Hi, I am trying to use zkt to sign two zones, tlund.se and ipv6-only.tlund.se and I am having trouble understanding what I need to do to get zkt to insert data from ipv6-only.tlund.se into the parentzone tlund.se.
Directory structure is as follows: /etc/bind/dnssec/tlund.se/ /etc/bind/dnssec/tlund.se/ipv6-only.tlund.se/ These two dirs contains a zone.db for respective domain. After running zkt, it generates a signed zone zone.db.signed for both tlund.se and ipv6-only.tlund.se, but no DS-records for ipv6-only.tlund.se are included in the parent zone. the broken delegation can be seen with dig as these domains are live in the DNS system or at http://dnsviz.net/d/ipv6-only.tlund.se/dnssec/ Output from zkt-signer: $ /usr/local/bin/zkt-signer -vv -c /etc/bind/dnssec/dnssec.conf parsing zone "ipv6-only.tlund.se." in dir "/etc/bind/dnssec/tlund.se/ipv6-only.tlund.se" Check RFC5011 status ->not a rfc5011 zone, looking for a regular ksk rollover Check KSK status Check ZSK status Re-signing necessary: Zone file edited Writing key file "/etc/bind/dnssec/tlund.se/ipv6-only.tlund.se/dnskey.db" Incrementing serial number in file "/etc/bind/dnssec/tlund.se/ipv6-only.tlund.se/zone.db" Signing zone "ipv6-only.tlund.se." Run cmd "cd /etc/bind/dnssec/tlund.se/ipv6-only.tlund.se; /usr/sbin/dnssec-signzone -C -g -o ipv6-only.tlund.se. -e +864000 zone.db K*.private 2>&1" Cmd dnssec-signzone return: "zone.db.signed" Signing completed after 0s. parsing zone "tlund.se." in dir "/etc/bind/dnssec/tlund.se" Check RFC5011 status ->not a rfc5011 zone, looking for a regular ksk rollover Check KSK status Check ZSK status Re-signing necessary: Zone file edited Writing key file "/etc/bind/dnssec/tlund.se/dnskey.db" Incrementing serial number in file "/etc/bind/dnssec/tlund.se/zone.db" Signing zone "tlund.se." Run cmd "cd /etc/bind/dnssec/tlund.se; /usr/sbin/dnssec-signzone -C -g -o tlund.se. -e +864000 zone.db K*.private 2>&1" Cmd dnssec-signzone return: "zone.db.signed" Signing completed after 0s. //tlund ------------------------------------------------------------------------------ For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2 _______________________________________________ zkt-users mailing list zkt-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/zkt-users