Configure winnetou as a DNSSEC enabled nameserver for the strongswan.org, org, and root zones

2013-02-14 13:32:04 +01:00 · 2013-02-14 13:32:04 +01:00 · 37c589f0e0
parent 3fbc328d14
commit 37c589f0e0
23 changed files with 378 additions and 2 deletions
--- a/testing/hosts/winnetou/etc/bind/K.+008+32329.key
+++ b/testing/hosts/winnetou/etc/bind/K.+008+32329.key
@ -0,0 +1,5 @@
+; This is a key-signing key, keyid 32329, for .
+; Created: 20130213194956 (Wed Feb 13 20:49:56 2013)
+; Publish: 20130213194956 (Wed Feb 13 20:49:56 2013)
+; Activate: 20130213194956 (Wed Feb 13 20:49:56 2013)
+. IN DNSKEY 257 3 8 AwEAAbcskaratFgvgvXl0bNq4I43ZBzd9jYnoPqsIcA0ahqXlUTUa+c2 XzN2mS7DGcI4Z5Gn+8v/Ih4lQJQrlf9I/c2HjooCAsK1bA5cRS2DiU+b L6Ge0nLtvNOf4C0MHGLrWcDONg5QoL0OcFvMXuUtOvDkoIMdtfDYDScx E9vSokc98Sx553/MTxpssXeM9i+OauGqohIZU+MVRdWwvJPieCL7Ma4b AttgG+KSbQy7x/qXPISoqzwGQvCxsL93fvD/cpp+KziqA0oH+Dfryvc5 nWdCdra4gYz7WCFFwcY1PW6PbL5ie4jnjl3WWxopuzT46HKROxDhE+FO O9fOgGnjzAk=
--- a/testing/hosts/winnetou/etc/bind/K.+008+32329.private
+++ b/testing/hosts/winnetou/etc/bind/K.+008+32329.private
@ -0,0 +1,13 @@
+Private-key-format: v1.3
+Algorithm: 8 (RSASHA256)
+Modulus: tyyRqtq0WC+C9eXRs2rgjjdkHN32Nieg+qwhwDRqGpeVRNRr5zZfM3aZLsMZwjhnkaf7y/8iHiVAlCuV/0j9zYeOigICwrVsDlxFLYOJT5svoZ7Scu2805/gLQwcYutZwM42DlCgvQ5wW8xe5S068OSggx218NgNJzET29KiRz3xLHnnf8xPGmyxd4z2L45q4aqiEhlT4xVF1bC8k+J4IvsxrhsC22Ab4pJtDLvH+pc8hKirPAZC8LGwv3d+8P9ymn4rOKoDSgf4N+vK9zmdZ0J2triBjPtYIUXBxjU9bo9svmJ7iOeOXdZbGim7NPjocpE7EOET4U47186AaePMCQ==
+PublicExponent: AQAB
+PrivateExponent: cOOQ6uFa4DZ32aBHuvGVb1CH7JqHER0fQx4utswW0Ei3f/IChj6mMYtYIM+w4lfszIHg1vpoRnfi8u5hxTFw6egvWrKejO1OqRMIt2Inj94uXscJIDeQdkRD3r9mBzjQ2di8y9m5For9iDXODiPv/WKJ4gS/iq08ffjrKkEILirduFpG+EcopBy4MJeAMAkATkRsATEHgEbyqulP7gMwAnQ6vXFbTybfZQWWSgANabGikKMmGroJMChBGJ2Q9c7mHVpXu2IhMqYRKHWmBA5v/OrEc21dNxRGXsZuq+iu3P8o5MLHgX6YDB9nB3OVb47Prg/BxHYdQid2PwX0A0qZeQ==
+Prime1: 2ovikMXe1sTJ2xYPHgofDMmDXUwgpHu/nsCbdDHhyHIMllLXWsefuAFGQug/DDDg69oZGhNkah53uU9XAEyy6uiFJKgnzBTqCg+QmuZnuiuiQ4QjZ/g2x6R2MvzTZLOAQOaOLA3GVsgOh5msyO1kaatES4m2Pbp3xF6CYkhVRlc=
+Prime2: 1pDSXUoE/dwWCebwJHyKLQ3RSGn1o3EHeKZKnqZpABMSPs7imeoVQVZomidjUjHxkB9jbE8nqN15U/Ui4WuZKM+LPbiknaC+h2Y8v6p3u5XQSR0l1cWwdo7BZtdUkcuqSwpL0mnwnmLc6ZQrr13GXnk3qm1ymXST3MFWCWjyRJ8=
+Exponent1: 02q1b8XrT6qpd2a8kxvJc85RZWTqwxPviDzdZaeHuygRYy6apHgu24toE/umWj3CqIag9+fAoSP+P+cvy9tmzfbILnD5puSoj7kE88RmnePuIhBnTAIDxFgl/Cc2vNkk/iPLb3SX5YW9AJK6Ytm75LlI5SZAhTCpAe9HhJpi3Bs=
+Exponent2: deHfEY3nLCnMmegdK46Yw6QBxU0hvYgN2MVT3dIDghz4OzWi3Xjz8I+urHLTaIcz9kCoeQsL+QSk8fGOFlbtMLTGBUT6e/eidfU/jvXzDkaCxoiTDt2r05cevoezWN6SUuP3QEUgA4TBZjsXvSNCJwlmAeZbvd+ElRZLVKQp5nU=
+Coefficient: mtSrbS9kgU1yoTaaY4C6jTnfa43wvHi9pGHW5TUSjRQ9YnCsxy6GiuhmCcKB4iDUzWvIHehfGF5A8UaIF4GvIWcSj1FYO1uBrre5mKMxk89Y7oGtwF2qVbpPHAL4GKHPOUzmfr0vR+nT1PFs1Gr1BF+hkYgluh05KEu0flOZoAk=
+Created: 20130213194956
+Publish: 20130213194956
+Activate: 20130213194956
--- a/testing/hosts/winnetou/etc/bind/K.+008+43749.key
+++ b/testing/hosts/winnetou/etc/bind/K.+008+43749.key
@ -0,0 +1,5 @@
+; This is a zone-signing key, keyid 43749, for .
