Commit 13fe015c authored by Evan Hunt's avatar Evan Hunt
Browse files

[master] updated zkt

4008.	[contrib]	Updated zkt to latest version (1.1.3). [RT #37886]
parent 70bceacc
4008. [contrib] Updated zkt to latest version (1.1.3). [RT #37886]
4007. [doc] Remove acl forward reference restriction. [RT #37772]
4006. [security] A flaw in delegation handling could be exploited
......
#
# @(#) dnssec.conf vT0.99d (c) Feb 2005 - Aug 2009 Holger Zuleger hznet.de
#
# dnssec-zkt options
Zonedir: "."
Recursive: False
PrintTime: True
PrintAge: False
LeftJustify: False
# zone specific values
ResignInterval: 1w # (604800 seconds)
Sigvalidity: 10d # (864000 seconds)
Max_TTL: 8h # (28800 seconds)
Propagation: 5m # (300 seconds)
KEY_TTL: 4h # (14400 seconds)
Serialformat: incremental
# signing key parameters
Key_algo: RSASHA1 # (Algorithm ID 5)
KSK_lifetime: 1y # (31536000 seconds)
KSK_bits: 1300
KSK_randfile: "/dev/urandom"
ZSK_lifetime: 12w # (7257600 seconds)
ZSK_bits: 512
ZSK_randfile: "/dev/urandom"
SaltBits: 24
# dnssec-signer options
LogFile: ""
LogLevel: ERROR
SyslogFacility: NONE
SyslogLevel: NOTICE
VerboseLog: 0
Keyfile: "dnskey.db"
Zonefile: "zone.db"
DLV_Domain: ""
Sig_Pseudorand: False
Sig_GenerateDS: True
Sig_Parameter: ""
;% generationtime=20100221184315
;% lifetime=14d
dyn.example.net. IN DNSKEY 256 3 7 AwEAAfqG0rb9Ear+Pv7xBg9lc9czF+2YUa8Ris63E/oRRGQEH5U/ZS3A xz3aOhPFKzAAhjfaG3vTNW3Wl4bl4ITFZrk=
Private-key-format: v1.2
Algorithm: 7 (NSEC3RSASHA1)
Modulus: +obStv0Rqv4+/vEGD2Vz1zMX7ZhRrxGKzrcT+hFEZAQflT9lLcDHPdo6E8UrMACGN9obe9M1bdaXhuXghMVmuQ==
PublicExponent: AQAB
PrivateExponent: 4osOepin5GdakfFkGIIWWZCDX7/whY4oZjtZnjUFEiZ6YGdQV8FwihgQ9ZdQwTY2QgaCiI/7l0yFE3X2YOk5HQ==
Prime1: /eFIXmTu+XNTuXVfHYcXJTFc4UaThJszaKPmg/xm3ts=
Prime2: /J5fOUcGkFGv4prHDAmige180r7zaYznUicuDvNwkvs=
Exponent1: Alf7EAwEfL8IzdR8jUw69XfwMJAzOm0oW1XwAdXpqTM=
Exponent2: FBUbCNimou57hw466LATZTTWCYL4otl6wkMvHC0qM+U=
Coefficient: Q9eSjjf/S3Is3mcOn2RsloJKVzLuHiv54HaF7mwkbU4=
;% generationtime=20100221184315
;% lifetime=60d
dyn.example.net. IN DNSKEY 257 3 7 AwEAAeqEDYgA5lns1VsMJiZfTWMEguameVmOoBYx8s1uLzmS/3APsh1e WCeoBgAjRry1tpM/bPowyuygE4H0LpzNQLm9RbjDmpDN8Gwi3AjEnG4H CT58TuAVxjiefN+vb1pvyFlAL58YOkuGf9tG/NJMNc+XrULAU1ey2dT9 Fh+SCVO3
Private-key-format: v1.2
Algorithm: 7 (NSEC3RSASHA1)
Modulus: 6oQNiADmWezVWwwmJl9NYwSC5qZ5WY6gFjHyzW4vOZL/cA+yHV5YJ6gGACNGvLW2kz9s+jDK7KATgfQunM1Aub1FuMOakM3wbCLcCMScbgcJPnxO4BXGOJ58369vWm/IWUAvnxg6S4Z/20b80kw1z5etQsBTV7LZ1P0WH5IJU7c=
PublicExponent: AQAB
PrivateExponent: F5/Z5RuCGQj8rUFaDn+HQjRQI4AdtWHiypmZhgxVgY1HYjiSjtbUNpp8kEL9e0Eq9UZsaf/EUXYGwQ6iK3WZ0WrVP72bkjcWQAB2THYIxP7DwmL4JcsbJ7uiMYeLrvUddoLwS3nKIFpc010iHA0y4hE/k/ny4zOyDCEhVr3WvQE=
Prime1: /R+fSD2bb3N6UoapSNFXYRFyBpHWtcv/AZqsJx60/4UTGOCWNj52kcGsI/ROz/Pwbdicxi8CQqjX0f4QjSCAdw==
Prime2: 7S5MPtJNSa+fHZBavW6vDnqpiHxAO7lIAcgtGxMM3L3553OzarlJV88Z452tn4HhfCCaIUW20j8cOJvTLkPWwQ==
Exponent1: 9v56YPWszM40GH9KhMGxsAhj6cE5cGBEz33saqfuGj/yaJ4ONZQyAvynStZEaWsxux5ZrJGGdSFop4JxCCUk9Q==
Exponent2: W8dembCnV6wt1jLV6he6hc/Rao8qC/JWetoLGj706zZYTcfn1ZR9XQ02521MkjygFHhJLDbd192z/fPOdEisAQ==
Coefficient: +W6uvg4HkWaKi6OCpCz/0fRQwaRtPSbpKJ2Anam4PAy+B6cgM3Yo48OB7o+WoexlgySsNL0ui5p4BvJWvtca7w==
;
; !!! Don't edit this file by hand.
