2 # README dnssec zone key tool
4 # (c) March 2005 - Aug 2014 by Holger Zuleger hznet
5 # (c) domaincmp() Aug 2005 by Karle Boss & H. Zuleger (kaho)
6 # (c) zconf.c by Jeroen Masar & Holger Zuleger
9 For more information about the DNSSEC Zone Key Tool please
10 have a look at "http://www.hznet.de/dns/zkt/"
12 You can also subscribe to the zkt-users@sourceforge.net mailing list
13 on the following website: https://lists.sourceforge.net/lists/listinfo/zkt-users
15 The ZKT software is licenced under BSD (see LICENCE file)
17 To build the software:
18 a) Get the current version of zkt
19 $ wget http://www.hznet.de/dns/zkt/zkt-1.1.tar.gz
22 $ tar xzvf zkt-1.1.tar.gz
24 c) Change to source directory
27 d) Run configure script
39 a) (optional) Install or rebuild the default dnssec.conf file
40 $ zkt-conf -d -w # Install new file
42 $ zkt-conf -s -w # rebuild existing file
44 b) (optional) Change default parameters
45 $ zkt-conf -s -O "Zonedir: /var/named/zones" -w
46 or use your prefered editor
47 $ vi /var/named/dnssec.conf
48 (optional) You'll probably want to have zkt-ls work recursively
49 $ zkt-conf -s -O "Recursive: True" -w
51 c) Prepare one of your zone for zkt
52 $ cd /var/named/zones/net/example.net # change dir to zone directory
53 $ cp <zonefile> zone.db # copy and rename existing zone file to "zone.db"
54 $ zkt-conf -w zone.db # create local dnssec.conf file and include dnskey.db into zone file
56 d) Prepare for initial signing
57 $ cd /var/named/zones/net/example.net
58 $ touch zone.db.signed
59 $ zkt-signer -v -v -o example.net # -o is ORIGIN (i.e. zone name)
62 @ add `zone.db.signed' as zone file to your name server
63 @ publish DS contained in `dsset-example.net.' at your zone's parent