12010-10-21 14:01:35.486: debug: 	Check RFC5011 status
22010-10-21 14:01:35.486: debug: 		->not a rfc5011 zone, looking for a regular ksk rollover
32010-10-21 14:01:35.486: debug: 	Check KSK status
42010-10-21 14:01:35.486: debug: 	Check ZSK status
52010-10-21 14:01:35.486: debug: 	No active ZSK found: generate new one
62010-10-21 14:01:35.495: error: sub.example.net.": can't generate new ZSK
72010-10-21 14:01:35.495: debug: 	Re-signing necessary: Modfied zone key set
82010-10-21 14:01:35.496: notice: "sub.example.net.": re-signing triggered: Modfied zone key set
92010-10-21 14:01:35.496: debug: 	Writing key file "./sub.example.net/dnskey.db"
102010-10-21 14:01:35.496: debug: 	Incrementing serial number in file "./sub.example.net/zone.db"
112010-10-21 14:01:35.496: debug: 	Signing zone "sub.example.net."
122010-10-21 14:01:35.496: debug: 	  Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -3 9FC981 -C -g -p -d ../keysets -o sub.example.net. -e +172800  zone.db K*.private 2>&1"
132010-10-21 14:01:35.546: debug: 	  Cmd dnssec-signzone return: "dnssec-signzone: fatal: DNSSEC completeness test failed."
142010-10-21 14:01:35.546: error: "sub.example.net.": signing failed!
152010-10-21 14:02:09.146: debug: 	Check RFC5011 status
162010-10-21 14:02:09.146: debug: 		->not a rfc5011 zone, looking for a regular ksk rollover
172010-10-21 14:02:09.146: debug: 	Check KSK status
182010-10-21 14:02:09.146: debug: 	Check ZSK status
192010-10-21 14:02:09.146: debug: 	No active ZSK found: generate new one
202010-10-21 14:02:09.156: error: sub.example.net.": can't generate new ZSK
212010-10-21 14:02:09.156: debug: 	Re-signing necessary: Modified keys
222010-10-21 14:02:09.156: notice: "sub.example.net.": re-signing triggered: Modified keys
232010-10-21 14:02:09.156: debug: 	Writing key file "./sub.example.net/dnskey.db"
242010-10-21 14:02:09.157: debug: 	Incrementing serial number in file "./sub.example.net/zone.db"
252010-10-21 14:02:09.157: debug: 	Signing zone "sub.example.net."
262010-10-21 14:02:09.157: debug: 	  Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -3 BD326D -C -g -p -d ../keysets -o sub.example.net. -e +172800  zone.db K*.private 2>&1"
272010-10-21 14:02:09.208: debug: 	  Cmd dnssec-signzone return: "dnssec-signzone: fatal: DNSSEC completeness test failed."
282010-10-21 14:02:09.208: error: "sub.example.net.": signing failed!
292010-10-21 14:05:35.988: debug: 	Check RFC5011 status
302010-10-21 14:05:35.988: debug: 		->not a rfc5011 zone, looking for a regular ksk rollover
312010-10-21 14:05:35.988: debug: 	Check KSK status
322010-10-21 14:05:35.988: debug: 	Check ZSK status
332010-10-21 14:05:35.988: debug: 	No active ZSK found: generate new one
342010-10-21 14:05:36.091: info: "sub.example.net.": generated new ZSK 7987
352010-10-21 14:05:36.091: debug: 	Re-signing necessary: Modfied zone key set
362010-10-21 14:05:36.091: notice: "sub.example.net.": re-signing triggered: Modfied zone key set
372010-10-21 14:05:36.091: debug: 	Writing key file "./sub.example.net/dnskey.db"
382010-10-21 14:05:36.091: debug: 	Incrementing serial number in file "./sub.example.net/zone.db"
392010-10-21 14:05:36.091: debug: 	Signing zone "sub.example.net."
402010-10-21 14:05:36.091: debug: 	  Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -3 75DE06 -C -g -p -d ../keysets -o sub.example.net. -e +172800  zone.db K*.private 2>&1"
412010-10-21 14:05:36.170: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
422010-10-21 14:05:36.170: debug: 	Signing completed after 0s.
