flat/dyn.example.net/zktlog-dyn.example.net.

2010-02-21 19:43:15.018: debug:     Check RFC5011 status
2010-02-21 19:43:15.018: debug:         ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-21 19:43:15.018: debug:     Check KSK status
2010-02-21 19:43:15.018: debug:     No active KSK found: generate new one
2010-02-21 19:43:15.330: info: "dyn.example.net.": generated new KSK 52935
2010-02-21 19:43:15.330: debug:     Check ZSK status
2010-02-21 19:43:15.330: debug:     No active ZSK found: generate new one
2010-02-21 19:43:15.368: info: "dyn.example.net.": generated new ZSK 30323
2010-02-21 19:43:15.368: debug:     Re-signing necessary: Modfied zone key set
2010-02-21 19:43:15.368: notice: "dyn.example.net.": re-signing triggered: Modfied zone key set
2010-02-21 19:43:15.368: debug:     Writing key file "./dyn.example.net/dnskey.db"
2010-02-21 19:43:15.368: debug:     Signing zone "dyn.example.net."
2010-02-21 19:43:15.368: notice: "dyn.example.net.": freeze dynamic zone
2010-02-21 19:43:15.368: debug:     freeze dynamic zone "dyn.example.net."
2010-02-21 19:43:15.368: debug:       Run cmd "/usr/local/sbin/rndc freeze dyn.example.net."
2010-02-21 19:43:15.374: debug:     Dynamic Zone signing: copy old signed zone file ./dyn.example.net/zone.db.dsigned to new input file ./dyn.example.net/zone.db
2010-02-21 19:43:15.374: debug:       Run cmd "cd ./dyn.example.net; /usr/local/sbin/dnssec-signzone -n 1 -3 76931F -C -g -p -d ../keysets -o dyn.example.net. -e +518400  -N increment -f zone.db.dsigned zone.db K*.private 2>&1"
2010-02-21 19:43:15.382: debug:       Cmd dnssec-signzone return: "dnssec-signzone: fatal: Zone contains NSEC records.  Use -u to update to NSEC3."
2010-02-21 19:43:15.382: error: "dyn.example.net.": signing failed!
2010-02-21 19:43:15.382: notice: "dyn.example.net.": thaw dynamic zone
2010-02-21 19:43:15.382: debug:     thaw dynamic zone "dyn.example.net."
2010-02-21 19:43:15.382: debug:       Run cmd "/usr/local/sbin/rndc thaw dyn.example.net."
2010-02-21 19:45:36.415: debug:     Check RFC5011 status
2010-02-21 19:45:36.416: debug:         ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-21 19:45:36.416: debug:     Check KSK status
2010-02-21 19:45:36.416: debug:     Check ZSK status
2010-02-21 19:45:36.416: debug:     Re-signing not necessary!
2010-02-21 19:45:36.416: debug:     Check if there is a parent file to copy
2010-02-21 19:45:41.448: debug:     Check RFC5011 status
2010-02-21 19:45:41.448: debug:         ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-21 19:45:41.448: debug:     Check KSK status
2010-02-21 19:45:41.448: debug:     Check ZSK status
2010-02-21 19:45:41.448: debug:     Re-signing necessary: Option -f
2010-02-21 19:45:41.448: notice: "dyn.example.net.": re-signing triggered: Option -f
2010-02-21 19:45:41.448: debug:     Writing key file "./dyn.example.net/dnskey.db"
2010-02-21 19:45:41.448: debug:     Signing zone "dyn.example.net."
2010-02-21 19:45:41.448: notice: "dyn.example.net.": freeze dynamic zone
2010-02-21 19:45:41.448: debug:     freeze dynamic zone "dyn.example.net."
2010-02-21 19:45:41.448: debug:       Run cmd "/usr/local/sbin/rndc freeze dyn.example.net."
2010-02-21 19:45:41.457: debug:     Dynamic Zone signing: copy old signed zone file ./dyn.example.net/zone.db.dsigned to new input file ./dyn.example.net/zone.db
2010-02-21 19:45:41.458: debug:       Run cmd "cd ./dyn.example.net; /usr/local/sbin/dnssec-signzone -n 1 -3 76931F -C -g -p -d ../keysets -o dyn.example.net. -e +518400  -N increment -f zone.db.dsigned zone.db K*.private 2>&1"
2010-02-21 19:45:41.473: debug:       Cmd dnssec-signzone return: "dnssec-signzone: fatal: NSEC3 generation requested with NSEC only DNSKEY"
2010-02-21 19:45:41.473: error: "dyn.example.net.": signing failed!
