bind9/contrib/zkt-1.1.3/README

#
#	README  dnssec zone key tool
#
#	(c) March 2005 - Aug 2014 by  Holger Zuleger  hznet
#	(c) domaincmp() Aug 2005 by Karle Boss & H. Zuleger (kaho)
#	(c) zconf.c by Jeroen Masar & Holger Zuleger
#

For more information about the DNSSEC Zone Key Tool please
have a look at "http://www.hznet.de/dns/zkt/"

You can also subscribe to the zkt-users@sourceforge.net mailing list
on the following website: https://lists.sourceforge.net/lists/listinfo/zkt-users

The ZKT software is licenced under BSD (see LICENCE file)

To build the software:
a) Get the current version of zkt
	$ wget http://www.hznet.de/dns/zkt/zkt-1.1.tar.gz

b) Unpack
	$ tar xzvf zkt-1.1.tar.gz

c) Change to source directory
	$ cd zkt-1.1

d) Run configure script
	$ ./configure

e) Compile
	$ make

f) Install
	# make install
	# make install-man


Prepare your setup:
a) (optional) Install or rebuild the default dnssec.conf file 
	$ zkt-conf -d -w	# Install new file
		or
	$ zkt-conf -s -w	# rebuild existing file

b) (optional) Change default parameters
	$ zkt-conf -s -O "Zonedir: /var/named/zones" -w
		or use your prefered editor 
	$ vi /var/named/dnssec.conf
   (optional) You'll probably want to have zkt-ls work recursively
	$ zkt-conf -s -O "Recursive: True" -w

c) Prepare one of your zone for zkt
	$ cd /var/named/zones/net/example.net	# change dir to zone directory
	$ cp <zonefile> zone.db 		# copy and rename existing zone file to "zone.db"
	$ zkt-conf -w zone.db			# create local dnssec.conf file and include dnskey.db into zone file 

d) Prepare for initial signing
	$ cd /var/named/zones/net/example.net
	$ touch zone.db.signed
	$ zkt-signer -v -v -o example.net	# -o is ORIGIN (i.e. zone name)

e) Publish your zone
	@ add `zone.db.signed' as zone file to your name server
	@ publish DS contained in `dsset-example.net.' at your zone's parent