Re: Cannot use dnssec-settime with old keys

2010-02-25 Thread Stephane Bortzmeyer 
On Thu, Feb 25, 2010 at 10:47:58AM +0100,
 Hauke Lampe  wrote 
 a message of 55 lines which said:

> For example, try:
> > dnssec-settime -P+0 -A+0 -f -v 3 Ktoto.fr.+008+42555

OK, it works, thanks.
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Cannot use dnssec-settime with old keys

2010-02-25 Thread Hauke Lampe 
Stephane Bortzmeyer wrote:

> And strace (Debian/Linux box) shows that key files were opened only in
> read-only and no file was opened for writing:
> 
> % strace dnssec-settime -f -v 3 Ktoto.fr.+008+42555 |& grep open
> 
> Did anyone managed to use dnssec-settime -f ? 

Yes. The key file format is upgraded on write operations only.

For example, try:
> dnssec-settime -P+0 -A+0 -f -v 3 Ktoto.fr.+008+42555


Hauke.



signature.asc
Description: OpenPGP digital signature
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Cannot use dnssec-settime with old keys

2010-02-25 Thread Stephane Bortzmeyer 
On Tue, Feb 23, 2010 at 05:54:01PM +0100,
 Stephane Bortzmeyer  wrote 
 a message of 18 lines which said:

> OK, I upgrade:
> 
> % dnssec-settime  -v 3 -f Ktoto.fr.+008+42555 
> dnssec-settime: toto.fr/RSASHA256/42555
> 
> But it changed nothing, ls -l shows that the file did not change and I
> still get the message "incompatible format version 1.2".

And strace (Debian/Linux box) shows that key files were opened only in
read-only and no file was opened for writing:

% strace dnssec-settime -f -v 3 Ktoto.fr.+008+42555 |& grep open
...
open("./Ktoto.fr.+008+42555.key", O_RDONLY) = 4
open("./Ktoto.fr.+008+42555.private", O_RDONLY) = 4

Did anyone managed to use dnssec-settime -f ? 
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Cannot use dnssec-settime with old keys

2010-02-23 Thread Stephane Bortzmeyer 
I try to play with the new toy, DNSSEC timing meta-data in key files.

% dnssec-settime  -v 3 Ktoto.fr.+008+42555
dnssec-settime: fatal: Key toto.fr/RSASHA256/42555 has incompatible format 
version 1.2, use -f to force upgrade to new version.

OK, I upgrade:

% dnssec-settime  -v 3 -f Ktoto.fr.+008+42555 
dnssec-settime: toto.fr/RSASHA256/42555

But it changed nothing, ls -l shows that the file did not change and I
still get the message "incompatible format version 1.2".

9.7.0
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users