+; Created: 20130213194939 (Wed Feb 13 20:49:39 2013)
+; Publish: 20130213194939 (Wed Feb 13 20:49:39 2013)
+; Activate: 20130213194939 (Wed Feb 13 20:49:39 2013)
+. IN DNSKEY 256 3 8 AwEAAdMS+CyW9m8yB6rwrqsdfMW41AWim1T/ehg4Un/9qADFEZN9T7NK 9PI+DD3Dr72Z2ZO4hrKXB2Xe0nlvsCUjTfCwdGqgz9YLv2WfXzqRksxF gQXmzAdG7JGH+7YmXq7AAF3246caa+wMXAGRdUUCiQf87CnAaZXJ1kUz wHw3Arp5
--- a/testing/hosts/winnetou/etc/bind/K.+008+43749.private
+++ b/testing/hosts/winnetou/etc/bind/K.+008+43749.private
@ -0,0 +1,13 @@
+Private-key-format: v1.3
+Algorithm: 8 (RSASHA256)
+Modulus: 0xL4LJb2bzIHqvCuqx18xbjUBaKbVP96GDhSf/2oAMURk31Ps0r08j4MPcOvvZnZk7iGspcHZd7SeW+wJSNN8LB0aqDP1gu/ZZ9fOpGSzEWBBebMB0bskYf7tiZersAAXfbjpxpr7AxcAZF1RQKJB/zsKcBplcnWRTPAfDcCunk=
+PublicExponent: AQAB
+PrivateExponent: MWEqtiPLG1B1AsSz2ExZuFf5IihcdpIeGjRy+IZ7G1L/PaX/U06h51okuv5gytaHVEvDF1zF2ks6qjY62zVbMhr69/a6XjP6QWtiDmJgAnOjRqnKs8ZfEE3rsdauDtPPUIclNr9LnJtOz32oVlvxQXn/zVCE421eKlIKZIS0AEE=
+Prime1: 8iaE9VEf9lmYEBM7m5Z/maTvP+RjYvmVx7gdnBDzHkw1ZZkc/27sSI1bvgPZ55ZSiH+324OHwQp3A5m2P9th1Q==
+Prime2: 3yVw5TpfBOSteVUMtkvUqI7o0TnUoMeGuKZyXUo8GfQz8oGKoZgmdBJTETmmV4gXPtaEMFUxD4PhJw5ralrkFQ==
+Exponent1: QPWeY2Tw6xhb16whKHr2HhSF7iDpnIqR6LL2loBhh/YvuOKbSdbK4iexvcawtRS5bU691tBxIZMaHEgnAPhsRQ==
+Exponent2: iw5B9BcT73CxydJ+QXuv4fpsizWGk0rDYX4X9pq0KVhMpuqjAWBXVi21Jh7O0e00zyvO5G+ySwDb5gLOXVCWoQ==
+Coefficient: b46+74v/ETHVVKxqdXZWf9r5RL/08AyxScYrT5qDXhJ+QeGZa1jRxrWp469FWltzliP68jLh2om6F4IjAK5o0g==
+Created: 20130213194939
+Publish: 20130213194939
+Activate: 20130213194939
--- a/testing/hosts/winnetou/etc/bind/Korg.+008+24285.key
+++ b/testing/hosts/winnetou/etc/bind/Korg.+008+24285.key
@ -0,0 +1,5 @@
+; This is a zone-signing key, keyid 24285, for org.
+; Created: 20130213191908 (Wed Feb 13 20:19:08 2013)
+; Publish: 20130213191908 (Wed Feb 13 20:19:08 2013)
+; Activate: 20130213191908 (Wed Feb 13 20:19:08 2013)
+org. IN DNSKEY 256 3 8 AwEAAa6IO30MFlgyj0hJLe0vqvHLr1/4kRCNl/Biz7VYwgzRkiYxHxLJ U+i8/r9rEWU85Q6WEt77xQ+HyxzwmoXpSaMtymYifNFZnvwl31CbkzIB FTtBUQ3BCKZjv0WgpLExDqAKgclCWBZ1PrHvDn1HTl6mMgCpiWothzkn zoNbB0g9
--- a/testing/hosts/winnetou/etc/bind/Korg.+008+24285.private
+++ b/testing/hosts/winnetou/etc/bind/Korg.+008+24285.private
@ -0,0 +1,13 @@
+Private-key-format: v1.3
+Algorithm: 8 (RSASHA256)
+Modulus: rog7fQwWWDKPSEkt7S+q8cuvX/iREI2X8GLPtVjCDNGSJjEfEslT6Lz+v2sRZTzlDpYS3vvFD4fLHPCahelJoy3KZiJ80Vme/CXfUJuTMgEVO0FRDcEIpmO/RaCksTEOoAqByUJYFnU+se8OfUdOXqYyAKmJai2HOSfOg1sHSD0=
+PublicExponent: AQAB
+PrivateExponent: Enac/HSL5Jasq7P6JM5XIi8vBVMRXZPtD+QUHxYdqSd+c4XcyKr9snBT7sIP3AreHHXp1ycBSMxPw2b8oc/1Fx5UcCdfL2Sygw2l9oDG2nVWX5taLZgNe1t+Bbsf7fqUxBu0fYHx42xvRHPNwV+8VsDa2TDGRImH8MlPuVbHt2E=
+Prime1: 375Bu+m6egBN6k2P82oE8mUuLVYnJDOQ90ipG6Vcfxy7HTzObX+Ismw171oMASLrwMV8UWohp8cbFiira/4ruQ==
+Prime2: x7G7d58Pycz+Wox3ez8/livTQ4wXYb/ykUzgycOVJaPPRX9siz10rVfl5Y3sXQlsR4xFSl6GKFAc11MbmS7qpQ==
+Exponent1: aPk+pgd28h6Kb8+MJkwrnf5St/qfyqBW924jyVDAIPM95u3MfBtF61BRzcaVs0LLEVqWhSwiNjF4R+E07CoIIQ==
+Exponent2: T3kaZJb3D5b3u02f13rqcXdrkrxUKeDcRptT8rhVyS8SNFRr/FYu8zXCFsOOx9ASOb9HbDuGJNENSVyX5TTYyQ==
+Coefficient: GsFR4s38eNTqazXvDLcSG+166dSIRRWUrIMR85veIchQY7lsFTRFEmwKX43OsXvSZUMIE2svwIgclhP/FefcUw==
+Created: 20130213191908
+Publish: 20130213191908
+Activate: 20130213191908
--- a/testing/hosts/winnetou/etc/bind/Korg.+008+51859.key
+++ b/testing/hosts/winnetou/etc/bind/Korg.+008+51859.key
@ -0,0 +1,5 @@
+; This is a key-signing key, keyid 51859, for org.
