ksk in a volume
Noel Rocha
noel at noelrocha.com
Mon Jun 13 17:32:37 UTC 2011
Hello,
I'm having this error after add RR using nsupdate:
named[18254]: dns_dnssec_findzonekeys2: error reading private key file
my.zone.com/NSEC3RSASHA1/42969: file not found
Keytag 42969 is the KSK.
My named.conf is setup with the KSK to sign only dnskey:
-------------------------------------------------
options {
[..]
dnssec-dnskey-kskonly yes;
update-check-ksk yes;
}
-------------------------------------------------
Can't I store private ksk in my other machine for secutiry questions?
Can I ignoring this error?
Recommendations?
Thanks in advance,
Noel Rocha
On 06/10/2011 01:11 PM, Noel Rocha wrote:
> Hello,
>
> I have a question about dnssec when zones are dynamically updated and
> very time are changed for users.
>
> KSK needs be stored in "key-directory"? I want to store in unmounted
> volume and I will mount when is need.
>
> P.S: I have some KSKs and ZSKs.
>
> Thanks in advance,
> Noel Rocha
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
More information about the bind-users
mailing list