432010-10-21 14:30:43.892: debug: 	Check RFC5011 status
442010-10-21 14:30:43.892: debug: 		->not a rfc5011 zone, looking for a regular ksk rollover
452010-10-21 14:30:43.892: debug: 	Check KSK status
462010-10-21 14:30:43.892: debug: 	Check ZSK status
472010-10-21 14:30:43.892: debug: 	Re-signing not necessary!
482010-10-21 14:30:43.892: debug: 	Check if there is a parent file to copy
492014-11-14 18:04:37.686: debug: 	Check RFC5011 status
502014-11-14 18:04:37.686: debug: 		->not a rfc5011 zone, looking for a regular ksk rollover
512014-11-14 18:04:37.686: debug: 	Check KSK status
522014-11-14 18:04:37.686: warning: "sub.example.net.": lifetime of key signing key 33176 exceeded since 4d8h26m2s
532014-11-14 18:04:37.686: debug: 	Check ZSK status
542014-11-14 18:04:37.686: debug: 	Lifetime(259200 +/-150 sec) of active key 7987 exceeded (980762 sec)
552014-11-14 18:04:37.686: debug: 		->waiting for published key
562014-11-14 18:04:37.686: notice: "sub.example.net.": lifetime of zone signing key 7987 exceeded since 1w1d8h26m2s: ZSK rollover deferred: waiting for published key
572014-11-14 18:04:37.686: debug: 	New ZSK for publishing needed
582014-11-14 18:04:37.721: debug: 		->creating new key 39632
592014-11-14 18:04:37.721: info: "sub.example.net.": new zone signing key 39632 generated for publishing
602014-11-14 18:04:37.721: debug: 	Re-signing necessary: Modified zone key set
612014-11-14 18:04:37.721: notice: "sub.example.net.": re-signing triggered: Modified zone key set
622014-11-14 18:04:37.721: debug: 	Writing key file "./sub.example.net/dnskey.db"
632014-11-14 18:04:37.721: debug: 	Incrementing serial number in file "./sub.example.net/zone.db"
642014-11-14 18:04:37.721: debug: 	Signing zone "sub.example.net."
652014-11-14 18:04:37.722: debug: 	  Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -3 97195D -C -g -p -d ../keysets -o sub.example.net. -e +172800  zone.db K*.private 2>&1"
662014-11-14 18:04:37.729: debug: 	  Cmd dnssec-signzone return: "dnssec-signzone: fatal: NSEC3 generation requested with NSEC-only DNSKEY"
672014-11-14 18:04:37.729: error: "sub.example.net.": signing failed!
682014-11-14 18:09:16.251: debug: 	Check RFC5011 status
692014-11-14 18:09:16.251: debug: 		->not a rfc5011 zone, looking for a regular ksk rollover
702014-11-14 18:09:16.251: debug: 	Check KSK status
712014-11-14 18:09:16.251: debug: 	No active KSK found: generate new one
722014-11-14 18:09:16.288: info: "sub.example.net.": generated new KSK 60396
732014-11-14 18:09:16.288: debug: 	Check ZSK status
742014-11-14 18:09:16.288: debug: 	No active ZSK found: generate new one
752014-11-14 18:09:16.329: info: "sub.example.net.": generated new ZSK 21503
762014-11-14 18:09:16.329: debug: 	Re-signing necessary: Modified zone key set
772014-11-14 18:09:16.329: notice: "sub.example.net.": re-signing triggered: Modified zone key set
782014-11-14 18:09:16.329: debug: 	Writing key file "./sub.example.net/dnskey.db"
792014-11-14 18:09:16.330: debug: 	Incrementing serial number in file "./sub.example.net/zone.db"
802014-11-14 18:09:16.330: debug: 	Signing zone "sub.example.net."
812014-11-14 18:09:16.330: debug: 	  Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -3 B26BB7 -C -g -p -d ../keysets -o sub.example.net. -e +172800  zone.db K*.private 2>&1"
822014-11-14 18:09:16.427: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
832014-11-14 18:09:16.427: debug: 	Signing completed after 0s.
