upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-11 02:59:59 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

2922 [contrib] Update zkt to version 1.0.:

Browse source
This commit is contained in:
Mark Andrews 2010-06-23 02:42:10 +00:00
parent 0123677dc3
commit c52235e52e
248 changed files with 6668 additions and 10543 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
CHANGES
View file

@ -1,3 +1,5 @@
2922 [contrib] Update zkt to version 1.0.
2921. [bug] The resolver could attempt to destroy a fetch context
to soon. [RT #19878]

111
contrib/zkt/CHANGELOG
View file

@ -1,3 +1,112 @@
zkt 1.0 -- 15. June 2010
* feat "/dev/urandom" check added to checkconfig()
* feat Config compability switch (-C) added to zkt-conf
* feat zkt-ls has a new switch -s to change sorting of domains from
subdomain before parent to subdomain below the parent
* feat "zkt-ls -T" prints only parent trust anchor
zkt 1.0rc1 -- 1. Apr 2010 (The 1.0 release was sponsored by DOMINIC(r) )
* feat Several config parameter are printed now in a more consistent and
user friendly form.
SerialFormat "Incremental" could be abbreviated as "inc" on input.
* bug use of AC_ARG_ENABLE macros changed in a way that it is possible
to use it as a "--disable-FEATURE" switch.
* port no longer checking for malloc() in configue script.
Mainly because it checks only if malloc(0) is allowed and we do
not need this.
* port --disable-color-mode added to configure script
* bug Makro PRINT_AGE_OF_YEAR renamed to PRINT_AGE_WITH_YEAR in configure.ac
* misc man page zkt-keyman added
* misc New command zkt-keyman added as replacement for dnssec-zkt's key
management functionality
* misc man page zkt-ls added
* port Check for ncurses added to Makefile.in
* misc Color mode (Option -C) added to zkt-ls (experimental)
New source file tcap.c.
* misc Deprecate "single linked list" version of ZKT. The binary tree
version is the default for years, so the VERSION string does no
longer contain a "T". Now, if someone insist on the single link
list version (configure --disable-tree) a "S" is added to the
version string.
Anyway, the code for the single link list version does no longer
have the same functionality and will be removed in one of the later
releases.
* misc New command zkt-ls added as replacement for dnssec-zkt's key
listing functionality
* func New key algorithms RSASHA256 and RSAHSHA512 added to dki.[ch]
and zconf.c
New parameter NSEC3 added. Now it's possible to configure
an NSEC3_OPTOUT zone.
* bug Token parsing function gettok() fixed to recognize tokens
with dashes ("zone-statistics" was seen as "zone").
Thanks to Andreas Baess for finding this bug.
* bug Fixed bug in (re)salting dynamic zones.
sig_zone() and gensalt() needs parameter change for this
* func New option -a added to zkt-conf
* func In zconf.c CONF_TIMEINT parameter are now able to recognize
"unset" values (which is represented internaly as 0)
* func Set Max_TTL to sig lifetime for dynamic zones or if Max_TTL
is less than 1.
max_ttl checks in checkconfig() fixed.
* func printconfigdiff() added to zconf.c and used by zkt-conf.
Now local configs are printed as diff to site wide config.
* misc man page zkt-signer.8 changed to new command syntax
* func Per domain logging added. Use parameter LogDomainDir to
enable it. For more details see file README.logging.
* func distribute.sh supports new action type "distkeys" but is
currently not used
* misc LOG_FNAMETMPL changed and moved from config_zkt.h to log.h
* misc Default soa serial format changed from "Incremental"
to "Unixtime"
* func dnssec-signer command renamed to zkt-signer. Man page updated.
* func New command zkt-conf added as replacement for dnssec-zkt -Z
* misc timeint2str() is now global (zconf.c)
* func zfparse.c - a rudimentary zone file parser
scans minimum and maximum ttl values; adds $INCLUDE dnskey.db
zkt 0.99d -- Not released
* func Option SIG_DnsKeyKSK for DNSKEY signing with KSK only
added (only useful with BIND9.7)
* misc For BIND 9.7 compability:
Run dnssec-signzone in compability mode ("-C") if
SigGenerateDS is true.
Run dnssec-keygen in compability mode ("-C -q")
Add option -u to dnssec-signzone if NSEC3 chaining is requested
zkt 0.99c -- 1. Aug 2009
* misc dnssec-signer command line option vars changed to storage
@ -504,7 +613,7 @@ zkt 0.63 -- 14. June 2005
zkt 0.62 -- 13. May 2005
* func dnssec-signer: Option -o added.
Now it works a little bit more like dnssec-signzone.
Now it works a bit more like dnssec-signzone.
* func strlist.c: prepstrlist and unprepstrlist functions get a
second parameter for the delimiter.

137
contrib/zkt/Makefile.in
View file

@ -18,23 +18,44 @@ CFLAGS += -Wall #-DDBG
CFLAGS += -Wmissing-prototypes
CFLAGS += $(PROFILE) $(OPTIM)
LDFLAGS += $(PROFILE)
LIBS = @LIBS@
PROJECT = @PACKAGE_TARNAME@
VERSION = @PACKAGE_VERSION@
HEADER = dki.h misc.h domaincmp.h zconf.h config_zkt.h \
config.h.in strlist.h zone.h zkt.h debug.h \
ncparse.h log.h rollover.h nscomm.h soaserial.h
ncparse.h log.h rollover.h nscomm.h soaserial.h \
zfparse.h tcap.h
SRC_ALL = dki.c misc.c domaincmp.c zconf.c log.c
OBJ_ALL = $(SRC_ALL:.c=.o)
SRC_SIG = dnssec-signer.c zone.c ncparse.c rollover.c \
SRC_SIG = zkt-signer.c zone.c ncparse.c rollover.c \
nscomm.c soaserial.c
OBJ_SIG = $(SRC_SIG:.c=.o)
MAN_SIG = dnssec-signer.8
PROG_SIG= dnssec-signer
MAN_SIG = zkt-signer.8
PROG_SIG= zkt-signer
SRC_ZKT = dnssec-zkt.c strlist.c zkt.c
SRC_CNF = zkt-conf.c zfparse.c
OBJ_CNF = $(SRC_CNF:.c=.o)
MAN_CNF = zkt-conf.8
PROG_CNF= zkt-conf
# shared sources
SRC_KLS = strlist.c zkt.c tcap.c
OBJ_KLS = $(SRC_KLS:.c=.o)
SRC_KEY = zkt-keyman.c
OBJ_KEY = $(SRC_KEY:.c=.o) $(OBJ_KLS)
MAN_KEY = zkt-keyman.8
PROG_KEY= zkt-keyman
SRC_LS = zkt-ls.c
OBJ_LS = $(SRC_LS:.c=.o) $(OBJ_KLS)
MAN_LS = zkt-ls.8
PROG_LS= zkt-ls
SRC_ZKT = dnssec-zkt.c strlist.c zkt.c tcap.c
OBJ_ZKT = $(SRC_ZKT:.c=.o)
MAN_ZKT = dnssec-zkt.8
PROG_ZKT= dnssec-zkt
@ -44,15 +65,20 @@ OBJ_SER = $(SRC_SER:.c=.o)
#MAN_SER = zkt-soaserial.8
PROG_SER= zkt-soaserial
MAN_ALL = $(MAN_ZKT) $(MAN_SIG) #$(MAN_SER)
SRC_PRG = $(SRC_SIG) $(SRC_CNF) $(SRC_ZKT) $(SRC_LS) $(SRC_SER) $(SRC_KEY)
OBJ_PRG = $(SRC_PRG:.c=.o)
PROG_PRG= $(PROG_SIG) $(PROG_CNF) $(PROG_ZKT) $(PROG_LS) $(PROG_SER) $(PROG_KEY)
MAN_ALL = $(MAN_ZKT) $(MAN_SIG) $(MAN_LS) $(MAN_CNF) $(MAN_KEY)
OTHER = README README.logging TODO LICENSE CHANGELOG tags Makefile.in \
configure examples
SAVE = $(HEADER) $(SRC_ALL) $(SRC_SIG) $(SRC_ZKT) $(SRC_SER) $(OTHER) \
SAVE = $(HEADER) $(SRC_ALL) $(SRC_SIG) $(SRC_CNF) $(SRC_ZKT) $(SRC_KLS) \
$(SRC_LS) $(SRC_KEY) $(SRC_SER) $(OTHER) \
man configure.ac config.h.in doc
#MNTSAVE = $(SAVE) configure.ac config.h.in doc
all: $(PROG_ZKT) $(PROG_SIG) $(PROG_SER)
all: $(PROG_CNF) $(PROG_ZKT) $(PROG_LS) $(PROG_SIG) $(PROG_SER) $(PROG_KEY)
macos: ## for MAC OS (depreciated)
macos:
@ -68,17 +94,27 @@ linux:
$(PROG_SIG): $(OBJ_SIG) $(OBJ_ALL) Makefile
$(CC) $(LDFLAGS) $(OBJ_SIG) $(OBJ_ALL) -o $(PROG_SIG)
ln -f $(PROG_SIG) dnssec-signer
$(PROG_CNF): $(OBJ_CNF) $(OBJ_ALL) Makefile
$(CC) $(LDFLAGS) $(OBJ_CNF) $(OBJ_ALL) -o $(PROG_CNF)
$(PROG_KEY): $(OBJ_KEY) $(OBJ_ALL) Makefile
$(CC) $(LDFLAGS) $(LIBS) $(OBJ_KEY) $(OBJ_ALL) -o $(PROG_KEY)
$(PROG_ZKT): $(OBJ_ZKT) $(OBJ_ALL) Makefile
$(CC) $(LDFLAGS) $(OBJ_ZKT) $(OBJ_ALL) -o $(PROG_ZKT)
$(CC) $(LDFLAGS) $(LIBS) $(OBJ_ZKT) $(OBJ_ALL) -o $(PROG_ZKT)
$(PROG_LS): $(OBJ_LS) $(OBJ_ALL) Makefile
$(CC) $(LDFLAGS) $(LIBS) $(OBJ_LS) $(OBJ_ALL) -o $(PROG_LS)
$(PROG_SER): $(OBJ_SER) Makefile
$(CC) $(LDFLAGS) $(OBJ_SER) -o $(PROG_SER)
install: ## install binaries in prefix/bin
install: $(PROG_ZKT) $(PROG_SIG) $(PROG_SER)
install: $(PROG_PRG)
test -d $(prefix)/bin || mkdir -p $(prefix)/bin
cp $(PROG_ZKT) $(PROG_SIG) $(PROG_SER) $(prefix)/bin/
cp dnssec-signer $(PROG_PRG) $(prefix)/bin/
install-man: ## install man pages in mandir
install-man:
@ -88,13 +124,13 @@ install-man:
tags: ## create tags file
tags: $(SRC_ALL) $(SRC_SIG) $(SRC_ZKT) $(SRC_SER)
ctags $(SRC_ALL) $(SRC_SIG) $(SRC_ZKT) $(SRC_SER)
#tags: $(SRC_ALL) $(SRC_PRG)
tags: $(SRC_ALL) $(SRC_SIG) $(SRC_CNF) $(SRC_KEY) $(SRC_LS) $(SRC_SER) $(SRC_KLS)
ctags $(SRC_ALL) $(SRC_SIG) $(SRC_CNF) $(SRC_KEY) $(SRC_LS) $(SRC_SER) $(SRC_KLS)
clean: ## remove objectfiles and binaries
clean:
-rm -f $(OBJ_SIG) $(OBJ_ZKT) $(OBJ_SER) $(OBJ_ALL) \
$(PROG_ZKT) $(PROG_SIG) $(PROG_SER)
-rm -f $(OBJ_PRG) $(OBJ_ALL) $(PROG_PRG)
distclean: ## remove objectfiles, binaries and distribution files
distclean: clean
@ -108,16 +144,27 @@ configure: ## create configure script
configure: configure.ac Makefile.in
autoconf && autoheader
man: man/$(MAN_ZKT).html man/$(MAN_ZKT).pdf man/$(MAN_SIG).html man/$(MAN_SIG).pdf
man: man/$(MAN_KEY).html man/$(MAN_KEY).pdf \
man/$(MAN_SIG).html man/$(MAN_SIG).pdf \
man/$(MAN_LS).html man/$(MAN_LS).pdf \
man/$(MAN_CNF).html man/$(MAN_CNF).pdf
man/$(MAN_ZKT).html: man/$(MAN_ZKT)
groff -Thtml -man -mhtml man/$(MAN_ZKT) > man/$(MAN_ZKT).html
man/$(MAN_ZKT).pdf: man/$(MAN_ZKT)
groff -Tps -man man/$(MAN_ZKT) | ps2pdf - man/$(MAN_ZKT).pdf
man/$(MAN_KEY).html: man/$(MAN_KEY)
groff -Thtml -man -mhtml man/$(MAN_KEY) > man/$(MAN_KEY).html
man/$(MAN_KEY).pdf: man/$(MAN_KEY)
groff -Tps -man man/$(MAN_KEY) | ps2pdf - man/$(MAN_KEY).pdf
man/$(MAN_LS).html: man/$(MAN_LS)
groff -Thtml -man -mhtml man/$(MAN_LS) > man/$(MAN_LS).html
man/$(MAN_LS).pdf: man/$(MAN_LS)
groff -Tps -man man/$(MAN_LS) | ps2pdf - man/$(MAN_LS).pdf
man/$(MAN_SIG).html: man/$(MAN_SIG)
groff -Thtml -man -mhtml man/$(MAN_SIG) > man/$(MAN_SIG).html
man/$(MAN_SIG).pdf: man/$(MAN_SIG)
groff -Tps -man man/$(MAN_SIG) | ps2pdf - man/$(MAN_SIG).pdf
man/$(MAN_CNF).html: man/$(MAN_CNF)
groff -Thtml -man -mhtml man/$(MAN_CNF) > man/$(MAN_CNF).html
man/$(MAN_CNF).pdf: man/$(MAN_CNF)
groff -Tps -man man/$(MAN_CNF) | ps2pdf - man/$(MAN_CNF).pdf
$(PROJECT)-$(VERSION).tar.gz: $(SAVE)
@ -128,31 +175,45 @@ $(PROJECT)-$(VERSION).tar.gz: $(SAVE)
)
depend:
$(CC) -MM $(SRC_SIG) $(SRC_ZKT) $(SRC_SER) $(SRC_ALL)
$(CC) -MM $(CFLAGS) $(SRC_PRG) $(SRC_ALL)
help:
@grep "^.*:[ ]*##" Makefile
## all dependicies
#:r !make depend
#gcc -MM dnssec-signer.c zone.c ncparse.c rollover.c nscomm.c soaserial.c dnssec-zkt.c strlist.c zkt.c zkt-soaserial.c dki.c misc.c domaincmp.c zconf.c log.c
dnssec-signer.o: dnssec-signer.c config_zkt.h zconf.h debug.h misc.h \
#gcc -MM -g -DHAVE_CONFIG_H -I. -Wall -Wmissing-prototypes zkt-signer.c zone.c ncparse.c rollover.c nscomm.c soaserial.c zkt-conf.c zfparse.c dnssec-zkt.c strlist.c zkt.c tcap.c zkt-ls.c strlist.c zkt.c tcap.c zkt-soaserial.c dki.c misc.c domaincmp.c zconf.c log.c
zkt-signer.o: zkt-signer.c config.h config_zkt.h zconf.h debug.h misc.h \
ncparse.h nscomm.h zone.h dki.h log.h soaserial.h rollover.h
zone.o: zone.c config_zkt.h debug.h domaincmp.h misc.h zconf.h dki.h \
zone.h
zone.o: zone.c config.h config_zkt.h debug.h domaincmp.h misc.h zconf.h \
dki.h zone.h
ncparse.o: ncparse.c debug.h misc.h zconf.h log.h ncparse.h
rollover.o: rollover.c config_zkt.h zconf.h debug.h misc.h zone.h dki.h \
log.h rollover.h
nscomm.o: nscomm.c config_zkt.h zconf.h nscomm.h zone.h dki.h log.h \
misc.h debug.h
soaserial.o: soaserial.c config_zkt.h zconf.h log.h debug.h soaserial.h
dnssec-zkt.o: dnssec-zkt.c config_zkt.h debug.h misc.h zconf.h strlist.h \
dki.h zkt.h
rollover.o: rollover.c config.h config_zkt.h zconf.h debug.h misc.h \
zone.h dki.h log.h rollover.h
nscomm.o: nscomm.c config.h config_zkt.h zconf.h nscomm.h zone.h dki.h \
log.h misc.h debug.h
soaserial.o: soaserial.c config.h config_zkt.h zconf.h log.h debug.h \
soaserial.h
zkt-conf.o: zkt-conf.c config.h config_zkt.h debug.h misc.h zconf.h \
zfparse.h
zfparse.o: zfparse.c config.h config_zkt.h zconf.h log.h debug.h \
zfparse.h
dnssec-zkt.o: dnssec-zkt.c config.h config_zkt.h debug.h misc.h zconf.h \
strlist.h dki.h zkt.h
strlist.o: strlist.c strlist.h
zkt.o: zkt.c config_zkt.h dki.h misc.h zconf.h strlist.h zkt.h
zkt-soaserial.o: zkt-soaserial.c config_zkt.h
dki.o: dki.c config_zkt.h debug.h domaincmp.h misc.h zconf.h dki.h
misc.o: misc.c config_zkt.h zconf.h log.h debug.h misc.h
zkt.o: zkt.c config.h config_zkt.h dki.h misc.h zconf.h strlist.h \
domaincmp.h tcap.h zkt.h
tcap.o: tcap.c config.h config_zkt.h tcap.h
zkt-ls.o: zkt-ls.c config.h config_zkt.h debug.h misc.h zconf.h strlist.h \
dki.h tcap.h zkt.h
strlist.o: strlist.c strlist.h
zkt.o: zkt.c config.h config_zkt.h dki.h misc.h zconf.h strlist.h \
domaincmp.h tcap.h zkt.h
tcap.o: tcap.c config.h config_zkt.h tcap.h
zkt-soaserial.o: zkt-soaserial.c config.h config_zkt.h
dki.o: dki.c config.h config_zkt.h debug.h domaincmp.h misc.h zconf.h \
dki.h
misc.o: misc.c config.h config_zkt.h zconf.h log.h debug.h misc.h
domaincmp.o: domaincmp.c domaincmp.h
zconf.o: zconf.c config_zkt.h debug.h misc.h zconf.h dki.h
log.o: log.c config_zkt.h misc.h zconf.h debug.h log.h
zconf.o: zconf.c config.h config_zkt.h debug.h misc.h zconf.h dki.h
log.o: log.c config.h config_zkt.h misc.h zconf.h debug.h log.h

40
contrib/zkt/README
View file

@ -2,8 +2,8 @@
# README dnssec zone key tool
#
# (c) March 2005 - Aug 2009 by Holger Zuleger hznet
# (c) for domaincmp Aug 2005 by Karle Boss & H. Zuleger (kaho)
# (c) for zconf.c by Jeroen Masar & Holger Zuleger
# (c) domaincmp() Aug 2005 by Karle Boss & H. Zuleger (kaho)
# (c) zconf.c by Jeroen Masar & Holger Zuleger
#
For more information about the DNSSEC Zone Key Tool please
@ -12,35 +12,41 @@ have a look at "http://www.hznet.de/dns/zkt/"
You can also subscribe to the zkt-users@sourceforge.net mailing list
on the following website: https://lists.sourceforge.net/lists/listinfo/zkt-users
The complete software stands under BSD licence (see LICENCE file)
The ZKT software is licenced under BSD (see LICENCE file)
To build the software:
a) Get the current version of zkt
$ wget http://www.hznet.de/dns/zkt/zkt-0.99c.tar.gz
$ wget http://www.hznet.de/dns/zkt/zkt-1.0.tar.gz
b) Unpack
$ tar xzvf zkt-0.99c.tar.gz
$ tar xzvf zkt-1.0.tar.gz
c) Change to dir
$ cd zkt-0.99c
c) Change to source directory
$ cd zkt-1.0
d) Run configure script
$ ./configure
e) (optional) Edit config_zkt.h
f) Compile
e) Compile
$ make
g) Install
f) Install
# make install
# make install-man
h) (optional) Install and modify the default dnssec.conf file
$ ./dnssec-zkt -c "" -Z > /var/named/dnssec.conf
Prepare your setup:
a) (optional) Install or rebuild the default dnssec.conf file
$ zkt-conf -d -w # Install new file
or
$ zkt-conf -s -w # rebuild existing file
b) (optional) Change default parameters
$ zkt-conf -s -O "Zonedir: /var/named/zones" -w
or use your prefered editor
$ vi /var/named/dnssec.conf
i) Prepare your zones for zkt
Have a look at the presentation I've held at the DE-CIX technical
meeting (http://www.hznet.de/dns/dnssec-decix050916.pdf)
It will give you an overview of how to configure a zone for zkt usage.
c) Prepare one of your zone for zkt
$ cd /var/name/zones/net/example.net # change dir to zone directory
$ cp <zonefile> zone.db # copy and rename existing zone file to "zone.db"
$ zkt-conf -w zone.db # create local dnssec.conf file and include dnskey.db into zone file

16
contrib/zkt/README.logging
View file

@ -3,6 +3,7 @@
#
# Introduction into the new logging feature
# available since v0.96
# Per domain logging is enabled since v1.0
#
In previous version of dnssec-signer every message was written
@ -10,8 +11,8 @@ to the default stdout and stderr channels, and the logging itself
was handled by a redirection of those chanels to the logger command
or to a file.
Now, since version v0.96, the dnssec-signer command is able to log all
messages by itself. File and SYSLOG logging is supported.
Since v0.96, the dnssec-signer command is able to log all messages
by itself. File and SYSLOG logging is supported.
To enable the logging into a file channel, you have to specify
the file or directory name via the commandline option -L (--logfile)
@ -19,7 +20,14 @@ or via the config file parameter "LogFile".
LogFile: ""|"<file>"|"<directory>" (default is "")
If a file is specified, than each run of dnssec-signer will append the
messages to that file. If a directory is specified, than a file with a
name of zkt-<ISOdate&timeUTC>.log" will be created on each dnssec-signer run.
name of zkt-<ISOdate&timeUTC>+log" will be created on each dnssec-signer run.
Since v1.0 per domain logging is possible.
If the parameter "LogDomainDir:" is not empty, than the domain specific messages
are written to a separate log file with a name like "zkt-<domainname>+log" in the
directory specified by the parameter.
If "LogDomainDir:" is set to ".", then the logfile will be created in the domain
directory of the zone.
Logging into the syslog channel could be enabled via the config file
parameter "SyslogFacility".
@ -95,5 +103,3 @@ Some recomended and useful logging settings
SyslogFacility: USER
SyslogLevel: NOTICE
VerboseLog: 2
-

22
contrib/zkt/TODO
View file

@ -1,7 +1,9 @@
TODO list as of zkt-0.99
general:
Renaming of the tools to zkt-* ?
Renaming to zkt-? and split of the functions of dnssec-zkt to
separate commands
Fixed in zkt-1.0 (zkt-conf command)
dnssec-zkt:
feat option to specify the key age as remaining lifetime
@ -23,14 +25,22 @@ dnssec-signer:
The dnssec maintainer is responsible for the lifeliness of the
data in the hosted domain.
In other words: It's highly recommended to use the
option -r when you use dnssec-signer on a production zone.
option -r when you use zkt-signer on a production zone.
Then the time of propagation is (more or less) equal to the timestamp
of the zone.db.signed file.
bug The max_TTL and Key_TTL parameter should be set to the value found
in the zone. A mechanism for setting up a dnssec.conf file for the
zone specific TTL values is needed.
bug The max_TTL parameter should be set to the value found
in the zone. A mechanism for setting up a dnssec.conf file
for the zone specific TTL values is needed.
Fixed in zkt-1.0 (zkt-conf command)
zkt-conf:
port Option -C (compability) to create older config files
misc Change syntax of config parameters to a more uniq form (e.g. no "_" char)
zkt-rollover:
feat New command to roll keys independent of zone signing
(Usefull for dynamic zones managed by BIND9.7)
dki:
feat Use dynamic memory for dname in dki_t

24
contrib/zkt/config.h.in
View file

@ -9,12 +9,18 @@
/* Define to 1 if the `closedir' function returns void instead of `int'. */
#undef CLOSEDIR_VOID
/* zkt-ls with colors */
#undef COLOR_MODE
/* set path of config file (defaults to /var/named) */
#undef CONFIG_PATH
/* Define to 1 if you have the `alarm' function. */
#undef HAVE_ALARM
/* Define to 1 if you have the <curses.h> header file. */
#undef HAVE_CURSES_H
/* Define to 1 if you have the <dirent.h> header file, and it defines `DIR'.
*/
#undef HAVE_DIRENT_H
@ -40,9 +46,8 @@
/* Define to 1 if you have the <inttypes.h> header file. */
#undef HAVE_INTTYPES_H
/* Define to 1 if your system has a GNU libc compatible `malloc' function, and
to 0 otherwise. */
#undef HAVE_MALLOC
/* Define to 1 if you have the `ncurses' library (-lncurses). */
#undef HAVE_LIBNCURSES
/* Define to 1 if you have the <memory.h> header file. */
#undef HAVE_MEMORY_H
@ -122,6 +127,9 @@
/* Define to 1 if you have the <sys/types.h> header file. */
#undef HAVE_SYS_TYPES_H
/* Define to 1 if you have the <term.h> header file. */
#undef HAVE_TERM_H
/* Define to 1 if you have the `timegm' function. */
#undef HAVE_TIMEGM
@ -171,8 +179,8 @@
/* Define to the version of this package. */
#undef PACKAGE_VERSION
/* print age of year */
#undef PRINT_AGE_OF_YEAR
/* print age with year */
#undef PRINT_AGE_WITH_YEAR
/* print out timezone */
#undef PRINT_TIMEZONE
@ -192,6 +200,9 @@
/* Use TREE data structure for dnssec-zkt */
#undef USE_TREE
/* ZKT copyright string */
#undef ZKT_COPYRIGHT
/* ZKT version string */
#undef ZKT_VERSION
@ -201,9 +212,6 @@
/* Define to `int' if <sys/types.h> doesn't define. */
#undef gid_t
/* Define to rpl_malloc if the replacement function should be used. */
#undef malloc
/* Define to `unsigned int' if <sys/types.h> does not define. */
#undef size_t

8
contrib/zkt/config_zkt.h
View file

@ -37,10 +37,6 @@
#ifndef CONFIG_ZKT_H
# define CONFIG_ZKT_H
#ifndef LOG_FNAMETMPL
# define LOG_FNAMETMPL "/zkt-%04d-%02d-%02dT%02d%02d%02dZ.log"
#endif
/* don't change anything below this */
/* the values here are determined or settable via the ./configure script */
@ -52,6 +48,10 @@
/* # define HAVE_GETOPT_LONG 1 */
/* # define HAVE_STRFTIME 1 */
#ifndef COLOR_MODE
# define COLOR_MODE 1
#endif
#ifndef TTL_IN_KEYFILE_ALLOWED
# define TTL_IN_KEYFILE_ALLOWED 1
#endif

