Comment 3 for bug 1215093

My last statement is incorrect: the patch to "dnssec-tools.conf" is not sufficient. Apparently the contents of that file are only read by the tools if their command-lines are empty.

That means that zonesigner needs its set of options amended as previously described:

# zonesigner -szopts "-O full" -genkeys -usensec3 -zone ...