Name Date Size

.. 2016-02-07 01:49:32 15

CHANGELOG 2014-01-27 20:00:45 21.3 KiB

config.h.in 2014-01-27 20:00:45 5.8 KiB

config_zkt.h 2014-01-27 20:00:45 3.3 KiB

configure 2014-01-27 20:00:45 189.3 KiB

configure.ac 2014-01-27 20:00:45 5.3 KiB

debug.h 2014-01-27 20:00:45 3.1 KiB

dki.c 2014-01-27 20:00:45 33.2 KiB

dki.h 2014-01-27 20:00:45 7.9 KiB

dnssec-zkt.c 2014-01-27 20:00:45 28.1 KiB

doc 2016-02-07 01:49:32 7

domaincmp.c 2014-01-27 20:00:45 9.4 KiB

domaincmp.h 2014-01-27 20:00:45 2.1 KiB

examples 2016-02-07 01:49:32 9

LICENSE 2014-01-27 20:00:45 1.5 KiB

log.c 2014-01-27 20:00:45 12.8 KiB

log.h 2014-01-27 20:00:45 2.8 KiB

Makefile.in 2014-01-27 20:00:45 7.1 KiB

man 2014-01-27 20:00:45 18

misc.c 2014-01-27 20:00:45 26.3 KiB

misc.h 2014-01-27 20:00:45 4 KiB

ncparse.c 2014-01-27 20:00:45 8.5 KiB

ncparse.h 2014-01-27 20:00:45 1.9 KiB

nscomm.c 2014-01-27 20:00:45 7.1 KiB

nscomm.h 2014-01-27 20:00:45 2.2 KiB

README 2014-01-27 20:00:45 1.4 KiB

README.logging 2014-01-27 20:00:45 3.4 KiB

rollover.c 2014-01-27 20:00:45 23.2 KiB

rollover.h 2014-01-27 20:00:45 2.4 KiB

soaserial.c 2014-01-27 20:00:45 7.7 KiB

soaserial.h 2014-01-27 20:00:45 1.9 KiB

strlist.c 2014-01-27 20:00:45 4.5 KiB

strlist.h 2014-01-27 20:00:45 2 KiB

tags 2014-01-27 20:00:45 28.5 KiB

tcap.c 2014-01-27 20:00:45 7.8 KiB

tcap.h 2014-01-27 20:00:45 554

TODO 2014-01-27 20:00:45 1.6 KiB

zconf.c 2014-01-27 20:00:45 30.5 KiB

zconf.h 2014-01-27 20:00:45 6.5 KiB

zfparse.c 2014-01-27 20:00:45 7.6 KiB

zfparse.h 2014-01-27 20:00:45 2 KiB

zkt-conf.c 2014-01-27 20:00:45 10.6 KiB

zkt-keyman.c 2014-01-27 20:00:45 24.3 KiB

zkt-ls.c 2014-01-27 20:00:45 13 KiB

zkt-signer.c 2014-01-27 20:00:45 30.8 KiB

zkt-soaserial.c 2014-01-27 20:00:45 6.4 KiB

zkt.c 2014-01-27 20:00:45 9.9 KiB

zkt.h 2014-01-27 20:00:45 2.1 KiB

zone.c 2014-01-27 20:00:45 9.4 KiB

zone.h 2014-01-27 20:00:45 2.9 KiB

README

#
# README dnssec zone key tool
#
# (c) March 2005 - Aug 2009 by Holger Zuleger hznet
# (c) domaincmp() Aug 2005 by Karle Boss & H. Zuleger (kaho)
# (c) zconf.c by Jeroen Masar & Holger Zuleger
#
For more information about the DNSSEC Zone Key Tool please
have a look at "http://www.hznet.de/dns/zkt/"
You can also subscribe to the zkt-users@sourceforge.net mailing list
on the following website: https://lists.sourceforge.net/lists/listinfo/zkt-users
The ZKT software is licenced under BSD (see LICENCE file)
To build the software:
a) Get the current version of zkt
$ wget http://www.hznet.de/dns/zkt/zkt-1.0.tar.gz
b) Unpack
$ tar xzvf zkt-1.0.tar.gz
c) Change to source directory
$ cd zkt-1.0
d) Run configure script
$ ./configure
e) Compile
$ make
f) Install
# make install
# make install-man
Prepare your setup:
a) (optional) Install or rebuild the default dnssec.conf file
$ zkt-conf -d -w # Install new file
or
$ zkt-conf -s -w # rebuild existing file
b) (optional) Change default parameters
$ zkt-conf -s -O "Zonedir: /var/named/zones" -w
or use your prefered editor
$ vi /var/named/dnssec.conf
c) Prepare one of your zone for zkt
$ cd /var/name/zones/net/example.net # change dir to zone directory
$ cp <zonefile> zone.db # copy and rename existing zone file to "zone.db"
$ zkt-conf -w zone.db # create local dnssec.conf file and include dnskey.db into zone file

