mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-30 22:15:20 +00:00
Code Issues Releases Wiki Activity

[master] added omitted examples directory

Browse Source
This commit is contained in:
Evan Hunt
2014-11-21 08:47:06 -08:00
parent 13fe015cbf
commit ff283cc0bc
23 changed files with 1664 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

161
contrib/zkt-1.1.3/examples/flat/dyn.example.net/zktlog-dyn.example.net. Normal file
View File

@@ -0,0 +1,161 @@
2010-02-21 19:43:15.018: debug: Check RFC5011 status
2010-02-21 19:43:15.018: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-21 19:43:15.018: debug: Check KSK status
2010-02-21 19:43:15.018: debug: No active KSK found: generate new one
2010-02-21 19:43:15.330: info: "dyn.example.net.": generated new KSK 52935
2010-02-21 19:43:15.330: debug: Check ZSK status
2010-02-21 19:43:15.330: debug: No active ZSK found: generate new one
2010-02-21 19:43:15.368: info: "dyn.example.net.": generated new ZSK 30323
2010-02-21 19:43:15.368: debug: Re-signing necessary: Modfied zone key set
2010-02-21 19:43:15.368: notice: "dyn.example.net.": re-signing triggered: Modfied zone key set
2010-02-21 19:43:15.368: debug: Writing key file "./dyn.example.net/dnskey.db"
2010-02-21 19:43:15.368: debug: Signing zone "dyn.example.net."
2010-02-21 19:43:15.368: notice: "dyn.example.net.": freeze dynamic zone
2010-02-21 19:43:15.368: debug: freeze dynamic zone "dyn.example.net."
2010-02-21 19:43:15.368: debug: Run cmd "/usr/local/sbin/rndc freeze dyn.example.net."
2010-02-21 19:43:15.374: debug: Dynamic Zone signing: copy old signed zone file ./dyn.example.net/zone.db.dsigned to new input file ./dyn.example.net/zone.db
2010-02-21 19:43:15.374: debug: Run cmd "cd ./dyn.example.net; /usr/local/sbin/dnssec-signzone -n 1 -3 76931F -C -g -p -d ../keysets -o dyn.example.net. -e +518400 -N increment -f zone.db.dsigned zone.db K*.private 2>&1"
2010-02-21 19:43:15.382: debug: Cmd dnssec-signzone return: "dnssec-signzone: fatal: Zone contains NSEC records. Use -u to update to NSEC3."
2010-02-21 19:43:15.382: error: "dyn.example.net.": signing failed!
2010-02-21 19:43:15.382: notice: "dyn.example.net.": thaw dynamic zone
2010-02-21 19:43:15.382: debug: thaw dynamic zone "dyn.example.net."
2010-02-21 19:43:15.382: debug: Run cmd "/usr/local/sbin/rndc thaw dyn.example.net."
2010-02-21 19:45:36.415: debug: Check RFC5011 status
2010-02-21 19:45:36.416: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-21 19:45:36.416: debug: Check KSK status
2010-02-21 19:45:36.416: debug: Check ZSK status
2010-02-21 19:45:36.416: debug: Re-signing not necessary!
2010-02-21 19:45:36.416: debug: Check if there is a parent file to copy
2010-02-21 19:45:41.448: debug: Check RFC5011 status
2010-02-21 19:45:41.448: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-21 19:45:41.448: debug: Check KSK status
2010-02-21 19:45:41.448: debug: Check ZSK status
2010-02-21 19:45:41.448: debug: Re-signing necessary: Option -f
2010-02-21 19:45:41.448: notice: "dyn.example.net.": re-signing triggered: Option -f
2010-02-21 19:45:41.448: debug: Writing key file "./dyn.example.net/dnskey.db"
2010-02-21 19:45:41.448: debug: Signing zone "dyn.example.net."
2010-02-21 19:45:41.448: notice: "dyn.example.net.": freeze dynamic zone
2010-02-21 19:45:41.448: debug: freeze dynamic zone "dyn.example.net."
2010-02-21 19:45:41.448: debug: Run cmd "/usr/local/sbin/rndc freeze dyn.example.net."
2010-02-21 19:45:41.457: debug: Dynamic Zone signing: copy old signed zone file ./dyn.example.net/zone.db.dsigned to new input file ./dyn.example.net/zone.db
2010-02-21 19:45:41.458: debug: Run cmd "cd ./dyn.example.net; /usr/local/sbin/dnssec-signzone -n 1 -3 76931F -C -g -p -d ../keysets -o dyn.example.net. -e +518400 -N increment -f zone.db.dsigned zone.db K*.private 2>&1"
2010-02-21 19:45:41.473: debug: Cmd dnssec-signzone return: "dnssec-signzone: fatal: NSEC3 generation requested with NSEC only DNSKEY"
2010-02-21 19:45:41.473: error: "dyn.example.net.": signing failed!
2010-02-21 19:45:41.473: notice: "dyn.example.net.": thaw dynamic zone
2010-02-21 19:45:41.473: debug: thaw dynamic zone "dyn.example.net."
2010-02-21 19:45:41.473: debug: Run cmd "/usr/local/sbin/rndc thaw dyn.example.net."
2010-02-21 19:47:06.899: debug: Check RFC5011 status
2010-02-21 19:47:06.899: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-21 19:47:06.899: debug: Check KSK status
2010-02-21 19:47:06.899: debug: Check ZSK status
2010-02-21 19:47:06.899: debug: Re-signing necessary: Option -f
2010-02-21 19:47:06.899: notice: "dyn.example.net.": re-signing triggered: Option -f
2010-02-21 19:47:06.899: debug: Writing key file "./dyn.example.net/dnskey.db"
2010-02-21 19:47:06.900: debug: Signing zone "dyn.example.net."
2010-02-21 19:47:06.900: notice: "dyn.example.net.": freeze dynamic zone
2010-02-21 19:47:06.900: debug: freeze dynamic zone "dyn.example.net."
2010-02-21 19:47:06.900: debug: Run cmd "/usr/local/sbin/rndc freeze dyn.example.net."
2010-02-21 19:47:06.910: debug: Dynamic Zone signing: copy old signed zone file ./dyn.example.net/zone.db.dsigned to new input file ./dyn.example.net/zone.db
2010-02-21 19:47:06.910: debug: Run cmd "cd ./dyn.example.net; /usr/local/sbin/dnssec-signzone -n 1 -3 76931F -C -g -p -d ../keysets -o dyn.example.net. -e +518400 -N increment -f zone.db.dsigned zone.db K*.private 2>&1"
2010-02-21 19:47:06.926: debug: Cmd dnssec-signzone return: "dnssec-signzone: fatal: NSEC3 iterations too big for weakest DNSKEY strength. Maximum iterations allowed 0."
2010-02-21 19:47:06.926: error: "dyn.example.net.": signing failed!
2010-02-21 19:47:06.926: notice: "dyn.example.net.": thaw dynamic zone
2010-02-21 19:47:06.926: debug: thaw dynamic zone "dyn.example.net."
2010-02-21 19:47:06.926: debug: Run cmd "/usr/local/sbin/rndc thaw dyn.example.net."
2010-02-21 19:58:40.972: debug: Check RFC5011 status
2010-02-21 19:58:40.972: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-21 19:58:40.972: debug: Check KSK status
2010-02-21 19:58:40.972: debug: Check ZSK status
2010-02-21 19:58:40.973: debug: Re-signing necessary: Option -f
2010-02-21 19:58:40.973: notice: "dyn.example.net.": re-signing triggered: Option -f
2010-02-21 19:58:40.973: debug: Writing key file "./dyn.example.net/dnskey.db"
2010-02-21 19:58:40.973: debug: Signing zone "dyn.example.net."
2010-02-21 19:58:40.973: notice: "dyn.example.net.": freeze dynamic zone
2010-02-21 19:58:40.973: debug: freeze dynamic zone "dyn.example.net."
2010-02-21 19:58:40.973: debug: Run cmd "/usr/local/sbin/rndc freeze dyn.example.net."
2010-02-21 19:58:40.982: debug: Dynamic Zone signing: zone file manually edited: Use it as new input file
2010-02-21 19:58:40.982: debug: Dynamic Zone signing: copy old signed zone file ./dyn.example.net/zone.db.dsigned to new input file ./dyn.example.net/zone.db
2010-02-21 19:58:40.983: debug: Run cmd "cd ./dyn.example.net; /usr/local/sbin/dnssec-signzone -n 1 -3 76931F -C -g -p -d ../keysets -o dyn.example.net. -e +518400 -N increment -f zone.db.dsigned zone.db K*.private 2>&1"
2010-02-21 19:58:40.999: debug: Cmd dnssec-signzone return: "dnssec-signzone: fatal: NSEC3 iterations too big for weakest DNSKEY strength. Maximum iterations allowed 0."
2010-02-21 19:58:40.999: error: "dyn.example.net.": signing failed!
2010-02-21 19:58:40.999: notice: "dyn.example.net.": thaw dynamic zone
2010-02-21 19:58:40.999: debug: thaw dynamic zone "dyn.example.net."
2010-02-21 19:58:40.999: debug: Run cmd "/usr/local/sbin/rndc thaw dyn.example.net."
2010-02-21 20:00:48.833: debug: Check RFC5011 status
2010-02-21 20:00:48.833: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-21 20:00:48.833: debug: Check KSK status
2010-02-21 20:00:48.833: debug: Check ZSK status
2010-02-21 20:00:48.833: debug: Re-signing necessary: Option -f
2010-02-21 20:00:48.833: notice: "dyn.example.net.": re-signing triggered: Option -f
2010-02-21 20:00:48.833: debug: Writing key file "./dyn.example.net/dnskey.db"
2010-02-21 20:00:48.834: debug: Signing zone "dyn.example.net."
2010-02-21 20:00:48.834: notice: "dyn.example.net.": freeze dynamic zone
2010-02-21 20:00:48.834: debug: freeze dynamic zone "dyn.example.net."
2010-02-21 20:00:48.834: debug: Run cmd "/usr/local/sbin/rndc freeze dyn.example.net."
2010-02-21 20:00:48.844: debug: Dynamic Zone signing: copy old signed zone file ./dyn.example.net/zone.db.dsigned to new input file ./dyn.example.net/zone.db
2010-02-21 20:00:48.844: debug: Run cmd "cd ./dyn.example.net; /usr/local/sbin/dnssec-signzone -n 1 -3 76931F -C -g -p -d ../keysets -o dyn.example.net. -e +518400 -N increment -f zone.db.dsigned zone.db K*.private 2>&1"
2010-02-21 20:00:48.878: debug: Cmd dnssec-signzone return: "zone.db.dsigned"
2010-02-21 20:00:48.878: notice: "dyn.example.net.": thaw dynamic zone
2010-02-21 20:00:48.878: debug: thaw dynamic zone "dyn.example.net."
2010-02-21 20:00:48.878: debug: Run cmd "/usr/local/sbin/rndc thaw dyn.example.net."
2010-02-21 20:00:48.884: debug: Signing completed after 0s.
2010-02-21 20:01:11.175: debug: Check RFC5011 status
2010-02-21 20:01:11.175: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-21 20:01:11.175: debug: Check KSK status
2010-02-21 20:01:11.175: debug: Check ZSK status
2010-02-21 20:01:11.176: debug: Re-signing necessary: Option -f
2010-02-21 20:01:11.176: notice: "dyn.example.net.": re-signing triggered: Option -f
2010-02-21 20:01:11.176: debug: Writing key file "./dyn.example.net/dnskey.db"
2010-02-21 20:01:11.176: debug: Signing zone "dyn.example.net."
2010-02-21 20:01:11.176: notice: "dyn.example.net.": freeze dynamic zone
2010-02-21 20:01:11.176: debug: freeze dynamic zone "dyn.example.net."
2010-02-21 20:01:11.176: debug: Run cmd "/usr/local/sbin/rndc freeze dyn.example.net."
2010-02-21 20:01:11.181: debug: Dynamic Zone signing: copy old signed zone file ./dyn.example.net/zone.db.dsigned to new input file ./dyn.example.net/zone.db
2010-02-21 20:01:11.181: debug: Run cmd "cd ./dyn.example.net; /usr/local/sbin/dnssec-signzone -n 1 -3 76931F -C -g -p -d ../keysets -o dyn.example.net. -e +518400 -N increment -f zone.db.dsigned zone.db K*.private 2>&1"
2010-02-21 20:01:11.202: debug: Cmd dnssec-signzone return: "zone.db.dsigned"
2010-02-21 20:01:11.202: notice: "dyn.example.net.": thaw dynamic zone
2010-02-21 20:01:11.203: debug: thaw dynamic zone "dyn.example.net."
2010-02-21 20:01:11.203: debug: Run cmd "/usr/local/sbin/rndc thaw dyn.example.net."
2010-02-21 20:01:11.208: debug: Signing completed after 0s.
2010-02-21 20:01:17.175: debug: Check RFC5011 status
2010-02-21 20:01:17.175: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-21 20:01:17.175: debug: Check KSK status
2010-02-21 20:01:17.175: debug: Check ZSK status
2010-02-21 20:01:17.176: debug: Re-signing not necessary!
2010-02-21 20:01:17.176: debug: Check if there is a parent file to copy
2010-02-25 23:42:29.326: debug: Check RFC5011 status
2010-02-25 23:42:29.326: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-25 23:42:29.326: debug: Check KSK status
2010-02-25 23:42:29.326: debug: Check ZSK status
2010-02-25 23:42:29.326: debug: Re-signing necessary: re-signing interval (2d) reached
2010-02-25 23:42:29.326: notice: "dyn.example.net.": re-signing triggered: re-signing interval (2d) reached
2010-02-25 23:42:29.326: debug: Writing key file "./dyn.example.net/dnskey.db"
2010-02-25 23:42:29.327: debug: Signing zone "dyn.example.net."
2010-02-25 23:42:29.327: notice: "dyn.example.net.": freeze dynamic zone
2010-02-25 23:42:29.327: debug: freeze dynamic zone "dyn.example.net."
2010-02-25 23:42:29.327: debug: Run cmd "/usr/local/sbin/rndc freeze dyn.example.net."
2010-02-25 23:42:29.388: debug: Dynamic Zone signing: copy old signed zone file ./dyn.example.net/zone.db.dsigned to new input file ./dyn.example.net/zone.db
2010-02-25 23:42:29.425: debug: Run cmd "cd ./dyn.example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -3 76931F -C -g -p -d ../keysets -o dyn.example.net. -e +518400 -N increment -f zone.db.dsigned zone.db K*.private 2>&1"
2010-02-25 23:42:29.471: debug: Cmd dnssec-signzone return: "zone.db.dsigned"
2010-02-25 23:42:29.471: notice: "dyn.example.net.": thaw dynamic zone
2010-02-25 23:42:29.471: debug: thaw dynamic zone "dyn.example.net."
2010-02-25 23:42:29.471: debug: Run cmd "/usr/local/sbin/rndc thaw dyn.example.net."
2010-02-25 23:42:29.486: debug: Signing completed after 0s.
2010-03-02 10:59:46.770: debug: Check RFC5011 status
2010-03-02 10:59:46.770: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-03-02 10:59:46.770: debug: Check KSK status
2010-03-02 10:59:46.770: debug: Check ZSK status
2010-03-02 10:59:46.770: debug: Re-signing necessary: re-signing interval (2d) reached
2010-03-02 10:59:46.770: notice: "dyn.example.net.": re-signing triggered: re-signing interval (2d) reached
2010-03-02 10:59:46.770: debug: Writing key file "./dyn.example.net/dnskey.db"
2010-03-02 10:59:46.770: debug: Signing zone "dyn.example.net."
2010-03-02 10:59:46.770: notice: "dyn.example.net.": freeze dynamic zone
2010-03-02 10:59:46.770: debug: freeze dynamic zone "dyn.example.net."
2010-03-02 10:59:46.770: debug: Run cmd "/usr/local/sbin/rndc freeze dyn.example.net."
2010-03-02 10:59:46.852: debug: Dynamic Zone signing: copy old signed zone file ./dyn.example.net/zone.db.dsigned to new input file ./dyn.example.net/zone.db
2010-03-02 10:59:46.875: debug: Run cmd "cd ./dyn.example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -3 76931F -C -g -p -d ../keysets -o dyn.example.net. -e +518400 -N increment -f zone.db.dsigned zone.db K*.private 2>&1"
2010-03-02 10:59:46.950: debug: Cmd dnssec-signzone return: "zone.db.dsigned"
2010-03-02 10:59:46.950: notice: "dyn.example.net.": thaw dynamic zone
2010-03-02 10:59:46.950: debug: thaw dynamic zone "dyn.example.net."
2010-03-02 10:59:46.950: debug: Run cmd "/usr/local/sbin/rndc thaw dyn.example.net."
2010-03-02 10:59:46.964: debug: Signing completed after 0s.

