new paste || ipv4:js fail, n/a or broken? | ipv6:js fail, n/a or broken? ||

paste 9068/7c46 | 1083 views since 2013-05-29 10:53:27 | text/plain | wrap || empty reply | copy reply | quote reply 
js:(
Relevant output from /usr/bin/zkt-signer -v -v:
[some zones signed just fine or did not need to resign... those have been removed]

parsing zone "dmz.freshdot.net." in dir "/etc/bind/master/net/freshdot.net/dmz.freshdot.net"
        Check RFC5011 status
                ->not a rfc5011 zone, looking for a regular ksk rollover
        Check KSK status
        Check ZSK status
        Re-signing necessary: re-signing interval (2w) reached
        Writing key file "/etc/bind/master/net/freshdot.net/dmz.freshdot.net/dnskey.db"
        Incrementing serial number in file "/etc/bind/master/net/freshdot.net/dmz.freshdot.net/zone.db"
        Signing zone "dmz.freshdot.net."
could not increment serialno of domain vm.freshdot.net. in file /etc/bind/master/net/freshdot.net/vm.freshdot.net/zone.db: no serial number found in zone file!
could not increment serialno of domain freshdot.net. in file /etc/bind/master/net/freshdot.net/zone.db: no serial number found in zone file!
could not increment serialno of domain thesmallprint.nl. in file /etc/bind/master/nl/thesmallprint.nl/zone.db: no serial number found in zone file!
          Run cmd "cd /etc/bind/master/net/freshdot.net/dmz.freshdot.net; /usr/sbin/dnssec-signzone  -u -3 AFB31E -C -g -o dmz.freshdot.net. -e +1814400  zone.db K*.private 2>&1"
          Cmd dnssec-signzone return: "zone.db.signed"
        Signing completed after 0s.
          copy "/etc/bind/master/net/freshdot.net/dmz.freshdot.net/keyset-dmz.freshdot.net." to parent dir

parsing zone "vm.freshdot.net." in dir "/etc/bind/master/net/freshdot.net/vm.freshdot.net"
        Check RFC5011 status
                ->not a rfc5011 zone, looking for a regular ksk rollover
        Check KSK status
        Check ZSK status
        Re-signing necessary: re-signing interval (2w) reached
        Writing key file "/etc/bind/master/net/freshdot.net/vm.freshdot.net/dnskey.db"

parsing zone "freshdot.net." in dir "/etc/bind/master/net/freshdot.net"
        Check RFC5011 status
                ->not a rfc5011 zone, looking for a regular ksk rollover
        Check KSK status
        Check ZSK status
        Re-signing necessary: Modified KSK in delegated domain
        Writing key file "/etc/bind/master/net/freshdot.net/dnskey.db"
          copy "/etc/bind/master/net/freshdot.net/keyset-freshdot.net." to parent dir

parsing zone "thesmallprint.nl." in dir "/etc/bind/master/nl/thesmallprint.nl"
        Check RFC5011 status
                ->not a rfc5011 zone, looking for a regular ksk rollover
        Check KSK status
        Check ZSK status
        Re-signing necessary: re-signing interval (2w) reached
        Writing key file "/etc/bind/master/nl/thesmallprint.nl/dnskey.db"
          copy "/etc/bind/master/nl/thesmallprint.nl/keyset-thesmallprint.nl." to parent dir

parsing zone "degast.org." in dir "/etc/bind/master/org/degast.org"
        Check RFC5011 status
                ->not a rfc5011 zone, looking for a regular ksk rollover
        Check KSK status
        Check ZSK status
        Re-signing not necessary!
        Check if there is a parent file to copy
          copy "/could not increment serialno of domain freshdot.org. in file /etc/bind/master/org/freshdot.org/zone.db: no serial number found in zone file!
etc/bind/master/org/degast.org/keyset-degast.org." to parent dir

parsing zone "freshdot.org." in dir "/etc/bind/master/org/freshdot.org"
        Check RFC5011 status
                ->not a rfc5011 zone, looking for a regular ksk rollover
        Check KSK status
        Check ZSK status
        Re-signing necessary: re-signing interval (2w) reached
        Writing key file "/etc/bind/master/org/freshdot.org/dnskey.db"
          copy "/etc/bind/master/org/freshdot.org/keyset-freshdot.org." to parent dir

