEINT,$/;"	e	file:
+ISCOMMENT	zconf.c	68;"	d	file:
+ISDELIM	zconf.c	70;"	d	file:
+ISTRUE	zconf.c	66;"	d	file:
+KEYSET_FILE_PFX	dnssec-signer.c	669;"	d	file:
+KeyWords	ncparse.c	/^static struct KeyWords {$/;"	s	file:
+MAXFNAME	log.c	97;"	d	file:
+STRCONFIG_DELIMITER	zconf.c	505;"	d	file:
+TAINTEDCHARS	misc.c	60;"	d	file:
+TOK_DELEGATION	ncparse.c	59;"	d	file:
+TOK_DIR	ncparse.c	49;"	d	file:
+TOK_FILE	ncparse.c	62;"	d	file:
+TOK_FORWARD	ncparse.c	58;"	d	file:
+TOK_HINT	ncparse.c	57;"	d	file:
+TOK_INCLUDE	ncparse.c	50;"	d	file:
+TOK_MASTER	ncparse.c	54;"	d	file:
+TOK_SLAVE	ncparse.c	55;"	d	file:
+TOK_STRING	ncparse.c	48;"	d	file:
+TOK_STUB	ncparse.c	56;"	d	file:
+TOK_TYPE	ncparse.c	53;"	d	file:
+TOK_UNKNOWN	ncparse.c	64;"	d	file:
+TOK_VIEW	ncparse.c	60;"	d	file:
+TOK_ZONE	ncparse.c	52;"	d	file:
+a	domaincmp.c	/^         char    *a;$/;"	m	file:
+add2zonelist	dnssec-signer.c	/^static	int	add2zonelist (const char *dir, const char *view, const char *zone, const char *file)$/;"	f	file:
+age2str	misc.c	/^char	*age2str (time_t sec)$/;"	f
+ageflag	dnssec-zkt.c	/^int	ageflag = 0;$/;"	v
+b	domaincmp.c	/^         char    *b;$/;"	m	file:
+bool2str	zconf.c	/^static	const char	*bool2str (int val)$/;"	f	file:
+check_keydb_timestamp	dnssec-signer.c	/^static	int	check_keydb_timestamp (dki_t *keylist, time_t reftime)$/;"	f	file:
+checkconfig	zconf.c	/^int	checkconfig (const zconf_t *z)$/;"	f
+cmdline	zconf.c	/^	int	cmdline;	\/* is this a command line parameter ? *\/$/;"	m	file:
+cmpfile	misc.c	/^int	cmpfile (const char *file1, const char *file2)$/;"	f
+config	dnssec-signer.c	/^static	zconf_t	*config;$/;"	v	file:
+config	zconf.c	/^static	zconf_t	*config;$/;"	v	file:
+confpara	zconf.c	/^static	zconf_para_t	confpara[] = {$/;"	v	file:
+copy_keyset	dnssec-signer.c	/^static	void	copy_keyset (const char *dir, const char *domain, const zconf_t *conf)$/;"	f	file:
+copyfile	misc.c	/^int	copyfile (const char *fromfile, const char *tofile, const char *dnskeyfile)$/;"	f
+copyzonefile	misc.c	/^int	copyzonefile (const char *fromfile, const char *tofile, const char *dnskeyfile)$/;"	f
+create_parent_file	dnssec-zkt.c	/^static	int	create_parent_file (const char *fname, int phase, int ttl, const dki_t *dkp)$/;"	f	file:
+create_parent_file	rollover.c	/^static	int	create_parent_file (const char *fname, int phase, int ttl, const dki_t *dkp)$/;"	f	file:
+createkey	dnssec-zkt.c	/^static	void	createkey (const char *keyname, const dki_t *list, const zconf_t *conf)$/;"	f	file:
+ctype_t	zconf.c	/^} ctype_t;$/;"	t	file:
+def	zconf.c	/^static	zconf_t	def = {$/;"	v	file:
+dirflag	dnssec-zkt.c	/^static	int	dirflag = 0;$/;"	v	file:
+dirname	dnssec-signer.c	/^const	char	*dirname = NULL;$/;"	v
+dist_and_reload	dnssec-signer.c	/^static	int	dist_and_reload (const zone_t *zp)$/;"	f	file:
+dki_add	dki.c	/^dki_t	*dki_add (dki_t **list, dki_t *new)$/;"	f
+dki_age	dki.c	/^int	dki_age (const dki_t *dkp, time_t curr)$/;"	f
+dki_algo2str	dki.c	/^char	*dki_algo2str (int algo)$/;"	f
+dki_allcmp	dki.c	/^int	dki_allcmp (const dki_t *a, const dki_t *b)$/;"	f
+dki_alloc	dki.c	/^static	dki_t	*dki_alloc ()$/;"	f	file:
+dki_cmp	dki.c	/^int	dki_cmp (const dki_t *a, const dki_t *b)$/;"	f
+dki_destroy	dki.c	/^dki_t	*dki_destroy (dki_t *dkp)$/;"	f
+dki_estr	dki.c	/^static	char	dki_estr[255+1];$/;"	v	file:
+dki_exptime	dki.c	/^time_t	dki_exptime (const dki_t *dkp)$/;"	f
+dki_find	dki.c	/^const dki_t	*dki_find (const dki_t *list, int ksk, int status, int no)$/;"	f
+dki_free	dki.c	/^void	dki_free (dki_t *dkp)$/;"	f
+dki_freelist	dki.c	/^void	dki_freelist (dki_t **listp)$/;"	f
+dki_gentime	dki.c	/^time_t	dki_gentime (const dki_t *dkp)$/;"	f
+dki_geterrstr	dki.c	/^const	char	*dki_geterrstr ()$/;"	f
+dki_getflag	dki.c	/^dk_flag_t	dki_getflag (const dki_t *dkp, time_t curr)$/;"	f
+dki_isactive	dki.c	/^int	dki_isactive (const dki_t *dkp)$/;"	f
+dki_isdepreciated	dki.c	/^int	dki_isdepreciated (const dki_t *dkp)$/;"	f
+dki_isksk	dki.c	/^int	dki_isksk (const dki_t *dkp)$/;"	f
+dki_ispublished	dki.c	/^int	dki_ispublished (const dki_t *dkp)$/;"	f
+dki_isrevoked	dki.c	/^int	dki_isrevoked (const dki_t *dkp)$/;"	f
+dki_lifetime	dki.c	/^time_t	dki_lifetime (const dki_t *dkp)$/;"	f
+dki_lifetimedays	dki.c	/^ushort	dki_lifetimedays (const dki_t *dkp)$/;"	f
+dki_namecmp	dki.c	/^int	dki_namecmp (const dki_t *a, const dki_t *b)$/;"	f
+dki_new	dki.c	/^dki_t	*dki_new (const char *dir, const char *name, int ksk, int algo, int bitsize, const char *rfile, int lf_days)$/;"	f
+dki_prt_comment	dki.c	/^int	dki_prt_comment (const dki_t *dkp, FILE *fp)$/;"	f
+dki_prt_dnskey	dki.c	/^int	dki_prt_dnskey (const dki_t *dkp, FILE *fp)$/;"	f
+dki_prt_dnskey_raw	dki.c	/^int	dki_prt_dnskey_raw (const dki_t *dkp, FILE *fp)$/;"	f
+dki_prt_dnskeyttl	dki.c	/^int	dki_prt_dnskeyttl (const dki_t *dkp, FILE *fp, int ttl)$/;"	f
+dki_prt_trustedkey	dki.c	/^int	dki_prt_trustedkey (const dki_t *dkp, FILE *fp)$/;"	f
+dki_read	dki.c	/^dki_t	*dki_read (const char *dirname, const char *filename)$/;"	f
+dki_readdir	dki.c	/^int	dki_readdir (const char *dir, dki_t **listp, int recursive)$/;"	f
+dki_readfile	dki.c	/^static	int	dki_readfile (FILE *fp, dki_t *dkp)$/;"	f	file:
+dki_remove	dki.c	/^dki_t	*dki_remove (dki_t *dkp)$/;"	f
+dki_search	dki.c	/^const dki_t	*dki_search (const dki_t *list, int tag, const char *name)$/;"	f
+dki_setexptime	dki.c	/^time_t	dki_setexptime (dki_t *dkp, time_t sec)$/;"	f
+dki_setflag	dki.c	/^dk_flag_t	dki_setflag (dki_t *dkp, dk_flag_t flag)$/;"	f
+dki_setlifetime	dki.c	/^ushort	dki_setlifetime (dki_t *dkp, int days)$/;"	f
+dki_setstat	dki.c	/^static	int	dki_setstat (dki_t *dkp, int status, int preserve_time)$/;"	f	file:
+dki_setstatus	dki.c	/^int	dki_setstatus (dki_t *dkp, int status)$/;"	f
+dki_setstatus_preservetime	dki.c	/^int	dki_setstatus_preservetime (dki_t *dkp, int status)$/;"	f
+dki_status	dki.c	/^dk_status_t	dki_status (const dki_t *dkp)$/;"	f
+dki_statusstr	dki.c	/^const	char	*dki_statusstr (const dki_t *dkp)$/;"	f
+dki_tadd	dki.c	/^dki_t	*dki_tadd (dki_t **tree, dki_t *new)$/;"	f
+dki_tagcmp	dki.c	/^int	dki_tagcmp (const dki_t *a, const dki_t *b)$/;"	f
+dki_tfree	dki.c	/^void	dki_tfree (dki_t **tree)$/;"	f
+dki_time	dki.c	/^time_t	dki_time (const dki_t *dkp)$/;"	f
+dki_timecmp	dki.c	/^int	dki_timecmp (const dki_t *a, const dki_t *b)$/;"	f
+dki_tsearch	dki.c	/^const dki_t	*dki_tsearch (const dki_t *tree, int tag, const char *name)$/;"	f
+dki_unsetflag	dki.c	/^dk_flag_t	dki_unsetflag (dki_t *dkp, dk_flag_t flag)$/;"	f
+dki_writeinfo	dki.c	/^static	int	dki_writeinfo (const dki_t *dkp, const char *path)$/;"	f	file:
+domaincmp	domaincmp.c	/^int     domaincmp (const char *a, const char *b)$/;"	f
+dosigning	dnssec-signer.c	/^static	int	dosigning (zone_t *zonelist, zone_t *zp)$/;"	f	file:
+dupconfig	zconf.c	/^zconf_t	*dupconfig (const zconf_t *conf)$/;"	f
+dyn_update_freeze	dnssec-signer.c	/^static	int	dyn_update_freeze (const char *domain, const zconf_t *z, int freeze)$/;"	f	file:
+dynamic_zone	dnssec-signer.c	/^static	int	dynamic_zone = 0;	\/* dynamic zone ? *\/$/;"	v	file:
+error	misc.c	/^void error (char *fmt, ...)$/;"	f
+ex	domaincmp.c	/^} ex[] = {$/;"	v	file:
+exptimeflag	dnssec-zkt.c	/^int	exptimeflag = 0;$/;"	v
+extern	dki.c	59;"	d	file:
+extern	dki.c	61;"	d	file:
+extern	domaincmp.c	42;"	d	file:
+extern	domaincmp.c	44;"	d	file:
+extern	log.c	55;"	d	file:
+extern	log.c	57;"	d	file:
+extern	misc.c	56;"	d	file:
+extern	misc.c	58;"	d	file:
+extern	ncparse.c	44;"	d	file:
+extern	ncparse.c	46;"	d	file:
+extern	rollover.c	57;"	d	file:
+extern	rollover.c	59;"	d	file:
+extern	zconf.c	61;"	d	file:
+extern	zconf.c	63;"	d	file:
+extern	zkt.c	47;"	d	file:
+extern	zkt.c	49;"	d	file:
+extern	zone.c	53;"	d	file:
+extern	zone.c	55;"	d	file:
+fatal	misc.c	/^void fatal (char *fmt, ...)$/;"	f
+file_age	misc.c	/^int	file_age (const char *fname)$/;"	f
+file_mtime	misc.c	/^time_t	file_mtime (const char *fname)$/;"	f
+fileexist	misc.c	/^int	fileexist (const char *name)$/;"	f
+filesize	misc.c	/^size_t	filesize (const char *name)$/;"	f
+force	dnssec-signer.c	/^static	int	force = 0;$/;"	v	file:
+genkey	rollover.c	/^static	dki_t	*genkey (dki_t **listp, const char *dir, const char *domain, int ksk, const zconf_t *conf, int status)$/;"	f	file:
+get_exptime	rollover.c	/^static	time_t	get_exptime (dki_t *key, const zconf_t *z)$/;"	f	file:
+get_parent_phase	dnssec-zkt.c	/^static	int	get_parent_phase (const char *file)$/;"	f	file:
+get_parent_phase	rollover.c	/^static	int	get_parent_phase (const char *file)$/;"	f	file:
+getdefconfname	misc.c	/^const	char	*getdefconfname (const char *view)$/;"	f
+getnameappendix	misc.c	/^const	char	*getnameappendix (const char *progname, const char *basename)$/;"	f
+gettok	ncparse.c	/^static	int	gettok (FILE *fp, char *val, size_t valsize)$/;"	f	file:
+goto_labelstart	domaincmp.c	47;"	d	file:
+headerflag	dnssec-zkt.c	/^int	headerflag = 1;$/;"	v
+in_strarr	misc.c	/^int	in_strarr (const char *str, char *const arr[], int cnt)$/;"	f