687
contrib/zkt-1.1.3/examples/flat/example.net/zktlog-example.net. Normal file
View File

@@ -0,0 +1,687 @@
2010-02-06 00:26:54.533: debug: Check RFC5011 status
2010-02-06 00:26:54.533: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-06 00:26:54.533: debug: Check KSK status
2010-02-06 00:26:54.533: debug: Check ZSK status
2010-02-06 00:26:54.533: debug: Re-signing not necessary!
2010-02-06 00:26:54.533: debug: Check if there is a parent file to copy
2010-02-06 00:29:31.291: debug: Check RFC5011 status
2010-02-06 00:29:31.291: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-06 00:29:31.291: debug: Check KSK status
2010-02-06 00:29:31.292: debug: Check ZSK status
2010-02-06 00:29:31.292: debug: Re-signing not necessary!
2010-02-06 00:29:31.292: debug: Check if there is a parent file to copy
2010-02-06 00:40:35.043: debug: Check RFC5011 status
2010-02-06 00:40:35.043: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-06 00:40:35.043: debug: Check KSK status
2010-02-06 00:40:35.043: debug: Check ZSK status
2010-02-06 00:40:35.043: debug: Re-signing not necessary!
2010-02-06 00:40:35.043: debug: Check if there is a parent file to copy
2010-02-06 00:52:55.403: debug: Check RFC5011 status
2010-02-06 00:52:55.403: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-06 00:52:55.403: debug: Check KSK status
2010-02-06 00:52:55.403: debug: Check ZSK status
2010-02-06 00:52:55.403: debug: Re-signing not necessary!
2010-02-06 00:52:55.403: debug: Check if there is a parent file to copy
2010-02-07 13:53:48.304: debug: Check RFC5011 status
2010-02-07 13:53:48.304: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-07 13:53:48.304: debug: Check KSK status
2010-02-07 13:53:48.304: debug: Check ZSK status
2010-02-07 13:53:48.304: debug: Re-signing not necessary!
2010-02-07 13:53:48.304: debug: Check if there is a parent file to copy
2010-02-07 13:54:03.466: debug: Check RFC5011 status
2010-02-07 13:54:03.466: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-07 13:54:03.466: debug: Check KSK status
2010-02-07 13:54:03.466: debug: Check ZSK status
2010-02-07 13:54:03.466: debug: Re-signing not necessary!
2010-02-07 13:54:03.466: debug: Check if there is a parent file to copy
2010-02-07 13:54:08.019: debug: Check RFC5011 status
2010-02-07 13:54:08.019: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-07 13:54:08.020: debug: Check KSK status
2010-02-07 13:54:08.020: debug: Check ZSK status
2010-02-07 13:54:08.020: debug: Re-signing necessary: Option -f
2010-02-07 13:54:08.020: notice: "example.net.": re-signing triggered: Option -f
2010-02-07 13:54:08.020: debug: Writing key file "./example.net/dnskey.db"
2010-02-07 13:54:08.020: debug: Incrementing serial number in file "./example.net/zone.db"
2010-02-07 13:54:08.020: debug: Signing zone "example.net."
2010-02-07 13:54:08.021: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
2010-02-07 13:54:08.125: debug: Cmd dnssec-signzone return: "zone.db.signed"
2010-02-07 13:54:08.125: debug: Signing completed after 0s.
2010-02-07 13:54:08.125: notice: "example.net.": distribution triggered
2010-02-07 13:54:08.125: debug: Distribute zone "example.net."
2010-02-07 13:54:08.125: debug: Run cmd "./dist.sh distribute example.net. ./example.net/zone.db.signed "
2010-02-07 13:54:08.129: debug: ./dist.sh distribute return: "scp ./example.net/zone.db.signed localhost:/var/named/example.net./"
2010-02-07 13:54:08.129: notice: "example.net.": reload triggered
2010-02-07 13:54:08.129: debug: Reload zone "example.net."
2010-02-07 13:54:08.129: debug: Run cmd "./dist.sh reload example.net. ./example.net/zone.db.signed "
2010-02-07 13:54:08.139: debug: ./dist.sh reload return: "rndc reload example.net. "
2010-02-07 14:06:27.670: debug: Check RFC5011 status
2010-02-07 14:06:27.670: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-07 14:06:27.670: debug: Check KSK status
2010-02-07 14:06:27.670: debug: Check ZSK status
2010-02-07 14:06:27.670: debug: Re-signing not necessary!
2010-02-07 14:06:27.671: debug: Check if there is a parent file to copy
2010-02-07 14:06:33.753: debug: Check RFC5011 status
2010-02-07 14:06:33.753: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-07 14:06:33.753: debug: Check KSK status
2010-02-07 14:06:33.753: debug: Check ZSK status
2010-02-07 14:06:33.753: debug: Re-signing necessary: Option -f
2010-02-07 14:06:33.753: notice: "example.net.": re-signing triggered: Option -f
2010-02-07 14:06:33.753: debug: Writing key file "./example.net/dnskey.db"
2010-02-07 14:06:33.754: debug: Incrementing serial number in file "./example.net/zone.db"
2010-02-07 14:06:33.754: debug: Signing zone "example.net."
2010-02-07 14:06:33.754: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
2010-02-07 14:06:33.790: debug: Cmd dnssec-signzone return: "zone.db.signed"
2010-02-07 14:06:33.790: debug: Signing completed after 0s.
2010-02-07 14:06:33.790: notice: "example.net.": distribution triggered
2010-02-07 14:06:33.790: debug: Distribute zone "example.net."
2010-02-07 14:06:33.790: debug: Run cmd "./dist.sh distribute example.net. ./example.net/zone.db.signed "
2010-02-07 14:06:33.794: debug: ./dist.sh distribute return: "scp ./example.net/zone.db.signed localhost:/var/named/example.net./"
2010-02-07 14:06:33.794: notice: "example.net.": reload triggered
2010-02-07 14:06:33.794: debug: Reload zone "example.net."
2010-02-07 14:06:33.794: debug: Run cmd "./dist.sh reload example.net. ./example.net/zone.db.signed "
2010-02-07 14:06:33.797: debug: ./dist.sh reload return: "rndc reload example.net. "
2010-02-21 12:50:43.587: debug: Check RFC5011 status
2010-02-21 12:50:43.587: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-21 12:50:43.587: debug: Check KSK status
2010-02-21 12:50:43.587: debug: Check ZSK status
2010-02-21 12:50:43.587: debug: Lifetime(1209600 +/-150 sec) of active key 33002 exceeded (2394625 sec)
2010-02-21 12:50:43.587: debug: ->depreciate it
2010-02-21 12:50:43.587: debug: ->activate published key 29240
2010-02-21 12:50:43.587: notice: "example.net.": lifetime of zone signing key 33002 exceeded: ZSK rollover done
2010-02-21 12:50:43.587: debug: New key for publishing needed
2010-02-21 12:50:43.658: debug: ->creating new key 5525
2010-02-21 12:50:43.658: info: "example.net.": new key 5525 generated for publishing
2010-02-21 12:50:43.658: debug: Re-signing necessary: Modfied zone key set
2010-02-21 12:50:43.658: notice: "example.net.": re-signing triggered: Modfied zone key set
2010-02-21 12:50:43.658: debug: Writing key file "./example.net/dnskey.db"
2010-02-21 12:50:43.665: debug: Incrementing serial number in file "./example.net/zone.db"
2010-02-21 12:50:43.665: debug: Signing zone "example.net."
2010-02-21 12:50:43.665: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
2010-02-21 12:50:43.733: debug: Cmd dnssec-signzone return: "zone.db.signed"
2010-02-21 12:50:43.733: debug: Signing completed after 0s.
2010-02-21 12:50:51.205: debug: Check RFC5011 status
2010-02-21 12:50:51.205: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-21 12:50:51.205: debug: Check KSK status
2010-02-21 12:50:51.205: debug: Check ZSK status
2010-02-21 12:50:51.205: debug: Re-signing not necessary!
2010-02-21 12:50:51.205: debug: Check if there is a parent file to copy
2010-02-21 12:51:23.497: debug: Check RFC5011 status
2010-02-21 12:51:23.497: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-21 12:51:23.497: debug: Check KSK status
2010-02-21 12:51:23.497: debug: Check ZSK status
2010-02-21 12:51:23.497: debug: Re-signing not necessary!
2010-02-21 12:51:23.497: debug: Check if there is a parent file to copy
2010-02-21 19:16:18.594: debug: Check RFC5011 status
2010-02-21 19:16:18.594: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-21 19:16:18.594: debug: Check KSK status
2010-02-21 19:16:18.594: debug: Check ZSK status
2010-02-21 19:16:18.594: debug: Re-signing not necessary!
2010-02-21 19:16:18.594: debug: Check if there is a parent file to copy
2010-02-21 19:32:11.378: debug: Check RFC5011 status
2010-02-21 19:32:11.378: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-21 19:32:11.378: debug: Check KSK status
2010-02-21 19:32:11.378: debug: Check ZSK status
2010-02-21 19:32:11.378: debug: Re-signing not necessary!
2010-02-21 19:32:11.378: debug: Check if there is a parent file to copy
2010-02-21 19:32:15.982: debug: Check RFC5011 status
2010-02-21 19:32:15.982: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-21 19:32:15.982: debug: Check KSK status
2010-02-21 19:32:15.982: debug: Check ZSK status
2010-02-21 19:32:15.982: debug: Re-signing necessary: Option -f
2010-02-21 19:32:15.982: notice: "example.net.": re-signing triggered: Option -f
2010-02-21 19:32:15.982: debug: Writing key file "./example.net/dnskey.db"
2010-02-21 19:32:15.982: debug: Incrementing serial number in file "./example.net/zone.db"
2010-02-21 19:32:15.982: debug: Signing zone "example.net."
2010-02-21 19:32:15.982: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
2010-02-21 19:32:16.019: debug: Cmd dnssec-signzone return: "zone.db.signed"
2010-02-21 19:32:16.019: debug: Signing completed after 1s.
2010-02-21 19:32:32.232: debug: Check RFC5011 status
2010-02-21 19:32:32.232: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-21 19:32:32.233: debug: Check KSK status
2010-02-21 19:32:32.233: debug: Check ZSK status
2010-02-21 19:32:32.233: debug: Re-signing necessary: Option -f
2010-02-21 19:32:32.233: notice: "example.net.": re-signing triggered: Option -f
2010-02-21 19:32:32.233: debug: Writing key file "./example.net/dnskey.db"
2010-02-21 19:32:32.233: debug: Incrementing serial number in file "./example.net/zone.db"
2010-02-21 19:32:32.233: debug: Signing zone "example.net."
2010-02-21 19:32:32.233: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
2010-02-21 19:32:32.273: debug: Cmd dnssec-signzone return: "zone.db.signed"
2010-02-21 19:32:32.273: debug: Signing completed after 0s.
2010-02-25 00:12:27.060: debug: Check RFC5011 status
2010-02-25 00:12:27.060: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-25 00:12:27.060: debug: Check KSK status
2010-02-25 00:12:27.060: debug: Check ZSK status
2010-02-25 00:12:27.060: debug: Lifetime(29100 sec) of depreciated key 33002 exceeded (300104 sec)
2010-02-25 00:12:27.060: info: "example.net.": old ZSK 33002 removed
2010-02-25 00:12:27.081: debug: ->remove it
2010-02-25 00:12:27.082: debug: Re-signing necessary: Modfied zone key set
2010-02-25 00:12:27.082: notice: "example.net.": re-signing triggered: Modfied zone key set
2010-02-25 00:12:27.082: debug: Writing key file "./example.net/dnskey.db"
2010-02-25 00:12:27.086: debug: Incrementing serial number in file "./example.net/zone.db"
2010-02-25 00:12:27.086: debug: Signing zone "example.net."
2010-02-25 00:12:27.086: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
2010-02-25 00:12:27.173: debug: Cmd dnssec-signzone return: "zone.db.signed"
2010-02-25 00:12:27.174: debug: Signing completed after 0s.
2010-02-25 23:42:21.013: debug: Check RFC5011 status
2010-02-25 23:42:21.013: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-25 23:42:21.013: debug: Check KSK status
2010-02-25 23:42:21.013: debug: Check ZSK status
2010-02-25 23:42:21.013: debug: Re-signing not necessary!
2010-02-25 23:42:21.013: debug: Check if there is a parent file to copy
2010-03-02 10:59:12.416: debug: Check RFC5011 status
2010-03-02 10:59:12.416: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-03-02 10:59:12.416: debug: Check KSK status
2010-03-02 10:59:12.416: debug: Check ZSK status
2010-03-02 10:59:12.416: debug: Re-signing necessary: re-signing interval (2d) reached
2010-03-02 10:59:12.416: notice: "example.net.": re-signing triggered: re-signing interval (2d) reached
2010-03-02 10:59:12.416: debug: Writing key file "./example.net/dnskey.db"
2010-03-02 10:59:12.449: debug: Incrementing serial number in file "./example.net/zone.db"
2010-03-02 10:59:12.449: debug: Signing zone "example.net."
2010-03-02 10:59:12.450: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
2010-03-02 10:59:12.530: debug: Cmd dnssec-signzone return: "zone.db.signed"
2010-03-02 10:59:12.530: debug: Signing completed after 0s.
2010-03-03 23:22:00.415: debug: Check RFC5011 status
2010-03-03 23:22:00.415: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-03-03 23:22:00.415: debug: Check KSK status
2010-03-03 23:22:00.415: debug: Check ZSK status
2010-03-03 23:22:00.416: debug: Re-signing not necessary!
2010-03-03 23:22:00.416: debug: Check if there is a parent file to copy
2010-03-08 23:11:50.170: debug: Check RFC5011 status
2010-03-08 23:11:50.170: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-03-08 23:11:50.170: debug: Check KSK status
2010-03-08 23:11:50.170: debug: Check ZSK status
2010-03-08 23:11:50.171: debug: Lifetime(1209600 +/-150 sec) of active key 29240 exceeded (1333267 sec)
2010-03-08 23:11:50.171: debug: ->depreciate it
2010-03-08 23:11:50.171: debug: ->activate published key 5525
2010-03-08 23:11:50.171: notice: "example.net.": lifetime of zone signing key 29240 exceeded: ZSK rollover done
2010-03-08 23:11:50.171: debug: New key for publishing needed
2010-03-08 23:11:50.228: debug: ->creating new key 21482
2010-03-08 23:11:50.228: info: "example.net.": new key 21482 generated for publishing
2010-03-08 23:11:50.228: debug: Re-signing necessary: Modfied zone key set
2010-03-08 23:11:50.228: notice: "example.net.": re-signing triggered: Modfied zone key set
2010-03-08 23:11:50.228: debug: Writing key file "././example.net/dnskey.db"
2010-03-08 23:11:50.235: debug: Incrementing serial number in file "././example.net/zone.db"
2010-03-08 23:11:50.235: debug: Signing zone "example.net."
2010-03-08 23:11:50.235: debug: Run cmd "cd ././example.net; /usr/local/sbin/dnssec-signzone -n 1 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
2010-03-08 23:11:50.294: debug: Cmd dnssec-signzone return: "zone.db.signed"
2010-03-08 23:11:50.294: debug: Signing completed after 0s.
2010-03-08 23:12:56.212: debug: Check RFC5011 status
2010-03-08 23:12:56.212: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-03-08 23:12:56.212: debug: Check KSK status
2010-03-08 23:12:56.212: debug: Check ZSK status
2010-03-08 23:12:56.212: debug: Re-signing necessary: Modfied zone key set
2010-03-08 23:12:56.212: notice: "example.net.": re-signing triggered: Modfied zone key set
2010-03-08 23:12:56.212: debug: Writing key file "././example.net/dnskey.db"
2010-03-08 23:12:56.213: debug: Incrementing serial number in file "././example.net/zone.db"
2010-03-08 23:12:56.213: debug: Signing zone "example.net."
2010-03-08 23:12:56.213: debug: Run cmd "cd ././example.net; /usr/local/sbin/dnssec-signzone -n 1 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
2010-03-08 23:12:56.278: debug: Cmd dnssec-signzone return: "zone.db.signed"
2010-03-08 23:12:56.279: debug: Signing completed after 0s.
2010-03-08 23:13:36.984: debug: Check RFC5011 status
2010-03-08 23:13:36.984: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-03-08 23:13:36.984: debug: Check KSK status
2010-03-08 23:13:36.984: debug: Check ZSK status
2010-03-08 23:13:36.985: debug: Re-signing not necessary!
2010-03-08 23:13:36.985: debug: Check if there is a parent file to copy
2010-03-08 23:18:52.287: debug: Check RFC5011 status
2010-03-08 23:18:52.287: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-03-08 23:18:52.287: debug: Check KSK status
2010-03-08 23:18:52.287: debug: Check ZSK status
2010-03-08 23:18:52.287: debug: Re-signing not necessary!
2010-03-08 23:18:52.287: debug: Check if there is a parent file to copy
2010-03-11 23:46:35.831: debug: Check RFC5011 status
2010-03-11 23:46:35.831: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-03-11 23:46:35.831: debug: Check KSK status
2010-03-11 23:46:35.831: debug: Check ZSK status
2010-03-11 23:46:35.831: debug: Lifetime(29100 sec) of depreciated key 29240 exceeded (261285 sec)
2010-03-11 23:46:35.831: info: "example.net.": old ZSK 29240 removed
2010-03-11 23:46:35.832: debug: ->remove it
2010-03-11 23:46:35.832: debug: Re-signing necessary: Modfied zone key set
