"auto-dnssec maintain;" and key "missing or inactive and has no replacement"
Stephane Bortzmeyer
bortzmeyer at nic.fr
Fri Jul 26 06:52:04 UTC 2013
On Thu, Jul 25, 2013 at 12:05:35AM +0100,
Tony Finch <dot at dotat.at> wrote
a message of 21 lines which said:
> Obvious question: does BIND have permission to read the private key?
Yes, it runs (it is an experimental setup) as the same user which
owns the private key file.
> I guess it does since it managed to re-sign.
And to sign, the first time (the zone was unsigned). Indeed.
> Does the zone have only one key which is a KSK?
Yes. I tested with two keys, a KSK and a ZSK and the warning
disappears. Do you mean it is a spurious warning when there is only
one key (a CSK, as in co.uk)?
More information about the bind-users
mailing list