diff -r 4807ad9b8d19 -r ef4b45dd7618 dnssec-killkey
--- a/dnssec-killkey	Tue Aug 10 16:38:46 2010 +0200
+++ b/dnssec-killkey	Wed Aug 11 11:15:49 2010 +0200
@@ -50,6 +50,23 @@
         if ( -e "$zdir/keyset-$zone." ) { unlink "$zdir/keyset-$zone." }
         for (`ls $master_dir/$zone/K*[key,private]`) { unlink $_ }
     }
+
+    open( ZONE, "$master_dir/$zone/$zone" )
+        or die "$master_dir/$zone/$zone: $!\n";
+    @old_zone_content = <ZONE>;
+    close(ZONE);
+
+    for (@old_zone_content) {
+        unless (/dnssec-(ksk|zsk)/) {
+            push @new_zone_content, $_;
+        }
+    }
+
+    open( ZONE, ">$master_dir/$zone/$zone" )
+        or die "$master_dir/$zone/$zone: $!\n";
+    print ZONE @new_zone_content;
+    close(ZONE);
+
 }
 
 # beendet den key-rollover
@@ -114,17 +131,18 @@
     my $zone             = $_;
     my @old_zone_content = ();
     my @new_zone_content = ();
-    my @keylist          = ();
+    my @kkeylist         = ();
+    my @zkeylist         = ();
     my $file;
 
     open( INDEX, "$master_dir/$zone/.index.zsk" )
         or die "$master_dir/$zone/.index.zsk: $!\n";
-    @keylist = <INDEX>;
+    @zkeylist = <INDEX>;
     close(INDEX);
 
     open( INDEX, "$master_dir/$zone/.index.ksk" )
         or die "$master_dir/$zone/.index.ksk: $!\n";
-    push @keylist, <INDEX>;
+    @kkeylist = <INDEX>;
     close(INDEX);
 
     open( ZONE, "$master_dir/$zone/$zone" )
@@ -134,7 +152,7 @@
 
     # kuerzt die schluessel-bezeichnung aus der indexdatei auf die
     # id um sie besser vergleichen zu koennen.
-    for (@keylist) {
+    for (@kkeylist, @zkeylist) {
         chomp;
         s#K.*\+.*\+(.*)#$1#;
     }
@@ -142,7 +160,7 @@
     # filtert alle schluessel aus der zonedatei
     # old_zone_content ==> new_zone_content
     for (@old_zone_content) {
-        unless (/IN\sDNSKEY/) {
+        unless (/dnssec-(ksk|zsk)/) {
             push @new_zone_content, $_;
         }
     }
@@ -154,7 +172,7 @@
         $file = $_;
         my $rm_count = 1;
 
-        for (@keylist) {
+        for (@zkeylist) {
 
             if ( $file =~ /$_/ ) {
                 $rm_count = 0;
@@ -162,9 +180,25 @@
                 # schluessel die in der indexdatei standen, werden an die
                 # zonedatei angehangen.
                 if ( $file =~ /.*key/ ) {
-                    open( KEYFILE, "$file" ) or die "$file: $!\n";
-                    push @new_zone_content, <KEYFILE>;
-                    close(KEYFILE);
+
+                    $file =~ s#/.*/(K.*)#$1#;
+                    push @new_zone_content, "\$include $file\t\t; dnssec-zsk\n" ;
+
+                    last;
+                }
+            }
+        }
+        for (@kkeylist) {
+
+            if ( $file =~ /$_/ ) {
+                $rm_count = 0;
+
+                # schluessel die in der indexdatei standen, werden an die
+                # zonedatei angehangen.
+                if ( $file =~ /.*key/ ) {
+
+                    $file =~ s#/.*/(K.*)#$1#;
+                    push @new_zone_content, "\$include $file\t\t; dnssec-ksk\n" ;
 
                     last;
                 }