2010-03-11 23:46:35.832: notice: "example.net.": re-signing triggered: Modfied zone key set
2010-03-11 23:46:35.832: debug: Writing key file "./example.net/dnskey.db"
2010-03-11 23:46:35.841: debug: Incrementing serial number in file "./example.net/zone.db"
2010-03-11 23:46:35.841: debug: Signing zone "example.net."
2010-03-11 23:46:35.841: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
2010-03-11 23:46:35.929: debug: Cmd dnssec-signzone return: "zone.db.signed"
2010-03-11 23:46:35.929: debug: Signing completed after 0s.
2010-03-11 23:52:33.132: debug: Check RFC5011 status
2010-03-11 23:52:33.132: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-03-11 23:52:33.133: debug: Check KSK status
2010-03-11 23:52:33.133: debug: No active KSK found: generate new one
2010-03-11 23:52:33.374: info: "example.net.": generated new KSK 8406
2010-03-11 23:52:33.374: debug: Check ZSK status
2010-03-11 23:52:33.374: debug: No active ZSK found: generate new one
2010-03-11 23:52:33.400: info: "example.net.": generated new ZSK 36257
2010-03-11 23:52:33.400: debug: Re-signing necessary: Modfied zone key set
2010-03-11 23:52:33.400: notice: "example.net.": re-signing triggered: Modfied zone key set
2010-03-11 23:52:33.400: debug: Writing key file "./example.net/dnskey.db"
2010-03-11 23:52:33.400: debug: Incrementing serial number in file "./example.net/zone.db"
2010-03-11 23:52:33.400: debug: Signing zone "example.net."
2010-03-11 23:52:33.400: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -A -3 69AE05 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
2010-03-11 23:52:33.408: debug: Cmd dnssec-signzone return: "dnssec-signzone: fatal: NSEC3 generation requested with NSEC only DNSKEY"
2010-03-11 23:52:33.408: error: "example.net.": signing failed!
2010-03-11 23:53:27.856: debug: Check RFC5011 status
2010-03-11 23:53:27.856: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-03-11 23:53:27.856: debug: Check KSK status
2010-03-11 23:53:27.856: debug: Check ZSK status
2010-03-11 23:53:27.856: debug: Re-signing necessary: Modified keys
2010-03-11 23:53:27.856: notice: "example.net.": re-signing triggered: Modified keys
2010-03-11 23:53:27.856: debug: Writing key file "./example.net/dnskey.db"
2010-03-11 23:53:27.856: debug: Incrementing serial number in file "./example.net/zone.db"
2010-03-11 23:53:27.856: debug: Signing zone "example.net."
2010-03-11 23:53:27.856: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -A -3 67AA7F -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
2010-03-11 23:53:27.920: debug: Cmd dnssec-signzone return: "zone.db.signed"
2010-03-11 23:53:27.920: debug: Signing completed after 0s.
2010-07-05 08:15:24.179: debug: Check RFC5011 status
2010-07-05 08:15:24.179: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-07-05 08:15:24.179: debug: Check KSK status
2010-07-05 08:15:24.179: warning: "example.net.": lifetime of key signing key 8406 exceeded since 4w5d12h49m44s
2010-07-05 08:15:24.179: debug: Check ZSK status
2010-07-05 08:15:24.179: debug: Lifetime(1209600 +/-150 sec) of active key 36257 exceeded (8081384 sec)
2010-07-05 08:15:24.179: debug: ->waiting for published key
2010-07-05 08:15:24.179: notice: "example.net.": lifetime of zone signing key 36257 exceeded since 11w2d12h49m44s: ZSK rollover deferred: waiting for published key
2010-07-05 08:15:24.179: debug: New key for publishing needed
2010-07-05 08:15:24.278: debug: ->creating new key 48476
2010-07-05 08:15:24.278: info: "example.net.": new key 48476 generated for publishing
2010-07-05 08:15:24.278: debug: Re-signing necessary: Modfied zone key set
2010-07-05 08:15:24.278: notice: "example.net.": re-signing triggered: Modfied zone key set
2010-07-05 08:15:24.278: debug: Writing key file "./example.net/dnskey.db"
2010-07-05 08:15:24.278: debug: Incrementing serial number in file "./example.net/zone.db"
2010-07-05 08:15:24.278: debug: Signing zone "example.net."
2010-07-05 08:15:24.278: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -A -3 5816F0 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
2010-07-05 08:15:24.315: debug: Cmd dnssec-signzone return: "zone.db.signed"
2010-07-05 08:15:24.315: debug: Signing completed after 0s.
2010-07-05 08:15:28.174: debug: Check RFC5011 status
2010-07-05 08:15:28.174: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-07-05 08:15:28.174: debug: Check KSK status
2010-07-05 08:15:28.174: warning: "example.net.": lifetime of key signing key 8406 exceeded since 4w5d12h49m48s
2010-07-05 08:15:28.174: debug: Check ZSK status
2010-07-05 08:15:28.174: debug: Lifetime(1209600 +/-150 sec) of active key 36257 exceeded (8081388 sec)
2010-07-05 08:15:28.174: debug: ->waiting for published key
2010-07-05 08:15:28.174: notice: "example.net.": lifetime of zone signing key 36257 exceeded since 11w2d12h49m48s: ZSK rollover deferred: waiting for published key
2010-07-05 08:15:28.174: debug: Re-signing not necessary!
2010-07-05 08:15:28.174: debug: Check if there is a parent file to copy
2010-07-05 08:15:58.502: debug: Check RFC5011 status
2010-07-05 08:15:58.502: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-07-05 08:15:58.503: debug: Check KSK status
2010-07-05 08:15:58.503: warning: "example.net.": lifetime of key signing key 8406 exceeded since 4w5d12h50m18s
2010-07-05 08:15:58.503: debug: Check ZSK status
2010-07-05 08:15:58.503: debug: Lifetime(1209600 +/-150 sec) of active key 36257 exceeded (8081418 sec)
2010-07-05 08:15:58.503: debug: ->waiting for published key
2010-07-05 08:15:58.503: notice: "example.net.": lifetime of zone signing key 36257 exceeded since 11w2d12h50m18s: ZSK rollover deferred: waiting for published key
2010-07-05 08:15:58.503: debug: Re-signing not necessary!
2010-07-05 08:15:58.503: debug: Check if there is a parent file to copy
2010-07-05 08:16:04.937: debug: Check RFC5011 status
2010-07-05 08:16:04.937: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-07-05 08:16:04.937: debug: Check KSK status
2010-07-05 08:16:04.937: warning: "example.net.": lifetime of key signing key 8406 exceeded since 4w5d12h50m24s
2010-07-05 08:16:04.937: debug: Check ZSK status
2010-07-05 08:16:04.937: debug: Lifetime(1209600 +/-150 sec) of active key 36257 exceeded (8081424 sec)
2010-07-05 08:16:04.937: debug: ->waiting for published key
2010-07-05 08:16:04.937: notice: "example.net.": lifetime of zone signing key 36257 exceeded since 11w2d12h50m24s: ZSK rollover deferred: waiting for published key
2010-07-05 08:16:04.937: debug: Re-signing necessary: Option -f
2010-07-05 08:16:04.937: notice: "example.net.": re-signing triggered: Option -f
2010-07-05 08:16:04.937: debug: Writing key file "./example.net/dnskey.db"
2010-07-05 08:16:04.937: debug: Incrementing serial number in file "./example.net/zone.db"
2010-07-05 08:16:04.937: debug: Signing zone "example.net."
2010-07-05 08:16:04.937: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -A -3 C58544 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
2010-07-05 08:16:04.993: debug: Cmd dnssec-signzone return: "zone.db.signed"
2010-07-05 08:16:04.993: debug: Signing completed after 0s.
2010-07-05 08:16:33.604: debug: Check RFC5011 status
2010-07-05 08:16:33.604: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-07-05 08:16:33.604: debug: Check KSK status
2010-07-05 08:16:33.604: warning: "example.net.": lifetime of key signing key 8406 exceeded since 4w5d12h50m53s
2010-07-05 08:16:33.604: debug: Check ZSK status
2010-07-05 08:16:33.604: debug: Lifetime(1209600 +/-150 sec) of active key 36257 exceeded (8081453 sec)
2010-07-05 08:16:33.604: debug: ->waiting for published key
2010-07-05 08:16:33.604: notice: "example.net.": lifetime of zone signing key 36257 exceeded since 11w2d12h50m53s: ZSK rollover deferred: waiting for published key
2010-07-05 08:16:33.604: debug: Re-signing necessary: Option -f
2010-07-05 08:16:33.604: notice: "example.net.": re-signing triggered: Option -f
2010-07-05 08:16:33.604: debug: Writing key file "./example.net/dnskey.db"
2010-07-05 08:16:33.605: debug: Incrementing serial number in file "./example.net/zone.db"
2010-07-05 08:16:33.605: debug: Signing zone "example.net."
2010-07-05 08:16:33.605: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -A -3 FCB8E2 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
2010-07-05 08:16:33.648: debug: Cmd dnssec-signzone return: "zone.db.signed"
2010-07-05 08:16:33.648: debug: Signing completed after 0s.
2010-07-30 01:30:55.411: debug: Check RFC5011 status
2010-07-30 01:30:55.411: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-07-30 01:30:55.411: debug: Check KSK status
2010-07-30 01:30:55.411: debug: Check ZSK status
2010-07-30 01:30:55.411: debug: Lifetime(1209600 +/-150 sec) of active key 36257 exceeded (2130473 sec)
2010-07-30 01:30:55.411: debug: ->depreciate it
2010-07-30 01:30:55.411: debug: ->activate published key 48476
2010-07-30 01:30:55.411: notice: "example.net.": lifetime of zone signing key 36257 exceeded: ZSK rollover done
2010-07-30 01:30:55.411: debug: New key for publishing needed
2010-07-30 01:30:55.493: debug: ->creating new key 1775
2010-07-30 01:30:55.493: info: "example.net.": new key 1775 generated for publishing
2010-07-30 01:30:55.493: debug: Re-signing necessary: Modfied zone key set
2010-07-30 01:30:55.493: notice: "example.net.": re-signing triggered: Modfied zone key set
2010-07-30 01:30:55.493: debug: Writing key file "./example.net/dnskey.db"
2010-07-30 01:30:55.493: debug: Incrementing serial number in file "./example.net/zone.db"
2010-07-30 01:30:55.493: debug: Signing zone "example.net."
2010-07-30 01:30:55.494: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -A -3 3723BA -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
2010-07-30 01:30:55.563: debug: Cmd dnssec-signzone return: "zone.db.signed"
2010-07-30 01:30:55.563: debug: Signing completed after 0s.
2010-08-26 22:52:09.539: debug: Check RFC5011 status
2010-08-26 22:52:09.539: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-08-26 22:52:09.539: debug: Check KSK status
2010-08-26 22:52:09.539: debug: Check ZSK status
2010-08-26 22:52:09.539: debug: Lifetime(29100 sec) of depreciated key 36257 exceeded (2409674 sec)
2010-08-26 22:52:09.539: info: "example.net.": old ZSK 36257 removed
2010-08-26 22:52:09.572: debug: ->remove it
2010-08-26 22:52:09.572: debug: Lifetime(1209600 +/-150 sec) of active key 48476 exceeded (2409674 sec)
2010-08-26 22:52:09.572: debug: ->depreciate it
2010-08-26 22:52:09.572: debug: ->activate published key 1775
2010-08-26 22:52:09.572: notice: "example.net.": lifetime of zone signing key 48476 exceeded: ZSK rollover done
2010-08-26 22:52:09.572: debug: New key for publishing needed
2010-08-26 22:52:09.640: debug: ->creating new key 26477
2010-08-26 22:52:09.640: info: "example.net.": new key 26477 generated for publishing
2010-08-26 22:52:09.640: debug: Re-signing necessary: Modfied zone key set
2010-08-26 22:52:09.640: notice: "example.net.": re-signing triggered: Modfied zone key set
2010-08-26 22:52:09.640: debug: Writing key file "./example.net/dnskey.db"
2010-08-26 22:52:09.641: debug: Incrementing serial number in file "./example.net/zone.db"
2010-08-26 22:52:09.641: debug: Signing zone "example.net."
2010-08-26 22:52:09.641: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -A -3 2F41F9 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
2010-08-26 22:52:09.704: debug: Cmd dnssec-signzone return: "zone.db.signed"
2010-08-26 22:52:09.704: debug: Signing completed after 0s.
2010-08-26 22:56:02.938: debug: Check RFC5011 status
2010-08-26 22:56:02.938: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-08-26 22:56:02.938: debug: Check KSK status
2010-08-26 22:56:02.938: debug: Check ZSK status
2010-08-26 22:56:02.938: debug: Re-signing not necessary!
2010-08-26 22:56:02.938: debug: Check if there is a parent file to copy
2010-08-26 23:06:00.593: debug: Check RFC5011 status
2010-08-26 23:06:00.593: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-08-26 23:06:00.593: debug: Check KSK status
2010-08-26 23:06:00.593: debug: Check ZSK status
2010-08-26 23:06:00.593: debug: New key for publishing needed
2010-08-26 23:06:00.631: debug: ->creating new key 18026
2010-08-26 23:06:00.631: info: "example.net.": new key 18026 generated for publishing
2010-08-26 23:06:00.631: debug: Re-signing necessary: Modfied zone key set
2010-08-26 23:06:00.631: notice: "example.net.": re-signing triggered: Modfied zone key set
2010-08-26 23:06:00.631: debug: Writing key file "./example.net/dnskey.db"
2010-08-26 23:06:00.631: debug: Incrementing serial number in file "./example.net/zone.db"
2010-08-26 23:06:00.631: debug: Signing zone "example.net."
2010-08-26 23:06:00.631: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -A -3 5EA89E -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
2010-08-26 23:06:00.672: debug: Cmd dnssec-signzone return: "zone.db.signed"
2010-08-26 23:06:00.672: debug: Signing completed after 0s.
2010-08-26 23:11:33.808: debug: Check RFC5011 status
2010-08-26 23:11:33.808: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-08-26 23:11:33.809: debug: Check KSK status
2010-08-26 23:11:33.809: debug: Check ZSK status
2010-08-26 23:11:33.809: debug: Re-signing not necessary!
2010-08-26 23:11:33.809: debug: Check if there is a parent file to copy
2010-08-26 23:12:51.012: debug: Check RFC5011 status
2010-08-26 23:12:51.012: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-08-26 23:12:51.012: debug: Check KSK status
2010-08-26 23:12:51.012: debug: Check ZSK status
2010-08-26 23:12:51.012: debug: Re-signing not necessary!
2010-08-26 23:12:51.012: debug: Check if there is a parent file to copy
2010-08-26 23:23:47.886: debug: Check RFC5011 status
2010-08-26 23:23:47.886: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-08-26 23:23:47.886: debug: Check KSK status
2010-08-26 23:23:47.886: debug: Check ZSK status
2010-08-26 23:23:47.886: debug: Re-signing not necessary!
2010-08-26 23:23:47.886: debug: Check if there is a parent file to copy
2010-08-26 23:50:15.724: debug: Check RFC5011 status
2010-08-26 23:50:15.724: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-08-26 23:50:15.724: debug: Check KSK status
2010-08-26 23:50:15.724: debug: Check ZSK status
2010-08-26 23:50:15.725: debug: Re-signing not necessary!
2010-08-26 23:50:15.725: debug: Check if there is a parent file to copy
2010-08-26 23:50:55.124: debug: Check RFC5011 status
2010-08-26 23:50:55.124: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-08-26 23:50:55.124: debug: Check KSK status
2010-08-26 23:50:55.124: debug: Check ZSK status
2010-08-26 23:50:55.124: debug: Re-signing not necessary!
2010-08-26 23:50:55.124: debug: Check if there is a parent file to copy
2010-08-26 23:51:46.719: debug: Check RFC5011 status
2010-08-26 23:51:46.719: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-08-26 23:51:46.719: debug: Check KSK status
2010-08-26 23:51:46.719: debug: Check ZSK status
2010-08-26 23:51:46.719: debug: Re-signing not necessary!
2010-08-26 23:51:46.719: debug: Check if there is a parent file to copy
2010-08-26 23:54:22.824: debug: Check RFC5011 status
2010-08-26 23:54:22.824: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-08-26 23:54:22.824: debug: Check KSK status
2010-08-26 23:54:22.824: debug: Check ZSK status
2010-08-26 23:54:22.824: debug: Re-signing not necessary!
2010-08-26 23:54:22.825: debug: Check if there is a parent file to copy
2010-08-26 23:55:00.018: debug: Check RFC5011 status
2010-08-26 23:55:00.018: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-08-26 23:55:00.018: debug: Check KSK status
2010-08-26 23:55:00.018: debug: Check ZSK status
2010-08-26 23:55:00.018: debug: New key for pre-publishing needed
2010-08-26 23:55:00.110: debug: ->creating new key 18293
2010-08-26 23:55:00.110: info: "example.net.": new key 18293 generated for pre-publishing
2010-08-26 23:55:00.110: debug: Re-signing necessary: Modfied zone key set
2010-08-26 23:55:00.110: notice: "example.net.": re-signing triggered: Modfied zone key set
2010-08-26 23:55:00.110: debug: Writing key file "./example.net/dnskey.db"
