diff --git a/bin/tests/system/autosign/ns1/keygen.sh b/bin/tests/system/autosign/ns1/keygen.sh index 20ca32f27b..6ba8f95df9 100644 --- a/bin/tests/system/autosign/ns1/keygen.sh +++ b/bin/tests/system/autosign/ns1/keygen.sh @@ -33,12 +33,12 @@ rm $zsknopriv.private ksksby=`$KEYGEN -3 -a RSASHA1 -q -P now -A now+15s -fk $zone` kskrev=`$KEYGEN -3 -a RSASHA1 -q -R now+15s -fk $zone` -keyfile_to_trusted_keys $ksksby > trusted.conf +keyfile_to_static_keys $ksksby > trusted.conf cp trusted.conf ../ns2/trusted.conf cp trusted.conf ../ns3/trusted.conf cp trusted.conf ../ns4/trusted.conf -keyfile_to_trusted_keys $kskrev > trusted.conf +keyfile_to_static_keys $kskrev > trusted.conf cp trusted.conf ../ns5/trusted.conf echo $zskact > ../active.key diff --git a/bin/tests/system/autosign/ns2/keygen.sh b/bin/tests/system/autosign/ns2/keygen.sh index 2f7d438b4c..0c8b5078d9 100644 --- a/bin/tests/system/autosign/ns2/keygen.sh +++ b/bin/tests/system/autosign/ns2/keygen.sh @@ -37,7 +37,7 @@ zonefile="${zone}.db" infile="${zonefile}.in" ksk=`$KEYGEN -a RSASHA1 -3 -q -fk $zone` $KEYGEN -a RSASHA1 -3 -q $zone > /dev/null -keyfile_to_trusted_keys $ksk > private.conf +keyfile_to_static_keys $ksk > private.conf cp private.conf ../ns4/private.conf $SIGNER -S -3 beef -A -o $zone -f $zonefile $infile > /dev/null 2>&1 diff --git a/bin/tests/system/conf.sh.common b/bin/tests/system/conf.sh.common index 1eb8db8053..9f55b18f32 100644 --- a/bin/tests/system/conf.sh.common +++ b/bin/tests/system/conf.sh.common @@ -225,17 +225,17 @@ keyfile_to_keys_section() { echo "};" } -# keyfile_to_trusted_keys: convert key data contained in the keyfile(s) +# keyfile_to_static_keys: convert key data contained in the keyfile(s) # provided to a *static* "dnssec-keys" section suitable for including in a # resolver's configuration file -keyfile_to_trusted_keys() { +keyfile_to_static_keys() { keyfile_to_keys_section "dnssec-keys" "static-key" $* } -# keyfile_to_managed_keys: convert key data contained in the keyfile(s) -# provided to a "dnssec-keys" section suitable for including in a -# resolver's configuration file -keyfile_to_managed_keys() { +# keyfile_to_initial_keys: convert key data contained in the keyfile(s) +# provided to an *initialzing* "dnssec-keys" section suitable for including +# in a resolver's configuration file +keyfile_to_initial_keys() { keyfile_to_keys_section "dnssec-keys" "initial-key" $* } diff --git a/bin/tests/system/dlv/ns1/sign.sh b/bin/tests/system/dlv/ns1/sign.sh index 1c56240a44..487d609a7f 100755 --- a/bin/tests/system/dlv/ns1/sign.sh +++ b/bin/tests/system/dlv/ns1/sign.sh @@ -32,7 +32,7 @@ $SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signe echo_i "signed $zone" -keyfile_to_trusted_keys $keyname2 > trusted.conf +keyfile_to_static_keys $keyname2 > trusted.conf cp trusted.conf ../ns5 cp trusted.conf ../ns7 cp trusted.conf ../ns8 diff --git a/bin/tests/system/dlv/ns3/sign.sh b/bin/tests/system/dlv/ns3/sign.sh index cd39b600e2..3c8fbdc5d0 100755 --- a/bin/tests/system/dlv/ns3/sign.sh +++ b/bin/tests/system/dlv/ns3/sign.sh @@ -378,18 +378,18 @@ do case $zone in "dlv.utld") $SIGNER -O full -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err - keyfile_to_trusted_keys $keyname2 > ../ns5/trusted-dlv.conf + keyfile_to_static_keys $keyname2 > ../ns5/trusted-dlv.conf ;; "disabled-algorithm-dlv.utld") $SIGNER -O full -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err - keyfile_to_trusted_keys $keyname2 > ../ns8/trusted-dlv-disabled.conf + keyfile_to_static_keys $keyname2 > ../ns8/trusted-dlv-disabled.conf ;; "unsupported-algorithm-dlv.utld") cp ${keyname2}.key ${keyname2}.tmp $SIGNER -O full -o $zone -f ${outfile}.tmp $zonefile > /dev/null 2> signer.err || cat signer.err awk '$4 == "DNSKEY" { $7 = 255 } $4 == "RRSIG" { $6 = 255 } { print }' ${outfile}.tmp > $outfile awk '$3 == "DNSKEY" { $6 = 255 } { print }' ${keyname2}.tmp > ${keyname2}.key - keyfile_to_trusted_keys $keyname2 > ../ns7/trusted-dlv-unsupported.conf + keyfile_to_static_keys $keyname2 > ../ns7/trusted-dlv-unsupported.conf ;; esac diff --git a/bin/tests/system/dnssec/ns1/sign.sh b/bin/tests/system/dnssec/ns1/sign.sh index effebd6f55..5c223ba814 100644 --- a/bin/tests/system/dnssec/ns1/sign.sh +++ b/bin/tests/system/dnssec/ns1/sign.sh @@ -37,8 +37,8 @@ cat "$infile" "$keyname.key" > "$zonefile" "$SIGNER" -P -g -o "$zone" "$zonefile" > /dev/null 2>&1 -# Configure the resolving server with a trusted key. -keyfile_to_trusted_keys "$keyname" > trusted.conf +# Configure the resolving server with a staitc key. +keyfile_to_static_keys "$keyname" > trusted.conf cp trusted.conf ../ns2/trusted.conf cp trusted.conf ../ns3/trusted.conf cp trusted.conf ../ns4/trusted.conf @@ -46,8 +46,8 @@ cp trusted.conf ../ns6/trusted.conf cp trusted.conf ../ns7/trusted.conf cp trusted.conf ../ns9/trusted.conf -# ...or with a managed key. -keyfile_to_managed_keys "$keyname" > managed.conf +# ...or with an initializing key. +keyfile_to_initial_keys "$keyname" > managed.conf cp managed.conf ../ns4/managed.conf # diff --git a/bin/tests/system/dnssec/ns3/sign.sh b/bin/tests/system/dnssec/ns3/sign.sh index e6e45d6c6c..eddaf3efe0 100644 --- a/bin/tests/system/dnssec/ns3/sign.sh +++ b/bin/tests/system/dnssec/ns3/sign.sh @@ -66,10 +66,10 @@ do case $tld in "managed") - keyfile_to_managed_keys $keyname1 $keyname2 $keyname3 $keyname4 $keyname5 > ../ns8/managed.conf + keyfile_to_initial_keys $keyname1 $keyname2 $keyname3 $keyname4 $keyname5 > ../ns8/managed.conf ;; "trusted") - keyfile_to_trusted_keys $keyname1 $keyname2 $keyname3 $keyname4 $keyname5 > ../ns8/trusted.conf + keyfile_to_static_keys $keyname1 $keyname2 $keyname3 $keyname4 $keyname5 > ../ns8/trusted.conf ;; esac done diff --git a/bin/tests/system/dnssec/ns5/sign.sh b/bin/tests/system/dnssec/ns5/sign.sh index 83f08769c0..1c226d5f95 100644 --- a/bin/tests/system/dnssec/ns5/sign.sh +++ b/bin/tests/system/dnssec/ns5/sign.sh @@ -23,7 +23,7 @@ zonefile=root.db.signed keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone") # copy the KSK out first, then revoke it -keyfile_to_managed_keys "$keyname" > revoked.conf +keyfile_to_initial_keys "$keyname" > revoked.conf "$SETTIME" -R now "${keyname}.key" > /dev/null @@ -34,4 +34,4 @@ keyfile_to_managed_keys "$keyname" > revoked.conf keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone ".") -keyfile_to_trusted_keys "$keyname" > trusted.conf +keyfile_to_static_keys "$keyname" > trusted.conf diff --git a/bin/tests/system/dsdigest/ns1/sign.sh b/bin/tests/system/dsdigest/ns1/sign.sh index 12ba92625c..dc893b1631 100644 --- a/bin/tests/system/dsdigest/ns1/sign.sh +++ b/bin/tests/system/dsdigest/ns1/sign.sh @@ -28,8 +28,8 @@ cat $infile $key1.key $key2.key > $zonefile $SIGNER -P -g -o $zone $zonefile > /dev/null -# Configure the resolving server with a trusted key. -keyfile_to_trusted_keys $key2 > trusted.conf +# Configure the resolving server with a static key. +keyfile_to_static_keys $key2 > trusted.conf cp trusted.conf ../ns2/trusted.conf cp trusted.conf ../ns3/trusted.conf cp trusted.conf ../ns4/trusted.conf diff --git a/bin/tests/system/ecdsa/ns1/sign.sh b/bin/tests/system/ecdsa/ns1/sign.sh index a81a3eb61d..518e01d8d1 100644 --- a/bin/tests/system/ecdsa/ns1/sign.sh +++ b/bin/tests/system/ecdsa/ns1/sign.sh @@ -24,6 +24,6 @@ cat $infile $key1.key $key2.key > $zonefile $SIGNER -P -g -o $zone $zonefile > /dev/null 2> signer.err || cat signer.err -# Configure the resolving server with a trusted key. -keyfile_to_trusted_keys $key1 > trusted.conf +# Configure the resolving server with a static key. +keyfile_to_static_keys $key1 > trusted.conf cp trusted.conf ../ns2/trusted.conf diff --git a/bin/tests/system/eddsa/ns1/sign.sh b/bin/tests/system/eddsa/ns1/sign.sh index 85a6cc5030..6806db8c5c 100644 --- a/bin/tests/system/eddsa/ns1/sign.sh +++ b/bin/tests/system/eddsa/ns1/sign.sh @@ -25,8 +25,8 @@ cat $infile $key1.key $key2.key > $zonefile $SIGNER -P -g -o $zone $zonefile > /dev/null 2> signer.err || cat signer.err -# Configure the resolving server with a trusted key. -keyfile_to_trusted_keys $key1 > trusted.conf +# Configure the resolving server with a static key. +keyfile_to_static_keys $key1 > trusted.conf cp trusted.conf ../ns2/trusted.conf cd ../ns2 && $SHELL sign.sh diff --git a/bin/tests/system/filter-aaaa/ns1/sign.sh b/bin/tests/system/filter-aaaa/ns1/sign.sh index 71da6a751e..b1b17e1a9d 100755 --- a/bin/tests/system/filter-aaaa/ns1/sign.sh +++ b/bin/tests/system/filter-aaaa/ns1/sign.sh @@ -26,7 +26,7 @@ $KEYGEN -f KSK -a $DEFAULT_ALGORITHM $zone 2>&1 > keygen.out | cat_i keyname=`cat keygen.out` rm -f keygen.out -keyfile_to_trusted_keys $keyname > trusted.conf +keyfile_to_static_keys $keyname > trusted.conf cp trusted.conf ../ns2/trusted.conf cp trusted.conf ../ns3/trusted.conf cp trusted.conf ../ns5/trusted.conf diff --git a/bin/tests/system/inline/ns1/sign.sh b/bin/tests/system/inline/ns1/sign.sh index 97d8291758..166f4b9c00 100644 --- a/bin/tests/system/inline/ns1/sign.sh +++ b/bin/tests/system/inline/ns1/sign.sh @@ -20,5 +20,5 @@ keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -f KSK $zone` $SIGNER -S -x -T 1200 -o ${zone} root.db > signer.out 2>&1 [ $? = 0 ] || cat signer.out -keyfile_to_trusted_keys $keyname > trusted.conf +keyfile_to_static_keys $keyname > trusted.conf cp trusted.conf ../ns6/trusted.conf diff --git a/bin/tests/system/legacy/ns7/sign.sh b/bin/tests/system/legacy/ns7/sign.sh index 679c74de9c..21ab3d1e5a 100755 --- a/bin/tests/system/legacy/ns7/sign.sh +++ b/bin/tests/system/legacy/ns7/sign.sh @@ -28,5 +28,5 @@ cat $infile $keyname1.key $keyname2.key >$zonefile $SIGNER -g -o $zone -f $outfile -e +30y $zonefile > /dev/null 2> signer.err || cat signer.err -keyfile_to_trusted_keys $keyname2 > trusted.conf +keyfile_to_static_keys $keyname2 > trusted.conf cp trusted.conf ../ns1 diff --git a/bin/tests/system/mirror/ns1/sign.sh b/bin/tests/system/mirror/ns1/sign.sh index 0382585541..2d483cd76a 100644 --- a/bin/tests/system/mirror/ns1/sign.sh +++ b/bin/tests/system/mirror/ns1/sign.sh @@ -33,4 +33,4 @@ $SIGNER -P -g -o $zone $zonefile > /dev/null # irrelevant here, so just reuse the root zone key generated above. sed "s/^\./nonexistent./;" $keyname1.key > $keyname1.modified.key -keyfile_to_trusted_keys $keyname1 $keyname1.modified > trusted.conf +keyfile_to_static_keys $keyname1 $keyname1.modified > trusted.conf diff --git a/bin/tests/system/mirror/ns2/sign.sh b/bin/tests/system/mirror/ns2/sign.sh index 140ebb9403..5553844f30 100644 --- a/bin/tests/system/mirror/ns2/sign.sh +++ b/bin/tests/system/mirror/ns2/sign.sh @@ -75,4 +75,4 @@ for variant in addzone axfr ixfr load reconfig untrusted; do fi done -keyfile_to_trusted_keys $keys_to_trust > trusted-mirror.conf +keyfile_to_static_keys $keys_to_trust > trusted-mirror.conf diff --git a/bin/tests/system/mkeys/ns1/sign.sh b/bin/tests/system/mkeys/ns1/sign.sh index 413fa20081..0e631c3208 100644 --- a/bin/tests/system/mkeys/ns1/sign.sh +++ b/bin/tests/system/mkeys/ns1/sign.sh @@ -20,14 +20,14 @@ zskkeyname=`$KEYGEN -a rsasha256 -q $zone` $SIGNER -Sg -o $zone $zonefile > /dev/null 2>/dev/null -# Configure the resolving server with a managed trusted key. -keyfile_to_managed_keys $keyname > managed.conf +# Configure the resolving server with an initializing key. +keyfile_to_initial_keys $keyname > managed.conf cp managed.conf ../ns2/managed.conf cp managed.conf ../ns4/managed.conf cp managed.conf ../ns5/managed.conf -# Configure a trusted key statement (used by delv). -keyfile_to_trusted_keys $keyname > trusted.conf +# Configure a static key to be used by delv. +keyfile_to_static_keys $keyname > trusted.conf # Prepare an unsupported algorithm key. unsupportedkey=Kunknown.+255+00000 diff --git a/bin/tests/system/mkeys/ns6/setup.sh b/bin/tests/system/mkeys/ns6/setup.sh index 5ba1647da5..2e032e710a 100644 --- a/bin/tests/system/mkeys/ns6/setup.sh +++ b/bin/tests/system/mkeys/ns6/setup.sh @@ -26,5 +26,5 @@ cp unsupported-managed.key "${unsupportedkey}.key" rootkey=`cat ../ns1/managed.key` cp "../ns1/${rootkey}.key" . -# Configure the resolving server with a managed trusted key. -keyfile_to_managed_keys $unsupportedkey $rsakey $rootkey > managed.conf +# Configure the resolving server with an initializing key. +keyfile_to_initial_keys $unsupportedkey $rsakey $rootkey > managed.conf diff --git a/bin/tests/system/mkeys/tests.sh b/bin/tests/system/mkeys/tests.sh index 22409c2d1d..07bcee298d 100644 --- a/bin/tests/system/mkeys/tests.sh +++ b/bin/tests/system/mkeys/tests.sh @@ -301,7 +301,7 @@ status=`expr $status + $ret` echo_i "reinitialize trust anchors, add second key to bind.keys" $PERL $SYSTEMTESTTOP/stop.pl --use-rndc --port ${CONTROLPORT} mkeys ns2 rm -f ns2/managed-keys.bind* -keyfile_to_managed_keys ns1/$original ns1/$standby1 > ns2/managed.conf +keyfile_to_initial_keys ns1/$original ns1/$standby1 > ns2/managed.conf nextpart ns2/named.run > /dev/null $PERL $SYSTEMTESTTOP/start.pl --noclean --restart --port ${PORT} mkeys ns2 diff --git a/bin/tests/system/pending/ns1/sign.sh b/bin/tests/system/pending/ns1/sign.sh index fa0350a5be..fe3fa15612 100644 --- a/bin/tests/system/pending/ns1/sign.sh +++ b/bin/tests/system/pending/ns1/sign.sh @@ -27,8 +27,8 @@ cat $infile $keyname1.key $keyname2.key > $zonefile $SIGNER -g -o $zone $zonefile > /dev/null 2>&1 -# Configure the resolving server with a trusted key. -keyfile_to_trusted_keys $keyname2 > trusted.conf +# Configure the resolving server with a static key. +keyfile_to_static_keys $keyname2 > trusted.conf cp trusted.conf ../ns2/trusted.conf cp trusted.conf ../ns3/trusted.conf cp trusted.conf ../ns4/trusted.conf diff --git a/bin/tests/system/resolver/ns6/keygen.sh b/bin/tests/system/resolver/ns6/keygen.sh index d6272c815f..444e68a359 100644 --- a/bin/tests/system/resolver/ns6/keygen.sh +++ b/bin/tests/system/resolver/ns6/keygen.sh @@ -30,5 +30,5 @@ zsk=`$KEYGEN -q -a rsasha256 $zone` cat $ksk.key $zsk.key dsset-ds.example.net$TP >> $zonefile $SIGNER -P -o $zone $zonefile > /dev/null 2>&1 -# Configure a trusted key statement (used by delv) -keyfile_to_trusted_keys $ksk > ../ns5/trusted.conf +# Configure a static key to be used by delv +keyfile_to_static_keys $ksk > ../ns5/trusted.conf diff --git a/bin/tests/system/rootkeysentinel/ns1/sign.sh b/bin/tests/system/rootkeysentinel/ns1/sign.sh index b364237efa..50eb562763 100644 --- a/bin/tests/system/rootkeysentinel/ns1/sign.sh +++ b/bin/tests/system/rootkeysentinel/ns1/sign.sh @@ -27,8 +27,8 @@ cat $infile $keyname.key > $zonefile $SIGNER -P -g -o $zone $zonefile > /dev/null -# Configure the resolving server with a trusted key. -keyfile_to_trusted_keys $keyname > trusted.conf +# Configure the resolving server with a static key. +keyfile_to_static_keys $keyname > trusted.conf cp trusted.conf ../ns2/trusted.conf cp trusted.conf ../ns3/trusted.conf cp trusted.conf ../ns4/trusted.conf diff --git a/bin/tests/system/rsabigexponent/ns1/sign.sh b/bin/tests/system/rsabigexponent/ns1/sign.sh index 2af6a14515..3b8d4adf69 100755 --- a/bin/tests/system/rsabigexponent/ns1/sign.sh +++ b/bin/tests/system/rsabigexponent/ns1/sign.sh @@ -24,8 +24,8 @@ cat $infile $keyname.key > $zonefile $SIGNER -P -g -o $zone $zonefile > /dev/null -# Configure the resolving server with a trusted key. -keyfile_to_trusted_keys $keyname > trusted.conf +# Configure the resolving server with a static key. +keyfile_to_static_keys $keyname > trusted.conf cp trusted.conf ../ns2/trusted.conf cp trusted.conf ../ns3/trusted.conf diff --git a/bin/tests/system/sfcache/ns1/sign.sh b/bin/tests/system/sfcache/ns1/sign.sh index f448ecca86..c1acdce500 100644 --- a/bin/tests/system/sfcache/ns1/sign.sh +++ b/bin/tests/system/sfcache/ns1/sign.sh @@ -28,9 +28,9 @@ cat "$infile" "$keyname.key" > "$zonefile" $SIGNER -P -g -o $zone $zonefile > /dev/null -# Configure the resolving server with a trusted key. -keyfile_to_trusted_keys "$keyname" > trusted.conf +# Configure the resolving server with a static key. +keyfile_to_static_keys "$keyname" > trusted.conf cp trusted.conf ../ns2/trusted.conf -# ...or with a managed key. -keyfile_to_managed_keys "$keyname" > managed.conf +# ...or with an initializing key. +keyfile_to_initial_keys "$keyname" > managed.conf diff --git a/bin/tests/system/sfcache/ns5/sign.sh b/bin/tests/system/sfcache/ns5/sign.sh index 9dcd9fe732..c369e545eb 100644 --- a/bin/tests/system/sfcache/ns5/sign.sh +++ b/bin/tests/system/sfcache/ns5/sign.sh @@ -16,4 +16,4 @@ set -e keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone ".") -keyfile_to_trusted_keys "$keyname" > trusted.conf +keyfile_to_static_keys "$keyname" > trusted.conf diff --git a/bin/tests/system/staticstub/ns3/sign.sh b/bin/tests/system/staticstub/ns3/sign.sh index 0d1ab35f51..3faf5c5d11 100755 --- a/bin/tests/system/staticstub/ns3/sign.sh +++ b/bin/tests/system/staticstub/ns3/sign.sh @@ -27,7 +27,7 @@ cat $infile $keyname1.key $keyname2.key > $zonefile $SIGNER -g -o $zone $zonefile > /dev/null 2>&1 # Configure the resolving server with a trusted key. -keyfile_to_trusted_keys $keyname2 > trusted.conf +keyfile_to_static_keys $keyname2 > trusted.conf zone=undelegated infile=undelegated.db.in @@ -38,5 +38,5 @@ cat $infile $keyname1.key $keyname2.key > $zonefile $SIGNER -g -o $zone $zonefile > /dev/null 2>&1 -keyfile_to_trusted_keys $keyname2 >> trusted.conf +keyfile_to_static_keys $keyname2 >> trusted.conf cp trusted.conf ../ns2/trusted.conf diff --git a/bin/tests/system/synthfromdnssec/ns1/sign.sh b/bin/tests/system/synthfromdnssec/ns1/sign.sh index 706c49ee38..de7478df78 100644 --- a/bin/tests/system/synthfromdnssec/ns1/sign.sh +++ b/bin/tests/system/synthfromdnssec/ns1/sign.sh @@ -39,5 +39,5 @@ cat "$infile" "$keyname.key" > "$zonefile" $SIGNER -P -g -o $zone $zonefile > /dev/null 2>&1 -# Configure the resolving server with a trusted key. -keyfile_to_trusted_keys "$keyname" > trusted.conf +# Configure the resolving server with a static key. +keyfile_to_static_keys "$keyname" > trusted.conf diff --git a/bin/tests/system/wildcard/ns1/sign.sh b/bin/tests/system/wildcard/ns1/sign.sh index 3148dbb402..de80eb7922 100755 --- a/bin/tests/system/wildcard/ns1/sign.sh +++ b/bin/tests/system/wildcard/ns1/sign.sh @@ -57,7 +57,7 @@ cat $infile $keyname1.key $keyname2.key > $zonefile $SIGNER -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err echo_i "signed $zone" -keyfile_to_trusted_keys $keyname2 > private.nsec.conf +keyfile_to_static_keys $keyname2 > private.nsec.conf zone=nsec3 infile=nsec3.db.in @@ -86,7 +86,7 @@ cat $infile $keyname1.key $keyname2.key > $zonefile $SIGNER -3 - -H 10 -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err echo_i "signed $zone" -keyfile_to_trusted_keys $keyname2 > private.nsec3.conf +keyfile_to_static_keys $keyname2 > private.nsec3.conf zone=. infile=root.db.in @@ -101,4 +101,4 @@ cat $infile $keyname1.key $keyname2.key $dssets >$zonefile $SIGNER -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err echo_i "signed $zone" -keyfile_to_trusted_keys $keyname2 > trusted.conf +keyfile_to_static_keys $keyname2 > trusted.conf