842014-11-14 18:11:40.699: debug: 	Check RFC5011 status
852014-11-14 18:11:40.699: debug: 		->not a rfc5011 zone, looking for a regular ksk rollover
862014-11-14 18:11:40.699: debug: 	Check KSK status
872014-11-14 18:11:40.699: debug: 	Check ZSK status
882014-11-14 18:11:40.699: debug: 	Re-signing necessary: Modified keys
892014-11-14 18:11:40.699: notice: "sub.example.net.": re-signing triggered: Modified keys
902014-11-14 18:11:40.699: debug: 	Writing key file "././sub.example.net/dnskey.db"
912014-11-14 18:11:40.699: debug: 	Incrementing serial number in file "././sub.example.net/zone.db"
922014-11-14 18:11:40.699: debug: 	Signing zone "sub.example.net."
932014-11-14 18:11:40.699: debug: 	  Run cmd "cd ././sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -3 E8CBA9 -C -g -p -d ../keysets -o sub.example.net. -e +172800  zone.db K*.private 2>&1"
942014-11-14 18:11:40.876: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
952014-11-14 18:11:40.876: debug: 	Signing completed after 0s.
962014-11-14 18:11:46.599: debug: 	Check RFC5011 status
972014-11-14 18:11:46.599: debug: 		->not a rfc5011 zone, looking for a regular ksk rollover
982014-11-14 18:11:46.599: debug: 	Check KSK status
992014-11-14 18:11:46.599: debug: 	Check ZSK status
1002014-11-14 18:11:46.599: debug: 	Re-signing not necessary!
1012014-11-14 18:11:46.599: debug: 	Check if there is a parent file to copy
1022014-11-14 18:15:54.379: debug: 	Check RFC5011 status
1032014-11-14 18:15:54.379: debug: 		->not a rfc5011 zone, looking for a regular ksk rollover
1042014-11-14 18:15:54.379: debug: 	Check KSK status
1052014-11-14 18:15:54.379: debug: 	Check ZSK status
1062014-11-14 18:15:54.379: debug: 	Re-signing not necessary!
1072014-11-14 18:15:54.379: debug: 	Check if there is a parent file to copy
1082014-11-14 18:31:09.365: debug: 	Check RFC5011 status
1092014-11-14 18:31:09.365: debug: 		->not a rfc5011 zone, looking for a regular ksk rollover
1102014-11-14 18:31:09.365: debug: 	Check KSK status
1112014-11-14 18:31:09.365: debug: 	Check ZSK status
1122014-11-14 18:31:09.365: debug: 	Re-signing not necessary!
1132014-11-14 18:31:09.365: debug: 	Check if there is a parent file to copy
1142014-11-14 18:31:27.335: debug: 	Check RFC5011 status
1152014-11-14 18:31:27.335: debug: 		->not a rfc5011 zone, looking for a regular ksk rollover
1162014-11-14 18:31:27.335: debug: 	Check KSK status
1172014-11-14 18:31:27.335: debug: 	Check ZSK status
1182014-11-14 18:31:27.335: debug: 	Re-signing not necessary!
1192014-11-14 18:31:27.335: debug: 	Check if there is a parent file to copy
1202014-11-14 18:38:16.355: debug: 	Check RFC5011 status
1212014-11-14 18:38:16.355: debug: 		->not a rfc5011 zone, looking for a regular ksk rollover
1222014-11-14 18:38:16.355: debug: 	Check KSK status
1232014-11-14 18:38:16.355: debug: 	Check ZSK status
1242014-11-14 18:38:16.355: debug: 	Re-signing not necessary!
1252014-11-14 18:38:16.356: debug: 	Check if there is a parent file to copy
1262014-11-15 18:16:50.447: debug: 	Check RFC5011 status
1272014-11-15 18:16:50.447: debug: 		->not a rfc5011 zone, looking for a regular ksk rollover
1282014-11-15 18:16:50.447: debug: 	Check KSK status
1292014-11-15 18:16:50.447: debug: 	Check ZSK status
1302014-11-15 18:16:50.447: debug: 	Re-signing necessary: re-signing interval (1d) reached
1312014-11-15 18:16:50.447: notice: "sub.example.net.": re-signing triggered: re-signing interval (1d) reached
1322014-11-15 18:16:50.447: debug: 	Writing key file "././sub.example.net/dnskey.db"
1332014-11-15 18:16:50.447: debug: 	Incrementing serial number in file "././sub.example.net/zone.db"
1342014-11-15 18:16:50.447: debug: 	Signing zone "sub.example.net."