; !!! It will be generated by zkt-signer.
;
; Last generation time Mar 02 2010 10:59:46
;
; *** List of Key Signing Keys ***
; dyn.example.net. tag=52935 algo=NSEC3RSASHA1 generated Feb 21 2010 19:43:15
dyn.example.net. 3600 IN DNSKEY 257 3 7 (
AwEAAeqEDYgA5lns1VsMJiZfTWMEguameVmOoBYx8s1uLzmS/3APsh1e
WCeoBgAjRry1tpM/bPowyuygE4H0LpzNQLm9RbjDmpDN8Gwi3AjEnG4H
CT58TuAVxjiefN+vb1pvyFlAL58YOkuGf9tG/NJMNc+XrULAU1ey2dT9
Fh+SCVO3
) ; key id = 52935
; *** List of Zone Signing Keys ***
; dyn.example.net. tag=30323 algo=NSEC3RSASHA1 generated Feb 21 2010 19:43:15
dyn.example.net. 3600 IN DNSKEY 256 3 7 (
AwEAAfqG0rb9Ear+Pv7xBg9lc9czF+2YUa8Ris63E/oRRGQEH5U/ZS3A
xz3aOhPFKzAAhjfaG3vTNW3Wl4bl4ITFZrk=
) ; key id = 30323
2010-02-21 19:43:15.018: debug: Check RFC5011 status
2010-02-21 19:43:15.018: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-21 19:43:15.018: debug: Check KSK status
2010-02-21 19:43:15.018: debug: No active KSK found: generate new one
2010-02-21 19:43:15.330: info: "dyn.example.net.": generated new KSK 52935
2010-02-21 19:43:15.330: debug: Check ZSK status
2010-02-21 19:43:15.330: debug: No active ZSK found: generate new one
2010-02-21 19:43:15.368: info: "dyn.example.net.": generated new ZSK 30323
2010-02-21 19:43:15.368: debug: Re-signing necessary: Modfied zone key set
2010-02-21 19:43:15.368: notice: "dyn.example.net.": re-signing triggered: Modfied zone key set
2010-02-21 19:43:15.368: debug: Writing key file "./dyn.example.net/dnskey.db"
2010-02-21 19:43:15.368: debug: Signing zone "dyn.example.net."
2010-02-21 19:43:15.368: notice: "dyn.example.net.": freeze dynamic zone
2010-02-21 19:43:15.368: debug: freeze dynamic zone "dyn.example.net."
2010-02-21 19:43:15.368: debug: Run cmd "/usr/local/sbin/rndc freeze dyn.example.net."
2010-02-21 19:43:15.374: debug: Dynamic Zone signing: copy old signed zone file ./dyn.example.net/zone.db.dsigned to new input file ./dyn.example.net/zone.db
2010-02-21 19:43:15.374: debug: Run cmd "cd ./dyn.example.net; /usr/local/sbin/dnssec-signzone -n 1 -3 76931F -C -g -p -d ../keysets -o dyn.example.net. -e +518400 -N increment -f zone.db.dsigned zone.db K*.private 2>&1"
2010-02-21 19:43:15.382: debug: Cmd dnssec-signzone return: "dnssec-signzone: fatal: Zone contains NSEC records. Use -u to update to NSEC3."
2010-02-21 19:43:15.382: error: "dyn.example.net.": signing failed!
2010-02-21 19:43:15.382: notice: "dyn.example.net.": thaw dynamic zone
2010-02-21 19:43:15.382: debug: thaw dynamic zone "dyn.example.net."
2010-02-21 19:43:15.382: debug: Run cmd "/usr/local/sbin/rndc thaw dyn.example.net."
2010-02-21 19:45:36.415: debug: Check RFC5011 status
2010-02-21 19:45:36.416: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-21 19:45:36.416: debug: Check KSK status
2010-02-21 19:45:36.416: debug: Check ZSK status
2010-02-21 19:45:36.416: debug: Re-signing not necessary!
2010-02-21 19:45:36.416: debug: Check if there is a parent file to copy
2010-02-21 19:45:41.448: debug: Check RFC5011 status
2010-02-21 19:45:41.448: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-21 19:45:41.448: debug: Check KSK status
2010-02-21 19:45:41.448: debug: Check ZSK status
2010-02-21 19:45:41.448: debug: Re-signing necessary: Option -f
2010-02-21 19:45:41.448: notice: "dyn.example.net.": re-signing triggered: Option -f
2010-02-21 19:45:41.448: debug: Writing key file "./dyn.example.net/dnskey.db"
2010-02-21 19:45:41.448: debug: Signing zone "dyn.example.net."
2010-02-21 19:45:41.448: notice: "dyn.example.net.": freeze dynamic zone
2010-02-21 19:45:41.448: debug: freeze dynamic zone "dyn.example.net."
2010-02-21 19:45:41.448: debug: Run cmd "/usr/local/sbin/rndc freeze dyn.example.net."
2010-02-21 19:45:41.457: debug: Dynamic Zone signing: copy old signed zone file ./dyn.example.net/zone.db.dsigned to new input file ./dyn.example.net/zone.db
2010-02-21 19:45:41.458: debug: Run cmd "cd ./dyn.example.net; /usr/local/sbin/dnssec-signzone -n 1 -3 76931F -C -g -p -d ../keysets -o dyn.example.net. -e +518400 -N increment -f zone.db.dsigned zone.db K*.private 2>&1"
2010-02-21 19:45:41.473: debug: Cmd dnssec-signzone return: "dnssec-signzone: fatal: NSEC3 generation requested with NSEC only DNSKEY"
2010-02-21 19:45:41.473: error: "dyn.example.net.": signing failed!
2010-02-21 19:45:41.473: notice: "dyn.example.net.": thaw dynamic zone
2010-02-21 19:45:41.473: debug: thaw dynamic zone "dyn.example.net."
2010-02-21 19:45:41.473: debug: Run cmd "/usr/local/sbin/rndc thaw dyn.example.net."
