zonesigner fails when calling named-checkzone

[mgrant0]

cd $named_primary_dir; /usr/sbin/zonesigner -genkeys -endtime +2678400 -zone $domain example.com example.com.signed

and I get some strange output:

        if zonesigner appears hung, strike keys until the program completes
        (see the "Entropy" section in the man page for details)

usage: named-checkzone [-djqvD] [-c class] [-f inputformat] [-F outputformat] [-J filename] [-s (full|relative)] [-t directory] [-w directory] [-k (ignore|warn|fail)] [-m (ignore|warn|fail)] [-n (ignore|warn|fail)] [-r (ignore|warn|fail)] [-i (full|full-sibling|local|local-sibling|none)] [-M (ignore|warn|fail)] [-S (ignore|warn|fail)] [-W (ignore|warn)] [-o filename] zonename filename
sh: 2: Zone: not found
sh: 3: Algorithm:: not found
sh: 4: ZSKs:: not found
sh: 5: example.com.signed: not found
problems with zone signing
usage: named-checkzone [-djqvD] [-c class] [-f inputformat] [-F outputformat] [-J filename] [-s (full|relative)] [-t directory] [-w directory] [-k (ignore|warn|fail)] [-m (ignore|warn|fail)] [-n (ignore|warn|fail)] [-r (ignore|warn|fail)] [-i (full|full-sibling|local|local-sibling|none)] [-M (ignore|warn|fail)] [-S (ignore|warn|fail)] [-W (ignore|warn)] [-o filename] zonename filename
sh: 2: Zone: not found
sh: 3: Algorithm:: not found
sh: 4: ZSKs:: not found
sh: 5: example.com.signed: not found

It seems that on line 2521:

        $szone = System_output($zscmd);

If the dnssec-signzone outputs some extra stuff, it gets appended to the named-checkzone command.

What I found is if I set -szopts -q when I run zonesigner, this passes the -q option to dnssec-signzone and it doesn’t print out all that extraneous output.

I suggest always passing the -q option to dnssec-signzone otherwise sometimes you get extra stuff back on stdout that you don't want to pass to the $zscmd.