+; Created: 20130213191920 (Wed Feb 13 20:19:20 2013)
+; Publish: 20130213191920 (Wed Feb 13 20:19:20 2013)
+; Activate: 20130213191920 (Wed Feb 13 20:19:20 2013)
+org. IN DNSKEY 257 3 8 AwEAAfAyiINF1/fIyebiAZhG3kFxv1+j3D3TxNBPccbiVUgYSnse95mb mn40KgguCljoi6kDu10Qo+XUwpR78dGJiqvKfej7cz6wbIr5qu9Kv7f8 lJPRQ2igxZ/0ZCLXGbozRuQGy39klQeG98fwxNkzHqXRxkhyAgpY8E2B umRsi2Cca/vKF+6OpNx9b8RXIBcUTdhx0Vjg+3gYhSRR1rPB160sbaL+ v3Fxv9ZzOIY9ekforNxuqV9/U0DCiOhgpZC7H+5ShPb0VNzYvv0IwIAG VPVEJdh5SNPQ0LclPXcR3av+DpjvdY5oAOn/mLPCHjxBnzOl7Q3P43dL DtYdKb9mGnk=
--- a/testing/hosts/winnetou/etc/bind/Korg.+008+51859.private
+++ b/testing/hosts/winnetou/etc/bind/Korg.+008+51859.private
@ -0,0 +1,13 @@
+Private-key-format: v1.3
+Algorithm: 8 (RSASHA256)
+Modulus: 8DKIg0XX98jJ5uIBmEbeQXG/X6PcPdPE0E9xxuJVSBhKex73mZuafjQqCC4KWOiLqQO7XRCj5dTClHvx0YmKq8p96PtzPrBsivmq70q/t/yUk9FDaKDFn/RkItcZujNG5AbLf2SVB4b3x/DE2TMepdHGSHICCljwTYG6ZGyLYJxr+8oX7o6k3H1vxFcgFxRN2HHRWOD7eBiFJFHWs8HXrSxtov6/cXG/1nM4hj16R+is3G6pX39TQMKI6GClkLsf7lKE9vRU3Ni+/QjAgAZU9UQl2HlI09DQtyU9dxHdq/4OmO91jmgA6f+Ys8IePEGfM6XtDc/jd0sO1h0pv2YaeQ==
+PublicExponent: AQAB
+PrivateExponent: pJ69mNqhbZ0bYzW6Shcn9Ep1EqNHKsictvf7zocIU+TyBvfuUkSm2Z/+vqRvSwf1z9xS6TGiYr4yrXlU/nr5o0ugh7DuByT6/zSlxmLAiuR9H+HoBSlKyJnCl248n7TM/TL6/VB+Iy6JW2rUPtgeRR9EehpI87aI21Xx3SnXTFoUTP7Z9HwoWEPOaU1SfYvBDLjZ0GTtMJ4i/LRB/rC6sbetqru4MTCAhsr8VrcH6YsFu5JrlmG+/dTEi005DrZPUOnKaDf4w3TbgSeTfbFJmvpfOoJObGm+Pc1PtxgfVUVdDWGK/LSNbTdqPQkPGlOI1sUETFNMKOY0S66H5q44QQ==
+Prime1: /y8kGw8mAtAuvISUtlUao7srcSphvvMLpxvgOB22u2wgzD51VdPRr2Inv1SJN7SGoJ9ERNLnfBnc1KFBOqtvf5uOwHD4++U80H+qWS+1aNgmMEa+IQ5WamQSPvUWFkhF6TjJnwY4rATfK2FGh00n6O3IOMjDxYyDs/M/j62/VQ0=
+Prime2: 8PcgSGgYGveDwkocfVkF0uuWRMVtfY3O/tiYSuCfkFP/++7eKMXQekmBay+5a5YUSZ6UwDFqduC/tYIuvGBi0rv+lzZJ8ydz/sdmQ+aqS3/g6oerGaTUjRV560OKWCwiMIfwQqaN+ivXdBFgGCJnaah65wiQ9W0xeTJqORQxWB0=
+Exponent1: dL3+SJrPiu3u07PbzOZ2P317TFRVT2QlapfoJgQB+xBmmMniKBe1kATZpkBoXiGqjYUPWGUcHbw/OM9k5hBT/A8QaZ3FaoffIIunRRH8bjCkl+VlSf4jLp0Fc+Pv7NW3lhCyvJu+BYRdDJ1+BJwZrAhMVx4R4ih8gDDCXVrhc2k=
+Exponent2: QQvEuCb5UtY7yAevdxq/2rbjon7U1o6gMOUQ/y1xhUlXkY9igwkbBNewytlgKS2jHlhjeRodzidPONUCfrFaG97Jk9IA1lVxF3aGIZAzqhvEACtNQafgBJGmjp51yuVm+UjIz4UcUErjZx6FnR40Yi4rtw/16XpnX3r/d5b+1vU=
+Coefficient: hAE0/Fdc6enFMymrfGW8o4lDauKQj7yQ16hw3IoOlrRLUpXqLiEnk+J6kzkSqgiW+ZC2v5Qq8mTC/3Q//ddWgaLX/LlbItitTlhQCS7hlV33ZkyvLBBjonYztnI+LHnIkj/omjumEzeQGR40TAh4FAgByRNXG2IOrLavfR/iPC8=
+Created: 20130213191920
+Publish: 20130213191920
+Activate: 20130213191920
--- a/testing/hosts/winnetou/etc/bind/Kstrongswan.org.+008+00481.key
+++ b/testing/hosts/winnetou/etc/bind/Kstrongswan.org.+008+00481.key
@ -0,0 +1,5 @@
+; This is a key-signing key, keyid 481, for strongswan.org.
