diff -up bind-9.3.6-P1/bin/dnssec/dnssec-signzone.8.directory bind-9.3.6-P1/bin/dnssec/dnssec-signzone.8 --- bind-9.3.6-P1/bin/dnssec/dnssec-signzone.8.directory 2008-10-16 03:19:52.000000000 +0200 +++ bind-9.3.6-P1/bin/dnssec/dnssec-signzone.8 2009-02-23 15:07:49.000000000 +0100 @@ -71,6 +71,11 @@ files in as the directory .RE .PP +\-D \fIdirectory\fR +Look for zone signing keys in +\fBdirectory\fR +as the directory +.TP 3n \-g .RS 4 Generate DS records for child zones from keyset files. Existing DS records will be removed. diff -up bind-9.3.6-P1/bin/dnssec/dnssec-signzone.c.directory bind-9.3.6-P1/bin/dnssec/dnssec-signzone.c --- bind-9.3.6-P1/bin/dnssec/dnssec-signzone.c.directory 2008-06-02 02:26:20.000000000 +0200 +++ bind-9.3.6-P1/bin/dnssec/dnssec-signzone.c 2009-02-23 15:06:16.000000000 +0100 @@ -107,6 +107,7 @@ static const dns_master_style_t *masters static unsigned int nsigned = 0, nretained = 0, ndropped = 0; static unsigned int nverified = 0, nverifyfailed = 0; static const char *directory; +static const char *key_directory; static isc_mutex_t namelock, statslock; static isc_taskmgr_t *taskmgr = NULL; static dns_db_t *gdb; /* The database */ @@ -1341,8 +1342,12 @@ loadzonekeys(dns_db_t *db) { fatal("failed to find the zone's origin: %s", isc_result_totext(result)); - result = dns_dnssec_findzonekeys(db, currentversion, node, gorigin, - mctx, 20, keys, &nkeys); + if (key_directory == NULL) + result = dns_dnssec_findzonekeys(db, currentversion, node, gorigin, + mctx, 20, keys, &nkeys); + else + result = dns_dnssec_findzonekeys2(db, currentversion, node, gorigin, + key_directory, mctx, 20, keys, &nkeys); if (result == ISC_R_NOTFOUND) result = ISC_R_SUCCESS; if (result != ISC_R_SUCCESS) @@ -1604,6 +1609,8 @@ usage(void) { fprintf(stderr, "\t-c class (IN)\n"); fprintf(stderr, "\t-d directory\n"); fprintf(stderr, "\t\tdirectory to find keyset files (.)\n"); + fprintf(stderr, "\t-D directory\n"); + fprintf(stderr, "\t\tdirectory to find zone signing keys (.)\n"); fprintf(stderr, "\t-g:\t"); fprintf(stderr, "generate DS records from keyset files\n"); fprintf(stderr, "\t-s [YYYYMMDDHHMMSS|+offset]:\n"); @@ -1705,7 +1712,7 @@ main(int argc, char *argv[]) { dns_result_register(); while ((ch = isc_commandline_parse(argc, argv, - "ac:d:e:f:ghi:k:l:n:o:pr:s:Stv:z")) + "ac:d:D:e:f:ghi:k:l:n:o:pr:s:Stv:z")) != -1) { switch (ch) { case 'a': @@ -1720,6 +1727,10 @@ main(int argc, char *argv[]) { directory = isc_commandline_argument; break; + case 'D': + key_directory = isc_commandline_argument; + break; + case 'e': endstr = isc_commandline_argument; break;