Name | Date | Size | |
---|---|---|---|
.. | 2016-02-07 01:49:32 | 15 | |
CHANGELOG | 2014-01-27 20:00:45 | 21.3 KiB | |
config.h.in | 2014-01-27 20:00:45 | 5.8 KiB | |
config_zkt.h | 2014-01-27 20:00:45 | 3.3 KiB | |
configure | 2014-01-27 20:00:45 | 189.3 KiB | |
configure.ac | 2014-01-27 20:00:45 | 5.3 KiB | |
debug.h | 2014-01-27 20:00:45 | 3.1 KiB | |
dki.c | 2014-01-27 20:00:45 | 33.2 KiB | |
dki.h | 2014-01-27 20:00:45 | 7.9 KiB | |
dnssec-zkt.c | 2014-01-27 20:00:45 | 28.1 KiB | |
doc | 2016-02-07 01:49:32 | 7 | |
domaincmp.c | 2014-01-27 20:00:45 | 9.4 KiB | |
domaincmp.h | 2014-01-27 20:00:45 | 2.1 KiB | |
examples | 2016-02-07 01:49:32 | 9 | |
LICENSE | 2014-01-27 20:00:45 | 1.5 KiB | |
log.c | 2014-01-27 20:00:45 | 12.8 KiB | |
log.h | 2014-01-27 20:00:45 | 2.8 KiB | |
Makefile.in | 2014-01-27 20:00:45 | 7.1 KiB | |
man | 2014-01-27 20:00:45 | 18 | |
misc.c | 2014-01-27 20:00:45 | 26.3 KiB | |
misc.h | 2014-01-27 20:00:45 | 4 KiB | |
ncparse.c | 2014-01-27 20:00:45 | 8.5 KiB | |
ncparse.h | 2014-01-27 20:00:45 | 1.9 KiB | |
nscomm.c | 2014-01-27 20:00:45 | 7.1 KiB | |
nscomm.h | 2014-01-27 20:00:45 | 2.2 KiB | |
README | 2014-01-27 20:00:45 | 1.4 KiB | |
README.logging | 2014-01-27 20:00:45 | 3.4 KiB | |
rollover.c | 2014-01-27 20:00:45 | 23.2 KiB | |
rollover.h | 2014-01-27 20:00:45 | 2.4 KiB | |
soaserial.c | 2014-01-27 20:00:45 | 7.7 KiB | |
soaserial.h | 2014-01-27 20:00:45 | 1.9 KiB | |
strlist.c | 2014-01-27 20:00:45 | 4.5 KiB | |
strlist.h | 2014-01-27 20:00:45 | 2 KiB | |
tags | 2014-01-27 20:00:45 | 28.5 KiB | |
tcap.c | 2014-01-27 20:00:45 | 7.8 KiB | |
tcap.h | 2014-01-27 20:00:45 | 554 | |
TODO | 2014-01-27 20:00:45 | 1.6 KiB | |
zconf.c | 2014-01-27 20:00:45 | 30.5 KiB | |
zconf.h | 2014-01-27 20:00:45 | 6.5 KiB | |
zfparse.c | 2014-01-27 20:00:45 | 7.6 KiB | |
zfparse.h | 2014-01-27 20:00:45 | 2 KiB | |
zkt-conf.c | 2014-01-27 20:00:45 | 10.6 KiB | |
zkt-keyman.c | 2014-01-27 20:00:45 | 24.3 KiB | |
zkt-ls.c | 2014-01-27 20:00:45 | 13 KiB | |
zkt-signer.c | 2014-01-27 20:00:45 | 30.8 KiB | |
zkt-soaserial.c | 2014-01-27 20:00:45 | 6.4 KiB | |
zkt.c | 2014-01-27 20:00:45 | 9.9 KiB | |
zkt.h | 2014-01-27 20:00:45 | 2.1 KiB | |
zone.c | 2014-01-27 20:00:45 | 9.4 KiB | |
zone.h | 2014-01-27 20:00:45 | 2.9 KiB |
README
#
# README dnssec zone key tool
#
# (c) March 2005 - Aug 2009 by Holger Zuleger hznet
# (c) domaincmp() Aug 2005 by Karle Boss & H. Zuleger (kaho)
# (c) zconf.c by Jeroen Masar & Holger Zuleger
#
For more information about the DNSSEC Zone Key Tool please
have a look at "http://www.hznet.de/dns/zkt/"
You can also subscribe to the zkt-users@sourceforge.net mailing list
on the following website: https://lists.sourceforge.net/lists/listinfo/zkt-users
The ZKT software is licenced under BSD (see LICENCE file)
To build the software:
a) Get the current version of zkt
b) Unpack
$ tar xzvf zkt-1.0.tar.gz
c) Change to source directory
$ cd zkt-1.0
d) Run configure script
$ ./configure
e) Compile
$ make
f) Install
# make install
# make install-man
Prepare your setup:
a) (optional) Install or rebuild the default dnssec.conf file
$ zkt-conf -d -w # Install new file
or
$ zkt-conf -s -w # rebuild existing file
b) (optional) Change default parameters
$ zkt-conf -s -O "Zonedir: /var/named/zones" -w
or use your prefered editor
c) Prepare one of your zone for zkt
$ cd /var/name/zones/net/example.net # change dir to zone directory
README.logging
#
#
# Introduction into the new logging feature
# available since v0.96
# Per domain logging is enabled since v1.0
#
In previous version of dnssec-signer every message was written
to the default stdout and stderr channels, and the logging itself
was handled by a redirection of those chanels to the logger command
or to a file.
