Monthly Archives: September 2014

DNSSEC Zone Key Tool (ZKT) support for included files

DNSSEC Zone Key Tool is a powerful tool suite for managing DNSSEC zones. It automatically creates/deprecates keys, resigns the zone at fixed intervals and also resigns zones if they where modified.

Detection of modified zones is done by looking at the last-modified date of the files (zone.db, dnskeys.db and zone.db.signed) – if zone.db or dnskeys.db are newer than zone.db.signed a resign is necessary. However, zkt-tools do not support/check the last-modification date of included files (with the “$INCLUDE” directive). This patch adds support for this, so that all included files are also checked whether they were modified since the last signing of the zone.

Upstream report: https://sourceforge.net/p/zkt/patches/2/, https://github.com/hzuleger/ZKT/pull/10