auto update signatures dnssec
Torinthiel
torinthiel at data.pl
Tue Dec 28 21:23:55 UTC 2010
fakessh @ pisze:
>>> zone "fakessh.eu" {
>>> type master;
>>> file "/var/named/fakessh.eu.hosts";
>>> auto-dnssec maintain;
>>> update-policy local;
>>> key-directory "/var/named/keyset-fakessh.eu";
>>> allow-transfer { 213.251.188.140;87.98.164.164;
>>> 195.234.42.1;94.23.59.30; };
>>> };
>>>
>>> is what the guidelines are good options
>>>
> hello responsible bind community.
>
> you gave me the answer, thank you to my question but I am having new
> problems.
>
> I encounter errors during the self resignatures
>
> i quote my multiple error :
>
> I do not know what it is
>
>
>
[cut most log entries]
> Dec 28 22:04:02 r13151
> named-sdb[24511]: /var/named/renelacroute.fr.hosts.jnl: create:
> permission denied
> Dec 28 22:04:02 r13151 named-sdb[24511]: dns_dnssec_findzonekeys2: error
> reading private key file fakessh.eu/DSA/9552: file not found
> Dec 28 22:04:02 r13151 named-sdb[24511]: dns_dnssec_findzonekeys2: error
> reading private key file fakessh.eu/DSA/47103: file not found
>
First, where are the key files, related to bind directory (the one in
options { directory })?
Are the names correctly given to bind?
it looks like bind cannot find them.
Second, you need to give the user runing bind (probably named) rights to
write to /var/named/renelacroute.fr.hosts.jnl directory.
Torinthiel
More information about the bind-users
mailing list