137
137
2008-12-28 23:08:02.534: debug: Signing completed after 0s.
138
138
2008-12-28 23:08:02.534: debug:
139
139
2008-12-28 23:08:02.534: notice: end of run: 0 errors occured
140
2009-02-28 12:31:26.082: notice: ------------------------------------------------------------
141
2009-02-28 12:31:26.083: notice: running ../../dnssec-signer -N named.conf
142
2009-02-28 12:31:26.100: debug: parsing zone "sub.example.net." in dir "././sub.example.net"
143
2009-02-28 12:31:26.100: debug: Check RFC5011 status
144
2009-02-28 12:31:26.100: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
145
2009-02-28 12:31:26.100: debug: Check KSK status
146
2009-02-28 12:31:26.100: warning: "sub.example.net.": lifetime of key signing key 18846 exceeded since 1d12h35m58s
147
2009-02-28 12:31:26.100: debug: Check ZSK status
148
2009-02-28 12:31:26.100: debug: Lifetime(390 sec) of depreciated key 22440 exceeded (5315758 sec)
149
2009-02-28 12:31:26.100: info: "sub.example.net.": old ZSK 22440 removed
150
2009-02-28 12:31:26.101: debug: ->remove it
151
2009-02-28 12:31:26.101: debug: Lifetime(259200 +/-150 sec) of active key 5823 exceeded (5315758 sec)
152
2009-02-28 12:31:26.101: debug: ->depreciate it
153
2009-02-28 12:31:26.101: debug: ->activate published key 4710
154
2009-02-28 12:31:26.101: notice: "sub.example.net.": lifetime of zone signing key 5823 exceeded: ZSK rollover done
155
2009-02-28 12:31:26.101: debug: New key for publishing needed
156
2009-02-28 12:31:28.559: debug: ->creating new key 32820
157
2009-02-28 12:31:28.559: info: "sub.example.net.": new key 32820 generated for publishing
158
2009-02-28 12:31:28.559: debug: Re-signing necessary: Modfied zone key set
159
2009-02-28 12:31:28.560: notice: "sub.example.net.": re-signing triggered: Modfied zone key set
160
2009-02-28 12:31:28.560: debug: Writing key file "././sub.example.net/dnskey.db"
161
2009-02-28 12:31:28.560: debug: Signing zone "sub.example.net."
162
2009-02-28 12:31:28.560: debug: Run cmd "cd ././sub.example.net; /usr/local/sbin/dnssec-signzone -3 FC6C7C -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
163
2009-02-28 12:31:28.803: debug: Cmd dnssec-signzone return: "zone.db.signed"
164
2009-02-28 12:31:28.803: debug: Signing completed after 0s.
165
2009-02-28 12:31:28.803: debug:
166
2009-02-28 12:31:28.803: debug: parsing zone "example.net." in dir "././example.net"
167
2009-02-28 12:31:28.803: debug: Check RFC5011 status
168
2009-02-28 12:31:28.803: notice: "example.net.": starting rfc5011 rollover
169
2009-02-28 12:31:28.803: debug: Lifetime of Key Signing Key 1764 exceeded (8w5d12h36m): Starting rfc5011 rollover!
170
2009-02-28 12:31:28.803: debug: =>Generating new standby key signing key
171
2009-02-28 12:31:29.067: info: "example.net.": generated new standby KSK 33840
172
2009-02-28 12:31:29.067: debug: =>Activating old standby key 7308
173
2009-02-28 12:31:29.068: debug: =>Revoking old active key 1764
174
2009-02-28 12:31:29.068: debug: Check ZSK status
175
2009-02-28 12:31:29.068: debug: Re-signing necessary: Modfied zone key set
176
2009-02-28 12:31:29.068: notice: "example.net.": re-signing triggered: Modfied zone key set
177
2009-02-28 12:31:29.068: debug: Writing key file "././example.net/dnskey.db"
178
2009-02-28 12:31:29.069: debug: Incrementing serial number in file "././example.net/zone.db"
179
2009-02-28 12:31:29.069: debug: Signing zone "example.net."
180
2009-02-28 12:31:29.069: debug: Run cmd "cd ././example.net; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
181
2009-02-28 12:31:29.206: debug: Cmd dnssec-signzone return: "zone.db.signed"
182
2009-02-28 12:31:29.206: debug: Signing completed after 0s.
183
2009-02-28 12:31:29.206: debug:
184
2009-02-28 12:31:29.206: notice: end of run: 0 errors occured
185
2009-02-28 12:31:34.121: notice: ------------------------------------------------------------
186
2009-02-28 12:31:34.121: notice: running ../../dnssec-signer -v -v -N named.conf
187
2009-02-28 12:31:34.126: debug: parsing zone "sub.example.net." in dir "././sub.example.net"
188
2009-02-28 12:31:34.126: debug: Check RFC5011 status
189
2009-02-28 12:31:34.126: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
190
2009-02-28 12:31:34.126: debug: Check KSK status
191
2009-02-28 12:31:34.126: warning: "sub.example.net.": lifetime of key signing key 18846 exceeded since 1d12h36m6s
192
2009-02-28 12:31:34.126: debug: Check ZSK status
193
2009-02-28 12:31:34.126: debug: Re-signing not necessary!
194
2009-02-28 12:31:34.126: debug: Check if there is a parent file to copy
195
2009-02-28 12:31:34.126: debug:
196
2009-02-28 12:31:34.126: debug: parsing zone "example.net." in dir "././example.net"
197
2009-02-28 12:31:34.126: debug: Check RFC5011 status
198
2009-02-28 12:31:34.126: debug: zone "example.net.": found revoked key with exptime of: Feb 28 2009 12:31:28
199
2009-02-28 12:31:34.126: debug: Check ZSK status
200
2009-02-28 12:31:34.126: debug: Re-signing not necessary!
201
2009-02-28 12:31:34.126: debug: Check if there is a parent file to copy
202
2009-02-28 12:31:34.126: debug:
203
2009-02-28 12:31:34.126: notice: end of run: 0 errors occured
204
2009-02-28 12:32:49.522: notice: ------------------------------------------------------------
205
2009-02-28 12:32:49.522: notice: running ../../dnssec-signer -v -v -N named.conf
206
2009-02-28 12:32:49.525: debug: parsing zone "sub.example.net." in dir "././sub.example.net"
207
2009-02-28 12:32:49.525: debug: Check RFC5011 status
208
2009-02-28 12:32:49.525: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
209
2009-02-28 12:32:49.525: debug: Check KSK status
210
2009-02-28 12:32:49.525: warning: "sub.example.net.": lifetime of key signing key 18846 exceeded since 1d12h37m21s
211
2009-02-28 12:32:49.525: debug: Check ZSK status
212
2009-02-28 12:32:49.526: debug: Re-signing not necessary!
213
2009-02-28 12:32:49.526: debug: Check if there is a parent file to copy
214
2009-02-28 12:32:49.526: debug:
215
2009-02-28 12:32:49.526: debug: parsing zone "example.net." in dir "././example.net"
216
2009-02-28 12:32:49.526: debug: Check RFC5011 status
217
2009-02-28 12:32:49.526: debug: zone "example.net.": found revoked key with exptime of: Feb 28 2009 12:31:28
218
2009-02-28 12:32:49.526: debug: Check ZSK status
219
2009-02-28 12:32:49.526: debug: Re-signing not necessary!
220
2009-02-28 12:32:49.526: debug: Check if there is a parent file to copy
221
2009-02-28 12:32:49.527: debug:
222
2009-02-28 12:32:49.527: notice: end of run: 0 errors occured
223
2009-02-28 12:42:47.999: notice: ------------------------------------------------------------
224
2009-02-28 12:42:48.000: notice: running ../../dnssec-signer -v -v -N named.conf
225
2009-02-28 12:45:56.491: notice: ------------------------------------------------------------
226
2009-02-28 12:45:56.491: notice: running ../../dnssec-signer -v -v -N named.conf
227
2009-02-28 12:50:13.057: notice: ------------------------------------------------------------
228
2009-02-28 12:50:13.057: notice: running ../../dnssec-signer -v -v -N named.conf
229
2009-02-28 12:50:54.700: notice: ------------------------------------------------------------
230
2009-02-28 12:50:54.700: notice: running ../../dnssec-signer -v -v -N named.conf
231
2009-02-28 12:52:23.926: notice: ------------------------------------------------------------
232
2009-02-28 12:52:23.926: notice: running ../../dnssec-signer -v -v -N named.conf
233
2009-02-28 12:52:23.933: debug: parsing zone "sub.example.net." in dir "././sub.example.net"
234
2009-02-28 12:52:23.934: debug: Check RFC5011 status
235
2009-02-28 12:52:23.934: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
236
2009-02-28 12:52:23.934: debug: Check KSK status
237
2009-02-28 12:52:23.934: warning: "sub.example.net.": lifetime of key signing key 18846 exceeded since 1d12h56m55s
238
2009-02-28 12:52:23.934: debug: Check ZSK status
239
2009-02-28 12:52:23.934: debug: Lifetime(390 sec) of depreciated key 5823 exceeded (1257 sec)
240
2009-02-28 12:52:23.934: info: "sub.example.net.": old ZSK 5823 removed
241
2009-02-28 12:52:23.934: debug: ->remove it
242
2009-02-28 12:52:23.934: debug: Re-signing necessary: Modfied zone key set
243
2009-02-28 12:52:23.934: notice: "sub.example.net.": re-signing triggered: Modfied zone key set
244
2009-02-28 12:52:23.934: debug: Writing key file "././sub.example.net/dnskey.db"
245
2009-02-28 12:52:23.935: debug: Signing zone "sub.example.net."