2010-08-26 23:55:00.110: debug: Incrementing serial number in file "./example.net/zone.db"
2010-08-26 23:55:00.110: debug: Signing zone "example.net."
2010-08-26 23:55:00.111: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -A -3 EBE919 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
2010-08-26 23:55:00.168: debug: Cmd dnssec-signzone return: "zone.db.signed"
2010-08-26 23:55:00.169: debug: Signing completed after 0s.
2010-08-26 23:56:17.466: debug: Check RFC5011 status
2010-08-26 23:56:17.466: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-08-26 23:56:17.466: debug: Check KSK status
2010-08-26 23:56:17.466: debug: Check ZSK status
2010-08-26 23:56:17.466: debug: Re-signing necessary: Modfied zone key set
2010-08-26 23:56:17.466: notice: "example.net.": re-signing triggered: Modfied zone key set
2010-08-26 23:56:17.466: debug: Writing key file "./example.net/dnskey.db"
2010-08-26 23:56:17.467: debug: Incrementing serial number in file "./example.net/zone.db"
2010-08-26 23:56:17.467: debug: Signing zone "example.net."
2010-08-26 23:56:17.467: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -A -3 A876E5 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
2010-08-26 23:56:17.531: debug: Cmd dnssec-signzone return: "zone.db.signed"
2010-08-26 23:56:17.531: debug: Signing completed after 0s.
2010-08-26 23:57:00.178: debug: Check RFC5011 status
2010-08-26 23:57:00.178: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-08-26 23:57:00.178: debug: Check KSK status
2010-08-26 23:57:00.178: debug: Check ZSK status
2010-08-26 23:57:00.178: debug: Re-signing not necessary!
2010-08-26 23:57:00.178: debug: Check if there is a parent file to copy
2010-10-21 14:01:35.546: debug: Check RFC5011 status
2010-10-21 14:01:35.546: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-10-21 14:01:35.546: debug: Check KSK status
2010-10-21 14:01:35.546: debug: Check ZSK status
2010-10-21 14:01:35.546: debug: Re-signing necessary: re-signing interval (2d) reached
2010-10-21 14:01:35.546: notice: "example.net.": re-signing triggered: re-signing interval (2d) reached
2010-10-21 14:01:35.546: debug: Writing key file "./example.net/dnskey.db"
2010-10-21 14:01:35.607: debug: Incrementing serial number in file "./example.net/zone.db"
2010-10-21 14:01:35.607: debug: Signing zone "example.net."
2010-10-21 14:01:35.607: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -A -3 9FC981 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
2010-10-21 14:01:35.761: debug: Cmd dnssec-signzone return: "zone.db.signed"
2010-10-21 14:01:35.761: debug: Signing completed after 0s.
2010-10-21 14:02:09.209: debug: Check RFC5011 status
2010-10-21 14:02:09.209: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-10-21 14:02:09.209: debug: Check KSK status
2010-10-21 14:02:09.209: debug: Check ZSK status
2010-10-21 14:02:09.209: debug: Re-signing not necessary!
2010-10-21 14:02:09.209: debug: Check if there is a parent file to copy
2010-10-21 14:05:36.170: debug: Check RFC5011 status
2010-10-21 14:05:36.170: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-10-21 14:05:36.170: debug: Check KSK status
2010-10-21 14:05:36.170: debug: Check ZSK status
2010-10-21 14:05:36.170: debug: Re-signing not necessary!
2010-10-21 14:05:36.170: debug: Check if there is a parent file to copy
2010-10-21 14:30:43.892: debug: Check RFC5011 status
2010-10-21 14:30:43.892: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-10-21 14:30:43.892: debug: Check KSK status
2010-10-21 14:30:43.892: debug: Check ZSK status
2010-10-21 14:30:43.892: debug: Re-signing not necessary!
2010-10-21 14:30:43.892: debug: Check if there is a parent file to copy
2014-11-14 18:04:37.729: debug: Check RFC5011 status
2014-11-14 18:04:37.729: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2014-11-14 18:04:37.729: debug: Check KSK status
2014-11-14 18:04:37.729: debug: Check ZSK status
2014-11-14 18:04:37.729: debug: Re-signing necessary: Modified keys
2014-11-14 18:04:37.729: notice: "example.net.": re-signing triggered: Modified keys
2014-11-14 18:04:37.729: debug: Writing key file "./example.net/dnskey.db"
2014-11-14 18:04:37.730: debug: Incrementing serial number in file "./example.net/zone.db"
2014-11-14 18:04:37.730: debug: Signing zone "example.net."
2014-11-14 18:04:37.730: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -A -3 97195D -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
2014-11-14 18:04:37.827: debug: Cmd dnssec-signzone return: "zone.db.signed"
2014-11-14 18:04:37.827: debug: Signing completed after 0s.
2014-11-14 18:09:16.427: debug: Check RFC5011 status
2014-11-14 18:09:16.427: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2014-11-14 18:09:16.427: debug: Check KSK status
2014-11-14 18:09:16.428: debug: No active KSK found: generate new one
2014-11-14 18:09:16.495: info: "example.net.": generated new KSK 44671
2014-11-14 18:09:16.495: debug: Check ZSK status
2014-11-14 18:09:16.495: debug: No active ZSK found: generate new one
2014-11-14 18:09:16.515: info: "example.net.": generated new ZSK 7929
2014-11-14 18:09:16.515: debug: New key for pre-publishing needed
2014-11-14 18:09:16.546: debug: ->creating new key 2253
2014-11-14 18:09:16.546: info: "example.net.": new key 2253 generated for pre-publishing
2014-11-14 18:09:16.546: debug: Re-signing necessary: Modified zone key set
2014-11-14 18:09:16.546: notice: "example.net.": re-signing triggered: Modified zone key set
2014-11-14 18:09:16.547: debug: Writing key file "./example.net/dnskey.db"
2014-11-14 18:09:16.547: debug: Incrementing serial number in file "./example.net/zone.db"
2014-11-14 18:09:16.547: debug: Signing zone "example.net."
2014-11-14 18:09:16.547: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -A -3 B26BB7 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
2014-11-14 18:09:16.646: debug: Cmd dnssec-signzone return: "zone.db.signed"
2014-11-14 18:09:16.646: debug: Signing completed after 0s.
2014-11-14 18:11:40.877: debug: Check RFC5011 status
2014-11-14 18:11:40.877: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2014-11-14 18:11:40.877: debug: Check KSK status
2014-11-14 18:11:40.877: debug: Check ZSK status
2014-11-14 18:11:40.877: debug: Re-signing not necessary!
2014-11-14 18:11:40.877: debug: Check if there is a parent file to copy
2014-11-14 18:11:46.599: debug: Check RFC5011 status
2014-11-14 18:11:46.599: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2014-11-14 18:11:46.599: debug: Check KSK status
2014-11-14 18:11:46.599: debug: Check ZSK status
2014-11-14 18:11:46.599: debug: Re-signing not necessary!
2014-11-14 18:11:46.599: debug: Check if there is a parent file to copy
2014-11-14 18:15:54.380: debug: Check RFC5011 status
2014-11-14 18:15:54.380: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2014-11-14 18:15:54.380: debug: Check KSK status
2014-11-14 18:15:54.380: debug: Check ZSK status
2014-11-14 18:15:54.380: debug: Re-signing not necessary!
2014-11-14 18:15:54.380: debug: Check if there is a parent file to copy
2014-11-14 18:31:09.365: debug: Check RFC5011 status
2014-11-14 18:31:09.365: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2014-11-14 18:31:09.365: debug: Check KSK status
2014-11-14 18:31:09.365: debug: Check ZSK status
2014-11-14 18:31:09.365: debug: Re-signing necessary: Modified keys
2014-11-14 18:31:09.365: notice: "example.net.": re-signing triggered: Modified keys
2014-11-14 18:31:09.365: debug: Writing key file "././example.net/dnskey.db"
2014-11-14 18:31:09.366: debug: Incrementing serial number in file "././example.net/zone.db"
2014-11-14 18:31:09.366: debug: Signing zone "example.net."
2014-11-14 18:31:09.366: debug: Run cmd "cd ././example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -A -3 8B4599 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
2014-11-14 18:31:09.488: debug: Cmd dnssec-signzone return: "zone.db.signed"
2014-11-14 18:31:09.488: debug: Signing completed after 0s.
2014-11-14 18:31:27.335: debug: Check RFC5011 status
2014-11-14 18:31:27.335: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2014-11-14 18:31:27.335: debug: Check KSK status
2014-11-14 18:31:27.335: debug: Check ZSK status
2014-11-14 18:31:27.335: debug: Re-signing not necessary!
2014-11-14 18:31:27.335: debug: Check if there is a parent file to copy
2014-11-14 18:38:16.356: debug: Check RFC5011 status
2014-11-14 18:38:16.356: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2014-11-14 18:38:16.356: debug: Check KSK status
2014-11-14 18:38:16.356: debug: Check ZSK status
2014-11-14 18:38:16.356: debug: Re-signing necessary: Modified keys
2014-11-14 18:38:16.356: notice: "example.net.": re-signing triggered: Modified keys
2014-11-14 18:38:16.356: debug: Writing key file "././example.net/dnskey.db"
2014-11-14 18:38:16.356: debug: Incrementing serial number in file "././example.net/zone.db"
2014-11-14 18:38:16.356: debug: Signing zone "example.net."
2014-11-14 18:38:16.356: debug: Run cmd "cd ././example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -A -3 BEBFB0 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
2014-11-14 18:38:16.484: debug: Cmd dnssec-signzone return: "zone.db.signed"
2014-11-14 18:38:16.484: debug: Signing completed after 0s.
2014-11-15 18:16:50.572: debug: Check RFC5011 status
2014-11-15 18:16:50.572: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2014-11-15 18:16:50.572: debug: Check KSK status
2014-11-15 18:16:50.572: debug: Check ZSK status
2014-11-15 18:16:50.573: debug: Re-signing necessary: Modified keys
2014-11-15 18:16:50.573: notice: "example.net.": re-signing triggered: Modified keys
2014-11-15 18:16:50.573: debug: Writing key file "././example.net/dnskey.db"
2014-11-15 18:16:50.573: debug: Incrementing serial number in file "././example.net/zone.db"
2014-11-15 18:16:50.573: debug: Signing zone "example.net."
2014-11-15 18:16:50.573: debug: Run cmd "cd ././example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -A -3 DC5680 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
2014-11-15 18:16:50.715: debug: Cmd dnssec-signzone return: "zone.db.signed"
2014-11-15 18:16:50.715: debug: Signing completed after 0s.
2014-11-15 18:16:54.202: debug: Check RFC5011 status
2014-11-15 18:16:54.202: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2014-11-15 18:16:54.202: debug: Check KSK status
2014-11-15 18:16:54.203: debug: Check ZSK status
2014-11-15 18:16:54.203: debug: Re-signing not necessary!
2014-11-15 18:16:54.203: debug: Check if there is a parent file to copy
2014-11-15 18:17:06.919: debug: Check RFC5011 status
2014-11-15 18:17:06.919: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2014-11-15 18:17:06.919: debug: Check KSK status
2014-11-15 18:17:06.919: debug: Check ZSK status
2014-11-15 18:17:06.919: debug: Re-signing necessary: Modified keys
2014-11-15 18:17:06.919: notice: "example.net.": re-signing triggered: Modified keys
2014-11-15 18:17:06.919: debug: Writing key file "././example.net/dnskey.db"
2014-11-15 18:17:06.919: debug: Incrementing serial number in file "././example.net/zone.db"
2014-11-15 18:17:06.919: debug: Signing zone "example.net."
2014-11-15 18:17:06.919: debug: Run cmd "cd ././example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -A -3 D82F90 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
2014-11-15 18:17:07.040: debug: Cmd dnssec-signzone return: "zone.db.signed"
2014-11-15 18:17:07.040: debug: Signing completed after 1s.
2014-11-15 18:17:17.242: debug: Check RFC5011 status
2014-11-15 18:17:17.242: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2014-11-15 18:17:17.242: debug: Check KSK status
2014-11-15 18:17:17.243: debug: Check ZSK status
2014-11-15 18:17:17.243: debug: Re-signing necessary: Zone file edited
2014-11-15 18:17:17.243: notice: "example.net.": re-signing triggered: Zone file edited
2014-11-15 18:17:17.243: debug: Writing key file "././example.net/dnskey.db"
2014-11-15 18:17:17.243: debug: Incrementing serial number in file "././example.net/zone.db"
2014-11-15 18:17:17.243: debug: Signing zone "example.net."
2014-11-15 18:17:17.243: debug: Run cmd "cd ././example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -A -3 603310 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
2014-11-15 18:17:17.365: debug: Cmd dnssec-signzone return: "zone.db.signed"
2014-11-15 18:17:17.365: debug: Signing completed after 0s.
2014-11-17 19:12:44.250: debug: Check RFC5011 status
2014-11-17 19:12:44.250: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2014-11-17 19:12:44.250: debug: Check KSK status
2014-11-17 19:12:44.250: debug: Check ZSK status
2014-11-17 19:12:44.250: debug: Re-signing necessary: re-signing interval (2d) reached
2014-11-17 19:12:44.250: notice: "example.net.": re-signing triggered: re-signing interval (2d) reached
2014-11-17 19:12:44.250: debug: Writing key file "./example.net/dnskey.db"
2014-11-17 19:12:44.251: debug: Incrementing serial number in file "./example.net/zone.db"
2014-11-17 19:12:44.251: debug: Signing zone "example.net."
2014-11-17 19:12:44.251: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -A -3 9F5882 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
2014-11-17 19:12:44.392: debug: Cmd dnssec-signzone return: "zone.db.signed"
2014-11-17 19:12:44.392: debug: Signing completed after 0s.
2014-11-17 19:12:49.692: debug: Check RFC5011 status
2014-11-17 19:12:49.692: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2014-11-17 19:12:49.692: debug: Check KSK status
2014-11-17 19:12:49.692: debug: Check ZSK status
2014-11-17 19:12:49.692: debug: Re-signing not necessary!
2014-11-17 19:12:49.692: debug: Check if there is a parent file to copy
2014-11-17 19:13:02.603: debug: Check RFC5011 status
2014-11-17 19:13:02.603: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2014-11-17 19:13:02.603: debug: Check KSK status
2014-11-17 19:13:02.603: debug: Check ZSK status
2014-11-17 19:13:02.603: debug: Re-signing not necessary!
2014-11-17 19:13:02.603: debug: Check if there is a parent file to copy
2014-11-17 19:13:50.410: debug: Check RFC5011 status
2014-11-17 19:13:50.410: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2014-11-17 19:13:50.410: debug: Check KSK status
2014-11-17 19:13:50.410: debug: Check ZSK status
2014-11-17 19:13:50.410: debug: Re-signing necessary: Modified keys
2014-11-17 19:13:50.410: notice: "example.net.": re-signing triggered: Modified keys
2014-11-17 19:13:50.410: debug: Writing key file "./example.net/dnskey.db"
2014-11-17 19:13:50.410: debug: Incrementing serial number in file "./example.net/zone.db"
2014-11-17 19:13:50.410: debug: Signing zone "example.net."
2014-11-17 19:13:50.411: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -A -3 053453 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
2014-11-17 19:13:50.525: debug: Cmd dnssec-signzone return: "zone.db.signed"
2014-11-17 19:13:50.525: debug: Signing completed after 0s.
2014-11-17 19:13:54.302: debug: Check RFC5011 status
2014-11-17 19:13:54.302: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2014-11-17 19:13:54.302: debug: Check KSK status
2014-11-17 19:13:54.302: debug: Check ZSK status
2014-11-17 19:13:54.302: debug: Re-signing not necessary!
2014-11-17 19:13:54.302: debug: Check if there is a parent file to copy
2014-11-17 19:14:01.846: debug: Check RFC5011 status
2014-11-17 19:14:01.846: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2014-11-17 19:14:01.846: debug: Check KSK status
2014-11-17 19:14:01.846: debug: Check ZSK status
2014-11-17 19:14:01.846: debug: Re-signing necessary: Zone file edited
2014-11-17 19:14:01.846: notice: "example.net.": re-signing triggered: Zone file edited
2014-11-17 19:14:01.846: debug: Writing key file "./example.net/dnskey.db"
2014-11-17 19:14:01.846: debug: Incrementing serial number in file "./example.net/zone.db"
2014-11-17 19:14:01.846: debug: Signing zone "example.net."
2014-11-17 19:14:01.847: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -A -3 7CF530 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
2014-11-17 19:14:01.969: debug: Cmd dnssec-signzone return: "zone.db.signed"
2014-11-17 19:14:01.969: debug: Signing completed after 0s.