+inc_errstr	misc.c	/^const	char	*inc_errstr (int err)$/;"	f
+inc_serial	misc.c	/^int	inc_serial (const char *fname, int use_unixtime)$/;"	f
+inc_soa_serial	misc.c	/^static	int	inc_soa_serial (FILE *fp, int use_unixtime)$/;"	f	file:
+is_directory	misc.c	/^int	is_directory (const char *name)$/;"	f
+is_dotfile	misc.c	/^int	is_dotfile (const char *name)$/;"	f
+is_exec_ok	misc.c	/^int	is_exec_ok (const char *prog)$/;"	f
+is_keyfilename	misc.c	/^int	is_keyfilename (const char *name)$/;"	f
+is_parentdirsigned	rollover.c	/^static	int	is_parentdirsigned (const zone_t *zonelist, const zone_t *zp)$/;"	f	file:
+isinlist	strlist.c	/^int	isinlist (const char *str, const char *list)$/;"	f
+ksk5011status	rollover.c	/^int	ksk5011status (dki_t **listp, const char *dir, const char *domain, const zconf_t *z)$/;"	f
+ksk_roll	dnssec-zkt.c	/^static	void	ksk_roll (const char *keyname, int phase, const dki_t *list, const zconf_t *conf)$/;"	f	file:
+kskdomain	dnssec-zkt.c	/^static	char	*kskdomain = "";$/;"	v	file:
+kskflag	dnssec-zkt.c	/^int	kskflag = 1;$/;"	v
+kskrollover	rollover.c	/^static	int	kskrollover (dki_t *ksk, zone_t *zonelist, zone_t *zp)$/;"	f	file:
+kskstatus	rollover.c	/^int	kskstatus (zone_t *zonelist, zone_t *zp)$/;"	f
+kw	ncparse.c	/^} kw[] = {$/;"	v	file:
+label	zconf.c	/^	char	*label;		\/* the name of the paramter *\/$/;"	m	file:
+labellist	dnssec-zkt.c	/^char	*labellist = NULL;$/;"	v
+level	log.c	/^	lg_lvl_t	level;$/;"	m	file:
+lg_args	log.c	/^void	lg_args (lg_lvl_t level, int argc, char * const argv[])$/;"	f
+lg_close	log.c	/^int	lg_close ()$/;"	f
+lg_errcnt	log.c	/^static	long	lg_errcnt;$/;"	v	file:
+lg_fileopen	log.c	/^static	FILE	*lg_fileopen (const char *path, const char *name)$/;"	f	file:
+lg_fp	log.c	/^static	FILE	*lg_fp;$/;"	v	file:
+lg_geterrcnt	log.c	/^long	lg_geterrcnt ()$/;"	f
+lg_lvl2str	log.c	/^const	char	*lg_lvl2str (lg_lvl_t level)$/;"	f
+lg_lvl2syslog	log.c	/^lg_lvl_t	lg_lvl2syslog (lg_lvl_t level)$/;"	f
+lg_mesg	log.c	/^void	lg_mesg (int priority, char *fmt, ...)$/;"	f
+lg_minfilelevel	log.c	/^static	int	lg_minfilelevel;$/;"	v	file:
+lg_minsyslevel	log.c	/^static	int	lg_minsyslevel;$/;"	v	file:
+lg_open	log.c	/^int	lg_open (const char *progname, const char *facility, const char *syslevel, const char *path, const char *file, const char *filelevel)$/;"	f
+lg_progname	log.c	/^static	const char	*lg_progname;$/;"	v	file:
+lg_reseterrcnt	log.c	/^long	lg_reseterrcnt ()$/;"	f
+lg_seterrcnt	log.c	/^long	lg_seterrcnt (long value)$/;"	f
+lg_str2lvl	log.c	/^lg_lvl_t	lg_str2lvl (const char *name)$/;"	f
+lg_str2syslog	log.c	/^int	lg_str2syslog (const char *facility)$/;"	f
+lg_symtbl_t	log.c	/^} lg_symtbl_t;$/;"	t	file:
+lg_syslogging	log.c	/^static	int	lg_syslogging;$/;"	v	file:
+lifetime	dnssec-zkt.c	/^int	lifetime = 0;$/;"	v
+lifetimeflag	dnssec-zkt.c	/^int	lifetimeflag = 0;$/;"	v
+linkfile	misc.c	/^int	linkfile (const char *fromfile, const char *tofile)$/;"	f
+list_dnskey	zkt.c	/^static	void	list_dnskey (const dki_t **nodep, const VISIT which, int depth)$/;"	f	file:
+list_key	zkt.c	/^static	void	list_key (const dki_t **nodep, const VISIT which, int depth)$/;"	f	file:
+list_trustedkey	zkt.c	/^static	void	list_trustedkey (const dki_t **nodep, const VISIT which, int depth)$/;"	f	file:
+ljustflag	dnssec-zkt.c	/^int	ljustflag = 0;$/;"	v
+loadconfig	zconf.c	/^zconf_t	*loadconfig (const char *filename, zconf_t *z)$/;"	f
+loadconfig_fromstr	zconf.c	/^zconf_t	*loadconfig_fromstr (const char *str, zconf_t *z)$/;"	f
+logfile	dnssec-signer.c	/^const	char	*logfile = NULL;$/;"	v
+logflush	misc.c	/^void logflush ()$/;"	f
+logmesg	misc.c	/^void logmesg (char *fmt, ...)$/;"	f
+long_options	dnssec-signer.c	/^static struct option long_options[] = {$/;"	v	file:
+long_options	dnssec-zkt.c	/^static struct option long_options[] = {$/;"	v	file:
+lopt_usage	dnssec-signer.c	302;"	d	file:
+lopt_usage	dnssec-signer.c	305;"	d	file:
+lopt_usage	dnssec-zkt.c	410;"	d	file:
+lopt_usage	dnssec-zkt.c	413;"	d	file:
+loptstr	dnssec-signer.c	303;"	d	file:
+loptstr	dnssec-signer.c	306;"	d	file:
+loptstr	dnssec-zkt.c	411;"	d	file:
+loptstr	dnssec-zkt.c	414;"	d	file:
+main	dnssec-signer.c	/^int	main (int argc, char *const argv[])$/;"	f
+main	dnssec-zkt.c	/^int	main (int argc, char *argv[])$/;"	f
+main	domaincmp.c	/^main (int argc, char *argv[])$/;"	f
+main	log.c	/^int	main (int argc, char *argv[])$/;"	f
+main	misc.c	/^main (int argc, char *argv[])$/;"	f
+main	ncparse.c	/^main (int argc, char *argv[])$/;"	f
+main	strlist.c	/^main (int argc, char *argv[])$/;"	f
+main	zconf.c	/^main (int argc, char *argv[])$/;"	f
+main	zkt-soaserial.c	/^int	main (int argc, char *argv[])$/;"	f
+name	ncparse.c	/^	char	*name;$/;"	m	struct:KeyWords	file:
+namedconf	dnssec-signer.c	/^const	char	*namedconf = NULL;$/;"	v
+new_keysetfiles	dnssec-signer.c	/^static	int	new_keysetfiles (const char *dir, time_t zone_signing_time)$/;"	f	file:
+noexec	dnssec-signer.c	/^static	int	noexec = 0;$/;"	v	file:
+origin	dnssec-signer.c	/^const	char	*origin = NULL;$/;"	v
+parse_namedconf	ncparse.c	/^int	parse_namedconf (const char *filename, char *dir, size_t dirsize, int (*func) ())$/;"	f
+parseconfigline	zconf.c	/^static	void	parseconfigline (char *buf, unsigned int line, zconf_t *z)$/;"	f	file:
+parsedir	dnssec-signer.c	/^static	int	parsedir (const char *dir, zone_t **zp, const zconf_t *conf)$/;"	f	file:
+parsedirectory	dnssec-zkt.c	/^static	int	parsedirectory (const char *dir, dki_t **listp)$/;"	f	file:
+parsefile	dnssec-zkt.c	/^static	void	parsefile (const char *file, dki_t **listp)$/;"	f	file:
+parsetag	dnssec-zkt.c	/^static	const char *parsetag (const char *str, int *tagp)$/;"	f	file:
+parseurl	misc.c	/^void	parseurl (char *url, char **proto, char **host, char **port, char **para)$/;"	f
+pathflag	dnssec-zkt.c	/^int	pathflag = 0;$/;"	v
+pathname	misc.c	/^char	*pathname (char *path, size_t size, const char *dir, const char *file, const char *ext)$/;"	f
+prepstrlist	strlist.c	/^char	*prepstrlist (const char *str, const char *delim)$/;"	f
+printconfig	zconf.c	/^int	printconfig (const char *fname, const zconf_t *z)$/;"	f
+printconfigline	zconf.c	/^static	void	printconfigline (FILE *fp, zconf_para_t *cp)$/;"	f	file:
+printkeyinfo	zkt.c	/^static	void	printkeyinfo (const dki_t *dkp, const char *oldpath)$/;"	f	file:
+printserial	zkt-soaserial.c	/^static	void	printserial (const char *fname, unsigned long serial)$/;"	f	file:
+printzone	ncparse.c	/^int	printzone (const char *dir, const char *view, const char *zone, const char *file)$/;"	f
+progname	dnssec-signer.c	/^const	char	*progname;$/;"	v
+progname	dnssec-zkt.c	/^const	char	*progname;$/;"	v
+progname	domaincmp.c	/^const char	*progname;$/;"	v
+progname	log.c	/^const char *progname;$/;"	v
+progname	misc.c	/^const char *progname;$/;"	v
+progname	ncparse.c	/^char	*progname;$/;"	v
+progname	zconf.c	/^const char *progname;$/;"	v
+progname	zkt-soaserial.c	/^static	const char *progname;$/;"	v	file:
+read_serial_fromfile	zkt-soaserial.c	/^static	int	read_serial_fromfile (const char *fname, unsigned long *serial)$/;"	f	file:
+recflag	dnssec-zkt.c	/^static	int	recflag = RECURSIVE;$/;"	v	file:
+register_key	dnssec-signer.c	/^static	void	register_key (dki_t *list, const zconf_t *z)$/;"	f	file:
+reload_zone	dnssec-signer.c	/^static	int	reload_zone (const char *domain, const zconf_t *z)$/;"	f	file:
+reloadflag	dnssec-signer.c	/^static	int	reloadflag = 0;$/;"	v	file:
+res	domaincmp.c	/^         int     res;$/;"	m	file:
+searchitem	zkt.c	/^static	int	searchitem;$/;"	v	file:
+searchkw	ncparse.c	/^static	int	searchkw (const char *keyword)$/;"	f	file:
+searchresult	zkt.c	/^static	const	dki_t	*searchresult;$/;"	v	file:
+set_all_varptr	zconf.c	/^static	void set_all_varptr (zconf_t *cp)$/;"	f	file:
+set_keylifetime	zkt.c	/^static	void	set_keylifetime (const dki_t **nodep, const VISIT which, int depth)$/;"	f	file:
+set_varptr	zconf.c	/^static	int set_varptr (char *entry, void *ptr)$/;"	f	file:
+setconfigpar	zconf.c	/^int	setconfigpar (zconf_t *config, char *entry, const void *pval)$/;"	f
+setglobalflags	dnssec-zkt.c	/^static	void	setglobalflags (zconf_t *config)$/;"	f	file:
+short_options	dnssec-signer.c	66;"	d	file:
+short_options	dnssec-signer.c	68;"	d	file:
+short_options	dnssec-zkt.c	89;"	d	file:
+sign_zone	dnssec-signer.c	/^static	int	sign_zone (const char *dir, const char *domain, const char *file, const zconf_t *conf)$/;"	f	file:
+sopt_usage	dnssec-signer.c	300;"	d	file:
+sopt_usage	dnssec-zkt.c	408;"	d	file:
+splitpath	misc.c	/^const	char	*splitpath (char *path, size_t size, const char *filename)$/;"	f
+start_timer	misc.c	/^time_t	start_timer ()$/;"	f
+stop_timer	misc.c	/^time_t	stop_timer (time_t start)$/;"	f
+str	log.c	/^	const	char	*str;$/;"	m	file:
+str_chop	misc.c	/^char	*str_chop (char *str, char c)$/;"	f
+str_delspace	misc.c	/^char	*str_delspace (char *s)$/;"	f
+str_tolowerdup	misc.c	/^char	*str_tolowerdup (const char *s)$/;"	f
+str_untaint	misc.c	/^char	*str_untaint (char *str)$/;"	f