246
2009-02-28 12:52:23.935: debug: Run cmd "cd ././sub.example.net; /usr/local/sbin/dnssec-signzone -3 A4756D -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
247
2009-02-28 12:52:24.701: debug: Cmd dnssec-signzone return: "zone.db.signed"
248
2009-02-28 12:52:24.701: debug: Signing completed after 1s.
249
2009-02-28 12:52:24.701: debug:
250
2009-02-28 12:52:24.701: debug: parsing zone "example.net." in dir "././example.net"
251
2009-02-28 12:52:24.701: debug: Check RFC5011 status
252
2009-02-28 12:52:24.701: debug: zone "example.net.": found revoked key with exptime of: Feb 28 2009 12:31:28
253
2009-02-28 12:52:24.701: debug: Check ZSK status
254
2009-02-28 12:52:24.701: debug: Re-signing not necessary!
255
2009-02-28 12:52:24.701: debug: Check if there is a parent file to copy
256
2009-02-28 12:52:24.701: debug:
257
2009-02-28 12:52:24.701: notice: end of run: 0 errors occured
258
2009-02-28 12:53:08.325: notice: ------------------------------------------------------------
259
2009-02-28 12:53:08.325: notice: running ../../dnssec-signer -v -v -N named.conf
260
2009-02-28 12:53:48.858: notice: ------------------------------------------------------------
261
2009-02-28 12:53:48.858: notice: running ../../dnssec-signer -v -v -N named.conf
262
2009-02-28 12:54:09.878: notice: ------------------------------------------------------------
263
2009-02-28 12:54:09.878: notice: running ../../dnssec-signer -v -v -N named.conf
264
2009-02-28 12:54:09.885: debug: parsing zone "sub.example.net." in dir "/home/hoz/share/named/dnssec-signer/zkt-0.99/examples/flat/./sub.example.net"
265
2009-02-28 12:54:09.885: debug: Check RFC5011 status
266
2009-02-28 12:54:09.885: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
267
2009-02-28 12:54:09.885: debug: Check KSK status
268
2009-02-28 12:54:09.886: warning: "sub.example.net.": lifetime of key signing key 18846 exceeded since 1d12h58m41s
269
2009-02-28 12:54:09.886: debug: Check ZSK status
270
2009-02-28 12:54:09.886: debug: Re-signing not necessary!
271
2009-02-28 12:54:09.886: debug: Check if there is a parent file to copy
272
2009-02-28 12:54:09.886: debug:
273
2009-02-28 12:54:09.886: debug: parsing zone "example.net." in dir "/home/hoz/share/named/dnssec-signer/zkt-0.99/examples/flat/./example.net"
274
2009-02-28 12:54:09.886: debug: Check RFC5011 status
275
2009-02-28 12:54:09.886: debug: zone "example.net.": found revoked key with exptime of: Feb 28 2009 12:31:28
276
2009-02-28 12:54:09.886: debug: Check ZSK status
277
2009-02-28 12:54:09.886: debug: Re-signing not necessary!
278
2009-02-28 12:54:09.886: debug: Check if there is a parent file to copy
279
2009-02-28 12:54:09.886: debug:
280
2009-02-28 12:54:09.886: notice: end of run: 0 errors occured
281
2009-02-28 12:55:02.579: notice: ------------------------------------------------------------
282
2009-02-28 12:55:02.579: notice: running ../../dnssec-signer -v -v -N named.conf
283
2009-03-03 19:13:47.524: notice: ------------------------------------------------------------
284
2009-03-03 19:13:47.524: notice: running ../../dnssec-signer -v -v -N named.conf
285
2009-03-03 19:13:47.532: debug: parsing zone "sub.example.net." in dir "/home/hoz/share/named/dnssec-signer/zkt-0.99/examples/flat/./sub.example.net"
286
2009-03-03 19:13:47.532: debug: Check RFC5011 status
287
2009-03-03 19:13:47.532: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
288
2009-03-03 19:13:47.532: debug: Check KSK status
289
2009-03-03 19:13:47.533: warning: "sub.example.net.": lifetime of key signing key 18846 exceeded since 4d19h18m19s
290
2009-03-03 19:13:47.533: debug: Check ZSK status
291
2009-03-03 19:13:47.533: debug: Lifetime(259200 +/-150 sec) of active key 4710 exceeded (283341 sec)
292
2009-03-03 19:13:47.533: debug: ->depreciate it
293
2009-03-03 19:13:47.533: debug: ->activate published key 32820
294
2009-03-03 19:13:47.533: notice: "sub.example.net.": lifetime of zone signing key 4710 exceeded: ZSK rollover done
295
2009-03-03 19:13:47.533: debug: New key for publishing needed
296
2009-03-03 19:13:48.366: debug: ->creating new key 49656
297
2009-03-03 19:13:48.366: info: "sub.example.net.": new key 49656 generated for publishing
298
2009-03-03 19:13:48.366: debug: Re-signing necessary: Modfied zone key set
299
2009-03-03 19:13:48.366: notice: "sub.example.net.": re-signing triggered: Modfied zone key set
300
2009-03-03 19:13:48.367: debug: Writing key file "/home/hoz/share/named/dnssec-signer/zkt-0.99/examples/flat/./sub.example.net/dnskey.db"
301
2009-03-03 19:13:48.367: debug: Signing zone "sub.example.net."
302
2009-03-03 19:13:48.367: debug: Run cmd "cd /home/hoz/share/named/dnssec-signer/zkt-0.99/examples/flat/./sub.example.net; /usr/local/sbin/dnssec-signzone -3 BCB121 -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
303
2009-03-03 19:13:48.543: debug: Cmd dnssec-signzone return: "zone.db.signed"
304
2009-03-03 19:13:48.543: debug: Signing completed after 0s.
305
2009-03-03 19:13:48.543: debug:
306
2009-03-03 19:13:48.543: debug: parsing zone "example.net." in dir "/home/hoz/share/named/dnssec-signer/zkt-0.99/examples/flat/./example.net"
307
2009-03-03 19:13:48.543: debug: Check RFC5011 status
308
2009-03-03 19:13:48.543: debug: zone "example.net.": found revoked key with exptime of: Feb 28 2009 12:31:28
309
2009-03-03 19:13:48.543: debug: Check ZSK status
310
2009-03-03 19:13:48.543: debug: Re-signing necessary: re-signing interval (2d) reached
311
2009-03-03 19:13:48.543: notice: "example.net.": re-signing triggered: re-signing interval (2d) reached
312
2009-03-03 19:13:48.543: debug: Writing key file "/home/hoz/share/named/dnssec-signer/zkt-0.99/examples/flat/./example.net/dnskey.db"
313
2009-03-03 19:13:48.544: debug: Incrementing serial number in file "/home/hoz/share/named/dnssec-signer/zkt-0.99/examples/flat/./example.net/zone.db"
314
2009-03-03 19:13:48.544: debug: Signing zone "example.net."
315
2009-03-03 19:13:48.544: debug: Run cmd "cd /home/hoz/share/named/dnssec-signer/zkt-0.99/examples/flat/./example.net; /usr/local/sbin/dnssec-signzone -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
316
2009-03-03 19:13:48.723: debug: Cmd dnssec-signzone return: "zone.db.signed"
317
2009-03-03 19:13:48.723: debug: Signing completed after 0s.
318
2009-03-03 19:13:48.723: debug:
319
2009-03-03 19:13:48.724: notice: end of run: 0 errors occured
320
2009-03-03 19:14:16.121: notice: ------------------------------------------------------------
321
2009-03-03 19:14:16.121: notice: running ../../dnssec-signer -O namedchrootdir: /var/named -v -v -N named.conf
322
2009-03-03 19:14:30.231: notice: ------------------------------------------------------------
323
2009-03-03 19:14:30.231: notice: running ../../dnssec-signer -O namedchrootdir: . -v -v -N named.conf
324
2009-03-03 19:15:37.851: notice: ------------------------------------------------------------
325
2009-03-03 19:15:37.851: notice: running ../../dnssec-signer -O namedchrootdir: . -v -v -N named.conf
326
2009-03-03 19:15:37.853: debug: parsing zone "sub.example.net." in dir "./././sub.example.net"
327
2009-03-03 19:15:37.853: debug: Check RFC5011 status
328
2009-03-03 19:15:37.853: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
329
2009-03-03 19:15:37.853: debug: Check KSK status
330
2009-03-03 19:15:37.853: warning: "sub.example.net.": lifetime of key signing key 18846 exceeded since 4d19h20m9s
331
2009-03-03 19:15:37.853: debug: Check ZSK status
332
2009-03-03 19:15:37.853: debug: Re-signing not necessary!
333
2009-03-03 19:15:37.853: debug: Check if there is a parent file to copy
334
2009-03-03 19:15:37.853: debug:
335
2009-03-03 19:15:37.853: debug: parsing zone "example.net." in dir "./././example.net"
336
2009-03-03 19:15:37.853: debug: Check RFC5011 status
337
2009-03-03 19:15:37.853: debug: zone "example.net.": found revoked key with exptime of: Feb 28 2009 12:31:28
338
2009-03-03 19:15:37.853: debug: Check ZSK status
339
2009-03-03 19:15:37.853: debug: Re-signing not necessary!
340
2009-03-03 19:15:37.853: debug: Check if there is a parent file to copy
341
2009-03-03 19:15:37.853: debug:
342
2009-03-03 19:15:37.853: notice: end of run: 0 errors occured
343
2009-03-03 19:15:44.219: notice: ------------------------------------------------------------
344
2009-03-03 19:15:44.219: notice: running ../../dnssec-signer -O namedchrootdir: /var/named -v -v -N named.conf
345
2009-03-03 19:15:49.305: notice: ------------------------------------------------------------
346
2009-03-03 19:15:49.305: notice: running ../../dnssec-signer -v -v -N named.conf
347
2009-03-03 19:15:49.308: debug: parsing zone "sub.example.net." in dir "././sub.example.net"
348
2009-03-03 19:15:49.308: debug: Check RFC5011 status
349
2009-03-03 19:15:49.308: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
350
2009-03-03 19:15:49.308: debug: Check KSK status
351
2009-03-03 19:15:49.309: warning: "sub.example.net.": lifetime of key signing key 18846 exceeded since 4d19h20m21s
352
2009-03-03 19:15:49.309: debug: Check ZSK status
353
2009-03-03 19:15:49.309: debug: Re-signing not necessary!
