12010-02-06 00:26:54.533: debug: Check RFC5011 status 22010-02-06 00:26:54.533: debug: ->not a rfc5011 zone, looking for a regular ksk rollover 32010-02-06 00:26:54.533: debug: Check KSK status 42010-02-06 00:26:54.533: debug: Check ZSK status 52010-02-06 00:26:54.533: debug: Re-signing not necessary! 62010-02-06 00:26:54.533: debug: Check if there is a parent file to copy 72010-02-06 00:29:31.291: debug: Check RFC5011 status 82010-02-06 00:29:31.291: debug: ->not a rfc5011 zone, looking for a regular ksk rollover 92010-02-06 00:29:31.291: debug: Check KSK status 102010-02-06 00:29:31.292: debug: Check ZSK status 112010-02-06 00:29:31.292: debug: Re-signing not necessary! 122010-02-06 00:29:31.292: debug: Check if there is a parent file to copy 132010-02-06 00:40:35.043: debug: Check RFC5011 status 142010-02-06 00:40:35.043: debug: ->not a rfc5011 zone, looking for a regular ksk rollover 152010-02-06 00:40:35.043: debug: Check KSK status 162010-02-06 00:40:35.043: debug: Check ZSK status 172010-02-06 00:40:35.043: debug: Re-signing not necessary! 182010-02-06 00:40:35.043: debug: Check if there is a parent file to copy 192010-02-06 00:52:55.403: debug: Check RFC5011 status 202010-02-06 00:52:55.403: debug: ->not a rfc5011 zone, looking for a regular ksk rollover 212010-02-06 00:52:55.403: debug: Check KSK status 222010-02-06 00:52:55.403: debug: Check ZSK status 232010-02-06 00:52:55.403: debug: Re-signing not necessary! 242010-02-06 00:52:55.403: debug: Check if there is a parent file to copy 252010-02-07 13:53:48.304: debug: Check RFC5011 status 262010-02-07 13:53:48.304: debug: ->not a rfc5011 zone, looking for a regular ksk rollover 272010-02-07 13:53:48.304: debug: Check KSK status 282010-02-07 13:53:48.304: debug: Check ZSK status 292010-02-07 13:53:48.304: debug: Re-signing not necessary! 302010-02-07 13:53:48.304: debug: Check if there is a parent file to copy 312010-02-07 13:54:03.466: debug: Check RFC5011 status 322010-02-07 13:54:03.466: debug: ->not a rfc5011 zone, looking for a regular ksk rollover 332010-02-07 13:54:03.466: debug: Check KSK status 342010-02-07 13:54:03.466: debug: Check ZSK status 352010-02-07 13:54:03.466: debug: Re-signing not necessary! 362010-02-07 13:54:03.466: debug: Check if there is a parent file to copy 372010-02-07 13:54:08.019: debug: Check RFC5011 status 382010-02-07 13:54:08.019: debug: ->not a rfc5011 zone, looking for a regular ksk rollover 392010-02-07 13:54:08.020: debug: Check KSK status 402010-02-07 13:54:08.020: debug: Check ZSK status 412010-02-07 13:54:08.020: debug: Re-signing necessary: Option -f 422010-02-07 13:54:08.020: notice: "example.net.": re-signing triggered: Option -f 432010-02-07 13:54:08.020: debug: Writing key file "./example.net/dnskey.db" 442010-02-07 13:54:08.020: debug: Incrementing serial number in file "./example.net/zone.db" 452010-02-07 13:54:08.020: debug: Signing zone "example.net." 462010-02-07 13:54:08.021: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1" 472010-02-07 13:54:08.125: debug: Cmd dnssec-signzone return: "zone.db.signed" 482010-02-07 13:54:08.125: debug: Signing completed after 0s. 492010-02-07 13:54:08.125: notice: "example.net.": distribution triggered 502010-02-07 13:54:08.125: debug: Distribute zone "example.net." 512010-02-07 13:54:08.125: debug: Run cmd "./dist.sh distribute example.net. ./example.net/zone.db.signed " 522010-02-07 13:54:08.129: debug: ./dist.sh distribute return: "scp ./example.net/zone.db.signed localhost:/var/named/example.net./" 532010-02-07 13:54:08.129: notice: "example.net.": reload triggered 542010-02-07 13:54:08.129: debug: Reload zone "example.net." 552010-02-07 13:54:08.129: debug: Run cmd "./dist.sh reload example.net. ./example.net/zone.db.signed " 562010-02-07 13:54:08.139: debug: ./dist.sh reload return: "rndc reload example.net. " 572010-02-07 14:06:27.670: debug: Check RFC5011 status 582010-02-07 14:06:27.670: debug: ->not a rfc5011 zone, looking for a regular ksk rollover 592010-02-07 14:06:27.670: debug: Check KSK status 602010-02-07 14:06:27.670: debug: Check ZSK status 612010-02-07 14:06:27.670: debug: Re-signing not necessary! 622010-02-07 14:06:27.671: debug: Check if there is a parent file to copy 632010-02-07 14:06:33.753: debug: Check RFC5011 status 642010-02-07 14:06:33.753: debug: ->not a rfc5011 zone, looking for a regular ksk rollover 652010-02-07 14:06:33.753: debug: Check KSK status 662010-02-07 14:06:33.753: debug: Check ZSK status 672010-02-07 14:06:33.753: debug: Re-signing necessary: Option -f 682010-02-07 14:06:33.753: notice: "example.net.": re-signing triggered: Option -f 692010-02-07 14:06:33.753: debug: Writing key file "./example.net/dnskey.db" 702010-02-07 14:06:33.754: debug: Incrementing serial number in file "./example.net/zone.db" 712010-02-07 14:06:33.754: debug: Signing zone "example.net." 722010-02-07 14:06:33.754: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1" 732010-02-07 14:06:33.790: debug: Cmd dnssec-signzone return: "zone.db.signed" 742010-02-07 14:06:33.790: debug: Signing completed after 0s. 752010-02-07 14:06:33.790: notice: "example.net.": distribution triggered 762010-02-07 14:06:33.790: debug: Distribute zone "example.net." 772010-02-07 14:06:33.790: debug: Run cmd "./dist.sh distribute example.net. ./example.net/zone.db.signed " 782010-02-07 14:06:33.794: debug: ./dist.sh distribute return: "scp ./example.net/zone.db.signed localhost:/var/named/example.net./" 792010-02-07 14:06:33.794: notice: "example.net.": reload triggered 802010-02-07 14:06:33.794: debug: Reload zone "example.net." 812010-02-07 14:06:33.794: debug: Run cmd "./dist.sh reload example.net. ./example.net/zone.db.signed " 822010-02-07 14:06:33.797: debug: ./dist.sh reload return: "rndc reload example.net. " 832010-02-21 12:50:43.587: debug: Check RFC5011 status 842010-02-21 12:50:43.587: debug: ->not a rfc5011 zone, looking for a regular ksk rollover 852010-02-21 12:50:43.587: debug: Check KSK status 862010-02-21 12:50:43.587: debug: Check ZSK status 872010-02-21 12:50:43.587: debug: Lifetime(1209600 +/-150 sec) of active key 33002 exceeded (2394625 sec) 882010-02-21 12:50:43.587: debug: ->depreciate it 892010-02-21 12:50:43.587: debug: ->activate published key 29240 902010-02-21 12:50:43.587: notice: "example.net.": lifetime of zone signing key 33002 exceeded: ZSK rollover done 912010-02-21 12:50:43.587: debug: New key for publishing needed 922010-02-21 12:50:43.658: debug: ->creating new key 5525 932010-02-21 12:50:43.658: info: "example.net.": new key 5525 generated for publishing 942010-02-21 12:50:43.658: debug: Re-signing necessary: Modfied zone key set 