2010-02-21 19:47:06.899: debug: Check RFC5011 status
2010-02-21 19:47:06.899: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-21 19:47:06.899: debug: Check KSK status
2010-02-21 19:47:06.899: debug: Check ZSK status
2010-02-21 19:47:06.899: debug: Re-signing necessary: Option -f
2010-02-21 19:47:06.899: notice: "dyn.example.net.": re-signing triggered: Option -f
2010-02-21 19:47:06.899: debug: Writing key file "./dyn.example.net/dnskey.db"
2010-02-21 19:47:06.900: debug: Signing zone "dyn.example.net."
2010-02-21 19:47:06.900: notice: "dyn.example.net.": freeze dynamic zone
2010-02-21 19:47:06.900: debug: freeze dynamic zone "dyn.example.net."
2010-02-21 19:47:06.900: debug: Run cmd "/usr/local/sbin/rndc freeze dyn.example.net."
2010-02-21 19:47:06.910: debug: Dynamic Zone signing: copy old signed zone file ./dyn.example.net/zone.db.dsigned to new input file ./dyn.example.net/zone.db
2010-02-21 19:47:06.910: debug: Run cmd "cd ./dyn.example.net; /usr/local/sbin/dnssec-signzone -n 1 -3 76931F -C -g -p -d ../keysets -o dyn.example.net. -e +518400 -N increment -f zone.db.dsigned zone.db K*.private 2>&1"
2010-02-21 19:47:06.926: debug: Cmd dnssec-signzone return: "dnssec-signzone: fatal: NSEC3 iterations too big for weakest DNSKEY strength. Maximum iterations allowed 0."
2010-02-21 19:47:06.926: error: "dyn.example.net.": signing failed!
2010-02-21 19:47:06.926: notice: "dyn.example.net.": thaw dynamic zone
2010-02-21 19:47:06.926: debug: thaw dynamic zone "dyn.example.net."
2010-02-21 19:47:06.926: debug: Run cmd "/usr/local/sbin/rndc thaw dyn.example.net."
2010-02-21 19:58:40.972: debug: Check RFC5011 status
2010-02-21 19:58:40.972: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-21 19:58:40.972: debug: Check KSK status
2010-02-21 19:58:40.972: debug: Check ZSK status
2010-02-21 19:58:40.973: debug: Re-signing necessary: Option -f
2010-02-21 19:58:40.973: notice: "dyn.example.net.": re-signing triggered: Option -f
2010-02-21 19:58:40.973: debug: Writing key file "./dyn.example.net/dnskey.db"
2010-02-21 19:58:40.973: debug: Signing zone "dyn.example.net."
2010-02-21 19:58:40.973: notice: "dyn.example.net.": freeze dynamic zone
2010-02-21 19:58:40.973: debug: freeze dynamic zone "dyn.example.net."
2010-02-21 19:58:40.973: debug: Run cmd "/usr/local/sbin/rndc freeze dyn.example.net."
2010-02-21 19:58:40.982: debug: Dynamic Zone signing: zone file manually edited: Use it as new input file
2010-02-21 19:58:40.982: debug: Dynamic Zone signing: copy old signed zone file ./dyn.example.net/zone.db.dsigned to new input file ./dyn.example.net/zone.db
2010-02-21 19:58:40.983: debug: Run cmd "cd ./dyn.example.net; /usr/local/sbin/dnssec-signzone -n 1 -3 76931F -C -g -p -d ../keysets -o dyn.example.net. -e +518400 -N increment -f zone.db.dsigned zone.db K*.private 2>&1"
2010-02-21 19:58:40.999: debug: Cmd dnssec-signzone return: "dnssec-signzone: fatal: NSEC3 iterations too big for weakest DNSKEY strength. Maximum iterations allowed 0."
2010-02-21 19:58:40.999: error: "dyn.example.net.": signing failed!
2010-02-21 19:58:40.999: notice: "dyn.example.net.": thaw dynamic zone
2010-02-21 19:58:40.999: debug: thaw dynamic zone "dyn.example.net."
2010-02-21 19:58:40.999: debug: Run cmd "/usr/local/sbin/rndc thaw dyn.example.net."
2010-02-21 20:00:48.833: debug: Check RFC5011 status
2010-02-21 20:00:48.833: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-21 20:00:48.833: debug: Check KSK status
2010-02-21 20:00:48.833: debug: Check ZSK status
2010-02-21 20:00:48.833: debug: Re-signing necessary: Option -f
2010-02-21 20:00:48.833: notice: "dyn.example.net.": re-signing triggered: Option -f
2010-02-21 20:00:48.833: debug: Writing key file "./dyn.example.net/dnskey.db"
2010-02-21 20:00:48.834: debug: Signing zone "dyn.example.net."
2010-02-21 20:00:48.834: notice: "dyn.example.net.": freeze dynamic zone
2010-02-21 20:00:48.834: debug: freeze dynamic zone "dyn.example.net."
2010-02-21 20:00:48.834: debug: Run cmd "/usr/local/sbin/rndc freeze dyn.example.net."
2010-02-21 20:00:48.844: debug: Dynamic Zone signing: copy old signed zone file ./dyn.example.net/zone.db.dsigned to new input file ./dyn.example.net/zone.db
2010-02-21 20:00:48.844: debug: Run cmd "cd ./dyn.example.net; /usr/local/sbin/dnssec-signzone -n 1 -3 76931F -C -g -p -d ../keysets -o dyn.example.net. -e +518400 -N increment -f zone.db.dsigned zone.db K*.private 2>&1"
2010-02-21 20:00:48.878: debug: Cmd dnssec-signzone return: "zone.db.dsigned"
2010-02-21 20:00:48.878: notice: "dyn.example.net.": thaw dynamic zone
2010-02-21 20:00:48.878: debug: thaw dynamic zone "dyn.example.net."
