named is not finding the keys for DNSSEC
Tony Finch
dot at dotat.at
Thu Aug 4 08:21:36 UTC 2016
Andreas Meyer <a.meyer at nimmini.de> wrote:
>
> dns_dnssec_keylistfromrdataset: error reading private key file bitcorner.de/RSASHA1/16938: file not found
>
> I think it must have something to do with the name itself, could it be?
>
> The key is named Kbitcorner.de.+005+16938.private but named is looking for
> a key named bitcorner.de/RSASHA1/16938 or is it just substituting?
The error message refers to the key ID rather than the filename - in more
recent versions it has been clarified to use the actual filename.
> There are also other private keys in the keysfolder but named complains
> about these two private keys only. All privates have permissions -rw-------
The error suggests to me that you have a key-directory mismatch, but you
seem to have that under control.
Are you chrooting named, and if so, does your inside-chroot and
outside-chroot match?
Stupid question: are the zones for the other keys actually signed?
> Also I don't understand what zone bitcorner.de/IN: reconfiguring zone keys
> means.
It means named is checking for any key changes.
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/ - I xn--zr8h punycode
Faeroes: North 4 or 5, becoming variable 3 later. Moderate, occasionally rough
at first in southeast. Showers. Good.
More information about the bind-users
mailing list