952010-02-21 12:50:43.658: notice: "example.net.": re-signing triggered: Modfied zone key set 962010-02-21 12:50:43.658: debug: Writing key file "./example.net/dnskey.db" 972010-02-21 12:50:43.665: debug: Incrementing serial number in file "./example.net/zone.db" 982010-02-21 12:50:43.665: debug: Signing zone "example.net." 992010-02-21 12:50:43.665: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1" 1002010-02-21 12:50:43.733: debug: Cmd dnssec-signzone return: "zone.db.signed" 1012010-02-21 12:50:43.733: debug: Signing completed after 0s. 1022010-02-21 12:50:51.205: debug: Check RFC5011 status 1032010-02-21 12:50:51.205: debug: ->not a rfc5011 zone, looking for a regular ksk rollover 1042010-02-21 12:50:51.205: debug: Check KSK status 1052010-02-21 12:50:51.205: debug: Check ZSK status 1062010-02-21 12:50:51.205: debug: Re-signing not necessary! 1072010-02-21 12:50:51.205: debug: Check if there is a parent file to copy 1082010-02-21 12:51:23.497: debug: Check RFC5011 status 1092010-02-21 12:51:23.497: debug: ->not a rfc5011 zone, looking for a regular ksk rollover 1102010-02-21 12:51:23.497: debug: Check KSK status 1112010-02-21 12:51:23.497: debug: Check ZSK status 1122010-02-21 12:51:23.497: debug: Re-signing not necessary! 1132010-02-21 12:51:23.497: debug: Check if there is a parent file to copy 1142010-02-21 19:16:18.594: debug: Check RFC5011 status 1152010-02-21 19:16:18.594: debug: ->not a rfc5011 zone, looking for a regular ksk rollover 1162010-02-21 19:16:18.594: debug: Check KSK status 1172010-02-21 19:16:18.594: debug: Check ZSK status 1182010-02-21 19:16:18.594: debug: Re-signing not necessary! 1192010-02-21 19:16:18.594: debug: Check if there is a parent file to copy 1202010-02-21 19:32:11.378: debug: Check RFC5011 status 1212010-02-21 19:32:11.378: debug: ->not a rfc5011 zone, looking for a regular ksk rollover 1222010-02-21 19:32:11.378: debug: Check KSK status 1232010-02-21 19:32:11.378: debug: Check ZSK status 1242010-02-21 19:32:11.378: debug: Re-signing not necessary! 1252010-02-21 19:32:11.378: debug: Check if there is a parent file to copy 1262010-02-21 19:32:15.982: debug: Check RFC5011 status 1272010-02-21 19:32:15.982: debug: ->not a rfc5011 zone, looking for a regular ksk rollover 1282010-02-21 19:32:15.982: debug: Check KSK status 1292010-02-21 19:32:15.982: debug: Check ZSK status 1302010-02-21 19:32:15.982: debug: Re-signing necessary: Option -f 1312010-02-21 19:32:15.982: notice: "example.net.": re-signing triggered: Option -f 1322010-02-21 19:32:15.982: debug: Writing key file "./example.net/dnskey.db" 1332010-02-21 19:32:15.982: debug: Incrementing serial number in file "./example.net/zone.db" 1342010-02-21 19:32:15.982: debug: Signing zone "example.net." 1352010-02-21 19:32:15.982: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1" 1362010-02-21 19:32:16.019: debug: Cmd dnssec-signzone return: "zone.db.signed" 1372010-02-21 19:32:16.019: debug: Signing completed after 1s. 1382010-02-21 19:32:32.232: debug: Check RFC5011 status 1392010-02-21 19:32:32.232: debug: ->not a rfc5011 zone, looking for a regular ksk rollover 1402010-02-21 19:32:32.233: debug: Check KSK status 1412010-02-21 19:32:32.233: debug: Check ZSK status 1422010-02-21 19:32:32.233: debug: Re-signing necessary: Option -f 1432010-02-21 19:32:32.233: notice: "example.net.": re-signing triggered: Option -f 1442010-02-21 19:32:32.233: debug: Writing key file "./example.net/dnskey.db" 1452010-02-21 19:32:32.233: debug: Incrementing serial number in file "./example.net/zone.db" 1462010-02-21 19:32:32.233: debug: Signing zone "example.net." 1472010-02-21 19:32:32.233: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1" 1482010-02-21 19:32:32.273: debug: Cmd dnssec-signzone return: "zone.db.signed" 1492010-02-21 19:32:32.273: debug: Signing completed after 0s. 1502010-02-25 00:12:27.060: debug: Check RFC5011 status 1512010-02-25 00:12:27.060: debug: ->not a rfc5011 zone, looking for a regular ksk rollover 1522010-02-25 00:12:27.060: debug: Check KSK status 1532010-02-25 00:12:27.060: debug: Check ZSK status 1542010-02-25 00:12:27.060: debug: Lifetime(29100 sec) of depreciated key 33002 exceeded (300104 sec) 1552010-02-25 00:12:27.060: info: "example.net.": old ZSK 33002 removed 1562010-02-25 00:12:27.081: debug: ->remove it 1572010-02-25 00:12:27.082: debug: Re-signing necessary: Modfied zone key set 1582010-02-25 00:12:27.082: notice: "example.net.": re-signing triggered: Modfied zone key set 1592010-02-25 00:12:27.082: debug: Writing key file "./example.net/dnskey.db" 1602010-02-25 00:12:27.086: debug: Incrementing serial number in file "./example.net/zone.db" 1612010-02-25 00:12:27.086: debug: Signing zone "example.net." 1622010-02-25 00:12:27.086: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1" 1632010-02-25 00:12:27.173: debug: Cmd dnssec-signzone return: "zone.db.signed" 1642010-02-25 00:12:27.174: debug: Signing completed after 0s. 1652010-02-25 23:42:21.013: debug: Check RFC5011 status 1662010-02-25 23:42:21.013: debug: ->not a rfc5011 zone, looking for a regular ksk rollover 1672010-02-25 23:42:21.013: debug: Check KSK status 1682010-02-25 23:42:21.013: debug: Check ZSK status 1692010-02-25 23:42:21.013: debug: Re-signing not necessary! 1702010-02-25 23:42:21.013: debug: Check if there is a parent file to copy 1712010-03-02 10:59:12.416: debug: Check RFC5011 status 1722010-03-02 10:59:12.416: debug: ->not a rfc5011 zone, looking for a regular ksk rollover 1732010-03-02 10:59:12.416: debug: Check KSK status 1742010-03-02 10:59:12.416: debug: Check ZSK status 1752010-03-02 10:59:12.416: debug: Re-signing necessary: re-signing interval (2d) reached 1762010-03-02 10:59:12.416: notice: "example.net.": re-signing triggered: re-signing interval (2d) reached 1772010-03-02 10:59:12.416: debug: Writing key file "./example.net/dnskey.db" 1782010-03-02 10:59:12.449: debug: Incrementing serial number in file "./example.net/zone.db" 1792010-03-02 10:59:12.449: debug: Signing zone "example.net." 1802010-03-02 10:59:12.450: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1" 1812010-03-02 10:59:12.530: debug: Cmd dnssec-signzone return: "zone.db.signed" 1822010-03-02 10:59:12.530: debug: Signing completed after 0s. 1832010-03-03 23:22:00.415: debug: Check RFC5011 status 1842010-03-03 23:22:00.415: debug: ->not a rfc5011 zone, looking for a regular ksk rollover 1852010-03-03 23:22:00.415: debug: Check KSK status 1862010-03-03 23:22:00.415: debug: Check ZSK status 1872010-03-03 23:22:00.416: debug: Re-signing not necessary! 