2010-02-21 20:00:48.878: debug: Run cmd "/usr/local/sbin/rndc thaw dyn.example.net."
2010-02-21 20:00:48.884: debug: Signing completed after 0s.
2010-02-21 20:01:11.175: debug: Check RFC5011 status
2010-02-21 20:01:11.175: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-21 20:01:11.175: debug: Check KSK status
2010-02-21 20:01:11.175: debug: Check ZSK status
2010-02-21 20:01:11.176: debug: Re-signing necessary: Option -f
2010-02-21 20:01:11.176: notice: "dyn.example.net.": re-signing triggered: Option -f
2010-02-21 20:01:11.176: debug: Writing key file "./dyn.example.net/dnskey.db"
2010-02-21 20:01:11.176: debug: Signing zone "dyn.example.net."
2010-02-21 20:01:11.176: notice: "dyn.example.net.": freeze dynamic zone
2010-02-21 20:01:11.176: debug: freeze dynamic zone "dyn.example.net."
2010-02-21 20:01:11.176: debug: Run cmd "/usr/local/sbin/rndc freeze dyn.example.net."
2010-02-21 20:01:11.181: debug: Dynamic Zone signing: copy old signed zone file ./dyn.example.net/zone.db.dsigned to new input file ./dyn.example.net/zone.db
2010-02-21 20:01:11.181: debug: Run cmd "cd ./dyn.example.net; /usr/local/sbin/dnssec-signzone -n 1 -3 76931F -C -g -p -d ../keysets -o dyn.example.net. -e +518400 -N increment -f zone.db.dsigned zone.db K*.private 2>&1"
2010-02-21 20:01:11.202: debug: Cmd dnssec-signzone return: "zone.db.dsigned"
2010-02-21 20:01:11.202: notice: "dyn.example.net.": thaw dynamic zone
2010-02-21 20:01:11.203: debug: thaw dynamic zone "dyn.example.net."
2010-02-21 20:01:11.203: debug: Run cmd "/usr/local/sbin/rndc thaw dyn.example.net."
2010-02-21 20:01:11.208: debug: Signing completed after 0s.
2010-02-21 20:01:17.175: debug: Check RFC5011 status
2010-02-21 20:01:17.175: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-21 20:01:17.175: debug: Check KSK status
2010-02-21 20:01:17.175: debug: Check ZSK status
2010-02-21 20:01:17.176: debug: Re-signing not necessary!
2010-02-21 20:01:17.176: debug: Check if there is a parent file to copy
2010-02-25 23:42:29.326: debug: Check RFC5011 status
2010-02-25 23:42:29.326: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-02-25 23:42:29.326: debug: Check KSK status
2010-02-25 23:42:29.326: debug: Check ZSK status
2010-02-25 23:42:29.326: debug: Re-signing necessary: re-signing interval (2d) reached
2010-02-25 23:42:29.326: notice: "dyn.example.net.": re-signing triggered: re-signing interval (2d) reached
2010-02-25 23:42:29.326: debug: Writing key file "./dyn.example.net/dnskey.db"
2010-02-25 23:42:29.327: debug: Signing zone "dyn.example.net."
2010-02-25 23:42:29.327: notice: "dyn.example.net.": freeze dynamic zone
2010-02-25 23:42:29.327: debug: freeze dynamic zone "dyn.example.net."
2010-02-25 23:42:29.327: debug: Run cmd "/usr/local/sbin/rndc freeze dyn.example.net."
2010-02-25 23:42:29.388: debug: Dynamic Zone signing: copy old signed zone file ./dyn.example.net/zone.db.dsigned to new input file ./dyn.example.net/zone.db
2010-02-25 23:42:29.425: debug: Run cmd "cd ./dyn.example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -3 76931F -C -g -p -d ../keysets -o dyn.example.net. -e +518400 -N increment -f zone.db.dsigned zone.db K*.private 2>&1"
2010-02-25 23:42:29.471: debug: Cmd dnssec-signzone return: "zone.db.dsigned"
2010-02-25 23:42:29.471: notice: "dyn.example.net.": thaw dynamic zone
2010-02-25 23:42:29.471: debug: thaw dynamic zone "dyn.example.net."
2010-02-25 23:42:29.471: debug: Run cmd "/usr/local/sbin/rndc thaw dyn.example.net."
2010-02-25 23:42:29.486: debug: Signing completed after 0s.
2010-03-02 10:59:46.770: debug: Check RFC5011 status
2010-03-02 10:59:46.770: debug: ->not a rfc5011 zone, looking for a regular ksk rollover
2010-03-02 10:59:46.770: debug: Check KSK status
2010-03-02 10:59:46.770: debug: Check ZSK status
2010-03-02 10:59:46.770: debug: Re-signing necessary: re-signing interval (2d) reached
2010-03-02 10:59:46.770: notice: "dyn.example.net.": re-signing triggered: re-signing interval (2d) reached
2010-03-02 10:59:46.770: debug: Writing key file "./dyn.example.net/dnskey.db"
2010-03-02 10:59:46.770: debug: Signing zone "dyn.example.net."
2010-03-02 10:59:46.770: notice: "dyn.example.net.": freeze dynamic zone
2010-03-02 10:59:46.770: debug: freeze dynamic zone "dyn.example.net."
2010-03-02 10:59:46.770: debug: Run cmd "/usr/local/sbin/rndc freeze dyn.example.net."
2010-03-02 10:59:46.852: debug: Dynamic Zone signing: copy old signed zone file ./dyn.example.net/zone.db.dsigned to new input file ./dyn.example.net/zone.db
2010-03-02 10:59:46.875: debug: Run cmd "cd ./dyn.example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -3 76931F -C -g -p -d ../keysets -o dyn.example.net. -e +518400 -N increment -f zone.db.dsigned zone.db K*.private 2>&1"
2010-03-02 10:59:46.950: debug: Cmd dnssec-signzone return: "zone.db.dsigned"
2010-03-02 10:59:46.950: notice: "dyn.example.net.": thaw dynamic zone
2010-03-02 10:59:46.950: debug: thaw dynamic zone "dyn.example.net."