2010-02-21 19:45:41.473: notice: "dyn.example.net.": thaw dynamic zone
2010-02-21 19:45:41.473: debug:     thaw dynamic zone "dyn.example.net."
2010-02-21 19:45:41.473: debug:       Run cmd "/usr/local/sbin/rndc thaw dyn.example.net."
2010-02-21 19:47:06.899: debug:     Check RFC5011 status
2010-02-21 19:47:06.899: debug:         ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-21 19:47:06.899: debug:     Check KSK status
2010-02-21 19:47:06.899: debug:     Check ZSK status
2010-02-21 19:47:06.899: debug:     Re-signing necessary: Option -f
2010-02-21 19:47:06.899: notice: "dyn.example.net.": re-signing triggered: Option -f
2010-02-21 19:47:06.899: debug:     Writing key file "./dyn.example.net/dnskey.db"
2010-02-21 19:47:06.900: debug:     Signing zone "dyn.example.net."
2010-02-21 19:47:06.900: notice: "dyn.example.net.": freeze dynamic zone
2010-02-21 19:47:06.900: debug:     freeze dynamic zone "dyn.example.net."
2010-02-21 19:47:06.900: debug:       Run cmd "/usr/local/sbin/rndc freeze dyn.example.net."
2010-02-21 19:47:06.910: debug:     Dynamic Zone signing: copy old signed zone file ./dyn.example.net/zone.db.dsigned to new input file ./dyn.example.net/zone.db
2010-02-21 19:47:06.910: debug:       Run cmd "cd ./dyn.example.net; /usr/local/sbin/dnssec-signzone -n 1 -3 76931F -C -g -p -d ../keysets -o dyn.example.net. -e +518400  -N increment -f zone.db.dsigned zone.db K*.private 2>&1"
2010-02-21 19:47:06.926: debug:       Cmd dnssec-signzone return: "dnssec-signzone: fatal: NSEC3 iterations too big for weakest DNSKEY strength. Maximum iterations allowed 0."
2010-02-21 19:47:06.926: error: "dyn.example.net.": signing failed!
2010-02-21 19:47:06.926: notice: "dyn.example.net.": thaw dynamic zone
2010-02-21 19:47:06.926: debug:     thaw dynamic zone "dyn.example.net."
2010-02-21 19:47:06.926: debug:       Run cmd "/usr/local/sbin/rndc thaw dyn.example.net."
2010-02-21 19:58:40.972: debug:     Check RFC5011 status
2010-02-21 19:58:40.972: debug:         ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-21 19:58:40.972: debug:     Check KSK status
2010-02-21 19:58:40.972: debug:     Check ZSK status
2010-02-21 19:58:40.973: debug:     Re-signing necessary: Option -f
2010-02-21 19:58:40.973: notice: "dyn.example.net.": re-signing triggered: Option -f
2010-02-21 19:58:40.973: debug:     Writing key file "./dyn.example.net/dnskey.db"
2010-02-21 19:58:40.973: debug:     Signing zone "dyn.example.net."
2010-02-21 19:58:40.973: notice: "dyn.example.net.": freeze dynamic zone
2010-02-21 19:58:40.973: debug:     freeze dynamic zone "dyn.example.net."
2010-02-21 19:58:40.973: debug:       Run cmd "/usr/local/sbin/rndc freeze dyn.example.net."
2010-02-21 19:58:40.982: debug:     Dynamic Zone signing: zone file manually edited: Use it as new input file
2010-02-21 19:58:40.982: debug:     Dynamic Zone signing: copy old signed zone file ./dyn.example.net/zone.db.dsigned to new input file ./dyn.example.net/zone.db
2010-02-21 19:58:40.983: debug:       Run cmd "cd ./dyn.example.net; /usr/local/sbin/dnssec-signzone -n 1 -3 76931F -C -g -p -d ../keysets -o dyn.example.net. -e +518400  -N increment -f zone.db.dsigned zone.db K*.private 2>&1"
2010-02-21 19:58:40.999: debug:       Cmd dnssec-signzone return: "dnssec-signzone: fatal: NSEC3 iterations too big for weakest DNSKEY strength. Maximum iterations allowed 0."