218
contrib/zkt-1.1.3/examples/flat/sub.example.net/zktlog-sub.example.net. Normal file
View File

@@ -0,0 +1,218 @@
2010-10-21 14:01:35.486: debug: Check RFC5011 status
2010-10-21 14:01:35.486: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-10-21 14:01:35.486: debug: Check KSK status
2010-10-21 14:01:35.486: debug: Check ZSK status
2010-10-21 14:01:35.486: debug: No active ZSK found: generate new one
2010-10-21 14:01:35.495: error: sub.example.net.": can't generate new ZSK
2010-10-21 14:01:35.495: debug: Re-signing necessary: Modfied zone key set
2010-10-21 14:01:35.496: notice: "sub.example.net.": re-signing triggered: Modfied zone key set
2010-10-21 14:01:35.496: debug: Writing key file "./sub.example.net/dnskey.db"
2010-10-21 14:01:35.496: debug: Incrementing serial number in file "./sub.example.net/zone.db"
2010-10-21 14:01:35.496: debug: Signing zone "sub.example.net."
2010-10-21 14:01:35.496: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -3 9FC981 -C -g -p -d ../keysets -o sub.example.net. -e +172800 zone.db K*.private 2>&1"
2010-10-21 14:01:35.546: debug: Cmd dnssec-signzone return: "dnssec-signzone: fatal: DNSSEC completeness test failed."
2010-10-21 14:01:35.546: error: "sub.example.net.": signing failed!
2010-10-21 14:02:09.146: debug: Check RFC5011 status
2010-10-21 14:02:09.146: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-10-21 14:02:09.146: debug: Check KSK status
2010-10-21 14:02:09.146: debug: Check ZSK status
2010-10-21 14:02:09.146: debug: No active ZSK found: generate new one
2010-10-21 14:02:09.156: error: sub.example.net.": can't generate new ZSK
2010-10-21 14:02:09.156: debug: Re-signing necessary: Modified keys
2010-10-21 14:02:09.156: notice: "sub.example.net.": re-signing triggered: Modified keys
2010-10-21 14:02:09.156: debug: Writing key file "./sub.example.net/dnskey.db"
2010-10-21 14:02:09.157: debug: Incrementing serial number in file "./sub.example.net/zone.db"
2010-10-21 14:02:09.157: debug: Signing zone "sub.example.net."
2010-10-21 14:02:09.157: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -3 BD326D -C -g -p -d ../keysets -o sub.example.net. -e +172800 zone.db K*.private 2>&1"
2010-10-21 14:02:09.208: debug: Cmd dnssec-signzone return: "dnssec-signzone: fatal: DNSSEC completeness test failed."
2010-10-21 14:02:09.208: error: "sub.example.net.": signing failed!
2010-10-21 14:05:35.988: debug: Check RFC5011 status
2010-10-21 14:05:35.988: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-10-21 14:05:35.988: debug: Check KSK status
2010-10-21 14:05:35.988: debug: Check ZSK status
2010-10-21 14:05:35.988: debug: No active ZSK found: generate new one
2010-10-21 14:05:36.091: info: "sub.example.net.": generated new ZSK 7987
2010-10-21 14:05:36.091: debug: Re-signing necessary: Modfied zone key set
2010-10-21 14:05:36.091: notice: "sub.example.net.": re-signing triggered: Modfied zone key set
2010-10-21 14:05:36.091: debug: Writing key file "./sub.example.net/dnskey.db"
2010-10-21 14:05:36.091: debug: Incrementing serial number in file "./sub.example.net/zone.db"
2010-10-21 14:05:36.091: debug: Signing zone "sub.example.net."
2010-10-21 14:05:36.091: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -3 75DE06 -C -g -p -d ../keysets -o sub.example.net. -e +172800 zone.db K*.private 2>&1"
2010-10-21 14:05:36.170: debug: Cmd dnssec-signzone return: "zone.db.signed"
2010-10-21 14:05:36.170: debug: Signing completed after 0s.
2010-10-21 14:30:43.892: debug: Check RFC5011 status
2010-10-21 14:30:43.892: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-10-21 14:30:43.892: debug: Check KSK status
2010-10-21 14:30:43.892: debug: Check ZSK status
2010-10-21 14:30:43.892: debug: Re-signing not necessary!
2010-10-21 14:30:43.892: debug: Check if there is a parent file to copy
2014-11-14 18:04:37.686: debug: Check RFC5011 status
2014-11-14 18:04:37.686: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2014-11-14 18:04:37.686: debug: Check KSK status
2014-11-14 18:04:37.686: warning: "sub.example.net.": lifetime of key signing key 33176 exceeded since 4d8h26m2s
2014-11-14 18:04:37.686: debug: Check ZSK status
2014-11-14 18:04:37.686: debug: Lifetime(259200 +/-150 sec) of active key 7987 exceeded (980762 sec)
2014-11-14 18:04:37.686: debug: ->waiting for published key
2014-11-14 18:04:37.686: notice: "sub.example.net.": lifetime of zone signing key 7987 exceeded since 1w1d8h26m2s: ZSK rollover deferred: waiting for published key
2014-11-14 18:04:37.686: debug: New ZSK for publishing needed
2014-11-14 18:04:37.721: debug: ->creating new key 39632
2014-11-14 18:04:37.721: info: "sub.example.net.": new zone signing key 39632 generated for publishing
2014-11-14 18:04:37.721: debug: Re-signing necessary: Modified zone key set
2014-11-14 18:04:37.721: notice: "sub.example.net.": re-signing triggered: Modified zone key set
2014-11-14 18:04:37.721: debug: Writing key file "./sub.example.net/dnskey.db"
2014-11-14 18:04:37.721: debug: Incrementing serial number in file "./sub.example.net/zone.db"
2014-11-14 18:04:37.721: debug: Signing zone "sub.example.net."
2014-11-14 18:04:37.722: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -3 97195D -C -g -p -d ../keysets -o sub.example.net. -e +172800 zone.db K*.private 2>&1"
2014-11-14 18:04:37.729: debug: Cmd dnssec-signzone return: "dnssec-signzone: fatal: NSEC3 generation requested with NSEC-only DNSKEY"
2014-11-14 18:04:37.729: error: "sub.example.net.": signing failed!
2014-11-14 18:09:16.251: debug: Check RFC5011 status
2014-11-14 18:09:16.251: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2014-11-14 18:09:16.251: debug: Check KSK status
2014-11-14 18:09:16.251: debug: No active KSK found: generate new one
2014-11-14 18:09:16.288: info: "sub.example.net.": generated new KSK 60396
2014-11-14 18:09:16.288: debug: Check ZSK status
2014-11-14 18:09:16.288: debug: No active ZSK found: generate new one
2014-11-14 18:09:16.329: info: "sub.example.net.": generated new ZSK 21503
2014-11-14 18:09:16.329: debug: Re-signing necessary: Modified zone key set
2014-11-14 18:09:16.329: notice: "sub.example.net.": re-signing triggered: Modified zone key set
2014-11-14 18:09:16.329: debug: Writing key file "./sub.example.net/dnskey.db"
2014-11-14 18:09:16.330: debug: Incrementing serial number in file "./sub.example.net/zone.db"
2014-11-14 18:09:16.330: debug: Signing zone "sub.example.net."
2014-11-14 18:09:16.330: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -3 B26BB7 -C -g -p -d ../keysets -o sub.example.net. -e +172800 zone.db K*.private 2>&1"
2014-11-14 18:09:16.427: debug: Cmd dnssec-signzone return: "zone.db.signed"
2014-11-14 18:09:16.427: debug: Signing completed after 0s.
2014-11-14 18:11:40.699: debug: Check RFC5011 status
2014-11-14 18:11:40.699: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2014-11-14 18:11:40.699: debug: Check KSK status
2014-11-14 18:11:40.699: debug: Check ZSK status
2014-11-14 18:11:40.699: debug: Re-signing necessary: Modified keys
2014-11-14 18:11:40.699: notice: "sub.example.net.": re-signing triggered: Modified keys
2014-11-14 18:11:40.699: debug: Writing key file "././sub.example.net/dnskey.db"
2014-11-14 18:11:40.699: debug: Incrementing serial number in file "././sub.example.net/zone.db"
2014-11-14 18:11:40.699: debug: Signing zone "sub.example.net."
2014-11-14 18:11:40.699: debug: Run cmd "cd ././sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -3 E8CBA9 -C -g -p -d ../keysets -o sub.example.net. -e +172800 zone.db K*.private 2>&1"
2014-11-14 18:11:40.876: debug: Cmd dnssec-signzone return: "zone.db.signed"
2014-11-14 18:11:40.876: debug: Signing completed after 0s.
2014-11-14 18:11:46.599: debug: Check RFC5011 status
2014-11-14 18:11:46.599: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2014-11-14 18:11:46.599: debug: Check KSK status
2014-11-14 18:11:46.599: debug: Check ZSK status
2014-11-14 18:11:46.599: debug: Re-signing not necessary!
2014-11-14 18:11:46.599: debug: Check if there is a parent file to copy
2014-11-14 18:15:54.379: debug: Check RFC5011 status
2014-11-14 18:15:54.379: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2014-11-14 18:15:54.379: debug: Check KSK status
2014-11-14 18:15:54.379: debug: Check ZSK status
2014-11-14 18:15:54.379: debug: Re-signing not necessary!
2014-11-14 18:15:54.379: debug: Check if there is a parent file to copy
2014-11-14 18:31:09.365: debug: Check RFC5011 status
2014-11-14 18:31:09.365: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2014-11-14 18:31:09.365: debug: Check KSK status
2014-11-14 18:31:09.365: debug: Check ZSK status
2014-11-14 18:31:09.365: debug: Re-signing not necessary!
2014-11-14 18:31:09.365: debug: Check if there is a parent file to copy
2014-11-14 18:31:27.335: debug: Check RFC5011 status
2014-11-14 18:31:27.335: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2014-11-14 18:31:27.335: debug: Check KSK status
2014-11-14 18:31:27.335: debug: Check ZSK status
2014-11-14 18:31:27.335: debug: Re-signing not necessary!
2014-11-14 18:31:27.335: debug: Check if there is a parent file to copy
2014-11-14 18:38:16.355: debug: Check RFC5011 status
2014-11-14 18:38:16.355: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2014-11-14 18:38:16.355: debug: Check KSK status
2014-11-14 18:38:16.355: debug: Check ZSK status
2014-11-14 18:38:16.355: debug: Re-signing not necessary!
2014-11-14 18:38:16.356: debug: Check if there is a parent file to copy
2014-11-15 18:16:50.447: debug: Check RFC5011 status
2014-11-15 18:16:50.447: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2014-11-15 18:16:50.447: debug: Check KSK status
2014-11-15 18:16:50.447: debug: Check ZSK status
2014-11-15 18:16:50.447: debug: Re-signing necessary: re-signing interval (1d) reached
2014-11-15 18:16:50.447: notice: "sub.example.net.": re-signing triggered: re-signing interval (1d) reached
2014-11-15 18:16:50.447: debug: Writing key file "././sub.example.net/dnskey.db"
2014-11-15 18:16:50.447: debug: Incrementing serial number in file "././sub.example.net/zone.db"
2014-11-15 18:16:50.447: debug: Signing zone "sub.example.net."
2014-11-15 18:16:50.448: debug: Run cmd "cd ././sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -3 DC5680 -C -g -p -d ../keysets -o sub.example.net. -e +172800 zone.db K*.private 2>&1"
2014-11-15 18:16:50.572: debug: Cmd dnssec-signzone return: "zone.db.signed"
2014-11-15 18:16:50.572: debug: Signing completed after 0s.
2014-11-15 18:16:54.202: debug: Check RFC5011 status
2014-11-15 18:16:54.202: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2014-11-15 18:16:54.202: debug: Check KSK status
2014-11-15 18:16:54.202: debug: Check ZSK status
2014-11-15 18:16:54.202: debug: Re-signing not necessary!
2014-11-15 18:16:54.202: debug: Check if there is a parent file to copy
2014-11-15 18:17:06.918: debug: Check RFC5011 status
2014-11-15 18:17:06.918: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2014-11-15 18:17:06.918: debug: Check KSK status
2014-11-15 18:17:06.918: debug: Check ZSK status
2014-11-15 18:17:06.918: debug: Re-signing not necessary!
2014-11-15 18:17:06.918: debug: Check if there is a parent file to copy
2014-11-15 18:17:17.242: debug: Check RFC5011 status
2014-11-15 18:17:17.242: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2014-11-15 18:17:17.242: debug: Check KSK status
2014-11-15 18:17:17.242: debug: Check ZSK status
2014-11-15 18:17:17.242: debug: Re-signing not necessary!
2014-11-15 18:17:17.242: debug: Check if there is a parent file to copy
2014-11-17 19:12:44.029: debug: Check RFC5011 status
2014-11-17 19:12:44.029: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2014-11-17 19:12:44.029: debug: Check KSK status
2014-11-17 19:12:44.029: debug: Check ZSK status
2014-11-17 19:12:44.029: debug: Lifetime(259200 +/-150 sec) of active key 21503 exceeded (263008 sec)
2014-11-17 19:12:44.029: debug: ->waiting for published key
2014-11-17 19:12:44.029: notice: "sub.example.net.": lifetime of zone signing key 21503 exceeded since 1h3m28s: ZSK rollover deferred: waiting for published key
2014-11-17 19:12:44.029: debug: New ZSK for publishing needed
2014-11-17 19:12:44.110: debug: ->creating new key 53867
2014-11-17 19:12:44.110: info: "sub.example.net.": new zone signing key 53867 generated for publishing
2014-11-17 19:12:44.110: debug: Re-signing necessary: Modified zone key set
2014-11-17 19:12:44.110: notice: "sub.example.net.": re-signing triggered: Modified zone key set
2014-11-17 19:12:44.110: debug: Writing key file "./sub.example.net/dnskey.db"
2014-11-17 19:12:44.111: debug: Incrementing serial number in file "./sub.example.net/zone.db"
2014-11-17 19:12:44.111: debug: Signing zone "sub.example.net."
2014-11-17 19:12:44.111: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -3 9F5882 -C -g -p -d ../keysets -o sub.example.net. -e +172800 zone.db K*.private 2>&1"
2014-11-17 19:12:44.250: debug: Cmd dnssec-signzone return: "zone.db.signed"
2014-11-17 19:12:44.250: debug: Signing completed after 0s.
2014-11-17 19:12:49.691: debug: Check RFC5011 status
2014-11-17 19:12:49.691: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2014-11-17 19:12:49.691: debug: Check KSK status
2014-11-17 19:12:49.691: debug: Check ZSK status
2014-11-17 19:12:49.691: debug: Lifetime(259200 +/-150 sec) of active key 21503 exceeded (263013 sec)
2014-11-17 19:12:49.691: debug: ->waiting for published key
2014-11-17 19:12:49.691: notice: "sub.example.net.": lifetime of zone signing key 21503 exceeded since 1h3m33s: ZSK rollover deferred: waiting for published key
2014-11-17 19:12:49.692: debug: Re-signing not necessary!
2014-11-17 19:12:49.692: debug: Check if there is a parent file to copy
2014-11-17 19:13:02.603: debug: Check RFC5011 status
2014-11-17 19:13:02.603: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2014-11-17 19:13:02.603: debug: Check KSK status
2014-11-17 19:13:02.603: debug: Check ZSK status
2014-11-17 19:13:02.603: debug: Lifetime(259200 +/-150 sec) of active key 21503 exceeded (263026 sec)
2014-11-17 19:13:02.603: debug: ->waiting for published key
2014-11-17 19:13:02.603: notice: "sub.example.net.": lifetime of zone signing key 21503 exceeded since 1h3m46s: ZSK rollover deferred: waiting for published key
2014-11-17 19:13:02.603: debug: Re-signing not necessary!
2014-11-17 19:13:02.603: debug: Check if there is a parent file to copy
2014-11-17 19:13:50.409: debug: Check RFC5011 status
2014-11-17 19:13:50.409: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2014-11-17 19:13:50.409: debug: Check KSK status
2014-11-17 19:13:50.409: debug: Check ZSK status
2014-11-17 19:13:50.409: debug: Lifetime(259200 +/-150 sec) of active key 21503 exceeded (263074 sec)
2014-11-17 19:13:50.409: debug: ->waiting for published key
2014-11-17 19:13:50.409: notice: "sub.example.net.": lifetime of zone signing key 21503 exceeded since 1h4m34s: ZSK rollover deferred: waiting for published key
2014-11-17 19:13:50.409: debug: Re-signing not necessary!
2014-11-17 19:13:50.409: debug: Check if there is a parent file to copy
2014-11-17 19:13:54.302: debug: Check RFC5011 status
2014-11-17 19:13:54.302: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2014-11-17 19:13:54.302: debug: Check KSK status
2014-11-17 19:13:54.302: debug: Check ZSK status
2014-11-17 19:13:54.302: debug: Lifetime(259200 +/-150 sec) of active key 21503 exceeded (263078 sec)
2014-11-17 19:13:54.302: debug: ->waiting for published key
2014-11-17 19:13:54.302: notice: "sub.example.net.": lifetime of zone signing key 21503 exceeded since 1h4m38s: ZSK rollover deferred: waiting for published key
2014-11-17 19:13:54.302: debug: Re-signing not necessary!
2014-11-17 19:13:54.302: debug: Check if there is a parent file to copy
2014-11-17 19:14:01.845: debug: Check RFC5011 status
2014-11-17 19:14:01.846: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2014-11-17 19:14:01.846: debug: Check KSK status
2014-11-17 19:14:01.846: debug: Check ZSK status
2014-11-17 19:14:01.846: debug: Lifetime(259200 +/-150 sec) of active key 21503 exceeded (263085 sec)
2014-11-17 19:14:01.846: debug: ->waiting for published key
2014-11-17 19:14:01.846: notice: "sub.example.net.": lifetime of zone signing key 21503 exceeded since 1h4m45s: ZSK rollover deferred: waiting for published key
2014-11-17 19:14:01.846: debug: Re-signing not necessary!
2014-11-17 19:14:01.846: debug: Check if there is a parent file to copy

