dnssec-signzone
David Alexandre M. de Carvalho
david at di.ubi.pt
Mon Apr 6 15:05:12 UTC 2020
Hi all.
So I'm still fighting with dnssec in BIND 9.8.2 (oracle linux 6).
Unfortunately no automatic sigining before Bind 9.9, from what I read.
I can't sign my zone, I keep getting "dnssec-signzone: fatal: No signing keys specified or found."
By now I've tried to move the files generated with dnssec-keygen but no success.
I'm using bind-chroot and created a temp folder /var/named/my_keys. Here, I've created the 2 .key and .private files.
Since dnssec-signzone couldn't find the keys (even specifying -k or -K), I've copied them to /etc/pki/dnssec-keys and
run the command with the same result.
Now, I've copied all the key and private files to /var/named/chroot/var/named where my zone file exists (di.hosts)
running from there, I also get "dnssec-signzone: fatal: No signing keys specified or found."
I changed the owner and group to "named", and they are both readable.
Could anyone please tell me what am I doing wrong?
also, do I need to generate those 2 .key and .private files if I intend to sign my several reverse zones?
Thank you very much!
Regards
Os melhores cumprimentos
David Alexandre M. de Carvalho
---------------------------------------
Especialista de Informática
Departamento de Informática
Universidade da Beira Interior
More information about the bind-users
mailing list