2010-02-21 19:58:40.999: error: "dyn.example.net.": signing failed!
2010-02-21 19:58:40.999: notice: "dyn.example.net.": thaw dynamic zone
2010-02-21 19:58:40.999: debug:     thaw dynamic zone "dyn.example.net."
2010-02-21 19:58:40.999: debug:       Run cmd "/usr/local/sbin/rndc thaw dyn.example.net."
2010-02-21 20:00:48.833: debug:     Check RFC5011 status
2010-02-21 20:00:48.833: debug:         ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-21 20:00:48.833: debug:     Check KSK status
2010-02-21 20:00:48.833: debug:     Check ZSK status
2010-02-21 20:00:48.833: debug:     Re-signing necessary: Option -f
2010-02-21 20:00:48.833: notice: "dyn.example.net.": re-signing triggered: Option -f
2010-02-21 20:00:48.833: debug:     Writing key file "./dyn.example.net/dnskey.db"
2010-02-21 20:00:48.834: debug:     Signing zone "dyn.example.net."
2010-02-21 20:00:48.834: notice: "dyn.example.net.": freeze dynamic zone
2010-02-21 20:00:48.834: debug:     freeze dynamic zone "dyn.example.net."
2010-02-21 20:00:48.834: debug:       Run cmd "/usr/local/sbin/rndc freeze dyn.example.net."
2010-02-21 20:00:48.844: debug:     Dynamic Zone signing: copy old signed zone file ./dyn.example.net/zone.db.dsigned to new input file ./dyn.example.net/zone.db
2010-02-21 20:00:48.844: debug:       Run cmd "cd ./dyn.example.net; /usr/local/sbin/dnssec-signzone -n 1 -3 76931F -C -g -p -d ../keysets -o dyn.example.net. -e +518400  -N increment -f zone.db.dsigned zone.db K*.private 2>&1"
2010-02-21 20:00:48.878: debug:       Cmd dnssec-signzone return: "zone.db.dsigned"
2010-02-21 20:00:48.878: notice: "dyn.example.net.": thaw dynamic zone
2010-02-21 20:00:48.878: debug:     thaw dynamic zone "dyn.example.net."
2010-02-21 20:00:48.878: debug:       Run cmd "/usr/local/sbin/rndc thaw dyn.example.net."
2010-02-21 20:00:48.884: debug:     Signing completed after 0s.
2010-02-21 20:01:11.175: debug:     Check RFC5011 status
2010-02-21 20:01:11.175: debug:         ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-21 20:01:11.175: debug:     Check KSK status
2010-02-21 20:01:11.175: debug:     Check ZSK status
2010-02-21 20:01:11.176: debug:     Re-signing necessary: Option -f
2010-02-21 20:01:11.176: notice: "dyn.example.net.": re-signing triggered: Option -f
2010-02-21 20:01:11.176: debug:     Writing key file "./dyn.example.net/dnskey.db"
2010-02-21 20:01:11.176: debug:     Signing zone "dyn.example.net."
2010-02-21 20:01:11.176: notice: "dyn.example.net.": freeze dynamic zone
2010-02-21 20:01:11.176: debug:     freeze dynamic zone "dyn.example.net."
2010-02-21 20:01:11.176: debug:       Run cmd "/usr/local/sbin/rndc freeze dyn.example.net."
2010-02-21 20:01:11.181: debug:     Dynamic Zone signing: copy old signed zone file ./dyn.example.net/zone.db.dsigned to new input file ./dyn.example.net/zone.db
2010-02-21 20:01:11.181: debug:       Run cmd "cd ./dyn.example.net; /usr/local/sbin/dnssec-signzone -n 1 -3 76931F -C -g -p -d ../keysets -o dyn.example.net. -e +518400  -N increment -f zone.db.dsigned zone.db K*.private 2>&1"
2010-02-21 20:01:11.202: debug:       Cmd dnssec-signzone return: "zone.db.dsigned"
2010-02-21 20:01:11.202: notice: "dyn.example.net.": thaw dynamic zone
2010-02-21 20:01:11.203: debug:     thaw dynamic zone "dyn.example.net."
2010-02-21 20:01:11.203: debug:       Run cmd "/usr/local/sbin/rndc thaw dyn.example.net."
2010-02-21 20:01:11.208: debug:     Signing completed after 0s.
2010-02-21 20:01:17.175: debug:     Check RFC5011 status
2010-02-21 20:01:17.175: debug:         ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-21 20:01:17.175: debug:     Check KSK status
2010-02-21 20:01:17.175: debug:     Check ZSK status
2010-02-21 20:01:17.176: debug:     Re-signing not necessary!
2010-02-21 20:01:17.176: debug:     Check if there is a parent file to copy
2010-02-25 23:42:29.326: debug:     Check RFC5011 status
2010-02-25 23:42:29.326: debug:         ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-25 23:42:29.326: debug:     Check KSK status
2010-02-25 23:42:29.326: debug:     Check ZSK status
2010-02-25 23:42:29.326: debug:     Re-signing necessary: re-signing interval (2d) reached
2010-02-25 23:42:29.326: notice: "dyn.example.net.": re-signing triggered: re-signing interval (2d) reached
2010-02-25 23:42:29.326: debug:     Writing key file "./dyn.example.net/dnskey.db"
2010-02-25 23:42:29.327: debug:     Signing zone "dyn.example.net."
2010-02-25 23:42:29.327: notice: "dyn.example.net.": freeze dynamic zone
2010-02-25 23:42:29.327: debug:     freeze dynamic zone "dyn.example.net."
2010-02-25 23:42:29.327: debug:       Run cmd "/usr/local/sbin/rndc freeze dyn.example.net."
2010-02-25 23:42:29.388: debug:     Dynamic Zone signing: copy old signed zone file ./dyn.example.net/zone.db.dsigned to new input file ./dyn.example.net/zone.db
2010-02-25 23:42:29.425: debug:       Run cmd "cd ./dyn.example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -3 76931F -C -g -p -d ../keysets -o dyn.example.net. -e +518400  -N increment -f zone.db.dsigned zone.db K*.private 2>&1"
2010-02-25 23:42:29.471: debug:       Cmd dnssec-signzone return: "zone.db.dsigned"
2010-02-25 23:42:29.471: notice: "dyn.example.net.": thaw dynamic zone
2010-02-25 23:42:29.471: debug:     thaw dynamic zone "dyn.example.net."
2010-02-25 23:42:29.471: debug:       Run cmd "/usr/local/sbin/rndc thaw dyn.example.net."
2010-02-25 23:42:29.486: debug:     Signing completed after 0s.
2010-03-02 10:59:46.770: debug:     Check RFC5011 status
2010-03-02 10:59:46.770: debug:         ->not a rfc5011 zone, looking for a regular ksk rollover
2010-03-02 10:59:46.770: debug:     Check KSK status
2010-03-02 10:59:46.770: debug:     Check ZSK status
2010-03-02 10:59:46.770: debug:     Re-signing necessary: re-signing interval (2d) reached
2010-03-02 10:59:46.770: notice: "dyn.example.net.": re-signing triggered: re-signing interval (2d) reached
2010-03-02 10:59:46.770: debug:     Writing key file "./dyn.example.net/dnskey.db"
2010-03-02 10:59:46.770: debug:     Signing zone "dyn.example.net."
2010-03-02 10:59:46.770: notice: "dyn.example.net.": freeze dynamic zone
2010-03-02 10:59:46.770: debug:     freeze dynamic zone "dyn.example.net."
2010-03-02 10:59:46.770: debug:       Run cmd "/usr/local/sbin/rndc freeze dyn.example.net."
2010-03-02 10:59:46.852: debug:     Dynamic Zone signing: copy old signed zone file ./dyn.example.net/zone.db.dsigned to new input file ./dyn.example.net/zone.db
2010-03-02 10:59:46.875: debug:       Run cmd "cd ./dyn.example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -3 76931F -C -g -p -d ../keysets -o dyn.example.net. -e +518400  -N increment -f zone.db.dsigned zone.db K*.private 2>&1"
2010-03-02 10:59:46.950: debug:       Cmd dnssec-signzone return: "zone.db.dsigned"
2010-03-02 10:59:46.950: notice: "dyn.example.net.": thaw dynamic zone
2010-03-02 10:59:46.950: debug:     thaw dynamic zone "dyn.example.net."
2010-03-02 10:59:46.950: debug:       Run cmd "/usr/local/sbin/rndc thaw dyn.example.net."
2010-03-02 10:59:46.964: debug:     Signing completed after 0s.