1
contrib/zkt-1.1.3/examples/flat/zkt-ls Symbolic link
View File

@@ -0,0 +1 @@
../zkt-ls.sh

1
contrib/zkt-1.1.3/examples/flat/zkt-signer Symbolic link
View File

@@ -0,0 +1 @@
../zkt-signer.sh

1
contrib/zkt-1.1.3/examples/hierarchical/zkt-ls Symbolic link
View File

@@ -0,0 +1 @@
../zkt-ls.sh

1
contrib/zkt-1.1.3/examples/hierarchical/zkt-signer Symbolic link
View File

@@ -0,0 +1 @@
../zkt-signer.sh

39
contrib/zkt-1.1.3/examples/views/dnssec-extern.conf Normal file
View File

@@ -0,0 +1,39 @@
#
# @(#) dnssec.conf vT0.96 (c) Feb 2005 - May 2008 Holger Zuleger hznet.de
#
# dnssec-zkt options
Zonedir: "extern"
Recursive: True
PrintTime: False
PrintAge: True
LeftJustify: False
# zone specific values
ResignInterval: 1w # (604800 seconds)
Sigvalidity: 10d # (864000 seconds)
Max_TTL: 8h # (28800 seconds)
Propagation: 5m # (300 seconds)
KEY_TTL: 1h # (3600 seconds)
Serialformat: unixtime
# signing key parameters
KSK_lifetime: 1y # (31536000 seconds)
KSK_algo: RSASHA1 # (Algorithm ID 5)
KSK_bits: 1300
KSK_randfile: "/dev/urandom"
ZSK_lifetime: 30d # (2592000 seconds)
ZSK_algo: RSASHA1 # (Algorithm ID 5)
ZSK_bits: 512
ZSK_randfile: "/dev/urandom"
# dnssec-signer options
LogFile: "zkt-ext.log"
LogLevel: "debug"
SyslogFacility: "none"
SyslogLevel: "notice"
VerboseLog: 2
Keyfile: "dnskey.db"
Zonefile: "zone.db"
DLV_Domain: ""
Sig_Pseudorand: True

39
contrib/zkt-1.1.3/examples/views/dnssec-intern.conf Normal file
View File

@@ -0,0 +1,39 @@
#
# @(#) dnssec.conf vT0.96 (c) Feb 2005 - May 2008 Holger Zuleger hznet.de
#
# dnssec-zkt options
Zonedir: "intern"
Recursive: True
PrintTime: False
PrintAge: True
LeftJustify: False
# zone specific values
ResignInterval: 5h # (18000 seconds)
Sigvalidity: 1d # (86400 seconds)
Max_TTL: 30m # (1800 seconds)
Propagation: 1m # (60 seconds)
KEY_TTL: 30m # (1800 seconds)
Serialformat: unixtime
# signing key parameters
KSK_lifetime: 1y # (31536000 seconds)
KSK_algo: RSASHA1 # (Algorithm ID 5)
KSK_bits: 1300
KSK_randfile: "/dev/urandom"
ZSK_lifetime: 30d # (2592000 seconds)
ZSK_algo: RSASHA1 # (Algorithm ID 5)
ZSK_bits: 512
ZSK_randfile: "/dev/urandom"
# dnssec-signer options
LogFile: "zkt-int.log"
LogLevel: "debug"
SyslogFacility: "none"
SyslogLevel: "notice"
VerboseLog: 2
Keyfile: "dnskey.db"
Zonefile: "zone.db"
DLV_Domain: ""
Sig_Pseudorand: True

7
contrib/zkt-1.1.3/examples/views/dnssec-signer-extern Normal file
View File

@@ -0,0 +1,7 @@
#!/bin/sh
#
# Shell script to start the dnssec-signer
# command out of the view directory
#
ZKT_CONFFILE=`pwd`/dnssec.conf ../../dnssec-signer -V extern "$@"

7
contrib/zkt-1.1.3/examples/views/dnssec-signer-intern Normal file
View File

@@ -0,0 +1,7 @@
#!/bin/sh
#
# Shell script to start the dnssec-signer
# command out of the view directory
#
ZKT_CONFFILE=`pwd`/dnssec.conf ../../dnssec-signer -V intern "$@"

7
contrib/zkt-1.1.3/examples/views/dnssec-zkt-extern Normal file
View File

@@ -0,0 +1,7 @@
#!/bin/sh
#
# Shell script to start the dnssec-zkt command
# out of the view directory
#
ZKT_CONFFILE=`pwd`/dnssec.conf ../../dnssec-zkt --view extern "$@"

7
contrib/zkt-1.1.3/examples/views/dnssec-zkt-intern Normal file
View File

@@ -0,0 +1,7 @@
#!/bin/sh
#
# Shell script to start the dnssec-zkt command
# out of the view directory
#
ZKT_CONFFILE=`pwd`/dnssec.conf ../../dnssec-zkt --view intern "$@"