+; Created: 20130213175556 (Wed Feb 13 18:55:56 2013)
+; Publish: 20130213175556 (Wed Feb 13 18:55:56 2013)
+; Activate: 20130213175556 (Wed Feb 13 18:55:56 2013)
+strongswan.org. IN DNSKEY 257 3 8 AwEAAcXfcWvCGzQq80q9JX1Wvz0lwA/fi1XZmega350wGR8WdFCklvmK fAzNaf1CrvN3bH9Gl2VEEhkYMF6h6kVFTU7taspq5t0bLwgCK/nS8QzK TLWvzWdyVayiHfij1PPwnQV5FADBTE5mMEkmn82+PKg6jaKs3ANsc0BP bGSsGIxhUKliLxJEd+6KSl/+ouQD9RfCD5sz9NIF+IXv1ZGp2Rjf+6vK bPO8f0hmttwE/OzKyBgysLBbd6fw2pKOBhunVFmUYPaHM9zLTydzuSIA X9iSeM6HtAvlKgK0JGgPEFrX+jPG6wDvJfzzakx85rMkRGc31NFiFLqM ooWxy1674/U=
--- a/testing/hosts/winnetou/etc/bind/Kstrongswan.org.+008+00481.private
+++ b/testing/hosts/winnetou/etc/bind/Kstrongswan.org.+008+00481.private
@ -0,0 +1,13 @@
+Private-key-format: v1.3
+Algorithm: 8 (RSASHA256)
+Modulus: xd9xa8IbNCrzSr0lfVa/PSXAD9+LVdmZ6BrfnTAZHxZ0UKSW+Yp8DM1p/UKu83dsf0aXZUQSGRgwXqHqRUVNTu1qymrm3RsvCAIr+dLxDMpMta/NZ3JVrKId+KPU8/CdBXkUAMFMTmYwSSafzb48qDqNoqzcA2xzQE9sZKwYjGFQqWIvEkR37opKX/6i5AP1F8IPmzP00gX4he/VkanZGN/7q8ps87x/SGa23AT87MrIGDKwsFt3p/Dako4GG6dUWZRg9ocz3MtPJ3O5IgBf2JJ4zoe0C+UqArQkaA8QWtf6M8brAO8l/PNqTHzmsyREZzfU0WIUuoyihbHLXrvj9Q==
+PublicExponent: AQAB
+PrivateExponent: SIEdgEy5xx3N1B8Gs6yrmm5QuABDgAuh94iRU3miWt/RcxM8NuflmJNUOPbMQG4MFX76TqLotsVERAi0XPmN4FPig5U0TuR9EUQqdPo0VWlzPkfSzgr5Fa65qLfvegs6nhzFlZk+qqOLIeLDP5Jri4EZEPiiDacZfAEeSK0+uYDxxNCSShcYFqd9kIcqFS9pk0tcqVOZY55xjEHlk35+N08TvC+H6OnFyppz24TAuU9vqxtdGYEt6+BXnwG8MI6hCv16PkHJKeJVeC3tIl+cO+TYMMaWeI+8MXX+GIfyAOaAGj0pi3BnpUOiiLtwO0P3mi7mxB2/0Jzx2c8lLvLqaQ==
+Prime1: 8UFH1F2bt+1B2ssTHiPq+nqw/VYMTVUw+Hju79hVg2TugP0OEat00BqmZU4+bI1YscpwmWHZAU8wHvhMyjomol4+KplqxALXes3WMTijs9qXZIAX48yuakWyOrPLgUdNYwnvtcrC0vxJXk9G1lhOXDzHxmLD+HVd37SlUGvFvy8=
+Prime2: 0fdlpeBJzmDDLYz7GP2oCLhuxvUXl4xFKDDJMAikdjgpZI8wTHAyNOY9BQMZGDUkrozrxWzYpcDLyEuhVfQFl7fvlOy6c8cnHPar6JPLFhcV1g2tSiXGnUVfusVytwtDdApAPKVtFeaC3HX+jil0SmO4uqw6wXtkwwsH7aeMZhs=
+Exponent1: Utd/usSJ/BZUTrT805Sx02Dd9Z/eiY9/SVL9eQ5oDr5Rx6kdc6PUcME18gN0HAJNOn+xOnoG8hQnCftpIufk7ExAPJCBwNzY8SpNKomwbMnawn/ZtDdMjOFx2gZzEulRAXkf/uSpEZnf96pxQJkCD1ovn0e600459d8qBPt847E=
+Exponent2: Y+w99rwPw+Su3j2qvhDxZ/0F0y+O47OAsgjNpktmoVBG+rFeRfJbImuz/G+mAKxB4cP07IbJb9CZ6p97j2FLTBHgNdqXPUQ47ALEezHiw4eG/9CQeKoTpIMAdO1Ek7ILjuzV90au7G5ANtT8qQE3c7OTlVsjtzKXGG9mfYZwPaM=
+Coefficient: zqyn6OSkR2j10qY+a+Yma8kiOnUdcqvk1TW8CpG9+ch9T0mlCSiB7wPkWiIqkK8fP0qVkuurIvsxEARa0FFDTZDM5g5nJ8G26LsoNj1LA8hp0xH/UB/2pSXzo1Coc3f2VAuZEunFoNxEq0XBaZm4XLbPc3cOvVeL8WmSrf2K6lU=
+Created: 20130213175556
+Publish: 20130213175556
+Activate: 20130213175556
--- a/testing/hosts/winnetou/etc/bind/Kstrongswan.org.+008+09396.key
+++ b/testing/hosts/winnetou/etc/bind/Kstrongswan.org.+008+09396.key
@ -0,0 +1,5 @@
+; This is a zone-signing key, keyid 9396, for strongswan.org.