2010-03-02 10:59:46.950: debug: Run cmd "/usr/local/sbin/rndc thaw dyn.example.net."
2010-03-02 10:59:46.964: debug: Signing completed after 0s.
;% generationtime=20110125190230
;% lifetime=63d
example.net. IN DNSKEY 256 3 8 BQEAAAAB7desjYpHAzsGmTzPFFuG4KGIG7ne8tII7DIMRIFaxuSYbQz0 kwC61utqnqzcgCXJQiKJxpKBt/Ikaf2K4JW0gQ==
Private-key-format: v1.2
Algorithm: 8 (RSASHA256)
Modulus: 7desjYpHAzsGmTzPFFuG4KGIG7ne8tII7DIMRIFaxuSYbQz0kwC61utqnqzcgCXJQiKJxpKBt/Ikaf2K4JW0gQ==
PublicExponent: AQAAAAE=
PrivateExponent: IVO4lg5Ev/f/GpSRfYuXmUMH3qrv5Cr+ZAMqT+xGNJdyvlMAVV0ZDZehj/ar8brkm+sdrJ3LepVTEz0vLXPCgQ==
Prime1: /Ru1X3jzyO19+aLhf/Hsu0WOdjn0MAWzKx0KwWPkxcs=
Prime2: 8I9Q89DvF0qZqkF9kVzZ4B1LYdHz3uhKaxD40vu4xWM=
Exponent1: fSAVRShndbuiQZtsVHyekvPH4Xjl1dJ3hF03O4InOAc=
Exponent2: JJDvU+0J0KXaBArxDjoblXTKWVC3kGnLR+2AEpxei7k=
Coefficient: RviZPpnVpS30oBPH1freoUgcXJ4bKnivP41BUxcVh4U=
;% generationtime=20110125091121
;% lifetime=84d
example.net. IN DNSKEY 256 3 8 BQEAAAABvX6JNSNXHzrqpKi2REOwcsAuGjWI1VCJlz1NzV/pIt9PqGnJ DqtlV3vxuy7fAu85Z5Syaikiyx/z2uT4VMCvxw==
Private-key-format: v1.2
Algorithm: 8 (RSASHA256)
Modulus: vX6JNSNXHzrqpKi2REOwcsAuGjWI1VCJlz1NzV/pIt9PqGnJDqtlV3vxuy7fAu85Z5Syaikiyx/z2uT4VMCvxw==
PublicExponent: AQAAAAE=
PrivateExponent: a77DD9J85SYlVi2lIKdzfHFkqtTFvQjTiLih+sx3lnhefQ5N20ABJVpTMwMOoA5tiDanSmKkk7O+GJXvI6E+KQ==
Prime1: 7S87u5BoQFYbGZzGaBPAqznZt7X1g2J/qop4W9rziy0=
Prime2: zIbOBuf2onI1ThmHXGPQEdQoFoJx3GqTkYjzUQQOL0M=
Exponent1: YfyQEtL2twRiwb8RIlKR3OE/rhnfqZYr9dwgRa0qjAU=
Exponent2: x73r1pDdvUShLs8hvmY0soX6a2Dcbokdf1D82/iCDU8=
Coefficient: 1r/5mih7lqQx4ZIEcr8TmQWMscwDGk3eERsFuSYGt0c=
;% generationtime=20100924112635
;% lifetime=365d
example.net. IN DNSKEY 257 3 8 BQEAAAABC6qZRCQRp2qnmxvWal1kergOJ1xQ5wGD+HZFLEvsvD8sU0i1 BGJoeDK5N/07S7s0aYVdIViQ1/CmpqBgahnlOKAoMO3eYnTuFRE7HqJK 1CSN2+nvN1m+miz+vfSPSOLeP2u8GAwIJmq/gb78AWStvW6HAXrDfaiq vqb4MDZCvplachhyHfngVLFYI22tyivUmzN/pRBePYGQ1nVsK1cPYDPp 4Q==
Private-key-format: v1.2
Algorithm: 8 (RSASHA256)
Modulus: C6qZRCQRp2qnmxvWal1kergOJ1xQ5wGD+HZFLEvsvD8sU0i1BGJoeDK5N/07S7s0aYVdIViQ1/CmpqBgahnlOKAoMO3eYnTuFRE7HqJK1CSN2+nvN1m+miz+vfSPSOLeP2u8GAwIJmq/gb78AWStvW6HAXrDfaiqvqb4MDZCvplachhyHfngVLFYI22tyivUmzN/pRBePYGQ1nVsK1cPYDPp4Q==
PublicExponent: AQAAAAE=
PrivateExponent: A3MjVh+KkQuwpnsGnr/xPRs8PfwUIDu7NYQVKpQAttLnZPOEXsjPniy3QuBpIMnnBCbxYaOV0ctiYQOx6vU8qprrSD8OfXXI8OhBNgExvw/Bsfki3MQINAHX0wY9juuIoMLKdqcMpsUC6ILE4FSkcc+jVFbTrDqjQgDDykkpABrlG1SUz51hLOZMAz2vu8QE8m57LaPUPpRhNPf4J2dDfkX/KQ==
Prime1: A3lFNBrVdcJBUq0ekPjtEZ0xCOTgSgUHAB+KJkdpiB0tV0jYf1Yaj7Kr98pKIM8jaZOhQnEKhAD947h4XG6IuxgraCNWonOyt5Yo9WjXFHzK0w==
Prime2: A1vFf9Tp7MxblYWLsFUsMZxXVRxPpeoGtwmNm24k5bUPpH6/B7Yd8DcE6O3cYyHcShq8sZcuOuPhNkGwgg7IMRABXcLyCXqoEKvy0nhnbKCf+w==
Exponent1: AQKRURkK7K15jiVVpw4nhd7Qtck1GkZon10UCQ5p2iE+weL+qhzi5L9u5mXLVaeGffwGkMkU6wvj5KSAuEiJr08+AxWfLy3Tf1fbiaiimPGDNQ==
Exponent2: AfnXuwDet4BuUGa8EHswqADRk0XeWtxztKQ48YOh5Q5/3rauIIMm+6ERfu0gWfnkYaRNamKSXMDVC5PUQHT33u0gGnopMipao6xICXGxbrGhCQ==