33
contrib/zkt-1.1.3/examples/views/extern/example.net/zone.db vendored Normal file
View File

@@ -0,0 +1,33 @@
;-----------------------------------------------------------------
;
; @(#) extern/example.net/zone.db
;
;-----------------------------------------------------------------
$TTL 7200
@ IN SOA ns1.example.net. hostmaster.example.net. (
0 ; Serial
43200 ; Refresh
1800 ; Retry
2W ; Expire
7200 ) ; Minimum
IN NS ns1.example.net.
IN NS ns2.example.net.
ns1 IN A 1.0.0.5
IN AAAA 2001:db8::53
ns2 IN A 1.2.0.6
localhost IN A 127.0.0.1
; Delegation to secure zone; The DS resource record will
; be added by dnssec-signzone automatically if the
; keyset-sub.example.net file is present (run dnssec-signzone
; with option -g or use the dnssec-signer tool) ;-)
sub IN NS ns1.example.net.
; this file will have all the zone keys
$INCLUDE dnskey.db

0
contrib/zkt-1.1.3/examples/views/extern/example.net/zone.db.signed vendored Normal file
View File

51
contrib/zkt-1.1.3/examples/views/extern/zkt-ext.log vendored Normal file
View File

@@ -0,0 +1,51 @@
2008-06-12 17:59:04.194: notice: running as ../../dnssec-signer -V extern -v -v
2008-06-12 17:59:04.195: debug: parsing zone "example.net." in dir "extern/example.net."
2008-06-12 17:59:04.196: debug: Check RFC5011 status
2008-06-12 17:59:04.196: debug: ->ksk5011status returns 0
2008-06-12 17:59:04.196: debug: Check ksk status
2008-06-12 17:59:04.196: debug: Re-signing not necessary!
2008-06-12 17:59:04.196: notice: end of run: 0 errors occured
2008-06-12 17:59:17.435: notice: running as ../../dnssec-signer -V extern -v -v
2008-06-12 17:59:17.436: debug: parsing zone "example.net." in dir "extern/example.net."
2008-06-12 17:59:17.436: debug: Check RFC5011 status
2008-06-12 17:59:17.436: debug: ->ksk5011status returns 0
2008-06-12 17:59:17.436: debug: Check ksk status
2008-06-12 17:59:17.436: debug: Re-signing not necessary!
2008-06-12 17:59:17.436: notice: end of run: 0 errors occured
2008-06-12 18:00:07.818: notice: running as ../../dnssec-signer -V extern -v -v
2008-06-12 18:00:07.819: debug: parsing zone "example.net." in dir "extern/example.net."
2008-06-12 18:00:07.819: debug: Check RFC5011 status
2008-06-12 18:00:07.819: debug: ->ksk5011status returns 0
2008-06-12 18:00:07.819: debug: Check ksk status
2008-06-12 18:00:07.819: debug: Re-signing not necessary!
2008-06-12 18:00:07.819: notice: end of run: 0 errors occured
2008-06-12 18:00:39.019: notice: running as ../../dnssec-signer -V extern -v -v
2008-06-12 18:00:39.020: debug: parsing zone "example.net." in dir "extern/example.net."
2008-06-12 18:00:39.020: debug: Check RFC5011 status
2008-06-12 18:00:39.020: debug: ->ksk5011status returns 0
2008-06-12 18:00:39.020: debug: Check ksk status
2008-06-12 18:00:39.020: debug: Re-signing not necessary!
2008-06-12 18:00:39.020: notice: end of run: 0 errors occured
2008-10-03 01:00:45.544: notice: ------------------------------------------------------------
2008-10-03 01:00:45.544: notice: running ../../dnssec-signer -V extern -v -v
2008-10-03 01:00:45.545: debug: parsing zone "example.net" in dir "extern/example.net"
2008-10-03 01:00:45.545: debug: Check RFC5011 status
2008-10-03 01:00:45.545: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2008-10-03 01:00:45.545: debug: Check KSK status
2008-10-03 01:00:45.545: debug: Check ZSK status
2008-10-03 01:00:45.545: debug: Lifetime(2592000 +/-150 sec) of active key 35744 exceeded (5018328 sec)
2008-10-03 01:00:45.546: debug: ->depreciate it
2008-10-03 01:00:45.546: debug: ->activate published key 10367
2008-10-03 01:00:45.546: notice: "example.net": lifetime of zone signing key 35744 exceeded: ZSK rollover done
2008-10-03 01:00:45.546: debug: New key for publishing needed
2008-10-03 01:00:45.614: debug: ->creating new key 14714
2008-10-03 01:00:45.614: info: "example.net": new key 14714 generated for publishing
2008-10-03 01:00:45.614: debug: Re-signing necessary: New zone key
2008-10-03 01:00:45.614: notice: "example.net": re-signing triggered: New zone key
2008-10-03 01:00:45.614: debug: Writing key file "extern/example.net/dnskey.db"
2008-10-03 01:00:45.614: debug: Signing zone "example.net"
2008-10-03 01:00:45.614: debug: Run cmd "cd extern/example.net; /usr/local/sbin/dnssec-signzone -g -p -o example.net -e +864000 -N unixtime zone.db K*.private"
2008-10-03 01:00:46.114: debug: Cmd dnssec-signzone return: "zone.db.signed"
2008-10-03 01:00:46.114: debug: Signing completed after 1s.
2008-10-03 01:00:46.114: debug:
2008-10-03 01:00:46.114: notice: end of run: 0 errors occured

33
contrib/zkt-1.1.3/examples/views/intern/example.net/zone.db Normal file
View File

@@ -0,0 +1,33 @@
;-----------------------------------------------------------------
;
; @(#) intern/example.net/zone.db
;
;-----------------------------------------------------------------
$TTL 7200
@ IN SOA ns1.example.net. hostmaster.example.net. (
0 ; Serial
43200 ; Refresh
1800 ; Retry
2W ; Expire
7200 ) ; Minimum
IN NS ns1.example.net.
IN NS ns2.example.net.
ns1 IN A 192.168.1.53
IN AAAA fd12:063c:cdbb::53
ns2 IN A 10.1.2.3
localhost IN A 127.0.0.1
; Delegation to secure zone; The DS resource record will
; be added by dnssec-signzone automatically if the
; keyset-sub.example.net file is present (run dnssec-signzone
; with option -g or use the dnssec-signer tool) ;-)
sub IN NS ns1.example.net.
; this file will have all the zone keys
$INCLUDE dnskey.db

0
contrib/zkt-1.1.3/examples/views/intern/example.net/zone.db.signed Normal file
View File

192
contrib/zkt-1.1.3/examples/views/intern/zkt-int.log Normal file
View File

@@ -0,0 +1,192 @@
2008-06-12 18:02:13.593: notice: running as ../../dnssec-signer -V intern -v -v
2008-06-12 18:02:13.594: debug: parsing zone "example.net." in dir "intern/example.net."
2008-06-12 18:02:13.594: debug: Check RFC5011 status
2008-06-12 18:02:13.595: debug: ->ksk5011status returns 0
2008-06-12 18:02:13.595: debug: Check ksk status
2008-06-12 18:02:13.595: debug: Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17727466 sec)
2008-06-12 18:02:13.595: debug: ->waiting for pre-publish key
2008-06-12 18:02:13.595: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h17m46s: ZSK rollover deferred: waiting for pre-publish key
2008-06-12 18:02:13.595: debug: Re-signing necessary: Modified keys
2008-06-12 18:02:13.595: notice: "example.net.": re-signing triggered: Modified keys
2008-06-12 18:02:13.595: debug: Writing key file "intern/example.net./dnskey.db"
2008-06-12 18:02:13.596: debug: Signing zone "example.net."
2008-06-12 18:02:13.596: debug: Run cmd "cd intern/example.net.; /usr/local/sbin/dnssec-signzone -p -o example.net. -e +86400 -g -N unixtime zone.db K*.private"
2008-06-12 18:02:13.705: debug: Cmd dnssec-signzone return: "zone.db.signed"
2008-06-12 18:02:13.705: debug: Signing completed after 0s.
2008-06-12 18:02:13.705: debug:
2008-06-12 18:02:13.705: notice: end of run: 0 errors occured
2008-06-12 18:03:13.208: notice: running as ../../dnssec-signer -V intern -r -v -v
2008-06-12 18:03:13.209: debug: parsing zone "example.net." in dir "intern/example.net."
2008-06-12 18:03:13.209: debug: Check RFC5011 status
2008-06-12 18:03:13.209: debug: ->ksk5011status returns 0
2008-06-12 18:03:13.209: debug: Check ksk status
2008-06-12 18:03:13.209: debug: Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17727526 sec)
2008-06-12 18:03:13.209: debug: ->waiting for pre-publish key
2008-06-12 18:03:13.209: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h18m46s: ZSK rollover deferred: waiting for pre-publish key
2008-06-12 18:03:13.209: debug: Re-signing not necessary!
2008-06-12 18:03:13.209: notice: end of run: 0 errors occured
2008-06-12 18:03:19.287: notice: running as ../../dnssec-signer -V intern -r -v -v
2008-06-12 18:03:19.288: debug: parsing zone "example.net." in dir "intern/example.net."
2008-06-12 18:03:19.288: debug: Check RFC5011 status
2008-06-12 18:03:19.289: debug: ->ksk5011status returns 0
2008-06-12 18:03:19.289: debug: Check ksk status
2008-06-12 18:03:19.289: debug: Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17727532 sec)
2008-06-12 18:03:19.289: debug: ->waiting for pre-publish key
2008-06-12 18:03:19.289: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h18m52s: ZSK rollover deferred: waiting for pre-publish key
2008-06-12 18:03:19.289: debug: Re-signing not necessary!
2008-06-12 18:03:19.289: notice: end of run: 0 errors occured
2008-06-12 18:03:23.617: notice: running as ../../dnssec-signer -V intern -f -r -v -v
2008-06-12 18:03:23.618: debug: parsing zone "example.net." in dir "intern/example.net."
2008-06-12 18:03:23.618: debug: Check RFC5011 status
2008-06-12 18:03:23.618: debug: ->ksk5011status returns 0
2008-06-12 18:03:23.618: debug: Check ksk status
2008-06-12 18:03:23.618: debug: Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17727536 sec)
2008-06-12 18:03:23.618: debug: ->waiting for pre-publish key
2008-06-12 18:03:23.618: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h18m56s: ZSK rollover deferred: waiting for pre-publish key
2008-06-12 18:03:23.618: debug: Re-signing necessary: Option -f
2008-06-12 18:03:23.618: notice: "example.net.": re-signing triggered: Option -f
2008-06-12 18:03:23.618: debug: Writing key file "intern/example.net./dnskey.db"
2008-06-12 18:03:23.619: debug: Signing zone "example.net."
2008-06-12 18:03:23.619: debug: Run cmd "cd intern/example.net.; /usr/local/sbin/dnssec-signzone -p -o example.net. -e +86400 -g -N unixtime zone.db K*.private"
2008-06-12 18:03:23.719: debug: Cmd dnssec-signzone return: "zone.db.signed"
2008-06-12 18:03:23.719: debug: Signing completed after 0s.
2008-06-12 18:03:23.720: notice: ""example.net." in view "intern"": reload triggered
2008-06-12 18:03:23.772: debug:
2008-06-12 18:03:23.772: notice: end of run: 0 errors occured
2008-06-12 18:05:39.532: notice: running as ../../dnssec-signer -V intern -f -r -v -v
2008-06-12 18:05:39.533: debug: parsing zone "example.net." in dir "intern/example.net."
2008-06-12 18:05:39.533: debug: Check RFC5011 status
2008-06-12 18:05:39.533: debug: ->ksk5011status returns 0
2008-06-12 18:05:39.533: debug: Check ksk status
2008-06-12 18:05:39.533: debug: Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17727672 sec)
2008-06-12 18:05:39.533: debug: ->waiting for pre-publish key
2008-06-12 18:05:39.533: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h21m12s: ZSK rollover deferred: waiting for pre-publish key
2008-06-12 18:05:39.533: debug: Re-signing necessary: Option -f
2008-06-12 18:05:39.533: notice: "example.net.": re-signing triggered: Option -f
2008-06-12 18:05:39.533: debug: Writing key file "intern/example.net./dnskey.db"
2008-06-12 18:05:39.534: debug: Signing zone "example.net."
2008-06-12 18:05:39.534: debug: Run cmd "cd intern/example.net.; /usr/local/sbin/dnssec-signzone -p -o example.net. -e +86400 -g -N unixtime zone.db K*.private"
2008-06-12 18:05:39.629: debug: Cmd dnssec-signzone return: "zone.db.signed"
2008-06-12 18:05:39.630: debug: Signing completed after 0s.
2008-06-12 18:05:39.630: notice: ""example.net."": reload triggered
2008-06-12 18:05:39.640: debug:
2008-06-12 18:05:39.640: notice: end of run: 0 errors occured
2008-06-12 18:07:47.753: notice: running as ../../dnssec-signer -V intern -f -r -v -v
2008-06-12 18:07:47.754: debug: parsing zone "example.net." in dir "intern/example.net."
2008-06-12 18:07:47.754: debug: Check RFC5011 status
2008-06-12 18:07:47.754: debug: ->ksk5011status returns 0
2008-06-12 18:07:47.754: debug: Check ksk status
2008-06-12 18:07:47.754: debug: Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17727800 sec)
2008-06-12 18:07:47.754: debug: ->waiting for pre-publish key
2008-06-12 18:07:47.754: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h23m20s: ZSK rollover deferred: waiting for pre-publish key
2008-06-12 18:07:47.754: debug: Re-signing necessary: Option -f
2008-06-12 18:07:47.754: notice: "example.net.": re-signing triggered: Option -f
2008-06-12 18:07:47.754: debug: Writing key file "intern/example.net./dnskey.db"
2008-06-12 18:07:47.754: debug: Signing zone "example.net."
2008-06-12 18:07:47.754: debug: Run cmd "cd intern/example.net.; /usr/local/sbin/dnssec-signzone -p -o example.net. -e +86400 -g -N unixtime zone.db K*.private"
2008-06-12 18:07:47.856: debug: Cmd dnssec-signzone return: "zone.db.signed"
2008-06-12 18:07:47.856: debug: Signing completed after 0s.
2008-06-12 18:07:47.856: notice: ""example.net."": reload triggered
2008-06-12 18:07:47.866: debug:
2008-06-12 18:07:47.867: notice: end of run: 0 errors occured
2008-06-12 18:10:57.978: notice: running as ../../dnssec-signer -V intern -f -r -v -v
2008-06-12 18:10:57.978: debug: parsing zone "example.net." in dir "intern/example.net."
2008-06-12 18:10:57.978: debug: Check RFC5011 status
2008-06-12 18:10:57.978: debug: ->ksk5011status returns 0
2008-06-12 18:10:57.978: debug: Check ksk status
2008-06-12 18:10:57.978: debug: Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17727990 sec)
2008-06-12 18:10:57.978: debug: ->waiting for pre-publish key
2008-06-12 18:10:57.978: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h26m30s: ZSK rollover deferred: waiting for pre-publish key
2008-06-12 18:10:57.978: debug: Re-signing necessary: Option -f
2008-06-12 18:10:57.978: notice: "example.net.": re-signing triggered: Option -f
2008-06-12 18:10:57.978: debug: Writing key file "intern/example.net./dnskey.db"
2008-06-12 18:10:57.979: debug: Signing zone "example.net."
2008-06-12 18:10:57.979: debug: Run cmd "cd intern/example.net.; /usr/local/sbin/dnssec-signzone -p -o example.net. -e +86400 -g -N unixtime zone.db K*.private"
2008-06-12 18:10:58.081: debug: Cmd dnssec-signzone return: "zone.db.signed"
2008-06-12 18:10:58.081: debug: Signing completed after 1s.
2008-06-12 18:10:58.081: notice: ""example.net." in view "intern"": reload triggered
2008-06-12 18:10:58.093: debug:
2008-06-12 18:10:58.093: notice: end of run: 0 errors occured
2008-06-12 18:13:29.511: notice: running as ../../dnssec-signer -V intern -f -r -v -v
2008-06-12 18:13:29.512: debug: parsing zone "example.net." in dir "intern/example.net."
2008-06-12 18:13:29.512: debug: Check RFC5011 status
2008-06-12 18:13:29.512: debug: ->ksk5011status returns 0
2008-06-12 18:13:29.512: debug: Check ksk status
2008-06-12 18:13:29.512: debug: Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17728142 sec)
2008-06-12 18:13:29.512: debug: ->waiting for pre-publish key
2008-06-12 18:13:29.512: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h29m2s: ZSK rollover deferred: waiting for pre-publish key
2008-06-12 18:13:29.512: debug: Re-signing necessary: Option -f
2008-06-12 18:13:29.512: notice: "example.net.": re-signing triggered: Option -f
2008-06-12 18:13:29.512: debug: Writing key file "intern/example.net./dnskey.db"
2008-06-12 18:13:29.513: debug: Signing zone "example.net."
2008-06-12 18:13:29.513: debug: Run cmd "cd intern/example.net.; /usr/local/sbin/dnssec-signzone -p -o example.net. -e +86400 -g -N unixtime zone.db K*.private"
2008-06-12 18:13:29.612: debug: Cmd dnssec-signzone return: "zone.db.signed"
2008-06-12 18:13:29.612: debug: Signing completed after 0s.
2008-06-12 18:13:29.612: notice: ""example.net." in view "intern"": reload triggered
2008-06-12 18:13:29.612: debug: Reload zone "example.net." in view "intern"
2008-06-12 18:13:29.612: debug: Run cmd "/usr/local/sbin/rndc reload example.net. IN intern"
2008-06-12 18:13:29.623: debug:
2008-06-12 18:13:29.623: notice: end of run: 0 errors occured
2008-06-12 18:13:38.707: notice: running as ../../dnssec-signer -V intern -f -r -v
2008-06-12 18:13:38.708: debug: parsing zone "example.net." in dir "intern/example.net."
2008-06-12 18:13:38.709: debug: Check RFC5011 status
2008-06-12 18:13:38.709: debug: ->ksk5011status returns 0
2008-06-12 18:13:38.709: debug: Check ksk status
2008-06-12 18:13:38.709: debug: Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17728151 sec)
2008-06-12 18:13:38.709: debug: ->waiting for pre-publish key
2008-06-12 18:13:38.709: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h29m11s: ZSK rollover deferred: waiting for pre-publish key
2008-06-12 18:13:38.709: debug: Re-signing necessary: Option -f
2008-06-12 18:13:38.709: notice: "example.net.": re-signing triggered: Option -f
2008-06-12 18:13:38.709: debug: Writing key file "intern/example.net./dnskey.db"
2008-06-12 18:13:38.710: debug: Signing zone "example.net."
2008-06-12 18:13:38.710: debug: Run cmd "cd intern/example.net.; /usr/local/sbin/dnssec-signzone -p -o example.net. -e +86400 -g -N unixtime zone.db K*.private"
2008-06-12 18:13:39.163: debug: Cmd dnssec-signzone return: "zone.db.signed"
2008-06-12 18:13:39.163: debug: Signing completed after 1s.
2008-06-12 18:13:39.163: notice: ""example.net." in view "intern"": reload triggered
2008-06-12 18:13:39.163: debug: Reload zone "example.net." in view "intern"
2008-06-12 18:13:39.163: debug: Run cmd "/usr/local/sbin/rndc reload example.net. IN intern"
2008-06-12 18:13:39.174: debug:
2008-06-12 18:13:39.174: notice: end of run: 0 errors occured
2008-06-12 18:13:43.163: notice: running as ../../dnssec-signer -V intern -f -r -v -v
2008-06-12 18:13:43.164: debug: parsing zone "example.net." in dir "intern/example.net."
2008-06-12 18:13:43.164: debug: Check RFC5011 status
2008-06-12 18:13:43.164: debug: ->ksk5011status returns 0
2008-06-12 18:13:43.164: debug: Check ksk status
2008-06-12 18:13:43.164: debug: Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (17728156 sec)
2008-06-12 18:13:43.164: debug: ->waiting for pre-publish key
2008-06-12 18:13:43.164: notice: "example.net.": lifetime of zone signing key 5972 exceeded since 25w4h29m16s: ZSK rollover deferred: waiting for pre-publish key
2008-06-12 18:13:43.164: debug: Re-signing necessary: Option -f
2008-06-12 18:13:43.164: notice: "example.net.": re-signing triggered: Option -f
2008-06-12 18:13:43.164: debug: Writing key file "intern/example.net./dnskey.db"
2008-06-12 18:13:43.164: debug: Signing zone "example.net."
2008-06-12 18:13:43.164: debug: Run cmd "cd intern/example.net.; /usr/local/sbin/dnssec-signzone -p -o example.net. -e +86400 -g -N unixtime zone.db K*.private"
2008-06-12 18:13:43.262: debug: Cmd dnssec-signzone return: "zone.db.signed"
2008-06-12 18:13:43.262: debug: Signing completed after 0s.
2008-06-12 18:13:43.262: notice: ""example.net." in view "intern"": reload triggered
2008-06-12 18:13:43.262: debug: Reload zone "example.net." in view "intern"
2008-06-12 18:13:43.262: debug: Run cmd "/usr/local/sbin/rndc reload example.net. IN intern"
2008-06-12 18:13:43.273: debug:
2008-06-12 18:13:43.273: notice: end of run: 0 errors occured
2008-10-03 01:00:38.404: notice: ------------------------------------------------------------
2008-10-03 01:00:38.404: notice: running ../../dnssec-signer -V intern
2008-10-03 01:00:38.405: debug: parsing zone "example.net" in dir "intern/example.net"
2008-10-03 01:00:38.405: debug: Check RFC5011 status
2008-10-03 01:00:38.405: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2008-10-03 01:00:38.405: debug: Check KSK status
2008-10-03 01:00:38.405: debug: Check ZSK status
2008-10-03 01:00:38.405: debug: Lifetime(2592000 +/-150 sec) of active key 5972 exceeded (5018321 sec)
2008-10-03 01:00:38.405: debug: ->depreciate it
2008-10-03 01:00:38.405: debug: ->activate published key 23375
2008-10-03 01:00:38.405: notice: "example.net": lifetime of zone signing key 5972 exceeded: ZSK rollover done
2008-10-03 01:00:38.405: debug: New key for publishing needed
2008-10-03 01:00:38.491: debug: ->creating new key 55745
2008-10-03 01:00:38.492: info: "example.net": new key 55745 generated for publishing
2008-10-03 01:00:38.492: debug: Re-signing necessary: New zone key
2008-10-03 01:00:38.492: notice: "example.net": re-signing triggered: New zone key
2008-10-03 01:00:38.492: debug: Writing key file "intern/example.net/dnskey.db"
2008-10-03 01:00:38.492: debug: Signing zone "example.net"
2008-10-03 01:00:38.492: debug: Run cmd "cd intern/example.net; /usr/local/sbin/dnssec-signzone -g -p -o example.net -e +86400 -N unixtime zone.db K*.private"
2008-10-03 01:00:38.796: debug: Cmd dnssec-signzone return: "zone.db.signed"
2008-10-03 01:00:38.796: debug: Signing completed after 0s.
2008-10-03 01:00:38.796: debug:
2008-10-03 01:00:38.796: notice: end of run: 0 errors occured