1882010-03-03 23:22:00.416: debug: Check if there is a parent file to copy 1892010-03-08 23:11:50.170: debug: Check RFC5011 status 1902010-03-08 23:11:50.170: debug: ->not a rfc5011 zone, looking for a regular ksk rollover 1912010-03-08 23:11:50.170: debug: Check KSK status 1922010-03-08 23:11:50.170: debug: Check ZSK status 1932010-03-08 23:11:50.171: debug: Lifetime(1209600 +/-150 sec) of active key 29240 exceeded (1333267 sec) 1942010-03-08 23:11:50.171: debug: ->depreciate it 1952010-03-08 23:11:50.171: debug: ->activate published key 5525 1962010-03-08 23:11:50.171: notice: "example.net.": lifetime of zone signing key 29240 exceeded: ZSK rollover done 1972010-03-08 23:11:50.171: debug: New key for publishing needed 1982010-03-08 23:11:50.228: debug: ->creating new key 21482 1992010-03-08 23:11:50.228: info: "example.net.": new key 21482 generated for publishing 2002010-03-08 23:11:50.228: debug: Re-signing necessary: Modfied zone key set 2012010-03-08 23:11:50.228: notice: "example.net.": re-signing triggered: Modfied zone key set 2022010-03-08 23:11:50.228: debug: Writing key file "././example.net/dnskey.db" 2032010-03-08 23:11:50.235: debug: Incrementing serial number in file "././example.net/zone.db" 2042010-03-08 23:11:50.235: debug: Signing zone "example.net." 2052010-03-08 23:11:50.235: debug: Run cmd "cd ././example.net; /usr/local/sbin/dnssec-signzone -n 1 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1" 2062010-03-08 23:11:50.294: debug: Cmd dnssec-signzone return: "zone.db.signed" 2072010-03-08 23:11:50.294: debug: Signing completed after 0s. 2082010-03-08 23:12:56.212: debug: Check RFC5011 status 2092010-03-08 23:12:56.212: debug: ->not a rfc5011 zone, looking for a regular ksk rollover 2102010-03-08 23:12:56.212: debug: Check KSK status 2112010-03-08 23:12:56.212: debug: Check ZSK status 2122010-03-08 23:12:56.212: debug: Re-signing necessary: Modfied zone key set 2132010-03-08 23:12:56.212: notice: "example.net.": re-signing triggered: Modfied zone key set 2142010-03-08 23:12:56.212: debug: Writing key file "././example.net/dnskey.db" 2152010-03-08 23:12:56.213: debug: Incrementing serial number in file "././example.net/zone.db" 2162010-03-08 23:12:56.213: debug: Signing zone "example.net." 2172010-03-08 23:12:56.213: debug: Run cmd "cd ././example.net; /usr/local/sbin/dnssec-signzone -n 1 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1" 2182010-03-08 23:12:56.278: debug: Cmd dnssec-signzone return: "zone.db.signed" 2192010-03-08 23:12:56.279: debug: Signing completed after 0s. 2202010-03-08 23:13:36.984: debug: Check RFC5011 status 2212010-03-08 23:13:36.984: debug: ->not a rfc5011 zone, looking for a regular ksk rollover 2222010-03-08 23:13:36.984: debug: Check KSK status 2232010-03-08 23:13:36.984: debug: Check ZSK status 2242010-03-08 23:13:36.985: debug: Re-signing not necessary! 2252010-03-08 23:13:36.985: debug: Check if there is a parent file to copy 2262010-03-08 23:18:52.287: debug: Check RFC5011 status 2272010-03-08 23:18:52.287: debug: ->not a rfc5011 zone, looking for a regular ksk rollover 2282010-03-08 23:18:52.287: debug: Check KSK status 2292010-03-08 23:18:52.287: debug: Check ZSK status 2302010-03-08 23:18:52.287: debug: Re-signing not necessary! 