1352014-11-15 18:16:50.448: debug: 	  Run cmd "cd ././sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -3 DC5680 -C -g -p -d ../keysets -o sub.example.net. -e +172800  zone.db K*.private 2>&1"
1362014-11-15 18:16:50.572: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
1372014-11-15 18:16:50.572: debug: 	Signing completed after 0s.
1382014-11-15 18:16:54.202: debug: 	Check RFC5011 status
1392014-11-15 18:16:54.202: debug: 		->not a rfc5011 zone, looking for a regular ksk rollover
1402014-11-15 18:16:54.202: debug: 	Check KSK status
1412014-11-15 18:16:54.202: debug: 	Check ZSK status
1422014-11-15 18:16:54.202: debug: 	Re-signing not necessary!
1432014-11-15 18:16:54.202: debug: 	Check if there is a parent file to copy
1442014-11-15 18:17:06.918: debug: 	Check RFC5011 status
1452014-11-15 18:17:06.918: debug: 		->not a rfc5011 zone, looking for a regular ksk rollover
1462014-11-15 18:17:06.918: debug: 	Check KSK status
1472014-11-15 18:17:06.918: debug: 	Check ZSK status
1482014-11-15 18:17:06.918: debug: 	Re-signing not necessary!
1492014-11-15 18:17:06.918: debug: 	Check if there is a parent file to copy
1502014-11-15 18:17:17.242: debug: 	Check RFC5011 status
1512014-11-15 18:17:17.242: debug: 		->not a rfc5011 zone, looking for a regular ksk rollover
1522014-11-15 18:17:17.242: debug: 	Check KSK status
1532014-11-15 18:17:17.242: debug: 	Check ZSK status
1542014-11-15 18:17:17.242: debug: 	Re-signing not necessary!
1552014-11-15 18:17:17.242: debug: 	Check if there is a parent file to copy
1562014-11-17 19:12:44.029: debug: 	Check RFC5011 status
1572014-11-17 19:12:44.029: debug: 		->not a rfc5011 zone, looking for a regular ksk rollover
1582014-11-17 19:12:44.029: debug: 	Check KSK status
1592014-11-17 19:12:44.029: debug: 	Check ZSK status
1602014-11-17 19:12:44.029: debug: 	Lifetime(259200 +/-150 sec) of active key 21503 exceeded (263008 sec)
1612014-11-17 19:12:44.029: debug: 		->waiting for published key
1622014-11-17 19:12:44.029: notice: "sub.example.net.": lifetime of zone signing key 21503 exceeded since 1h3m28s: ZSK rollover deferred: waiting for published key
1632014-11-17 19:12:44.029: debug: 	New ZSK for publishing needed
1642014-11-17 19:12:44.110: debug: 		->creating new key 53867
1652014-11-17 19:12:44.110: info: "sub.example.net.": new zone signing key 53867 generated for publishing
1662014-11-17 19:12:44.110: debug: 	Re-signing necessary: Modified zone key set
1672014-11-17 19:12:44.110: notice: "sub.example.net.": re-signing triggered: Modified zone key set
1682014-11-17 19:12:44.110: debug: 	Writing key file "./sub.example.net/dnskey.db"
1692014-11-17 19:12:44.111: debug: 	Incrementing serial number in file "./sub.example.net/zone.db"
1702014-11-17 19:12:44.111: debug: 	Signing zone "sub.example.net."
1712014-11-17 19:12:44.111: debug: 	  Run cmd "cd ./sub.example.net; /usr/local/sbin/dnssec-signzone -n 1 -u -3 9F5882 -C -g -p -d ../keysets -o sub.example.net. -e +172800  zone.db K*.private 2>&1"
1722014-11-17 19:12:44.250: debug: 	  Cmd dnssec-signzone return: "zone.db.signed"
1732014-11-17 19:12:44.250: debug: 	Signing completed after 0s.