97
contrib/zkt-1.1.3/examples/views/named.conf Normal file
View File

@@ -0,0 +1,97 @@
/*****************************************************************
**
** #(@) named.conf (c) 6. May 2004 (hoz)
*****************************************************************/
/*****************************************************************
** logging options
*****************************************************************/
logging {
channel "named-log" {
file "named.log";
print-time yes;
print-category yes;
print-severity yes;
severity info;
};
category "dnssec" { "named-log"; };
category "edns-disabled" { "named-log"; };
category "default" { "named-log"; };
};
/*****************************************************************
** name server options
*****************************************************************/
options {
directory ".";
pid-file "named.pid";
listen-on-v6 port 1053 { any; };
listen-on port 1053 { any; };
empty-zones-enable no;
port 1053;
query-source address * port 1053;
query-source-v6 address * port 1053;
transfer-source * port 53;
transfer-source-v6 * port 53;
use-alt-transfer-source no;
notify-source * port 53;
notify-source-v6 * port 53;
recursion yes;
dnssec-enable yes;
dnssec-validation yes; /* required by BIND 9.4.0 */
dnssec-accept-expired false; /* added since BIND 9.5.0 */
edns-udp-size 1460; /* (M4) */
max-udp-size 1460; /* (M5) */
# allow-query { localhost; }; /* default in 9.4.0 */
# allow-query-cache { localhost; }; /* default in 9.4.0 */
dnssec-must-be-secure "." no;
querylog yes;
stats-server 127.0.0.1 port 8881; /* added since BIND 9.5.0 */
};
/*****************************************************************
** view intern
*****************************************************************/
view "intern" {
match-clients { 127.0.0.1; ::1; };
recursion yes;
zone "." in {
type hint;
file "root.hint";
};
zone "0.0.127.in-addr.arpa" in {
type master;
file "127.0.0.zone";
};
zone "example.net" in {
type master;
file "intern/example.net/zone.db.signed";
};
};
/*****************************************************************
** view extern
*****************************************************************/
view "extern" {
match-clients { any; };
recursion no;
zone "." in {
type hint;
file "root.hint";
};
zone "example.net" in {
type master;
file "extern/example.net/zone.db.signed";
};
};

17
contrib/zkt-1.1.3/examples/views/named.log Normal file
View File

@@ -0,0 +1,17 @@
20-Nov-2007 17:12:58.092 general: critical: couldn't open pid file '/var/run/named.pid': Permission denied
20-Nov-2007 17:12:58.092 general: critical: exiting (due to early fatal error)
20-Nov-2007 17:20:24.941 general: critical: couldn't open pid file '/var/run/named.pid': Permission denied
20-Nov-2007 17:20:24.941 general: critical: exiting (due to early fatal error)
20-Nov-2007 17:28:22.686 general: critical: couldn't open pid file '/var/run/named.pid': Permission denied
20-Nov-2007 17:28:22.686 general: critical: exiting (due to early fatal error)
20-Nov-2007 17:40:12.389 general: error: zone 0.0.127.in-addr.arpa/IN/intern: loading from master file 127.0.0.zone failed: file not found
20-Nov-2007 17:40:12.391 general: info: zone example.net/IN/intern: loaded serial 1195574789 (signed)
20-Nov-2007 17:40:12.393 general: info: zone example.net/IN/extern: loaded serial 1195561217 (signed)
20-Nov-2007 17:40:12.393 general: notice: running
20-Nov-2007 17:40:12.393 notify: info: zone example.net/IN/intern: sending notifies (serial 1195574789)
20-Nov-2007 17:40:12.394 notify: info: zone example.net/IN/extern: sending notifies (serial 1195561217)
20-Nov-2007 19:07:04.016 general: info: shutting down
20-Nov-2007 19:07:04.017 network: info: no longer listening on ::#1053
20-Nov-2007 19:07:04.017 network: info: no longer listening on 127.0.0.1#1053
20-Nov-2007 19:07:04.017 network: info: no longer listening on 145.253.100.51#1053
20-Nov-2007 19:07:04.020 general: notice: exiting

45
contrib/zkt-1.1.3/examples/views/root.hint Normal file
View File

@@ -0,0 +1,45 @@
; <<>> DiG 9.5.0a6 <<>> ns . @a.root-servers.net
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33355
;; flags: qr aa rd; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 13
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;. IN NS
;; ANSWER SECTION:
. 518400 IN NS H.ROOT-SERVERS.NET.
. 518400 IN NS I.ROOT-SERVERS.NET.
. 518400 IN NS J.ROOT-SERVERS.NET.
. 518400 IN NS K.ROOT-SERVERS.NET.
. 518400 IN NS L.ROOT-SERVERS.NET.
. 518400 IN NS M.ROOT-SERVERS.NET.
. 518400 IN NS A.ROOT-SERVERS.NET.
. 518400 IN NS B.ROOT-SERVERS.NET.
. 518400 IN NS C.ROOT-SERVERS.NET.
. 518400 IN NS D.ROOT-SERVERS.NET.
. 518400 IN NS E.ROOT-SERVERS.NET.
. 518400 IN NS F.ROOT-SERVERS.NET.
. 518400 IN NS G.ROOT-SERVERS.NET.
;; ADDITIONAL SECTION:
A.ROOT-SERVERS.NET. 3600000 IN A 198.41.0.4
B.ROOT-SERVERS.NET. 3600000 IN A 192.228.79.201
C.ROOT-SERVERS.NET. 3600000 IN A 192.33.4.12
D.ROOT-SERVERS.NET. 3600000 IN A 128.8.10.90
E.ROOT-SERVERS.NET. 3600000 IN A 192.203.230.10
F.ROOT-SERVERS.NET. 3600000 IN A 192.5.5.241
G.ROOT-SERVERS.NET. 3600000 IN A 192.112.36.4
H.ROOT-SERVERS.NET. 3600000 IN A 128.63.2.53
I.ROOT-SERVERS.NET. 3600000 IN A 192.36.148.17
J.ROOT-SERVERS.NET. 3600000 IN A 192.58.128.30
K.ROOT-SERVERS.NET. 3600000 IN A 193.0.14.129
L.ROOT-SERVERS.NET. 3600000 IN A 199.7.83.42
M.ROOT-SERVERS.NET. 3600000 IN A 202.12.27.33
;; Query time: 114 msec
;; SERVER: 198.41.0.4#53(198.41.0.4)
;; WHEN: Mon Nov 5 07:28:00 2007
;; MSG SIZE rcvd: 436

20
contrib/zkt-1.1.3/examples/views/viewtest.sh Normal file
View File

@@ -0,0 +1,20 @@
ZKT_CONFFILE=dnssec.conf
export ZKT_CONFFILE
if true
then
echo "All internal keys:"
./dnssec-zkt-intern
echo
echo "All external keys:"
./dnssec-zkt-extern
echo
fi
echo "Sign both views"
./dnssec-signer-intern -v -v -f -r
echo
./dnssec-signer-extern -v -v