Stuck key in dnssec inline-signing
Brad S
chronicjoker2u at yahoo.com
Wed Dec 16 12:50:40 UTC 2015
When I run the
rndc loadkey domain.com
command, in my logs I appear to have a stale key from an improper deletion.
rndc reconfig
does not flush it out
error in logs:
16-Dec-2015 02:22:29.983 general: warning: dns_dnssec_keylistfromrdataset: error reading private key file domain.com/RSASHA256/39981: file not found
freebsd-version
10.1-RELEASE-p5
named -v
BIND 9.10.3 <id:2799933>
How do I remove a stuck dnssec key from inline-signing in the rndc controls?
Update:
I tried to restart Bind, then delete the zone with rndc delzone and then reinsert the key as a way to kick the old key out. Not only did this not fix my error, now I get
rndc addzone domain.com in external '{type slave; masters {108.61.190.64; }; auto-dnssec maintain; inline-signing yes; key-directory "/home/mailer/"; file "/home/mailer/domain.com.external";};'
rndc: 'addzone' failed: out of range
dns_zone_loadnew failed: out of range
The command was working prior
new log error:
16-Dec-2015 03:06:16.359 general: error: zone domain.com/IN/external (signed): journal rollforward failed: journal out of sync with zone
16-Dec-2015 03:06:16.359 general: error: zone domain.com/IN/external (signed): not loaded due to errors.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20151216/8190dac5/attachment.html>
More information about the bind-users
mailing list