Coefficient: AYM1htjFUUAPKrVoajGJF+wLlQHBR3vrylKNpT5IFqr6Qczw54kfhx9n/18vIvtGIpj07xSEIfgBf+itZIRxPOwphkwaJXmHZKpYHpEvdqiyjA==
Private-key-format: v1.2
Algorithm: 8 (RSASHA256)
Modulus: 2IOedrEUxH0Mxn3f24ZP9b5r+SHcFyFZ2vXNIqmuILVO40MrW+R4H0UsQURAfKTFZeka2EsC7CEIyuEgkloDBQ==
PublicExponent: AQAAAAE=
PrivateExponent: FzC3Jdpl35o/UUyvZ/7sc8BRpfDuIgMnHA1a9WwxZz20Tqki3snE/Nz4ePNNv/5LGrzFlOnPtEd1GT2biUKzVQ==
Prime1: /4YvvO0nbMJxZ4dHbYKl2pGe0hSgEUYnTNnuVbSEKrM=
Prime2: 2OrV7XGOYCMXr/WIrD0NCBnqU1tsizPQNMIjwXuuV2c=
Exponent1: 63ub+oH78z6TercHscYOS7HpYttDzC1YV3oupGyRNDs=
Exponent2: A4HpxW8K6ivUb2RbKDBaze8ivr5u41hJPsbn4FQzB3E=
Coefficient: Lz1Gg/PtC9HOrhFORXlzzkzb+5PeFIGq43mtGx7oAUo=
;% generationtime=20100924112635
;% lifetime=84d
example.net. IN DNSKEY 256 3 8 BQEAAAAB2IOedrEUxH0Mxn3f24ZP9b5r+SHcFyFZ2vXNIqmuILVO40Mr W+R4H0UsQURAfKTFZeka2EsC7CEIyuEgkloDBQ==
;
; !!! Don't edit this file by hand.
; !!! It will be generated by zkt-signer.
;
; Last generation time Jan 25 2011 20:02:30
;
; *** List of Key Signing Keys ***
; example.net. tag=52101 algo=RSASHA256 generated Sep 24 2010 13:26:35
example.net. 14400 IN DNSKEY 257 3 8 (
BQEAAAABC6qZRCQRp2qnmxvWal1kergOJ1xQ5wGD+HZFLEvsvD8sU0i1
BGJoeDK5N/07S7s0aYVdIViQ1/CmpqBgahnlOKAoMO3eYnTuFRE7HqJK
1CSN2+nvN1m+miz+vfSPSOLeP2u8GAwIJmq/gb78AWStvW6HAXrDfaiq
vqb4MDZCvplachhyHfngVLFYI22tyivUmzN/pRBePYGQ1nVsK1cPYDPp
4Q==
) ; key id = 52101
; *** List of Zone Signing Keys ***
; example.net. tag=21605 algo=RSASHA256 generated Jan 25 2011 19:39:25
example.net. 14400 IN DNSKEY 256 3 8 (
BQEAAAABvX6JNSNXHzrqpKi2REOwcsAuGjWI1VCJlz1NzV/pIt9PqGnJ
DqtlV3vxuy7fAu85Z5Syaikiyx/z2uT4VMCvxw==
) ; key id = 21605
; example.net. tag=56360 algo=RSASHA256 generated Jan 25 2011 19:39:25
example.net. 14400 IN DNSKEY 256 3 8 (
BQEAAAAB2IOedrEUxH0Mxn3f24ZP9b5r+SHcFyFZ2vXNIqmuILVO40Mr
W+R4H0UsQURAfKTFZeka2EsC7CEIyuEgkloDBQ==
) ; key id = 56360
; example.net. tag=2957 algo=RSASHA256 generated Jan 25 2011 20:02:30
example.net. 14400 IN DNSKEY 256 3 8 (
BQEAAAAB7desjYpHAzsGmTzPFFuG4KGIG7ne8tII7DIMRIFaxuSYbQz0
kwC61utqnqzcgCXJQiKJxpKBt/Ikaf2K4JW0gQ==
) ; key id = 2957
;-----------------------------------------------------------------
;
; @(#) example.net/zone.db
;
;-----------------------------------------------------------------
$TTL 7200
@ IN SOA ns1.example.net. hostmaster.example.net. (
353 ; Serial
43200 ; Refresh
1800 ; Retry
2W ; Expire
7200 ) ; Minimum
IN NS ns1.example.net.
ns1 IN A 1.0.0.5
example.net. 3600 IN DNSKEY 257 3 5 (
BQEAAAABCwxfQLjMaLsvSPFYMFyi/Z5l6f/y1fNROZtCrUSAFca8c4Dc
+MK9phlqEtBihnMSBjFsuhyq1w++ubzZF3rVduVXP+loeEW5cGXneM4n
m52unLpZfQu0B0h/zwDLrfmedyqqZYb7grXDqFwT0EnI4cL/Ybr40H7u
SUyVyLM3c5a8V5RDA2t1PImy7UURv6qusCsRslw+mM5jG0S7Il5cqhug
aQ==
) ; key id = 33840
example.net. 3600 IN DNSKEY 256 3 5 (
BQEAAAABzN3RkyF1Kvf3Go97BN7rNERR86F0nxfyHfXpMdwtqrMFSrkd
IboUDtNZBsw+LJmadHRQZDfu79tEz8MUid7aOw==
) ; key id = 48089
_domainkey IN NS ns1.example.net.