354
2009-03-03 19:15:49.309: debug: Check if there is a parent file to copy
355
2009-03-03 19:15:49.309: debug:
356
2009-03-03 19:15:49.309: debug: parsing zone "example.net." in dir "././example.net"
357
2009-03-03 19:15:49.310: debug: Check RFC5011 status
358
2009-03-03 19:15:49.310: debug: zone "example.net.": found revoked key with exptime of: Feb 28 2009 12:31:28
359
2009-03-03 19:15:49.310: debug: Check ZSK status
360
2009-03-03 19:15:49.310: debug: Re-signing not necessary!
361
2009-03-03 19:15:49.310: debug: Check if there is a parent file to copy
362
2009-03-03 19:15:49.310: debug:
363
2009-03-03 19:15:49.310: notice: end of run: 0 errors occured
364
2009-03-04 18:07:38.441: notice: ------------------------------------------------------------
365
2009-03-04 18:07:38.441: notice: running ../../dnssec-signer -v -v -N named.conf
366
2009-03-04 18:07:38.459: debug: parsing zone "sub.example.net." in dir "././sub.example.net"
367
2009-03-04 18:07:38.459: debug: Check RFC5011 status
368
2009-03-04 18:07:38.459: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
369
2009-03-04 18:07:38.459: debug: Check KSK status
370
2009-03-04 18:07:38.459: warning: "sub.example.net.": lifetime of key signing key 18846 exceeded since 5d18h12m10s
371
2009-03-04 18:07:38.459: debug: Check ZSK status
372
2009-03-04 18:07:38.459: debug: Lifetime(390 sec) of depreciated key 4710 exceeded (82431 sec)
373
2009-03-04 18:07:38.459: info: "sub.example.net.": old ZSK 4710 removed
374
2009-03-04 18:07:38.459: debug: ->remove it
375
2009-03-04 18:07:38.459: debug: Re-signing necessary: Modfied zone key set
376
2009-03-04 18:07:38.459: notice: "sub.example.net.": re-signing triggered: Modfied zone key set
377
2009-03-04 18:07:38.459: debug: Writing key file "././sub.example.net/dnskey.db"
378
2009-03-04 18:07:38.460: debug: Signing zone "sub.example.net."
379
2009-03-04 18:07:38.460: debug: Run cmd "cd ././sub.example.net; /usr/local/sbin/dnssec-signzone -n 0 -3 33B698 -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
380
2009-03-04 18:07:38.635: debug: Cmd dnssec-signzone return: "zone.db.signed"
381
2009-03-04 18:07:38.635: debug: Signing completed after 0s.
382
2009-03-04 18:07:38.635: debug:
383
2009-03-04 18:07:38.635: debug: parsing zone "example.net." in dir "././example.net"
384
2009-03-04 18:07:38.635: debug: Check RFC5011 status
385
2009-03-04 18:07:38.635: debug: zone "example.net.": found revoked key (id=1764 exptime=Feb 28 2009 12:31:28); waiting for remove hold down time
386
2009-03-04 18:07:38.636: debug: Check ZSK status
387
2009-03-04 18:07:38.636: debug: Re-signing not necessary!
388
2009-03-04 18:07:38.636: debug: Check if there is a parent file to copy
389
2009-03-04 18:07:38.636: debug:
390
2009-03-04 18:07:38.636: notice: end of run: 0 errors occured
391
2009-03-04 18:07:54.353: notice: ------------------------------------------------------------
392
2009-03-04 18:07:54.353: notice: running ../../dnssec-signer -r -v -v -N named.conf
393
2009-03-04 18:07:54.357: debug: parsing zone "sub.example.net." in dir "././sub.example.net"
394
2009-03-04 18:07:54.357: debug: Check RFC5011 status
395
2009-03-04 18:07:54.357: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
396
2009-03-04 18:07:54.357: debug: Check KSK status
397
2009-03-04 18:07:54.357: warning: "sub.example.net.": lifetime of key signing key 18846 exceeded since 5d18h12m26s
398
2009-03-04 18:07:54.357: debug: Check ZSK status
399
2009-03-04 18:07:54.357: debug: Re-signing not necessary!
400
2009-03-04 18:07:54.357: debug: Check if there is a parent file to copy
401
2009-03-04 18:07:54.357: debug:
402
2009-03-04 18:07:54.357: debug: parsing zone "example.net." in dir "././example.net"
403
2009-03-04 18:07:54.357: debug: Check RFC5011 status
404
2009-03-04 18:07:54.357: debug: zone "example.net.": found revoked key (id=1764 exptime=Feb 28 2009 12:31:28); waiting for remove hold down time
405
2009-03-04 18:07:54.358: debug: Check ZSK status
406
2009-03-04 18:07:54.358: debug: Re-signing not necessary!
407
2009-03-04 18:07:54.358: debug: Check if there is a parent file to copy
408
2009-03-04 18:07:54.358: debug:
409
2009-03-04 18:07:54.358: notice: end of run: 0 errors occured
410
2009-03-04 18:08:25.210: notice: ------------------------------------------------------------
411
2009-03-04 18:08:25.210: notice: running ../../dnssec-signer -r -v -v -N named.conf
412
2009-03-04 18:08:25.212: debug: parsing zone "sub.example.net." in dir "././sub.example.net"
413
2009-03-04 18:08:25.212: debug: Check RFC5011 status
414
2009-03-04 18:08:25.213: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
415
2009-03-04 18:08:25.213: debug: Check KSK status
416
2009-03-04 18:08:25.213: warning: "sub.example.net.": lifetime of key signing key 18846 exceeded since 5d18h12m57s
417
2009-03-04 18:08:25.213: debug: Check ZSK status
418
2009-03-04 18:08:25.213: debug: Re-signing not necessary!
419
2009-03-04 18:08:25.213: debug: Check if there is a parent file to copy
420
2009-03-04 18:08:25.213: debug:
421
2009-03-04 18:08:25.214: debug: parsing zone "example.net." in dir "././example.net"
422
2009-03-04 18:08:25.214: debug: Check RFC5011 status
423
2009-03-04 18:08:25.214: debug: zone "example.net.": found revoked key (id=1764 exptime=Feb 28 2009 12:31:28); waiting for remove hold down time
424
2009-03-04 18:08:25.214: debug: Check ZSK status
425
2009-03-04 18:08:25.214: debug: Re-signing not necessary!
426
2009-03-04 18:08:25.214: debug: Check if there is a parent file to copy
427
2009-03-04 18:08:25.214: debug:
428
2009-03-04 18:08:25.216: notice: end of run: 0 errors occured
429
2009-03-04 18:08:32.379: notice: ------------------------------------------------------------
430
2009-03-04 18:08:32.379: notice: running ../../dnssec-signer -f -v -v -N named.conf
431
2009-03-04 18:08:32.381: debug: parsing zone "sub.example.net." in dir "././sub.example.net"
432
2009-03-04 18:08:32.381: debug: Check RFC5011 status
433
2009-03-04 18:08:32.381: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
434
2009-03-04 18:08:32.381: debug: Check KSK status
435
2009-03-04 18:08:32.381: warning: "sub.example.net.": lifetime of key signing key 18846 exceeded since 5d18h13m4s
436
2009-03-04 18:08:32.381: debug: Check ZSK status
437
2009-03-04 18:08:32.381: debug: Re-signing necessary: Option -f
438
2009-03-04 18:08:32.381: notice: "sub.example.net.": re-signing triggered: Option -f
439
2009-03-04 18:08:32.381: debug: Writing key file "././sub.example.net/dnskey.db"
440
2009-03-04 18:08:32.382: debug: Signing zone "sub.example.net."
441
2009-03-04 18:08:32.382: debug: Run cmd "cd ././sub.example.net; /usr/local/sbin/dnssec-signzone -n 2 -3 A0BEB8 -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
442
2009-03-04 18:08:32.896: debug: Cmd dnssec-signzone return: "zone.db.signed"
443
2009-03-04 18:08:32.896: debug: Signing completed after 0s.
444
2009-03-04 18:08:32.896: debug:
445
2009-03-04 18:08:32.896: debug: parsing zone "example.net." in dir "././example.net"
446
2009-03-04 18:08:32.896: debug: Check RFC5011 status
447
2009-03-04 18:08:32.896: debug: zone "example.net.": found revoked key (id=1764 exptime=Feb 28 2009 12:31:28); waiting for remove hold down time
448
2009-03-04 18:08:32.896: debug: Check ZSK status
449
2009-03-04 18:08:32.896: debug: Re-signing necessary: Option -f
450
2009-03-04 18:08:32.896: notice: "example.net.": re-signing triggered: Option -f
451
2009-03-04 18:08:32.896: debug: Writing key file "././example.net/dnskey.db"
452
2009-03-04 18:08:32.897: debug: Incrementing serial number in file "././example.net/zone.db"
453
2009-03-04 18:08:32.897: debug: Signing zone "example.net."
454
2009-03-04 18:08:32.897: debug: Run cmd "cd ././example.net; /usr/local/sbin/dnssec-signzone -n 2 -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
455
2009-03-04 18:08:33.042: debug: Cmd dnssec-signzone return: "zone.db.signed"
456
2009-03-04 18:08:33.042: debug: Signing completed after 1s.