429
contrib/zkt/configure vendored
View file

@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.61 for ZKT 0.99c.
# Generated by GNU Autoconf 2.61 for ZKT 1.0.
#
# Report bugs to <Holger Zuleger hznet.de>.
#
@ -574,11 +574,11 @@ SHELL=${CONFIG_SHELL-/bin/sh}
# Identity of this package.
PACKAGE_NAME='ZKT'
PACKAGE_TARNAME='zkt'
PACKAGE_VERSION='0.99c'
PACKAGE_STRING='ZKT 0.99c'
PACKAGE_VERSION='1.0'
PACKAGE_STRING='ZKT 1.0'
PACKAGE_BUGREPORT='Holger Zuleger hznet.de'
ac_unique_file="dnssec-zkt.c"
ac_unique_file="zkt-signer.c"
# Factoring default headers for most tests.
ac_includes_default="\
#include <stdio.h>
@ -1179,7 +1179,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
\`configure' configures ZKT 0.99c to adapt to many kinds of systems.
\`configure' configures ZKT 1.0 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@ -1240,15 +1240,16 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
short | recursive ) echo "Configuration of ZKT 0.99c:";;
short | recursive ) echo "Configuration of ZKT 1.0:";;
esac
cat <<\_ACEOF
Optional Features:
--disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no)
--enable-FEATURE[=ARG] include FEATURE [ARG=yes]
--disable-color-mode zkt without colors
--enable-print-timezone print out timezone
--enable-print-age print age of year
--enable-print-age print age with year
--enable-log-progname log with progname
--disable-log-timestamp do not log with timestamp
--disable-log-level do not log with level
@ -1259,6 +1260,11 @@ Optional Features:
--disable-tree use single linked list instead of binary tree data
structure for dnssec-zkt
Optional Packages:
--with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
--without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
--without-curses Ignore presence of curses and disable color mode
Some influential environment variables:
CC C compiler command
CFLAGS C compiler flags
@ -1333,7 +1339,7 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
ZKT configure 0.99c
ZKT configure 1.0
generated by GNU Autoconf 2.61
Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
@ -1347,7 +1353,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
It was created by ZKT $as_me 0.99c, which was
It was created by ZKT $as_me 1.0, which was
generated by GNU Autoconf 2.61. Invocation command line was
$ $0 $@
@ -2674,7 +2680,6 @@ fi
if test -z "$SIGNZONE_PROG" ; then
# AC_MSG_ERROR([*** 'BIND dnssec-signzone dnssec-keygen' missing, please install or fix your \$PATH ***])
{ echo "$as_me:$LINENO: WARNING: *** 'BIND dnssec-signzone' missing, use default BIND_UTIL_PATH and BIND_VERSION setting out of config_zkt.h ***" >&5
echo "$as_me: WARNING: *** 'BIND dnssec-signzone' missing, use default BIND_UTIL_PATH and BIND_VERSION setting out of config_zkt.h ***" >&2;}
else
@ -2686,7 +2691,7 @@ cat >>confdefs.h <<_ACEOF
_ACEOF
# define BIND_VERSION in config.h.in
bind_version=`$SIGNZONE_PROG 2>&1 | grep "Version:" | tr -cd "0-9" | sed "s/^\(...\).*/\1/"`
bind_version=`$SIGNZONE_PROG 2>&1 | grep "Version:" | tr -cd "[0-9]\012" | sed "s/^\(...\).*/\1/"`
cat >>confdefs.h <<_ACEOF
#define BIND_VERSION $bind_version
@ -3585,13 +3590,118 @@ fi
### define configure arguments
# Check whether --enable-color_mode was given.
if test "${enable_color_mode+set}" = set; then
enableval=$enable_color_mode;
fi
color_mode=1
if test "$enable_color_mode" = "no"; then
color_mode=0
fi
# Check whether --with-curses was given.
if test "${with_curses+set}" = set; then
withval=$with_curses;
fi
if test "x$with_curses" != "xno"; then
{ echo "$as_me:$LINENO: checking for tgetent in -lncurses" >&5
echo $ECHO_N "checking for tgetent in -lncurses... $ECHO_C" >&6; }
if test "${ac_cv_lib_ncurses_tgetent+set}" = set; then
echo $ECHO_N "(cached) $ECHO_C" >&6
else
ac_check_lib_save_LIBS=$LIBS
LIBS="-lncurses $LIBS"
cat >conftest.$ac_ext <<_ACEOF
/* confdefs.h. */
_ACEOF
cat confdefs.h >>conftest.$ac_ext
cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
/* Override any GCC internal prototype to avoid an error.
Use char because int might match the return type of a GCC
builtin and then its argument prototype would still apply. */
#ifdef __cplusplus
extern "C"
#endif
char tgetent ();
int
main ()
{
return tgetent ();
;
return 0;
}
_ACEOF
rm -f conftest.$ac_objext conftest$ac_exeext
if { (ac_try="$ac_link"
case "(($ac_try" in
*\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
*) ac_try_echo=$ac_try;;
esac
eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
(eval "$ac_link") 2>conftest.er1
ac_status=$?
grep -v '^ *+' conftest.er1 >conftest.err
rm -f conftest.er1
cat conftest.err >&5
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); } && {
test -z "$ac_c_werror_flag" ||
test ! -s conftest.err
} && test -s conftest$ac_exeext &&
$as_test_x conftest$ac_exeext; then
ac_cv_lib_ncurses_tgetent=yes
else
echo "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
ac_cv_lib_ncurses_tgetent=no
fi
rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
conftest$ac_exeext conftest.$ac_ext
LIBS=$ac_check_lib_save_LIBS
fi
{ echo "$as_me:$LINENO: result: $ac_cv_lib_ncurses_tgetent" >&5
echo "${ECHO_T}$ac_cv_lib_ncurses_tgetent" >&6; }
if test $ac_cv_lib_ncurses_tgetent = yes; then
cat >>confdefs.h <<_ACEOF
#define HAVE_LIBNCURSES 1
_ACEOF
LIBS="-lncurses $LIBS"
fi
else
HAVE_LIB_NCURSES=0; color_mode=0
fi
cat >>confdefs.h <<_ACEOF
#define COLOR_MODE $color_mode
_ACEOF
# Check whether --enable-printtimezone was given.
if test "${enable_printtimezone+set}" = set; then
enableval=$enable_printtimezone; printtimezone=$enableval
enableval=$enable_printtimezone;
fi
printtimezone=0
test "$printtimezone" = yes && printtimezone=1
if test "$enable_printtimezone" = "yes"; then
printtimezone=1
fi
cat >>confdefs.h <<_ACEOF
#define PRINT_TIMEZONE $printtimezone
@ -3600,24 +3710,31 @@ _ACEOF
# Check whether --enable-printyear was given.
if test "${enable_printyear+set}" = set; then
enableval=$enable_printyear; printyear=$enableval
enableval=$enable_printyear;
fi
printyear=0
test "$printyear" = yes && printyear=1
printyear=0
if test "$enable_printyear" = "yes"; then
printyear=1
fi
cat >>confdefs.h <<_ACEOF
#define PRINT_AGE_OF_YEAR $printyear
#define PRINT_AGE_WITH_YEAR $printyear
_ACEOF
# Check whether --enable-logprogname was given.
if test "${enable_logprogname+set}" = set; then
enableval=$enable_logprogname; logprogname=$enableval
enableval=$enable_logprogname;
fi
logprogname=0
test "$logprogname" = yes && logprogname=1
if test "$enable_logprogname" = "yes"; then
logprogname=1
fi
cat >>confdefs.h <<_ACEOF
#define LOG_WITH_PROGNAME $logprogname
@ -3626,11 +3743,14 @@ _ACEOF
# Check whether --enable-logtimestamp was given.
if test "${enable_logtimestamp+set}" = set; then
enableval=$enable_logtimestamp; logtimestamp=$enableval
enableval=$enable_logtimestamp;
fi
logtimestamp=1
test "$logtimestamp" = no && logtimestamp=0
if test "$enable_logtimestamp" = "no"; then
logtimestamp=0
fi
cat >>confdefs.h <<_ACEOF
#define LOG_WITH_TIMESTAMP $logtimestamp
@ -3639,11 +3759,14 @@ _ACEOF
# Check whether --enable-loglevel was given.
if test "${enable_loglevel+set}" = set; then
enableval=$enable_loglevel; loglevel=$enableval
enableval=$enable_loglevel;
fi
loglevel=1
test "$loglevel" = no && loglevel=0
if test "$enable_loglevel" = "no"; then
loglevel=0
fi
cat >>confdefs.h <<_ACEOF
#define LOG_WITH_LEVEL $loglevel
@ -3652,11 +3775,14 @@ _ACEOF
# Check whether --enable-ttl_in_keyfile was given.
if test "${enable_ttl_in_keyfile+set}" = set; then
enableval=$enable_ttl_in_keyfile; ttl_in_keyfile=$enableval
enableval=$enable_ttl_in_keyfile;
fi
ttl_in_keyfile=1
test "$ttl_in_keyfile" = no && ttl_in_keyfile=0
if test "$enable_ttl_in_keyfile" = "no"; then
ttl_in_keyfile=0
fi
cat >>confdefs.h <<_ACEOF
#define TTL_IN_KEYFILE_ALLOWED $ttl_in_keyfile
@ -3686,7 +3812,7 @@ _ACEOF
usetree=1
t="T"
t=""
# Check whether --enable-tree was given.
if test "${enable_tree+set}" = set; then
enableval=$enable_tree; usetree=$enableval
@ -3695,7 +3821,7 @@ fi
if test "$usetree" = no
then
usetree=0
t=""
t="S"
fi
cat >>confdefs.h <<_ACEOF
@ -3705,13 +3831,17 @@ _ACEOF
cat >>confdefs.h <<_ACEOF
#define ZKT_VERSION "v$t$PACKAGE_VERSION (c) Feb 2005 - Aug 2009 Holger Zuleger hznet.de"
#define ZKT_VERSION "$t$PACKAGE_VERSION"
_ACEOF
cat >>confdefs.h <<_ACEOF
#define ZKT_COPYRIGHT "(c) Feb 2005 - Mar 2010 Holger Zuleger hznet.de"
_ACEOF
### Checks for libraries.
### Checks for header files.
@ -4140,7 +4270,9 @@ fi
for ac_header in fcntl.h netdb.h stdlib.h getopt.h string.h strings.h sys/socket.h sys/time.h sys/types.h syslog.h unistd.h utime.h
for ac_header in fcntl.h netdb.h stdlib.h getopt.h string.h strings.h sys/socket.h sys/time.h sys/types.h syslog.h unistd.h utime.h term.h curses.h
do
as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
@ -4752,241 +4884,6 @@ esac
fi
for ac_header in stdlib.h
do
as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
{ echo "$as_me:$LINENO: checking for $ac_header" >&5
echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
echo $ECHO_N "(cached) $ECHO_C" >&6
fi
ac_res=`eval echo '${'$as_ac_Header'}'`
{ echo "$as_me:$LINENO: result: $ac_res" >&5
echo "${ECHO_T}$ac_res" >&6; }
else
# Is the header compilable?
{ echo "$as_me:$LINENO: checking $ac_header usability" >&5
echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; }
cat >conftest.$ac_ext <<_ACEOF
/* confdefs.h. */
_ACEOF
cat confdefs.h >>conftest.$ac_ext
cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
$ac_includes_default
#include <$ac_header>
_ACEOF
rm -f conftest.$ac_objext
if { (ac_try="$ac_compile"
case "(($ac_try" in
*\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
*) ac_try_echo=$ac_try;;
esac
eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
(eval "$ac_compile") 2>conftest.er1
ac_status=$?
grep -v '^ *+' conftest.er1 >conftest.err
rm -f conftest.er1
cat conftest.err >&5
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); } && {
test -z "$ac_c_werror_flag" ||
test ! -s conftest.err
} && test -s conftest.$ac_objext; then
ac_header_compiler=yes
else
echo "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
ac_header_compiler=no
fi
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
echo "${ECHO_T}$ac_header_compiler" >&6; }
# Is the header present?
{ echo "$as_me:$LINENO: checking $ac_header presence" >&5
echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; }
cat >conftest.$ac_ext <<_ACEOF
/* confdefs.h. */
_ACEOF
cat confdefs.h >>conftest.$ac_ext
cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
#include <$ac_header>
_ACEOF
if { (ac_try="$ac_cpp conftest.$ac_ext"
case "(($ac_try" in
*\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
*) ac_try_echo=$ac_try;;
esac
eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
(eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
ac_status=$?
grep -v '^ *+' conftest.er1 >conftest.err
rm -f conftest.er1
cat conftest.err >&5
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); } >/dev/null && {
test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
test ! -s conftest.err
}; then
ac_header_preproc=yes
else
echo "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
ac_header_preproc=no
fi
rm -f conftest.err conftest.$ac_ext
{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
echo "${ECHO_T}$ac_header_preproc" >&6; }
# So? What about this header?
case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
yes:no: )
{ echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
{ echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
ac_header_preproc=yes
;;
no:yes:* )
{ echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
{ echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
{ echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
{ echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
{ echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
{ echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
( cat <<\_ASBOX
## -------------------------------------- ##
## Report this to Holger Zuleger hznet.de ##
## -------------------------------------- ##
_ASBOX
) | sed "s/^/$as_me: WARNING: /" >&2
;;
esac
{ echo "$as_me:$LINENO: checking for $ac_header" >&5
echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
echo $ECHO_N "(cached) $ECHO_C" >&6
else
eval "$as_ac_Header=\$ac_header_preproc"
fi
ac_res=`eval echo '${'$as_ac_Header'}'`
{ echo "$as_me:$LINENO: result: $ac_res" >&5
echo "${ECHO_T}$ac_res" >&6; }
fi
if test `eval echo '${'$as_ac_Header'}'` = yes; then
cat >>confdefs.h <<_ACEOF
#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
_ACEOF
fi
done
{ echo "$as_me:$LINENO: checking for GNU libc compatible malloc" >&5
echo $ECHO_N "checking for GNU libc compatible malloc... $ECHO_C" >&6; }
if test "${ac_cv_func_malloc_0_nonnull+set}" = set; then
echo $ECHO_N "(cached) $ECHO_C" >&6
else
if test "$cross_compiling" = yes; then
ac_cv_func_malloc_0_nonnull=no
else
cat >conftest.$ac_ext <<_ACEOF
/* confdefs.h. */
_ACEOF
cat confdefs.h >>conftest.$ac_ext
cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
#if defined STDC_HEADERS || defined HAVE_STDLIB_H
# include <stdlib.h>
#else
char *malloc ();
#endif
int
main ()
{
return ! malloc (0);
;
return 0;
}
_ACEOF
rm -f conftest$ac_exeext
if { (ac_try="$ac_link"
case "(($ac_try" in
*\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
*) ac_try_echo=$ac_try;;
esac
eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
(eval "$ac_link") 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); } && { ac_try='./conftest$ac_exeext'
{ (case "(($ac_try" in
*\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
*) ac_try_echo=$ac_try;;
esac
eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
(eval "$ac_try") 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; }; then
ac_cv_func_malloc_0_nonnull=yes
else
echo "$as_me: program exited with status $ac_status" >&5
echo "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
( exit $ac_status )
ac_cv_func_malloc_0_nonnull=no
fi
rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
fi
fi
{ echo "$as_me:$LINENO: result: $ac_cv_func_malloc_0_nonnull" >&5
echo "${ECHO_T}$ac_cv_func_malloc_0_nonnull" >&6; }
if test $ac_cv_func_malloc_0_nonnull = yes; then
cat >>confdefs.h <<\_ACEOF
#define HAVE_MALLOC 1
_ACEOF
else
cat >>confdefs.h <<\_ACEOF
#define HAVE_MALLOC 0
_ACEOF
case " $LIBOBJS " in
*" malloc.$ac_objext "* ) ;;
*) LIBOBJS="$LIBOBJS malloc.$ac_objext"
;;
esac
cat >>confdefs.h <<\_ACEOF
#define malloc rpl_malloc
_ACEOF
fi
@ -6608,7 +6505,7 @@ exec 6>&1
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
This file was extended by ZKT $as_me 0.99c, which was
This file was extended by ZKT $as_me 1.0, which was
generated by GNU Autoconf 2.61. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@ -6657,7 +6554,7 @@ Report bugs to <bug-autoconf@gnu.org>."
_ACEOF
cat >>$CONFIG_STATUS <<_ACEOF
ac_cs_version="\\
ZKT config.status 0.99c
ZKT config.status 1.0
configured by $0, generated by GNU Autoconf 2.61,
with options \\"`echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\"

71
contrib/zkt/configure.ac
View file

@ -11,16 +11,17 @@
# 2008-08-30 check for unsigned integer types
# 2008-10-01 if BIND_UTIL_PATH check failed, use config_zkt.h setting as last resort
# 2009-07-30 check for timegm() added
# 2009-12-02 the tr command in bind_version= didn't work well under solaris
#
AC_PREREQ(2.59)
dnl AC_PREREQ(2.59)
### Package name and current version
AC_INIT(ZKT, 0.99c, Holger Zuleger hznet.de)
dnl AC_REVISION($Revision: 1.1 $)
AC_INIT(ZKT, 1.0, Holger Zuleger hznet.de)
dnl AC_REVISION($Revision: 1.2 $)
### Files to test to check if src dir contains the package
AC_CONFIG_SRCDIR([dnssec-zkt.c])
AC_CONFIG_SRCDIR([zkt-signer.c])
AC_CONFIG_HEADER([config.h])
@ -30,14 +31,13 @@ AC_PROG_CC
### find out the path to BIND utils and version
AC_PATH_PROG([SIGNZONE_PROG], dnssec-signzone)
if test -z "$SIGNZONE_PROG" ; then
# AC_MSG_ERROR([*** 'BIND dnssec-signzone dnssec-keygen' missing, please install or fix your \$PATH ***])
AC_MSG_WARN([*** 'BIND dnssec-signzone' missing, use default BIND_UTIL_PATH and BIND_VERSION setting out of config_zkt.h ***])
else
bind_util_path=`dirname "$SIGNZONE_PROG"`
# define BIND_UTIL_PATH in config.h.in
AC_DEFINE_UNQUOTED(BIND_UTIL_PATH, "$bind_util_path/", Path to BIND utilities)
# define BIND_VERSION in config.h.in
bind_version=`$SIGNZONE_PROG 2>&1 | grep "Version:" | tr -cd "0-9" | sed "s/^\(...\).*/\1/"`
bind_version=`$SIGNZONE_PROG 2>&1 | grep "Version:" | tr -cd "[[0-9]]\012" | sed "s/^\(...\).*/\1/"`
AC_DEFINE_UNQUOTED(BIND_VERSION, $bind_version, BIND version as integer number without dots)
fi
@ -47,39 +47,56 @@ AC_CHECK_TYPE(ushort, unsigned short)
AC_CHECK_TYPE(uchar, unsigned char)
### define configure arguments
AC_ARG_ENABLE([printtimezone], AC_HELP_STRING( [--enable-print-timezone], [print out timezone]), [printtimezone=$enableval])
AC_ARG_ENABLE([color_mode], AS_HELP_STRING([--disable-color-mode], [zkt without colors]))
color_mode=1
AS_IF([test "$enable_color_mode" = "no"], [color_mode=0])
AC_ARG_WITH([curses],
AS_HELP_STRING([--without-curses], [Ignore presence of curses and disable color mode]))
AS_IF([test "x$with_curses" != "xno"],
[AC_CHECK_LIB([ncurses],[tgetent])],
[HAVE_LIB_NCURSES=0; color_mode=0])
AC_DEFINE_UNQUOTED(COLOR_MODE, $color_mode, zkt-ls with colors)
dnl printtimezone is a default-disabled feature
AC_ARG_ENABLE([printtimezone], AS_HELP_STRING( [--enable-print-timezone], [print out timezone]))
printtimezone=0
test "$printtimezone" = yes && printtimezone=1
AS_IF([test "$enable_printtimezone" = "yes"], [printtimezone=1])
AC_DEFINE_UNQUOTED(PRINT_TIMEZONE, $printtimezone, print out timezone)
AC_ARG_ENABLE([printyear], AC_HELP_STRING( [--enable-print-age], [print age of year]), [printyear=$enableval])
printyear=0
AC_ARG_ENABLE([printyear], AS_HELP_STRING( [--enable-print-age], [print age with year]))
test "$printyear" = yes && printyear=1
AC_DEFINE_UNQUOTED(PRINT_AGE_OF_YEAR, $printyear, print age of year)
printyear=0
AS_IF([test "$enable_printyear" = "yes"], [printyear=1])
AC_DEFINE_UNQUOTED(PRINT_AGE_WITH_YEAR, $printyear, print age with year)
AC_ARG_ENABLE([logprogname], AC_HELP_STRING( [--enable-log-progname], [log with progname]), [logprogname=$enableval])
AC_ARG_ENABLE([logprogname], AS_HELP_STRING( [--enable-log-progname], [log with progname]))
logprogname=0
test "$logprogname" = yes && logprogname=1
AS_IF([test "$enable_logprogname" = "yes"], [logprogname=1])
AC_DEFINE_UNQUOTED(LOG_WITH_PROGNAME, $logprogname, log with progname)
AC_ARG_ENABLE([logtimestamp], AC_HELP_STRING( [--disable-log-timestamp], [do not log with timestamp]), [logtimestamp=$enableval])
dnl logtimestamp is a default-enabled feature
AC_ARG_ENABLE([logtimestamp], AS_HELP_STRING([--disable-log-timestamp], [do not log with timestamp]))
logtimestamp=1
test "$logtimestamp" = no && logtimestamp=0
AS_IF([test "$enable_logtimestamp" = "no"], [logtimestamp=0])
AC_DEFINE_UNQUOTED(LOG_WITH_TIMESTAMP, $logtimestamp, log with timestamp)
AC_ARG_ENABLE([loglevel], AC_HELP_STRING( [--disable-log-level], [do not log with level]), [loglevel=$enableval])
AC_ARG_ENABLE([loglevel], AS_HELP_STRING([--disable-log-level], [do not log with level]))
loglevel=1
test "$loglevel" = no && loglevel=0
AS_IF([test "$enable_loglevel" = "no"], [loglevel=0])
AC_DEFINE_UNQUOTED(LOG_WITH_LEVEL, $loglevel, log with level)
AC_ARG_ENABLE([ttl_in_keyfile], AC_HELP_STRING( [--disable-ttl-in-keyfiles], [do not allow TTL values in keyfiles]), [ttl_in_keyfile=$enableval])
AC_ARG_ENABLE([ttl_in_keyfile], AS_HELP_STRING([--disable-ttl-in-keyfiles], [do not allow TTL values in keyfiles]))
ttl_in_keyfile=1
test "$ttl_in_keyfile" = no && ttl_in_keyfile=0
AS_IF([test "$enable_ttl_in_keyfile" = "no"], [ttl_in_keyfile=0])
AC_DEFINE_UNQUOTED(TTL_IN_KEYFILE_ALLOWED, $ttl_in_keyfile, TTL in keyfiles allowed)
configpath="/var/named"
AC_ARG_ENABLE([configpath],
AC_HELP_STRING( [--enable-configpath=PATH], [set path of config file (defaults to /var/named)]),
AS_HELP_STRING( [--enable-configpath=PATH], [set path of config file (defaults to /var/named)]),
[configpath=$enableval])
case "$configpath" in
yes)
@ -94,26 +111,26 @@ esac
AC_DEFINE_UNQUOTED(CONFIG_PATH, "$configpath/", [set path of config file (defaults to /var/named)])
usetree=1
t="T"
t=""
AC_ARG_ENABLE([tree],
AC_HELP_STRING( [--disable-tree], [use single linked list instead of binary tree data structure for dnssec-zkt]),
AS_HELP_STRING( [--disable-tree], [use single linked list instead of binary tree data structure for dnssec-zkt]),
[usetree=$enableval])
if test "$usetree" = no
then
usetree=0
t=""
t="S"
fi
AC_DEFINE_UNQUOTED(USE_TREE, $usetree, Use TREE data structure for dnssec-zkt)
AC_DEFINE_UNQUOTED(ZKT_VERSION, "v$t$PACKAGE_VERSION (c) Feb 2005 - Aug 2009 Holger Zuleger hznet.de", ZKT version string)
AC_DEFINE_UNQUOTED(ZKT_VERSION, "$t$PACKAGE_VERSION", ZKT version string)
AC_DEFINE_UNQUOTED(ZKT_COPYRIGHT, "(c) Feb 2005 - Mar 2010 Holger Zuleger hznet.de", ZKT copyright string)
### Checks for libraries.
### Checks for header files.
AC_HEADER_DIRENT
AC_HEADER_STDC
AC_CHECK_HEADERS([fcntl.h netdb.h stdlib.h getopt.h string.h strings.h sys/socket.h sys/time.h sys/types.h syslog.h unistd.h utime.h])
AC_CHECK_HEADERS([fcntl.h netdb.h stdlib.h getopt.h string.h strings.h sys/socket.h sys/time.h sys/types.h syslog.h unistd.h utime.h term.h curses.h])
### Checks for typedefs, structures, and compiler characteristics.
@ -125,9 +142,9 @@ AC_TYPE_UID_T
### Checks for library functions.
dnl AC_FUNC_MALLOC
AC_FUNC_CLOSEDIR_VOID
AC_FUNC_ERROR_AT_LINE
AC_FUNC_MALLOC
AC_FUNC_MKTIME
AC_FUNC_STAT
AC_FUNC_STRFTIME

38
contrib/zkt/dki.c
View file

@ -227,6 +227,11 @@ void dki_tfree (dki_t **tree)
}
#endif
#if defined(BIND_VERSION) && BIND_VERSION >= 970
# define KEYGEN_COMPMODE "-C -q " /* this is the compability mode needed by BIND 9.7 */
#else
# define KEYGEN_COMPMODE ""
#endif
/*****************************************************************
** dki_new ()
** create new keyfile
@ -250,15 +255,15 @@ dki_t *dki_new (const char *dir, const char *name, int ksk, int algo, int bitsiz
if ( rfile && *rfile )
snprintf (randfile, sizeof (randfile), "-r %.250s ", rfile);
if ( algo == DK_ALGO_RSA || algo == DK_ALGO_RSASHA1 )
if ( algo == DK_ALGO_RSA || algo == DK_ALGO_RSASHA1 || algo == DK_ALGO_RSASHA256 || algo == DK_ALGO_RSASHA512 )
expflag = "-e ";
if ( dir && *dir )
snprintf (cmdline, sizeof (cmdline), "cd %s ; %s %s%s-n ZONE -a %s -b %d %s %s",
dir, KEYGENCMD, randfile, expflag, dki_algo2str(algo), bitsize, flag, name);
snprintf (cmdline, sizeof (cmdline), "cd %s ; %s %s%s%s-n ZONE -a %s -b %d %s %s",
dir, KEYGENCMD, KEYGEN_COMPMODE, randfile, expflag, dki_algo2str(algo), bitsize, flag, name);
else
snprintf (cmdline, sizeof (cmdline), "%s %s%s-n ZONE -a %s -b %d %s %s",
KEYGENCMD, randfile, expflag, dki_algo2str(algo), bitsize, flag, name);
snprintf (cmdline, sizeof (cmdline), "%s %s%s%s-n ZONE -a %s -b %d %s %s",
KEYGENCMD, KEYGEN_COMPMODE, randfile, expflag, dki_algo2str(algo), bitsize, flag, name);
dbg_msg (cmdline);
@ -632,6 +637,8 @@ char *dki_algo2str (int algo)
case DK_ALGO_RSASHA1: return ("RSASHA1");
case DK_ALGO_NSEC3DSA: return ("NSEC3DSA");
case DK_ALGO_NSEC3RSASHA1: return ("NSEC3RSASHA1");
case DK_ALGO_RSASHA256: return ("RSASHA256");
case DK_ALGO_RSASHA512: return ("RSASHA512");
}
return ("unknown");
}
@ -651,6 +658,8 @@ char *dki_algo2sstr (int algo)
case DK_ALGO_RSASHA1: return ("RSASHA1");
case DK_ALGO_NSEC3DSA: return ("N3DSA");
case DK_ALGO_NSEC3RSASHA1: return ("N3RSA1");
case DK_ALGO_RSASHA256: return ("RSASHA2");
case DK_ALGO_RSASHA512: return ("RSASHA5");
}
return ("unknown");
}
@ -841,6 +850,18 @@ int dki_namecmp (const dki_t *a, const dki_t *b)
return domaincmp (a->name, b->name);
}
/*****************************************************************
** dki_revnamecmp () return <0 | 0 | >0
*****************************************************************/
int dki_revnamecmp (const dki_t *a, const dki_t *b)
{
if ( a == NULL ) return -1;
if ( b == NULL ) return 1;
return domaincmp_dir (a->name, b->name, 0);
}
/*****************************************************************
** dki_tagcmp () return <0 | 0 | >0
*****************************************************************/
@ -1128,11 +1149,14 @@ const dki_t *dki_search (const dki_t *list, int tag, const char *name)
/*****************************************************************
** dki_tadd () add a key to the given tree
*****************************************************************/
dki_t *dki_tadd (dki_t **tree, dki_t *new)
dki_t *dki_tadd (dki_t **tree, dki_t *new, int sub_before)
{
dki_t **p;
p = tsearch (new, tree, dki_namecmp);
if ( sub_before )
p = tsearch (new, tree, dki_namecmp);
else
p = tsearch (new, tree, dki_revnamecmp);
if ( *p == new )
dbg_val ("dki_tadd: New entry %s added\n", new->name);
else

17
contrib/zkt/dki.h
View file

@ -55,13 +55,17 @@
# define MAX_PATHSIZE (MAX_DNAMESIZE + 1 + MAX_FNAMESIZE)
/* algorithm types */
# define DK_ALGO_RSA 1 /* RFC2537 */
# define DK_ALGO_DH 2 /* RFC2539 */
# define DK_ALGO_DSA 3 /* RFC2536 (mandatory) */
# define DK_ALGO_EC 4 /* */
# define DK_ALGO_RSASHA1 5 /* RFC3110 */
# define DK_ALGO_RSA 1 /* RFC2537 */
# define DK_ALGO_DH 2 /* RFC2539 */
# define DK_ALGO_DSA 3 /* RFC2536 (mandatory) */
# define DK_ALGO_EC 4 /* */
# define DK_ALGO_RSASHA1 5 /* RFC3110 */
# define DK_ALGO_NSEC3DSA 6 /* symlink to alg 3 RFC5155 */
# define DK_ALGO_NSEC3RSASHA1 7 /* symlink to alg 5 RFC5155 */
# define DK_ALGO_RSASHA256 8 /* RFCxxx */
# define DK_ALGO_RSASHA512 10 /* RFCxxx */
# define DK_ALGO_NSEC3RSASHA256 DK_ALGO_RSASHA256 /* same as non nsec algorithm RFCxxx */
# define DK_ALGO_NSEC3RSASHA512 DK_ALGO_RSASHA512 /* same as non nsec algorithm RFCxxx */
/* protocol types */
# define DK_PROTO_DNS 3
@ -137,9 +141,10 @@ dki_t **tdelete (const dki_t *dkp, dki_t **tree, int(*compar)(const dki_t *, con
void twalk (const dki_t *root, void (*action)(const dki_t **nodep, VISIT which, int depth));
extern void dki_tfree (dki_t **tree);
extern dki_t *dki_tadd (dki_t **tree, dki_t *new);
extern dki_t *dki_tadd (dki_t **tree, dki_t *new, int sub_before);
extern int dki_tagcmp (const dki_t *a, const dki_t *b);
extern int dki_namecmp (const dki_t *a, const dki_t *b);
extern int dki_revnamecmp (const dki_t *a, const dki_t *b);
extern int dki_allcmp (const dki_t *a, const dki_t *b);
#endif

5
contrib/zkt/dnssec-zkt.c
View file

@ -307,6 +307,7 @@ int main (int argc, char *argv[])
/* it's better to do this before we read the whole directory tree */
if ( action == 'Z' )
{
fprintf (stderr, "The use of -Z is deprecated. Please use zkt-conf instead\n");
printconfig ("stdout", config);
return 0;
}
@ -758,7 +759,7 @@ static int parsedirectory (const char *dir, dki_t **listp)
{
// fprintf (stderr, "parsedir: tssearch (%d %s)\n", dkp, dkp->name);
#if defined (USE_TREE) && USE_TREE
dki_tadd (listp, dkp);
dki_tadd (listp, dkp, 1);
#else
dki_add (listp, dkp);
#endif
@ -780,7 +781,7 @@ static void parsefile (const char *file, dki_t **listp)
{
if ( (dkp = dki_read (path, file)) ) /* read DNS key file ... */
#if defined (USE_TREE) && USE_TREE
dki_tadd (listp, dkp); /* ... and add to tree */
dki_tadd (listp, dkp, 1); /* ... and add to tree */
#else
dki_add (listp, dkp); /* ... and add to list */
#endif

304
contrib/zkt/doc/KeyRollover.ps
View file

@ -1,304 +0,0 @@
%!PS-Adobe-3.0
%%Creator: groff version 1.19.2
%%CreationDate: Mon Jul 14 23:23:30 2008
%%DocumentNeededResources: font Times-Bold
%%+ font Times-Roman
%%+ font Courier
%%+ font Symbol
%%DocumentSuppliedResources: procset grops 1.19 2
%%Pages: 1
%%PageOrder: Ascend
%%DocumentMedia: Default 595 842 0 () ()
%%Orientation: Portrait
%%EndComments
%%BeginDefaults
%%PageMedia: Default
%%EndDefaults
%%BeginProlog
%%BeginResource: procset grops 1.19 2
%!PS-Adobe-3.0 Resource-ProcSet
/setpacking where{
pop
currentpacking
true setpacking
}if
/grops 120 dict dup begin
/SC 32 def
/A/show load def
/B{0 SC 3 -1 roll widthshow}bind def
/C{0 exch ashow}bind def
/D{0 exch 0 SC 5 2 roll awidthshow}bind def
/E{0 rmoveto show}bind def
/F{0 rmoveto 0 SC 3 -1 roll widthshow}bind def
/G{0 rmoveto 0 exch ashow}bind def
/H{0 rmoveto 0 exch 0 SC 5 2 roll awidthshow}bind def
/I{0 exch rmoveto show}bind def
/J{0 exch rmoveto 0 SC 3 -1 roll widthshow}bind def
/K{0 exch rmoveto 0 exch ashow}bind def
/L{0 exch rmoveto 0 exch 0 SC 5 2 roll awidthshow}bind def
/M{rmoveto show}bind def
/N{rmoveto 0 SC 3 -1 roll widthshow}bind def
/O{rmoveto 0 exch ashow}bind def
/P{rmoveto 0 exch 0 SC 5 2 roll awidthshow}bind def
/Q{moveto show}bind def
/R{moveto 0 SC 3 -1 roll widthshow}bind def
/S{moveto 0 exch ashow}bind def
/T{moveto 0 exch 0 SC 5 2 roll awidthshow}bind def
/SF{
findfont exch
[exch dup 0 exch 0 exch neg 0 0]makefont
dup setfont
[exch/setfont cvx]cvx bind def
}bind def
/MF{
findfont
[5 2 roll
0 3 1 roll
neg 0 0]makefont
dup setfont
[exch/setfont cvx]cvx bind def
}bind def
/level0 0 def
/RES 0 def
/PL 0 def
/LS 0 def
/MANUAL{
statusdict begin/manualfeed true store end
}bind def
/PLG{
gsave newpath clippath pathbbox grestore
exch pop add exch pop
}bind def
/BP{
/level0 save def
1 setlinecap
1 setlinejoin
72 RES div dup scale
LS{
90 rotate
}{
0 PL translate
}ifelse
1 -1 scale
}bind def
/EP{
level0 restore
showpage
}def
/DA{
newpath arcn stroke
}bind def
/SN{
transform
.25 sub exch .25 sub exch
round .25 add exch round .25 add exch
itransform
}bind def
/DL{
SN
moveto
SN
lineto stroke
}bind def
/DC{
newpath 0 360 arc closepath
}bind def
/TM matrix def
/DE{
TM currentmatrix pop
translate scale newpath 0 0 .5 0 360 arc closepath
TM setmatrix
}bind def
/RC/rcurveto load def
/RL/rlineto load def
/ST/stroke load def
/MT/moveto load def
/CL/closepath load def
/Fr{
setrgbcolor fill
}bind def
/setcmykcolor where{
pop
/Fk{
setcmykcolor fill
}bind def
}if
/Fg{
setgray fill
}bind def
/FL/fill load def
/LW/setlinewidth load def
/Cr/setrgbcolor load def
/setcmykcolor where{
pop
/Ck/setcmykcolor load def
}if
/Cg/setgray load def
/RE{
findfont
dup maxlength 1 index/FontName known not{1 add}if dict begin
{
1 index/FID ne{def}{pop pop}ifelse
}forall
/Encoding exch def
dup/FontName exch def
currentdict end definefont pop
}bind def
/DEFS 0 def
/EBEGIN{
moveto
DEFS begin
}bind def
/EEND/end load def
/CNT 0 def
/level1 0 def
/PBEGIN{
/level1 save def
translate
div 3 1 roll div exch scale
neg exch neg exch translate
0 setgray
0 setlinecap
1 setlinewidth
0 setlinejoin
10 setmiterlimit
[]0 setdash
/setstrokeadjust where{
pop
false setstrokeadjust
}if
/setoverprint where{
pop
false setoverprint
}if
newpath
/CNT countdictstack def
userdict begin
/showpage{}def
/setpagedevice{}def
}bind def
/PEND{
countdictstack CNT sub{end}repeat
level1 restore
}bind def
end def
/setpacking where{
pop
setpacking
}if
%%EndResource
%%EndProlog
%%BeginSetup
%%BeginFeature: *PageSize Default
<< /PageSize [ 595 842 ] /ImagingBBox null >> setpagedevice
%%EndFeature
%%IncludeResource: font Times-Bold
%%IncludeResource: font Times-Roman
%%IncludeResource: font Courier
%%IncludeResource: font Symbol
grops begin/DEFS 1 dict def DEFS begin/u{.001 mul}bind def end/RES 72
def/PL 841.89 def/LS false def/ENC0[/asciicircum/asciitilde/Scaron
/Zcaron/scaron/zcaron/Ydieresis/trademark/quotesingle/Euro/.notdef
/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef
/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef
/.notdef/.notdef/.notdef/space/exclam/quotedbl/numbersign/dollar/percent
/ampersand/quoteright/parenleft/parenright/asterisk/plus/comma/hyphen
/period/slash/zero/one/two/three/four/five/six/seven/eight/nine/colon
/semicolon/less/equal/greater/question/at/A/B/C/D/E/F/G/H/I/J/K/L/M/N/O
/P/Q/R/S/T/U/V/W/X/Y/Z/bracketleft/backslash/bracketright/circumflex
/underscore/quoteleft/a/b/c/d/e/f/g/h/i/j/k/l/m/n/o/p/q/r/s/t/u/v/w/x/y
/z/braceleft/bar/braceright/tilde/.notdef/quotesinglbase/guillemotleft
/guillemotright/bullet/florin/fraction/perthousand/dagger/daggerdbl
/endash/emdash/ff/fi/fl/ffi/ffl/dotlessi/dotlessj/grave/hungarumlaut
/dotaccent/breve/caron/ring/ogonek/quotedblleft/quotedblright/oe/lslash
/quotedblbase/OE/Lslash/.notdef/exclamdown/cent/sterling/currency/yen
/brokenbar/section/dieresis/copyright/ordfeminine/guilsinglleft
/logicalnot/minus/registered/macron/degree/plusminus/twosuperior
/threesuperior/acute/mu/paragraph/periodcentered/cedilla/onesuperior
/ordmasculine/guilsinglright/onequarter/onehalf/threequarters
/questiondown/Agrave/Aacute/Acircumflex/Atilde/Adieresis/Aring/AE
/Ccedilla/Egrave/Eacute/Ecircumflex/Edieresis/Igrave/Iacute/Icircumflex
/Idieresis/Eth/Ntilde/Ograve/Oacute/Ocircumflex/Otilde/Odieresis
/multiply/Oslash/Ugrave/Uacute/Ucircumflex/Udieresis/Yacute/Thorn
/germandbls/agrave/aacute/acircumflex/atilde/adieresis/aring/ae/ccedilla
/egrave/eacute/ecircumflex/edieresis/igrave/iacute/icircumflex/idieresis
/eth/ntilde/ograve/oacute/ocircumflex/otilde/odieresis/divide/oslash
/ugrave/uacute/ucircumflex/udieresis/yacute/thorn/ydieresis]def
/Courier@0 ENC0/Courier RE/Times-Roman@0 ENC0/Times-Roman RE
/Times-Bold@0 ENC0/Times-Bold RE
%%EndSetup
%%Page: 1 1
%%BeginPageSetup
BP
%%EndPageSetup
/F0 10/Times-Bold@0 SF 2.5(1. DNS)72 84 R -.25(Ke)2.5 G 2.5(yS).25 G
(tatus T)-2.5 E(ypes and Filenames)-.74 E -.25(Ke)189.22 105.6 S 63.235
(yF).25 G 40.415(ilename used)-63.235 F -.25(fo)2.5 G 29.33(rd).25 G
(nssec-zkt)-29.33 E -.74(Ty)168.35 117.6 S 12.5(pe Flags).74 F 23.57
(public pri)16.95 F -.1(va)-.1 G 21.62(te signing?).1 F(label)40.72 E
(Status)99.34 111.6 Q .4 LW 473.8 122.1 72 122.1 DL/F1 10/Times-Roman@0
SF(acti)72 131.6 Q 70.67 -.15(ve Z)-.25 H 18.43(SK 256).15 F(.k)18.89 E
26.69 -.15(ey .)-.1 H(pri).15 E -.25(va)-.25 G 46.605(te y).25 F/F2 10
/Courier@0 SF(act ive)30.285 E F1 17.32(KSK 257)168.35 143.6 R(.k)18.89
E 26.69 -.15(ey .)-.1 H(pri).15 E -.25(va)-.25 G 46.605(te y).25 F F2
(act ive)30.285 E F1 54.96(published ZSK)72 158 R 16.39(256 .k)20.93 F
26.69 -.15(ey .)-.1 H 34.985(published n).15 F F2(pub lished)30.285 E F1
17.32(KSK 257)168.35 170 R(.k)18.89 E 26.69 -.15(ey .)-.1 H(pri).15 E
-.25(va)-.25 G 46.605(te n).25 F F2(sta ndby)30.285 E F1
(depreciated \(retired\))72 184.4 Q 18.43(ZSK 256)15 F(.k)18.89 E 26.69
-.15(ey .)-.1 H 27.785(depreciated n).15 F F2(dep reciated)30.285 E F1
(re)72 198.8 Q -.2(vo)-.25 G -.1(ke).2 G 64.69(dK).1 G 17.32(SK 385)
-64.69 F(.k)18.89 E 26.69 -.15(ey .)-.1 H(pri).15 E -.25(va)-.25 G
46.605(te y).25 F F2(rev oked)30.285 E F1(remo)72 213.2 Q -.15(ve)-.15 G
61.66(dK).15 G 17.32(SK 257)-61.66 F(k*.k)18.89 E 16.69 -.15(ey k)-.1 H
(*.pri).15 E -.25(va)-.25 G 36.605(te n).25 F F2(-)30.285 E F1 80.52
(sep KSK)72 227.6 R 16.39(257 .k)19.82 F 26.69 -.15(ey -)-.1 H(n)75.695
E F2(sep)30.285 E 394.3 96.1 394.3 230.1 DL 343.73 96.1 343.73 230.1 DL
280.14 108.1 280.14 230.1 DL 234.56 96.1 234.56 230.1 DL 196.78 108.1
196.78 230.1 DL 160.85 96.1 160.85 230.1 DL F0 2.5(2. K)72 257.6 R(ey r)
-.25 E(ollo)-.18 E -.1(ve)-.1 G(r).1 E 2.5(2.1. Zone)72 285.2 R
(signing k)2.5 E(ey r)-.1 E(ollo)-.18 E -.1(ve)-.1 G 2.5(r\().1 G(pr)
-2.5 E(e-publish RFC4641\))-.18 E 57.47(action cr)75.34 306.8 R 27.035
(eate change)-.18 F -.18(re)23.045 G(mo).18 E -.1(ve)-.1 G -.1(ke)72
318.8 S 65.025(ys newk).1 F 24.395(ey sig)-.1 F -.1(ke)2.5 G 23.775(yo)
.1 G(ld k)-23.775 E(ey)-.1 E 301.18 323.3 72 323.3 DL F1 23.62
(zsk1 acti)72 332.8 R 12.8 -.15(ve a)-.25 H(cti).15 E 28.21 -.15(ve d)
-.25 H(epreciated).15 E 62.1(zsk2 published)72 344.8 R(acti)15 E 35.41
-.15(ve a)-.25 H(cti).15 E -.15(ve)-.25 G 12.5(RRSIG zsk1)72 360.4 R
33.06(zsk1 zsk2)20.15 F(zsk2)42.76 E 262.41 297.3 262.41 362.9 DL 201.32
297.3 201.32 362.9 DL 147.43 297.3 147.43 362.9 DL 108.95 309.3 108.95
362.9 DL F0 2.5(2.2. K)72 390.4 R(ey signing k)-.25 E(ey r)-.1 E(ollo)
-.18 E -.1(ve)-.1 G 2.5(r\().1 G(double signatur)-2.5 E 2.5(eR)-.18 G
(FC4641\))-2.5 E 58.165(action cr)118.39 412 R 26.63(eate change)-.18 F
-.18(re)21.945 G(mo).18 E -.1(ve)-.1 G -.1(ke)72 424 S 108.77(ys newk).1
F 16.58(ey delegation)-.1 F(old k)15.265 E(ey)-.1 E 343.42 428.5 72
428.5 DL F1(ksk)72 438 Q(1)5 I(acti)68.61 -5 M 12.8 -.15(ve a)-.25 H
(cti).15 E 29.6 -.15(ve a)-.25 H(cti).15 E -.15(ve)-.25 G(ksk)72 450 Q
(2)5 I(acti)107.09 -5 M 29.6 -.15(ve a)-.25 H(cti).15 E 33.21 -.15(ve a)
-.25 H(cti).15 E -.15(ve)-.25 G(DNSKEY RRSIG)72 465.6 Q 17.09
(ksk1 ksk1,ksk2)15 F 16.11(ksk1,ksk2 ksk2)15 F(DS at parent)72 481.2 Q
(DS)37.51 E(1)5 I(DS)20.7 -5 M(1)5 I(DS)37.5 -5 M(2)5 I(DS)41.11 -5 M(2)
5 I 304.65 402.5 304.65 483.7 DL 245.76 402.5 245.76 483.7 DL 190.48
402.5 190.48 483.7 DL 152 414.5 152 483.7 DL F0 2.5(2.3. K)72 511.2 R
(ey signing k)-.25 E(ey r)-.1 E(ollo)-.18 E -.1(ve)-.1 G 2.5(r\().1 G
(rfc5011\))-2.5 E 63.465(action newk)118.39 532.8 R 19.855(ey change)-.1
F(delegation)2.5 E -.1(ke)72 544.8 S 112.32(ys &).1 F -.18(ro)2.5 G(llo)
.18 E -.1(ve)-.1 G 15.525(r&).1 G -.18(re)-13.025 G(mo).18 E .2 -.1
(ve o)-.1 H(ld k).1 E(ey)-.1 E 341.33 549.3 72 549.3 DL F1(ksk)72 558.8
Q(1)5 I(acti)68.61 -5 M 20.43 -.15(ve r)-.25 H -2.2 -.25(ev o).15 H -.1
(ke).25 G<87>.1 -2.4 M(ksk)72 570.8 Q(2)5 I 12.5(standby acti)68.61 -5 N
33.65 -.15(ve a)-.25 H(cti).15 E -.15(ve)-.25 G(ksk)72 582.8 Q(3)5 I
(standby)114.72 -5 M<88>-2.4 I(standby)23.22 2.4 M(DNSKEY RRSIG)72 598.4
Q 24.72(ksk1 ksk1,ksk2)15 F(ksk2)19.05 E -.15(Pa)72 614 S(rent DS).15 E
(DS)46.82 E(1)5 I(DS)28.33 -5 M(1)5 I(DS)41.55 -5 M(2)5 I(DS)159.5 626 Q
(2)5 I(DS)28.33 -5 M(2)5 I(DS)41.55 -5 M(3)5 I 257.44 523.3 257.44 628.5
DL 198.11 523.3 198.11 628.5 DL 152 535.3 152 628.5 DL<87>72 645.2 Q(Ha)
2.5 2.4 M .3 -.15(ve t)-.2 H 2.5(or).15 G(emain until the remo)-2.5 E .3
-.15(ve h)-.15 H(old-do).15 E(wn time is e)-.25 E
(xpired, which is 30days at a minimum.)-.15 E<88>72 660.8 Q -.4(Wi)2.5
2.4 O(ll be the standby k).4 E .3 -.15(ey a)-.1 H(fter the hold-do).15 E
(wn time is e)-.25 E(xpired)-.15 E(Add holdtime)72 675.2 Q/F3 10/Symbol
SF(=)2.5 E F1(max\(30days, TTL of DNSKEY\))2.5 E 0 Cg EP
%%Trailer
end
%%EOF