1742014-11-17 19:12:49.691: debug: 	Check RFC5011 status
1752014-11-17 19:12:49.691: debug: 		->not a rfc5011 zone, looking for a regular ksk rollover
1762014-11-17 19:12:49.691: debug: 	Check KSK status
1772014-11-17 19:12:49.691: debug: 	Check ZSK status
1782014-11-17 19:12:49.691: debug: 	Lifetime(259200 +/-150 sec) of active key 21503 exceeded (263013 sec)
1792014-11-17 19:12:49.691: debug: 		->waiting for published key
1802014-11-17 19:12:49.691: notice: "sub.example.net.": lifetime of zone signing key 21503 exceeded since 1h3m33s: ZSK rollover deferred: waiting for published key
1812014-11-17 19:12:49.692: debug: 	Re-signing not necessary!
1822014-11-17 19:12:49.692: debug: 	Check if there is a parent file to copy
1832014-11-17 19:13:02.603: debug: 	Check RFC5011 status
1842014-11-17 19:13:02.603: debug: 		->not a rfc5011 zone, looking for a regular ksk rollover
1852014-11-17 19:13:02.603: debug: 	Check KSK status
1862014-11-17 19:13:02.603: debug: 	Check ZSK status
1872014-11-17 19:13:02.603: debug: 	Lifetime(259200 +/-150 sec) of active key 21503 exceeded (263026 sec)
1882014-11-17 19:13:02.603: debug: 		->waiting for published key
1892014-11-17 19:13:02.603: notice: "sub.example.net.": lifetime of zone signing key 21503 exceeded since 1h3m46s: ZSK rollover deferred: waiting for published key
1902014-11-17 19:13:02.603: debug: 	Re-signing not necessary!
1912014-11-17 19:13:02.603: debug: 	Check if there is a parent file to copy
1922014-11-17 19:13:50.409: debug: 	Check RFC5011 status
1932014-11-17 19:13:50.409: debug: 		->not a rfc5011 zone, looking for a regular ksk rollover
1942014-11-17 19:13:50.409: debug: 	Check KSK status
1952014-11-17 19:13:50.409: debug: 	Check ZSK status
1962014-11-17 19:13:50.409: debug: 	Lifetime(259200 +/-150 sec) of active key 21503 exceeded (263074 sec)
1972014-11-17 19:13:50.409: debug: 		->waiting for published key
1982014-11-17 19:13:50.409: notice: "sub.example.net.": lifetime of zone signing key 21503 exceeded since 1h4m34s: ZSK rollover deferred: waiting for published key
1992014-11-17 19:13:50.409: debug: 	Re-signing not necessary!
2002014-11-17 19:13:50.409: debug: 	Check if there is a parent file to copy
2012014-11-17 19:13:54.302: debug: 	Check RFC5011 status
2022014-11-17 19:13:54.302: debug: 		->not a rfc5011 zone, looking for a regular ksk rollover
2032014-11-17 19:13:54.302: debug: 	Check KSK status
2042014-11-17 19:13:54.302: debug: 	Check ZSK status
2052014-11-17 19:13:54.302: debug: 	Lifetime(259200 +/-150 sec) of active key 21503 exceeded (263078 sec)
2062014-11-17 19:13:54.302: debug: 		->waiting for published key
2072014-11-17 19:13:54.302: notice: "sub.example.net.": lifetime of zone signing key 21503 exceeded since 1h4m38s: ZSK rollover deferred: waiting for published key
2082014-11-17 19:13:54.302: debug: 	Re-signing not necessary!
2092014-11-17 19:13:54.302: debug: 	Check if there is a parent file to copy
2102014-11-17 19:14:01.845: debug: 	Check RFC5011 status
2112014-11-17 19:14:01.846: debug: 		->not a rfc5011 zone, looking for a regular ksk rollover
2122014-11-17 19:14:01.846: debug: 	Check KSK status
2132014-11-17 19:14:01.846: debug: 	Check ZSK status
2142014-11-17 19:14:01.846: debug: 	Lifetime(259200 +/-150 sec) of active key 21503 exceeded (263085 sec)
2152014-11-17 19:14:01.846: debug: 		->waiting for published key
2162014-11-17 19:14:01.846: notice: "sub.example.net.": lifetime of zone signing key 21503 exceeded since 1h4m45s: ZSK rollover deferred: waiting for published key
2172014-11-17 19:14:01.846: debug: 	Re-signing not necessary!
2182014-11-17 19:14:01.846: debug: 	Check if there is a parent file to copy
219