+symtbl	log.c	/^static	lg_symtbl_t	symtbl[] = {$/;"	v	file:
+syslog_level	log.c	/^	int		syslog_level;$/;"	m	file:
+tag_search	zkt.c	/^static	void	tag_search (const dki_t **nodep, const VISIT which, int depth)$/;"	f	file:
+time2isostr	misc.c	/^char	*time2isostr (time_t sec, int precision)$/;"	f
+time2str	misc.c	/^char	*time2str (time_t sec, int precision)$/;"	f
+timeflag	dnssec-zkt.c	/^int	timeflag = 1;$/;"	v
+timeint2str	zconf.c	/^static	const char	*timeint2str (ulong val)$/;"	f	file:
+timestr	zkt-soaserial.c	/^static	char	*timestr (time_t sec)$/;"	f	file:
+timestr2time	misc.c	/^time_t	timestr2time (const char *timestr)$/;"	f
+today_serialtime	misc.c	/^static	ulong	today_serialtime ()$/;"	f	file:
+tok	ncparse.c	/^	int	tok;$/;"	m	struct:KeyWords	file:
+tok2str	ncparse.c	/^static	const char	*tok2str (int  tok)$/;"	f	file:
+touch	misc.c	/^int	touch (const char *fname, time_t sec)$/;"	f
+trustedkeyflag	dnssec-zkt.c	/^static	int	trustedkeyflag = 0;$/;"	v	file:
+type	zconf.c	/^	ctype_t	type;		\/* the parameter type *\/$/;"	m	file:
+unprepstrlist	strlist.c	/^char	*unprepstrlist (char *list, char delimc)$/;"	f
+usage	dnssec-signer.c	/^static	void	usage (char *mesg, zconf_t *conf)$/;"	f	file:
+usage	dnssec-zkt.c	/^static	void    usage (char *mesg, zconf_t *cp)$/;"	f	file:
+usage	zkt-soaserial.c	/^static	void	usage (const char *msg)$/;"	f	file:
+var	zconf.c	/^	void	*var;		\/* pointer to the parameter variable *\/$/;"	m	file:
+verbmesg	misc.c	/^void	verbmesg (int verblvl, const zconf_t *conf, char *fmt, ...)$/;"	f
+verbose	dnssec-signer.c	/^static	int	verbose = 0;$/;"	v	file:
+view	dnssec-zkt.c	/^static	const	char	*view = "";$/;"	v	file:
+viewname	dnssec-signer.c	/^const	char	*viewname = NULL;$/;"	v
+writekeyfile	dnssec-signer.c	/^static	int	writekeyfile (const char *fname, const dki_t *list, int key_ttl)$/;"	f	file:
+zconf_para_t	zconf.c	/^} zconf_para_t;$/;"	t	file:
+zkt_list_dnskeys	zkt.c	/^void	zkt_list_dnskeys (const dki_t *data)$/;"	f
+zkt_list_keys	zkt.c	/^void	zkt_list_keys (const dki_t *data)$/;"	f
+zkt_list_trustedkeys	zkt.c	/^void	zkt_list_trustedkeys (const dki_t *data)$/;"	f
+zkt_search	zkt.c	/^const	dki_t	*zkt_search (const dki_t *data, int searchtag, const char *keyname)$/;"	f
+zkt_setkeylifetime	zkt.c	/^void	zkt_setkeylifetime (dki_t *data)$/;"	f
+zone_add	zone.c	/^zone_t	*zone_add (zone_t **list, zone_t *new)$/;"	f
+zone_alloc	zone.c	/^static	zone_t	*zone_alloc ()$/;"	f	file:
+zone_cmp	zone.c	/^static	int	zone_cmp (const zone_t *a, const zone_t *b)$/;"	f	file:
+zone_estr	zone.c	/^static	char	zone_estr[255+1];$/;"	v	file:
+zone_free	zone.c	/^void	zone_free (zone_t *zp)$/;"	f
+zone_freelist	zone.c	/^void	zone_freelist (zone_t **listp)$/;"	f
+zone_geterrstr	zone.c	/^const	char	*zone_geterrstr ()$/;"	f
+zone_new	zone.c	/^zone_t	*zone_new (zone_t **zp, const char *zone, const char *dir, const char *file, const char *signed_ext, const zconf_t *cp)$/;"	f
+zone_print	zone.c	/^int	zone_print (const char *mesg, const zone_t *z)$/;"	f
+zone_readdir	zone.c	/^int	zone_readdir (const char *dir, const char *zone, const char *zfile, zone_t **listp, const zconf_t *conf, int dyn_zone)$/;"	f
+zone_search	zone.c	/^const zone_t	*zone_search (const zone_t *list, const char *zone)$/;"	f
+zonelist	dnssec-signer.c	/^static	zone_t	*zonelist = NULL;	\/* must be static global because add2zonelist use it *\/$/;"	v	file:
+zskflag	dnssec-zkt.c	/^int	zskflag = 1;$/;"	v
+zskstatus	rollover.c	/^int	zskstatus (dki_t **listp, const char *dir, const char *domain, const zconf_t *z)$/;"	f
diff --git a/contrib/zkt/zconf.c b/contrib/zkt/zconf.c
new file mode 100644
index 0000000..1dee484
--- /dev/null
+++ b/contrib/zkt/zconf.c
@@ -0,0 +1,775 @@
+/****************************************************************
+**
+**	@(#) zconf.c -- configuration file parser for dnssec.conf
+**
+**	Most of the code is from the SixXS Heartbeat Client
+**	written by Jeroen Massar <jeroen@sixxs.net>
+**
+**	New config types and some slightly code changes
+**	by Holger Zuleger
+**
+**	Copyright (c) Aug 2005, Jeroen Massar, Holger Zuleger.
+**	All rights reserved.
+**	
+**	This software is open source.
+**	
+**	Redistribution and use in source and binary forms, with or without
+**	modification, are permitted provided that the following conditions
+**	are met:
+**	
+**	Redistributions of source code must retain the above copyright notice,
+**	this list of conditions and the following disclaimer.
+**	
+**	Redistributions in binary form must reproduce the above copyright notice,
+**	this list of conditions and the following disclaimer in the documentation
+**	and/or other materials provided with the distribution.
+**	
+**	Neither the name of Jeroen Masar or Holger Zuleger nor the
+**	names of its contributors may be used to endorse or promote products
+**	derived from this software without specific prior written permission.
+**	
+**	THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+**	"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+**	TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+**	PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
+**	LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+**	CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+**	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+**	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+**	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+**	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+**	POSSIBILITY OF SUCH DAMAGE.
+**
+****************************************************************/
+# include <sys/types.h>
+# include <stdio.h>
+# include <errno.h>
+# include <unistd.h>
+# include <stdlib.h>
+# include <stdarg.h>
+# include <string.h>
+# include <strings.h>
+# include <assert.h>
+# include <ctype.h>
+
+#ifdef HAVE_CONFIG_H
+# include "config.h"
+#endif
+# include "config_zkt.h"
+# include "debug.h"
+# include "misc.h"
+#define extern
+# include "zconf.h"
+#undef extern
+# include "dki.h"
+
+# define	ISTRUE(val)	(strcasecmp (val, "yes") == 0 || \
+				strcasecmp (val, "true") == 0    )
+# define	ISCOMMENT(cp)	(*(cp) == '#' || *(cp) == ';' || \
+				(*(cp) == '/' && *((cp)+1) == '/') )
+# define	ISDELIM(c)	( isspace (c) || (c) == ':' || (c) == '=' )
+
+
+typedef enum {
+	CONF_END = 0,
+	CONF_STRING,
+	CONF_INT,
+	CONF_TIMEINT,
+	CONF_BOOL,
+	CONF_ALGO,
+	CONF_SERIAL,
+	CONF_FACILITY,
+	CONF_LEVEL,
+	CONF_COMMENT,
+} ctype_t;
+
+/*****************************************************************
+**	private (static) variables
+*****************************************************************/
+static	zconf_t	def = {
+	ZONEDIR, RECURSIVE, 
+	PRINTTIME, PRINTAGE, LJUST,
+	SIG_VALIDITY, MAX_TTL, KEY_TTL, PROPTIME, Incremental,
+	RESIGN_INT,
+	KSK_LIFETIME, KSK_ALGO, KSK_BITS, KSK_RANDOM,
+	ZSK_LIFETIME, ZSK_ALGO, ZSK_BITS, ZSK_RANDOM,
+	NULL, /* viewname cmdline paramter */
+	LOGFILE, LOGLEVEL, SYSLOGFACILITY, SYSLOGLEVEL, VERBOSELOG, 0,
+	DNSKEYFILE, ZONEFILE, KEYSETDIR,
+	LOOKASIDEDOMAIN,
+	SIG_RANDOM, SIG_PSEUDO, SIG_GENDS, SIG_PARAM,
+	DIST_CMD	/* deafults to NULL which means to run "rndc reload" */
+};
+
+typedef	struct {
+	char	*label;		/* the name of the paramter */
+	int	cmdline;	/* is this a command line parameter ? */
+	ctype_t	type;		/* the parameter type */
+	void	*var;		/* pointer to the parameter variable */
+} zconf_para_t;
+
+static	zconf_para_t	confpara[] = {
+	{ "",			0,	CONF_COMMENT,	""},
+	{ "",			0,	CONF_COMMENT,	"\t@(#) dnssec.conf " ZKT_VERSION },
+	{ "",			0,	CONF_COMMENT,	""},
+	{ "",			0,	CONF_COMMENT,	NULL },
+
+	{ "",			0,	CONF_COMMENT,	"dnssec-zkt options" },
+	{ "Zonedir",		0,	CONF_STRING,	&def.zonedir },
+	{ "Recursive",		0,	CONF_BOOL,	&def.recursive },
+	{ "PrintTime",		0,	CONF_BOOL,	&def.printtime },
+	{ "PrintAge",		0,	CONF_BOOL,	&def.printage },
+	{ "LeftJustify",	0,	CONF_BOOL,	&def.ljust },
+
+	{ "",			0,	CONF_COMMENT,	NULL },
+	{ "",			0,	CONF_COMMENT,	"zone specific values" },
+	{ "ResignInterval",	0,	CONF_TIMEINT,	&def.resign },
+	{ "Sigvalidity",	0,	CONF_TIMEINT,	&def.sigvalidity },
+	{ "Max_TTL",		0,	CONF_TIMEINT,	&def.max_ttl },
+	{ "Propagation",	0,	CONF_TIMEINT,	&def.proptime },
+	{ "KEY_TTL",		0,	CONF_TIMEINT,	&def.key_ttl },
+#if defined (DEF_TTL)
+	{ "def_ttl",		0,	CONF_TIMEINT,	&def.def_ttl },
+#endif
+	{ "Serialformat",	0,	CONF_SERIAL,	&def.serialform },
+
+	{ "",			0,	CONF_COMMENT,	NULL },
+	{ "",			0,	CONF_COMMENT,	"signing key parameters"},
+	{ "KSK_lifetime",	0,	CONF_TIMEINT,	&def.k_life },
+	{ "KSK_algo",		0,	CONF_ALGO,	&def.k_algo },
+	{ "KSK_bits",		0,	CONF_INT,	&def.k_bits },
+	{ "KSK_randfile",	0,	CONF_STRING,	&def.k_random },
+	{ "ZSK_lifetime",	0,	CONF_TIMEINT,	&def.z_life },
+	{ "ZSK_algo",		0,	CONF_ALGO,	&def.z_algo },
+	{ "ZSK_bits",		0,	CONF_INT,	&def.z_bits },
+	{ "ZSK_randfile",	0,	CONF_STRING,	&def.z_random },
+
+	{ "",			0,	CONF_COMMENT,	NULL },
+	{ "",			0,	CONF_COMMENT,	"dnssec-signer options"},
+	{ "--view",		1,	CONF_STRING,	&def.view },