+; Created: 20130213175239 (Wed Feb 13 18:52:39 2013)
+; Publish: 20130213175239 (Wed Feb 13 18:52:39 2013)
+; Activate: 20130213175239 (Wed Feb 13 18:52:39 2013)
+strongswan.org. IN DNSKEY 256 3 8 AwEAAa5Lb6qTxuy4ZJBDoDStnmstIU5nAsliu6UKZ6imLEg2ufAXfz7f fOtIh2/QECp80GgUDBStMvVJfRjXeJUgavM8d0Ob/rJfl1uH/buyO7Yj D+64n9t29pEuFKSAR+tYyUYk5iTidqE/CNltNkps9wc1wBAxK8ouSVXd bNvV9pvZ
--- a/testing/hosts/winnetou/etc/bind/Kstrongswan.org.+008+09396.private
+++ b/testing/hosts/winnetou/etc/bind/Kstrongswan.org.+008+09396.private
@ -0,0 +1,13 @@
+Private-key-format: v1.3
+Algorithm: 8 (RSASHA256)
+Modulus: rktvqpPG7LhkkEOgNK2eay0hTmcCyWK7pQpnqKYsSDa58Bd/Pt9860iHb9AQKnzQaBQMFK0y9Ul9GNd4lSBq8zx3Q5v+sl+XW4f9u7I7tiMP7rif23b2kS4UpIBH61jJRiTmJOJ2oT8I2W02Smz3BzXAEDEryi5JVd1s29X2m9k=
+PublicExponent: AQAB
+PrivateExponent: rT8wnPZNGgnjc/60ZQha2p++ZodAHtt0N4XTKbEbfSBgzEUe52kQa3LppPvExebQ5VNf+sF6UJSesy2in2DczIqBOo2iftjKHXXWlnZN6ApN0v+oVmWxbvsEzODbeMOYklAzZd/QHvcNJCVHr+6WzxFlu5vnRwwF3vAEbFw+hIE=
+Prime1: 59ugOWNLFlyOP/m7iYkr3vrei7vhT0c1IvIlBYiDSX6Ns98reI21KFXHjAl7jfx0DjJXZBK4VYCfFm7/nFS7KQ==
+Prime2: wHFpgOLWd6AQfDscdkE7+rCHiaYKBADAUZ7smJni1rWFfQix+wm4qZRyrFjgT3mIZdWICJiFjh0qdrM9SvqhMQ==
+Exponent1: ndmuiaOKGV1GE1QoU4ip75MINEXjLSAjkvkcL1ozV7PrMUx8wgRoE1/jDPnfvljjgk7PpHgCO2Pn61QCfiJJkQ==
+Exponent2: vUKMdQIh1DIqJFNqEW7kkw5rrdcKwJcQjPUUUJv/OBP7fVVA3NfZsYVaJd+ecureVvBiwblml7ZdXbG3VPcZ8Q==
+Coefficient: D6wuDQKGBlZjXQov//tXMrwhWMFhNzXfBbZCSz7td3RLspi7TJkDBFIXmJolXCLpB+Y5TNOa/3FDA8rWEIQm9w==
+Created: 20130213175239
+Publish: 20130213175239
+Activate: 20130213175239
--- a/testing/hosts/winnetou/etc/bind/bind.keys
+++ b/testing/hosts/winnetou/etc/bind/bind.keys
@ -0,0 +1,46 @@
+/* $Id: bind.keys,v 1.7 2011/01/03 23:45:07 each Exp $ */
+# The bind.keys file is used to override the built-in DNSSEC trust anchors
+# which are included as part of BIND 9.  As of the current release, the only
+# trust anchors it contains are those for the DNS root zone ("."), and for
+# the ISC DNSSEC Lookaside Validation zone ("dlv.isc.org").  Trust anchors
+# for any other zones MUST be configured elsewhere; if they are configured
+# here, they will not be recognized or used by named.
+#
+# The built-in trust anchors are provided for convenience of configuration.
+# They are not activated within named.conf unless specifically switched on.
+# To use the built-in root key, set "dnssec-validation auto;" in
+# named.conf options.  To use the built-in DLV key, set
+# "dnssec-lookaside auto;".  Without these options being set,
+# the keys in this file are ignored.
+#
+# This file is NOT expected to be user-configured.
+#
+# These keys are current as of January 2011.  If any key fails to
+# initialize correctly, it may have expired.  In that event you should
+# replace this file with a current version.  The latest version of
+# bind.keys can always be obtained from ISC at https://www.isc.org/bind-keys.
+
+managed-keys {
+	# ISC DLV: See https://www.isc.org/solutions/dlv for details.
+        # NOTE: This key is activated by setting "dnssec-lookaside auto;"
+        # in named.conf.
+	dlv.isc.org. initial-key 257 3 5 "BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2
+		brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+
+		1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5
+		ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URk
+		Y62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboM
+		QKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VSt
+		TDN0YUuWrBNh";
+
+	# ROOT KEY: See https://data.iana.org/root-anchors/root-anchors.xml
+	# for current trust anchor information.
+        # NOTE: This key is activated by setting "dnssec-validation auto;"
+        # in named.conf.
