do not stupidly delete ZSK files
David Newman
dnewman at networktest.com
Thu Jul 30 02:29:29 UTC 2015
On 7/29/15 6:24 PM, Evan Hunt wrote:
> On Wed, Jul 29, 2015 at 05:56:20PM -0700, David Newman wrote:
>> 29-Jul-2015 17:18:19.439 general: warning:
>> dns_dnssec_keylistfromrdataset: error reading private key file
>> example.com/RSASHA256/36114: file not found
>
> Delete that key from the DNSKEY rrset in the zone and reload.
>
> If it's a dynamic zone, freeze it first, then edit the zone file,
> delete the key, increase the serial number, and thaw it.
>
> If it's not dynamic, same instructions, but without the freezing
> and thawing.
Thanks very much.
It's a static zone. The zone file did not have the key in it.
I dumped the signed file like this:
named-compilezone -f raw -F text -o example.com.text example.com
example.com.db.signed
Then incremented the serial number and copied that over to the zone file
(after making a backup copy).
Same complaint in the log when reloading, though.
What else is required to get rid of this nonexistent key?
Thanks again
dn
in named.conf:
zone "example.com" in {
type master;
file "dynamic/example.com/example.com.db";
allow-query { any; };
allow-transfer { external-xfer; };
notify yes;
key-directory "managed-keys/example.com";
inline-signing yes;
auto-dnssec maintain;
};
More information about the bind-users
mailing list