+	{ "LogFile",		0,	CONF_STRING,	&def.logfile },
+	{ "LogLevel",		0,	CONF_LEVEL,	&def.loglevel },
+	{ "SyslogFacility",	0,	CONF_FACILITY,	&def.syslogfacility },
+	{ "SyslogLevel",	0,	CONF_LEVEL,	&def.sysloglevel },
+	{ "VerboseLog",		0,	CONF_INT,	&def.verboselog },
+	{ "-v",			1,	CONF_INT,	&def.verbosity },
+	{ "Keyfile",		0,	CONF_STRING,	&def.keyfile },
+	{ "Zonefile",		0,	CONF_STRING,	&def.zonefile },
+	{ "KeySetDir",		0,	CONF_STRING,	&def.keysetdir },
+	{ "DLV_Domain",		0,	CONF_STRING,	&def.lookaside },
+	{ "Sig_Randfile",	0,	CONF_STRING,	&def.sig_random },
+	{ "Sig_Pseudorand",	0,	CONF_BOOL,	&def.sig_pseudo },
+	{ "Sig_GenerateDS",	1,	CONF_BOOL,	&def.sig_gends },
+	{ "Sig_Parameter",	0,	CONF_STRING,	&def.sig_param },
+	{ "Distribute_Cmd",	0,	CONF_STRING,	&def.dist_cmd },
+
+	{ NULL,			0,	CONF_END,	NULL},
+};
+
+/*****************************************************************
+**	private (static) function deklaration and definition
+*****************************************************************/
+static	const char	*bool2str (int val)
+{
+	return val ? "True" : "False";
+}
+
+static	const char	*timeint2str (ulong val)
+{
+	static	char	str[20+1];
+
+	if ( val == 0 )
+		snprintf (str, sizeof (str), "%lu", val / YEARSEC);
+	else if ( val % YEARSEC == 0 )
+		snprintf (str, sizeof (str), "%luy", val / YEARSEC);
+	else if ( val % WEEKSEC == 0 )
+		snprintf (str, sizeof (str), "%luw", val / WEEKSEC);
+	else if ( val % DAYSEC == 0 )
+		snprintf (str, sizeof (str), "%lud", val / DAYSEC);
+	else if ( val % HOURSEC == 0 )
+		snprintf (str, sizeof (str), "%luh", val / HOURSEC);
+	else if ( val % MINSEC == 0 )
+		snprintf (str, sizeof (str), "%lum", val / MINSEC);
+	else
+		snprintf (str, sizeof (str), "%lus", val);
+
+	return str;
+}
+
+static	int set_varptr (char *entry, void *ptr)
+{
+	zconf_para_t	*c;
+
+	for ( c = confpara; c->label; c++ )
+		if ( strcasecmp (entry, c->label) == 0 )
+		{
+			c->var = ptr;
+			return 1;
+		}
+	return 0;
+}
+
+static	void set_all_varptr (zconf_t *cp)
+{
+	set_varptr ("zonedir", &cp->zonedir);
+	set_varptr ("recursive", &cp->recursive);
+	set_varptr ("printage", &cp->printage);
+	set_varptr ("printtime", &cp->printtime);
+	set_varptr ("leftjustify", &cp->ljust);
+
+	set_varptr ("resigninterval", &cp->resign);
+	set_varptr ("sigvalidity", &cp->sigvalidity);
+	set_varptr ("max_ttl", &cp->max_ttl);
+	set_varptr ("key_ttl", &cp->key_ttl);
+	set_varptr ("propagation", &cp->proptime);
+#if defined (DEF_TTL)
+	set_varptr ("def_ttl", &cp->def_ttl);
+#endif
+	set_varptr ("serialformat", &cp->serialform);
+
+	set_varptr ("ksk_lifetime", &cp->k_life);
+	set_varptr ("ksk_algo", &cp->k_algo);
+	set_varptr ("ksk_bits", &cp->k_bits);
+	set_varptr ("ksk_randfile", &cp->k_random);
+
+	set_varptr ("zsk_lifetime", &cp->z_life);
+	set_varptr ("zsk_algo", &cp->z_algo);
+	set_varptr ("zsk_bits", &cp->z_bits);
+	set_varptr ("zsk_randfile", &cp->z_random);
+
+	set_varptr ("--view", &cp->view);
+	set_varptr ("logfile", &cp->logfile);
+	set_varptr ("loglevel", &cp->loglevel);
+	set_varptr ("syslogfacility", &cp->syslogfacility);
+	set_varptr ("sysloglevel", &cp->sysloglevel);
+	set_varptr ("verboselog", &cp->verboselog);
+	set_varptr ("-v", &cp->verbosity);
+	set_varptr ("keyfile", &cp->keyfile);
+	set_varptr ("zonefile", &cp->zonefile);
+	set_varptr ("keysetdir", &cp->keysetdir);
+	set_varptr ("dlv_domain", &cp->lookaside);
+	set_varptr ("sig_randfile", &cp->sig_random);
+	set_varptr ("sig_pseudorand", &cp->sig_pseudo);
+	set_varptr ("sig_generateds", &cp->sig_gends);
+	set_varptr ("sig_parameter", &cp->sig_param);
+	set_varptr ("distribute_cmd", &cp->dist_cmd);
+}
+
+static	void	parseconfigline (char *buf, unsigned int line, zconf_t *z)
+{
+	char		*end, *val, *p;
+	char		*tag;
+	unsigned int	len, found;
+	zconf_para_t	*c;
+
+	p = &buf[strlen(buf)-1];        /* Chop off white space at eol */
+	while ( p >= buf && isspace (*p) )
+		*p-- = '\0';
+
+	for (p = buf; isspace (*p); p++ )	/* Ignore leading white space */
+		;
+	
+	/* Ignore comments and emtpy lines */
+	if ( *p == '\0' || ISCOMMENT (p) )
+		return;
+
+	tag = p;
+	/* Get the end of the first argument */
+	end = &buf[strlen(buf)-1];
+	while ( p < end && !ISDELIM (*p) )      /* Skip until delim */
+		p++;
+	*p++ = '\0';    /* Terminate this argument */
+	dbg_val1 ("Parsing \"%s\"\n", tag);
+
+
+	while ( p < end && ISDELIM (*p) )	/* Skip delim chars */
+		p++;
+
+	val = p;	/* Start of the value */
+	dbg_val1 ("\tgot value \"%s\"\n", val);
+
+	/* If starting with quote, skip until next quote */
+	if ( *p == '"' || *p == '\'' )
+	{
+		p++;    /* Find next quote */
+		while ( p <= end && *p && *p != *val )
+			p++;
+		*p = '\0';
+		val++;          /* Skip the first quote */
+	}
+	else    /* Otherwise check if there is any comment char at the end */
+	{
+		while ( p < end && *p && !ISCOMMENT(p) )
+			p++;
+		if ( ISCOMMENT (p) )
+		{
+			do      /* Chop off white space before comment */
+				*p-- = '\0';
+			while ( p >= val && isspace (*p) );
+		}
+	}
+
+	/* Otherwise it is already terminated above */
+
+	found = 0;
+	c = confpara;
+	while ( !found && c->type != CONF_END )
+	{
+		len = strlen (c->label);
+		if ( strcasecmp (tag, c->label) == 0 )
+		{
+			char	**str;
+			char	quantity;
+			int	ival;
+
+			found = 1;
+			switch ( c->type )
+			{
+			case CONF_LEVEL:
+			case CONF_FACILITY:
+			case CONF_STRING:
+				str = (char **)c->var;
+				*str = strdup (val);
+				str_untaint (*str);	/* remove "bad" characters */
+				break;
+			case CONF_INT:
+				sscanf (val, "%d", (int *)c->var);
+				break;
+			case CONF_TIMEINT:
+				quantity = 'd';
+				sscanf (val, "%d%c", &ival, &quantity);
+				if  ( quantity == 'm' )
+					ival *= MINSEC;
+				else if  ( quantity == 'h' )
+					ival *= HOURSEC;
+				else if  ( quantity == 'd' )
+					ival *= DAYSEC;
+				else if  ( quantity == 'w' )
+					ival *= WEEKSEC;
+				else if  ( quantity == 'y' )
+					ival *= YEARSEC;
+				(*(int *)c->var) = ival;
+				break;
+			case CONF_ALGO:
+				if ( strcasecmp (val, "rsa") == 0 || strcasecmp (val, "rsamd5") == 0 )
+					*((int *)c->var) = DK_ALGO_RSA;
+				else if ( strcasecmp (val, "dsa") == 0 )
+					*((int *)c->var) = DK_ALGO_DSA;
+				else if ( strcasecmp (val, "rsasha1") == 0 )
+					*((int *)c->var) = DK_ALGO_RSASHA1;
+				else
+					error ("Illegal algorithm \"%s\" "
+						"in line %d.\n" , val, line);
+				break;
+			case CONF_SERIAL:
+				if ( strcasecmp (val, "unixtime") == 0 )
+					*((serial_form_t *)c->var) = Unixtime;
+				else if ( strcasecmp (val, "incremental") == 0 )
+					*((serial_form_t *)c->var) = Incremental;
+				else
+					error ("Illegal serial no format \"%s\" "
+						"in line %d.\n" , val, line);
+				break;
+			case CONF_BOOL:
+				*((int *)c->var) = ISTRUE (val);
+				break;
+			default:
+				fatal ("Illegal configuration type in line %d.\n", line);
+			}
+		}
+		c++;
+	}
+	if ( !found )
+		error ("Unknown configuration statement: %s \"%s\"\n", tag, val);
+	return;
+}
+
+static	void	printconfigline (FILE *fp, zconf_para_t *cp)
+{
+	int	i;
+
+	assert (fp != NULL);
+	assert (cp != NULL);
+
+	switch ( cp->type )
+	{
+	case CONF_COMMENT:
+		if ( cp->var )
+			fprintf (fp, "#   %s\n", (char *)cp->var);
+		else
+			fprintf (fp, "\n");
+		break;
+	case CONF_LEVEL:
+	case CONF_FACILITY:
+		if ( *(char **)cp->var != NULL )
+		{
+			if ( **(char **)cp->var != '\0' )
+			{
+				char	*p;
+
+				fprintf (fp, "%s:\t", cp->label);
+				for ( p = *(char **)cp->var; *p; p++ )
+					putc (toupper (*p), fp);
+				fprintf (fp, "\n");
+			}
+			else
+				fprintf (fp, "%s:\tNONE", cp->label);
+		}
+		break;
+	case CONF_STRING:
+		if ( *(char **)cp->var )
+			fprintf (fp, "%s:\t\"%s\"\n", cp->label, *(char **)cp->var);
+		break;
+	case CONF_BOOL:
+		fprintf (fp, "%s:\t%s\n", cp->label, bool2str ( *(int*)cp->var ));
+		break;
+	case CONF_TIMEINT:
+		i = *(ulong*)cp->var;
+		fprintf (fp, "%s:\t%s", cp->label, timeint2str (i));
+		if ( i )
+			fprintf (fp, "\t# (%d seconds)", i);
+		putc ('\n', fp);
+		break;
+	case CONF_ALGO:
+		i = *(int*)cp->var;
+		fprintf (fp, "%s:\t%s", cp->label, dki_algo2str (i));
+		fprintf (fp, "\t# (Algorithm ID %d)\n", i);
+		break;
+	case CONF_SERIAL:
+		fprintf (fp, "%s:\t", cp->label);
+		if ( *(serial_form_t*)cp->var == Unixtime )
+			fprintf (fp, "unixtime\n");
+		else
+			fprintf (fp, "incremental\n");
+		break;
+	case CONF_INT:
+		fprintf (fp, "%s:\t%d\n", cp->label, *(int *)cp->var);
+		break;
+	case CONF_END:
+		/* NOTREACHED */
+		break;
+	}
+}
+
+/*****************************************************************
+**	public function definition
+*****************************************************************/
+
+/*****************************************************************
+**	loadconfig (file, conf)
+**	Loads a config file into the "conf" structure pointed to by "z".
+**	If "z" is NULL then a new conf struct will be dynamically
+**	allocated.