+	. initial-key 257 3 8 "AwEAAbcskaratFgvgvXl0bNq4I43ZBzd9jYnoPqsIcA0ahqXlUTUa+c2
+		XzN2mS7DGcI4Z5Gn+8v/Ih4lQJQrlf9I/c2HjooCAsK1bA5cRS2DiU+b
+		L6Ge0nLtvNOf4C0MHGLrWcDONg5QoL0OcFvMXuUtOvDkoIMdtfDYDScx
+		E9vSokc98Sx553/MTxpssXeM9i+OauGqohIZU+MVRdWwvJPieCL7Ma4b
+		AttgG+KSbQy7x/qXPISoqzwGQvCxsL93fvD/cpp+KziqA0oH+Dfryvc5
+		nWdCdra4gYz7WCFFwcY1PW6PbL5ie4jnjl3WWxopuzT46HKROxDhE+FO
+		O9fOgGnjzAk=";
+};
--- a/testing/hosts/winnetou/etc/bind/db.org
+++ b/testing/hosts/winnetou/etc/bind/db.org
@ -0,0 +1,40 @@
+;
+; Zonefile for the org zone
+;
+$TTL	604800
+@		IN	SOA	ns1.org.	root.org. (
+				     1		; Serial
+				 604800		; Refresh
+				  86400		; Retry	
+				2419200		; Expire
+				 604800 )	; Negative Cache TTL
+;
+@		IN	NS	ns1.org.
+ns1		IN	A	192.168.0.150
+ns1		IN	AAAA	fe80::fcfd:c0ff:fea8:96
+;
+strongswan	IN	NS	ns1.strongswan.org.
+ns1.strongswan	IN	A	192.168.0.150
+ns1.strongswan	IN	AAAA	fe80::fcfd:c0ff:fea8:96
+;
+strongswan.org.	IN	DS	481 8 1 5B239B124E38890C1853F5ECF299DEDEB5537E55
+strongswan.org.	IN	DS	481 8 2 FEE6842CA2322347D818318D278A929E0B9FD82353B84AE94A6A4C7B 1DFB4FEE
+;
+; This is a zone-signing key, keyid 24285, for org.
+org.		IN	DNSKEY	256 3 8	(
+				AwEAAa6IO30MFlgyj0hJLe0vqvHLr1/4kRCNl/Biz7VYwgzRkiYxHxLJ
+				U+i8/r9rEWU85Q6WEt77xQ+HyxzwmoXpSaMtymYifNFZnvwl31CbkzIB
+				FTtBUQ3BCKZjv0WgpLExDqAKgclCWBZ1PrHvDn1HTl6mMgCpiWothzkn
+				zoNbB0g9
+				)
+;
+; This is a key-signing key, keyid 51859, for org.
+org.		IN	DNSKEY	257 3 8 (
+				AwEAAfAyiINF1/fIyebiAZhG3kFxv1+j3D3TxNBPccbiVUgYSnse95mb
+				mn40KgguCljoi6kDu10Qo+XUwpR78dGJiqvKfej7cz6wbIr5qu9Kv7f8
+				lJPRQ2igxZ/0ZCLXGbozRuQGy39klQeG98fwxNkzHqXRxkhyAgpY8E2B
+				umRsi2Cca/vKF+6OpNx9b8RXIBcUTdhx0Vjg+3gYhSRR1rPB160sbaL+
+				v3Fxv9ZzOIY9ekforNxuqV9/U0DCiOhgpZC7H+5ShPb0VNzYvv0IwIAG
+				VPVEJdh5SNPQ0LclPXcR3av+DpjvdY5oAOn/mLPCHjxBnzOl7Q3P43dL
+				DtYdKb9mGnk=
+				)
--- a/testing/hosts/winnetou/etc/bind/db.root
+++ b/testing/hosts/winnetou/etc/bind/db.root
@ -0,0 +1,40 @@
+;
+; Zonefile for the root zone
+;
+$TTL	604800
+@		IN	SOA	ns1.	root. (
+				     1		; Serial
+				 604800		; Refresh
+				  86400		; Retry	
+				2419200		; Expire
+				 604800 )	; Negative Cache TTL
+;
+@		IN	NS	ns1.
+ns1		IN	A	192.168.0.150
+ns1		IN	AAAA	fe80::fcfd:c0ff:fea8:96
+;
+org		IN	NS	ns1.org.
+ns1.org		IN	A	192.168.0.150
+ns1.org		IN	AAAA	fe80::fcfd:c0ff:fea8:96
+;
+org.		IN	DS 	51859 8 1 5075E7B1185CFCC744364EC45D2E03CBA6178929
+org.		IN	DS 	51859 8 2 9122D2557F70A8CE5CB14E85BF5D966848FC7016A0E2E021012F33B8 398770A9
+;
+; This is a zone-signing key, keyid 43749, for .
+.		IN	DNSKEY	256 3 8	(
+				AwEAAdMS+CyW9m8yB6rwrqsdfMW41AWim1T/ehg4Un/9qADFEZN9T7NK
+				9PI+DD3Dr72Z2ZO4hrKXB2Xe0nlvsCUjTfCwdGqgz9YLv2WfXzqRksxF
+				gQXmzAdG7JGH+7YmXq7AAF3246caa+wMXAGRdUUCiQf87CnAaZXJ1kUz
+				wHw3Arp5
+				)
+;
+; This is a key-signing key, keyid 32329, for .
+.		IN	DNSKEY	257 3 8	(
+				AwEAAbcskaratFgvgvXl0bNq4I43ZBzd9jYnoPqsIcA0ahqXlUTUa+c2
+				XzN2mS7DGcI4Z5Gn+8v/Ih4lQJQrlf9I/c2HjooCAsK1bA5cRS2DiU+b
+				L6Ge0nLtvNOf4C0MHGLrWcDONg5QoL0OcFvMXuUtOvDkoIMdtfDYDScx
+				E9vSokc98Sx553/MTxpssXeM9i+OauGqohIZU+MVRdWwvJPieCL7Ma4b
+				AttgG+KSbQy7x/qXPISoqzwGQvCxsL93fvD/cpp+KziqA0oH+Dfryvc5
+				nWdCdra4gYz7WCFFwcY1PW6PbL5ie4jnjl3WWxopuzT46HKROxDhE+FO
+				O9fOgGnjzAk=
+				)
--- a/testing/hosts/winnetou/etc/bind/db.strongswan.org
+++ b/testing/hosts/winnetou/etc/bind/db.strongswan.org
@ -0,0 +1,88 @@
+;
+; Zonefile for the strongswan.org zone
+;
+$TTL	604800
+@		IN	SOA	ns1.strongswan.org.	root.strongswan.org. (
+				     1			; Serial
+				 604800			; Refresh
+				  86400			; Retry	
+				2419200			; Expire
+				 604800 )		; Negative Cache TTL
+;
+@		IN	NS	ns1.strongswan.org.
