Package: dnssec-tools Version: 1.5-1.1 Severity: normal Initial usage: | $ zonesigner -zone example.org test | dnssec-signzone: warning: test.zs:1: no TTL specified; using SOA MINTTL instead | Verifying the zone using the following algorithms: RSASHA1. | Zone signing complete: | Algorithm: RSASHA1: KSKs: 1 active, 0 stand-by, 0 revoked | ZSKs: 1 active, 1 stand-by, 0 revoked | | zone signed successfully | | example.org: | KSK (cur) 40558 -b 2048 07/12/10 (example.org-signset-6) | ZSK (cur) 32976 -b 1024 07/12/10 (example.org-signset-4) | ZSK (pub) 31155 -b 1024 07/12/10 (example.org-signset-5) | | zone will expire in 4 weeks, 2 days, 0 seconds | DO NOT delete the keys until this time has passed.
The test.krf file does not include the correct zone name: | $ cat test.krf | zone "test" | zonefile "test" | keyrec_type "zone" | keyrec_signsecs "1278948978" | keyrec_signdate "Mon Jul 12 15:36:18 2010" And is therefor not able to sign it without help on the second time: | $ zonesigner test | cur ZSK does not exist; unable to re-use non-existent cur ZSK Bastian -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages dnssec-tools depends on: pn bind9 <none> (no description available) pn libnet-dns-perl <none> (no description available) pn libnet-dns-sec-perl <none> (no description available) ii libtimedate-perl 1.2000-1 collection of modules to manipulat ii perl 5.10.1-13 Larry Wall's Practical Extraction dnssec-tools recommends no packages. dnssec-tools suggests no packages. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