457
2009-03-04 18:08:33.042: debug:
458
2009-03-04 18:08:33.043: notice: end of run: 0 errors occured
459
2009-03-04 18:08:46.381: notice: ------------------------------------------------------------
460
2009-03-04 18:08:46.381: notice: running ../../dnssec-signer -f -v -v -N named.conf
461
2009-03-04 18:08:46.385: debug: parsing zone "sub.example.net." in dir "././sub.example.net"
462
2009-03-04 18:08:46.385: debug: Check RFC5011 status
463
2009-03-04 18:08:46.385: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
464
2009-03-04 18:08:46.385: debug: Check KSK status
465
2009-03-04 18:08:46.385: warning: "sub.example.net.": lifetime of key signing key 18846 exceeded since 5d18h13m18s
466
2009-03-04 18:08:46.385: debug: Check ZSK status
467
2009-03-04 18:08:46.385: debug: Re-signing necessary: Option -f
468
2009-03-04 18:08:46.385: notice: "sub.example.net.": re-signing triggered: Option -f
469
2009-03-04 18:08:46.385: debug: Writing key file "././sub.example.net/dnskey.db"
470
2009-03-04 18:08:46.386: debug: Signing zone "sub.example.net."
471
2009-03-04 18:08:46.386: debug: Run cmd "cd ././sub.example.net; /usr/local/sbin/dnssec-signzone -n 0 -3 1864E1 -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
472
2009-03-04 18:08:46.990: debug: Cmd dnssec-signzone return: "zone.db.signed"
473
2009-03-04 18:08:46.991: debug: Signing completed after 0s.
474
2009-03-04 18:08:46.991: debug:
475
2009-03-04 18:08:46.991: debug: parsing zone "example.net." in dir "././example.net"
476
2009-03-04 18:08:46.991: debug: Check RFC5011 status
477
2009-03-04 18:08:46.991: debug: zone "example.net.": found revoked key (id=1764 exptime=Feb 28 2009 12:31:28); waiting for remove hold down time
478
2009-03-04 18:08:46.991: debug: Check ZSK status
479
2009-03-04 18:08:46.991: debug: Re-signing necessary: Option -f
480
2009-03-04 18:08:46.991: notice: "example.net.": re-signing triggered: Option -f
481
2009-03-04 18:08:46.991: debug: Writing key file "././example.net/dnskey.db"
482
2009-03-04 18:08:46.992: debug: Incrementing serial number in file "././example.net/zone.db"
483
2009-03-04 18:08:46.992: debug: Signing zone "example.net."
484
2009-03-04 18:08:46.993: debug: Run cmd "cd ././example.net; /usr/local/sbin/dnssec-signzone -n 0 -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
485
2009-03-04 18:08:47.149: debug: Cmd dnssec-signzone return: "zone.db.signed"
486
2009-03-04 18:08:47.149: debug: Signing completed after 1s.
487
2009-03-04 18:08:47.149: debug:
488
2009-03-04 18:08:47.149: notice: end of run: 0 errors occured
489
2009-03-04 18:08:59.141: notice: ------------------------------------------------------------
490
2009-03-04 18:08:59.141: notice: running ../../dnssec-signer -f -v -v -N named.conf
491
2009-03-04 18:08:59.145: debug: parsing zone "sub.example.net." in dir "././sub.example.net"
492
2009-03-04 18:08:59.145: debug: Check RFC5011 status
493
2009-03-04 18:08:59.145: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
494
2009-03-04 18:08:59.145: debug: Check KSK status
495
2009-03-04 18:08:59.145: warning: "sub.example.net.": lifetime of key signing key 18846 exceeded since 5d18h13m31s
496
2009-03-04 18:08:59.145: debug: Check ZSK status
497
2009-03-04 18:08:59.145: debug: Re-signing necessary: Option -f
498
2009-03-04 18:08:59.146: notice: "sub.example.net.": re-signing triggered: Option -f
499
2009-03-04 18:08:59.146: debug: Writing key file "././sub.example.net/dnskey.db"
500
2009-03-04 18:08:59.146: debug: Signing zone "sub.example.net."
501
2009-03-04 18:08:59.146: debug: Run cmd "cd ././sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -3 945691 -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
502
2009-03-04 18:09:00.082: debug: Cmd dnssec-signzone return: "zone.db.signed"
503
2009-03-04 18:09:00.082: debug: Signing completed after 1s.
504
2009-03-04 18:09:00.082: debug:
505
2009-03-04 18:09:00.083: debug: parsing zone "example.net." in dir "././example.net"
506
2009-03-04 18:09:00.083: debug: Check RFC5011 status
507
2009-03-04 18:09:00.083: debug: zone "example.net.": found revoked key (id=1764 exptime=Feb 28 2009 12:31:28); waiting for remove hold down time
508
2009-03-04 18:09:00.083: debug: Check ZSK status
509
2009-03-04 18:09:00.083: debug: Re-signing necessary: Option -f
510
2009-03-04 18:09:00.083: notice: "example.net.": re-signing triggered: Option -f
511
2009-03-04 18:09:00.083: debug: Writing key file "././example.net/dnskey.db"
512
2009-03-04 18:09:00.084: debug: Incrementing serial number in file "././example.net/zone.db"
513
2009-03-04 18:09:00.084: debug: Signing zone "example.net."
514
2009-03-04 18:09:00.084: debug: Run cmd "cd ././example.net; /usr/local/sbin/dnssec-signzone -n 1 -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
515
2009-03-04 18:09:00.238: debug: Cmd dnssec-signzone return: "zone.db.signed"
516
2009-03-04 18:09:00.238: debug: Signing completed after 0s.
517
2009-03-04 18:09:00.238: debug:
518
2009-03-04 18:09:00.238: notice: end of run: 0 errors occured
519
2009-06-15 09:58:41.205: notice: ------------------------------------------------------------
520
2009-06-15 09:58:41.205: notice: running ../../dnssec-signer -v -v
521
2009-06-15 09:58:41.226: debug: parsing zone "sub.example.net." in dir "./sub.example.net"
522
2009-06-15 09:58:41.226: debug: Check RFC5011 status
523
2009-06-15 09:58:41.226: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
524
2009-06-15 09:58:41.226: debug: Check KSK status
525
2009-06-15 09:58:41.227: warning: "sub.example.net.": lifetime of key signing key 18846 exceeded since 15w3d9h3m13s
526
2009-06-15 09:58:41.227: debug: Check ZSK status
527
2009-06-15 09:58:41.227: debug: Lifetime(259200 +/-150 sec) of active key 32820 exceeded (8948694 sec)
528
2009-06-15 09:58:41.227: debug: ->depreciate it
529
2009-06-15 09:58:41.227: debug: ->activate published key 49656
530
2009-06-15 09:58:41.227: notice: "sub.example.net.": lifetime of zone signing key 32820 exceeded: ZSK rollover done
531
2009-06-15 09:58:41.227: debug: New key for publishing needed
532
2009-06-15 09:58:41.346: debug: ->creating new key 37135
533
2009-06-15 09:58:41.346: info: "sub.example.net.": new key 37135 generated for publishing
534
2009-06-15 09:58:41.346: debug: Re-signing necessary: Modfied zone key set
535
2009-06-15 09:58:41.346: notice: "sub.example.net.": re-signing triggered: Modfied zone key set
536
2009-06-15 09:58:41.346: debug: Writing key file "./sub.example.net/dnskey.db"
537
2009-06-15 09:58:41.346: debug: Signing zone "sub.example.net."
538
2009-06-15 09:58:41.346: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -3 11D7FD -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
539
2009-06-15 09:58:41.399: debug: Cmd dnssec-signzone return: "zone.db.signed"
540
2009-06-15 09:58:41.399: debug: Signing completed after 0s.
541
2009-06-15 09:58:41.399: debug:
542
2009-06-15 09:58:41.399: debug: parsing zone "example.net." in dir "./example.net"
543
2009-06-15 09:58:41.399: debug: Check RFC5011 status
544
2009-06-15 09:58:41.399: debug: zone "example.net.": found revoked key (id=1764 exptime=Feb 28 2009 12:31:28); waiting for remove hold down time
545
2009-06-15 09:58:41.399: debug: Remove revoked key 1764 which is older than 30 days
546
2009-06-15 09:58:41.400: notice: zone "example.net.": removing revoked key 1764
547
2009-06-15 09:58:41.400: debug: Check ZSK status
548
2009-06-15 09:58:41.400: debug: Lifetime(7776000 +/-150 sec) of active key 4157 exceeded (14547793 sec)
549
2009-06-15 09:58:41.400: debug: ->waiting for published key
550
2009-06-15 09:58:41.400: notice: "example.net.": lifetime of zone signing key 4157 exceeded since 11w1d9h3m13s: ZSK rollover deferred: waiting for published key
551
2009-06-15 09:58:41.400: debug: New key for publishing needed
552
2009-06-15 09:58:41.499: debug: ->creating new key 34925
553
2009-06-15 09:58:41.499: info: "example.net.": new key 34925 generated for publishing
554
2009-06-15 09:58:41.499: debug: Re-signing necessary: Modfied zone key set
555
2009-06-15 09:58:41.499: notice: "example.net.": re-signing triggered: Modfied zone key set
556
2009-06-15 09:58:41.499: debug: Writing key file "./example.net/dnskey.db"
557
2009-06-15 09:58:41.499: debug: Incrementing serial number in file "./example.net/zone.db"
558
2009-06-15 09:58:41.499: debug: Signing zone "example.net."
559
2009-06-15 09:58:41.499: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
560
2009-06-15 09:58:41.543: debug: Cmd dnssec-signzone return: "zone.db.signed"
561
2009-06-15 09:58:41.543: debug: Signing completed after 0s.