+ns1		IN	A	192.168.0.150	
+ns1		IN	AAAA	fe80::fcfd:c0ff:fea8:96
+;
+moon		IN	A	192.168.0.1
+sun		IN	A	192.168.0.2
+mars		IN	A	192.168.0.5
+alice1		IN	A	192.168.0.50
+carol		IN	A	192.168.0.100
+winnetou	IN	A	192.168.0.150
+dave		IN	A	192.168.0.200
+;
+ip6-moon	IN	AAAA	fe80::fcfd:c0ff:fea8:01
+ip6-sun		IN	AAAA	fe80::fcfd:c0ff:fea8:02
+ip6-carol	IN	AAAA	fe80::fcfd:c0ff:fea8:64
+ip6-winnetou	IN	AAAA	fe80::fcfd:c0ff:fea8:96
+ip6-dave	IN	AAAA	fe80::fcfd:c0ff:fea8:c8
+;
+crl		IN	CNAME	winnetou.strongswan.org.
+ldap		IN	CNAME	winnetou.strongswan.org.
+ocsp		IN	CNAME	winnetou.strongswan.org.
+;
+moon		IN	IPSECKEY ( 10 1 2 192.168.0.1
+				AwEAAcovYz3Uu7oFhiFbFaAxL3P1MxJPCzObmuE7tkiwK0xGjg8B5jD7
+				75IZe3cI9dv/6n5JYoaWbXWs8TvV5Dd6GCHYLeEC6t+ZY7SJBBoLD592
+				t54hUKo5Ag4/pSpnfbuHnJhikeTxVC/i8ElOnFyVTU+qdaF6p7VmUvGx
+				bvvctGaX99C39SC8mQIFNlk40s0x8r7tMOdhpWwC2dyC8M3vydQ0R7ap
+				j3YortKsEnpKlQSDj2bnUX5eCwZyyBZUdLzmifc6b8bjxyssRUmN27w
+				LF7BJFWBv6U8lbMd3xCxTRWD/u+WqzdlEzI200quviilK9VsDpqAaVNe
+				EMKt4OJdTwoc=
+				)
+sun		IN	IPSECKEY ( 10 1 2 192.168.0.2
+				AwEAAd+VVIpn6Q5jaU//EN6p6A5cSfUfhBK0mFa2laFFZh/Y0h66AXqq
+				rQ3X917h7YNsSk68oowY9h9I3gOx7hNVBsJr2VjdYC+b0q5NTha09/A5
+				mimv/prYj6o0yawxoPjoDs9Yh7D7Kf+F8fkgk0stlHJZX66J7dNrFXbg
+				1xBld+Ep5Or2FbEZ9QWUpRQTuhdpNt/49YuxQ59DemY9IRbwsrKCHH0m
+				GrJsDdqeb0ap+8QvSXHjCt1fr9MNKWaAFAQLKQI4e0da1ntPCEQLeE83
+				3+NNRBgGufk0KqGT3eAXqrxa9AEIUJnVcPexQdqUMjcUpXFb8WNzRWB8
+				Egh3BDK6FsE=
+				)
+carol		IN	IPSECKEY ( 10 1 2 192.168.0.100
+				AwEAAdBdWU+BF7x4lyo+xHnr4UAOU89yQQuT5vdPoXzx6kRPsjYAuukt
+				gXR+SaLkQHw/YRgDPSKj5nzmmlOQf/rWRr+8O2q+C92aUICmkNvZGamo
+				5w2WlOMZ6T5dk2Hv+QM6xT/GzWyVr1dMYu/7tywD1Bw7aW/HqkRESDu6
+				q95VWu+Lzg6XlxCNEez0YsZrN/fC6BL2qzKAqMBbIHFW8OOnh+nEY4IF
+				5AzkZnFrw12GI72Z882pw97lyKwZhSz/GMQFBJx+rnNdw5P1IJwTlG5P
+				UdoDCte/Mcr1iiA+zOovx55x1GoGxduoXWU5egrf1MtalRf9Pc8Xr4q3
+				WEKTAmsZrVE=
+				)
+dave		IN	IPSECKEY ( 10 1 2 192.168.0.200
+				AwEAAcAH8lNvBVjmg0XT7wF6F1tzQ055f5uXRI5yClmFrqdswFA7jWO0
+				4jmvlduD2wr2X4Ng6dlBkSwSEhVkOgrzIYj8UgQT6BZF/44uYjyTYr4b
+				V2SVML9U/a1lYxBhBazpSdfeKJWkdxwjcJCqolZ719mwiyrQn2P2G7qH
+				10YgRuifpFcMs8jkMiIgpzevSMMc0OwhQPNyO5R0LEoUIy4dQJ9rU8GK
+				qmPmk/pdPQaAjpSNuCc1Y9M9vZrETs/XHmBCZXCIWJiz5VOHZ+r073E3
+				Gef9ibMuTj9g2XLvFhdDfU26FK9GkfuOwnWnhVK66diq9xw9Qqynk+8K
+				0J4a81Paq3U=
+				)
+;
+; This is a zone-signing key, keyid 9396, for strongswan.org.
+strongswan.org.	IN	DNSKEY	256 3 8	(
+				AwEAAa5Lb6qTxuy4ZJBDoDStnmstIU5nAsliu6UKZ6imLEg2ufAXfz7f
+				fOtIh2/QECp80GgUDBStMvVJfRjXeJUgavM8d0Ob/rJfl1uH/buyO7Yj
+				D+64n9t29pEuFKSAR+tYyUYk5iTidqE/CNltNkps9wc1wBAxK8ouSVXd
+				bNvV9pvZ
+				)
+;
+; This is a key-signing key, keyid 481, for strongswan.org.