+**	If no filename is given the conf struct will be initialized
+**	by the builtin default config
+*****************************************************************/
+zconf_t	*loadconfig (const char *filename, zconf_t *z)
+{
+	FILE		*fp;
+	char		buf[1023+1];
+	unsigned int	line;
+
+	if ( z == NULL )	/* allocate new memory for zconf_t */
+	{
+		if ( (z = calloc (1, sizeof (zconf_t))) == NULL )
+			return NULL;
+
+		if ( filename && *filename )
+			memcpy (z, &def, sizeof (*z));	/* init new struct with defaults */
+	}
+
+	if ( filename == NULL || *filename == '\0' )	/* no file name given... */
+	{
+		dbg_val0("loadconfig (NULL)\n");
+		memcpy (z, &def, sizeof (*z));		/* ..then init with defaults */
+		return z;
+	}
+
+	dbg_val1 ("loadconfig (%s)\n", filename);
+	set_all_varptr (z);
+
+	if ( (fp = fopen(filename, "r")) == NULL )
+		fatal ("Could not open config file \"%s\"\n", filename);
+
+	line = 0;
+	while (fgets(buf, sizeof(buf), fp))
+	{
+		line++;
+
+		parseconfigline (buf, line, z);
+	}
+	fclose(fp);
+	return z;
+}
+
+# define	STRCONFIG_DELIMITER	";\r\n"
+zconf_t	*loadconfig_fromstr (const char *str, zconf_t *z)
+{
+	char		*buf;
+	char		*tok,	*toksave;
+	unsigned int	line;
+
+	if ( z == NULL )
+	{
+		if ( (z = calloc (1, sizeof (zconf_t))) == NULL )
+			return NULL;
+		memcpy (z, &def, sizeof (*z));		/* init with defaults */
+	}
+
+	if ( str == NULL || *str == '\0' )
+	{
+		dbg_val0("loadconfig_fromstr (NULL)\n");
+		memcpy (z, &def, sizeof (*z));		/* init with defaults */
+		return z;
+	}
+
+	dbg_val1 ("loadconfig_fromstr (\"%s\")\n", str);
+	set_all_varptr (z);
+
+	/* str is const, so we have to copy it into a new buffer */
+	if ( (buf = strdup (str)) == NULL )
+		fatal ("loadconfig_fromstr: Out of memory");
+
+	line = 0;
+	tok = strtok_r (buf, STRCONFIG_DELIMITER, &toksave);
+	while ( tok )
+	{
+		line++;
+		parseconfigline (tok, line, z);
+		tok = strtok_r (NULL, STRCONFIG_DELIMITER, &toksave);
+	}
+	free (buf);
+	return z;
+}
+
+/*****************************************************************
+**	dupconfig (config)
+**	duplicate config struct and return a ptr to the new struct
+*****************************************************************/
+zconf_t	*dupconfig (const zconf_t *conf)
+{
+	zconf_t	*z;
+
+	assert (conf != NULL);
+
+	if ( (z = calloc (1, sizeof (zconf_t))) == NULL )
+		return NULL;
+
+	memcpy (z, conf, sizeof (*conf));
+
+	return z;
+}
+
+/*****************************************************************
+**	setconfigpar (entry, pval)
+*****************************************************************/
+int	setconfigpar (zconf_t *config, char *entry, const void *pval)
+{
+	char	*str;
+	zconf_para_t	*c;
+
+	set_all_varptr (config);
+
+	for ( c = confpara; c->type != CONF_END; c++ )
+		if ( strcasecmp (entry, c->label) == 0 )
+		{
+			switch ( c->type )
+			{
+			case CONF_LEVEL:
+			case CONF_FACILITY:
+			case CONF_STRING:
+				if ( pval )
+				{
+					str = strdup ((char *)pval);
+					str_untaint (str);	/* remove "bad" characters */
+				}
+				else
+					str = NULL;
+				*((char **)c->var) = str;
+				break;
+			case CONF_BOOL:
+				/* fall through */
+			case CONF_ALGO:
+				/* fall through */
+			case CONF_TIMEINT:
+				/* fall through */
+			case CONF_INT:
+				*((int *)c->var) = *((int *)pval);
+				break;
+			case CONF_SERIAL:
+				*((serial_form_t *)c->var) = *((serial_form_t *)pval);
+				break;
+			case CONF_COMMENT:
+			case CONF_END:
+				/* NOTREACHED */
+				break;
+			}
+			return 1;
+		}
+	return 0;
+}
+
+/*****************************************************************
+**	printconfig (fname, config)
+*****************************************************************/
+int	printconfig (const char *fname, const zconf_t *z)
+{
+	zconf_para_t	*cp;
+	FILE	*fp;
+
+	if ( z == NULL )
+		return 0;
+
+	fp = stdout;
+	if ( fname && *fname )
+	{
+		if ( strcmp (fname, "stdout") == 0 )
+			fp = stdout;
+		else if ( strcmp (fname, "stderr") == 0 )
+			fp = stderr;
+		else if ( (fp = fopen(fname, "w")) == NULL )
+		{
+			error ("Could not open config file \"%s\" for writing\n", fname);
+			return -1;
+		}
+	}
+		
+	set_all_varptr ((zconf_t *)z);
+
+	for ( cp = confpara; cp->type != CONF_END; cp++ )	/* loop through all parameter */
+		if ( !cp->cmdline )		/* if this is not a command line parameter ? */
+			printconfigline (fp, cp);	/* print it out */
+
+	if ( fp && fp != stdout && fp != stderr )
+		fclose (fp);
+
+	return 1;
+}
+
+#if 0
+/*****************************************************************
+**	printconfigdiff (fname, conf_a, conf_b)
+*****************************************************************/
+int	printconfigdiff (const char *fname, const zconf_t *ref, const zconf_t *z)
+{
+	zconf_para_t	*cp;
+	FILE	*fp;
+
+	if ( ref == NULL || z == NULL )
+		return 0;
+
+	fp = NULL;
+	if ( fname && *fname )
+	{
+		if ( strcmp (fname, "stdout") == 0 )
+			fp = stdout;
+		else if ( strcmp (fname, "stderr") == 0 )
+			fp = stderr;
+		else if ( (fp = fopen(fname, "w")) == NULL )
+		{
+			error ("Could not open config file \"%s\" for writing\n", fname);
+			return -1;
+		}
+	}
+		
+	set_all_varptr ((zconf_t *)z);
+
+	for ( cp = confpara; cp->type != CONF_END; cp++ )	/* loop through all parameter */
+	{
+		if ( cp->cmdline )
+			continue;
+
+		
+			printconfigline (fp, cp);	/* print it out */
+	}
+
+	if ( fp && fp != stdout && fp != stderr )
+		fclose (fp);
+
+	return 1;
+}
+#endif
+
+/*****************************************************************
+**	checkconfig (config)
+*****************************************************************/
+int	checkconfig (const zconf_t *z)
+{
+	if ( z == NULL )
+		return 1;
+
+	if ( z->sigvalidity < (1 * DAYSEC) || z->sigvalidity > (12 * WEEKSEC) )
+	{
+		fprintf (stderr, "Signature should be valid for at least 1 day and no longer than 3 month (12 weeks)\n");
+		fprintf (stderr, "The current value is %s\n", timeint2str (z->sigvalidity));
+	}
+
+	if ( z->resign > (z->sigvalidity*5/6) - (z->max_ttl + z->proptime) )
+	{
+		fprintf (stderr, "Re-signing interval (%s) should be less than ", timeint2str (z->resign));
+		fprintf (stderr, "5/6 of sigvalidity\n");
+	}
+	if ( z->resign < (z->max_ttl + z->proptime) )
+	{
+		fprintf (stderr, "Re-signing interval (%s) should be ", timeint2str (z->resign));
+		fprintf (stderr, "greater than max_ttl (%d) plus ", z->max_ttl);
+		fprintf (stderr, "propagation time (%d)\n", z->proptime);
+	}
+
+	if ( z->max_ttl >= z->sigvalidity )
+		fprintf (stderr, "Max TTL (%d) should be less than signatur validity (%d)\n",
+								z->max_ttl, z->sigvalidity);
+
+	if ( z->z_life > (12 * WEEKSEC) * (z->z_bits / 512.) )
+	{
+		fprintf (stderr, "Lifetime of zone signing key (%s) ", timeint2str (z->z_life));
+		fprintf (stderr, "seems a little bit high ");
+		fprintf (stderr, "(In respect of key size (%d))\n", z->z_bits);
+	}
+
+	if ( z->k_life > 0 && z->k_life <= z->z_life )
+	{
+		fprintf (stderr, "Lifetime of key signing key (%s) ", timeint2str (z->k_life));
+		fprintf (stderr, "should be greater than lifetime of zsk\n");
+	}
+	if ( z->k_life > 0 && z->k_life > (26 * WEEKSEC) * (z->k_bits / 512.) )
+	{
+		fprintf (stderr, "Lifetime of key signing key (%s) ", timeint2str (z->k_life));
+		fprintf (stderr, "seems a little bit high ");
+		fprintf (stderr, "(In respect of key size (%d))\n", z->k_bits);
+	}
+
+	return 1;
+}
+
+#ifdef CONF_TEST
+const char *progname;
+static	zconf_t	*config;
+
+main (int argc, char *argv[])
+{
+	char	*optstr;
+	int	val;
+
+	progname = *argv;
+
+	config = loadconfig ("", (zconf_t *) NULL);	/* load built in defaults */
+
+	while ( --argc >= 1 )
+	{
+		optstr = *++argv;
+		config = loadconfig_fromstr (optstr, config);
+	}
+
+	val = 1;
+	setconfigpar (config, "-v", &val);
+	val = 2;
+	setconfigpar (config, "verboselog", &val);
+	val = 1;
+	setconfigpar (config, "recursive", &val);
+	val = 1200;
+	setconfigpar (config, "propagation", &val);
+	
+	printconfig ("stdout", config);
+}
+#endif
diff --git a/contrib/zkt/zconf.h b/contrib/zkt/zconf.h
new file mode 100644
index 0000000..de8b2ef
--- /dev/null
+++ b/contrib/zkt/zconf.h
@@ -0,0 +1,173 @@
+/*****************************************************************
+**
+**	@(#) zconf.h  
+**
+**	Copyright (c) Jan 2005, Jeroen Masar, Holger Zuleger.
+**	All rights reserved.
+**	
+**	This software is open source.
+**	
+**	Redistribution and use in source and binary forms, with or without
+**	modification, are permitted provided that the following conditions
+**	are met:
+**	
+**	Redistributions of source code must retain the above copyright notice,
+**	this list of conditions and the following disclaimer.
+**	
+**	Redistributions in binary form must reproduce the above copyright notice,
+**	this list of conditions and the following disclaimer in the documentation
+**	and/or other materials provided with the distribution.
+**	
+**	Neither the name of Jeroen Masar and Holger Zuleger nor the
+**	names of its contributors may be used to endorse or promote products
+**	derived from this software without specific prior written permission.
+**	
+**	THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+**	"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+**	TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+**	PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
+**	LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+**	CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+**	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+**	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+**	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+**	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+**	POSSIBILITY OF SUCH DAMAGE.
+**
+*****************************************************************/
+#ifndef ZCONF_H
+# define ZCONF_H
+
+
+# define	MINSEC	60
+# define	HOURSEC	(MINSEC * 60)
+# define	DAYSEC	(HOURSEC * 24)
+# define	WEEKSEC	(DAYSEC * 7)
+# define	YEARSEC	(DAYSEC * 365)
+# define	DAY	(1)
+# define	WEEK	(DAY * 7)
+# define	MONTH	(DAY * 30)
+# define	YEAR	(DAY * 365)
+
+# define	SIG_VALID_DAYS	(10)	/* or 3 Weeks ? */
+# define	SIG_VALIDITY	(SIG_VALID_DAYS * DAYSEC)
+# define	MAX_TTL		( 8 * HOURSEC)	/* default value of maximum ttl time */
+# define	KEY_TTL		( 4 * HOURSEC)	/* default value of KEY TTL */
+# define	PROPTIME	( 5 * MINSEC)	/* expected slave propagation time */
+						/* should be small if notify is used  */
+#if defined (DEF_TTL)
+# define	DEF_TTL		(MAX_TTL/2)	/* currently not used */
+#endif
+
+# define	RESIGN_INT	((SIG_VALID_DAYS - (SIG_VALID_DAYS / 3)) * DAYSEC)
+# define	KSK_LIFETIME	(1 * YEARSEC)
+#if 0
+# define	ZSK_LIFETIME	((SIG_VALID_DAYS * 3) * DAYSEC)	/* set to three times the sig validity */
+#else
+# define	ZSK_LIFETIME	((MONTH * 3) * DAYSEC)	/* set fixed to 3 month */
+#endif
+
+# define	KSK_ALGO	(DK_ALGO_RSASHA1)
+# define	KSK_BITS	(1300)
+# define	KSK_RANDOM	"/dev/urandom"	/* was NULL before v0.94 */
+# define	ZSK_ALGO	(DK_ALGO_RSASHA1)
+# define	ZSK_BITS	(512)
+# define	ZSK_RANDOM	"/dev/urandom"
+
+# define	ZONEDIR		"."