562
2009-06-15 09:58:41.543: debug:
563
2009-06-15 09:58:41.543: notice: end of run: 0 errors occured
564
2009-06-17 16:36:16.761: notice: ------------------------------------------------------------
565
2009-06-17 16:36:16.761: notice: running ../../dnssec-signer -v -v
566
2009-06-17 16:36:16.792: debug: parsing zone "sub.example.net." in dir "./sub.example.net"
567
2009-06-17 16:36:16.792: debug: Check RFC5011 status
568
2009-06-17 16:36:16.792: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
569
2009-06-17 16:36:16.792: debug: Check KSK status
570
2009-06-17 16:36:16.792: warning: "sub.example.net.": lifetime of key signing key 18846 exceeded since 15w5d15h40m48s
571
2009-06-17 16:36:16.792: debug: Check ZSK status
572
2009-06-17 16:36:16.792: debug: Lifetime(390 sec) of depreciated key 32820 exceeded (196655 sec)
573
2009-06-17 16:36:16.792: info: "sub.example.net.": old ZSK 32820 removed
574
2009-06-17 16:36:16.792: debug: ->remove it
575
2009-06-17 16:36:16.792: debug: Re-signing necessary: Modfied zone key set
576
2009-06-17 16:36:16.792: notice: "sub.example.net.": re-signing triggered: Modfied zone key set
577
2009-06-17 16:36:16.792: debug: Writing key file "./sub.example.net/dnskey.db"
578
2009-06-17 16:36:16.793: debug: Signing zone "sub.example.net."
579
2009-06-17 16:36:16.793: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -3 4214E6 -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
580
2009-06-17 16:36:16.984: debug: Cmd dnssec-signzone return: "zone.db.signed"
581
2009-06-17 16:36:16.984: debug: Signing completed after 0s.
582
2009-06-17 16:36:16.984: debug:
583
2009-06-17 16:36:16.984: debug: parsing zone "example.net." in dir "./example.net"
584
2009-06-17 16:36:16.984: debug: Check RFC5011 status
585
2009-06-17 16:36:16.984: debug: Check ZSK status
586
2009-06-17 16:36:16.984: debug: Lifetime(7776000 +/-150 sec) of active key 4157 exceeded (14744448 sec)
587
2009-06-17 16:36:16.984: debug: ->depreciate it
588
2009-06-17 16:36:16.984: debug: ->activate published key 34925
589
2009-06-17 16:36:16.984: notice: "example.net.": lifetime of zone signing key 4157 exceeded: ZSK rollover done
590
2009-06-17 16:36:16.984: debug: Re-signing necessary: Modfied zone key set
591
2009-06-17 16:36:16.984: notice: "example.net.": re-signing triggered: Modfied zone key set
592
2009-06-17 16:36:16.984: debug: Writing key file "./example.net/dnskey.db"
593
2009-06-17 16:36:16.985: debug: Incrementing serial number in file "./example.net/zone.db"
594
2009-06-17 16:36:16.985: debug: Signing zone "example.net."
595
2009-06-17 16:36:16.985: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
596
2009-06-17 16:36:17.102: debug: Cmd dnssec-signzone return: "zone.db.signed"
597
2009-06-17 16:36:17.102: debug: Signing completed after 1s.
598
2009-06-17 16:36:17.102: debug:
599
2009-06-17 16:36:17.102: notice: end of run: 0 errors occured
600
2009-06-24 16:33:27.617: notice: ------------------------------------------------------------
601
2009-06-24 16:33:27.617: notice: running ../../dnssec-signer -v -v
602
2009-06-24 16:33:27.619: debug: parsing zone "sub.example.net." in dir "./sub.example.net"
603
2009-06-24 16:33:27.619: debug: Check RFC5011 status
604
2009-06-24 16:33:27.620: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
605
2009-06-24 16:33:27.620: debug: Check KSK status
606
2009-06-24 16:33:27.620: warning: "sub.example.net.": lifetime of key signing key 18846 exceeded since 16w5d15h37m59s
607
2009-06-24 16:33:27.620: debug: Check ZSK status
608
2009-06-24 16:33:27.620: debug: Lifetime(259200 +/-150 sec) of active key 49656 exceeded (801286 sec)
609
2009-06-24 16:33:27.620: debug: ->depreciate it
610
2009-06-24 16:33:27.620: debug: ->activate published key 37135
611
2009-06-24 16:33:27.620: notice: "sub.example.net.": lifetime of zone signing key 49656 exceeded: ZSK rollover done
612
2009-06-24 16:33:27.620: debug: New key for publishing needed
613
2009-06-24 16:33:27.751: debug: ->creating new key 25272
614
2009-06-24 16:33:27.751: info: "sub.example.net.": new key 25272 generated for publishing
615
2009-06-24 16:33:27.751: debug: Re-signing necessary: Modfied zone key set
616
2009-06-24 16:33:27.751: notice: "sub.example.net.": re-signing triggered: Modfied zone key set
617
2009-06-24 16:33:27.751: debug: Writing key file "./sub.example.net/dnskey.db"
618
2009-06-24 16:33:27.751: debug: Signing zone "sub.example.net."
619
2009-06-24 16:33:27.751: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -3 50C9C8 -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
620
2009-06-24 16:33:27.859: error: "sub.example.net.": signing failed!
621
2009-06-24 16:33:27.859: debug: Signing completed after 0s.
622
2009-06-24 16:33:27.859: debug:
623
2009-06-24 16:33:27.859: debug: parsing zone "example.net." in dir "./example.net"
624
2009-06-24 16:33:27.859: debug: Check RFC5011 status
625
2009-06-24 16:33:27.859: debug: Check ZSK status
626
2009-06-24 16:33:27.859: debug: Lifetime(29100 sec) of depreciated key 4157 exceeded (604631 sec)
627
2009-06-24 16:33:27.859: info: "example.net.": old ZSK 4157 removed
628
2009-06-24 16:33:27.860: debug: ->remove it
629
2009-06-24 16:33:27.860: debug: Re-signing necessary: Modfied zone key set
630
2009-06-24 16:33:27.860: notice: "example.net.": re-signing triggered: Modfied zone key set
631
2009-06-24 16:33:27.860: debug: Writing key file "./example.net/dnskey.db"
632
2009-06-24 16:33:27.860: debug: Incrementing serial number in file "./example.net/zone.db"
633
2009-06-24 16:33:27.860: debug: Signing zone "example.net."
634
2009-06-24 16:33:27.860: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
635
2009-06-24 16:33:27.966: debug: Cmd dnssec-signzone return: "zone.db.signed"
636
2009-06-24 16:33:27.966: debug: Signing completed after 0s.
637
2009-06-24 16:33:27.966: debug:
638
2009-06-24 16:33:27.966: notice: end of run: 1 error occured
639
2009-06-24 16:42:06.709: notice: ------------------------------------------------------------
640
2009-06-24 16:42:06.709: notice: running ../../dnssec-signer -v -v
641
2009-06-24 16:42:06.711: debug: parsing zone "sub.example.net." in dir "./sub.example.net"
642
2009-06-24 16:42:06.711: debug: Check RFC5011 status
643
2009-06-24 16:42:06.711: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
644
2009-06-24 16:42:06.711: debug: Check KSK status
645
2009-06-24 16:42:06.711: debug: No active KSK found: generate new one
646
2009-06-24 16:42:06.855: info: "sub.example.net.": generated new KSK 48516
647
2009-06-24 16:42:06.855: debug: Check ZSK status
648
2009-06-24 16:42:06.855: debug: No active ZSK found: generate new one
649
2009-06-24 16:42:06.883: info: "sub.example.net.": generated new ZSK 33383
650
2009-06-24 16:42:06.883: debug: Re-signing necessary: Modfied zone key set
651
2009-06-24 16:42:06.883: notice: "sub.example.net.": re-signing triggered: Modfied zone key set
652
2009-06-24 16:42:06.883: debug: Writing key file "./sub.example.net/dnskey.db"
653
2009-06-24 16:42:06.883: debug: Signing zone "sub.example.net."
654
2009-06-24 16:42:06.883: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
655
2009-06-24 16:42:06.905: error: "sub.example.net.": signing failed!
656
2009-06-24 16:42:06.905: debug: Signing completed after 0s.
657
2009-06-24 16:42:06.905: debug:
658
2009-06-24 16:42:06.905: debug: parsing zone "example.net." in dir "./example.net"
659
2009-06-24 16:42:06.905: debug: Check RFC5011 status
660
2009-06-24 16:42:06.905: debug: Check ZSK status
661
2009-06-24 16:42:06.905: debug: Re-signing not necessary!
662
2009-06-24 16:42:06.905: debug: Check if there is a parent file to copy
663
2009-06-24 16:42:06.905: debug:
664
2009-06-24 16:42:06.905: notice: end of run: 1 error occured
665
2009-06-24 16:42:31.402: notice: ------------------------------------------------------------
666
2009-06-24 16:42:31.402: notice: running ../../dnssec-signer -v -v
667
2009-06-24 16:42:31.404: debug: parsing zone "sub.example.net." in dir "./sub.example.net"
668
2009-06-24 16:42:31.404: debug: Check RFC5011 status
669
2009-06-24 16:42:31.404: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
670
2009-06-24 16:42:31.404: debug: Check KSK status
671
2009-06-24 16:42:31.404: debug: Check ZSK status
672
2009-06-24 16:42:31.404: debug: Re-signing necessary: Modified keys
673
2009-06-24 16:42:31.405: notice: "sub.example.net.": re-signing triggered: Modified keys
674
2009-06-24 16:42:31.405: debug: Writing key file "./sub.example.net/dnskey.db"
675
2009-06-24 16:42:31.405: debug: Signing zone "sub.example.net."
676
2009-06-24 16:42:31.405: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
677
2009-06-24 16:42:31.449: error: "sub.example.net.": signing failed!
678
2009-06-24 16:42:31.450: debug: Signing completed after 0s.
679
2009-06-24 16:42:31.450: debug:
680
2009-06-24 16:42:31.450: debug: parsing zone "example.net." in dir "./example.net"
681
2009-06-24 16:42:31.450: debug: Check RFC5011 status
682
2009-06-24 16:42:31.450: debug: Check ZSK status
683
2009-06-24 16:42:31.450: debug: Re-signing not necessary!
684
2009-06-24 16:42:31.450: debug: Check if there is a parent file to copy
685
2009-06-24 16:42:31.450: debug:
686
2009-06-24 16:42:31.450: notice: end of run: 1 error occured
687
2009-06-24 16:42:48.193: notice: ------------------------------------------------------------
688
2009-06-24 16:42:48.193: notice: running ../../dnssec-signer -v -v
689
2009-06-24 16:42:48.195: debug: parsing zone "sub.example.net." in dir "./sub.example.net"
690
2009-06-24 16:42:48.195: debug: Check RFC5011 status
691
2009-06-24 16:42:48.195: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
692
2009-06-24 16:42:48.195: debug: Check KSK status
693
2009-06-24 16:42:48.195: debug: Check ZSK status
694
2009-06-24 16:42:48.195: debug: Re-signing necessary: Modified keys
695
2009-06-24 16:42:48.195: notice: "sub.example.net.": re-signing triggered: Modified keys
696
2009-06-24 16:42:48.195: debug: Writing key file "./sub.example.net/dnskey.db"
697
2009-06-24 16:42:48.195: debug: Signing zone "sub.example.net."
698
2009-06-24 16:42:48.195: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -3 F46ADF -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
699
2009-06-24 16:42:48.212: error: "sub.example.net.": signing failed!
700
2009-06-24 16:42:48.212: debug: Signing completed after 0s.
701
2009-06-24 16:42:48.212: debug:
702
2009-06-24 16:42:48.212: debug: parsing zone "example.net." in dir "./example.net"
703
2009-06-24 16:42:48.212: debug: Check RFC5011 status
704
2009-06-24 16:42:48.212: debug: Check ZSK status
705
2009-06-24 16:42:48.212: debug: Re-signing not necessary!
706
2009-06-24 16:42:48.212: debug: Check if there is a parent file to copy
707
2009-06-24 16:42:48.212: debug:
708
2009-06-24 16:42:48.212: notice: end of run: 1 error occured
709
2009-06-24 16:44:22.959: notice: ------------------------------------------------------------
710
2009-06-24 16:44:22.959: notice: running ../../dnssec-signer -v -v
711
2009-06-24 16:44:22.961: debug: parsing zone "sub.example.net." in dir "./sub.example.net"
712
2009-06-24 16:44:22.961: debug: Check RFC5011 status
713
2009-06-24 16:44:22.961: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
714
2009-06-24 16:44:22.961: debug: Check KSK status
715
2009-06-24 16:44:22.961: debug: Check ZSK status
716
2009-06-24 16:44:22.961: debug: No active ZSK found: generate new one
717
2009-06-24 16:44:23.008: info: "sub.example.net.": generated new ZSK 14600
718
2009-06-24 16:44:23.008: debug: Re-signing necessary: Modfied zone key set
719
2009-06-24 16:44:23.008: notice: "sub.example.net.": re-signing triggered: Modfied zone key set
720
2009-06-24 16:44:23.009: debug: Writing key file "./sub.example.net/dnskey.db"
721
2009-06-24 16:44:23.009: debug: Signing zone "sub.example.net."
722
2009-06-24 16:44:23.009: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -3 86BF2F -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
723
2009-06-24 16:44:23.040: debug: Cmd dnssec-signzone return: "zone.db.signed"
724
2009-06-24 16:44:23.040: debug: Signing completed after 0s.
725
2009-06-24 16:44:23.040: debug:
726
2009-06-24 16:44:23.040: debug: parsing zone "example.net." in dir "./example.net"
727
2009-06-24 16:44:23.040: debug: Check RFC5011 status
728
2009-06-24 16:44:23.040: debug: Check ZSK status
729
2009-06-24 16:44:23.040: debug: Re-signing not necessary!
730
2009-06-24 16:44:23.040: debug: Check if there is a parent file to copy
731
2009-06-24 16:44:23.040: debug:
732
2009-06-24 16:44:23.040: notice: end of run: 0 errors occured
733
2009-06-24 16:50:36.189: notice: ------------------------------------------------------------
734
2009-06-24 16:50:36.189: notice: running ../../dnssec-signer -v -v
735
2009-06-24 16:50:36.191: debug: parsing zone "sub.example.net." in dir "./sub.example.net"
736
2009-06-24 16:50:36.191: debug: Check RFC5011 status
737
2009-06-24 16:50:36.191: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
738
2009-06-24 16:50:36.191: debug: Check KSK status
739
2009-06-24 16:50:36.192: debug: Check ZSK status
740
2009-06-24 16:50:36.192: debug: Re-signing not necessary!
741
2009-06-24 16:50:36.192: debug: Check if there is a parent file to copy
742
2009-06-24 16:50:36.192: debug:
743
2009-06-24 16:50:36.192: debug: parsing zone "example.net." in dir "./example.net"
744
2009-06-24 16:50:36.192: debug: Check RFC5011 status
745
2009-06-24 16:50:36.192: debug: Check ZSK status
746
2009-06-24 16:50:36.193: debug: Re-signing not necessary!
747
2009-06-24 16:50:36.193: debug: Check if there is a parent file to copy
748
2009-06-24 16:50:36.193: debug:
749
2009-06-24 16:50:36.193: notice: end of run: 0 errors occured
750
2009-06-24 16:50:42.877: notice: ------------------------------------------------------------
751
2009-06-24 16:50:42.877: notice: running ../../dnssec-signer -v -v -f
752
2009-06-24 16:50:42.879: debug: parsing zone "sub.example.net." in dir "./sub.example.net"
753
2009-06-24 16:50:42.879: debug: Check RFC5011 status
754
2009-06-24 16:50:42.879: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
755
2009-06-24 16:50:42.879: debug: Check KSK status
756
2009-06-24 16:50:42.879: debug: Check ZSK status
757
2009-06-24 16:50:42.879: debug: Re-signing necessary: Option -f
758
2009-06-24 16:50:42.879: notice: "sub.example.net.": re-signing triggered: Option -f
759
2009-06-24 16:50:42.879: debug: Writing key file "./sub.example.net/dnskey.db"
760
2009-06-24 16:50:42.879: debug: Signing zone "sub.example.net."
761
2009-06-24 16:50:42.879: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -3 FB37DB -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
762
2009-06-24 16:50:42.932: debug: Cmd dnssec-signzone return: "zone.db.signed"
763
2009-06-24 16:50:42.932: debug: Signing completed after 0s.
764
2009-06-24 16:50:42.932: debug:
765
2009-06-24 16:50:42.932: debug: parsing zone "example.net." in dir "./example.net"
766
2009-06-24 16:50:42.932: debug: Check RFC5011 status
767
2009-06-24 16:50:42.932: debug: Check ZSK status
768
2009-06-24 16:50:42.932: debug: Re-signing necessary: Option -f
769
2009-06-24 16:50:42.932: notice: "example.net.": re-signing triggered: Option -f
770
2009-06-24 16:50:42.932: debug: Writing key file "./example.net/dnskey.db"
771
2009-06-24 16:50:42.933: debug: Incrementing serial number in file "./example.net/zone.db"
772
2009-06-24 16:50:42.933: debug: Signing zone "example.net."
773
2009-06-24 16:50:42.933: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
774
2009-06-24 16:50:42.978: debug: Cmd dnssec-signzone return: "zone.db.signed"
775
2009-06-24 16:50:42.978: debug: Signing completed after 0s.
776
2009-06-24 16:50:42.978: debug:
777
2009-06-24 16:50:42.979: notice: end of run: 0 errors occured
778
2009-06-24 16:50:51.923: notice: ------------------------------------------------------------
779
2009-06-24 16:50:51.923: notice: running ../../dnssec-signer -v -v -f
780
2009-06-24 16:50:51.924: debug: parsing zone "sub.example.net." in dir "./sub.example.net"
781
2009-06-24 16:50:51.924: debug: Check RFC5011 status
782
2009-06-24 16:50:51.924: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
783
2009-06-24 16:50:51.924: debug: Check KSK status
784
2009-06-24 16:50:51.924: debug: Check ZSK status
785
2009-06-24 16:50:51.925: debug: Re-signing necessary: Option -f
786
2009-06-24 16:50:51.925: notice: "sub.example.net.": re-signing triggered: Option -f
787
2009-06-24 16:50:51.925: debug: Writing key file "./sub.example.net/dnskey.db"
788
2009-06-24 16:50:51.925: debug: Signing zone "sub.example.net."
789
2009-06-24 16:50:51.925: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -3 E830EA -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
790
2009-06-24 16:50:51.972: debug: Cmd dnssec-signzone return: "zone.db.signed"
791
2009-06-24 16:50:51.973: debug: Signing completed after 0s.
792
2009-06-24 16:50:51.973: debug:
793
2009-06-24 16:50:51.973: debug: parsing zone "example.net." in dir "./example.net"
794
2009-06-24 16:50:51.973: debug: Check RFC5011 status
795
2009-06-24 16:50:51.973: debug: Check ZSK status
796
2009-06-24 16:50:51.973: debug: Re-signing necessary: Option -f
797
2009-06-24 16:50:51.973: notice: "example.net.": re-signing triggered: Option -f
798
2009-06-24 16:50:51.973: debug: Writing key file "./example.net/dnskey.db"
799
2009-06-24 16:50:51.973: debug: Incrementing serial number in file "./example.net/zone.db"
800
2009-06-24 16:50:51.973: debug: Signing zone "example.net."
801
2009-06-24 16:50:51.973: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
802
2009-06-24 16:50:52.017: debug: Cmd dnssec-signzone return: "zone.db.signed"
803
2009-06-24 16:50:52.017: debug: Signing completed after 1s.
804
2009-06-24 16:50:52.017: debug:
805
2009-06-24 16:50:52.017: notice: end of run: 0 errors occured
806
2009-06-24 16:51:19.914: notice: ------------------------------------------------------------
807
2009-06-24 16:51:19.914: notice: running ../../dnssec-signer -v -v -f
808
2009-06-24 16:51:19.916: debug: parsing zone "sub.example.net." in dir "./sub.example.net"
809
2009-06-24 16:51:19.916: debug: Check RFC5011 status
810
2009-06-24 16:51:19.916: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
811
2009-06-24 16:51:19.916: debug: Check KSK status
812
2009-06-24 16:51:19.916: debug: Check ZSK status
813
2009-06-24 16:51:19.916: debug: Re-signing necessary: Option -f
814
2009-06-24 16:51:19.916: notice: "sub.example.net.": re-signing triggered: Option -f
815
2009-06-24 16:51:19.916: debug: Writing key file "./sub.example.net/dnskey.db"
816
2009-06-24 16:51:19.917: debug: Signing zone "sub.example.net."
817
2009-06-24 16:51:19.917: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -3 8DBC26 -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private"
818
2009-06-24 16:51:19.969: debug: Cmd dnssec-signzone return: "zone.db.signed"
819
2009-06-24 16:51:19.969: debug: Signing completed after 0s.
820
2009-06-24 16:51:19.969: debug:
821
2009-06-24 16:51:19.969: debug: parsing zone "example.net." in dir "./example.net"
822
2009-06-24 16:51:19.969: debug: Check RFC5011 status
823
2009-06-24 16:51:19.969: debug: Check ZSK status
824
2009-06-24 16:51:19.969: debug: Re-signing necessary: Option -f
825
2009-06-24 16:51:19.969: notice: "example.net.": re-signing triggered: Option -f
826
2009-06-24 16:51:19.969: debug: Writing key file "./example.net/dnskey.db"
827
2009-06-24 16:51:19.969: debug: Incrementing serial number in file "./example.net/zone.db"
828
2009-06-24 16:51:19.969: debug: Signing zone "example.net."
829
2009-06-24 16:51:19.969: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private"
830
2009-06-24 16:51:20.018: debug: Cmd dnssec-signzone return: "zone.db.signed"
831
2009-06-24 16:51:20.018: debug: Signing completed after 1s.
832
2009-06-24 16:51:20.018: debug:
833
2009-06-24 16:51:20.018: notice: end of run: 0 errors occured
834
2009-06-24 16:55:38.094: notice: ------------------------------------------------------------
835
2009-06-24 16:55:38.094: notice: running ../../dnssec-signer -v -v -f
836
2009-06-24 16:55:38.096: debug: parsing zone "sub.example.net." in dir "./sub.example.net"
837
2009-06-24 16:55:38.096: debug: Check RFC5011 status
838
2009-06-24 16:55:38.096: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
839
2009-06-24 16:55:38.096: debug: Check KSK status
840
2009-06-24 16:55:38.096: debug: Check ZSK status
841
2009-06-24 16:55:38.096: debug: Re-signing necessary: Option -f
842
2009-06-24 16:55:38.096: notice: "sub.example.net.": re-signing triggered: Option -f
843
2009-06-24 16:55:38.096: debug: Writing key file "./sub.example.net/dnskey.db"
844
2009-06-24 16:55:38.097: debug: Signing zone "sub.example.net."
845
2009-06-24 16:55:38.097: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -3 69AB8E -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private 2>&1"
846
2009-06-24 16:55:38.144: debug: Cmd dnssec-signzone return: "Verifying the zone using the following algorithms: NSEC3RSASHA1."
847
2009-06-24 16:55:38.144: debug: Signing completed after 0s.
848
2009-06-24 16:55:38.144: debug:
849
2009-06-24 16:55:38.144: debug: parsing zone "example.net." in dir "./example.net"
850
2009-06-24 16:55:38.144: debug: Check RFC5011 status
851
2009-06-24 16:55:38.144: debug: Check ZSK status
852
2009-06-24 16:55:38.144: debug: Re-signing necessary: Option -f
853
2009-06-24 16:55:38.144: notice: "example.net.": re-signing triggered: Option -f
854
2009-06-24 16:55:38.144: debug: Writing key file "./example.net/dnskey.db"
855
2009-06-24 16:55:38.144: debug: Incrementing serial number in file "./example.net/zone.db"
856
2009-06-24 16:55:38.144: debug: Signing zone "example.net."
857
2009-06-24 16:55:38.144: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
858
2009-06-24 16:55:38.182: debug: Cmd dnssec-signzone return: "Verifying the zone using the following algorithms: RSASHA1."
859
2009-06-24 16:55:38.182: debug: Signing completed after 0s.
860
2009-06-24 16:55:38.182: debug:
861
2009-06-24 16:55:38.182: notice: end of run: 0 errors occured
862
2009-06-24 17:12:06.145: notice: ------------------------------------------------------------
863
2009-06-24 17:12:06.145: notice: running ../../dnssec-signer -v -v -f
864
2009-06-24 17:12:06.147: debug: parsing zone "sub.example.net." in dir "./sub.example.net"
865
2009-06-24 17:12:06.147: debug: Check RFC5011 status
866
2009-06-24 17:12:06.147: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
867
2009-06-24 17:12:06.147: debug: Check KSK status
868
2009-06-24 17:12:06.147: debug: Check ZSK status
869
2009-06-24 17:12:06.147: debug: Re-signing necessary: Option -f
870
2009-06-24 17:12:06.147: notice: "sub.example.net.": re-signing triggered: Option -f
871
2009-06-24 17:12:06.147: debug: Writing key file "./sub.example.net/dnskey.db"
872
2009-06-24 17:12:06.147: debug: Signing zone "sub.example.net."
873
2009-06-24 17:12:06.147: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -3 589BFC -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private 2>&1"
874
2009-06-24 17:12:06.204: debug: Cmd dnssec-signzone return: "zone.db.signed"
875
2009-06-24 17:12:06.204: debug: Signing completed after 0s.
876
2009-06-24 17:12:06.204: debug:
877
2009-06-24 17:12:06.204: debug: parsing zone "example.net." in dir "./example.net"
878
2009-06-24 17:12:06.204: debug: Check RFC5011 status
879
2009-06-24 17:12:06.204: debug: Check ZSK status
880
2009-06-24 17:12:06.204: debug: Re-signing necessary: Option -f
881
2009-06-24 17:12:06.205: notice: "example.net.": re-signing triggered: Option -f
882
2009-06-24 17:12:06.205: debug: Writing key file "./example.net/dnskey.db"
883
2009-06-24 17:12:06.205: debug: Incrementing serial number in file "./example.net/zone.db"
884
2009-06-24 17:12:06.205: debug: Signing zone "example.net."
885
2009-06-24 17:12:06.205: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
886
2009-06-24 17:12:06.259: debug: Cmd dnssec-signzone return: "zone.db.signed"
887
2009-06-24 17:12:06.259: debug: Signing completed after 0s.
888
2009-06-24 17:12:06.259: debug:
889
2009-06-24 17:12:06.259: notice: end of run: 0 errors occured
890
2009-06-30 11:35:09.298: notice: ------------------------------------------------------------
891
2009-06-30 11:35:09.298: notice: running ../../dnssec-signer -v -v
892
2009-06-30 11:35:09.326: debug: parsing zone "sub.example.net." in dir "./sub.example.net"
893
2009-06-30 11:35:09.326: debug: Check RFC5011 status
894
2009-06-30 11:35:09.326: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
895
2009-06-30 11:35:09.326: debug: Check KSK status
896
2009-06-30 11:35:09.326: debug: Check ZSK status
897
2009-06-30 11:35:09.326: debug: Lifetime(259200 +/-150 sec) of active key 14600 exceeded (499847 sec)
898
2009-06-30 11:35:09.326: debug: ->waiting for published key
899
2009-06-30 11:35:09.326: notice: "sub.example.net.": lifetime of zone signing key 14600 exceeded since 2d18h50m47s: ZSK rollover deferred: waiting for published key
900
2009-06-30 11:35:09.326: debug: New key for publishing needed
901
2009-06-30 11:35:09.482: debug: ->creating new key 32345
902
2009-06-30 11:35:09.482: info: "sub.example.net.": new key 32345 generated for publishing
903
2009-06-30 11:35:09.482: debug: Re-signing necessary: Modfied zone key set
904
2009-06-30 11:35:09.483: notice: "sub.example.net.": re-signing triggered: Modfied zone key set
905
2009-06-30 11:35:09.483: debug: Writing key file "./sub.example.net/dnskey.db"
906
2009-06-30 11:35:09.483: debug: Signing zone "sub.example.net."
907
2009-06-30 11:35:09.483: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -3 E84B0F -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private 2>&1"
908
2009-06-30 11:35:09.838: debug: Cmd dnssec-signzone return: "zone.db.signed"
909
2009-06-30 11:35:09.838: debug: Signing completed after 0s.
910
2009-06-30 11:35:09.838: debug:
911
2009-06-30 11:35:09.838: debug: parsing zone "example.net." in dir "./example.net"
912
2009-06-30 11:35:09.838: debug: Check RFC5011 status
913
2009-06-30 11:35:09.838: debug: Check ZSK status
914
2009-06-30 11:35:09.838: debug: New key for publishing needed
915
2009-06-30 11:35:09.896: debug: ->creating new key 48089
916
2009-06-30 11:35:09.896: info: "example.net.": new key 48089 generated for publishing
917
2009-06-30 11:35:09.896: debug: Re-signing necessary: Modfied zone key set
918
2009-06-30 11:35:09.897: notice: "example.net.": re-signing triggered: Modfied zone key set
919
2009-06-30 11:35:09.897: debug: Writing key file "./example.net/dnskey.db"
920
2009-06-30 11:35:09.897: debug: Incrementing serial number in file "./example.net/zone.db"
921
2009-06-30 11:35:09.897: debug: Signing zone "example.net."
922
2009-06-30 11:35:09.897: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
923
2009-06-30 11:35:09.997: debug: Cmd dnssec-signzone return: "zone.db.signed"
924
2009-06-30 11:35:09.997: debug: Signing completed after 0s.
925
2009-06-30 11:35:09.997: debug:
926
2009-06-30 11:35:09.997: notice: end of run: 0 errors occured
927
2009-06-30 12:01:53.878: notice: ------------------------------------------------------------
928
2009-06-30 12:01:53.878: notice: running ../../dnssec-signer -v -v
929
2009-06-30 12:01:53.880: debug: parsing zone "sub.example.net." in dir "./sub.example.net"
930
2009-06-30 12:01:53.881: debug: Check RFC5011 status
931
2009-06-30 12:01:53.881: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
932
2009-06-30 12:01:53.881: debug: Check KSK status
933
2009-06-30 12:01:53.881: debug: Check ZSK status
934
2009-06-30 12:01:53.881: debug: Lifetime(259200 +/-150 sec) of active key 14600 exceeded (501451 sec)
935
2009-06-30 12:01:53.881: debug: ->waiting for published key
936
2009-06-30 12:01:53.881: notice: "sub.example.net.": lifetime of zone signing key 14600 exceeded since 2d19h17m31s: ZSK rollover deferred: waiting for published key
937
2009-06-30 12:01:53.881: debug: Re-signing not necessary!
938
2009-06-30 12:01:53.881: debug: Check if there is a parent file to copy
939
2009-06-30 12:01:53.881: debug:
940
2009-06-30 12:01:53.881: debug: parsing zone "example.net." in dir "./example.net"
941
2009-06-30 12:01:53.881: debug: Check RFC5011 status
942
2009-06-30 12:01:53.881: debug: Check ZSK status
943
2009-06-30 12:01:53.881: debug: Re-signing not necessary!
944
2009-06-30 12:01:53.881: debug: Check if there is a parent file to copy
945
2009-06-30 12:01:53.881: debug:
946
2009-06-30 12:01:53.881: notice: end of run: 0 errors occured
947
2009-06-30 12:02:05.490: notice: ------------------------------------------------------------
948
2009-06-30 12:02:05.490: notice: running ../../dnssec-signer -f -v -v
949
2009-06-30 12:02:05.492: debug: parsing zone "sub.example.net." in dir "./sub.example.net"
950
2009-06-30 12:02:05.492: debug: Check RFC5011 status
951
2009-06-30 12:02:05.492: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
952
2009-06-30 12:02:05.492: debug: Check KSK status
953
2009-06-30 12:02:05.492: debug: Check ZSK status
954
2009-06-30 12:02:05.492: debug: Lifetime(259200 +/-150 sec) of active key 14600 exceeded (501463 sec)
955
2009-06-30 12:02:05.492: debug: ->waiting for published key
956
2009-06-30 12:02:05.492: notice: "sub.example.net.": lifetime of zone signing key 14600 exceeded since 2d19h17m43s: ZSK rollover deferred: waiting for published key
957
2009-06-30 12:02:05.492: debug: Re-signing necessary: Option -f
958
2009-06-30 12:02:05.492: notice: "sub.example.net.": re-signing triggered: Option -f
959
2009-06-30 12:02:05.492: debug: Writing key file "./sub.example.net/dnskey.db"
960
2009-06-30 12:02:05.492: debug: Signing zone "sub.example.net."
961
2009-06-30 12:02:05.492: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -3 50B303 -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private 2>&1"
962
2009-06-30 12:02:05.543: debug: Cmd dnssec-signzone return: "zone.db.signed"
963
2009-06-30 12:02:05.543: debug: Signing completed after 0s.
964
2009-06-30 12:02:05.543: debug:
965
2009-06-30 12:02:05.543: debug: parsing zone "example.net." in dir "./example.net"
966
2009-06-30 12:02:05.543: debug: Check RFC5011 status
967
2009-06-30 12:02:05.543: debug: Check ZSK status
968
2009-06-30 12:02:05.543: debug: Re-signing necessary: Option -f
969
2009-06-30 12:02:05.543: notice: "example.net.": re-signing triggered: Option -f
970
2009-06-30 12:02:05.543: debug: Writing key file "./example.net/dnskey.db"
971
2009-06-30 12:02:05.544: debug: Incrementing serial number in file "./example.net/zone.db"
972
2009-06-30 12:02:05.544: debug: Signing zone "example.net."
973
2009-06-30 12:02:05.544: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
974
2009-06-30 12:02:05.602: debug: Cmd dnssec-signzone return: "zone.db.signed"
975
2009-06-30 12:02:05.602: debug: Signing completed after 0s.
976
2009-06-30 12:02:05.602: debug:
977
2009-06-30 12:02:05.602: notice: end of run: 0 errors occured
978
2009-06-30 13:02:04.436: notice: ------------------------------------------------------------
979
2009-06-30 13:02:04.436: notice: running ../../dnssec-signer -v -v
980
2009-06-30 13:02:04.438: debug: parsing zone "sub.example.net." in dir "./sub.example.net"
981
2009-06-30 13:02:04.438: debug: Check RFC5011 status
982
2009-06-30 13:02:04.438: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
983
2009-06-30 13:02:04.438: debug: Check KSK status
984
2009-06-30 13:02:04.438: debug: Check ZSK status
985
2009-06-30 13:02:04.438: debug: Lifetime(259200 +/-150 sec) of active key 14600 exceeded (505062 sec)
986
2009-06-30 13:02:04.438: debug: ->depreciate it
987
2009-06-30 13:02:04.439: debug: ->activate published key 32345
988
2009-06-30 13:02:04.439: notice: "sub.example.net.": lifetime of zone signing key 14600 exceeded: ZSK rollover done
989
2009-06-30 13:02:04.439: debug: Re-signing necessary: Modfied zone key set
990
2009-06-30 13:02:04.439: notice: "sub.example.net.": re-signing triggered: Modfied zone key set
991
2009-06-30 13:02:04.439: debug: Writing key file "./sub.example.net/dnskey.db"
992
2009-06-30 13:02:04.439: debug: Signing zone "sub.example.net."
993
2009-06-30 13:02:04.439: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -3 0140D2 -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private 2>&1"
994
2009-06-30 13:02:04.491: debug: Cmd dnssec-signzone return: "zone.db.signed"
995
2009-06-30 13:02:04.491: debug: Signing completed after 0s.
996
2009-06-30 13:02:04.491: debug:
997
2009-06-30 13:02:04.491: debug: parsing zone "example.net." in dir "./example.net"
998
2009-06-30 13:02:04.491: debug: Check RFC5011 status
999
2009-06-30 13:02:04.491: debug: Check ZSK status
1000
2009-06-30 13:02:04.491: debug: Re-signing not necessary!
1001
2009-06-30 13:02:04.491: debug: Check if there is a parent file to copy
1002
2009-06-30 13:02:04.491: debug:
1003
2009-06-30 13:02:04.491: notice: end of run: 0 errors occured
1004
2009-06-30 13:02:21.019: notice: ------------------------------------------------------------
1005
2009-06-30 13:02:21.019: notice: running ../../dnssec-signer -f -v -v
1006
2009-06-30 13:02:21.021: debug: parsing zone "sub.example.net." in dir "./sub.example.net"
1007
2009-06-30 13:02:21.021: debug: Check RFC5011 status
1008
2009-06-30 13:02:21.021: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
1009
2009-06-30 13:02:21.021: debug: Check KSK status
1010
2009-06-30 13:02:21.021: debug: Check ZSK status
1011
2009-06-30 13:02:21.022: debug: Re-signing necessary: Option -f
1012
2009-06-30 13:02:21.022: notice: "sub.example.net.": re-signing triggered: Option -f
1013
2009-06-30 13:02:21.022: debug: Writing key file "./sub.example.net/dnskey.db"
1014
2009-06-30 13:02:21.022: debug: Signing zone "sub.example.net."
1015
2009-06-30 13:02:21.022: debug: Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -3 86F43F -g -p -d ../keysets -o sub.example.net. -e +172800 -l dlv.trusted-keys.de -N unixtime zone.db K*.private 2>&1"
1016
2009-06-30 13:02:21.070: debug: Cmd dnssec-signzone return: "zone.db.signed"
1017
2009-06-30 13:02:21.070: debug: Signing completed after 0s.
1018
2009-06-30 13:02:21.070: debug:
1019
2009-06-30 13:02:21.070: debug: parsing zone "example.net." in dir "./example.net"
1020
2009-06-30 13:02:21.070: debug: Check RFC5011 status
1021
2009-06-30 13:02:21.070: debug: Check ZSK status
1022
2009-06-30 13:02:21.070: debug: Re-signing necessary: Option -f
1023
2009-06-30 13:02:21.070: notice: "example.net.": re-signing triggered: Option -f
1024
2009-06-30 13:02:21.071: debug: Writing key file "./example.net/dnskey.db"
1025
2009-06-30 13:02:21.071: debug: Incrementing serial number in file "./example.net/zone.db"
1026
2009-06-30 13:02:21.071: debug: Signing zone "example.net."
1027
2009-06-30 13:02:21.071: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1"
1028
2009-06-30 13:02:21.121: debug: Cmd dnssec-signzone return: "zone.db.signed"
1029
2009-06-30 13:02:21.121: debug: Signing completed after 0s.
1030
2009-06-30 13:02:21.121: debug:
1031
2009-06-30 13:02:21.121: notice: end of run: 0 errors occured