README.logging

#
# README.logging
#
# Introduction into the new logging feature
# available since v0.96
# Per domain logging is enabled since v1.0
#
In previous version of dnssec-signer every message was written
to the default stdout and stderr channels, and the logging itself
was handled by a redirection of those chanels to the logger command
or to a file.
Since v0.96, the dnssec-signer command is able to log all messages
by itself. File and SYSLOG logging is supported.
To enable the logging into a file channel, you have to specify
the file or directory name via the commandline option -L (--logfile)
or via the config file parameter "LogFile".
LogFile: ""|"<file>"|"<directory>" (default is "")
If a file is specified, than each run of dnssec-signer will append the
messages to that file. If a directory is specified, than a file with a
name of zkt-<ISOdate&timeUTC>+log" will be created on each dnssec-signer run.
Since v1.0 per domain logging is possible.
If the parameter "LogDomainDir:" is not empty, than the domain specific messages
are written to a separate log file with a name like "zkt-<domainname>+log" in the
directory specified by the parameter.
If "LogDomainDir:" is set to ".", then the logfile will be created in the domain
directory of the zone.
Logging into the syslog channel could be enabled via the config file
parameter "SyslogFacility".
SyslogFacility: NONE|USER|DAEMON|LOCAL0|..|LOCAL7 (default is USER)
For both channels, the log level could be set to one of six log levels:
LG_FATAL, LG_ERROR, LG_WARNING
LB_NOTICE, LG_INFO, LG_DEBUG
The loglevel is settable via the config file parameter :
SyslogLevel: FATAL|ERROR|WARNING|NOTICE|INFO|DEBUG
(default is ERROR)
and
LogLevel: FATAL|ERROR|WARNING|NOTICE|INFO|DEBUG
(default is NOTICE)
All the log parameters are settable on the commandline via the generic
option -O "optstring" (--config-option="optstring").
A verbose message output to stdout could be achieved by the commandline
option -v (or -v -v).
If you like to have this verbose messages also logged with a level of LG_DEBUG
you should enable this by setting the config file option
"VerboseLog" to a value of 1 or 2.
Current logging messages:
LG_FATAL: Not all of the fatal errors are logged
(e.g.: config file or command line option fatal errors are
not logged)
LG_ERROR: All error messages will be logged
LG_WARNING: KSK lifetime expiration
LG_NOTICE:
Start and stop of dnssec-signer
Re-signing events
Key rollover events
KSK key generation and revoking
Zone reload resp. freeze/thaw of dynamic zone
LG_INFO: Currently none
planned:
Mesages for key generation and key status change
(e.g.: pre-publish -> activate; revoked -> removed etc.)
LG_DEBUG: all "verbose" (-v) and "very verbose" (-v -v) messages
Some recomended and useful logging settings
- The default setting
LogFile: ""
SyslogFacility: USER
SyslogLevel: NOTICE
VerboseLog: 0
- Setting as in version v0.95
LogFile: "zkt-error.log" # or a directory for separate logfiles
LogLevel: ERROR
SyslogFacility: NONE
VerboseLog: 0
- Setting as in previous versions
LogFile: ""
SyslogFacility: NONE
VerboseLog: 0
- Recommended setting for normal usage
LogFile: "zkt.log" # or a directory for separate logfiles
LogLevel: ERROR
SyslogFacility: USER
SyslogLevel: NOTICE
VerboseLog: 0
- Recommended setting for debugging
LogFile: "zkt.log" # or a directory for separate logfiles
LogLevel: DEBUG
SyslogFacility: USER
SyslogLevel: NOTICE
VerboseLog: 2