Cannot use dnssec-settime with old keys
Stephane Bortzmeyer
bortzmeyer at nic.fr
Thu Feb 25 09:18:05 UTC 2010
On Tue, Feb 23, 2010 at 05:54:01PM +0100,
Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote
a message of 18 lines which said:
> OK, I upgrade:
>
> % dnssec-settime -v 3 -f Ktoto.fr.+008+42555
> dnssec-settime: toto.fr/RSASHA256/42555
>
> But it changed nothing, ls -l shows that the file did not change and I
> still get the message "incompatible format version 1.2".
And strace (Debian/Linux box) shows that key files were opened only in
read-only and no file was opened for writing:
% strace dnssec-settime -f -v 3 Ktoto.fr.+008+42555 |& grep open
...
open("./Ktoto.fr.+008+42555.key", O_RDONLY) = 4
open("./Ktoto.fr.+008+42555.private", O_RDONLY) = 4
Did anyone managed to use dnssec-settime -f ?
More information about the bind-users
mailing list