; File written on Thu Oct 21 14:01:35 2010
; dnssec_signzone version 9.7.2-P2
example.net. 7200 IN SOA ns1.example.net. hostmaster.example.net. (
384 ; serial
43200 ; refresh (12 hours)
1800 ; retry (30 minutes)
1209600 ; expire (2 weeks)
7200 ; minimum (2 hours)
)
7200 RRSIG SOA 8 2 7200 20101027110135 (
20101021110135 56360 example.net.
f+HC41CGvNmlXSvPzzMbtVreNYKWyBhvbeb+
NUSvbBfuSlVt6VbyPUBYSe5Vg1QJO3YKu0ZR
Pw5Y9TNCaWqZCA== )
7200 NS ns1.example.net.
7200 NS ns2.example.net.
7200 RRSIG NS 8 2 7200 20101027110135 (
20101021110135 56360 example.net.
aQpW5SQJ8Yx7++QWtRWMDoV+3OPjgTRC0PQC
zns3MTbpk2wIlhE7hqty+b+1EktEoMzmx73u
5Fu0OPKO+2PS5w== )
3600 DNSKEY 256 3 8 (
BQEAAAAB2IOedrEUxH0Mxn3f24ZP9b5r+SHc
FyFZ2vXNIqmuILVO40MrW+R4H0UsQURAfKTF
Zeka2EsC7CEIyuEgkloDBQ==
) ; key id = 56360
3600 DNSKEY 257 3 8 (
BQEAAAABC6qZRCQRp2qnmxvWal1kergOJ1xQ
5wGD+HZFLEvsvD8sU0i1BGJoeDK5N/07S7s0
aYVdIViQ1/CmpqBgahnlOKAoMO3eYnTuFRE7
HqJK1CSN2+nvN1m+miz+vfSPSOLeP2u8GAwI
Jmq/gb78AWStvW6HAXrDfaiqvqb4MDZCvpla
chhyHfngVLFYI22tyivUmzN/pRBePYGQ1nVs
K1cPYDPp4Q==
) ; key id = 52101
3600 RRSIG DNSKEY 8 2 3600 20101027110135 (
20101021110135 52101 example.net.
BlWP6PoxZFRZoLav7/+yPEgNIss17oxEJZtB
rVSiVb0BfwhL96KJ1uIOhK9r1+Tj8w3Ed7Oi
pocSTkZueV3OxFkBgSQAgc1JeUQTOVKYe80L
UFjl7UzV0eITIV1DE/QqWTBBblxjXF3Egy6O
6/9IrD65LWOGnLFFOSUZQ9IU8jFX/zqq5FWQ
Sta2/tQkzhq5F42qw3dRBNsoUC1bQ38UsYSk
SQ== )
3600 RRSIG DNSKEY 8 2 3600 20101027110135 (
20101021110135 56360 example.net.
VXJh+xZt8/5Eeo8oQyI89nXGJ0bWeBN25kpw
asam+qpoKsH6g8qJRyL3mEwIFOaud2mlQx9y
cdv42Vf3kfY71w== )
0 NSEC3PARAM 1 0 10 9FC981
0 RRSIG NSEC3PARAM 8 2 0 20101027110135 (
20101021110135 56360 example.net.
Fr4DrVORiEYUVCBmlRzjcEaKQ2VymMiMeJfd
gSWJzTzXbcuBbXDCfBRdph96Nz1xFvdOWvFn
xXxVOXW996AfEw== )
a.example.net. 7200 IN A 1.2.3.1
7200 RRSIG A 8 3 7200 20101027110135 (
20101021110135 56360 example.net.
ZAuaFsvYdV1i4EqIgQoSzpkhMFJpJOOPIG9h
RXTT+LAUSFjOrFx2ovSgnySSiUV/LOsIV7bj
08ZkIzSPYKi4Ow== )
b.example.net. 7200 IN MX 10 a.example.net.
7200 RRSIG MX 8 3 7200 20101027110135 (
20101021110135 56360 example.net.
SEIMAVtIT/2TGxkS2NFMRQfrUROKO1pbxYcS
FHImCGhWILb1E7qQ0saLi9QTMftCwRmYtJ4w
aDwAukjuLXOAnA== )
d.example.net. 7200 IN A 1.2.3.3
7200 RRSIG A 8 3 7200 20101027110135 (
20101021110135 56360 example.net.
1URwzkjdIhBCBtBWV9aUhJQ3yFwqwgscvcVN
9dvNqH5g7xLz+maqdeva065z0AkO5Et/9809
tm/0X2g0wQcoMQ== )
7200 AAAA 2001:db8::3
7200 RRSIG AAAA 8 3 7200 20101027110135 (
20101021110135 56360 example.net.
fIUOcVYR9Ut+iWzE+R3N01bzLJ0gpSI1E0y0
cqEGpaU8mbgwnm4tAh57GKs8XZBbLEOH2zO8
5WTEjWHpKjqx3Q== )
localhost.example.net. 7200 IN A 127.0.0.1
7200 RRSIG A 8 3 7200 20101027110135 (
20101021110135 56360 example.net.
iIfD1pCP+uHs1RarezGlZZhoyQ6R+3K3s6ba
xZZ5JCremDhFYPeMinRMjZSPos2QyEM1aHI8
2gXlxcb/y4+XRA== )
ns1.example.net. 7200 IN A 1.0.0.5
7200 RRSIG A 8 3 7200 20101027110135 (
20101021110135 56360 example.net.
xBwgaFNo7+s4n4KnyZPR+1CESNVvXwUZHroC
dkEcLo8EF7+rbzFdDooJvD8wzlpy2nhwjLOL
ZxIfgZfNgkVXBw== )
7200 AAAA 2001:db8::53
7200 RRSIG AAAA 8 3 7200 20101027110135 (
20101021110135 56360 example.net.
uSuzZH2J+pwcP1PKKgrdJrwyvh1kpWBsprgd
9h59q9HYKR56LPx/3iuW7oCAO5fBFTp9pvcK
BI6f+4cs1Qpp6g== )
ns2.example.net. 7200 IN A 1.2.0.6
7200 RRSIG A 8 3 7200 20101027110135 (
20101021110135 56360 example.net.