2312010-03-08 23:18:52.287: debug: Check if there is a parent file to copy 2322010-03-11 23:46:35.831: debug: Check RFC5011 status 2332010-03-11 23:46:35.831: debug: ->not a rfc5011 zone, looking for a regular ksk rollover 2342010-03-11 23:46:35.831: debug: Check KSK status 2352010-03-11 23:46:35.831: debug: Check ZSK status 2362010-03-11 23:46:35.831: debug: Lifetime(29100 sec) of depreciated key 29240 exceeded (261285 sec) 2372010-03-11 23:46:35.831: info: "example.net.": old ZSK 29240 removed 2382010-03-11 23:46:35.832: debug: ->remove it 2392010-03-11 23:46:35.832: debug: Re-signing necessary: Modfied zone key set 2402010-03-11 23:46:35.832: notice: "example.net.": re-signing triggered: Modfied zone key set 2412010-03-11 23:46:35.832: debug: Writing key file "./example.net/dnskey.db" 2422010-03-11 23:46:35.841: debug: Incrementing serial number in file "./example.net/zone.db" 2432010-03-11 23:46:35.841: debug: Signing zone "example.net." 2442010-03-11 23:46:35.841: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1" 2452010-03-11 23:46:35.929: debug: Cmd dnssec-signzone return: "zone.db.signed" 2462010-03-11 23:46:35.929: debug: Signing completed after 0s. 2472010-03-11 23:52:33.132: debug: Check RFC5011 status 2482010-03-11 23:52:33.132: debug: ->not a rfc5011 zone, looking for a regular ksk rollover 2492010-03-11 23:52:33.133: debug: Check KSK status 2502010-03-11 23:52:33.133: debug: No active KSK found: generate new one 2512010-03-11 23:52:33.374: info: "example.net.": generated new KSK 8406 2522010-03-11 23:52:33.374: debug: Check ZSK status 2532010-03-11 23:52:33.374: debug: No active ZSK found: generate new one 2542010-03-11 23:52:33.400: info: "example.net.": generated new ZSK 36257 2552010-03-11 23:52:33.400: debug: Re-signing necessary: Modfied zone key set 2562010-03-11 23:52:33.400: notice: "example.net.": re-signing triggered: Modfied zone key set 2572010-03-11 23:52:33.400: debug: Writing key file "./example.net/dnskey.db" 2582010-03-11 23:52:33.400: debug: Incrementing serial number in file "./example.net/zone.db" 2592010-03-11 23:52:33.400: debug: Signing zone "example.net." 2602010-03-11 23:52:33.400: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -A -3 69AE05 -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1" 2612010-03-11 23:52:33.408: debug: Cmd dnssec-signzone return: "dnssec-signzone: fatal: NSEC3 generation requested with NSEC only DNSKEY" 2622010-03-11 23:52:33.408: error: "example.net.": signing failed! 2632010-03-11 23:53:27.856: debug: Check RFC5011 status 2642010-03-11 23:53:27.856: debug: ->not a rfc5011 zone, looking for a regular ksk rollover 2652010-03-11 23:53:27.856: debug: Check KSK status 2662010-03-11 23:53:27.856: debug: Check ZSK status 2672010-03-11 23:53:27.856: debug: Re-signing necessary: Modified keys 2682010-03-11 23:53:27.856: notice: "example.net.": re-signing triggered: Modified keys 2692010-03-11 23:53:27.856: debug: Writing key file "./example.net/dnskey.db" 2702010-03-11 23:53:27.856: debug: Incrementing serial number in file "./example.net/zone.db" 2712010-03-11 23:53:27.856: debug: Signing zone "example.net." 2722010-03-11 23:53:27.856: debug: Run cmd "cd ./example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -A -3 67AA7F -C -g -p -d ../keysets -o example.net. -e +518400 zone.db K*.private 2>&1" 2732010-03-11 23:53:27.920: debug: Cmd dnssec-signzone return: "zone.db.signed" 2742010-03-11 23:53:27.920: debug: Signing completed after 0s. 275