+# define	RECURSIVE	0
+# define	PRINTTIME	1
+# define	PRINTAGE	0
+# define	LJUST		0
+# define	KEYSETDIR	NULL	/* keysets */
+# define	LOGFILE		""
+# define	LOGLEVEL	"error"
+# define	SYSLOGFACILITY	"none"
+# define	SYSLOGLEVEL	"notice"
+# define	VERBOSELOG	0
+# define	ZONEFILE	"zone.db"
+# define	DNSKEYFILE	"dnskey.db"
+# define	LOOKASIDEDOMAIN	""	/* "dlv.trusted-keys.de" */
+# define	SIG_RANDOM	NULL	/* "/dev/urandom" */
+# define	SIG_PSEUDO	1
+# define	SIG_GENDS	1
+# define	SIG_PARAM	""
+# define	DIST_CMD	NULL	/* default is to run "rndc reload" */
+
+#ifndef CONFIG_PATH
+# define	CONFIG_PATH	"/var/named/"
+#endif
+# define	CONFIG_FILE	CONFIG_PATH "dnssec.conf"
+# define	LOCALCONF_FILE	"dnssec.conf"
+
+/* external command execution path (should be set via config.h) */
+#ifndef BIND_UTIL_PATH
+# define BIND_UTIL_PATH	"/usr/local/sbin/"	/* beware of trailing '/' */
+#endif
+# define	SIGNCMD		BIND_UTIL_PATH "dnssec-signzone"
+# define	KEYGENCMD	BIND_UTIL_PATH "dnssec-keygen"
+# define	RELOADCMD	BIND_UTIL_PATH "rndc"
+
+typedef	enum {
+	Unixtime = 1,
+	Incremental
+} serial_form_t;
+
+typedef	enum {
+	none = 0,
+	user,
+	local0, local1, local2, local3, local4, local5, local6, local7
+} syslog_facility_t;
+
+typedef	struct zconf	{
+	char	*zonedir;
+	int	recursive;
+	int	printtime;
+	int	printage;
+	int	ljust;
+	int	sigvalidity;	/* should be less than expire time */
+	int	max_ttl;	/* should be set to the maximum used ttl in the zone */
+	int	key_ttl;
+	int	proptime;	/* expected time offset for zone propagation */
+#if defined (DEF_TTL)
+	int	def_ttl;	/* default ttl set in soa record  */
+#endif
+	serial_form_t	serialform;	/* format of serial no */
+	int	resign;		/* resign interval */
+
+	int	k_life;
+	int	k_algo;
+	int	k_bits;
+	char	*k_random;
+	int	z_life;
+	int	z_algo;
+	int	z_bits;
+	char	*z_random;
+
+	char	*view;
+	// char	*errlog;
+	char	*logfile;
+	char	*loglevel;
+	char	*syslogfacility;
+	char	*sysloglevel;
+	int	verboselog;
+	int	verbosity;
+	char	*keyfile;
+	char	*zonefile;
+	char	*keysetdir;
+	char	*lookaside;
+	char	*sig_random;
+	int	sig_pseudo;
+	int	sig_gends;
+	char	*sig_param;
+	char	*dist_cmd;	/* cmd to run instead of "rndc reload" */
+} zconf_t;
+
+extern	zconf_t	*loadconfig (const char *filename, zconf_t *z);
+extern	zconf_t	*loadconfig_fromstr (const char *str, zconf_t *z);
+extern	zconf_t	*dupconfig (const zconf_t *conf);
+extern	int	setconfigpar (zconf_t *conf, char *entry, const void *pval);
+extern	int	printconfig (const char *fname, const zconf_t *cp);
+extern	int	checkconfig (const zconf_t *z);
+
+#endif
diff --git a/contrib/zkt/zkt-soaserial.c b/contrib/zkt/zkt-soaserial.c
new file mode 100644
index 0000000..ff107d9
--- /dev/null
+++ b/contrib/zkt/zkt-soaserial.c
@@ -0,0 +1,222 @@
+/*****************************************************************
+**
+**	@(#) zkt-soaserial.c  (c) Oct 2007  Holger Zuleger  hznet.de
+**
+**	A small utility to print out the (unixtime) soa serial
+**	number in a human readable form
+**
+**	Copyright (c) Oct 2007, Holger Zuleger HZnet. All rights reserved.
+**
+**	This software is open source.
+**
+**	Redistribution and use in source and binary forms, with or without
+**	modification, are permitted provided that the following conditions
+**	are met:
+**
+**	Redistributions of source code must retain the above copyright notice,
+**	this list of conditions and the following disclaimer.
+**
+**	Redistributions in binary form must reproduce the above copyright notice,
+**	this list of conditions and the following disclaimer in the documentation
+**	and/or other materials provided with the distribution.
+**
+**	Neither the name of Holger Zuleger HZnet nor the names of its contributors may
+**	be used to endorse or promote products derived from this software without
+**	specific prior written permission.
+**
+**	THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+**	"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+**	TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+**	PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
+**	LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+**	CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+**	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+**	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+**	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+**	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+**	POSSIBILITY OF SUCH DAMAGE.
+**
+*****************************************************************/
+# include <stdio.h>
+# include <string.h>
+# include <sys/types.h>
+# include <time.h>
+# include <utime.h>
+# include <assert.h>
+# include <stdlib.h>
+# include <ctype.h>
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+# include "config_zkt.h"
+
+static	const char *progname;
+
+static	char	*timestr (time_t sec);
+static	int	read_serial_fromfile (const char *fname, unsigned long *serial);
+static	void	printserial (const char *fname, unsigned long serial);
+static	void	usage (const char *msg);
+
+/*****************************************************************
+**	timestr (sec)
+*****************************************************************/
+static	char	*timestr (time_t sec)
+{
+	struct	tm	*t;
+	static	char	timestr[31+1];	/* 27+1 should be enough */
+
+#if defined(HAVE_STRFTIME) && HAVE_STRFTIME
+	t = localtime (&sec);
+	strftime (timestr, sizeof (timestr), "%b %d %Y %T %z", t);
+#else
+	static	char	*mstr[] = {
+			"Jan", "Feb", "Mar", "Apr", "May", "Jun",
+			"Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
+	};
+	int	h,	s;
+
+	t = localtime (&sec);
+	s = abs (t->tm_gmtoff);
+	h = t->tm_gmtoff / 3600;
+	s = t->tm_gmtoff % 3600;
+	snprintf (timestr, sizeof (timestr), "%s %2d %4d %02d:%02d:%02d %c%02d%02d", 
+		mstr[t->tm_mon], t->tm_mday, t->tm_year + 1900, 
+		t->tm_hour, t->tm_min, t->tm_sec,
+		t->tm_gmtoff < 0 ? '-': '+',
+		h, s);
+#endif
+
+	return timestr;
+}
+
+
+/****************************************************************
+**
+**	int	read_serial_fromfile (filename)
+**
+**	This function depends on a special syntax formating the
+**	SOA record in the zone file!!
+**
+**	To match the SOA record, the SOA RR must be formatted
+**	like this:
+**	@    IN  SOA <master.fq.dn.> <hostmaster.fq.dn.> (
+**	<SPACEes or TABs>      1234567890; serial number 
+**	<SPACEes or TABs>      86400	 ; other values
+**				...
+**
+****************************************************************/
+static	int	read_serial_fromfile (const char *fname, unsigned long *serial)
+{
+	FILE	*fp;
+	char	buf[4095+1];
+	char	master[254+1];
+	int	c;
+	int	soafound;
+
+	if ( (fp = fopen (fname, "r")) == NULL )
+		return -1;		/* file not found */
+
+		/* read until the line matches the beginning of a soa record ... */
+	soafound = 0;
+	while ( !soafound && fgets (buf, sizeof buf, fp) )
+	{
+		if ( sscanf (buf, "%*s %*d IN SOA %255s %*s (\n", master) == 1 )
+			soafound = 1;
+		else if ( sscanf (buf, "%*s IN SOA %255s %*s (\n", master) == 1 )
+			soafound = 1;
+	}
+
+	if ( !soafound )
+		return -2;	/* no zone file (soa not found) */
+
+	/* move forward until any non ws is reached */
+	while ( (c = getc (fp)) != EOF && isspace (c) )
+		;
+	ungetc (c, fp);		/* pushback the non ws */
+
+	*serial = 0L;	/* read in the current serial number */
+	if ( fscanf (fp, "%lu", serial) != 1 )	/* try to get serial no */
+		return -3;	/* no serial number found */
+
+	fclose (fp);
+
+	return 0;	/* ok! */
+}
+
+/*****************************************************************
+**	printserial()
+*****************************************************************/
+static	void	printserial (const char *fname, unsigned long serial)
+{
+	if ( fname && *fname )
+		printf ("%-30s\t", fname);
+
+	printf ("%10lu", serial);
+
+	/* try to guess the soa serial format */
+	if ( serial < 1136070000L )	/* plain integer (this is 2006-1-1 00:00 in unixtime format) */
+		;
+	else if ( serial > 2006010100L )	/* date format */
+	{
+		int	y,	m,	d,	v;
+
+		v = serial % 100;
+		serial /= 100;
+		d = serial % 100;
+		serial /= 100;
+		m = serial % 100;
+		serial /= 100;
+		y = serial;
+		
+		printf ("\t%d-%02d-%02d Version %02d", y, m, d, v);
+	}
+	else					/* unixtime */
+		printf ("\t%s\n", timestr (serial) );
+
+	printf ("\n");
+}
+
+/*****************************************************************
+**	usage (msg)
+*****************************************************************/
+static	void	usage (const char *msg)
+{
+	if ( msg && *msg )
+		fprintf (stderr, "%s\n", msg);
+	fprintf (stderr, "usage: %s {-s serial | signed_zonefile [...]}\n", progname);
+
+	exit (1);
+}
+
+/*****************************************************************
+**	main()
+*****************************************************************/
+int	main (int argc, char *argv[])
+{
+	unsigned long	serial;
+
+	progname = *argv;
+
+	if ( --argc == 0 )
+		usage ("");
+
+	if ( argv[1][0] == '-' )
+	{
+		if ( argv[1][1] != 's' )
+			usage ("illegal option");
+
+		if ( argc != 2 )
+			usage ("Option -s requires an argument");
+
+		serial = atol (argv[2]);
+		printserial ("", serial);
+	}
+	else
+		while ( argc-- > 0 )
+			if ( (read_serial_fromfile (*++argv, &serial)) != 0 )
+				fprintf (stderr, "couldn't read serial number from file %s\n", *argv);
+			else
+				printserial (*argv, serial);
+
+	return 0;
+}
diff --git a/contrib/zkt/zkt.c b/contrib/zkt/zkt.c
new file mode 100644
index 0000000..e699842
--- /dev/null
+++ b/contrib/zkt/zkt.c
@@ -0,0 +1,354 @@
+/*****************************************************************
+**
+**	@(#) zkt.c  -- A library for managing a list of dns zone files. 
+**
+**	Copyright (c) 2005 - 2008, Holger Zuleger HZnet. All rights reserved.
+**
+**	This software is open source.
+**
+**	Redistribution and use in source and binary forms, with or without
+**	modification, are permitted provided that the following conditions
+**	are met:
+**
+**	Redistributions of source code must retain the above copyright notice,
+**	this list of conditions and the following disclaimer.
+**
+**	Redistributions in binary form must reproduce the above copyright notice,
+**	this list of conditions and the following disclaimer in the documentation
+**	and/or other materials provided with the distribution.
+**
+**	Neither the name of Holger Zuleger HZnet nor the names of its contributors may
+**	be used to endorse or promote products derived from this software without
+**	specific prior written permission.
+**
+**	THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+**	"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+**	TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+**	PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
+**	LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+**	CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+**	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+**	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+**	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+**	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+**	POSSIBILITY OF SUCH DAMAGE.
