Re: Cannot use dnssec-settime with old keys
On Thu, Feb 25, 2010 at 10:47:58AM +0100, Hauke Lampe wrote a message of 55 lines which said: > For example, try: > > dnssec-settime -P+0 -A+0 -f -v 3 Ktoto.fr.+008+42555 OK, it works, thanks. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Cannot use dnssec-settime with old keys
Stephane Bortzmeyer wrote: > And strace (Debian/Linux box) shows that key files were opened only in > read-only and no file was opened for writing: > > % strace dnssec-settime -f -v 3 Ktoto.fr.+008+42555 |& grep open > > Did anyone managed to use dnssec-settime -f ? Yes. The key file format is upgraded on write operations only. For example, try: > dnssec-settime -P+0 -A+0 -f -v 3 Ktoto.fr.+008+42555 Hauke. signature.asc Description: OpenPGP digital signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Cannot use dnssec-settime with old keys
On Tue, Feb 23, 2010 at 05:54:01PM +0100, Stephane Bortzmeyer wrote a message of 18 lines which said: > OK, I upgrade: > > % dnssec-settime -v 3 -f Ktoto.fr.+008+42555 > dnssec-settime: toto.fr/RSASHA256/42555 > > But it changed nothing, ls -l shows that the file did not change and I > still get the message "incompatible format version 1.2". And strace (Debian/Linux box) shows that key files were opened only in read-only and no file was opened for writing: % strace dnssec-settime -f -v 3 Ktoto.fr.+008+42555 |& grep open ... open("./Ktoto.fr.+008+42555.key", O_RDONLY) = 4 open("./Ktoto.fr.+008+42555.private", O_RDONLY) = 4 Did anyone managed to use dnssec-settime -f ? ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Cannot use dnssec-settime with old keys
I try to play with the new toy, DNSSEC timing meta-data in key files. % dnssec-settime -v 3 Ktoto.fr.+008+42555 dnssec-settime: fatal: Key toto.fr/RSASHA256/42555 has incompatible format version 1.2, use -f to force upgrade to new version. OK, I upgrade: % dnssec-settime -v 3 -f Ktoto.fr.+008+42555 dnssec-settime: toto.fr/RSASHA256/42555 But it changed nothing, ls -l shows that the file did not change and I still get the message "incompatible format version 1.2". 9.7.0 ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users