N+U/A0VJU9HWwk1j0CJtUN7Nw9g0A3oNeKP1
7YJ1p0H6QvgRHDe9w8oX3iCg+IEBS9oLdTer
DXsbWVlZNXjTSw== )
sub.example.net. 7200 IN NS ns1.example.net.
7200 DS 855 7 1 (
338E1808511D3E533F1C6B1DF27E0AABA8CC
6FE8 )
7200 DS 855 7 2 (
C07C1F2004ED12D40EEC82E4358BD8D2EDC1
99C8E6126DD293A8E402E591C98A )
7200 DS 33176 10 1 (
B7D045F9D7176BD0D00AF389856D18C0E361
C443 )
7200 DS 33176 10 2 (
627102FACA12A10C88F6C67915B720CC6888
7CF1C10BC3E8EB864160F1965A18 )
7200 RRSIG DS 8 3 7200 20101027110135 (
20101021110135 56360 example.net.
N8A1y3qpsaJ0lP6d2I1y8YEuda7c2GY1kuCt
9Mdao6oh7tL6XP2b/ELIBo6fsghfuW1KZfou
WkTbI4/HV5732g== )
0SFBC13DNQA2CKBS24U09GPJMGD5QCF2.example.net. 7200 IN NSEC3 1 1 10 9FC981 16DIB0QP1341N7TSMI2MGCQ2MDNP6TFO NS SOA RRSIG DNSKEY NSEC3PARAM
7200 RRSIG NSEC3 8 3 7200 20101027110135 (
20101021110135 56360 example.net.
irEoMAQ1uehoU51rEkuM20++pBX8iPrFzQZk
4VAe0AXbeMBphSh3oBB0I3p7w4UGXLuYR7MW
bDPNteuoui5QmQ== )
16DIB0QP1341N7TSMI2MGCQ2MDNP6TFO.example.net. 7200 IN NSEC3 1 1 10 9FC981 222FFA4JCL3KC4NLGH9R685ISJKB205Q MX RRSIG
7200 RRSIG NSEC3 8 3 7200 20101027110135 (
20101021110135 56360 example.net.
1rCPDG0uz8PbKQ98WLlu1R39HhKOrfjory5r
tTi/e3RA2IAksL8ZQaVW+EyRzLGSDM7TtciM
UEgK/utbE0WlqQ== )
222FFA4JCL3KC4NLGH9R685ISJKB205Q.example.net. 7200 IN NSEC3 1 1 10 9FC981 AMEE10EPLHBGI9Q6ICVFSNVP2U0D0TVB A RRSIG
7200 RRSIG NSEC3 8 3 7200 20101027110135 (
20101021110135 56360 example.net.
1jS0RwIW59DFCr2d+ghFW8yFdcaGJDCQFgVh
pNiTIijvvyiObt7EqfJJ5PPV8CqJsZEiIoh+
JRDEuSSrKCU6eA== )
AMEE10EPLHBGI9Q6ICVFSNVP2U0D0TVB.example.net. 7200 IN NSEC3 1 1 10 9FC981 BOS6983BFUCMFRIQF1QMC1U4AU37TR6O A AAAA RRSIG
7200 RRSIG NSEC3 8 3 7200 20101027110135 (
20101021110135 56360 example.net.
OHYj80ju8hKFNSDNj//yDIXgTKM2NUyRO2cs
K1knzM/3L/GvmEm5nvHNepxj+surAl6mmaiT
k2wl4DOdTml60w== )
BOS6983BFUCMFRIQF1QMC1U4AU37TR6O.example.net. 7200 IN NSEC3 1 1 10 9FC981 D8S4S8KU5O1TCASTGO9FEHHGUGO696U4 A AAAA RRSIG
7200 RRSIG NSEC3 8 3 7200 20101027110135 (
20101021110135 56360 example.net.
HwT0gQ7fVc5TYTc/SDQw9zMPmlSwlEW3cmVk
mjIQANQPFi597frcuVt26xAoUB71TXgGp+62
3y2MyRs66kCrNg== )
D8S4S8KU5O1TCASTGO9FEHHGUGO696U4.example.net. 7200 IN NSEC3 1 1 10 9FC981 DBLIJ0LAN19DVGU1E46BJ9R9SN5BRETC NS DS RRSIG
7200 RRSIG NSEC3 8 3 7200 20101027110135 (
20101021110135 56360 example.net.
R/YtEmQgd+tHTNQ8itKrFhy880QLYTpAVaER
0dd9vITUKHG7Fhr67ACkWBOEec+d9kiL76cH
DHrDGZ+wKksLxg== )
DBLIJ0LAN19DVGU1E46BJ9R9SN5BRETC.example.net. 7200 IN NSEC3 1 1 10 9FC981 H108GFD5147KMF1CLFQLQQBNSD733MPQ A RRSIG
7200 RRSIG NSEC3 8 3 7200 20101027110135 (
20101021110135 56360 example.net.
KTPX36NTHepXsZoUGwBTq6Qt86mSF4Z0hlaP
HbhF9A+BJwLx+Sg0ifX0qobfMwh+BZZQZ8E3
nSSyA5sIJWL39Q== )
H108GFD5147KMF1CLFQLQQBNSD733MPQ.example.net. 7200 IN NSEC3 1 1 10 9FC981 0SFBC13DNQA2CKBS24U09GPJMGD5QCF2 A RRSIG
7200 RRSIG NSEC3 8 3 7200 20101027110135 (
20101021110135 56360 example.net.
dmGULq6gwCxRscDm0oCeFD6RnDkXWtaw85DO
UGwgczRooNDBkbD608EJgqDT+ds0IGwZazGq
ufB2hCiFNnNjyg== )
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment