Cannot use dnssec-settime with old keys

Stephane Bortzmeyer bortzmeyer at nic.fr
Thu Feb 25 09:18:05 UTC 2010


On Tue, Feb 23, 2010 at 05:54:01PM +0100,
 Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote 
 a message of 18 lines which said:

> OK, I upgrade:
> 
> % dnssec-settime  -v 3 -f Ktoto.fr.+008+42555 
> dnssec-settime: toto.fr/RSASHA256/42555
> 
> But it changed nothing, ls -l shows that the file did not change and I
> still get the message "incompatible format version 1.2".

And strace (Debian/Linux box) shows that key files were opened only in
read-only and no file was opened for writing:

% strace dnssec-settime -f -v 3 Ktoto.fr.+008+42555 |& grep open
...
open("./Ktoto.fr.+008+42555.key", O_RDONLY) = 4
open("./Ktoto.fr.+008+42555.private", O_RDONLY) = 4

Did anyone managed to use dnssec-settime -f ? 



More information about the bind-users mailing list