+**
+*****************************************************************/
+# include <stdio.h>
+# include <string.h>
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+# include "config_zkt.h"
+# include "dki.h"
+# include "misc.h"
+# include "strlist.h"
+# include "zconf.h"
+#define extern
+# include "zkt.h"
+#undef extern
+
+extern	char	*labellist;
+extern	int	headerflag;
+extern	int	timeflag;
+extern	int	exptimeflag;
+extern	int	lifetime;
+extern	int	ageflag;
+extern	int	lifetimeflag;
+extern	int	kskflag;
+extern	int	zskflag;
+extern	int	pathflag;
+extern	int	ljustflag;
+
+static	void	printkeyinfo (const dki_t *dkp, const char *oldpath);
+
+static	void	printkeyinfo (const dki_t *dkp, const char *oldpath)
+{
+	time_t	currtime;
+
+	if ( dkp == NULL )	/* print headline */
+	{
+		if ( headerflag )
+		{
+			printf ("%-33.33s %5s %3s %3.3s %-7s", "Keyname",
+				"Tag", "Typ", "Status", "Algorit");
+			if ( timeflag )
+				printf (" %-20s", "Generation Time");
+			if ( exptimeflag )
+				printf (" %-20s", "Expiration Time");
+			if ( ageflag  )
+				printf (" %16s", "Age");
+			if ( lifetimeflag  )
+				printf (" %4s", "LfTm");
+			putchar ('\n');
+		}
+		return;
+	}
+	time (&currtime);
+
+	/* TODO: use next line if dname is dynamically allocated */
+	/* if ( pathflag && dkp->dname && strcmp (oldpath, dkp->dname) != 0 ) */
+	if ( pathflag && strcmp (oldpath, dkp->dname) != 0 )
+		printf ("%s/\n", dkp->dname);
+
+	if ( (kskflag && dki_isksk (dkp)) || (zskflag && !dki_isksk (dkp)) )
+	{
+		if ( ljustflag )
+			printf ("%-33.33s ", dkp->name);
+		else
+			printf ("%33.33s ", dkp->name);
+		printf ("%05d ", dkp->tag);
+		printf ("%3s ", dki_isksk (dkp) ? "KSK" : "ZSK");
+		printf ("%-3.3s ", dki_statusstr (dkp) );
+		printf ("%-7s", dki_algo2str(dkp->algo));
+		if ( timeflag )
+			printf (" %-20s", time2str (dkp->gentime ? dkp->gentime: dkp->time, 's')); 
+		if ( exptimeflag )
+			printf (" %-20s", time2str (dkp->exptime, 's')); 
+		if ( ageflag )
+			printf (" %16s", age2str (dki_age (dkp, currtime))); 
+		if ( lifetimeflag && dkp->lifetime )
+		{
+			if ( dkp->status == 'a' )
+				printf ("%c", (currtime < dkp->time + dkp->lifetime) ? '<' : '!'); 
+			else
+				putchar (' ');
+			printf ("%hdd", dki_lifetimedays (dkp)); 
+		}
+		putchar ('\n');
+	}
+}
+
+#if defined(USE_TREE) && USE_TREE
+static	void	list_key (const dki_t **nodep, const VISIT which, int depth)
+{
+	const	dki_t	*dkp;
+	static	const	char	*oldpath = "";
+
+	if ( nodep == NULL )
+		return;
+//fprintf (stderr, "listkey %d %d %s\n", which, depth, dkp->name);
+
+	if ( which == INORDER || which == LEAF )
+	{
+		dkp = *nodep;
+		while ( dkp )	/* loop through list */
+		{
+			if ( labellist == NULL || isinlist (dkp->name, labellist) )
+				printkeyinfo (dkp, oldpath);		/* print entry */
+			oldpath = dkp->dname;
+			dkp = dkp->next;
+		}
+	}
+}
+#endif
+
+void	zkt_list_keys (const dki_t *data)
+{
+#if ! defined(USE_TREE) || !USE_TREE
+	const   dki_t   *dkp;
+	const   char   *oldpath;
+#endif
+
+	if ( data )    /* print headline if list is not empty */
+		printkeyinfo (NULL, "");
+
+#if defined(USE_TREE) && USE_TREE
+	twalk (data, list_key);
+#else
+	oldpath = "";
+	for ( dkp = data; dkp; dkp = dkp->next )       /* loop through list */
+	{
+		if ( labellist == NULL || isinlist (dkp->name, labellist) )
+			printkeyinfo (dkp, oldpath);            /* print entry */
+		oldpath = dkp->dname;
+	}
+#endif
+}
+
+#if defined(USE_TREE) && USE_TREE
+static	void	list_trustedkey (const dki_t **nodep, const VISIT which, int depth)
+{
+	const	dki_t	*dkp;
+
+	if ( nodep == NULL )
+		return;
+
+	dkp = *nodep;
+//fprintf (stderr, "list_trustedkey %d %d %s\n", which, depth, dkp->name);
+	if ( which == INORDER || which == LEAF )
+		while ( dkp )	/* loop through list */
+		{
+			if ( (dki_isksk (dkp) || zskflag) &&
+			     (labellist == NULL || isinlist (dkp->name, labellist)) )
+				dki_prt_trustedkey (dkp, stdout);
+			dkp = dkp->next;
+		}
+}
+#endif
+
+void	zkt_list_trustedkeys (const dki_t *data)
+{
+#if !defined(USE_TREE) || !USE_TREE
+	const	dki_t	*dkp;
+#endif
+	/* print headline if list is not empty */
+	if ( data && headerflag )
+		printf ("trusted-keys {\n");
+
+#if defined(USE_TREE) && USE_TREE
+	twalk (data, list_trustedkey);
+#else
+
+	for ( dkp = data; dkp; dkp = dkp->next )	/* loop through list */
+		if ( (dki_isksk (dkp) || zskflag) &&
+		     (labellist == NULL || isinlist (dkp->name, labellist)) )
+			dki_prt_trustedkey (dkp, stdout);
+#endif
+
+	/* print end of trusted-key section */
+	if ( data && headerflag )
+		printf ("};\n");
+}
+
+#if defined(USE_TREE) && USE_TREE
+static	void	list_dnskey (const dki_t **nodep, const VISIT which, int depth)
+{
+	const	dki_t	*dkp;
+	int	ksk;
+
+	if ( nodep == NULL )
+		return;
+
+	if ( which == INORDER || which == LEAF )
+		for ( dkp = *nodep; dkp; dkp = dkp->next )
+		{
+			ksk = dki_isksk (dkp);
+			if ( (ksk && !kskflag) || (!ksk && !zskflag) )
+				continue;
+
+			if ( labellist == NULL || isinlist (dkp->name, labellist) )
+			{
+				if ( headerflag )
+					dki_prt_comment (dkp, stdout);
+				dki_prt_dnskey (dkp, stdout);
+			}
+		}
+}
+#endif
+
+void	zkt_list_dnskeys (const dki_t *data)
+{
+#if defined(USE_TREE) && USE_TREE
+	twalk (data, list_dnskey);
+#else
+	const	dki_t	*dkp;
+	int	ksk;
+
+	for ( dkp = data; dkp; dkp = dkp->next )
+	{
+		ksk = dki_isksk (dkp);
+		if ( (ksk && !kskflag) || (!ksk && !zskflag) )
+			continue;
+
+		if ( labellist == NULL || isinlist (dkp->name, labellist) )
+		{
+			if ( headerflag )
+				dki_prt_comment (dkp, stdout);
+			dki_prt_dnskey (dkp, stdout);
+		}
+	}
+#endif
+}
+
+#if defined(USE_TREE) && USE_TREE
+static	void	set_keylifetime (const dki_t **nodep, const VISIT which, int depth)
+{
+	const	dki_t	*dkp;
+	int	ksk;
+
+	if ( nodep == NULL )
+		return;
+
+	if ( which == INORDER || which == LEAF )
+		for ( dkp = *nodep; dkp; dkp = dkp->next )
+		{
+			ksk = dki_isksk (dkp);
+			if ( (ksk && !kskflag) || (!ksk && !zskflag) )
+				continue;
+
+			if ( labellist == NULL || isinlist (dkp->name, labellist) )
+				dki_setlifetime ((dki_t *)dkp, lifetime);
+		}
+}
+#endif
+
+void	zkt_setkeylifetime (dki_t *data)
+{
+#if defined(USE_TREE) && USE_TREE
+	twalk (data, set_keylifetime);
+#else
+	dki_t	*dkp;
+	int	ksk;
+
+	for ( dkp = data; dkp; dkp = dkp->next )
+	{
+		ksk = dki_isksk (dkp);
+		if ( (ksk && !kskflag) || (!ksk && !zskflag) )
+			continue;
+
+		if ( labellist == NULL || isinlist (dkp->name, labellist) )
+		{
+			dki_setlifetime (dkp, lifetime);
+		}
+	}
+#endif
+}
+
+
+#if defined(USE_TREE) && USE_TREE
+static	const	dki_t	*searchresult;
+static	int	searchitem;
+static	void	tag_search (const dki_t **nodep, const VISIT which, int depth)
+{
+	const	dki_t	*dkp;
+
+	if ( nodep == NULL )
+		return;
+
+	if ( which == PREORDER || which == LEAF )
+		for ( dkp = *nodep; dkp; dkp = dkp->next )
+		{
+			if ( dkp->tag == searchitem )
+			{
+				if ( searchresult == NULL )
+					searchresult = dkp;
+				else
+					searchitem = 0;
+			}
+		}
+}
+#endif
+const	dki_t	*zkt_search (const dki_t *data, int searchtag, const char *keyname)
+{
+	const dki_t	*dkp = NULL;
+
+#if defined(USE_TREE) && USE_TREE
+	if ( keyname == NULL || *keyname == '\0' )
+	{
+		searchresult = NULL;
+		searchitem = searchtag;
+		twalk (data, tag_search);
+		if ( searchresult != NULL && searchitem == 0 )
+			dkp = (void *)01;
+		else
+			dkp = searchresult;
+	}
+	else
+		dkp = (dki_t*)dki_tsearch (data, searchtag, keyname);
+#else
+	dkp = (dki_t*)dki_search (data, searchtag, keyname);
+#endif
+	return dkp;
+}
+
diff --git a/contrib/zkt/zkt.h b/contrib/zkt/zkt.h
new file mode 100644
index 0000000..2f3398d
--- /dev/null
+++ b/contrib/zkt/zkt.h
@@ -0,0 +1,46 @@
+/*****************************************************************
+**
+**	@(#) zkt.h  (c) 2005 - 2008  Holger Zuleger  hznet.de
+**
+**	Copyright (c) 2005 - 2008, Holger Zuleger HZnet. All rights reserved.
+**
+**	This software is open source.
+**
+**	Redistribution and use in source and binary forms, with or without
+**	modification, are permitted provided that the following conditions
+**	are met:
+**
+**	Redistributions of source code must retain the above copyright notice,
+**	this list of conditions and the following disclaimer.
+**
+**	Redistributions in binary form must reproduce the above copyright notice,
+**	this list of conditions and the following disclaimer in the documentation
+**	and/or other materials provided with the distribution.
+**
+**	Neither the name of Holger Zuleger HZnet nor the names of its contributors may
+**	be used to endorse or promote products derived from this software without
+**	specific prior written permission.
+**
+**	THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+**	"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+**	TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+**	PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
+**	LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+**	CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+**	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+**	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+**	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+**	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+**	POSSIBILITY OF SUCH DAMAGE.
+**
+*****************************************************************/
+#ifndef ZKT_H
+# define ZKT_H
+
+extern const	dki_t	*zkt_search (const dki_t *data, int searchtag, const char *keyname);
+extern	void	zkt_list_keys (const dki_t *data);
+extern	void	zkt_list_trustedkeys (const dki_t *data);
+extern	void	zkt_list_dnskeys (const dki_t *data);
+extern	void	zkt_setkeylifetime (dki_t *data);
+
+#endif
diff --git a/contrib/zkt/zone.c b/contrib/zkt/zone.c
new file mode 100644
index 0000000..dec214e
--- /dev/null
+++ b/contrib/zkt/zone.c
@@ -0,0 +1,336 @@
+/*****************************************************************
+**
+**	@(#) zone.c  (c) Mar 2005  Holger Zuleger  hznet.de
+**
+**	Copyright (c) Mar 2005, Holger Zuleger HZnet. All rights reserved.
+**
+**	This software is open source.
+**
+**	Redistribution and use in source and binary forms, with or without
+**	modification, are permitted provided that the following conditions
+**	are met:
+**
+**	Redistributions of source code must retain the above copyright notice,
+**	this list of conditions and the following disclaimer.
+**
+**	Redistributions in binary form must reproduce the above copyright notice,
+**	this list of conditions and the following disclaimer in the documentation
+**	and/or other materials provided with the distribution.
+**
+**	Neither the name of Holger Zuleger HZnet nor the names of its contributors may
+**	be used to endorse or promote products derived from this software without
+**	specific prior written permission.
+**
+**	THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+**	"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+**	TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+**	PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
+**	LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+**	CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+**	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+**	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+**	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+**	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+**	POSSIBILITY OF SUCH DAMAGE.
+**
+*****************************************************************/
+# include <stdio.h>
+# include <string.h>
+# include <stdlib.h>
+# include <sys/types.h>
+# include <sys/stat.h>
+# include <dirent.h>
+# include <assert.h>
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+# include "config_zkt.h"
+# include "debug.h"
+# include "domaincmp.h"
+# include "misc.h"
+# include "zconf.h"
+# include "dki.h"
+#define	extern
+# include "zone.h"
+#undef	extern
+
+/*****************************************************************
+**	private (static) function declaration and definition
+*****************************************************************/
+static	char	zone_estr[255+1];
+
+/*****************************************************************
+**	zone_alloc ()
+*****************************************************************/
+static	zone_t	*zone_alloc ()
+{
+	zone_t	*zp;
+
+	if ( (zp = malloc (sizeof (zone_t))) )
+	{
+		memset (zp, 0, sizeof (zone_t));
+		return zp;
+	}
+
+	snprintf (zone_estr, sizeof (zone_estr),
+			"zone_alloc: Out of memory");
+	return NULL;
+}
+
+/*****************************************************************
+**	zone_cmp () 	return <0 | 0 | >0
+*****************************************************************/
+static	int	zone_cmp (const zone_t *a, const zone_t *b)
+{
+	if ( a == NULL ) return -1;
+	if ( b == NULL ) return 1;
+
+	return domaincmp (a->zone, b->zone);
+}
+
+
+/*****************************************************************
+**	public function definition
+*****************************************************************/
+
+/*****************************************************************
+**	zone_free ()
+*****************************************************************/
+void	zone_free (zone_t *zp)
+{
+	assert (zp != NULL);
+
+	if ( zp->zone ) free ((char *)zp->zone);
+	if ( zp->dir ) free ((char *)zp->dir);
+	if ( zp->file ) free ((char *)zp->file);
+	if ( zp->sfile ) free ((char *)zp->sfile);
+#if 0
+	/* TODO: actually there are some problems freeing the config :-( */
+	if ( zp->conf ) free ((zconf_t *)zp->conf);
+#endif
+	if ( zp->keys ) dki_freelist (&zp->keys);
+	free (zp);
+}
+
+/*****************************************************************
+**	zone_freelist ()
+*****************************************************************/
+void	zone_freelist (zone_t **listp)
+{
+	zone_t	*curr;
+	zone_t	*next;
+
+	assert (listp != NULL);
+
+	curr = *listp;
+	while ( curr )
+	{
+		next = curr->next;
+		zone_free (curr);
+		curr = next;
+	}
+	if ( *listp )
+		*listp = NULL;
+}
+
+/*****************************************************************
+**	zone_new ()
+**	allocate memory for new zone structure and initialize it
+*****************************************************************/
+zone_t	*zone_new (zone_t **zp, const char *zone, const char *dir, const char *file, const char *signed_ext, const zconf_t *cp)
+{
+	char	path[MAX_PATHSIZE+1];
+	zone_t	*new;
+
+	assert (zp != NULL);
+	assert (zone != NULL && *zone != '\0');
+
+	dbg_val3 ("zone_new: (zp, zone: %s, dir: %s, file: %s, cp)\n", zone, dir, file);
+	if ( dir == NULL || *dir == '\0' )
+		dir = ".";
+
+	if ( file == NULL || *file == '\0' )
+		file = cp->zonefile;
+	else
+	{	/* check if file contains a path */
+		const	char	*p;
+		if ( (p = strrchr (file, '/')) != NULL )
+		{
+			snprintf (path, sizeof (path), "%s/%.*s", dir, p-file, file);
+			dir = path;
+			file = p+1;
+		}
+	}
+
+	if ( (new = zone_alloc ()) != NULL )
+	{
+		char	*p;
+
+		new->zone = str_tolowerdup (zone);
+		new->dir = strdup (dir);
+		new->file = strdup (file);
+		/* check if file ends with ".signed" ? */
+		if ( (p = strrchr (new->file, '.')) != NULL && strcmp (p, signed_ext) == 0 )
+		{
+			new->sfile = strdup (new->file);
+			*p = '\0';
+		}
+		else
+		{
+			snprintf (path, sizeof (path), "%s%s", file, signed_ext);
+			new->sfile = strdup (path);
+		}
+		new->conf = cp;
+		new->keys = NULL;
+		dki_readdir (new->dir, &new->keys, 0);
+		new->next = NULL;
+	}
+	
+	return zone_add (zp, new);
+}
+
+/*****************************************************************
+**	zone_readdir ()
+*****************************************************************/
+int	zone_readdir (const char *dir, const char *zone, const char *zfile, zone_t **listp, const zconf_t *conf, int dyn_zone)
+{
+	char	*p;
+	char	path[MAX_PATHSIZE+1];
+	char	*signed_ext = ".signed";
+
+	assert (dir != NULL && *dir != '\0');
+	assert (conf != NULL);
+
+	if ( zone == NULL )	/* zone not given ? */
+	{
+		if ( (zone = strrchr (dir, '/')) )	/* try to extract zone name out of directory */
+			zone++;
+		else
+			zone = dir;
+	}
+	dbg_val4 ("zone_readdir: (dir: %s, zone: %s, zfile: %s zp, cp, dyn_zone = %d)\n",
+					dir, zone, zfile ? zfile: "NULL", dyn_zone);
+
+	if ( dyn_zone )
+		signed_ext = ".dsigned";
+
+	if ( zfile && (p = strrchr (zfile, '/')) )	/* check if zfile contains a directory */
+	{	
+		char	subdir[MAX_PATHSIZE+1];
+
+		snprintf (subdir, sizeof (subdir), "%s/%.*s", dir, p - zfile, zfile);
+		pathname (path, sizeof (path), subdir, LOCALCONF_FILE, NULL);
+	}
+	else
+		pathname (path, sizeof (path), dir, LOCALCONF_FILE, NULL);
+	dbg_val1 ("zone_readdir: check local config file %s\n", path);
+	if ( fileexist (path) )			/* load local config file */
+	{
+		zconf_t	*localconf;
+
+		localconf = dupconfig (conf);
+		conf = loadconfig (path, localconf);
+	}
+
+	if ( zfile == NULL )
+	{
+		zfile = conf->zonefile;
+		pathname (path, sizeof (path), dir, zfile, signed_ext);
+	}
+	else
+	{
+		dbg_val2("zone_readdir: add %s to zonefile if not already there ? (%s)\n", signed_ext, zfile);
+		if ( (p = strrchr (zfile, '.')) == NULL || strcmp (p, signed_ext) != 0 )
+			pathname (path, sizeof (path), dir, zfile, signed_ext);
+		else
+			pathname (path, sizeof (path), dir, zfile, NULL);
+	}
+
+	dbg_val1("zone_readdir: fileexist (%s): ", path);
+	if ( !fileexist (path) )	/* no .signed file found ? ... */
+	{
+		dbg_val0("no!\n");
+		return 0;		/* ... not a secure zone ! */
+	}
+	dbg_val0("yes!\n");
+
+	dbg_val("zone_readdir: add zone (%s)\n", zone);
+	zone_new (listp, zone, dir, zfile, signed_ext, conf);
+
+	return 1;
+}
+
+
+/*****************************************************************
+**	zone_geterrstr ()
+**	return error string 
+*****************************************************************/
+const	char	*zone_geterrstr ()
+{
+	return zone_estr;
+}
+
+/*****************************************************************
+**	zone_add ()
+*****************************************************************/
+zone_t	*zone_add (zone_t **list, zone_t *new)
+{
+	zone_t	*curr;
+	zone_t	*last;
+
+	if ( list == NULL )
+		return NULL;
+	if ( new == NULL )
+		return *list;
+
+	last = curr = *list;
+	while ( curr && zone_cmp (curr, new) < 0 )
+	{
+		last = curr;
+		curr = curr->next;
+	}
+
+	if ( curr == *list )	/* add node at the beginning of the list */
+		*list = new;
+	else			/* add node at end or between two nodes */
+		last->next = new;
+	new->next = curr;
+	
+	return new;
+}
+
+/*****************************************************************
+**	zone_search ()
+*****************************************************************/
+const zone_t	*zone_search (const zone_t *list, const char *zone)
+{
+	if ( zone == NULL || *zone == '\0' )
+		return NULL;
+
+	while ( list && strcmp (zone, list->zone) != 0 )
+		list = list->next;
+
+	return list;
+}
+
+/*****************************************************************
+**	zone_print ()
+*****************************************************************/
+int	zone_print (const char *mesg, const zone_t *z)
+{
+	dki_t	*dkp;
+
+	if ( !z )
+		return 0;
+	fprintf (stderr, "%s: zone\t %s\n", mesg, z->zone);
+	fprintf (stderr, "%s: dir\t %s\n", mesg, z->dir);
+	fprintf (stderr, "%s: file\t %s\n", mesg, z->file);
+	fprintf (stderr, "%s: sfile\t %s\n", mesg, z->sfile);
+
+	for ( dkp = z->keys; dkp; dkp = dkp->next )
+        {
+                dki_prt_comment (dkp, stderr);
+        }
+
+	return 1;
+}
diff --git a/contrib/zkt/zone.h b/contrib/zkt/zone.h
new file mode 100644
index 0000000..e785796
--- /dev/null
+++ b/contrib/zkt/zone.h
@@ -0,0 +1,66 @@
+/*****************************************************************
+**
+**	@(#) zone.h -- Header file for zone info
+**
+**	Copyright (c) Mar 2005, Holger Zuleger HZnet. All rights reserved.
+**
+**	This software is open source.
+**
+**	Redistribution and use in source and binary forms, with or without
+**	modification, are permitted provided that the following conditions
+**	are met:
+**
+**	Redistributions of source code must retain the above copyright notice,
+**	this list of conditions and the following disclaimer.
+**
+**	Redistributions in binary form must reproduce the above copyright notice,
+**	this list of conditions and the following disclaimer in the documentation
+**	and/or other materials provided with the distribution.
+**
+**	Neither the name of Holger Zuleger HZnet nor the names of its contributors may
+**	be used to endorse or promote products derived from this software without
+**	specific prior written permission.
+**
+**	THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+**	"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+**	TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+**	PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
+**	LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+**	CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+**	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+**	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+**	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+**	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+**	POSSIBILITY OF SUCH DAMAGE.
+**
+*****************************************************************/
+#ifndef ZONE_H
+# define ZONE_H
+
+# include <sys/types.h>
+# include <stdio.h>
+# include <time.h>
+# include "dki.h"
+
+/* all we have to know about a zone */
+typedef	struct	Zone {
+	const	char	*zone;	/* domain name or label */
+	const	char	*dir;	/* directory of zone data */
+	const	char	*file;	/* file name (zone.db)  */
+	const	char	*sfile;	/* file name of secured zone (zone.db.signed)  */
+	const	zconf_t	*conf;	/* ptr to config */	/* TODO: Should this be only a ptr to a local config ? */
+		dki_t	*keys;	/* ptr to keylist */
+	struct	Zone	*next;		/* ptr to next entry in list */
+} zone_t;
+
+extern	void	zone_free (zone_t *zp);
+extern	void	zone_freelist (zone_t **listp);
+extern	zone_t	*zone_new (zone_t **zp, const char *zone, const char *dir, const char *file, const char *signed_ext, const zconf_t *cp);
+extern	const	char	*zone_geterrstr ();
+extern	zone_t	*zone_add (zone_t **list, zone_t *new);
+extern	const zone_t	*zone_search (const zone_t *list, const char *name);
+extern	int	zone_readdir (const char *dir, const char *zone, const char *zfile, zone_t **listp, const zconf_t *conf, int dyn_zone);
+extern	const	char	*zone_geterrstr (void);
+extern	int	zone_print (const char *mesg, const zone_t *z);
+
+#endif