Since v0.96, the dnssec-signer command is able to log all messages
by itself. File and SYSLOG logging is supported.
To enable the logging into a file channel, you have to specify
the file or directory name via the commandline option -L (--logfile)
or via the config file parameter "LogFile".
LogFile: ""|"<file>"|"<directory>" (default is "")
If a file is specified, than each run of dnssec-signer will append the
messages to that file. If a directory is specified, than a file with a
name of zkt-<ISOdate&timeUTC>+log" will be created on each dnssec-signer run.
Since v1.0 per domain logging is possible.
If the parameter "LogDomainDir:" is not empty, than the domain specific messages
are written to a separate log file with a name like "zkt-<domainname>+log" in the
directory specified by the parameter.
If "LogDomainDir:" is set to ".", then the logfile will be created in the domain
directory of the zone.
Logging into the syslog channel could be enabled via the config file
parameter "SyslogFacility".
SyslogFacility: NONE|USER|DAEMON|LOCAL0|..|LOCAL7 (default is USER)
For both channels, the log level could be set to one of six log levels:
LG_FATAL, LG_ERROR, LG_WARNING
LB_NOTICE, LG_INFO, LG_DEBUG
The loglevel is settable via the config file parameter :
SyslogLevel: FATAL|ERROR|WARNING|NOTICE|INFO|DEBUG
(default is ERROR)
and
LogLevel: FATAL|ERROR|WARNING|NOTICE|INFO|DEBUG
(default is NOTICE)
All the log parameters are settable on the commandline via the generic
option -O "optstring" (--config-option="optstring").
A verbose message output to stdout could be achieved by the commandline
option -v (or -v -v).
If you like to have this verbose messages also logged with a level of LG_DEBUG
you should enable this by setting the config file option
"VerboseLog" to a value of 1 or 2.
Current logging messages:
LG_FATAL: Not all of the fatal errors are logged
(e.g.: config file or command line option fatal errors are
not logged)
LG_ERROR: All error messages will be logged
LG_WARNING: KSK lifetime expiration
LG_NOTICE:
Start and stop of dnssec-signer
Re-signing events
Key rollover events
KSK key generation and revoking
Zone reload resp. freeze/thaw of dynamic zone
LG_INFO: Currently none
planned:
Mesages for key generation and key status change
(e.g.: pre-publish -> activate; revoked -> removed etc.)
LG_DEBUG: all "verbose" (-v) and "very verbose" (-v -v) messages
Some recomended and useful logging settings
- The default setting
LogFile: ""
SyslogFacility: USER
SyslogLevel: NOTICE
VerboseLog: 0
- Setting as in version v0.95
LogFile: "zkt-error.log" # or a directory for separate logfiles
LogLevel: ERROR
SyslogFacility: NONE
VerboseLog: 0
- Setting as in previous versions
LogFile: ""
SyslogFacility: NONE
VerboseLog: 0
- Recommended setting for normal usage
LogFile: "zkt.log" # or a directory for separate logfiles
LogLevel: ERROR
SyslogFacility: USER
SyslogLevel: NOTICE
VerboseLog: 0
- Recommended setting for debugging
LogFile: "zkt.log" # or a directory for separate logfiles
LogLevel: DEBUG
SyslogFacility: USER
SyslogLevel: NOTICE
VerboseLog: 2