616
contrib/zkt/doc/draft-gudmundsson-life-of-dnskey-00.txt
View file

@ -1,616 +0,0 @@
Intended Status: Informational O. Gudmundsson
Network Working Group OGUD Consulting LLC
Internet-Draft J. Ihren
Expires: August 21, 2008 AAB
February 18, 2008
Names of States in the life of a DNSKEY
draft-gudmundsson-life-of-dnskey-00
Status of this Memo
By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on August 21, 2008.
Copyright Notice
Copyright (C) The IETF Trust (2008).
Gudmundsson & Ihren Expires August 21, 2008 [Page 1]
Internet-Draft DNSSEC Key life stages. February 2008
Abstract
This document recommends a specific terminology to use when
expressing the state that a DNSKEY is in at particular time. This
does not affect how the protocol operates in any way.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. DNSKEY timeline . . . . . . . . . . . . . . . . . . . . . . . 4
3. Life stages of a DNSKEY . . . . . . . . . . . . . . . . . . . 5
3.1. Generated . . . . . . . . . . . . . . . . . . . . . . . . 5
3.2. Published . . . . . . . . . . . . . . . . . . . . . . . . 5
3.2.1. Pre-Publication . . . . . . . . . . . . . . . . . . . 5
3.2.2. Out-Of-Band Publication . . . . . . . . . . . . . . . 5
3.3. Active . . . . . . . . . . . . . . . . . . . . . . . . . . 5
3.4. Retired . . . . . . . . . . . . . . . . . . . . . . . . . 5
3.5. Removed . . . . . . . . . . . . . . . . . . . . . . . . . 6
3.5.1. Lame . . . . . . . . . . . . . . . . . . . . . . . . . 6
3.5.2. Stale . . . . . . . . . . . . . . . . . . . . . . . . 6
3.6. Revoked . . . . . . . . . . . . . . . . . . . . . . . . . 6
4. Security considerations . . . . . . . . . . . . . . . . . . . 7
5. IANA considerations . . . . . . . . . . . . . . . . . . . . . 8
6. References . . . . . . . . . . . . . . . . . . . . . . . . . . 9
6.1. Normative References . . . . . . . . . . . . . . . . . . . 9
6.2. Informative References . . . . . . . . . . . . . . . . . . 9
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 10
Intellectual Property and Copyright Statements . . . . . . . . . . 11
Gudmundsson & Ihren Expires August 21, 2008 [Page 2]
Internet-Draft DNSSEC Key life stages. February 2008
1. Introduction
When the editors of this document where comparing their DNSSEC key
management projects they discovered that they where discussing
roughly the same thing but using different terminology.
This document presents a unified terminology to use when describing
the current state of a DNSKEY.
The DNSSEC standards documents ([1], [2] and [3]) do not address the
required states for the key management of a DNSSEC key. The DNSSEC
Operational Practices [4] document does propose that keys be
published before use but uses inconsistent or confusing terms. This
document assumes basic understanding of DNSSEC and key management.
The terms proposed in this document attempt to avoid any confusion
and make the states of keys to be as clear as possible. The terms
used in this document are intended as a operational supplement to the
terms defined in Section 2 of [1].
To large extent this discussion is motivated by Trust anchor keys but
the same terminology can be used for zone signing keys.
Gudmundsson & Ihren Expires August 21, 2008 [Page 3]
Internet-Draft DNSSEC Key life stages. February 2008
2. DNSKEY timeline
The model in this document is that keys progress through a state
machine along a one-way path, keys never move to an earlier states.
GENERATED----------> PUBLISHED ---> ACTIVE ---> RETIRED --> REMOVED
| ^ | | | ^
| | | | v |
+--> Pre-PUBLISHED--+ +--------+---------> REVOKED ---+
DNSKEY time line.
There are few more states that are defined below but these apply only
to the publisher of TA's and the consumer of TA's. Two of these are
sub-sets of the Published state, the other two are error states.
Gudmundsson & Ihren Expires August 21, 2008 [Page 4]
Internet-Draft DNSSEC Key life stages. February 2008
3. Life stages of a DNSKEY
3.1. Generated
Once a key is generated it enters state Generated and stays there
until the next state. While in this state only the owner of the key
is aware of its existence and can prepare for its future use.
3.2. Published
Once the key is added to the DNSKEY set of a zone the key is there
for the world to see, or published. The key needs to remain in this
state for some time to propagate to all validators that have cached
the prior version of the DNSKEY set. In the case of KSK the key
should remain in this state for a longer time as documented in DNSSEC
Timers RFC [5].
3.2.1. Pre-Publication
In certain circumstances a zone owner may want to give out a new
Trust Anchor before exposing the actual public key. In this case the
zone can publish a DS record of the key. This allows others to
configure the trust anchor but will not be able to use the key until
the key is published in the DNSKEY RRset.
3.2.2. Out-Of-Band Publication
In certain circumstances a domain may want to give out a new Trust
Anchor outside DNS to give others a long lead time to configure the
new key as trust anchor. The reason people may want to do this is to
keep the size of the DNSKEY set smaller and only add new trust anchor
just before the key goes into use. One likely use for this is the
DNS "." root key as it does not have a parent that can publish a DS
record for it. The publication mechanism does not matter it can be
any one of web-site, advertisement in Financial Times and other
international publication, e-mail to DNS related mailing lists, etc..
3.3. Active
The key is in ACTIVE state while it is actively signing data in the
zone it resides in. It is one of the the keys that are signing the
zone or parts of the zone.
3.4. Retired
When the key is no longer used for signing the zone it enters state
Retired. In this state there may still be signatures by the key in
cached data from the zone available at recursive servers, but the
Gudmundsson & Ihren Expires August 21, 2008 [Page 5]
Internet-Draft DNSSEC Key life stages. February 2008
authoritative servers for the zone do no longer carry any signatures
generated by the key.
3.5. Removed
Once the key is removed from the DNSKEY RRset it enters the state
Removed. At this point all signatures by the key that may still be
temporarily valid will fail to verify once the validator refreshes
the DNSKEY RRset in its memory.
Therefore "removal" of a key is typically not done until all the
cached signatures have expired. Entering this state too early may
cause number of validators to end up with STALE Trust Anchors.
3.5.1. Lame
A Trust Anchor is Lame if the parent continues to publish DS pointing
to the key after it has been removed from the DNSKEY RRset. A Trust
Anchor is arguably Lame if there are no signatures by a Retired KSK
in the zone.
3.5.2. Stale
A Stale Trust Anchor is an old TA that remains in a validators list
of active key(s) after the key has been removed from the zone's
DNSKEY RRset.
3.6. Revoked
There are times when a zone wants to signal that a particular key
should not be used at all. The mechanism to do this is to set the
REVOKE bit [5]. Any key in any of the while the key is the DNSSKEY
set can be exited to Revoked state. After some time in the Revoke
state the key will be Removed.
Gudmundsson & Ihren Expires August 21, 2008 [Page 6]
Internet-Draft DNSSEC Key life stages. February 2008
4. Security considerations
TBD
Gudmundsson & Ihren Expires August 21, 2008 [Page 7]
Internet-Draft DNSSEC Key life stages. February 2008
5. IANA considerations
This document does not have any IANA actions.
Gudmundsson & Ihren Expires August 21, 2008 [Page 8]
Internet-Draft DNSSEC Key life stages. February 2008
6. References
6.1. Normative References
6.2. Informative References
[1] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose,
"DNS Security Introduction and Requirements", RFC 4033,
March 2005.
[2] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose,
"Resource Records for the DNS Security Extensions", RFC 4034,
March 2005.
[3] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose,
"Protocol Modifications for the DNS Security Extensions",
RFC 4035, March 2005.
[4] Kolkman, O. and R. Gieben, "DNSSEC Operational Practices",
RFC 4641, September 2006.
[5] StJohns, M., "Automated Updates of DNS Security (DNSSEC) Trust
Anchors", RFC 5011, September 2007.
Gudmundsson & Ihren Expires August 21, 2008 [Page 9]
Internet-Draft DNSSEC Key life stages. February 2008
Authors' Addresses
Olafur Gudmundsson
OGUD Consulting LLC
3821 Village Park Drive
Chevy Chase, MD 20815
USA
Email: ogud@ogud.com
Johan Ihren
Automatica, AB
Bellmansgatan 30
Stockholm, SE-118 47
Sweden
Email: johani@automatica.se
Gudmundsson & Ihren Expires August 21, 2008 [Page 10]
Internet-Draft DNSSEC Key life stages. February 2008
Full Copyright Statement
Copyright (C) The IETF Trust (2008).
This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors
retain all their rights.
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Intellectual Property
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at
ietf-ipr@ietf.org.
Acknowledgment
Funding for the RFC Editor function is provided by the IETF
Administrative Support Activity (IASA).
Gudmundsson & Ihren Expires August 21, 2008 [Page 11]

2128
contrib/zkt/doc/draft-ietf-dnsop-rfc4641bis-01.txt
View file

File diff suppressed because it is too large Load diff

1963
contrib/zkt/doc/rfc4641.txt
View file

File diff suppressed because it is too large Load diff

153
contrib/zkt/domaincmp.c
View file

@ -3,6 +3,7 @@
** @(#) domaincmp.c -- compare two domain names
**
** Copyright (c) Aug 2005, Karle Boss, Holger Zuleger (kaho).
** isparentdomain() (c) Mar 2010 by Holger Zuleger
** All rights reserved.
**
** This software is open source.
@ -55,13 +56,31 @@
** thus domaincmp ("z.example.net", "example.net") return < 0 !!
*****************************************************************/
int domaincmp (const char *a, const char *b)
{
return domaincmp_dir (a, b, 1);
}
/*****************************************************************
** int domaincmp_dir (a, b, subdomain_above)
** compare a and b as fqdns.
** return <0 | 0 | >0 as in strcmp
** A subdomain is less than the corresponding parent domain,
** thus domaincmp ("z.example.net", "example.net") return < 0 !!
*****************************************************************/
int domaincmp_dir (const char *a, const char *b, int subdomain_above)
{
register const char *pa;
register const char *pb;
int dir;
if ( a == NULL ) return -1;
if ( b == NULL ) return 1;
if ( subdomain_above )
dir = 1;
else
dir = -1;
if ( *a == '.' ) /* skip a leading dot */
a++;
if ( *b == '.' ) /* same at the other string */
@ -97,12 +116,12 @@ int domaincmp (const char *a, const char *b)
{
if ( pa > a )
if ( pa[-1] == '.' )
return -1;
return -1 * dir;
else
goto_labelstart (a, pa);
else if ( pb > b )
if ( pb[-1] == '.' )
return 1;
return 1 * dir;
else
goto_labelstart (b, pb);
else
@ -116,6 +135,130 @@ int domaincmp (const char *a, const char *b)
return *pa - *pb;
}
/*****************************************************************
**
** int issubdomain ("child", "parent")
**
** "child" and "parent" are standardized domain names in such
** a way that even both domain names are ending with a dot,
** or none of them.
**
** returns 1 if "child" is a subdomain of "parent"
** returns 0 if "child" is not a subdomain of "parent"
**
*****************************************************************/
int issubdomain (const char *child, const char *parent)
{
const char *p;
const char *cdot;
const char *pdot;
int ccnt;
int pcnt;
if ( !child || !parent || *child == '\0' || *parent == '\0' )
return 0;
pdot = cdot = NULL;
pcnt = 0;
for ( p = parent; *p; p++ )
if ( *p == '.' )
{
if ( pcnt == 0 )
pdot = p;
pcnt++;
}
ccnt = 0;
for ( p = child; *p; p++ )
if ( *p == '.' )
{
if ( ccnt == 0 )
cdot = p;
ccnt++;
}
if ( ccnt == 0 ) /* child is not a fqdn or is not deep enough ? */
return 0;
if ( pcnt == 0 ) /* parent is not a fqdn ? */
return 0;
if ( pcnt >= ccnt ) /* parent has more levels than child ? */
return 0;
/* is child a (one level) subdomain of parent ? */
if ( strcmp (cdot+1, parent) == 0 ) /* the domains are equal ? */
return 1;
return 0;
}
/*****************************************************************
**
** int isparentdomain ("child", "parent", level)
**
** "child" and "parent" are standardized domain names in such
** a way that even both domain names are ending with a dot,
** or none of them.
**
** returns 1 if "child" is a subdomain of "parent"
** returns 0 if "child" is not a subdomain of "parent"
** returns -1 if "child" and "parent" are the same domain
**
*****************************************************************/
int isparentdomain (const char *child, const char *parent, int level)
{
const char *p;
const char *cdot;
const char *pdot;
int ccnt;
int pcnt;
if ( !child || !parent || *child == '\0' || *parent == '\0' )
return 0;
pdot = cdot = NULL;
pcnt = 0;
for ( p = parent; *p; p++ )
if ( *p == '.' )
{
if ( pcnt == 0 )
pdot = p;
pcnt++;
}
ccnt = 0;
for ( p = child; *p; p++ )
if ( *p == '.' )
{
if ( ccnt == 0 )
cdot = p;
ccnt++;
}
if ( ccnt == 0 || ccnt < level ) /* child is not a fqdn or is not deep enough ? */
return 0;
if ( pcnt == 0 ) /* parent is not a fqdn ? */
return 0;
if ( pcnt > ccnt ) /* parent has more levels than child ? */
return 0;
if ( pcnt == ccnt ) /* both are at the same level ? */
{
/* let's check the domain part */
if ( strcmp (cdot, pdot) == 0 ) /* the domains are equal ? */
return -1;
return 0;
}
if ( pcnt > ccnt ) /* parent has more levels than child ? */
return 0;
/* is child a (one level) subdomain of parent ? */
if ( strcmp (cdot+1, parent) == 0 ) /* the domains are equal ? */
return 1;
return 0;
}
#ifdef DOMAINCMP_TEST
static struct {
char *a;
@ -150,6 +293,8 @@ static struct {
{ "example.de.", "xy.example.de.", 1 },
{ "example.de.", "ab.example.de.", 1 },
{ "example.de", "ab.example.de", 1 },
{ "xy.example.de.", "example.de.", -1 },
{ "ab.example.de.", "example.de.", -1 },
{ "ab.example.de", "example.de", -1 },
{ "ab.mast.de", "axt.de", 1 },
{ "ab.mast.de", "obt.de", -1 },
@ -177,7 +322,9 @@ main (int argc, char *argv[])
c = '>';
else
c = '=';
printf ("%-20s %-20s ==> %c 0 ", ex[i].a, ex[i].b, c);
printf ("%-20s %-20s ", ex[i].a, ex[i].b);
printf ("%3d ", issubdomain (ex[i].a, ex[i].b));
printf ("\t==> 0 %c ", c);
fflush (stdout);
res = domaincmp (ex[i].a, ex[i].b);
printf ("%3d ", res);

3
contrib/zkt/domaincmp.h
View file

@ -37,4 +37,7 @@
#ifndef DOMAINCMP_H
# define DOMAINCMP_H
extern int domaincmp (const char *a, const char *b);
extern int domaincmp_dir (const char *a, const char *b, int subdomain_above);
extern int isparentdomain (const char *child, const char *parent, int level);
extern int issubdomain (const char *child, const char *parent);
#endif

32
contrib/zkt/examples/flat/dnssec.conf → contrib/zkt/examples/dnssec.conf
View file

@ -1,43 +1,41 @@
#
# @(#) dnssec.conf vT0.99a (c) Feb 2005 - Jul 2009 Holger Zuleger hznet.de
# @(#) dnssec.conf vT0.99d (c) Feb 2005 - Aug 2009 Holger Zuleger hznet.de
#
# dnssec-zkt options
Zonedir: "."
Recursive: True
PrintTime: False
PrintAge: True
Recursive: False
PrintTime: True
PrintAge: False
LeftJustify: False
# zone specific values
ResignInterval: 2d # (172800 seconds)
Sigvalidity: 6d # (518400 seconds)
ResignInterval: 1w # (604800 seconds)
Sigvalidity: 10d # (864000 seconds)
Max_TTL: 8h # (28800 seconds)
Propagation: 5m # (300 seconds)
KEY_TTL: 1h # (3600 seconds)
KEY_TTL: 4h # (14400 seconds)
Serialformat: incremental
# signing key parameters
Key_algo: RSASHA1 # (Algorithm ID 5)
KSK_lifetime: 60d # (5184000 seconds)
KSK_lifetime: 1y # (31536000 seconds)
KSK_bits: 1300
KSK_randfile: "/dev/urandom"
ZSK_lifetime: 2w # (1209600 seconds)
ZSK_lifetime: 12w # (7257600 seconds)
ZSK_bits: 512
ZSK_randfile: "/dev/urandom"
SaltBits: 24
# dnssec-signer options
LogFile: "zkt.log"
LogLevel: DEBUG
SyslogFacility: USER
LogFile: ""
LogLevel: ERROR
SyslogFacility: NONE
SyslogLevel: NOTICE
VerboseLog: 2
VerboseLog: 0
Keyfile: "dnskey.db"
Zonefile: "zone.db"
KeySetDir: "../keysets"
DLV_Domain: ""
Sig_Pseudorand: True
Sig_Pseudorand: False
Sig_GenerateDS: True
Sig_Parameter: "-n 1"
Distribute_Cmd: "./dist.sh"
Sig_Parameter: ""

70
contrib/zkt/examples/flat/dist.sh
View file

@ -1,70 +0,0 @@
#################################################################
#
# @(#) dist.sh -- distribute and reload command for dnssec-signer
#
# (c) Jul 2008 Holger Zuleger hznet.de
#
# This shell script will be run by dnssec-signer as a distribution
# and reload command if:
#
# a) the dnssec.conf file parameter Distribute_Cmd: points
# to this file
# and
# b) the user running the dnssec-signer command is not
# root (uid==0)
# and
# c) the owner of this shell script is the same as the
# running user and the access rights don't allow writing
# for anyone except the owner
# or
# d) the group of this shell script is the same as the
# running user and the access rights don't allow writing
# for anyone except the group
#
#################################################################
# set path to rndc and scp
PATH="/bin:/usr/bin:/usr/local/sbin"
# remote server and directory
server=localhost # fqdn of remote name server
dir=/var/named # zone directory on remote name server
progname=$0
usage()
{
echo "usage: $progname distribute|reload <domain> <path_to_zonefile> [<viewname>]" 1>&2
test $# -gt 0 && echo $* 1>&2
exit 1
}
if test $# -lt 3
then
usage
fi
action="$1"
domain="$2"
zonefile="$3"
view=""
test $# -gt 3 && view="$4"
case $action in
distribute)
if test -n "$view"
then
echo "scp $zonefile $server:$dir/$view/$domain/"
: scp $zonefile $server:$dir/$view/$domain/
else
echo "scp $zonefile $server:$dir/$domain/"
: scp $zonefile $server:$dir/$domain/
fi
;;
reload)
echo "rndc $action $domain $view"
: rndc $action $domain $view
;;
*)
usage "illegal action $action"
;;
esac

14
contrib/zkt/examples/flat/dnssec-signer.sh
View file

@ -1,14 +0,0 @@
#!/bin/sh
#
# Shell script to start the dnssec-signer
# command out of the example directory
#
chroot `pwd` ZKT_CONFFILE=`pwd`/dnssec.conf ../../dnssec-signer "$@"
if test ! -f dnssec.conf
then
echo Please start this skript out of the flat or hierarchical sub directory
exit 1
fi
ZKT_CONFFILE=`pwd`/dnssec.conf ../../dnssec-signer "$@"

3
contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+003+42138.key
View file

@ -1,3 +0,0 @@
;% generationtime=20080609224426
;% lifetime=60d
dyn.example.net. IN DNSKEY 257 3 3 CNtFdVrUUJ9MPDyzGoPm+tSKUgnX4bble5+VNGd4RjwWpEDj8RhEAhQ7 LybJzr0wtHXT2Q/KS55xARkUtcH2TVO/ayMupa30pM38rd8uF38sm+AB KLEvCbPjaLZyW+s10di8nLp1aAxKFFfAEfXkIhl3Wm5g9CvjrMlrxAOf Ny/jtz4v+asIr6/d992V80G9wMKMvTMQoCr4Sp9s2JubW79i4RBVWgHH JMmtyqq+SqEkPhZvsTuo2sXgIH9vRS3XgfkGtw/KyTUM29bhZ2eB+Ldq +bggp1gbBDiSsxZPjxciizI/mCzXWbq8BdfZ6LsddMjAolJwCtaPCD4e 4infmw+YSxjGau+YGgI0Cc0uItzQmNNpSoejM3IWGV+SN/YuPJIzw8wi xDfO6kCNiPsW45Fvq31148cAvUvwiqYPQ3fONeOTdQjsJWLLdLTApVEH 10kjAGfa30Tm92lQhhG5ovWrWCMbFlw4Lbvlon+X2snWPNut0a1Pz4Wd clDcmNU8dxi1lFvGbcJ0E4qBoJVBIzDh4HX1

7
contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+003+42138.private
View file

@ -1,7 +0,0 @@
Private-key-format: v1.2
Algorithm: 3 (DSA)
Prime(p): 4bble5+VNGd4RjwWpEDj8RhEAhQ7LybJzr0wtHXT2Q/KS55xARkUtcH2TVO/ayMupa30pM38rd8uF38sm+ABKLEvCbPjaLZyW+s10di8nLp1aAxKFFfAEfXkIhl3Wm5g9CvjrMlrxAOfNy/jtz4v+asIr6/d992V80G9wMKMvTM=
Subprime(q): 20V1WtRQn0w8PLMag+b61IpSCdc=
Base(g): EKAq+EqfbNibm1u/YuEQVVoBxyTJrcqqvkqhJD4Wb7E7qNrF4CB/b0Ut14H5BrcPysk1DNvW4Wdngfi3avm4IKdYGwQ4krMWT48XIosyP5gs11m6vAXX2ei7HXTIwKJScArWjwg+HuIp35sPmEsYxmrvmBoCNAnNLiLc0JjTaUo=
Private_value(x): xY/GSk3U4oHIsvUiAs/9/n+6ttk=
Public_value(y): h6MzchYZX5I39i48kjPDzCLEN87qQI2I+xbjkW+rfXXjxwC9S/CKpg9Dd84145N1COwlYst0tMClUQfXSSMAZ9rfROb3aVCGEbmi9atYIxsWXDgtu+Wif5faydY8263RrU/PhZ1yUNyY1Tx3GLWUW8ZtwnQTioGglUEjMOHgdfU=

10
contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+005+01355.depreciated
View file

@ -1,10 +0,0 @@
Private-key-format: v1.2
Algorithm: 5 (RSASHA1)
Modulus: 1hmOomNafbJ3H76e8V4qmFvlFWQuIkM+jbh+s79ZpErpCR7wBS5TswdoTeglX9UjP0D6hLmHfTcsdHQLLeMidQ==
PublicExponent: AQAAAAE=
PrivateExponent: dAiTob6wk4h5l6frfh49NAzd3RBsVRxqqCsMao52fJvlK06wmOb9PkqOaEMTDroJEGgN6zD/sWcGPK7nYwDMHQ==
Prime1: 731n5xPK9UQqQsQtattcC4MxtL6+OP1CyLy8e2tsd/8=
Prime2: 5NwPUBy32o2zzpw4TDH3omB6yk0fmFItJx4ek3RaBYs=
Exponent1: jzq6en2c8SwS5uQwY3/vFY549HMSTxP58kyS/GJ9hqE=
Exponent2: y52KLCquniy3EwUypKRkPZPftjBoqZkXeQLXSk4b850=
Coefficient: vHnxG4D4n+IKETXrutOFT+iREDDcfj6GpYubIP/goZc=

3
contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+005+01355.key
View file

@ -1,3 +0,0 @@
;% generationtime=20080609224426
;% lifetime=14d
dyn.example.net. IN DNSKEY 256 3 5 BQEAAAAB1hmOomNafbJ3H76e8V4qmFvlFWQuIkM+jbh+s79ZpErpCR7w BS5TswdoTeglX9UjP0D6hLmHfTcsdHQLLeMidQ==

3
contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+005+10643.key
View file

@ -1,3 +0,0 @@
;% generationtime=20081216133142
;% lifetime=14d
dyn.example.net. IN DNSKEY 256 3 5 BQEAAAAB4uTFNj8nkYmnWy6LgUlNS2QCPzevMxDoizMthpHUkBf+8U6q Exelm+aQQYnoyoe5NrreKBzt3jmqUYnn19QKQw==

10
contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+005+10643.private
View file

@ -1,10 +0,0 @@
Private-key-format: v1.2
Algorithm: 5 (RSASHA1)
Modulus: 4uTFNj8nkYmnWy6LgUlNS2QCPzevMxDoizMthpHUkBf+8U6qExelm+aQQYnoyoe5NrreKBzt3jmqUYnn19QKQw==
PublicExponent: AQAAAAE=
PrivateExponent: sW8IqcOjr/1xymzxbq91KQiCxBY/8nDvDO/m4Re6aTrTXr450nw8eBZZQuOnHsSEyc4YA8Gs8AwxO1IGAyjHYQ==
Prime1: 94n25jivIMy9SIV890Kp6CIGfeG/6g9eBFG+igw5JPM=
Prime2: 6qYnXtPI7mxsinhBVf+/2Ncv+V48/790y+jUhJXFGXE=
Exponent1: 4uCtm1fxo8apOydY+plF8duFa4BQq2rZkG4XCKQFpo0=
Exponent2: DBPT/6Xc9NryN5/MaOWZhmEWha//SPrGIHrcOwRhE8E=
Coefficient: tmkhFA718p1qDTkmOa2MqYox+Cz1LsuNCraAK0srL1U=

3
contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+007+30323.key Normal file
View file

@ -0,0 +1,3 @@
;% generationtime=20100221184315
;% lifetime=14d
dyn.example.net. IN DNSKEY 256 3 7 AwEAAfqG0rb9Ear+Pv7xBg9lc9czF+2YUa8Ris63E/oRRGQEH5U/ZS3A xz3aOhPFKzAAhjfaG3vTNW3Wl4bl4ITFZrk=

10
contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+007+30323.private Normal file
View file

@ -0,0 +1,10 @@
Private-key-format: v1.2
Algorithm: 7 (NSEC3RSASHA1)
Modulus: +obStv0Rqv4+/vEGD2Vz1zMX7ZhRrxGKzrcT+hFEZAQflT9lLcDHPdo6E8UrMACGN9obe9M1bdaXhuXghMVmuQ==
PublicExponent: AQAB
PrivateExponent: 4osOepin5GdakfFkGIIWWZCDX7/whY4oZjtZnjUFEiZ6YGdQV8FwihgQ9ZdQwTY2QgaCiI/7l0yFE3X2YOk5HQ==
Prime1: /eFIXmTu+XNTuXVfHYcXJTFc4UaThJszaKPmg/xm3ts=
Prime2: /J5fOUcGkFGv4prHDAmige180r7zaYznUicuDvNwkvs=
Exponent1: Alf7EAwEfL8IzdR8jUw69XfwMJAzOm0oW1XwAdXpqTM=
Exponent2: FBUbCNimou57hw466LATZTTWCYL4otl6wkMvHC0qM+U=
Coefficient: Q9eSjjf/S3Is3mcOn2RsloJKVzLuHiv54HaF7mwkbU4=

