[zkt-users] What is the correct way to sign a zone and a child to that zone?

Thu, 12 Apr 2012 12:51:21 -0700 

Hi,

I am trying to use zkt to sign two zones, tlund.se and ipv6-only.tlund.se 
and I am having trouble understanding what I need to do to get zkt to 
insert data from ipv6-only.tlund.se into the parentzone tlund.se.

Directory structure is as follows:

/etc/bind/dnssec/tlund.se/
/etc/bind/dnssec/tlund.se/ipv6-only.tlund.se/

These two dirs contains a zone.db for respective domain. After running 
zkt, it generates a signed zone zone.db.signed for both tlund.se and 
ipv6-only.tlund.se, but no DS-records for ipv6-only.tlund.se are included 
in the parent zone.

the broken delegation can be seen with dig as these domains are live in 
the DNS system or at http://dnsviz.net/d/ipv6-only.tlund.se/dnssec/

Output from zkt-signer:

$ /usr/local/bin/zkt-signer -vv -c /etc/bind/dnssec/dnssec.conf
parsing zone "ipv6-only.tlund.se." in dir 
"/etc/bind/dnssec/tlund.se/ipv6-only.tlund.se"
         Check RFC5011 status
                 ->not a rfc5011 zone, looking for a regular ksk rollover
         Check KSK status
         Check ZSK status
         Re-signing necessary: Zone file edited
         Writing key file 
"/etc/bind/dnssec/tlund.se/ipv6-only.tlund.se/dnskey.db"
         Incrementing serial number in file 
"/etc/bind/dnssec/tlund.se/ipv6-only.tlund.se/zone.db"
         Signing zone "ipv6-only.tlund.se."
           Run cmd "cd /etc/bind/dnssec/tlund.se/ipv6-only.tlund.se; 
/usr/sbin/dnssec-signzone  -C -g -o ipv6-only.tlund.se. -e +864000  zone.db 
K*.private 2>&1"
           Cmd dnssec-signzone return: "zone.db.signed"
         Signing completed after 0s.

parsing zone "tlund.se." in dir "/etc/bind/dnssec/tlund.se"
         Check RFC5011 status
                 ->not a rfc5011 zone, looking for a regular ksk rollover
         Check KSK status
         Check ZSK status
         Re-signing necessary: Zone file edited
         Writing key file "/etc/bind/dnssec/tlund.se/dnskey.db"
         Incrementing serial number in file "/etc/bind/dnssec/tlund.se/zone.db"
         Signing zone "tlund.se."
           Run cmd "cd /etc/bind/dnssec/tlund.se; /usr/sbin/dnssec-signzone  -C 
-g -o tlund.se. -e +864000  zone.db K*.private 2>&1"
           Cmd dnssec-signzone return: "zone.db.signed"
         Signing completed after 0s.

//tlund

------------------------------------------------------------------------------
For Developers, A Lot Can Happen In A Second.
Boundary is the first to Know...and Tell You.
Monitor Your Applications in Ultra-Fine Resolution. Try it FREE!
http://p.sf.net/sfu/Boundary-d2dvs2
_______________________________________________
zkt-users mailing list
zkt-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/zkt-users

Reply via email to