+strongswan.org.	IN	DNSKEY	257 3 8	(
+				AwEAAcXfcWvCGzQq80q9JX1Wvz0lwA/fi1XZmega350wGR8WdFCklvmK
+			 	fAzNaf1CrvN3bH9Gl2VEEhkYMF6h6kVFTU7taspq5t0bLwgCK/nS8QzK
+				TLWvzWdyVayiHfij1PPwnQV5FADBTE5mMEkmn82+PKg6jaKs3ANsc0BP
+				bGSsGIxhUKliLxJEd+6KSl/+ouQD9RfCD5sz9NIF+IXv1ZGp2Rjf+6vK
+				bPO8f0hmttwE/OzKyBgysLBbd6fw2pKOBhunVFmUYPaHM9zLTydzuSIA
+				X9iSeM6HtAvlKgK0JGgPEFrX+jPG6wDvJfzzakx85rMkRGc31NFiFLqM
+				ooWxy1674/U=
+				)
--- a/testing/hosts/winnetou/etc/bind/dsset-.
+++ b/testing/hosts/winnetou/etc/bind/dsset-.
@ -0,0 +1,2 @@
+.			IN DS 32329 8 1 39BE767A8E8BCD4D7AF698144FF41701FEDC3BA1
+.			IN DS 32329 8 2 36B3DE82C971DF2A99AF3B00923A67A1DC956218E95A39335AF9768C 057FBBE0
--- a/testing/hosts/winnetou/etc/bind/dsset-org.
+++ b/testing/hosts/winnetou/etc/bind/dsset-org.
@ -0,0 +1,2 @@
+org.			IN DS 51859 8 1 5075E7B1185CFCC744364EC45D2E03CBA6178929
+org.			IN DS 51859 8 2 9122D2557F70A8CE5CB14E85BF5D966848FC7016A0E2E021012F33B8 398770A9
--- a/testing/hosts/winnetou/etc/bind/dsset-strongswan.org.
+++ b/testing/hosts/winnetou/etc/bind/dsset-strongswan.org.
@ -0,0 +1,2 @@
+strongswan.org.		IN DS 481 8 1 5B239B124E38890C1853F5ECF299DEDEB5537E55
+strongswan.org.		IN DS 481 8 2 FEE6842CA2322347D818318D278A929E0B9FD82353B84AE94A6A4C7B 1DFB4FEE
--- a/testing/hosts/winnetou/etc/bind/named.conf.default-zones
+++ b/testing/hosts/winnetou/etc/bind/named.conf.default-zones
@ -0,0 +1,23 @@
+// be authoritative for the localhost forward and reverse zones, and for
+// broadcast zones as per RFC 1912
+
+zone "localhost" {
+	type master;
+	file "/etc/bind/db.local";
+};
+
+zone "127.in-addr.arpa" {
+	type master;
+	file "/etc/bind/db.127";
+};
+
+zone "0.in-addr.arpa" {
+	type master;
+	file "/etc/bind/db.0";
+};
+
+zone "255.in-addr.arpa" {
+	type master;
+	file "/etc/bind/db.255";
+};
+
--- a/testing/hosts/winnetou/etc/bind/named.conf.local
+++ b/testing/hosts/winnetou/etc/bind/named.conf.local
@ -0,0 +1,18 @@
+//
+// Do any local configuration here
+//
+
+zone "." {
+        type master;
+        file "/etc/bind/db.root.signed";
+};
+
+zone "org" {
+        type master;
+        file "/etc/bind/db.org.signed";
+};
+
+zone "strongswan.org" {
+        type master;
+        file "/etc/bind/db.strongswan.org.signed";
+};
--- a/testing/scripts/build-baseimage
+++ b/testing/scripts/build-baseimage
@ -15,8 +15,8 @@ INC=build-essential,gperf,libgmp-dev,libldap2-dev,libcurl4-openssl-dev,ethtool
 INC=$INC,libxml2-dev,libtspi-dev,libsqlite3-dev,openssh-server,tcpdump,psmisc
 INC=$INC,openssl,vim,sqlite3,conntrack,gdb,cmake,libxerces-c2-dev,libltdl-dev
 INC=$INC,liblog4cxx10-dev,libboost-thread-dev,libboost-system-dev,git-core
-INC=$INC,less,acpid,acpi-support-base,libldns-dev,libunbound-dev
-SERVICES="apache2 dbus isc-dhcp-server slapd"
+INC=$INC,less,acpid,acpi-support-base,libldns-dev,libunbound-dev,dnsutils
+SERVICES="apache2 dbus isc-dhcp-server slapd bind9"
 INC=$INC,${SERVICES// /,}
 EXC=iptables

@ -67,6 +67,9 @@ do_on_exit graceful_umount $APTCACHE
 log_action "Running debootstrap ($BASEIMGSUITE, $BASEIMGARCH)"
 execute "debootstrap --arch=$BASEIMGARCH --include=$INC --exclude $EXC $BASEIMGSUITE $LOOPDIR $BASEIMGMIRROR"

+execute "mount -t proc none $LOOPDIR/proc"
+do_on_exit graceful_umount $LOOPDIR/proc
+
 for service in $SERVICES
 do
 	log_action "Stopping service $service"
--- a/testing/scripts/build-guestimages
+++ b/testing/scripts/build-guestimages
@ -57,6 +57,10 @@ do
 		execute_chroot "rm -rf /var/lib/ldap/*" 0
 		execute_chroot "slapadd -l /etc/ldap/ldif.txt -f /etc/ldap/slapd.conf" 0
 		execute_chroot "chown -R openldap:openldap /var/lib/ldap" 0
+		execute_chroot "dnssec-signzone -K /etc/bind -o strongswan.org. /etc/bind/db.strongswan.org" 0
+		execute_chroot "dnssec-signzone -K /etc/bind -o org. /etc/bind/db.org" 0
+		execute_chroot "dnssec-signzone -K /etc/bind -o . /etc/bind/db.root" 0
+		execute_chroot "update-rc.d bind9 defaults" 0
 	fi
 	sync
 	execute "umount $LOOPDIR" 0