paste 9069/9f22 | 1731 views since 2013-05-29 11:01:27 | text/plain | wrap || empty reply | copy reply | quote reply 
js:(
# zgrep 'zkt' syslog.1.gz
May 29 05:00:01 services zkt-signer: notice: ------------------------------------------------------------
May 29 05:00:01 services zkt-signer: notice: running /usr/bin/zkt-signer -v -v 
May 29 05:00:01 services zkt-signer: notice: "2.17.172.in-addr.arpa.": re-signing triggered: re-signing interval (2w) reached
May 29 05:00:01 services zkt-signer: notice: "176-29.236.154.213.in-addr.arpa.": re-signing triggered: re-signing interval (2w) reached
May 29 05:00:01 services zkt-signer: notice: "0.0.0.0.e.f.2.0.8.b.7.0.1.0.0.2.ip6.arpa.": re-signing triggered: re-signing interval (2w) reached
May 29 05:00:01 services zkt-signer: notice: "dmz.freshdot.net.": re-signing triggered: re-signing interval (2w) reached
May 29 05:00:01 services zkt-signer: notice: "vm.freshdot.net.": re-signing triggered: re-signing interval (2w) reached
May 29 05:00:01 services zkt-signer: error: zone "vm.freshdot.net.": couldn't increment serialno in file /etc/bind/master/net/freshdot.net/vm.freshdot.net/zone.db: no serial number found in zone file
May 29 05:00:01 services zkt-signer: notice: "freshdot.net.": re-signing triggered: Modified KSK in delegated domain
May 29 05:00:01 services zkt-signer: error: zone "freshdot.net.": couldn't increment serialno in file /etc/bind/master/net/freshdot.net/zone.db: no serial number found in zone file
May 29 05:00:01 services zkt-signer: notice: "thesmallprint.nl.": re-signing triggered: re-signing interval (2w) reached
May 29 05:00:01 services zkt-signer: error: zone "thesmallprint.nl.": couldn't increment serialno in file /etc/bind/master/nl/thesmallprint.nl/zone.db: no serial number found in zone file
May 29 05:00:01 services zkt-signer: notice: "freshdot.org.": re-signing triggered: re-signing interval (2w) reached
May 29 05:00:01 services zkt-signer: error: zone "freshdot.org.": couldn't increment serialno in file /etc/bind/master/org/freshdot.org/zone.db: no serial number found in zone file
May 29 05:00:01 services zkt-signer: notice: end of run: 4 errors occured



Tried again in the morning:
# zgrep 'zkt' syslog
May 29 08:43:29 services zkt-signer: notice: ------------------------------------------------------------
May 29 08:43:29 services zkt-signer: notice: running /usr/bin/zkt-signer -v -v -D /etc/bind/master/net freshdot.net. 
May 29 08:43:29 services zkt-signer: notice: "freshdot.net.": re-signing triggered: Modified KSK in delegated domain
May 29 08:43:30 services zkt-signer: notice: end of run: 0 errors occured
May 29 09:14:27 services zkt-signer: notice: ------------------------------------------------------------
May 29 09:14:27 services zkt-signer: notice: running /usr/bin/zkt-signer -v -v 
May 29 09:14:27 services zkt-signer: notice: "vm.freshdot.net.": re-signing triggered: Modified keys
May 29 09:14:27 services zkt-signer: notice: "freshdot.net.": re-signing triggered: Modified KSK in delegated domain
May 29 09:14:27 services zkt-signer: notice: "thesmallprint.nl.": re-signing triggered: Modified keys
May 29 09:14:27 services zkt-signer: error: zone "thesmallprint.nl.": couldn't increment serialno in file /etc/bind/master/nl/thesmallprint.nl/zone.db: no serial number found in zone file
May 29 09:14:27 services zkt-signer: notice: "freshdot.org.": re-signing triggered: Modified keys
May 29 09:14:27 services zkt-signer: error: zone "freshdot.org.": couldn't increment serialno in file /etc/bind/master/org/freshdot.org/zone.db: no serial number found in zone file
May 29 09:14:27 services zkt-signer: notice: end of run: 2 errors occured
May 29 09:15:28 services zkt-signer: notice: ------------------------------------------------------------
May 29 09:15:28 services zkt-signer: notice: running /usr/bin/zkt-signer -v -v 
May 29 09:15:28 services zkt-signer: notice: "thesmallprint.nl.": re-signing triggered: Modified keys
May 29 09:15:28 services zkt-signer: notice: "freshdot.org.": re-signing triggered: Modified keys
May 29 09:15:28 services zkt-signer: notice: end of run: 0 errors occured
May 29 09:16:05 services zkt-signer: notice: ------------------------------------------------------------
May 29 09:16:05 services zkt-signer: notice: running /usr/bin/zkt-signer -v -v 
May 29 09:16:05 services zkt-signer: notice: end of run: 0 errors occured