3
contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+007+52935.key Normal file
View file

@ -0,0 +1,3 @@
;% generationtime=20100221184315
;% lifetime=60d
dyn.example.net. IN DNSKEY 257 3 7 AwEAAeqEDYgA5lns1VsMJiZfTWMEguameVmOoBYx8s1uLzmS/3APsh1e WCeoBgAjRry1tpM/bPowyuygE4H0LpzNQLm9RbjDmpDN8Gwi3AjEnG4H CT58TuAVxjiefN+vb1pvyFlAL58YOkuGf9tG/NJMNc+XrULAU1ey2dT9 Fh+SCVO3

10
contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+007+52935.private Normal file
View file

@ -0,0 +1,10 @@
Private-key-format: v1.2
Algorithm: 7 (NSEC3RSASHA1)
Modulus: 6oQNiADmWezVWwwmJl9NYwSC5qZ5WY6gFjHyzW4vOZL/cA+yHV5YJ6gGACNGvLW2kz9s+jDK7KATgfQunM1Aub1FuMOakM3wbCLcCMScbgcJPnxO4BXGOJ58369vWm/IWUAvnxg6S4Z/20b80kw1z5etQsBTV7LZ1P0WH5IJU7c=
PublicExponent: AQAB
PrivateExponent: F5/Z5RuCGQj8rUFaDn+HQjRQI4AdtWHiypmZhgxVgY1HYjiSjtbUNpp8kEL9e0Eq9UZsaf/EUXYGwQ6iK3WZ0WrVP72bkjcWQAB2THYIxP7DwmL4JcsbJ7uiMYeLrvUddoLwS3nKIFpc010iHA0y4hE/k/ny4zOyDCEhVr3WvQE=
Prime1: /R+fSD2bb3N6UoapSNFXYRFyBpHWtcv/AZqsJx60/4UTGOCWNj52kcGsI/ROz/Pwbdicxi8CQqjX0f4QjSCAdw==
Prime2: 7S5MPtJNSa+fHZBavW6vDnqpiHxAO7lIAcgtGxMM3L3553OzarlJV88Z452tn4HhfCCaIUW20j8cOJvTLkPWwQ==
Exponent1: 9v56YPWszM40GH9KhMGxsAhj6cE5cGBEz33saqfuGj/yaJ4ONZQyAvynStZEaWsxux5ZrJGGdSFop4JxCCUk9Q==
Exponent2: W8dembCnV6wt1jLV6he6hc/Rao8qC/JWetoLGj706zZYTcfn1ZR9XQ02521MkjygFHhJLDbd192z/fPOdEisAQ==
Coefficient: +W6uvg4HkWaKi6OCpCz/0fRQwaRtPSbpKJ2Anam4PAy+B6cgM3Yo48OB7o+WoexlgySsNL0ui5p4BvJWvtca7w==

35
contrib/zkt/examples/flat/dyn.example.net/dnskey.db
View file

@ -1,35 +0,0 @@
;
; !!! Don't edit this file by hand.
; !!! It will be generated by dnssec-signer.
;
; Last generation time Dec 18 2008 01:03:01
;
; *** List of Key Signing Keys ***
; dyn.example.net. tag=42138 algo=DSA generated Aug 05 2008 23:01:57
dyn.example.net. 3600 IN DNSKEY 257 3 3 (
CNtFdVrUUJ9MPDyzGoPm+tSKUgnX4bble5+VNGd4RjwWpEDj8RhEAhQ7
LybJzr0wtHXT2Q/KS55xARkUtcH2TVO/ayMupa30pM38rd8uF38sm+AB
KLEvCbPjaLZyW+s10di8nLp1aAxKFFfAEfXkIhl3Wm5g9CvjrMlrxAOf
Ny/jtz4v+asIr6/d992V80G9wMKMvTMQoCr4Sp9s2JubW79i4RBVWgHH
JMmtyqq+SqEkPhZvsTuo2sXgIH9vRS3XgfkGtw/KyTUM29bhZ2eB+Ldq
+bggp1gbBDiSsxZPjxciizI/mCzXWbq8BdfZ6LsddMjAolJwCtaPCD4e
4infmw+YSxjGau+YGgI0Cc0uItzQmNNpSoejM3IWGV+SN/YuPJIzw8wi
xDfO6kCNiPsW45Fvq31148cAvUvwiqYPQ3fONeOTdQjsJWLLdLTApVEH
10kjAGfa30Tm92lQhhG5ovWrWCMbFlw4Lbvlon+X2snWPNut0a1Pz4Wd
clDcmNU8dxi1lFvGbcJ0E4qBoJVBIzDh4HX1
) ; key id = 42138
; *** List of Zone Signing Keys ***
; dyn.example.net. tag=1355 algo=RSASHA1 generated Aug 05 2008 23:01:57
dyn.example.net. 3600 IN DNSKEY 256 3 5 (
BQEAAAAB1hmOomNafbJ3H76e8V4qmFvlFWQuIkM+jbh+s79ZpErpCR7w
BS5TswdoTeglX9UjP0D6hLmHfTcsdHQLLeMidQ==
) ; key id = 1355
; dyn.example.net. tag=10643 algo=RSASHA1 generated Dec 16 2008 14:31:42
dyn.example.net. 3600 IN DNSKEY 256 3 5 (
BQEAAAAB4uTFNj8nkYmnWy6LgUlNS2QCPzevMxDoizMthpHUkBf+8U6q
Exelm+aQQYnoyoe5NrreKBzt3jmqUYnn19QKQw==
) ; key id = 10643

5
contrib/zkt/examples/flat/dyn.example.net/dnssec.conf
View file

@ -1,5 +0,0 @@
# signing key parameters
KSK_lifetime: 60d # (5184000 seconds)
KSK_algo: DSA
KSK_bits: 1024
KSK_randfile: "/dev/urandom"

2
contrib/zkt/examples/flat/dyn.example.net/dsset-dyn.example.net.
View file

@ -1,2 +0,0 @@
dyn.example.net. IN DS 42138 3 1 0F49FCDB683D1903F69B6779DB55CA3472974879
dyn.example.net. IN DS 42138 3 2 94AC94BFE3AFA17F7485F5F741274074FF2E26A360D776D8884F2689 CCED34C6

18
contrib/zkt/examples/flat/dyn.example.net/keyset-dyn.example.net.
View file

@ -1,18 +0,0 @@
$ORIGIN .
dyn.example.net 7200 IN DNSKEY 257 3 3 (
CNtFdVrUUJ9MPDyzGoPm+tSKUgnX4bble5+V
NGd4RjwWpEDj8RhEAhQ7LybJzr0wtHXT2Q/K
S55xARkUtcH2TVO/ayMupa30pM38rd8uF38s
m+ABKLEvCbPjaLZyW+s10di8nLp1aAxKFFfA
EfXkIhl3Wm5g9CvjrMlrxAOfNy/jtz4v+asI
r6/d992V80G9wMKMvTMQoCr4Sp9s2JubW79i
4RBVWgHHJMmtyqq+SqEkPhZvsTuo2sXgIH9v
RS3XgfkGtw/KyTUM29bhZ2eB+Ldq+bggp1gb
BDiSsxZPjxciizI/mCzXWbq8BdfZ6LsddMjA
olJwCtaPCD4e4infmw+YSxjGau+YGgI0Cc0u
ItzQmNNpSoejM3IWGV+SN/YuPJIzw8wixDfO
6kCNiPsW45Fvq31148cAvUvwiqYPQ3fONeOT
dQjsJWLLdLTApVEH10kjAGfa30Tm92lQhhG5
ovWrWCMbFlw4Lbvlon+X2snWPNut0a1Pz4Wd
clDcmNU8dxi1lFvGbcJ0E4qBoJVBIzDh4HX1
) ; key id = 42138

161
contrib/zkt/examples/flat/dyn.example.net/zktlog-dyn.example.net. Normal file
View file

@ -0,0 +1,161 @@
2010-02-21 19:43:15.018: debug: Check RFC5011 status
2010-02-21 19:43:15.018: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-21 19:43:15.018: debug: Check KSK status
2010-02-21 19:43:15.018: debug: No active KSK found: generate new one
2010-02-21 19:43:15.330: info: "dyn.example.net.": generated new KSK 52935
2010-02-21 19:43:15.330: debug: Check ZSK status
2010-02-21 19:43:15.330: debug: No active ZSK found: generate new one
2010-02-21 19:43:15.368: info: "dyn.example.net.": generated new ZSK 30323
2010-02-21 19:43:15.368: debug: Re-signing necessary: Modfied zone key set
2010-02-21 19:43:15.368: notice: "dyn.example.net.": re-signing triggered: Modfied zone key set
2010-02-21 19:43:15.368: debug: Writing key file "./dyn.example.net/dnskey.db"
2010-02-21 19:43:15.368: debug: Signing zone "dyn.example.net."
2010-02-21 19:43:15.368: notice: "dyn.example.net.": freeze dynamic zone
2010-02-21 19:43:15.368: debug: freeze dynamic zone "dyn.example.net."
2010-02-21 19:43:15.368: debug: Run cmd "/usr/local/sbin/rndc freeze dyn.example.net."
2010-02-21 19:43:15.374: debug: Dynamic Zone signing: copy old signed zone file ./dyn.example.net/zone.db.dsigned to new input file ./dyn.example.net/zone.db
2010-02-21 19:43:15.374: debug: Run cmd "cd ./dyn.example.net; /usr/local/sbin/dnssec-signzone -n 1 -3 76931F -C -g -p -d ../keysets -o dyn.example.net. -e +518400 -N increment -f zone.db.dsigned zone.db K*.private 2>&1"
2010-02-21 19:43:15.382: debug: Cmd dnssec-signzone return: "dnssec-signzone: fatal: Zone contains NSEC records. Use -u to update to NSEC3."
2010-02-21 19:43:15.382: error: "dyn.example.net.": signing failed!
2010-02-21 19:43:15.382: notice: "dyn.example.net.": thaw dynamic zone
2010-02-21 19:43:15.382: debug: thaw dynamic zone "dyn.example.net."
2010-02-21 19:43:15.382: debug: Run cmd "/usr/local/sbin/rndc thaw dyn.example.net."
2010-02-21 19:45:36.415: debug: Check RFC5011 status
2010-02-21 19:45:36.416: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-21 19:45:36.416: debug: Check KSK status
2010-02-21 19:45:36.416: debug: Check ZSK status
2010-02-21 19:45:36.416: debug: Re-signing not necessary!
2010-02-21 19:45:36.416: debug: Check if there is a parent file to copy
2010-02-21 19:45:41.448: debug: Check RFC5011 status
2010-02-21 19:45:41.448: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-21 19:45:41.448: debug: Check KSK status
2010-02-21 19:45:41.448: debug: Check ZSK status
2010-02-21 19:45:41.448: debug: Re-signing necessary: Option -f
2010-02-21 19:45:41.448: notice: "dyn.example.net.": re-signing triggered: Option -f
2010-02-21 19:45:41.448: debug: Writing key file "./dyn.example.net/dnskey.db"
2010-02-21 19:45:41.448: debug: Signing zone "dyn.example.net."
2010-02-21 19:45:41.448: notice: "dyn.example.net.": freeze dynamic zone
2010-02-21 19:45:41.448: debug: freeze dynamic zone "dyn.example.net."
2010-02-21 19:45:41.448: debug: Run cmd "/usr/local/sbin/rndc freeze dyn.example.net."
2010-02-21 19:45:41.457: debug: Dynamic Zone signing: copy old signed zone file ./dyn.example.net/zone.db.dsigned to new input file ./dyn.example.net/zone.db
2010-02-21 19:45:41.458: debug: Run cmd "cd ./dyn.example.net; /usr/local/sbin/dnssec-signzone -n 1 -3 76931F -C -g -p -d ../keysets -o dyn.example.net. -e +518400 -N increment -f zone.db.dsigned zone.db K*.private 2>&1"
2010-02-21 19:45:41.473: debug: Cmd dnssec-signzone return: "dnssec-signzone: fatal: NSEC3 generation requested with NSEC only DNSKEY"
2010-02-21 19:45:41.473: error: "dyn.example.net.": signing failed!
2010-02-21 19:45:41.473: notice: "dyn.example.net.": thaw dynamic zone
2010-02-21 19:45:41.473: debug: thaw dynamic zone "dyn.example.net."
2010-02-21 19:45:41.473: debug: Run cmd "/usr/local/sbin/rndc thaw dyn.example.net."
2010-02-21 19:47:06.899: debug: Check RFC5011 status
2010-02-21 19:47:06.899: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-21 19:47:06.899: debug: Check KSK status
2010-02-21 19:47:06.899: debug: Check ZSK status
2010-02-21 19:47:06.899: debug: Re-signing necessary: Option -f
2010-02-21 19:47:06.899: notice: "dyn.example.net.": re-signing triggered: Option -f
2010-02-21 19:47:06.899: debug: Writing key file "./dyn.example.net/dnskey.db"
2010-02-21 19:47:06.900: debug: Signing zone "dyn.example.net."
2010-02-21 19:47:06.900: notice: "dyn.example.net.": freeze dynamic zone
2010-02-21 19:47:06.900: debug: freeze dynamic zone "dyn.example.net."
2010-02-21 19:47:06.900: debug: Run cmd "/usr/local/sbin/rndc freeze dyn.example.net."
2010-02-21 19:47:06.910: debug: Dynamic Zone signing: copy old signed zone file ./dyn.example.net/zone.db.dsigned to new input file ./dyn.example.net/zone.db
2010-02-21 19:47:06.910: debug: Run cmd "cd ./dyn.example.net; /usr/local/sbin/dnssec-signzone -n 1 -3 76931F -C -g -p -d ../keysets -o dyn.example.net. -e +518400 -N increment -f zone.db.dsigned zone.db K*.private 2>&1"
2010-02-21 19:47:06.926: debug: Cmd dnssec-signzone return: "dnssec-signzone: fatal: NSEC3 iterations too big for weakest DNSKEY strength. Maximum iterations allowed 0."
2010-02-21 19:47:06.926: error: "dyn.example.net.": signing failed!
2010-02-21 19:47:06.926: notice: "dyn.example.net.": thaw dynamic zone
2010-02-21 19:47:06.926: debug: thaw dynamic zone "dyn.example.net."
2010-02-21 19:47:06.926: debug: Run cmd "/usr/local/sbin/rndc thaw dyn.example.net."
2010-02-21 19:58:40.972: debug: Check RFC5011 status
2010-02-21 19:58:40.972: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-21 19:58:40.972: debug: Check KSK status
2010-02-21 19:58:40.972: debug: Check ZSK status
2010-02-21 19:58:40.973: debug: Re-signing necessary: Option -f
2010-02-21 19:58:40.973: notice: "dyn.example.net.": re-signing triggered: Option -f
2010-02-21 19:58:40.973: debug: Writing key file "./dyn.example.net/dnskey.db"
2010-02-21 19:58:40.973: debug: Signing zone "dyn.example.net."
2010-02-21 19:58:40.973: notice: "dyn.example.net.": freeze dynamic zone
2010-02-21 19:58:40.973: debug: freeze dynamic zone "dyn.example.net."
2010-02-21 19:58:40.973: debug: Run cmd "/usr/local/sbin/rndc freeze dyn.example.net."
2010-02-21 19:58:40.982: debug: Dynamic Zone signing: zone file manually edited: Use it as new input file
2010-02-21 19:58:40.982: debug: Dynamic Zone signing: copy old signed zone file ./dyn.example.net/zone.db.dsigned to new input file ./dyn.example.net/zone.db
2010-02-21 19:58:40.983: debug: Run cmd "cd ./dyn.example.net; /usr/local/sbin/dnssec-signzone -n 1 -3 76931F -C -g -p -d ../keysets -o dyn.example.net. -e +518400 -N increment -f zone.db.dsigned zone.db K*.private 2>&1"
2010-02-21 19:58:40.999: debug: Cmd dnssec-signzone return: "dnssec-signzone: fatal: NSEC3 iterations too big for weakest DNSKEY strength. Maximum iterations allowed 0."
2010-02-21 19:58:40.999: error: "dyn.example.net.": signing failed!
2010-02-21 19:58:40.999: notice: "dyn.example.net.": thaw dynamic zone
2010-02-21 19:58:40.999: debug: thaw dynamic zone "dyn.example.net."
2010-02-21 19:58:40.999: debug: Run cmd "/usr/local/sbin/rndc thaw dyn.example.net."
2010-02-21 20:00:48.833: debug: Check RFC5011 status
2010-02-21 20:00:48.833: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-21 20:00:48.833: debug: Check KSK status
2010-02-21 20:00:48.833: debug: Check ZSK status
2010-02-21 20:00:48.833: debug: Re-signing necessary: Option -f
2010-02-21 20:00:48.833: notice: "dyn.example.net.": re-signing triggered: Option -f
2010-02-21 20:00:48.833: debug: Writing key file "./dyn.example.net/dnskey.db"
2010-02-21 20:00:48.834: debug: Signing zone "dyn.example.net."
2010-02-21 20:00:48.834: notice: "dyn.example.net.": freeze dynamic zone
2010-02-21 20:00:48.834: debug: freeze dynamic zone "dyn.example.net."
2010-02-21 20:00:48.834: debug: Run cmd "/usr/local/sbin/rndc freeze dyn.example.net."
2010-02-21 20:00:48.844: debug: Dynamic Zone signing: copy old signed zone file ./dyn.example.net/zone.db.dsigned to new input file ./dyn.example.net/zone.db
2010-02-21 20:00:48.844: debug: Run cmd "cd ./dyn.example.net; /usr/local/sbin/dnssec-signzone -n 1 -3 76931F -C -g -p -d ../keysets -o dyn.example.net. -e +518400 -N increment -f zone.db.dsigned zone.db K*.private 2>&1"
2010-02-21 20:00:48.878: debug: Cmd dnssec-signzone return: "zone.db.dsigned"
2010-02-21 20:00:48.878: notice: "dyn.example.net.": thaw dynamic zone
2010-02-21 20:00:48.878: debug: thaw dynamic zone "dyn.example.net."
2010-02-21 20:00:48.878: debug: Run cmd "/usr/local/sbin/rndc thaw dyn.example.net."
2010-02-21 20:00:48.884: debug: Signing completed after 0s.
2010-02-21 20:01:11.175: debug: Check RFC5011 status
2010-02-21 20:01:11.175: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-21 20:01:11.175: debug: Check KSK status
2010-02-21 20:01:11.175: debug: Check ZSK status
2010-02-21 20:01:11.176: debug: Re-signing necessary: Option -f
2010-02-21 20:01:11.176: notice: "dyn.example.net.": re-signing triggered: Option -f
2010-02-21 20:01:11.176: debug: Writing key file "./dyn.example.net/dnskey.db"
2010-02-21 20:01:11.176: debug: Signing zone "dyn.example.net."
2010-02-21 20:01:11.176: notice: "dyn.example.net.": freeze dynamic zone
2010-02-21 20:01:11.176: debug: freeze dynamic zone "dyn.example.net."
2010-02-21 20:01:11.176: debug: Run cmd "/usr/local/sbin/rndc freeze dyn.example.net."
2010-02-21 20:01:11.181: debug: Dynamic Zone signing: copy old signed zone file ./dyn.example.net/zone.db.dsigned to new input file ./dyn.example.net/zone.db
2010-02-21 20:01:11.181: debug: Run cmd "cd ./dyn.example.net; /usr/local/sbin/dnssec-signzone -n 1 -3 76931F -C -g -p -d ../keysets -o dyn.example.net. -e +518400 -N increment -f zone.db.dsigned zone.db K*.private 2>&1"
2010-02-21 20:01:11.202: debug: Cmd dnssec-signzone return: "zone.db.dsigned"
2010-02-21 20:01:11.202: notice: "dyn.example.net.": thaw dynamic zone
2010-02-21 20:01:11.203: debug: thaw dynamic zone "dyn.example.net."
2010-02-21 20:01:11.203: debug: Run cmd "/usr/local/sbin/rndc thaw dyn.example.net."
2010-02-21 20:01:11.208: debug: Signing completed after 0s.
2010-02-21 20:01:17.175: debug: Check RFC5011 status
2010-02-21 20:01:17.175: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-21 20:01:17.175: debug: Check KSK status
2010-02-21 20:01:17.175: debug: Check ZSK status
2010-02-21 20:01:17.176: debug: Re-signing not necessary!
2010-02-21 20:01:17.176: debug: Check if there is a parent file to copy
2010-02-25 23:42:29.326: debug: Check RFC5011 status
2010-02-25 23:42:29.326: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-25 23:42:29.326: debug: Check KSK status
2010-02-25 23:42:29.326: debug: Check ZSK status
2010-02-25 23:42:29.326: debug: Re-signing necessary: re-signing interval (2d) reached
2010-02-25 23:42:29.326: notice: "dyn.example.net.": re-signing triggered: re-signing interval (2d) reached
2010-02-25 23:42:29.326: debug: Writing key file "./dyn.example.net/dnskey.db"
2010-02-25 23:42:29.327: debug: Signing zone "dyn.example.net."
2010-02-25 23:42:29.327: notice: "dyn.example.net.": freeze dynamic zone
2010-02-25 23:42:29.327: debug: freeze dynamic zone "dyn.example.net."
2010-02-25 23:42:29.327: debug: Run cmd "/usr/local/sbin/rndc freeze dyn.example.net."
2010-02-25 23:42:29.388: debug: Dynamic Zone signing: copy old signed zone file ./dyn.example.net/zone.db.dsigned to new input file ./dyn.example.net/zone.db
2010-02-25 23:42:29.425: debug: Run cmd "cd ./dyn.example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -3 76931F -C -g -p -d ../keysets -o dyn.example.net. -e +518400 -N increment -f zone.db.dsigned zone.db K*.private 2>&1"
2010-02-25 23:42:29.471: debug: Cmd dnssec-signzone return: "zone.db.dsigned"
2010-02-25 23:42:29.471: notice: "dyn.example.net.": thaw dynamic zone
2010-02-25 23:42:29.471: debug: thaw dynamic zone "dyn.example.net."
2010-02-25 23:42:29.471: debug: Run cmd "/usr/local/sbin/rndc thaw dyn.example.net."
2010-02-25 23:42:29.486: debug: Signing completed after 0s.
2010-03-02 10:59:46.770: debug: Check RFC5011 status
2010-03-02 10:59:46.770: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-03-02 10:59:46.770: debug: Check KSK status
2010-03-02 10:59:46.770: debug: Check ZSK status
2010-03-02 10:59:46.770: debug: Re-signing necessary: re-signing interval (2d) reached
2010-03-02 10:59:46.770: notice: "dyn.example.net.": re-signing triggered: re-signing interval (2d) reached
2010-03-02 10:59:46.770: debug: Writing key file "./dyn.example.net/dnskey.db"
2010-03-02 10:59:46.770: debug: Signing zone "dyn.example.net."
2010-03-02 10:59:46.770: notice: "dyn.example.net.": freeze dynamic zone
2010-03-02 10:59:46.770: debug: freeze dynamic zone "dyn.example.net."
2010-03-02 10:59:46.770: debug: Run cmd "/usr/local/sbin/rndc freeze dyn.example.net."
2010-03-02 10:59:46.852: debug: Dynamic Zone signing: copy old signed zone file ./dyn.example.net/zone.db.dsigned to new input file ./dyn.example.net/zone.db
2010-03-02 10:59:46.875: debug: Run cmd "cd ./dyn.example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -3 76931F -C -g -p -d ../keysets -o dyn.example.net. -e +518400 -N increment -f zone.db.dsigned zone.db K*.private 2>&1"
2010-03-02 10:59:46.950: debug: Cmd dnssec-signzone return: "zone.db.dsigned"
2010-03-02 10:59:46.950: notice: "dyn.example.net.": thaw dynamic zone
2010-03-02 10:59:46.950: debug: thaw dynamic zone "dyn.example.net."
2010-03-02 10:59:46.950: debug: Run cmd "/usr/local/sbin/rndc thaw dyn.example.net."
2010-03-02 10:59:46.964: debug: Signing completed after 0s.

115
contrib/zkt/examples/flat/dyn.example.net/zone.db
View file

@ -1,115 +0,0 @@
; File written on Tue Dec 16 14:31:43 2008
; dnssec_signzone version 9.6.0rc1
dyn.example.net. 7200 IN SOA ns1.example.net. hostmaster.example.net. (
9 ; serial
43200 ; refresh (12 hours)
1800 ; retry (30 minutes)
1209600 ; expire (2 weeks)
7200 ; minimum (2 hours)
)
7200 RRSIG SOA 5 3 7200 20081222123143 (
20081216123143 1355 dyn.example.net.
G4QPBPbeEnPfKggesblu+QPI6rlt8gOaqnJB
k/98pbkDxhgLmpPP9RdjD3bftSFRgOdPGN1Y
xE4AxSdo4AR5NA== )
7200 NS ns1.example.net.
7200 NS ns2.example.net.
7200 RRSIG NS 5 3 7200 20081222123143 (
20081216123143 1355 dyn.example.net.
le7/8D28Oia0Ai/aSZsno5TILSCaPKNnuauM
MGEGfCixiCXFIOCuND54qMpUR3wNEnTkHkyl
OBYt6dGy5pH0dw== )
7200 NSEC localhost.dyn.example.net. NS SOA RRSIG NSEC DNSKEY
7200 RRSIG NSEC 5 3 7200 20081222123143 (
20081216123143 1355 dyn.example.net.
ovWzUD/vXa15hxBDTtMKP4TcJEpG3RX+2CrZ
ztcRdF9uy3JXI3+dEgmB+cPaDVW1AiNIrIYF
3MRaCHa4jhJISw== )
$INCLUDE dnskey.db
3600 RRSIG DNSKEY 3 3 3600 20081222123143 (
20081216123143 42138 dyn.example.net.
CL4xO8K27EV8Aq25hhFsk7Q5uL7sGO0HnsBH
tr6Iomd+JCqxBGvZSBg= )
3600 RRSIG DNSKEY 5 3 3600 20081222123143 (
20081216123143 1355 dyn.example.net.
DkobINneyOshuB+T7nfnGx/O7JvEBRPT/svs
ysxDmzZ8CaPF04lskwrLPFcRfMhrGX2JFYjE
uIWUFMbDBVHilA== )
localhost.dyn.example.net. 7200 IN A 127.0.0.1
7200 RRSIG A 5 4 7200 20081222123143 (
20081216123143 1355 dyn.example.net.
HDt+/eQ8d52VglJFPDwO3W7Gez2TUbvdz8Gk
SVDqIjHSTvJWN3L0vnBdHXOYUT8WLIMtQXXm
Y+JU8nNWxrD8yQ== )
7200 NSEC ns1.dyn.example.net. A RRSIG NSEC
7200 RRSIG NSEC 5 4 7200 20081222123143 (
20081216123143 1355 dyn.example.net.
d+CMf40oITbKKIV2AE3JTmGKtxb1RJPEEm2p
z8RHSPFrdcC9ieJrdZIx1+Uxs5PjNbZcjdft
oiLcZ/pr+2QXew== )
ns1.dyn.example.net. 7200 IN A 1.0.0.5
7200 RRSIG A 5 4 7200 20081222123143 (
20081216123143 1355 dyn.example.net.
p99aPrpCC+FU8uRCJuRCo4aibhuFelbDXR1q
9WRVJBJiDV4FO6EH/tCBAUQmNT0fh+mERKNd
39Qjr5mH5gFcQw== )
7200 AAAA 2001:db8::53
7200 RRSIG AAAA 5 4 7200 20081222123143 (
20081216123143 1355 dyn.example.net.
ajT50HHhQUY5mD8SH1nPd+mf4HosL1lVvDVN
HTnpoqCjG0guDuRk/BCLTBj1MPcPDYlkdDcd
Rpv5xbYbYNu5qQ== )
7200 NSEC ns2.dyn.example.net. A AAAA RRSIG NSEC
7200 RRSIG NSEC 5 4 7200 20081222123143 (
20081216123143 1355 dyn.example.net.
lQESBjK8+FQmGgndAMbPvQ2WMomT3sa1ozPQ
/7ykGFFgM3YeUyA2h0AlUWHatLNDvMy2HeaM
C1ozcV9M/iHR0A== )
ns2.dyn.example.net. 7200 IN A 1.2.0.6
7200 RRSIG A 5 4 7200 20081222123143 (
20081216123143 1355 dyn.example.net.
OrkPhnVeL0kTY6hJzrBgXy1NGeiQQR+5ykSh
qFOOwR1C0YiBWGF3kkLE0ZAZ7XD+CPxc6Z/H
WL/+o/AVAtWrtg== )
7200 NSEC x.dyn.example.net. A RRSIG NSEC
7200 RRSIG NSEC 5 4 7200 20081222123143 (
20081216123143 1355 dyn.example.net.
ZE+qfvafm4vmGkkpcI1Z1ND2doEwnGELDiYQ
SpNu3bWTHDO6B8vHql1QayGPLzDH8licFAXL
FdyUOVHrXZMZNw== )
x.dyn.example.net. 7200 IN A 1.2.3.4
7200 RRSIG A 5 4 7200 20081222123143 (
20081216123143 1355 dyn.example.net.
kYuQrOUinJDCsIGlv+qAPROyDOP6vCI11Us4
V0c6HK18FaaNE0BeivHAMN9QkliHF9GjYVm2
JbklfT3DUMSuIA== )
7200 NSEC y.dyn.example.net. A RRSIG NSEC
7200 RRSIG NSEC 5 4 7200 20081222123143 (
20081216123143 1355 dyn.example.net.
AR2flkOCH0YPbmTGxPj4v8Ug/L2dasQElmZW
+NZK4vlyxwtGFowBDtcjiD10defZNP3Wuzus
YjuVA5JpZpTW8A== )
y.dyn.example.net. 7200 IN A 1.2.3.5
7200 RRSIG A 5 4 7200 20081222123143 (
20081216123143 1355 dyn.example.net.
HYDO2JtuRZWZ+XyDj7GZOlC3b2Y2rozEzzEf
OC/CChOsplwm1MDx+5nXPHM8wcIUUofrlq+b
lRLJfqwLt9erxg== )
7200 NSEC z.dyn.example.net. A RRSIG NSEC
7200 RRSIG NSEC 5 4 7200 20081222123143 (
20081216123143 1355 dyn.example.net.
mtz25BnhPmwYaHG2DLth2f3XTUeAMFDnmXby
/kUWbflanujxvWDnB2hFs4qKGeE+WL36F/aw
/Ui1oFyMOcdvPg== )
z.dyn.example.net. 7200 IN A 1.2.3.6
7200 RRSIG A 5 4 7200 20081222123143 (
20081216123143 1355 dyn.example.net.
CxCptk9vpGT/9oG9WXiLmgKrWrxvuxFkgjEu
gBsp7loIM6x3Pr+CDXdsvbjDW1DwsjYBPyCa
JL7B7wczIlxQrA== )
7200 NSEC dyn.example.net. A RRSIG NSEC
7200 RRSIG NSEC 5 4 7200 20081222123143 (
20081216123143 1355 dyn.example.net.
hOjfx9YA8O7tSXycALMnI+cQw3hs4euTVNPf
fCiYukAFjwpQAmS8xVbtydTH7TVs5UcObyqB
8gsnXboAW9x07g== )

221
contrib/zkt/examples/flat/dyn.example.net/zone.db.dsigned
View file

@ -1,221 +0,0 @@
; File written on Thu Dec 18 01:03:01 2008
; dnssec_signzone version 9.6.0rc1
dyn.example.net. 7200 IN SOA ns1.example.net. hostmaster.example.net. (
10 ; serial
43200 ; refresh (12 hours)
1800 ; retry (30 minutes)
1209600 ; expire (2 weeks)
7200 ; minimum (2 hours)
)
7200 RRSIG SOA 5 3 7200 20081223230301 (
20081217230301 10643 dyn.example.net.
srn4ZqDvq1V4YWAn+s1UuC3pk9DFhyxo7w6h
6LnIeqAvnt6naBfgu0IHKt62fCMlq2LaW3n5
LYdW5XD0aMU2pA== )
7200 NS ns1.example.net.
7200 NS ns2.example.net.
7200 RRSIG NS 5 3 7200 20081222123143 (
20081216123143 1355 dyn.example.net.
le7/8D28Oia0Ai/aSZsno5TILSCaPKNnuauM
MGEGfCixiCXFIOCuND54qMpUR3wNEnTkHkyl
OBYt6dGy5pH0dw== )
7200 RRSIG NS 5 3 7200 20081223230301 (
20081217230301 10643 dyn.example.net.
IAaofnTCtf2xoxW+NxUyosdLTj2+ueDnv8tz
hgGwtzUeHn+AXZgwB3pe5AgMO+Y8WNg7AZJ7
TlJkTe3CnL6/Uw== )
7200 NSEC localhost.dyn.example.net. NS SOA RRSIG NSEC DNSKEY
7200 RRSIG NSEC 5 3 7200 20081222123143 (
20081216123143 1355 dyn.example.net.
ovWzUD/vXa15hxBDTtMKP4TcJEpG3RX+2CrZ
ztcRdF9uy3JXI3+dEgmB+cPaDVW1AiNIrIYF
3MRaCHa4jhJISw== )
7200 RRSIG NSEC 5 3 7200 20081223230301 (
20081217230301 10643 dyn.example.net.
S0ngwduIYE7H5DZ9A8OfeY9h0Sb6mdBQpN2+
TzK3hsS6d92m7IoTkLMv8V1iGMY9cUasauwl
bzMUUgXpBSzFqA== )
3600 DNSKEY 256 3 5 (
BQEAAAAB1hmOomNafbJ3H76e8V4qmFvlFWQu
IkM+jbh+s79ZpErpCR7wBS5TswdoTeglX9Uj
P0D6hLmHfTcsdHQLLeMidQ==
) ; key id = 1355
3600 DNSKEY 256 3 5 (
BQEAAAAB4uTFNj8nkYmnWy6LgUlNS2QCPzev
MxDoizMthpHUkBf+8U6qExelm+aQQYnoyoe5
NrreKBzt3jmqUYnn19QKQw==
) ; key id = 10643
3600 DNSKEY 257 3 3 (
CNtFdVrUUJ9MPDyzGoPm+tSKUgnX4bble5+V
NGd4RjwWpEDj8RhEAhQ7LybJzr0wtHXT2Q/K
S55xARkUtcH2TVO/ayMupa30pM38rd8uF38s
m+ABKLEvCbPjaLZyW+s10di8nLp1aAxKFFfA
EfXkIhl3Wm5g9CvjrMlrxAOfNy/jtz4v+asI
r6/d992V80G9wMKMvTMQoCr4Sp9s2JubW79i
4RBVWgHHJMmtyqq+SqEkPhZvsTuo2sXgIH9v
RS3XgfkGtw/KyTUM29bhZ2eB+Ldq+bggp1gb
BDiSsxZPjxciizI/mCzXWbq8BdfZ6LsddMjA
olJwCtaPCD4e4infmw+YSxjGau+YGgI0Cc0u
ItzQmNNpSoejM3IWGV+SN/YuPJIzw8wixDfO
6kCNiPsW45Fvq31148cAvUvwiqYPQ3fONeOT
dQjsJWLLdLTApVEH10kjAGfa30Tm92lQhhG5
ovWrWCMbFlw4Lbvlon+X2snWPNut0a1Pz4Wd
clDcmNU8dxi1lFvGbcJ0E4qBoJVBIzDh4HX1
) ; key id = 42138
3600 RRSIG DNSKEY 3 3 3600 20081222123143 (
20081216123143 42138 dyn.example.net.
CL4xO8K27EV8Aq25hhFsk7Q5uL7sGO0HnsBH
tr6Iomd+JCqxBGvZSBg= )
3600 RRSIG DNSKEY 5 3 3600 20081222123143 (
20081216123143 1355 dyn.example.net.
DkobINneyOshuB+T7nfnGx/O7JvEBRPT/svs
ysxDmzZ8CaPF04lskwrLPFcRfMhrGX2JFYjE
uIWUFMbDBVHilA== )
3600 RRSIG DNSKEY 5 3 3600 20081223230301 (
20081217230301 10643 dyn.example.net.
0W2AHhTCCVK1UAhfGkZTkrLuPfRNBgQHysKw
dHimxjMq/IlVwamPkmrW0NmYdt15C+E9SZja
HYu8RuXqyqxQzQ== )
localhost.dyn.example.net. 7200 IN A 127.0.0.1
7200 RRSIG A 5 4 7200 20081222123143 (
20081216123143 1355 dyn.example.net.
HDt+/eQ8d52VglJFPDwO3W7Gez2TUbvdz8Gk
SVDqIjHSTvJWN3L0vnBdHXOYUT8WLIMtQXXm
Y+JU8nNWxrD8yQ== )
7200 RRSIG A 5 4 7200 20081223230301 (
20081217230301 10643 dyn.example.net.
vTo/zPTFUEK92lpo3XTuSai3VsUO5FuYuS0T
L3w3iIQHOdOSHunPy2brF6BzsznZXLuYvDvr
cZuxxYJpYRrecg== )
7200 NSEC ns1.dyn.example.net. A RRSIG NSEC
7200 RRSIG NSEC 5 4 7200 20081222123143 (
20081216123143 1355 dyn.example.net.
d+CMf40oITbKKIV2AE3JTmGKtxb1RJPEEm2p
z8RHSPFrdcC9ieJrdZIx1+Uxs5PjNbZcjdft
oiLcZ/pr+2QXew== )
7200 RRSIG NSEC 5 4 7200 20081223230301 (
20081217230301 10643 dyn.example.net.
G/Tw47gQNzuCEJTLHbCOcrBoEEP28QrwzLdw
7Y+WXP7XFMsLDkdLGrsL6CGLDL/L9WBGU75x
QKKBPFshzJUeUQ== )
ns1.dyn.example.net. 7200 IN A 1.0.0.5
7200 RRSIG A 5 4 7200 20081222123143 (
20081216123143 1355 dyn.example.net.
p99aPrpCC+FU8uRCJuRCo4aibhuFelbDXR1q
9WRVJBJiDV4FO6EH/tCBAUQmNT0fh+mERKNd
39Qjr5mH5gFcQw== )
7200 RRSIG A 5 4 7200 20081223230301 (
20081217230301 10643 dyn.example.net.
QPGkC3aXCaNaGauAaEs5AWlBoftcP/HbrVGe
JlzZN2LbwwbTNDtvotnW7PeWJaaj6vRInkOt
TjSz43Sfn4FJvg== )
7200 AAAA 2001:db8::53
7200 RRSIG AAAA 5 4 7200 20081222123143 (
20081216123143 1355 dyn.example.net.
ajT50HHhQUY5mD8SH1nPd+mf4HosL1lVvDVN
HTnpoqCjG0guDuRk/BCLTBj1MPcPDYlkdDcd
Rpv5xbYbYNu5qQ== )
7200 RRSIG AAAA 5 4 7200 20081223230301 (
20081217230301 10643 dyn.example.net.
BXvwGdoLeAuj709j3KGvK7RvgQ4MbJmew8De
ZbTBaoVt4Z79Tf0m67Vj+VqHRgTDjyIvnSNZ
Bawk6lWw5dvroA== )
7200 NSEC ns2.dyn.example.net. A AAAA RRSIG NSEC
7200 RRSIG NSEC 5 4 7200 20081222123143 (
20081216123143 1355 dyn.example.net.
lQESBjK8+FQmGgndAMbPvQ2WMomT3sa1ozPQ
/7ykGFFgM3YeUyA2h0AlUWHatLNDvMy2HeaM
C1ozcV9M/iHR0A== )
7200 RRSIG NSEC 5 4 7200 20081223230301 (
20081217230301 10643 dyn.example.net.
fYIG2W8qnQYoahLfwJqLf4Tigl93xfqXZO20
qn/wPBW4jy+JnJ/ShptEZCeuyTTsVBw4ZnJI
7o15ZBW1UlZy9g== )
ns2.dyn.example.net. 7200 IN A 1.2.0.6
7200 RRSIG A 5 4 7200 20081222123143 (
20081216123143 1355 dyn.example.net.
OrkPhnVeL0kTY6hJzrBgXy1NGeiQQR+5ykSh
qFOOwR1C0YiBWGF3kkLE0ZAZ7XD+CPxc6Z/H
WL/+o/AVAtWrtg== )
7200 RRSIG A 5 4 7200 20081223230301 (
20081217230301 10643 dyn.example.net.
gDre5yf6WCDCute4lg1ktW9+mM4qPn5D5Oy6
hsu3+9NRjOdAdQhV9HMzdOODooIOvLGKINOY
6PFS66OvTcfNpA== )
7200 NSEC x.dyn.example.net. A RRSIG NSEC
7200 RRSIG NSEC 5 4 7200 20081222123143 (
20081216123143 1355 dyn.example.net.
ZE+qfvafm4vmGkkpcI1Z1ND2doEwnGELDiYQ
SpNu3bWTHDO6B8vHql1QayGPLzDH8licFAXL
FdyUOVHrXZMZNw== )
7200 RRSIG NSEC 5 4 7200 20081223230301 (
20081217230301 10643 dyn.example.net.
FZGn3y2M+YWoH6gk06gTUMZ49PIq+yDr708Y
fxPcEsRljuYU2GrmETQKJTDY1HjYomTBGoKm
StupQrHzOOasAA== )
x.dyn.example.net. 7200 IN A 1.2.3.4
7200 RRSIG A 5 4 7200 20081222123143 (
20081216123143 1355 dyn.example.net.
kYuQrOUinJDCsIGlv+qAPROyDOP6vCI11Us4
V0c6HK18FaaNE0BeivHAMN9QkliHF9GjYVm2
JbklfT3DUMSuIA== )
7200 RRSIG A 5 4 7200 20081223230301 (
20081217230301 10643 dyn.example.net.
pYCB8HDdv9WxX1GxNWdafGZGSKrveweoOixc
uddF++dPA1m+ro/6Qw28Cj5Coth7IKu+TyM0
JPWTJgOUck73zw== )
7200 NSEC y.dyn.example.net. A RRSIG NSEC
7200 RRSIG NSEC 5 4 7200 20081222123143 (
20081216123143 1355 dyn.example.net.
AR2flkOCH0YPbmTGxPj4v8Ug/L2dasQElmZW
+NZK4vlyxwtGFowBDtcjiD10defZNP3Wuzus
YjuVA5JpZpTW8A== )
7200 RRSIG NSEC 5 4 7200 20081223230301 (
20081217230301 10643 dyn.example.net.
Ant5JHyVUh8+mMG5+WGgimDGiItGVRWhb3B5
C4KYb7DM8+qJ98W0KPIxFT9Sj9bsKyyOzvf3
Bik/f7DSdcr6sg== )
y.dyn.example.net. 7200 IN A 1.2.3.5
7200 RRSIG A 5 4 7200 20081222123143 (
20081216123143 1355 dyn.example.net.
HYDO2JtuRZWZ+XyDj7GZOlC3b2Y2rozEzzEf
OC/CChOsplwm1MDx+5nXPHM8wcIUUofrlq+b
lRLJfqwLt9erxg== )
7200 RRSIG A 5 4 7200 20081223230301 (
20081217230301 10643 dyn.example.net.
1zS6xszu0hrKaJOLS6YOuFthmDCRp3PQIAjh
u6uPX6Kjpb8Svhdo7yFp7ukJU5OX6BEKiSon
qHajnJvPg72T6w== )
7200 NSEC z.dyn.example.net. A RRSIG NSEC
7200 RRSIG NSEC 5 4 7200 20081222123143 (
20081216123143 1355 dyn.example.net.
mtz25BnhPmwYaHG2DLth2f3XTUeAMFDnmXby
/kUWbflanujxvWDnB2hFs4qKGeE+WL36F/aw
/Ui1oFyMOcdvPg== )
7200 RRSIG NSEC 5 4 7200 20081223230301 (
20081217230301 10643 dyn.example.net.
3fCQpAl+OjtWt9ZIpTrYVLhpZoaLqAJ8hy2v
ZTu9MtmmS3W/cdp6qdSi+bUZuiptGoxTBAjh
aC7QpOrobV9C/w== )
z.dyn.example.net. 7200 IN A 1.2.3.6
7200 RRSIG A 5 4 7200 20081222123143 (
20081216123143 1355 dyn.example.net.
CxCptk9vpGT/9oG9WXiLmgKrWrxvuxFkgjEu
gBsp7loIM6x3Pr+CDXdsvbjDW1DwsjYBPyCa
JL7B7wczIlxQrA== )
7200 RRSIG A 5 4 7200 20081223230301 (
20081217230301 10643 dyn.example.net.
MAJ85Q1cFh7yqewaQyJ3YxS3KwTK/rxW+leY
HLwxfcijXkUrxVaRtO/gTcFdo4aTJjeDrPhV
ESwQbI+NNVkVRw== )
7200 NSEC dyn.example.net. A RRSIG NSEC
7200 RRSIG NSEC 5 4 7200 20081222123143 (
20081216123143 1355 dyn.example.net.
hOjfx9YA8O7tSXycALMnI+cQw3hs4euTVNPf
fCiYukAFjwpQAmS8xVbtydTH7TVs5UcObyqB
8gsnXboAW9x07g== )
7200 RRSIG NSEC 5 4 7200 20081223230301 (
20081217230301 10643 dyn.example.net.
hRnT7XWT+KFHsxZ8rNiqWJ2/5WyLQRxht/QQ
NXaYz2OeSGfgsRmdHc6UfjeVLyeXYn7Tkikr
Pg7pX/nmF4eldQ== )

30
contrib/zkt/examples/flat/dyn.example.net/zone.org
View file

@ -1,30 +0,0 @@
;-----------------------------------------------------------------
;
; @(#) dyn.example.net/zone.org
;
;-----------------------------------------------------------------
$TTL 7200
@ IN SOA ns1.example.net. hostmaster.example.net. (
1 ; Serial
43200 ; Refresh
1800 ; Retry
2W ; Expire
7200 ) ; Minimum
IN NS ns1.example.net.
IN NS ns2.example.net.
ns1 IN A 1.0.0.5
IN AAAA 2001:db8::53
ns2 IN A 1.2.0.6
localhost IN A 127.0.0.1
x IN A 1.2.3.4
y IN A 1.2.3.5
z IN A 1.2.3.6
$INCLUDE dnskey.db

3
contrib/zkt/examples/flat/example.net/Kexample.net.+005+07308.key
View file

@ -1,3 +0,0 @@
;% generationtime=20081116175850
;% lifetime=365d
example.net. IN DNSKEY 257 3 5 BQEAAAABDG+2bUQuvTgeYA99bx5wXDsiaQnhJc5oFj+sQLmCvj6hGFfQ oUkI67jTMkIzQlflQ3UHBfAnQMeFAhhQLrG+/cMXldZN3360Q+YlSbGJ w2vVXcBr463AUAlENzSDS35D1x8zOgZOg34rL+1uFn0HBSI0xusYRAlU t9A3vJsLWcRyA1e/wVthbnx1DGbuy+fM5g1inAAbgmGwyaX5JT9+p0yB /Q==

10
contrib/zkt/examples/flat/example.net/Kexample.net.+005+07308.private
View file

@ -1,10 +0,0 @@
Private-key-format: v1.2
Algorithm: 5 (RSASHA1)
Modulus: DG+2bUQuvTgeYA99bx5wXDsiaQnhJc5oFj+sQLmCvj6hGFfQoUkI67jTMkIzQlflQ3UHBfAnQMeFAhhQLrG+/cMXldZN3360Q+YlSbGJw2vVXcBr463AUAlENzSDS35D1x8zOgZOg34rL+1uFn0HBSI0xusYRAlUt9A3vJsLWcRyA1e/wVthbnx1DGbuy+fM5g1inAAbgmGwyaX5JT9+p0yB/Q==
PublicExponent: AQAAAAE=
PrivateExponent: CfS81MH9GT1CGQtK94PvSgggeQnSullWOmqQsKGndfJVpv4AJj/XCaEhgboIVshezJmUdHf3RWSOkSYfHAID89fTFAYvL4ZVSmkha1EivkY+tOeohM9zBzs5CfE9fmAlMCmxEQsYggZtjuddncKCNC4IYSkV6ez21S//3vnGvUtic+2ywaXF03MwhjKkOed6g8ukZJnj7B9Z5wu3rdiyOe85IQ==
Prime1: A7Wh1oSpETxNT/ptPVHSGIemIyNvALXSI5UcoWAADQbith5663r1GgXHk2YGbyg1HgyrCZFoME3ZoIOUQ6yfN6tlixhpWmQdLW+pz3lULlTFBQ==
Prime2: A1pCUhsSF9J8i5Smp2KEO3Dw5LngamhRksJzKC4yfGMvjwJ/RHJByyVcUEtRhgLvd2C2uW89Z4nz8HM/HQI+u9uwIFM20SIFEzZceR62ghNamQ==
Exponent1: Azf7LwilgmHe2xJwMfQIJP5OnNsaZ1zm7Gk2i4lyA8+3hHNWetR1QRKl5E3AnzIzwOM5VEm2nO2XZeyHKPVOol6DM390oFXvp0c2G+ROabyQnQ==
Exponent2: ATQ6mNC7MpC5NlGdQ+XmlTkiNuCRuFf/jZeSiJkZWvTjwZXQUhRCFMiM7fYwx/b/cqnqZ7I/9VwzslorFu0T37GQaeugFNkrsDdRRvDOA7+qoQ==
Coefficient: AkhsG+b3Bel4MQ9fF/CnsPxv0cdoTphpLZPUGPlG451hqWFzMANEcTsiDya2UHoa5FAK825+47hVdihTdZkJwMNMsoI2Xnr07AEurDapOvChrg==

3
contrib/zkt/examples/flat/example.net/Kexample.net.+005+24545.key
View file

@ -1,3 +0,0 @@
;% generationtime=20090730151357
;% lifetime=84d
example.net. IN DNSKEY 256 3 5 BQEAAAAB12pqReCbmKHzRtk4wbc6xRCSXZoA1G78HQ8W+LsPz3UTQxKZ WhmAhB2LZqK2t4rcoAhDVW0hZ6DSDuV/0kouMQ==

10
contrib/zkt/examples/flat/example.net/Kexample.net.+005+24545.published
View file

@ -1,10 +0,0 @@
Private-key-format: v1.2
Algorithm: 5 (RSASHA1)
Modulus: 12pqReCbmKHzRtk4wbc6xRCSXZoA1G78HQ8W+LsPz3UTQxKZWhmAhB2LZqK2t4rcoAhDVW0hZ6DSDuV/0kouMQ==
PublicExponent: AQAAAAE=
PrivateExponent: QGedp/HTzh6rYQGFLCnFHIM8mo5AxWZng293NH1AjxjGas5dmGZazN7l1XVRC3vsrkJnEo4vufmn3PiXEN5+cQ==
Prime1: 9xNBI9Hnmg90Tt4dTmbd3vwYOnPMY3bUT8LK7ST9AW8=
Prime2: 3zJmVknraflkD8SdS8KS30TnMdS45kfTLrLfGapkul8=
Exponent1: 3QgVQB/5/207T9FsSmaLCerWRHXc2rhk2SzIgkizh+k=
Exponent2: jFPAst+viSJxygltwZn3WPEL1+JeMFK99nilMa7YVLc=
Coefficient: 7duJdlOhBkQ0IDwI5Hiedteo7phE7GPedy5MVHpPcjM=

3
contrib/zkt/examples/flat/example.net/Kexample.net.+005+33840.key
View file

@ -1,3 +0,0 @@
;% generationtime=20090228113129
;% lifetime=60d
example.net. IN DNSKEY 257 3 5 BQEAAAABCwxfQLjMaLsvSPFYMFyi/Z5l6f/y1fNROZtCrUSAFca8c4Dc +MK9phlqEtBihnMSBjFsuhyq1w++ubzZF3rVduVXP+loeEW5cGXneM4n m52unLpZfQu0B0h/zwDLrfmedyqqZYb7grXDqFwT0EnI4cL/Ybr40H7u SUyVyLM3c5a8V5RDA2t1PImy7UURv6qusCsRslw+mM5jG0S7Il5cqhug aQ==

10
contrib/zkt/examples/flat/example.net/Kexample.net.+005+33840.published
View file

@ -1,10 +0,0 @@
Private-key-format: v1.2
Algorithm: 5 (RSASHA1)
Modulus: CwxfQLjMaLsvSPFYMFyi/Z5l6f/y1fNROZtCrUSAFca8c4Dc+MK9phlqEtBihnMSBjFsuhyq1w++ubzZF3rVduVXP+loeEW5cGXneM4nm52unLpZfQu0B0h/zwDLrfmedyqqZYb7grXDqFwT0EnI4cL/Ybr40H7uSUyVyLM3c5a8V5RDA2t1PImy7UURv6qusCsRslw+mM5jG0S7Il5cqhugaQ==
PublicExponent: AQAAAAE=
PrivateExponent: BhlkW6GKcOvDGyVAj7rEqpvEVd+t8H3WkifdhulioLIppKBuJlzzhSORjGojm6KYwcQl78F/7kHgKn2S5jBVk0FZr3vUR7Z6wbO80Ic9lOaFMBz0uYvUIYLGpFJvsVAFWv9sOkLK5iwFs6JehrSgxDbMfyBd8hpdN7mWOYD51p5HJMVvdqAw82mZoELQdlWM5tUzZdyx0jnAPtnYV+IxVa5CgQ==
Prime1: A41vXEkXlyvOuNbnByXKgw4BfHHp4LjpDsm4F35SD56Pvw1BFHtrgm/U7oJZQUBvyW2CcCe0Ria1iY4OjB/jdv2c4+GPhq1LizHquadfwHfAzw==
Prime2: AxwrEOiIRMkPEobov43MiBtbFKGA7QnN7DOD/QTFOA8a7IMhUDHU7pQbJASXpUaLKLSrAMeRNKwSyHXq34WFUzP4HK6ubuLn2k5YxhWRDbwpRw==
Exponent1: Ao+dprhY0qEAYGjF6wdwxyIDFAoU/g+1gwS566bRiIrYdXN9OoLRHHH7r3v8tfgjKckQAXbjVKfV9MYNpnW8jYqmSOvAXXjLtHtyBcJQOs89gQ==
Exponent2: 9AwIcMdFNsAzAsXHLQwN3lvQUce4cpuxw/GKnKTu9rsmqtbz9Al4qLSTsXYxErdSZ7xwIxX/PYeCywc0zZjd5fbGGOBv/fApfRgECVQWSNpJ
Coefficient: 1hDGT7Cnck4tyDJDUZHVK2ejowz2RlqzqN/BAMEfi+k3b/Ild6pdHNHu2mDYkFRqSIU4zVAVxeplrTKoXvVmmb8iWF/3jNLL/eKxYinNHe1P

10
contrib/zkt/examples/flat/example.net/Kexample.net.+005+34925.depreciated
View file

@ -1,10 +0,0 @@
Private-key-format: v1.2
Algorithm: 5 (RSASHA1)
Modulus: pYc2cSHkPcRoLfvndzNke696mmWkmp9lsX3C7xkqd8eYwXWjw2ijRq0QPahQxqFYm/hhC77xJoVwSeOtXdmKiQ==
PublicExponent: AQAAAAE=
PrivateExponent: ZF1rC+0JIyhAQNFXPtcPW8S3iggmyY5AH+yXDDqpM1qx3a3NY5/BfuHFYDtsfHAB2DOjgqQmADly2B9NMhoJ4Q==
Prime1: 2jtxQTZzjZuyqSRk4PBk/nx+VqrVFdSvHUyXb2EjNrU=
Prime2: wizFiwOCJBiVDOjA0Zq9VuWk4+Fa7TNpkXp0//Y+NQU=
Exponent1: ORIEM1AkgXP+KkRQcZI6qW+fXhrdUsegVW42eGRzEmk=
Exponent2: YHsutgi+2qKtY/38Uu3e7bnHVhpUO7ZAcgPh00vd1yk=
Coefficient: Z5qDNIXQpU91m32R1HPPK75ASx5ah4/Gd4jw/SHsnDk=

3
contrib/zkt/examples/flat/example.net/Kexample.net.+005+34925.key
View file

@ -1,3 +0,0 @@
;% generationtime=20090615075841
;% lifetime=14d
example.net. IN DNSKEY 256 3 5 BQEAAAABpYc2cSHkPcRoLfvndzNke696mmWkmp9lsX3C7xkqd8eYwXWj w2ijRq0QPahQxqFYm/hhC77xJoVwSeOtXdmKiQ==

3
contrib/zkt/examples/flat/example.net/Kexample.net.+005+48089.key
View file

@ -1,3 +0,0 @@
;% generationtime=20090630093509
;% lifetime=14d
example.net. IN DNSKEY 256 3 5 BQEAAAABzN3RkyF1Kvf3Go97BN7rNERR86F0nxfyHfXpMdwtqrMFSrkd IboUDtNZBsw+LJmadHRQZDfu79tEz8MUid7aOw==

10
contrib/zkt/examples/flat/example.net/Kexample.net.+005+48089.private
View file

@ -1,10 +0,0 @@
Private-key-format: v1.2
Algorithm: 5 (RSASHA1)
Modulus: zN3RkyF1Kvf3Go97BN7rNERR86F0nxfyHfXpMdwtqrMFSrkdIboUDtNZBsw+LJmadHRQZDfu79tEz8MUid7aOw==
PublicExponent: AQAAAAE=
PrivateExponent: a9MzQ8dBy0kkwjUECnf6X02Q8URTNL+8IuJIOjD0sVbtt04trek0iioQkWNVBn7m7o1vrIijQ4AuMe9xqyiRyQ==
Prime1: /m1HDAGWnLeuYTLhlNxQBg+vUDjDPXOFXFvOg5Vkjlc=
Prime2: ziIYCdlrKqZkIpyt6AuPsRDqs2kNlkiwWT8D4D7J3L0=
Exponent1: Sd/Kn+FrTrMRZucUyXyGoKyfX6uReD4Kv0XYAqtk9+s=
Exponent2: KAcgSeMQeZPaabpFZMR9O4h2j4WwD5PysJsQKq1i9DE=
Coefficient: NBFD1eKzJOpi9G1tF88xmnNvNBbyEtgf0EuV4JAwTrs=

3
contrib/zkt/examples/flat/example.net/Kexample.net.+008+08406.key Normal file
View file

@ -0,0 +1,3 @@
;% generationtime=20100311225233
;% lifetime=60d
example.net. IN DNSKEY 257 3 8 BQEAAAABDUkWE4dtbBTfkAnlOJSbnYSikE7cyHPg6qFItoYObenlTGkG TECQb1flWaKLDhQZ54CdnYN3FdlRVHKmkkxZOwH0HvW+fGXTGv35adGJ JBDqlJWJC0bxHsrlUZTdczt2B6g9AHUUg2WSXTa5KZHJGjFiACFzfln9 SQlVj/UzWGv2sDwQb+XiOIHkZ2VmMPx3SvFOOIG4nmTla76XYTNfUJPY BQ==

10
contrib/zkt/examples/flat/example.net/Kexample.net.+008+08406.private Normal file
View file

@ -0,0 +1,10 @@
Private-key-format: v1.2
Algorithm: 8 (RSASHA256)
Modulus: DUkWE4dtbBTfkAnlOJSbnYSikE7cyHPg6qFItoYObenlTGkGTECQb1flWaKLDhQZ54CdnYN3FdlRVHKmkkxZOwH0HvW+fGXTGv35adGJJBDqlJWJC0bxHsrlUZTdczt2B6g9AHUUg2WSXTa5KZHJGjFiACFzfln9SQlVj/UzWGv2sDwQb+XiOIHkZ2VmMPx3SvFOOIG4nmTla76XYTNfUJPYBQ==
PublicExponent: AQAAAAE=
PrivateExponent: AeHyClC8SYdKB3mQtwWx/z08pCjHEs18KF9HbWddQnQrrJKP1lh1r6DGmJ5oigg3i2x/NEBUXw345FYQ7ynaVewt4KoQ2c6vT1ZyOXuoCmJknMxXKaVma5L3+hrGwdaS7tbJXGQrq6FHaYOO/2un8G7qRU5zoods+iR8qCRktkYVk2PS7wrdeQu9XaGUl5pPwh7fmNmjpfe16kyk3M2xoThEUQ==
Prime1: A9GgY74jQxKOqTEMivti0zJIuxjlN7k1+MlTDQliH8EiFy8b/6HqRqddgdeuPDt8s0jv1cGxnMig4761JszH7CQeHbefeoLw95OXu7v6hpw3Uw==
Prime2: A3qansKrFaIwWJw7n0//qO52mEKCxoljeMzbeXx4f+pgADmyMcv8ysHMUPP6BEwVxlxHVyv9a3lxQRa8ZdPtFV+QK3Zy3PfAV8SoahbYgi2ARw==
Exponent1: v6z/wlryoSYkgnlkxM6uC6AEc7ZQQdla7cG+iaeEJq8pfzPClkU+WiBP9MJroO8ExM1mj/bjIfw3/Vel5NuLD9uU+BIV1qzcWKbPwo7xZnqh
Exponent2: OPEA/pb22DU0GDyS1UmOmJGjyp2Irxe1LJL6J16bK/lCqPNenT8qIYbLY2EKUoRhAirvurd4/fXqnzNVYdw369C/DBtfZ6AeAfs4no/+Fnfx
Coefficient: /pte3nUM+M1VmAs7z3bhTdbPWIJZk7z0RkcBhFvUn4ZGgImUSFF8/psPzvQFy9pyGzinviE16aI0UVEBxL7NkFfSs9cMX0jpItFDyJTcxvjA

3
contrib/zkt/examples/flat/example.net/Kexample.net.+008+36257.key Normal file
View file

@ -0,0 +1,3 @@
;% generationtime=20100311225233
;% lifetime=14d
example.net. IN DNSKEY 256 3 8 BQEAAAABy5vGV4emguE++EM1DlDEro5fPi7oHyQ4N95DZE//Wtr+/twH y339QiyRFhYcZrb8Wt6ZgT3qXbL2RUVQ9X8ZCQ==

10
contrib/zkt/examples/flat/example.net/Kexample.net.+008+36257.private Normal file
View file

@ -0,0 +1,10 @@
Private-key-format: v1.2
Algorithm: 8 (RSASHA256)
Modulus: y5vGV4emguE++EM1DlDEro5fPi7oHyQ4N95DZE//Wtr+/twHy339QiyRFhYcZrb8Wt6ZgT3qXbL2RUVQ9X8ZCQ==
PublicExponent: AQAAAAE=
PrivateExponent: uHA+A2dABi4t2afEHHud8MajxjMLqxw/+t0yzsRgye6eiAkJVuhYSdxxqmlqMmSayrBNSX2jYHdKmY49W6kmUQ==
Prime1: 6pzzNfud8Hzw9UdeitwJwVzFaAfV/RmRmTCm4OLBGD0=
Prime2: 3itJLwoOTYkb2rOQNjZ/4hMNov3plClxo5e9iPSARL0=
Exponent1: w/gumsQA0FOkuuMBp5PcTsbHbebL9SAVDURQgLo2ZMU=
Exponent2: ILYpsGsfTcHDSAmGbQBRSsFQEKw7Ghx/mIcWoUIN250=
Coefficient: cwmz0VwEQ4Jjc3+T0tDgH9fhUiyISbuV/0Bz25E5bYA=

45
contrib/zkt/examples/flat/example.net/dnskey.db
View file

@ -1,45 +0,0 @@
;
; !!! Don't edit this file by hand.
; !!! It will be generated by dnssec-signer.
;
; Last generation time Jul 30 2009 17:13:57
;
; *** List of Key Signing Keys ***
; example.net. tag=33840 algo=RSASHA1 generated Feb 28 2009 12:31:29
example.net. 14400 IN DNSKEY 257 3 5 (
BQEAAAABCwxfQLjMaLsvSPFYMFyi/Z5l6f/y1fNROZtCrUSAFca8c4Dc
+MK9phlqEtBihnMSBjFsuhyq1w++ubzZF3rVduVXP+loeEW5cGXneM4n
m52unLpZfQu0B0h/zwDLrfmedyqqZYb7grXDqFwT0EnI4cL/Ybr40H7u
SUyVyLM3c5a8V5RDA2t1PImy7UURv6qusCsRslw+mM5jG0S7Il5cqhug
aQ==
) ; key id = 33840
; example.net. tag=7308 algo=RSASHA1 generated Feb 28 2009 12:31:29
example.net. 14400 IN DNSKEY 257 3 5 (
BQEAAAABDG+2bUQuvTgeYA99bx5wXDsiaQnhJc5oFj+sQLmCvj6hGFfQ
oUkI67jTMkIzQlflQ3UHBfAnQMeFAhhQLrG+/cMXldZN3360Q+YlSbGJ
w2vVXcBr463AUAlENzSDS35D1x8zOgZOg34rL+1uFn0HBSI0xusYRAlU
t9A3vJsLWcRyA1e/wVthbnx1DGbuy+fM5g1inAAbgmGwyaX5JT9+p0yB
/Q==
) ; key id = 7308
; *** List of Zone Signing Keys ***
; example.net. tag=34925 algo=RSASHA1 generated Jun 17 2009 16:36:16
example.net. 14400 IN DNSKEY 256 3 5 (
BQEAAAABpYc2cSHkPcRoLfvndzNke696mmWkmp9lsX3C7xkqd8eYwXWj
w2ijRq0QPahQxqFYm/hhC77xJoVwSeOtXdmKiQ==
) ; key id = 34925
; example.net. tag=48089 algo=RSASHA1 generated Jun 30 2009 11:35:09
example.net. 14400 IN DNSKEY 256 3 5 (
BQEAAAABzN3RkyF1Kvf3Go97BN7rNERR86F0nxfyHfXpMdwtqrMFSrkd
IboUDtNZBsw+LJmadHRQZDfu79tEz8MUid7aOw==
) ; key id = 48089
; example.net. tag=24545 algo=RSASHA1 generated Jul 30 2009 17:13:57
example.net. 14400 IN DNSKEY 256 3 5 (
BQEAAAAB12pqReCbmKHzRtk4wbc6xRCSXZoA1G78HQ8W+LsPz3UTQxKZ
WhmAhB2LZqK2t4rcoAhDVW0hZ6DSDuV/0kouMQ==
) ; key id = 24545

2
contrib/zkt/examples/flat/example.net/dnssec.conf Normal file
View file

@ -0,0 +1,2 @@
Key_Algo: RSASHA256 # (Algorithm ID 8)
NSEC3: OPTOUT

4
contrib/zkt/examples/flat/example.net/dsset-example.net.
View file

@ -1,4 +0,0 @@
example.net. IN DS 7308 5 1 16CD09D37EC1FEC2952BE41A5C5E2485C1B0C445
example.net. IN DS 7308 5 2 FD31B2F54526FAA8131A3311452729467FA7AD5D7D14CA6584B4C41B 0B384D8E
example.net. IN DS 33840 5 1 A554D150A7F958080235B9A361082937B65EB7C4
example.net. IN DS 33840 5 2 044406C788E4B659573DEED74F4EAEC9E7FAC431CB6932C39DABF704 30A6102B

4
contrib/zkt/examples/flat/example.net/kexample.net.+005+01764.key
View file

@ -1,4 +0,0 @@
;% generationtime=20080506212634
;% lifetime=60d
;% expirationtime=20090228113128
example.net. IN DNSKEY 385 3 5 BQEAAAABDUi2uSUlDjESbnrnY5wd8+pXxhYVY4wCi2UVjhcehvIb2bF8 VJH2Q9/0ubQR1vQ2VJhsGUj3A7bdTfbMETPxKkZaDpc9lCYrm0z5HDrs lyx4bSb4JX/iCyhgYZXrTVb9WyLXjUtmDUktDjZgsyVshFHVJShBUSj+ YpnfQkndGViDAbJRycXDYEF1hCNmTK3KsR1JS9dXMKI3WidH+B9rLlBU 8w==

10
contrib/zkt/examples/flat/example.net/kexample.net.+005+01764.private
View file

@ -1,10 +0,0 @@
Private-key-format: v1.2
Algorithm: 5 (RSASHA1)
Modulus: DUi2uSUlDjESbnrnY5wd8+pXxhYVY4wCi2UVjhcehvIb2bF8VJH2Q9/0ubQR1vQ2VJhsGUj3A7bdTfbMETPxKkZaDpc9lCYrm0z5HDrslyx4bSb4JX/iCyhgYZXrTVb9WyLXjUtmDUktDjZgsyVshFHVJShBUSj+YpnfQkndGViDAbJRycXDYEF1hCNmTK3KsR1JS9dXMKI3WidH+B9rLlBU8w==
PublicExponent: AQAAAAE=
PrivateExponent: AzPR74ljfqsl7qB92XeCowR3igYQrN59a2Z8VGB1PegjagkBltDzudzYyDKpvqdigjeFLL54f1MN5JCPo4J2Q6Ij49LAQ5GsXiEd/FWlwR+UztOcW/uZ3W6DNIwuMbSY7ruZmpv/zVPpyeY1PVXgCsJlX2Zj/Wt8QHASHp5rUugGQSPQfVSQ/mBdDXMZw2tEb3b10quziCmKuHegopRYeuNXwQ==
Prime1: A+5jXfxmP0Mfnjr4m8BPrPkDyokgFXZB3dXibxeZqp4ypcwpXeO0xTf1FjSZeIOi2RJOzpym914IYa3wPx4zbxmsGeozr1hTIWE+6Xuz0qjE0w==
Prime2: A2EOffOaSvEoTUf/0dF8Z9/dYxIrE9HBbXRjgrlPc+WoG57lCkjxe/KO5Eclg9o5nrTFcsxpsjrdxOAcIcyTIHsXW8YgxDAb1mFJ0V6tBsabYQ==
Exponent1: vmRAN3zHGTV28Oj4gslB/xA58sDyieCkDrpGaGChsPo7yUPOEeZQ8ep/FDnQoZLhLCn6XkKcN4D99Yo3JxVECBJOHZp8HrFsfF9BzpXk2yH9
Exponent2: Aj8x3YdZJ0/KzwX2m6G2qZ5WktmkDITa+XHxvSashqlBm2niBCRFN5kNQNhkIO5ZAFWKEPuHSB5BZWTzgj8jeB8mRoYtbPlJom4KbNtCiZ6BYQ==
Coefficient: A87WfUPUBfYDuSAu6kcHLAyr0OnqoXnMeXSgyq28CJXdh3Vg39Al8me07wWeRDjMzfpZGdKEhxyvVIS8WhY3du0FYoGI5YhJMqaYq3XjwLfpsQ==

4
contrib/zkt/examples/flat/example.net/kexample.net.+005+14829.key
View file

@ -1,4 +0,0 @@
;% generationtime=20080415164557
;% lifetime=20d
;% expirationtime=20080506212633
example.net. IN DNSKEY 385 3 5 BQEAAAABCrDt76ODmeteohszxggclH3vAXO/NXOnXjOzIivP5LaUL4/U uAtafg5JXypl/nCUVap9FG0K1ebCCBCMJaPCoi7pIgD5EgFzHPnxZo2w GvtmWYwK3MaBP4U8YzwpVbGpJIBAW+IZyM89LD6b2cvkJL5YEviPNfMp rMTLo7BOMVjMBpG2IuULOHq7dzyIe/ym/RXKuuYc5AVtHCBBfGKU/Wzn 0Q==

10
contrib/zkt/examples/flat/example.net/kexample.net.+005+14829.private
View file

@ -1,10 +0,0 @@
Private-key-format: v1.2
Algorithm: 5 (RSASHA1)
Modulus: CrDt76ODmeteohszxggclH3vAXO/NXOnXjOzIivP5LaUL4/UuAtafg5JXypl/nCUVap9FG0K1ebCCBCMJaPCoi7pIgD5EgFzHPnxZo2wGvtmWYwK3MaBP4U8YzwpVbGpJIBAW+IZyM89LD6b2cvkJL5YEviPNfMprMTLo7BOMVjMBpG2IuULOHq7dzyIe/ym/RXKuuYc5AVtHCBBfGKU/Wzn0Q==
PublicExponent: AQAAAAE=
PrivateExponent: CWC6hC61oQC954Dcu2Z0NNmLk6Wnr33yh7VCuT7kh5fSOgA6Fm0qQgH+nvW2sv9fpy8JB4WBaa/CnysKkLwjDBFcWkrMw7wDR0KAiixe8bjXCZUy95x2t3B/o23jQtS/ejJgaSSOJFioRcPoT5sv9mm6QCe3ir3g9+3n4COrzf0DY1oGfDLzuhrYDT/AM5MuEjSamlblTPHHsKlI3UCl+AHDLQ==
Prime1: A3ZcDeyxt/SDgmgg4Yk7v66MbFU4GWreYp4/MYhEDsE4jA0cqEY28cAoN8FyPCB1H1t10IVqOs7/LSKrWdXMUKUv57DPMHJp539Wx2HYLmVIfw==
Prime2: AxZ8J01/Sbij24nloiVsDJdjFTAVApr4S6n/QRdBkWumQTLexnQ1ErcTEVc3Fn0po04ZToIO5JNINrWNdAuNiaHYLuiD4pkkHuSAmTajbVsnrw==
Exponent1: Iw7WPWd3zZeJ/b3zQcQtSosUXUWFy430aEsQWimMnibFm+qOVpsjhRkTHW/yZp227Y4sVb/ZhzCZWFGr6qWe0sdHIv5Yx6SkvIxv4rUiHdOL
Exponent2: AhiPWhKq+Iyy/HRZuWpIAalUZ7yE7FeHWFQYQLocatTCnY91VsgNxRLXRwcci6mflhIVoLBDHJal7x4SCRq0Xbze5PeMlMUhsDQdCT+QYTgCRw==
Coefficient: Auw2b1lPzp3gWxpnDNZWeuiwGcWTd9fNfN/4kBrCbulFngYTNVBpqathFqdwtojYXHfM2HZDKHqmZVZgON+FfxvauGvTDWO6MTBxUleeBlLmcg==

4
contrib/zkt/examples/flat/example.net/kexample.net.+005+41151.key
View file

@ -1,4 +0,0 @@
;% generationtime=20080420205422
;% lifetime=60d
;% expirationtime=20081116175850
example.net. IN DNSKEY 385 3 5 BQEAAAABDAnSCbSyScZdP2M6OQTbTGvZRD5avmDYgAwXv0EsnNautYn7 kzDGwY3oVTXWDTdII+syK0pt0unjUn2ActoXtyFzIk61VRKDroANM9/W O0PO/y50vNIGMJUL1TiMR6jCp23eSxQ39/1A+BeiU+fMjoJK0/Yc7hbM HWwD8myU0IEX8R2iVUTXNPNbmUV2M836Eu5SRLIVTc7P4vjKT1YYVnoQ qw==

10
contrib/zkt/examples/flat/example.net/kexample.net.+005+41151.private
View file

@ -1,10 +0,0 @@
Private-key-format: v1.2
Algorithm: 5 (RSASHA1)
Modulus: DAnSCbSyScZdP2M6OQTbTGvZRD5avmDYgAwXv0EsnNautYn7kzDGwY3oVTXWDTdII+syK0pt0unjUn2ActoXtyFzIk61VRKDroANM9/WO0PO/y50vNIGMJUL1TiMR6jCp23eSxQ39/1A+BeiU+fMjoJK0/Yc7hbMHWwD8myU0IEX8R2iVUTXNPNbmUV2M836Eu5SRLIVTc7P4vjKT1YYVnoQqw==
PublicExponent: AQAAAAE=
PrivateExponent: CJPcx+j7bWxMzKCl395v2PxQRYc/YurHU25oJL9i+B/bkxC8sRzSrTe4rRW61vhtAE3R6+CGz1336igirbEWKjHbPyBg42QHu2OCHWcKv4jq8k9yvtYGb9rKVvSUj4HAfZolr130loWW+CNp5soQQcJG0qxP+YkdI/Z+GDQ9kDbn80+r3wtCtVzjhoq0RoUSH3UnKUbs+DvacQmvepMLcM3PgQ==
Prime1: A413lN4gpI+7Imn2Krm4CGyRCBoNwFa2PSr1ZQN195W5enKVZAkKg+49G7hoduMgjW2RAzwoJp0/4cGPx5nugSv93QT/mTMhYupL9KdGKcYUIQ==
Prime2: A2N7TbYY1Q67CsoqHPvogKEP0XtlN421eF+88Yu/YnAZ3Ikd1nMad7rO1bVWptabsNuw0JFkpOmrS3u/GvaWmKCNGBlGjF/XlKr8Bh63V/zLSw==
Exponent1: Aa0C6ssN8NTZIKsoGJEJLVbb9uB48nXtaMq2FxFARogrnmY0Gi/n8AWFc+ulPvAzJhhrjWF3VW38GcuPe3Ss8l3fpAbAexEnrJHOXxKLlOgmwQ==
Exponent2: j78LKeDXSgTL5WmsffdJHSRe32GfaX6SgTF0BKzKVRuNIiOf7vHjzkDn4gdcTsMLTSNVp/Zj4vkWMkfJNq+AqosHpBFvhmd+boUG4Xde4jSp
Coefficient: A1RWhKCgowdNAWs9OF3Q5CBBzC2Fq6O0CspJJD3cmNTEQVbxEbzSWyW7S1NsBgp+6de/HQ72IFtEAL9ChSy6pXWx27PGK6wE89rGbfaJ9Y2gzQ==

19
contrib/zkt/examples/flat/example.net/keyset-example.net.
View file

@ -1,19 +0,0 @@
$ORIGIN .
example.net 7200 IN DNSKEY 257 3 5 (
BQEAAAABCwxfQLjMaLsvSPFYMFyi/Z5l6f/y
1fNROZtCrUSAFca8c4Dc+MK9phlqEtBihnMS
BjFsuhyq1w++ubzZF3rVduVXP+loeEW5cGXn
eM4nm52unLpZfQu0B0h/zwDLrfmedyqqZYb7
grXDqFwT0EnI4cL/Ybr40H7uSUyVyLM3c5a8
V5RDA2t1PImy7UURv6qusCsRslw+mM5jG0S7
Il5cqhugaQ==
) ; key id = 33840
7200 IN DNSKEY 257 3 5 (
BQEAAAABDG+2bUQuvTgeYA99bx5wXDsiaQnh
Jc5oFj+sQLmCvj6hGFfQoUkI67jTMkIzQlfl
Q3UHBfAnQMeFAhhQLrG+/cMXldZN3360Q+Yl
SbGJw2vVXcBr463AUAlENzSDS35D1x8zOgZO
g34rL+1uFn0HBSI0xusYRAlUt9A3vJsLWcRy
A1e/wVthbnx1DGbuy+fM5g1inAAbgmGwyaX5
JT9+p0yB/Q==
) ; key id = 7308

34
contrib/zkt/examples/flat/example.net/z.db Normal file
View file

@ -0,0 +1,34 @@
;-----------------------------------------------------------------
;
; @(#) example.net/zone.db
;
;-----------------------------------------------------------------
$TTL 7200
@ IN SOA ns1.example.net. hostmaster.example.net. (
353 ; Serial
43200 ; Refresh
1800 ; Retry
2W ; Expire
7200 ) ; Minimum
IN NS ns1.example.net.
ns1 IN A 1.0.0.5
example.net. 3600 IN DNSKEY 257 3 5 (
BQEAAAABCwxfQLjMaLsvSPFYMFyi/Z5l6f/y1fNROZtCrUSAFca8c4Dc
+MK9phlqEtBihnMSBjFsuhyq1w++ubzZF3rVduVXP+loeEW5cGXneM4n
m52unLpZfQu0B0h/zwDLrfmedyqqZYb7grXDqFwT0EnI4cL/Ybr40H7u
SUyVyLM3c5a8V5RDA2t1PImy7UURv6qusCsRslw+mM5jG0S7Il5cqhug
aQ==
) ; key id = 33840
example.net. 3600 IN DNSKEY 256 3 5 (
BQEAAAABzN3RkyF1Kvf3Go97BN7rNERR86F0nxfyHfXpMdwtqrMFSrkd
IboUDtNZBsw+LJmadHRQZDfu79tEz8MUid7aOw==
) ; key id = 48089
_domainkey IN NS ns1.example.net.

274
contrib/zkt/examples/flat/example.net/zktlog-example.net. Normal file
View file

@ -0,0 +1,274 @@
2010-02-06 00:26:54.533: debug: Check RFC5011 status
2010-02-06 00:26:54.533: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-06 00:26:54.533: debug: Check KSK status
2010-02-06 00:26:54.533: debug: Check ZSK status
2010-02-06 00:26:54.533: debug: Re-signing not necessary!
2010-02-06 00:26:54.533: debug: Check if there is a parent file to copy
2010-02-06 00:29:31.291: debug: Check RFC5011 status
2010-02-06 00:29:31.291: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-06 00:29:31.291: debug: Check KSK status
2010-02-06 00:29:31.292: debug: Check ZSK status
2010-02-06 00:29:31.292: debug: Re-signing not necessary!
2010-02-06 00:29:31.292: debug: Check if there is a parent file to copy
2010-02-06 00:40:35.043: debug: Check RFC5011 status
2010-02-06 00:40:35.043: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-06 00:40:35.043: debug: Check KSK status
2010-02-06 00:40:35.043: debug: Check ZSK status
2010-02-06 00:40:35.043: debug: Re-signing not necessary!
2010-02-06 00:40:35.043: debug: Check if there is a parent file to copy
2010-02-06 00:52:55.403: debug: Check RFC5011 status
2010-02-06 00:52:55.403: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-06 00:52:55.403: debug: Check KSK status
2010-02-06 00:52:55.403: debug: Check ZSK status
2010-02-06 00:52:55.403: debug: Re-signing not necessary!
2010-02-06 00:52:55.403: debug: Check if there is a parent file to copy
2010-02-07 13:53:48.304: debug: Check RFC5011 status
2010-02-07 13:53:48.304: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-07 13:53:48.304: debug: Check KSK status
2010-02-07 13:53:48.304: debug: Check ZSK status
2010-02-07 13:53:48.304: debug: Re-signing not necessary!
2010-02-07 13:53:48.304: debug: Check if there is a parent file to copy
2010-02-07 13:54:03.466: debug: Check RFC5011 status
2010-02-07 13:54:03.466: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-07 13:54:03.466: debug: Check KSK status
2010-02-07 13:54:03.466: debug: Check ZSK status
2010-02-07 13:54:03.466: debug: Re-signing not necessary!
2010-02-07 13:54:03.466: debug: Check if there is a parent file to copy
2010-02-07 13:54:08.019: debug: Check RFC5011 status
2010-02-07 13:54:08.019: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-07 13:54:08.020: debug: Check KSK status
2010-02-07 13:54:08.020: debug: Check ZSK status
2010-02-07 13:54:08.020: debug: Re-signing necessary: Option -f
2010-02-07 13:54:08.020: notice: "example.net.": re-signing triggered: Option -f
2010-02-07 13:54:08.020: debug: Writing key file "./example.net/dnskey.db"
2010-02-07 13:54:08.020: debug: Incrementing serial number in file "./example.net/zone.db"
2010-02-07 13:54:08.020: debug: Signing zone "example.net."
2010-02-07 13:54:08.021: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
2010-02-07 13:54:08.125: debug: Cmd dnssec-signzone return: "zone.db.signed"
2010-02-07 13:54:08.125: debug: Signing completed after 0s.
2010-02-07 13:54:08.125: notice: "example.net.": distribution triggered
2010-02-07 13:54:08.125: debug: Distribute zone "example.net."
2010-02-07 13:54:08.125: debug: Run cmd "./dist.sh distribute example.net. ./example.net/zone.db.signed "
2010-02-07 13:54:08.129: debug: ./dist.sh distribute return: "scp ./example.net/zone.db.signed localhost:/var/named/example.net./"
2010-02-07 13:54:08.129: notice: "example.net.": reload triggered
2010-02-07 13:54:08.129: debug: Reload zone "example.net."
2010-02-07 13:54:08.129: debug: Run cmd "./dist.sh reload example.net. ./example.net/zone.db.signed "
2010-02-07 13:54:08.139: debug: ./dist.sh reload return: "rndc reload example.net. "
2010-02-07 14:06:27.670: debug: Check RFC5011 status
2010-02-07 14:06:27.670: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-07 14:06:27.670: debug: Check KSK status
2010-02-07 14:06:27.670: debug: Check ZSK status
2010-02-07 14:06:27.670: debug: Re-signing not necessary!
2010-02-07 14:06:27.671: debug: Check if there is a parent file to copy
2010-02-07 14:06:33.753: debug: Check RFC5011 status
2010-02-07 14:06:33.753: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-07 14:06:33.753: debug: Check KSK status
2010-02-07 14:06:33.753: debug: Check ZSK status
2010-02-07 14:06:33.753: debug: Re-signing necessary: Option -f
2010-02-07 14:06:33.753: notice: "example.net.": re-signing triggered: Option -f
2010-02-07 14:06:33.753: debug: Writing key file "./example.net/dnskey.db"
2010-02-07 14:06:33.754: debug: Incrementing serial number in file "./example.net/zone.db"
2010-02-07 14:06:33.754: debug: Signing zone "example.net."
2010-02-07 14:06:33.754: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
2010-02-07 14:06:33.790: debug: Cmd dnssec-signzone return: "zone.db.signed"
2010-02-07 14:06:33.790: debug: Signing completed after 0s.
2010-02-07 14:06:33.790: notice: "example.net.": distribution triggered
2010-02-07 14:06:33.790: debug: Distribute zone "example.net."
2010-02-07 14:06:33.790: debug: Run cmd "./dist.sh distribute example.net. ./example.net/zone.db.signed "
2010-02-07 14:06:33.794: debug: ./dist.sh distribute return: "scp ./example.net/zone.db.signed localhost:/var/named/example.net./"
2010-02-07 14:06:33.794: notice: "example.net.": reload triggered
2010-02-07 14:06:33.794: debug: Reload zone "example.net."
2010-02-07 14:06:33.794: debug: Run cmd "./dist.sh reload example.net. ./example.net/zone.db.signed "
2010-02-07 14:06:33.797: debug: ./dist.sh reload return: "rndc reload example.net. "
2010-02-21 12:50:43.587: debug: Check RFC5011 status
2010-02-21 12:50:43.587: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-21 12:50:43.587: debug: Check KSK status
2010-02-21 12:50:43.587: debug: Check ZSK status
2010-02-21 12:50:43.587: debug: Lifetime(1209600 +/-150 sec) of active key 33002 exceeded (2394625 sec)
2010-02-21 12:50:43.587: debug: ->depreciate it
2010-02-21 12:50:43.587: debug: ->activate published key 29240
2010-02-21 12:50:43.587: notice: "example.net.": lifetime of zone signing key 33002 exceeded: ZSK rollover done
2010-02-21 12:50:43.587: debug: New key for publishing needed
2010-02-21 12:50:43.658: debug: ->creating new key 5525
2010-02-21 12:50:43.658: info: "example.net.": new key 5525 generated for publishing
2010-02-21 12:50:43.658: debug: Re-signing necessary: Modfied zone key set
2010-02-21 12:50:43.658: notice: "example.net.": re-signing triggered: Modfied zone key set
2010-02-21 12:50:43.658: debug: Writing key file "./example.net/dnskey.db"
2010-02-21 12:50:43.665: debug: Incrementing serial number in file "./example.net/zone.db"
2010-02-21 12:50:43.665: debug: Signing zone "example.net."
2010-02-21 12:50:43.665: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
2010-02-21 12:50:43.733: debug: Cmd dnssec-signzone return: "zone.db.signed"
2010-02-21 12:50:43.733: debug: Signing completed after 0s.
2010-02-21 12:50:51.205: debug: Check RFC5011 status
2010-02-21 12:50:51.205: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-21 12:50:51.205: debug: Check KSK status
2010-02-21 12:50:51.205: debug: Check ZSK status
2010-02-21 12:50:51.205: debug: Re-signing not necessary!
2010-02-21 12:50:51.205: debug: Check if there is a parent file to copy
2010-02-21 12:51:23.497: debug: Check RFC5011 status
2010-02-21 12:51:23.497: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-21 12:51:23.497: debug: Check KSK status
2010-02-21 12:51:23.497: debug: Check ZSK status
2010-02-21 12:51:23.497: debug: Re-signing not necessary!
2010-02-21 12:51:23.497: debug: Check if there is a parent file to copy
2010-02-21 19:16:18.594: debug: Check RFC5011 status
2010-02-21 19:16:18.594: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-21 19:16:18.594: debug: Check KSK status
2010-02-21 19:16:18.594: debug: Check ZSK status
2010-02-21 19:16:18.594: debug: Re-signing not necessary!
2010-02-21 19:16:18.594: debug: Check if there is a parent file to copy
2010-02-21 19:32:11.378: debug: Check RFC5011 status
2010-02-21 19:32:11.378: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-21 19:32:11.378: debug: Check KSK status
2010-02-21 19:32:11.378: debug: Check ZSK status
2010-02-21 19:32:11.378: debug: Re-signing not necessary!
2010-02-21 19:32:11.378: debug: Check if there is a parent file to copy
2010-02-21 19:32:15.982: debug: Check RFC5011 status
2010-02-21 19:32:15.982: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-21 19:32:15.982: debug: Check KSK status
2010-02-21 19:32:15.982: debug: Check ZSK status
2010-02-21 19:32:15.982: debug: Re-signing necessary: Option -f
2010-02-21 19:32:15.982: notice: "example.net.": re-signing triggered: Option -f
2010-02-21 19:32:15.982: debug: Writing key file "./example.net/dnskey.db"
2010-02-21 19:32:15.982: debug: Incrementing serial number in file "./example.net/zone.db"
2010-02-21 19:32:15.982: debug: Signing zone "example.net."
2010-02-21 19:32:15.982: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
2010-02-21 19:32:16.019: debug: Cmd dnssec-signzone return: "zone.db.signed"
2010-02-21 19:32:16.019: debug: Signing completed after 1s.
2010-02-21 19:32:32.232: debug: Check RFC5011 status
2010-02-21 19:32:32.232: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-21 19:32:32.233: debug: Check KSK status
2010-02-21 19:32:32.233: debug: Check ZSK status
2010-02-21 19:32:32.233: debug: Re-signing necessary: Option -f
2010-02-21 19:32:32.233: notice: "example.net.": re-signing triggered: Option -f
2010-02-21 19:32:32.233: debug: Writing key file "./example.net/dnskey.db"
2010-02-21 19:32:32.233: debug: Incrementing serial number in file "./example.net/zone.db"
2010-02-21 19:32:32.233: debug: Signing zone "example.net."
2010-02-21 19:32:32.233: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
2010-02-21 19:32:32.273: debug: Cmd dnssec-signzone return: "zone.db.signed"
2010-02-21 19:32:32.273: debug: Signing completed after 0s.
2010-02-25 00:12:27.060: debug: Check RFC5011 status
2010-02-25 00:12:27.060: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-25 00:12:27.060: debug: Check KSK status
2010-02-25 00:12:27.060: debug: Check ZSK status
2010-02-25 00:12:27.060: debug: Lifetime(29100 sec) of depreciated key 33002 exceeded (300104 sec)
2010-02-25 00:12:27.060: info: "example.net.": old ZSK 33002 removed
2010-02-25 00:12:27.081: debug: ->remove it
2010-02-25 00:12:27.082: debug: Re-signing necessary: Modfied zone key set
2010-02-25 00:12:27.082: notice: "example.net.": re-signing triggered: Modfied zone key set
2010-02-25 00:12:27.082: debug: Writing key file "./example.net/dnskey.db"
2010-02-25 00:12:27.086: debug: Incrementing serial number in file "./example.net/zone.db"
2010-02-25 00:12:27.086: debug: Signing zone "example.net."
2010-02-25 00:12:27.086: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
2010-02-25 00:12:27.173: debug: Cmd dnssec-signzone return: "zone.db.signed"
2010-02-25 00:12:27.174: debug: Signing completed after 0s.
2010-02-25 23:42:21.013: debug: Check RFC5011 status
2010-02-25 23:42:21.013: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-25 23:42:21.013: debug: Check KSK status
2010-02-25 23:42:21.013: debug: Check ZSK status
2010-02-25 23:42:21.013: debug: Re-signing not necessary!
2010-02-25 23:42:21.013: debug: Check if there is a parent file to copy
2010-03-02 10:59:12.416: debug: Check RFC5011 status
2010-03-02 10:59:12.416: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-03-02 10:59:12.416: debug: Check KSK status
2010-03-02 10:59:12.416: debug: Check ZSK status
2010-03-02 10:59:12.416: debug: Re-signing necessary: re-signing interval (2d) reached
2010-03-02 10:59:12.416: notice: "example.net.": re-signing triggered: re-signing interval (2d) reached
2010-03-02 10:59:12.416: debug: Writing key file "./example.net/dnskey.db"
2010-03-02 10:59:12.449: debug: Incrementing serial number in file "./example.net/zone.db"
2010-03-02 10:59:12.449: debug: Signing zone "example.net."
2010-03-02 10:59:12.450: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
2010-03-02 10:59:12.530: debug: Cmd dnssec-signzone return: "zone.db.signed"
2010-03-02 10:59:12.530: debug: Signing completed after 0s.
2010-03-03 23:22:00.415: debug: Check RFC5011 status
2010-03-03 23:22:00.415: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-03-03 23:22:00.415: debug: Check KSK status
2010-03-03 23:22:00.415: debug: Check ZSK status
2010-03-03 23:22:00.416: debug: Re-signing not necessary!
2010-03-03 23:22:00.416: debug: Check if there is a parent file to copy
2010-03-08 23:11:50.170: debug: Check RFC5011 status
2010-03-08 23:11:50.170: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-03-08 23:11:50.170: debug: Check KSK status
2010-03-08 23:11:50.170: debug: Check ZSK status
2010-03-08 23:11:50.171: debug: Lifetime(1209600 +/-150 sec) of active key 29240 exceeded (1333267 sec)
2010-03-08 23:11:50.171: debug: ->depreciate it
2010-03-08 23:11:50.171: debug: ->activate published key 5525
2010-03-08 23:11:50.171: notice: "example.net.": lifetime of zone signing key 29240 exceeded: ZSK rollover done
2010-03-08 23:11:50.171: debug: New key for publishing needed
2010-03-08 23:11:50.228: debug: ->creating new key 21482
2010-03-08 23:11:50.228: info: "example.net.": new key 21482 generated for publishing
2010-03-08 23:11:50.228: debug: Re-signing necessary: Modfied zone key set
2010-03-08 23:11:50.228: notice: "example.net.": re-signing triggered: Modfied zone key set
2010-03-08 23:11:50.228: debug: Writing key file "././example.net/dnskey.db"
2010-03-08 23:11:50.235: debug: Incrementing serial number in file "././example.net/zone.db"
2010-03-08 23:11:50.235: debug: Signing zone "example.net."
2010-03-08 23:11:50.235: debug: Run cmd "cd ././example.net; /usr/local/sbin/dnssec-signzone -n 1 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
2010-03-08 23:11:50.294: debug: Cmd dnssec-signzone return: "zone.db.signed"
2010-03-08 23:11:50.294: debug: Signing completed after 0s.
2010-03-08 23:12:56.212: debug: Check RFC5011 status
2010-03-08 23:12:56.212: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-03-08 23:12:56.212: debug: Check KSK status
2010-03-08 23:12:56.212: debug: Check ZSK status
2010-03-08 23:12:56.212: debug: Re-signing necessary: Modfied zone key set
2010-03-08 23:12:56.212: notice: "example.net.": re-signing triggered: Modfied zone key set
2010-03-08 23:12:56.212: debug: Writing key file "././example.net/dnskey.db"
2010-03-08 23:12:56.213: debug: Incrementing serial number in file "././example.net/zone.db"
2010-03-08 23:12:56.213: debug: Signing zone "example.net."
2010-03-08 23:12:56.213: debug: Run cmd "cd ././example.net; /usr/local/sbin/dnssec-signzone -n 1 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
2010-03-08 23:12:56.278: debug: Cmd dnssec-signzone return: "zone.db.signed"
2010-03-08 23:12:56.279: debug: Signing completed after 0s.
2010-03-08 23:13:36.984: debug: Check RFC5011 status
2010-03-08 23:13:36.984: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-03-08 23:13:36.984: debug: Check KSK status
2010-03-08 23:13:36.984: debug: Check ZSK status
2010-03-08 23:13:36.985: debug: Re-signing not necessary!
2010-03-08 23:13:36.985: debug: Check if there is a parent file to copy
2010-03-08 23:18:52.287: debug: Check RFC5011 status
2010-03-08 23:18:52.287: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-03-08 23:18:52.287: debug: Check KSK status
2010-03-08 23:18:52.287: debug: Check ZSK status
2010-03-08 23:18:52.287: debug: Re-signing not necessary!
2010-03-08 23:18:52.287: debug: Check if there is a parent file to copy
2010-03-11 23:46:35.831: debug: Check RFC5011 status
2010-03-11 23:46:35.831: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-03-11 23:46:35.831: debug: Check KSK status
2010-03-11 23:46:35.831: debug: Check ZSK status
2010-03-11 23:46:35.831: debug: Lifetime(29100 sec) of depreciated key 29240 exceeded (261285 sec)
2010-03-11 23:46:35.831: info: "example.net.": old ZSK 29240 removed
2010-03-11 23:46:35.832: debug: ->remove it
2010-03-11 23:46:35.832: debug: Re-signing necessary: Modfied zone key set
2010-03-11 23:46:35.832: notice: "example.net.": re-signing triggered: Modfied zone key set
2010-03-11 23:46:35.832: debug: Writing key file "./example.net/dnskey.db"
2010-03-11 23:46:35.841: debug: Incrementing serial number in file "./example.net/zone.db"
2010-03-11 23:46:35.841: debug: Signing zone "example.net."
2010-03-11 23:46:35.841: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
2010-03-11 23:46:35.929: debug: Cmd dnssec-signzone return: "zone.db.signed"
2010-03-11 23:46:35.929: debug: Signing completed after 0s.
2010-03-11 23:52:33.132: debug: Check RFC5011 status
2010-03-11 23:52:33.132: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-03-11 23:52:33.133: debug: Check KSK status
2010-03-11 23:52:33.133: debug: No active KSK found: generate new one
2010-03-11 23:52:33.374: info: "example.net.": generated new KSK 8406
2010-03-11 23:52:33.374: debug: Check ZSK status
2010-03-11 23:52:33.374: debug: No active ZSK found: generate new one
2010-03-11 23:52:33.400: info: "example.net.": generated new ZSK 36257
2010-03-11 23:52:33.400: debug: Re-signing necessary: Modfied zone key set
2010-03-11 23:52:33.400: notice: "example.net.": re-signing triggered: Modfied zone key set
2010-03-11 23:52:33.400: debug: Writing key file "./example.net/dnskey.db"
2010-03-11 23:52:33.400: debug: Incrementing serial number in file "./example.net/zone.db"
2010-03-11 23:52:33.400: debug: Signing zone "example.net."
2010-03-11 23:52:33.400: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -A -3 69AE05 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
2010-03-11 23:52:33.408: debug: Cmd dnssec-signzone return: "dnssec-signzone: fatal: NSEC3 generation requested with NSEC only DNSKEY"
2010-03-11 23:52:33.408: error: "example.net.": signing failed!
2010-03-11 23:53:27.856: debug: Check RFC5011 status
2010-03-11 23:53:27.856: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-03-11 23:53:27.856: debug: Check KSK status
2010-03-11 23:53:27.856: debug: Check ZSK status
2010-03-11 23:53:27.856: debug: Re-signing necessary: Modified keys
2010-03-11 23:53:27.856: notice: "example.net.": re-signing triggered: Modified keys
2010-03-11 23:53:27.856: debug: Writing key file "./example.net/dnskey.db"
2010-03-11 23:53:27.856: debug: Incrementing serial number in file "./example.net/zone.db"
2010-03-11 23:53:27.856: debug: Signing zone "example.net."
2010-03-11 23:53:27.856: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -A -3 67AA7F -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
2010-03-11 23:53:27.920: debug: Cmd dnssec-signzone return: "zone.db.signed"
2010-03-11 23:53:27.920: debug: Signing completed after 0s.

43
contrib/zkt/examples/flat/example.net/zone.db
View file

@ -1,43 +0,0 @@
;-----------------------------------------------------------------
;
; @(#) example.net/zone.db
;
;-----------------------------------------------------------------
$TTL 7200
; Ensure that the serial number below is left
; justified in a field of at least 10 chars!!
; 0123456789;
; It's also possible to use the date format e.g. 2005040101
@ IN SOA ns1.example.net. hostmaster.example.net. (
350 ; Serial
43200 ; Refresh
1800 ; Retry
2W ; Expire
7200 ) ; Minimum
IN NS ns1.example.net.
IN NS ns2.example.net.
ns1 IN A 1.0.0.5
IN AAAA 2001:db8::53
ns2 IN A 1.2.0.6
localhost IN A 127.0.0.1
a IN A 1.2.3.1
b IN MX 10 a
;c IN A 1.2.3.2
d IN A 1.2.3.3
IN AAAA 2001:0db8::3
; Delegation to secure zone; The DS resource record will
; be added by dnssec-signzone automatically if the
; keyset-sub.example.net file is present (run dnssec-signzone
; with option -g or use the dnssec-signer tool) ;-)
sub IN NS ns1.example.net.
; this file will contain all the zone keys
$INCLUDE dnskey.db

165
contrib/zkt/examples/flat/example.net/zone.db.signed
View file

@ -1,165 +0,0 @@
; File written on Thu Jul 30 17:13:57 2009
; dnssec_signzone version 9.7.0a1
example.net. 7200 IN SOA ns1.example.net. hostmaster.example.net. (
350 ; serial
43200 ; refresh (12 hours)
1800 ; retry (30 minutes)
1209600 ; expire (2 weeks)
7200 ; minimum (2 hours)
)
7200 RRSIG SOA 5 2 7200 20090809141357 (
20090730141357 48089 example.net.
ef9jaM2b3mfW7Kt8CfONPqtWve+OA7+sxDph
ffNDdF4G2wd9hosI5S9Sz8BOIJGzcg2tsgaB
gOjVmH4Ywf+oKg== )
7200 NS ns1.example.net.
7200 NS ns2.example.net.
7200 RRSIG NS 5 2 7200 20090809141357 (
20090730141357 48089 example.net.
F05kFb45lMYUbgimn1ACKyIU61+oYOg3sMHU
FxJd+qg9erf2//q7k4sFC9KPqpuLoLxeq7zl
Mk6meHS+9wsneQ== )
7200 NSEC a.example.net. NS SOA RRSIG NSEC DNSKEY
7200 RRSIG NSEC 5 2 7200 20090809141357 (
20090730141357 48089 example.net.
OGO1Xb1nWaMl1cgCatUx3MbFzS/3N78l2FWJ
9nj41937o+SaC///0hsrluM8NWCj1ROyZU3e
olkU38g+o0fkPQ== )
14400 DNSKEY 256 3 5 (
BQEAAAABpYc2cSHkPcRoLfvndzNke696mmWk
mp9lsX3C7xkqd8eYwXWjw2ijRq0QPahQxqFY
m/hhC77xJoVwSeOtXdmKiQ==
) ; key id = 34925
14400 DNSKEY 256 3 5 (
BQEAAAABzN3RkyF1Kvf3Go97BN7rNERR86F0
nxfyHfXpMdwtqrMFSrkdIboUDtNZBsw+LJma
dHRQZDfu79tEz8MUid7aOw==
) ; key id = 48089
14400 DNSKEY 256 3 5 (
BQEAAAAB12pqReCbmKHzRtk4wbc6xRCSXZoA
1G78HQ8W+LsPz3UTQxKZWhmAhB2LZqK2t4rc
oAhDVW0hZ6DSDuV/0kouMQ==
) ; key id = 24545
14400 DNSKEY 257 3 5 (
BQEAAAABCwxfQLjMaLsvSPFYMFyi/Z5l6f/y
1fNROZtCrUSAFca8c4Dc+MK9phlqEtBihnMS
BjFsuhyq1w++ubzZF3rVduVXP+loeEW5cGXn
eM4nm52unLpZfQu0B0h/zwDLrfmedyqqZYb7
grXDqFwT0EnI4cL/Ybr40H7uSUyVyLM3c5a8
V5RDA2t1PImy7UURv6qusCsRslw+mM5jG0S7
Il5cqhugaQ==
) ; key id = 33840
14400 DNSKEY 257 3 5 (
BQEAAAABDG+2bUQuvTgeYA99bx5wXDsiaQnh
Jc5oFj+sQLmCvj6hGFfQoUkI67jTMkIzQlfl
Q3UHBfAnQMeFAhhQLrG+/cMXldZN3360Q+Yl
SbGJw2vVXcBr463AUAlENzSDS35D1x8zOgZO
g34rL+1uFn0HBSI0xusYRAlUt9A3vJsLWcRy
A1e/wVthbnx1DGbuy+fM5g1inAAbgmGwyaX5
JT9+p0yB/Q==
) ; key id = 7308
14400 RRSIG DNSKEY 5 2 14400 20090809141357 (
20090730141357 7308 example.net.
CblyOQR4HbF8PQi+tJYtrbqGQzk6tHz2XUTN
UVGYKgU/J/bs3VtuuAze57v0rCLf90wH2tGv
PonbPBacTW0dULrtxDH0Y3bNeT6IiRNWtNi/
r54PttqJO++MX9f1KkV2g5Y0R5rOuefVTqO8
ww9SUO3GPc0W16tyFboziOhwN9XSlJsIAeNN
B8jeltRi5KAxUZXpWHS0XqkpcREZOVPHVEEq
YQ== )
14400 RRSIG DNSKEY 5 2 14400 20090809141357 (
20090730141357 48089 example.net.
XbZb9oFt54WIQrIaTh8YyzJ+uzIah7bCO0yg
XHUHAIbf1xu9sljmwlzBNLJFq5hPj+q1kvJc
62464sVZH+EfWg== )
a.example.net. 7200 IN A 1.2.3.1
7200 RRSIG A 5 3 7200 20090809141357 (
20090730141357 48089 example.net.
st9XUmF9rcxpT3yqZzHmRh1iCA7BHpzKVQPg
1iVLZatjDPcqeA2UDHBqbxE3RA6CGrHsONEs
nzR8X0uN22BTIA== )
7200 NSEC b.example.net. A RRSIG NSEC
7200 RRSIG NSEC 5 3 7200 20090809141357 (
20090730141357 48089 example.net.
qEtyoL6etYfuriLJuEo0R2gxeCLM7n05FE4s
ig0NeorNk7ic89SY24owmYYJ/FbI532vhLHv
0n6P1jVIBVTNOg== )
b.example.net. 7200 IN MX 10 a.example.net.
7200 RRSIG MX 5 3 7200 20090809141357 (
20090730141357 48089 example.net.
oEeEMSxEXtlVpp1Rm5Z2Je6gAIggCRWUxthN
S1aEOIwVYcxIDlwLqbXoUVpcSaPGMATdGZnH
UGStzfIl/8troQ== )
7200 NSEC d.example.net. MX RRSIG NSEC
7200 RRSIG NSEC 5 3 7200 20090809141357 (
20090730141357 48089 example.net.
fdtI/Qb/Smf6p0sD10Zx5oDgD0GsX0WUAMLQ
sDy3SFatpYio68dSfEP1cnayp/px2eLvTfVm
5lDVj28RqfZ7Pw== )
d.example.net. 7200 IN A 1.2.3.3
7200 RRSIG A 5 3 7200 20090809141357 (
20090730141357 48089 example.net.
nTtV5w9QKqFLl164G4vTcAsMT5v09tpyvTVh
Oe7MYeRnN2SBxHt1ScJdjQ5/bLYwLE0eeCYn
4OEF4w8WGhL67A== )
7200 AAAA 2001:db8::3
7200 RRSIG AAAA 5 3 7200 20090809141357 (
20090730141357 48089 example.net.
d+E/L0pu10u6zO8ZwsES0OCxBJmSvFm1QUkd
qgHxZXZi7pj2bOtZGOCxQwMHg0CvNQ9mVxL0
J3JSNlXGbwHSgQ== )
7200 NSEC localhost.example.net. A AAAA RRSIG NSEC
7200 RRSIG NSEC 5 3 7200 20090809141357 (
20090730141357 48089 example.net.
D8lZPkhs2FOYW9hyLryxKnx0NPzIDqOI4keb
YhrJuCmLLRe4vyEbdNLmV76g6ZKG9oCkgh3a
zgIUX0pOt281Bw== )
localhost.example.net. 7200 IN A 127.0.0.1
7200 RRSIG A 5 3 7200 20090809141357 (
20090730141357 48089 example.net.
jvmKKKCZ6sDIrQROwXMzPTEd9qgriYYRyMLw
EkOuubrkDlJkWVs7rx4d4zmrtoU5qr0sNB3m
kNSeEuoa+qR+eg== )
7200 NSEC ns1.example.net. A RRSIG NSEC
7200 RRSIG NSEC 5 3 7200 20090809141357 (
20090730141357 48089 example.net.
oAMInMyMsQj9TZVQfJq6TmBONduujt6kcQpP
0qFe7WI4Cc4AH+hy1cGkeBCPS1+0WoG4rqBw
3OFb0GRqEXDc5w== )
ns1.example.net. 7200 IN A 1.0.0.5
7200 RRSIG A 5 3 7200 20090809141357 (
20090730141357 48089 example.net.
W5E+VE/68hF1gjsyZM6FU1Ynao1/78xNYnAr
o4fwADHCCXw1/TDbMbp9LCzgNoUfKjWjJCn6
89OCX/es/0rTtA== )
7200 AAAA 2001:db8::53
7200 RRSIG AAAA 5 3 7200 20090809141357 (
20090730141357 48089 example.net.
wUAOaDeX1NQh5pm8VfjXJ9QCE0HK5rdyXcyP
Sreh+AjyA2UVksG6Rd8/8WWv2YPwD8LtOZfv
OVzIQY+ltEOSvg== )
7200 NSEC ns2.example.net. A AAAA RRSIG NSEC
7200 RRSIG NSEC 5 3 7200 20090809141357 (
20090730141357 48089 example.net.
cu58jBfTX3IrVthmTxmvKuj76N7OtkuRWqkz
wNqyKtLjTaW2hEvt6Wnd/F7Py/xiKS6aEFIK
iovzZNBDetmiBg== )
ns2.example.net. 7200 IN A 1.2.0.6
7200 RRSIG A 5 3 7200 20090809141357 (
20090730141357 48089 example.net.
Qs5E1Bc10de+JJW26BhWzvDvxA4ssyB57QN2
3uk1jgoqi4f91/xvvoy45eQtOIflmNlKV1up
ZESuqA8PJwq9hQ== )
7200 NSEC sub.example.net. A RRSIG NSEC
7200 RRSIG NSEC 5 3 7200 20090809141357 (
20090730141357 48089 example.net.
DIqhTgeHJasScNvLEnUzqLectmRRQhKpFINK
+NWEL/CM27SCiOLLYu5Mz2YHLVpz2VoV/V32
YVpaLtAlA5Gc1g== )
sub.example.net. 7200 IN NS ns1.example.net.
7200 NSEC example.net. NS RRSIG NSEC
7200 RRSIG NSEC 5 3 7200 20090809141357 (
20090730141357 48089 example.net.
qRqoIDBDuxWo403SI0B3ZPiAMSWV48HWUDi/
bUPuGtKCaw43OuG4RgMBlItzxrmw5AMlcsGw
+dpIoVdHzGqmdg== )

2
contrib/zkt/examples/flat/keysets/dlvset-sub.example.net.
View file

@ -1,2 +0,0 @@
sub.example.net.dlv.trusted-keys.de. IN DLV 48516 7 1 CC5E20F75F02BE11BC040960669A3F5058F30DC0
sub.example.net.dlv.trusted-keys.de. IN DLV 48516 7 2 D124B0B50CF51780707FFBF91DC305617832C09E21F32F28B8A88EFB E1F03ACE

2
contrib/zkt/examples/flat/keysets/dsset-dyn.example.net.
View file

@ -1,2 +0,0 @@
dyn.example.net. IN DS 42138 3 1 0F49FCDB683D1903F69B6779DB55CA3472974879
dyn.example.net. IN DS 42138 3 2 94AC94BFE3AFA17F7485F5F741274074FF2E26A360D776D8884F2689 CCED34C6

4
contrib/zkt/examples/flat/keysets/dsset-example.net.
View file

@ -1,4 +0,0 @@
example.net. IN DS 7308 5 1 16CD09D37EC1FEC2952BE41A5C5E2485C1B0C445
example.net. IN DS 7308 5 2 FD31B2F54526FAA8131A3311452729467FA7AD5D7D14CA6584B4C41B 0B384D8E
example.net. IN DS 33840 5 1 A554D150A7F958080235B9A361082937B65EB7C4
example.net. IN DS 33840 5 2 044406C788E4B659573DEED74F4EAEC9E7FAC431CB6932C39DABF704 30A6102B

2
contrib/zkt/examples/flat/keysets/dsset-sub.example.net.
View file

@ -1,2 +0,0 @@
sub.example.net. IN DS 48516 7 1 CC5E20F75F02BE11BC040960669A3F5058F30DC0
sub.example.net. IN DS 48516 7 2 D124B0B50CF51780707FFBF91DC305617832C09E21F32F28B8A88EFB E1F03ACE

18
contrib/zkt/examples/flat/keysets/keyset-dyn.example.net.
View file

@ -1,18 +0,0 @@
$ORIGIN .
dyn.example.net 7200 IN DNSKEY 257 3 3 (
CNtFdVrUUJ9MPDyzGoPm+tSKUgnX4bble5+V
NGd4RjwWpEDj8RhEAhQ7LybJzr0wtHXT2Q/K
S55xARkUtcH2TVO/ayMupa30pM38rd8uF38s
m+ABKLEvCbPjaLZyW+s10di8nLp1aAxKFFfA
EfXkIhl3Wm5g9CvjrMlrxAOfNy/jtz4v+asI
r6/d992V80G9wMKMvTMQoCr4Sp9s2JubW79i
4RBVWgHHJMmtyqq+SqEkPhZvsTuo2sXgIH9v
RS3XgfkGtw/KyTUM29bhZ2eB+Ldq+bggp1gb
BDiSsxZPjxciizI/mCzXWbq8BdfZ6LsddMjA
olJwCtaPCD4e4infmw+YSxjGau+YGgI0Cc0u
ItzQmNNpSoejM3IWGV+SN/YuPJIzw8wixDfO
6kCNiPsW45Fvq31148cAvUvwiqYPQ3fONeOT
dQjsJWLLdLTApVEH10kjAGfa30Tm92lQhhG5
ovWrWCMbFlw4Lbvlon+X2snWPNut0a1Pz4Wd
clDcmNU8dxi1lFvGbcJ0E4qBoJVBIzDh4HX1
) ; key id = 42138

19
contrib/zkt/examples/flat/keysets/keyset-example.net.
View file

@ -1,19 +0,0 @@
$ORIGIN .
example.net 7200 IN DNSKEY 257 3 5 (
BQEAAAABCwxfQLjMaLsvSPFYMFyi/Z5l6f/y
1fNROZtCrUSAFca8c4Dc+MK9phlqEtBihnMS
BjFsuhyq1w++ubzZF3rVduVXP+loeEW5cGXn
eM4nm52unLpZfQu0B0h/zwDLrfmedyqqZYb7
grXDqFwT0EnI4cL/Ybr40H7uSUyVyLM3c5a8
V5RDA2t1PImy7UURv6qusCsRslw+mM5jG0S7
Il5cqhugaQ==
) ; key id = 33840
7200 IN DNSKEY 257 3 5 (
BQEAAAABDG+2bUQuvTgeYA99bx5wXDsiaQnh
Jc5oFj+sQLmCvj6hGFfQoUkI67jTMkIzQlfl
Q3UHBfAnQMeFAhhQLrG+/cMXldZN3360Q+Yl
SbGJw2vVXcBr463AUAlENzSDS35D1x8zOgZO
g34rL+1uFn0HBSI0xusYRAlUt9A3vJsLWcRy
A1e/wVthbnx1DGbuy+fM5g1inAAbgmGwyaX5
JT9+p0yB/Q==
) ; key id = 7308

8
contrib/zkt/examples/flat/keysets/keyset-sub.example.net.
View file

@ -1,8 +0,0 @@
$ORIGIN .
sub.example.net 7200 IN DNSKEY 257 3 7 (
AwEAAcVJgMf71y0M2KfrhiAKIHkhS8MlgmKb
jkaBY56zZRAQMwHJyMODZcIgBQvPkxGw/1Yr
/5v3ZbOwVCj7zeYfve+tRsXXBEYTvo7POLE9
H0iMf69vq7Qxh82/q+LpBH1818iDhBn6q0f7
ww4Flo7B3u5zJf6FHul8JPx5UPSENnx3
) ; key id = 48516

109
contrib/zkt/examples/flat/named.conf
View file

@ -1,109 +0,0 @@
/*****************************************************************
**
** #(@) named.conf (c) 6. May 2004 (hoz)
**
*****************************************************************/
/*****************************************************************
** logging options
*****************************************************************/
logging {
channel "named-log" {
file "/var/log/named" versions 3 size 2m;
print-time yes;
print-category yes;
print-severity yes;
severity info;
};
channel "resolver-log" {
file "/var/log/named";
print-time yes;
print-category yes;
print-severity yes;
severity debug 1;
};
channel "dnssec-log" {
# file "/var/log/named-dnssec" ;
file "/var/log/named" ;
print-time yes;
print-category yes;
print-severity yes;
severity debug 3;
};
category "dnssec" { "dnssec-log"; };
category "default" { "named-log"; };
category "resolver" { "resolver-log"; };
category "client" { "resolver-log"; };
category "queries" { "resolver-log"; };
};
/*****************************************************************
** name server options
*****************************************************************/
options {
directory ".";
dump-file "/var/log/named_dump.db";
statistics-file "/var/log/named.stats";
listen-on-v6 { any; };
query-source address * port 53;
transfer-source * port 53;
notify-source * port 53;
recursion yes;
dnssec-enable yes;
edns-udp-size 4096;
# dnssec-lookaside "." trust-anchor "trusted-keys.de.";
querylog yes;
};
/*****************************************************************
** include shared secrets...
*****************************************************************/
/** for control sessions ... **/
controls {
inet 127.0.0.1
allow { localhost; };
inet ::1
allow { localhost; };
};
/*****************************************************************
** ... and trusted_keys
*****************************************************************/
# include "trusted-keys.conf" ;
/*****************************************************************
** root server hints and required 127 stuff
*****************************************************************/
zone "." in {
type hint;
file "root.hint";
};
zone "localhost" in {
type master;
file "localhost.zone";
};
zone "0.0.127.in-addr.ARPA" in {
type master;
file "127.0.0.zone";
};
#include "zone.conf";
zone "example.NET." in {
type master;
file "example.net/zone.db.signed";
};
zone "sub.example.NET." in {
type master;
file "sub.example.net/zone.db.signed";
};

3
contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+02048.key Normal file
View file

@ -0,0 +1,3 @@
;% generationtime=20100311224635
;% lifetime=3d
sub.example.net. IN DNSKEY 256 3 7 AwEAAZeWiMSfoNTQkZhKHK2+OXmKRSXgBjad7VBC9tZ40aIr5pPtDWCg 8iELYF4M6ybq0M1ffUO+GHZt89A624SkWps=

10
contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+02048.published Normal file
View file

@ -0,0 +1,10 @@
Private-key-format: v1.2
Algorithm: 7 (NSEC3RSASHA1)
Modulus: l5aIxJ+g1NCRmEocrb45eYpFJeAGNp3tUEL21njRoivmk+0NYKDyIQtgXgzrJurQzV99Q74Ydm3z0DrbhKRamw==
PublicExponent: AQAB
PrivateExponent: ItWA0E4uUzkqe+hr9rED3B4eDboRM3PPGOaKenaBFdbONA8X6GbCTCAE6oF7DGSebfi6I9HTjLs24ZItD7bHwQ==
Prime1: yLZLkD+0SqDwPDKXlK6qHMRKwGDcNw5MxELfv3ftyRM=
Prime2: wVginHuVgdmvAxTX51WmK922+KTwk/w+Od+/W2N6IVk=
Exponent1: XE5aGhDyHZA+a7DovVxGp8wuhKMHI9rTuz72H9xL4zk=
Exponent2: XemKfknFGBp9WNjR+kru+RWrn2C2fpsiOohE8YYDN5k=
Coefficient: ZmS8ZDDLz6CtwYEvGJgTsNTw/bj6JMaZ8cFh3x1Zd4Y=

10
contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+14600.depreciated
View file

@ -1,10 +0,0 @@
Private-key-format: v1.2
Algorithm: 7 (NSEC3RSASHA1)
Modulus: vwuuUkg4CTWLdI8+DIv9NW1dPbKQA6QZVcv+QgjmV7ewfxR31/n7c5usrUUQ+j1YHXM3AgIXhCN62OpQa1rgCQ==
PublicExponent: AQAB
PrivateExponent: LiSPHRaOWkMRhLyYOwWQyde5Xo6DVC3NZLiZl694mxS63YmbB5SYh9OILMunQCxRpxya94lqgt9DvSEGMvzlgQ==
Prime1: 56furA32AKokZoRN8W/SC+l9MsENy1BFI4rodT3YNRE=
Prime2: 0x89E2ZEeaPUp/Ox2qnRTXlB6h25P/SBxiGA31WBG3k=
Exponent1: Km5UBSe5e32ulSh+rk5xBsWJrRY3VJorT8tNsMvXIkE=
Exponent2: Caa/8AcY0ka/Df6B/vEMdHI6pS0+rsHKvPgDIDKUeGE=
Coefficient: 1lvL+tM8iRj7MttO3zC4lQsO+8nPruMDBnYMzTVPGAI=

3
contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+14600.key
View file

@ -1,3 +0,0 @@
;% generationtime=20090624144422
;% lifetime=3d
sub.example.net. IN DNSKEY 256 3 7 AwEAAb8LrlJIOAk1i3SPPgyL/TVtXT2ykAOkGVXL/kII5le3sH8Ud9f5 +3ObrK1FEPo9WB1zNwICF4QjetjqUGta4Ak=

3
contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+32345.key
View file

@ -1,3 +0,0 @@
;% generationtime=20090630093509
;% lifetime=3d
sub.example.net. IN DNSKEY 256 3 7 AwEAAduKKWu4sKycg54OYJnc4/Tzb1OFvxGwhAh4pVpl003JrxT/pQjI w/zJFEnUgwCDDmGffNq73SbkyknTyXYRe2k=

10
contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+32345.private
View file

@ -1,10 +0,0 @@
Private-key-format: v1.2
Algorithm: 7 (NSEC3RSASHA1)
Modulus: 24opa7iwrJyDng5gmdzj9PNvU4W/EbCECHilWmXTTcmvFP+lCMjD/MkUSdSDAIMOYZ982rvdJuTKSdPJdhF7aQ==
PublicExponent: AQAB
PrivateExponent: M7mksrWsIq8pr4axqe7KYr8sXqBneTJ+mURbqSXOmEfZrlUlW0GwbOoVcDwrStuknXF+34wo5Q3cMwk0DX95UQ==
Prime1: +rQpJtsPO9HubmItf5eIz0quciGA5CnaMrhkB00JGEU=
Prime2: 4C12MHLPRcYtMLNzbTOkqBWhRiBRy33Q/djerAxswtU=
Exponent1: zyXjxtZEPRJWJ2D55S5JfbZgc69ZN62ZPEV9aUbu190=
Exponent2: NMpf367Zopu1fpdzog6cQry9Oq9Xs6zQL0cHwMo4PnU=
Coefficient: dT+ysdkCUq1RU+toH16kAW5F7eQ3dAMGsYIII+scCYo=

3
contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+41747.key Normal file
View file

@ -0,0 +1,3 @@
;% generationtime=20100308221149
;% lifetime=3d
sub.example.net. IN DNSKEY 256 3 7 AwEAAcIDTNHrG9ssCz/VueiPUQaw4IAM5GvECljWsX+SfXSCkhHg5loq +FXNRa80EJCyh5b0sicbdVOhJ9DVNaRKYxU=

10
contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+41747.private Normal file
View file

@ -0,0 +1,10 @@
Private-key-format: v1.2
Algorithm: 7 (NSEC3RSASHA1)
Modulus: wgNM0esb2ywLP9W56I9RBrDggAzka8QKWNaxf5J9dIKSEeDmWir4Vc1FrzQQkLKHlvSyJxt1U6En0NU1pEpjFQ==
PublicExponent: AQAB
PrivateExponent: fYBY/ynROTQCiuacfh3HUka00uCEGloUP2eSJm4CjYyQyy/he5haU0hcJw5JvxhI0pGj+eDEzaE+5oq1pKntOQ==
Prime1: 4YRNB1cSh3F9+pQglY5/H4STx2pIADAO0mRFO2Lu+Mc=
Prime2: 3DzZhCWENMYZvx9ovZTtIUIUpXEPtN4p7FqYC0OFgUM=
Exponent1: Dk7UjEir9kfvFDzdrF90FU3WCmrl0o06A4M1GUV3n/U=
Exponent2: ppnBUZ2vrNxOja2M5hzKZOZACAbHAuMsg4bkjWC+lVE=
Coefficient: LA7G4rCRiDP8P+Cg+JQUKBUgZ8F+dpGA3E/aVOYhaWw=

3
contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+42834.key Normal file
View file

@ -0,0 +1,3 @@
;% generationtime=20100124184339
;% lifetime=7d
sub.example.net. IN DNSKEY 257 3 7 AwEAAfTQL8DTr3eYpPziT+cnKnzMewbEBtRxfkb697qoRK4pKkGYGVWu jIEyjts/aluYd+Nw85rvRFPNVJwmM63jvJapql1pKfyFPSl4YVJMxaCv OMhd1JATDnrTq70evQQmOHyxVKe8k9zk0GKeRgX8sl228AvdiGOfxWmT BoOxYowx

10
contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+42834.private Normal file
View file

@ -0,0 +1,10 @@
Private-key-format: v1.2
Algorithm: 7 (NSEC3RSASHA1)
Modulus: 9NAvwNOvd5ik/OJP5ycqfMx7BsQG1HF+Rvr3uqhErikqQZgZVa6MgTKO2z9qW5h343Dzmu9EU81UnCYzreO8lqmqXWkp/IU9KXhhUkzFoK84yF3UkBMOetOrvR69BCY4fLFUp7yT3OTQYp5GBfyyXbbwC92IY5/FaZMGg7FijDE=
PublicExponent: AQAB
PrivateExponent: nn1ZLQDejBKqXX02NXPJsdm/m/W0ZjzDf7hiQNlG/WlxDd4mKK5EEDBnA9HeTUY792bcjuVv2sEHkb+5nU3efHdZypvY8wsvKKNUtxWJl9O5ip7GXh4/7YQeNKW/zgE1Xz+Yu6ht3e8XuxaIXHuQ5mBC0E5AUUYPhVBCTR08CkE=
Prime1: /MeAn2UCjXS8VIoi5Zp90w2qB6ub0wqeLCI0zpXCxWlLTrDSpFORdGuPEctE5cNlDX7y9gq6a5vxnN/b+DnNdQ==
Prime2: 9+6zb1zEpyJzcscrSVVjacjNbyI9OwfrA7XjU5PppCyFLRvP3+L/pjqgDhyoZmCo3VMqnOjxpIeffvmDsUjATQ==
Exponent1: ddE+4AwifnAUf4rK7R1u2/oYb+7KeDkQtB1VY5xl5cFH+mtsIm9Y8lxXmMGXYUgLR5kOASPK8/EBUk78pdu7KQ==
Exponent2: OIT16sEfI2q7HsNAnusUSp04F8maY8aeUK46MGdbr81mXq4kaUl6Ng7PRehKi2wlkq7O3A5OZ89zEKMY3mVTUQ==
Coefficient: ZO4OrBf5SCcbAccN63xHAlm/Pelu4wWw3yo/BaWPYE3Sf+FJt0O3TJQsmm5B+KbrruLsX6lWWHf4ZerizKFhKQ==

3
contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+48516.key
View file

@ -1,3 +0,0 @@
;% generationtime=20090624144206
;% lifetime=7d
sub.example.net. IN DNSKEY 257 3 7 AwEAAcVJgMf71y0M2KfrhiAKIHkhS8MlgmKbjkaBY56zZRAQMwHJyMOD ZcIgBQvPkxGw/1Yr/5v3ZbOwVCj7zeYfve+tRsXXBEYTvo7POLE9H0iM f69vq7Qxh82/q+LpBH1818iDhBn6q0f7ww4Flo7B3u5zJf6FHul8JPx5 UPSENnx3

10
contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+48516.private
View file

@ -1,10 +0,0 @@
Private-key-format: v1.2
Algorithm: 7 (NSEC3RSASHA1)
Modulus: xUmAx/vXLQzYp+uGIAogeSFLwyWCYpuORoFjnrNlEBAzAcnIw4NlwiAFC8+TEbD/Viv/m/dls7BUKPvN5h+9761GxdcERhO+js84sT0fSIx/r2+rtDGHzb+r4ukEfXzXyIOEGfqrR/vDDgWWjsHe7nMl/oUe6Xwk/HlQ9IQ2fHc=
PublicExponent: AQAB
PrivateExponent: pXM0BgLE/KnmVESnsdzsSMlMkTa2tt1/ns9J7UDDQ4piTGCd9qEOSJOzx6jnzJFkQS8a6QC8EMqSeeBaV2BNVucg336ie2jH+VVwBsrRzFdTTEr5Wouw62PWiW/FV285oxootXoGHeCTmVbwVBKfYrX6Wputp/sUc1haLL54COk=
Prime1: 5zo/AB88LX6pEk65CGtBjkB6Jx0RcR2Ekq0Q/GU8HkAsZxPhwnJAbp3pZs65g/Od4vh/lz/Uv/FTLX8efOTMKw==
Prime2: 2mxkQwk63bu3aeoAR1T1uwf7V9rty0QLZlyeVSGasfB+dv9Dihh9f7IXBX88VsMUIp7DPINm87sMi+jEJOSO5Q==
Exponent1: vUjIJABt0cxa+VqqTAMJQjr0BCreiVuhmDTGr+brhNQBxUvYRsYiiqsIUxmtciAuwousXxNoxMv3zEnAmnrtyw==
Exponent2: NhajWWpetmv2xnaY7REf7NnUJvRi8HQAMq/60XAJ48h/OK6LphXcdhO+2bChW4bhZJVWGZUcmHyYZckVUWF79Q==
Coefficient: tA/0qGPPL9RkgGhV4Bz/cBi6vOTTan0zpOPE+R/jabmSIrF9k9igghZvhHPG9bnMi5mY8cekzUm6bbOejZjy3g==

2
contrib/zkt/examples/flat/sub.example.net/dlvset-sub.example.net.
View file

@ -1,2 +0,0 @@
sub.example.net.dlv.trusted-keys.de. IN DLV 18846 7 1 71103B8D50793E190E48D99E95B48D9F20C404C6
sub.example.net.dlv.trusted-keys.de. IN DLV 18846 7 2 42A13BAC66BEB451B6BF17A51FC2C141B765D3E9B952C689BA4B572D C1AF2FCC

29
contrib/zkt/examples/flat/sub.example.net/dnskey.db
View file

@ -1,29 +0,0 @@
;
; !!! Don't edit this file by hand.
; !!! It will be generated by dnssec-signer.
;
; Last generation time Jun 30 2009 13:02:21
;
; *** List of Key Signing Keys ***
; sub.example.net. tag=48516 algo=NSEC3RSASHA1 generated Jun 24 2009 16:42:06
sub.example.net. 3600 IN DNSKEY 257 3 7 (
AwEAAcVJgMf71y0M2KfrhiAKIHkhS8MlgmKbjkaBY56zZRAQMwHJyMOD
ZcIgBQvPkxGw/1Yr/5v3ZbOwVCj7zeYfve+tRsXXBEYTvo7POLE9H0iM
f69vq7Qxh82/q+LpBH1818iDhBn6q0f7ww4Flo7B3u5zJf6FHul8JPx5
UPSENnx3
) ; key id = 48516
; *** List of Zone Signing Keys ***
; sub.example.net. tag=32345 algo=NSEC3RSASHA1 generated Jun 30 2009 13:02:04
sub.example.net. 3600 IN DNSKEY 256 3 7 (
AwEAAduKKWu4sKycg54OYJnc4/Tzb1OFvxGwhAh4pVpl003JrxT/pQjI
w/zJFEnUgwCDDmGffNq73SbkyknTyXYRe2k=
) ; key id = 32345
; sub.example.net. tag=14600 algo=NSEC3RSASHA1 generated Jun 30 2009 13:02:04
sub.example.net. 3600 IN DNSKEY 256 3 7 (
AwEAAb8LrlJIOAk1i3SPPgyL/TVtXT2ykAOkGVXL/kII5le3sH8Ud9f5
+3ObrK1FEPo9WB1zNwICF4QjetjqUGta4Ak=
) ; key id = 14600

15
contrib/zkt/examples/flat/sub.example.net/dnssec.conf
View file

@ -1,15 +0,0 @@
resigninterval 1d
sigvalidity 2d
max_ttl 90s
Serialformat: unixtime
ksk_lifetime 1w
ksk_algo N3RSASHA1
ksk_bits 1024
zsk_lifetime 3d
zsk_algo N3RSASHA1
zsk_bits 512
dlv_domain "dlv.trusted-keys.de"

2
contrib/zkt/examples/flat/sub.example.net/dsset-sub.example.net.
View file

@ -1,2 +0,0 @@
sub.example.net. IN DS 18846 7 1 71103B8D50793E190E48D99E95B48D9F20C404C6
sub.example.net. IN DS 18846 7 2 42A13BAC66BEB451B6BF17A51FC2C141B765D3E9B952C689BA4B572D C1AF2FCC

8
contrib/zkt/examples/flat/sub.example.net/keyset-sub.example.net.
View file

@ -1,8 +0,0 @@
$ORIGIN .
sub.example.net 7200 IN DNSKEY 257 3 7 (
AwEAAeOdfq7cwfhl3aL8BlURGngPA+3I2E3G
3XPRE7Yaw/Nco7aXorHKJgRFMoM30q7jDBau
dLeXC//fOQAw2P5vCwyuHmIFo4flXn51sMeF
pWdP7E8fmi4k/YoCESu+vBvf+rZWDMVosj8V
VEIbKTcJE16Nsd1ls1FIGfiqfu8SrJ0f
) ; key id = 18846

1
contrib/zkt/examples/flat/sub.example.net/maxhexsalt
View file

@ -1 +0,0 @@
1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDE

1
contrib/zkt/examples/flat/sub.example.net/maxhexsalt+1
View file

@ -1 +0,0 @@
1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDF1234567890ABCDE1

321
contrib/zkt/examples/flat/sub.example.net/zktlog-sub.example.net. Normal file
View file

@ -0,0 +1,321 @@
2010-02-06 00:26:54.532: debug: Check RFC5011 status
2010-02-06 00:26:54.532: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-06 00:26:54.533: debug: Check KSK status
2010-02-06 00:26:54.533: warning: "sub.example.net.": lifetime of key signing key 42834 exceeded since 5d4h43m15s
2010-02-06 00:26:54.533: debug: Check ZSK status
2010-02-06 00:26:54.533: debug: Re-signing not necessary!
2010-02-06 00:26:54.533: debug: Check if there is a parent file to copy
2010-02-06 00:29:31.290: debug: Check RFC5011 status
2010-02-06 00:29:31.290: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-06 00:29:31.290: debug: Check KSK status
2010-02-06 00:29:31.290: warning: "sub.example.net.": lifetime of key signing key 42834 exceeded since 5d4h45m52s
2010-02-06 00:29:31.290: debug: Check ZSK status
2010-02-06 00:29:31.290: debug: Re-signing not necessary!
2010-02-06 00:29:31.290: debug: Check if there is a parent file to copy
2010-02-06 00:40:35.043: debug: Check RFC5011 status
2010-02-06 00:40:35.043: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-06 00:40:35.043: debug: Check KSK status
2010-02-06 00:40:35.043: warning: "sub.example.net.": lifetime of key signing key 42834 exceeded since 5d4h56m56s
2010-02-06 00:40:35.043: debug: Check ZSK status
2010-02-06 00:40:35.043: debug: Re-signing not necessary!
2010-02-06 00:40:35.043: debug: Check if there is a parent file to copy
2010-02-06 00:52:55.402: debug: Check RFC5011 status
2010-02-06 00:52:55.402: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-06 00:52:55.402: debug: Check KSK status
2010-02-06 00:52:55.403: warning: "sub.example.net.": lifetime of key signing key 42834 exceeded since 5d5h9m16s
2010-02-06 00:52:55.403: debug: Check ZSK status
2010-02-06 00:52:55.403: debug: Re-signing not necessary!
2010-02-06 00:52:55.403: debug: Check if there is a parent file to copy
2010-02-07 13:53:47.883: debug: Check RFC5011 status
2010-02-07 13:53:47.883: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-07 13:53:47.883: debug: Check KSK status
2010-02-07 13:53:47.883: warning: "sub.example.net.": lifetime of key signing key 42834 exceeded since 6d18h10m8s
2010-02-07 13:53:47.883: debug: Check ZSK status
2010-02-07 13:53:47.883: debug: Re-signing necessary: re-signing interval (1d) reached
2010-02-07 13:53:47.884: notice: "sub.example.net.": re-signing triggered: re-signing interval (1d) reached
2010-02-07 13:53:47.884: debug: Writing key file "./sub.example.net/dnskey.db"
2010-02-07 13:53:47.884: debug: Signing zone "sub.example.net."
2010-02-07 13:53:47.884: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -3 880820 -C -g -p -d ../keysets -o sub.example.net. -e +172800 -N unixtime zone.db K*.private 2>&1"
2010-02-07 13:53:48.303: debug: Cmd dnssec-signzone return: "zone.db.signed"
2010-02-07 13:53:48.304: debug: Signing completed after 1s.
2010-02-07 13:54:03.465: debug: Check RFC5011 status
2010-02-07 13:54:03.465: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-07 13:54:03.465: debug: Check KSK status
2010-02-07 13:54:03.466: warning: "sub.example.net.": lifetime of key signing key 42834 exceeded since 6d18h10m24s
2010-02-07 13:54:03.466: debug: Check ZSK status
2010-02-07 13:54:03.466: debug: Re-signing not necessary!
2010-02-07 13:54:03.466: debug: Check if there is a parent file to copy
2010-02-07 13:54:07.955: debug: Check RFC5011 status
2010-02-07 13:54:07.955: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-07 13:54:07.955: debug: Check KSK status
2010-02-07 13:54:07.955: warning: "sub.example.net.": lifetime of key signing key 42834 exceeded since 6d18h10m28s
2010-02-07 13:54:07.955: debug: Check ZSK status
2010-02-07 13:54:07.956: debug: Re-signing necessary: Option -f
2010-02-07 13:54:07.956: notice: "sub.example.net.": re-signing triggered: Option -f
2010-02-07 13:54:07.956: debug: Writing key file "./sub.example.net/dnskey.db"
2010-02-07 13:54:07.956: debug: Signing zone "sub.example.net."
2010-02-07 13:54:07.956: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -3 325964 -C -g -p -d ../keysets -o sub.example.net. -e +172800 -N unixtime zone.db K*.private 2>&1"
2010-02-07 13:54:08.003: debug: Cmd dnssec-signzone return: "zone.db.signed"
2010-02-07 13:54:08.003: debug: Signing completed after 1s.
2010-02-07 13:54:08.003: notice: "sub.example.net.": distribution triggered
2010-02-07 13:54:08.003: debug: Distribute zone "sub.example.net."
2010-02-07 13:54:08.003: debug: Run cmd "./dist.sh distribute sub.example.net. ./sub.example.net/zone.db.signed "
2010-02-07 13:54:08.013: debug: ./dist.sh distribute return: "scp ./sub.example.net/zone.db.signed localhost:/var/named/sub.example.net./"
2010-02-07 13:54:08.013: notice: "sub.example.net.": reload triggered
2010-02-07 13:54:08.013: debug: Reload zone "sub.example.net."
2010-02-07 13:54:08.013: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net/zone.db.signed "
2010-02-07 13:54:08.019: debug: ./dist.sh reload return: "rndc reload sub.example.net. "
2010-02-07 14:06:27.669: debug: Check RFC5011 status
2010-02-07 14:06:27.669: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-07 14:06:27.669: debug: Check KSK status
2010-02-07 14:06:27.669: warning: "sub.example.net.": lifetime of key signing key 42834 exceeded since 6d18h22m48s
2010-02-07 14:06:27.669: debug: Check ZSK status
2010-02-07 14:06:27.669: debug: Re-signing not necessary!
2010-02-07 14:06:27.670: debug: Check if there is a parent file to copy
2010-02-07 14:06:33.713: debug: Check RFC5011 status
2010-02-07 14:06:33.713: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-07 14:06:33.713: debug: Check KSK status
2010-02-07 14:06:33.713: warning: "sub.example.net.": lifetime of key signing key 42834 exceeded since 6d18h22m54s
2010-02-07 14:06:33.713: debug: Check ZSK status
2010-02-07 14:06:33.714: debug: Re-signing necessary: Option -f
2010-02-07 14:06:33.714: notice: "sub.example.net.": re-signing triggered: Option -f
2010-02-07 14:06:33.714: debug: Writing key file "./sub.example.net/dnskey.db"
2010-02-07 14:06:33.714: debug: Signing zone "sub.example.net."
2010-02-07 14:06:33.714: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -3 4A3DFB -C -g -p -d ../keysets -o sub.example.net. -e +172800 -N unixtime zone.db K*.private 2>&1"
2010-02-07 14:06:33.745: debug: Cmd dnssec-signzone return: "zone.db.signed"
2010-02-07 14:06:33.745: debug: Signing completed after 0s.
2010-02-07 14:06:33.745: notice: "sub.example.net.": distribution triggered
2010-02-07 14:06:33.745: debug: Distribute zone "sub.example.net."
2010-02-07 14:06:33.745: debug: Run cmd "./dist.sh distribute sub.example.net. ./sub.example.net/zone.db.signed "
2010-02-07 14:06:33.749: debug: ./dist.sh distribute return: "scp ./sub.example.net/zone.db.signed localhost:/var/named/sub.example.net./"
2010-02-07 14:06:33.749: notice: "sub.example.net.": reload triggered
2010-02-07 14:06:33.749: debug: Reload zone "sub.example.net."
2010-02-07 14:06:33.749: debug: Run cmd "./dist.sh reload sub.example.net. ./sub.example.net/zone.db.signed "
2010-02-07 14:06:33.753: debug: ./dist.sh reload return: "rndc reload sub.example.net. "
2010-02-21 12:50:43.176: debug: Check RFC5011 status
2010-02-21 12:50:43.176: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-21 12:50:43.176: debug: Check KSK status
2010-02-21 12:50:43.176: warning: "sub.example.net.": lifetime of key signing key 42834 exceeded since 2w6d17h7m4s
2010-02-21 12:50:43.176: debug: Check ZSK status
2010-02-21 12:50:43.176: debug: Lifetime(259200 +/-150 sec) of active key 7505 exceeded (1345179 sec)
2010-02-21 12:50:43.176: debug: ->depreciate it
2010-02-21 12:50:43.176: debug: ->activate published key 57167
2010-02-21 12:50:43.176: notice: "sub.example.net.": lifetime of zone signing key 7505 exceeded: ZSK rollover done
2010-02-21 12:50:43.176: debug: New key for publishing needed
2010-02-21 12:50:43.445: debug: ->creating new key 49712
2010-02-21 12:50:43.445: info: "sub.example.net.": new key 49712 generated for publishing
2010-02-21 12:50:43.445: debug: Re-signing necessary: Modfied zone key set
2010-02-21 12:50:43.445: notice: "sub.example.net.": re-signing triggered: Modfied zone key set
2010-02-21 12:50:43.445: debug: Writing key file "./sub.example.net/dnskey.db"
2010-02-21 12:50:43.445: debug: Signing zone "sub.example.net."
2010-02-21 12:50:43.445: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -3 2E31B5 -C -g -p -d ../keysets -o sub.example.net. -e +172800 -N unixtime zone.db K*.private 2>&1"
2010-02-21 12:50:43.580: debug: Cmd dnssec-signzone return: "zone.db.signed"
2010-02-21 12:50:43.580: debug: Signing completed after 0s.
2010-02-21 12:50:51.158: debug: Check RFC5011 status
2010-02-21 12:50:51.158: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-21 12:50:51.158: debug: Check KSK status
2010-02-21 12:50:51.159: warning: "sub.example.net.": lifetime of key signing key 42834 exceeded since 2w6d17h7m12s
2010-02-21 12:50:51.159: debug: Check ZSK status
2010-02-21 12:50:51.159: debug: Re-signing necessary: Modfied zone key set
2010-02-21 12:50:51.159: notice: "sub.example.net.": re-signing triggered: Modfied zone key set
2010-02-21 12:50:51.159: debug: Writing key file "./sub.example.net/dnskey.db"
2010-02-21 12:50:51.159: debug: Signing zone "sub.example.net."
2010-02-21 12:50:51.159: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -3 41F65A -C -g -p -d ../keysets -o sub.example.net. -e +172800 -N unixtime zone.db K*.private 2>&1"
2010-02-21 12:50:51.205: debug: Cmd dnssec-signzone return: "zone.db.signed"
2010-02-21 12:50:51.205: debug: Signing completed after 0s.
2010-02-21 12:51:23.497: debug: Check RFC5011 status
2010-02-21 12:51:23.497: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-21 12:51:23.497: debug: Check KSK status
2010-02-21 12:51:23.497: warning: "sub.example.net.": lifetime of key signing key 42834 exceeded since 2w6d17h7m44s
2010-02-21 12:51:23.497: debug: Check ZSK status
2010-02-21 12:51:23.497: debug: Re-signing not necessary!
2010-02-21 12:51:23.497: debug: Check if there is a parent file to copy
2010-02-21 19:16:18.384: debug: Check RFC5011 status
2010-02-21 19:16:18.384: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-21 19:16:18.384: debug: Check KSK status
2010-02-21 19:16:18.385: warning: "sub.example.net.": lifetime of key signing key 42834 exceeded since 2w6d23h32m39s
2010-02-21 19:16:18.385: debug: Check ZSK status
2010-02-21 19:16:18.385: debug: Lifetime(390 sec) of depreciated key 7505 exceeded (23135 sec)
2010-02-21 19:16:18.385: info: "sub.example.net.": old ZSK 7505 removed
2010-02-21 19:16:18.401: debug: ->remove it
2010-02-21 19:16:18.401: debug: Re-signing necessary: Modfied zone key set
2010-02-21 19:16:18.401: notice: "sub.example.net.": re-signing triggered: Modfied zone key set
2010-02-21 19:16:18.401: debug: Writing key file "./sub.example.net/dnskey.db"
2010-02-21 19:16:18.401: debug: Signing zone "sub.example.net."
2010-02-21 19:16:18.401: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -3 3DADF2 -C -g -p -d ../keysets -o sub.example.net. -e +172800 -N unixtime zone.db K*.private 2>&1"
2010-02-21 19:16:18.593: debug: Cmd dnssec-signzone return: "zone.db.signed"
2010-02-21 19:16:18.593: debug: Signing completed after 0s.
2010-02-21 19:32:11.378: debug: Check RFC5011 status
2010-02-21 19:32:11.378: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-21 19:32:11.378: debug: Check KSK status
2010-02-21 19:32:11.378: warning: "sub.example.net.": lifetime of key signing key 42834 exceeded since 2w6d23h48m32s
2010-02-21 19:32:11.378: debug: Check ZSK status
2010-02-21 19:32:11.378: debug: Re-signing not necessary!
2010-02-21 19:32:11.378: debug: Check if there is a parent file to copy
2010-02-21 19:32:15.930: debug: Check RFC5011 status
2010-02-21 19:32:15.930: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-21 19:32:15.930: debug: Check KSK status
2010-02-21 19:32:15.930: warning: "sub.example.net.": lifetime of key signing key 42834 exceeded since 2w6d23h48m36s
2010-02-21 19:32:15.930: debug: Check ZSK status
2010-02-21 19:32:15.930: debug: Re-signing necessary: Option -f
2010-02-21 19:32:15.930: notice: "sub.example.net.": re-signing triggered: Option -f
2010-02-21 19:32:15.930: debug: Writing key file "./sub.example.net/dnskey.db"
2010-02-21 19:32:15.931: debug: Signing zone "sub.example.net."
2010-02-21 19:32:15.931: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -3 623FD7 -C -g -p -d ../keysets -o sub.example.net. -e +172800 -N unixtime zone.db K*.private 2>&1"
2010-02-21 19:32:15.982: debug: Cmd dnssec-signzone return: "zone.db.signed"
2010-02-21 19:32:15.982: debug: Signing completed after 0s.
2010-02-21 19:32:32.203: debug: Check RFC5011 status
2010-02-21 19:32:32.203: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-21 19:32:32.203: debug: Check KSK status
2010-02-21 19:32:32.203: warning: "sub.example.net.": lifetime of key signing key 42834 exceeded since 2w6d23h48m53s
2010-02-21 19:32:32.203: debug: Check ZSK status
2010-02-21 19:32:32.203: debug: Re-signing necessary: Option -f
2010-02-21 19:32:32.203: notice: "sub.example.net.": re-signing triggered: Option -f
2010-02-21 19:32:32.203: debug: Writing key file "./sub.example.net/dnskey.db"
2010-02-21 19:32:32.203: debug: Signing zone "sub.example.net."
2010-02-21 19:32:32.203: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -3 C522CA -C -g -p -d ../keysets -o sub.example.net. -e +172800 -N unixtime zone.db K*.private 2>&1"
2010-02-21 19:32:32.232: debug: Cmd dnssec-signzone return: "zone.db.signed"
2010-02-21 19:32:32.232: debug: Signing completed after 0s.
2010-02-25 00:12:26.443: debug: Check RFC5011 status
2010-02-25 00:12:26.443: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-25 00:12:26.443: debug: Check KSK status
2010-02-25 00:12:26.443: warning: "sub.example.net.": lifetime of key signing key 42834 exceeded since 3w3d4h28m47s
2010-02-25 00:12:26.443: debug: Check ZSK status
2010-02-25 00:12:26.443: debug: Lifetime(259200 +/-150 sec) of active key 57167 exceeded (300103 sec)
2010-02-25 00:12:26.443: debug: ->depreciate it
2010-02-25 00:12:26.444: debug: ->activate published key 49712
2010-02-25 00:12:26.444: notice: "sub.example.net.": lifetime of zone signing key 57167 exceeded: ZSK rollover done
2010-02-25 00:12:26.444: debug: New key for publishing needed
2010-02-25 00:12:26.902: debug: ->creating new key 65009
2010-02-25 00:12:26.902: info: "sub.example.net.": new key 65009 generated for publishing
2010-02-25 00:12:26.902: debug: Re-signing necessary: Modfied zone key set
2010-02-25 00:12:26.902: notice: "sub.example.net.": re-signing triggered: Modfied zone key set
2010-02-25 00:12:26.902: debug: Writing key file "./sub.example.net/dnskey.db"
2010-02-25 00:12:26.902: debug: Signing zone "sub.example.net."
2010-02-25 00:12:26.902: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -3 9AA7CB -C -g -p -d ../keysets -o sub.example.net. -e +172800 -N unixtime zone.db K*.private 2>&1"
2010-02-25 00:12:27.016: debug: Cmd dnssec-signzone return: "zone.db.signed"
2010-02-25 00:12:27.016: debug: Signing completed after 1s.
2010-02-25 23:42:20.653: debug: Check RFC5011 status
2010-02-25 23:42:20.653: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-25 23:42:20.653: debug: Check KSK status
2010-02-25 23:42:20.653: warning: "sub.example.net.": lifetime of key signing key 42834 exceeded since 3w4d3h58m41s
2010-02-25 23:42:20.653: debug: Check ZSK status
2010-02-25 23:42:20.653: debug: Lifetime(390 sec) of depreciated key 57167 exceeded (84594 sec)
2010-02-25 23:42:20.653: info: "sub.example.net.": old ZSK 57167 removed
2010-02-25 23:42:20.661: debug: ->remove it
2010-02-25 23:42:20.661: debug: Re-signing necessary: Modfied zone key set
2010-02-25 23:42:20.661: notice: "sub.example.net.": re-signing triggered: Modfied zone key set
2010-02-25 23:42:20.661: debug: Writing key file "./sub.example.net/dnskey.db"
2010-02-25 23:42:20.662: debug: Signing zone "sub.example.net."
2010-02-25 23:42:20.662: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -3 2942EB -C -g -p -d ../keysets -o sub.example.net. -e +172800 -N unixtime zone.db K*.private 2>&1"
2010-02-25 23:42:21.012: debug: Cmd dnssec-signzone return: "zone.db.signed"
2010-02-25 23:42:21.012: debug: Signing completed after 1s.
2010-03-02 10:59:11.845: debug: Check RFC5011 status
2010-03-02 10:59:11.845: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-03-02 10:59:11.845: debug: Check KSK status
2010-03-02 10:59:11.846: warning: "sub.example.net.": lifetime of key signing key 42834 exceeded since 4w1d15h15m32s
2010-03-02 10:59:11.846: debug: Check ZSK status
2010-03-02 10:59:11.846: debug: Lifetime(259200 +/-150 sec) of active key 49712 exceeded (470805 sec)
2010-03-02 10:59:11.846: debug: ->depreciate it
2010-03-02 10:59:11.846: debug: ->activate published key 65009
2010-03-02 10:59:11.846: notice: "sub.example.net.": lifetime of zone signing key 49712 exceeded: ZSK rollover done
2010-03-02 10:59:11.846: debug: New key for publishing needed
2010-03-02 10:59:12.256: debug: ->creating new key 27377
2010-03-02 10:59:12.256: info: "sub.example.net.": new key 27377 generated for publishing
2010-03-02 10:59:12.256: debug: Re-signing necessary: Modfied zone key set
2010-03-02 10:59:12.256: notice: "sub.example.net.": re-signing triggered: Modfied zone key set
2010-03-02 10:59:12.256: debug: Writing key file "./sub.example.net/dnskey.db"
2010-03-02 10:59:12.256: debug: Signing zone "sub.example.net."
2010-03-02 10:59:12.256: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -3 F9A34F -C -g -p -d ../keysets -o sub.example.net. -e +172800 -N unixtime zone.db K*.private 2>&1"
2010-03-02 10:59:12.415: debug: Cmd dnssec-signzone return: "zone.db.signed"
2010-03-02 10:59:12.416: debug: Signing completed after 0s.
2010-03-03 23:22:00.127: debug: Check RFC5011 status
2010-03-03 23:22:00.127: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-03-03 23:22:00.127: debug: Check KSK status
2010-03-03 23:22:00.127: warning: "sub.example.net.": lifetime of key signing key 42834 exceeded since 4w3d3h38m21s
2010-03-03 23:22:00.127: debug: Check ZSK status
2010-03-03 23:22:00.127: debug: Lifetime(390 sec) of depreciated key 49712 exceeded (130969 sec)
2010-03-03 23:22:00.127: info: "sub.example.net.": old ZSK 49712 removed
2010-03-03 23:22:00.127: debug: ->remove it
2010-03-03 23:22:00.127: debug: Re-signing necessary: Modfied zone key set
2010-03-03 23:22:00.127: notice: "sub.example.net.": re-signing triggered: Modfied zone key set
2010-03-03 23:22:00.127: debug: Writing key file "./sub.example.net/dnskey.db"
2010-03-03 23:22:00.127: debug: Signing zone "sub.example.net."
2010-03-03 23:22:00.127: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -3 A3B721 -C -g -p -d ../keysets -o sub.example.net. -e +172800 -N unixtime zone.db K*.private 2>&1"
2010-03-03 23:22:00.394: debug: Cmd dnssec-signzone return: "zone.db.signed"
2010-03-03 23:22:00.394: debug: Signing completed after 0s.
2010-03-08 23:11:49.663: debug: Check RFC5011 status
2010-03-08 23:11:49.663: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-03-08 23:11:49.663: debug: Check KSK status
2010-03-08 23:11:49.663: warning: "sub.example.net.": lifetime of key signing key 42834 exceeded since 5w1d3h28m10s
2010-03-08 23:11:49.664: debug: Check ZSK status
2010-03-08 23:11:49.664: debug: Lifetime(259200 +/-150 sec) of active key 65009 exceeded (562358 sec)
2010-03-08 23:11:49.664: debug: ->depreciate it
2010-03-08 23:11:49.664: debug: ->activate published key 27377
2010-03-08 23:11:49.664: notice: "sub.example.net.": lifetime of zone signing key 65009 exceeded: ZSK rollover done
2010-03-08 23:11:49.664: debug: New key for publishing needed
2010-03-08 23:11:50.060: debug: ->creating new key 41747
2010-03-08 23:11:50.060: info: "sub.example.net.": new key 41747 generated for publishing
2010-03-08 23:11:50.060: debug: Re-signing necessary: Modfied zone key set
2010-03-08 23:11:50.061: notice: "sub.example.net.": re-signing triggered: Modfied zone key set
2010-03-08 23:11:50.061: debug: Writing key file "././sub.example.net/dnskey.db"
2010-03-08 23:11:50.061: debug: Signing zone "sub.example.net."
2010-03-08 23:11:50.061: debug: Run cmd "cd ././sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -3 71C04F -C -g -p -d ../keysets -o sub.example.net. -e +172800 -N unixtime zone.db K*.private 2>&1"
2010-03-08 23:11:50.169: debug: Cmd dnssec-signzone return: "zone.db.signed"
2010-03-08 23:11:50.169: debug: Signing completed after 0s.
2010-03-08 23:18:52.243: debug: Check RFC5011 status
2010-03-08 23:18:52.243: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-03-08 23:18:52.243: debug: Check KSK status
2010-03-08 23:18:52.243: warning: "sub.example.net.": lifetime of key signing key 42834 exceeded since 5w1d3h35m13s
2010-03-08 23:18:52.243: debug: Check ZSK status
2010-03-08 23:18:52.243: debug: Lifetime(390 sec) of depreciated key 65009 exceeded (423 sec)
2010-03-08 23:18:52.243: info: "sub.example.net.": old ZSK 65009 removed
2010-03-08 23:18:52.243: debug: ->remove it
2010-03-08 23:18:52.243: debug: Re-signing necessary: Modfied zone key set
2010-03-08 23:18:52.243: notice: "sub.example.net.": re-signing triggered: Modfied zone key set
2010-03-08 23:18:52.243: debug: Writing key file "././sub.example.net/dnskey.db"
2010-03-08 23:18:52.243: debug: Signing zone "sub.example.net."
2010-03-08 23:18:52.243: debug: Run cmd "cd ././sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -3 CF729B -C -g -p -d ../keysets -o sub.example.net. -e +172800 -N unixtime zone.db K*.private 2>&1"
2010-03-08 23:18:52.287: debug: Cmd dnssec-signzone return: "zone.db.signed"
2010-03-08 23:18:52.287: debug: Signing completed after 0s.
2010-03-11 23:46:35.497: debug: Check RFC5011 status
2010-03-11 23:46:35.497: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-03-11 23:46:35.497: debug: Check KSK status
2010-03-11 23:46:35.497: warning: "sub.example.net.": lifetime of key signing key 42834 exceeded since 5w4d4h2m56s
2010-03-11 23:46:35.498: debug: Check ZSK status
2010-03-11 23:46:35.498: debug: Lifetime(259200 +/-150 sec) of active key 27377 exceeded (261286 sec)
2010-03-11 23:46:35.498: debug: ->depreciate it
2010-03-11 23:46:35.498: debug: ->activate published key 41747
2010-03-11 23:46:35.498: notice: "sub.example.net.": lifetime of zone signing key 27377 exceeded: ZSK rollover done
2010-03-11 23:46:35.498: debug: New key for publishing needed
2010-03-11 23:46:35.768: debug: ->creating new key 2048
2010-03-11 23:46:35.768: info: "sub.example.net.": new key 2048 generated for publishing
2010-03-11 23:46:35.768: debug: Re-signing necessary: Modfied zone key set
2010-03-11 23:46:35.768: notice: "sub.example.net.": re-signing triggered: Modfied zone key set
2010-03-11 23:46:35.768: debug: Writing key file "./sub.example.net/dnskey.db"
2010-03-11 23:46:35.768: debug: Signing zone "sub.example.net."
2010-03-11 23:46:35.768: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -3 B86C9F -C -g -p -d ../keysets -o sub.example.net. -e +172800 -N unixtime zone.db K*.private 2>&1"
2010-03-11 23:46:35.814: debug: Cmd dnssec-signzone return: "zone.db.signed"
2010-03-11 23:46:35.814: debug: Signing completed after 0s.
2010-03-11 23:52:33.132: debug: Check RFC5011 status
2010-03-11 23:52:33.132: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-03-11 23:52:33.132: debug: Check KSK status
2010-03-11 23:52:33.132: warning: "sub.example.net.": lifetime of key signing key 42834 exceeded since 5w4d4h8m54s
2010-03-11 23:52:33.132: debug: Check ZSK status
2010-03-11 23:52:33.132: debug: Re-signing not necessary!
2010-03-11 23:52:33.132: debug: Check if there is a parent file to copy
2010-03-11 23:53:27.804: debug: Check RFC5011 status
2010-03-11 23:53:27.804: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-03-11 23:53:27.804: debug: Check KSK status
2010-03-11 23:53:27.804: warning: "sub.example.net.": lifetime of key signing key 42834 exceeded since 5w4d4h9m48s
2010-03-11 23:53:27.804: debug: Check ZSK status
2010-03-11 23:53:27.804: debug: Lifetime(390 sec) of depreciated key 27377 exceeded (412 sec)
2010-03-11 23:53:27.804: info: "sub.example.net.": old ZSK 27377 removed
2010-03-11 23:53:27.804: debug: ->remove it
2010-03-11 23:53:27.804: debug: Re-signing necessary: Modfied zone key set
2010-03-11 23:53:27.804: notice: "sub.example.net.": re-signing triggered: Modfied zone key set
2010-03-11 23:53:27.804: debug: Writing key file "./sub.example.net/dnskey.db"
2010-03-11 23:53:27.804: debug: Signing zone "sub.example.net."
2010-03-11 23:53:27.805: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -3 67AA7F -C -g -p -d ../keysets -o sub.example.net. -e +172800 -N unixtime zone.db K*.private 2>&1"
2010-03-11 23:53:27.856: debug: Cmd dnssec-signzone return: "zone.db.signed"
2010-03-11 23:53:27.856: debug: Signing completed after 0s.

25
contrib/zkt/examples/flat/sub.example.net/zone.db
View file

@ -1,25 +0,0 @@
;-----------------------------------------------------------------
;
; @(#) sub.example.net/zone.db
;
;-----------------------------------------------------------------
$TTL 7200
@ IN SOA ns1.example.net. hostmaster.example.net. (
2 ; Serial
86400 ; Refresh (RIPE recommendation if NOTIFY is used)
1800 ; Retry
2W ; Expire
7200 ) ; Minimum
IN NS ns1.example.net.
$INCLUDE dnskey.db
localhost IN A 127.0.0.1
a IN A 1.2.3.4
b IN A 1.2.3.5
c IN A 1.2.3.6

109
contrib/zkt/examples/flat/sub.example.net/zone.db.signed
View file

@ -1,109 +0,0 @@
; File written on Tue Jun 30 13:02:21 2009
; dnssec_signzone version 9.7.0a1
sub.example.net. 7200 IN SOA ns1.example.net. hostmaster.example.net. (
1246359741 ; serial
86400 ; refresh (1 day)
1800 ; retry (30 minutes)
1209600 ; expire (2 weeks)
7200 ; minimum (2 hours)
)
7200 RRSIG SOA 7 3 7200 20090702100221 (
20090630100221 32345 sub.example.net.
xaNZK008xUwN1mWIUMpMNljZ7mOsYyzQ89ug
Ephuttdlqm5KdMAlopa9Qfgw+83YQzyonAKj
beUBuNmOKBwgQw== )
7200 NS ns1.example.net.
7200 RRSIG NS 7 3 7200 20090702100221 (
20090630100221 32345 sub.example.net.
xVsGH4dLDwHBhRo/R+BlQMgdXW5Y80xVEiYY
jrPH3A1j8i+PotbNA0F7eKA/0fKFmj4biCAK
LPErXQ8ObaggQA== )
3600 DNSKEY 256 3 7 (
AwEAAb8LrlJIOAk1i3SPPgyL/TVtXT2ykAOk
GVXL/kII5le3sH8Ud9f5+3ObrK1FEPo9WB1z
NwICF4QjetjqUGta4Ak=
) ; key id = 14600
3600 DNSKEY 256 3 7 (
AwEAAduKKWu4sKycg54OYJnc4/Tzb1OFvxGw
hAh4pVpl003JrxT/pQjIw/zJFEnUgwCDDmGf
fNq73SbkyknTyXYRe2k=
) ; key id = 32345
3600 DNSKEY 257 3 7 (
AwEAAcVJgMf71y0M2KfrhiAKIHkhS8MlgmKb
jkaBY56zZRAQMwHJyMODZcIgBQvPkxGw/1Yr
/5v3ZbOwVCj7zeYfve+tRsXXBEYTvo7POLE9
H0iMf69vq7Qxh82/q+LpBH1818iDhBn6q0f7
ww4Flo7B3u5zJf6FHul8JPx5UPSENnx3
) ; key id = 48516
3600 RRSIG DNSKEY 7 3 3600 20090702100221 (
20090630100221 32345 sub.example.net.
2P0CEAUnKV6Pa3Ryl1naH9Ve/va1k7oKyJyB
dinSyD/UVnGV7+iipUgDOcOAbNCYBCUVfKE9
GcBg3KQvJl0+AQ== )
3600 RRSIG DNSKEY 7 3 3600 20090702100221 (
20090630100221 48516 sub.example.net.
PB5I2/PuswNIxwDykcQEc/4+aUx/dJg9YfXx
f1gZL5ayZK01dVYsoZ8USV9IEX27NqFwjQO/
iTgB3eAEeBf4283XZ3VeXQRJ4iaMbL42TVid
qlKHQgniTPJAoytNRFVDvU3196YJECb8Z7L5
F6avz0sLu3gtDu/nwyyK/5Hf3kM= )
0 NSEC3PARAM 1 0 100 86F43F
0 RRSIG NSEC3PARAM 7 3 0 20090702100221 (
20090630100221 32345 sub.example.net.
e6ABPEvRsRxDn/6VaDlZWctckrXmO3KhmTF0
gtn7V+kR5J07XF+iS7jnfpEDUJWSRhJDTtVV
3uTWjwSs7kyfDQ== )
a.sub.example.net. 7200 IN A 1.2.3.4
7200 RRSIG A 7 4 7200 20090702100221 (
20090630100221 32345 sub.example.net.
GEvo0V/h1H5LQz1hAd6FtgN1cX/FR1ADLDjD
LEcrzGVBqPCB7OjyXVsHqjq3uGmFI7uZn+K/
hXTkHJif/0w78g== )
b.sub.example.net. 7200 IN A 1.2.3.5
7200 RRSIG A 7 4 7200 20090702100221 (
20090630100221 32345 sub.example.net.
OVvrujb8/jziQqf37zHnTOQCz2e5RAVCpdt4
rqd8U/Jzf36tKkPD1qSIJ8zJaAY3LfOLNYDU
T10UWy4dnxfoNQ== )
c.sub.example.net. 7200 IN A 1.2.3.6
7200 RRSIG A 7 4 7200 20090702100221 (
20090630100221 32345 sub.example.net.
b8A0VTnFi194xkeSKpK6iHcgDvuKGSFzZHSd
qPmMwJzflTmsLTxgXEZ9KY4BDbccSTaJVEwr
JJ+/QuqBHFyISQ== )
localhost.sub.example.net. 7200 IN A 127.0.0.1
7200 RRSIG A 7 4 7200 20090702100221 (
20090630100221 32345 sub.example.net.
HtRrjUhpveofocEBNMEc++mYg9oYfZgnANA5
TyuS20tcCw/rAhGh3E3vMyhBBq4Ps1QT74+f
S06Z9C5YaKI7ig== )
7EJ08VDH70TNH3I9SD4MDBVA4S00PALI.sub.example.net. 7200 IN NSEC3 1 0 100 86F43F AFRQ27Q7JGUJ2SA0AVDKT2DLILIGBLUG A RRSIG
7200 RRSIG NSEC3 7 4 7200 20090702100221 (
20090630100221 32345 sub.example.net.
L1QIfw4hfGk4jSWBeWWGviTAt/2i1wRXE2Qe
yspyHNhG38jzGKXR5WH7FLdBzbqMHUHv9i+k
/t2mOvXB11pLqQ== )
AFRQ27Q7JGUJ2SA0AVDKT2DLILIGBLUG.sub.example.net. 7200 IN NSEC3 1 0 100 86F43F D0RE91KNGIR4STOQOPTK16C5C63NN2S0 NS SOA RRSIG DNSKEY NSEC3PARAM
7200 RRSIG NSEC3 7 4 7200 20090702100221 (
20090630100221 32345 sub.example.net.
I7JJTzzkJF3lB/A68KCuihWUMUY9PCW39PEa
axi5WDld4ceWVoGx18mPePrlmvjwepo9UGqc
ivGHaozr64hBjg== )
D0RE91KNGIR4STOQOPTK16C5C63NN2S0.sub.example.net. 7200 IN NSEC3 1 0 100 86F43F K46BIT3RVSBTLC8I8H312CFSNECEJ3S4 A RRSIG
7200 RRSIG NSEC3 7 4 7200 20090702100221 (
20090630100221 32345 sub.example.net.
Q1g/fnqJl9tq35CoDFccQ7Ba7BcSzcsY35J5
h5DgaHkaAmj6QOX1pdfIuVhw0Ow9aBB4XrZo
wHjm0Ab+ez7COg== )
K46BIT3RVSBTLC8I8H312CFSNECEJ3S4.sub.example.net. 7200 IN NSEC3 1 0 100 86F43F L5LI4EFLKNFCE0APSP91SBRCOT0PHLQ0 A RRSIG
7200 RRSIG NSEC3 7 4 7200 20090702100221 (
20090630100221 32345 sub.example.net.
AIfEvkwdU9GE5bBp8OBc0xJtjfF7NAVMkquB
2UQzZgZP+63/nq2+uml+79Gwlc7KBjLjLfRr
eARbsKjcsRJF7A== )
L5LI4EFLKNFCE0APSP91SBRCOT0PHLQ0.sub.example.net. 7200 IN NSEC3 1 0 100 86F43F 7EJ08VDH70TNH3I9SD4MDBVA4S00PALI A RRSIG
7200 RRSIG NSEC3 7 4 7200 20090702100221 (
20090630100221 32345 sub.example.net.
IVMkxbD3eWr39sqXSJ6ARCyiMjeFB6xs+Bxc
BRKJ6TCRBRHDlp1Rf7AM+jQgKMAe3Tm+OqVn
zBrGA0FxGvo4Pg== )

1031
contrib/zkt/examples/flat/zkt.log
View file

File diff suppressed because it is too large Load diff

10
contrib/zkt/examples/flat/zone.conf
View file

@ -1,10 +0,0 @@
zone "example.NET." in {
type master;
file "example.net/zone.db.signed";
};
zone "sub.example.NET." in {
type master;
file "sub.example.net/zone.db.signed";
};

Some files were not shown because too many files have changed in this diff Show more