dnssec-signzone

[David Alexandre M. de Carvalho]

Hi all.
So I'm still fighting with dnssec in BIND 9.8.2 (oracle linux 6).
Unfortunately no automatic sigining before Bind 9.9, from what I read.

I can't sign my zone, I keep getting "dnssec-signzone: fatal: No signing keys specified or found."
By now I've tried to move the files generated with dnssec-keygen but no success.

I'm using bind-chroot and created a temp folder /var/named/my_keys. Here, I've created the 2 .key and .private files.
Since dnssec-signzone couldn't find the keys (even specifying -k or -K), I've copied them to /etc/pki/dnssec-keys and
run the command with the same result.
Now, I've copied all the key and private files to /var/named/chroot/var/named where my zone file exists (di.hosts)
running from there, I also get "dnssec-signzone: fatal: No signing keys specified or found."
I changed the owner and group to "named", and they are both readable.

Could anyone please tell me what am I doing wrong?

also, do I need to generate those 2 .key and .private files if I intend to sign my several reverse zones?
Thank you very much!
Regards



Os melhores cumprimentos
David Alexandre M. de Carvalho
---------------------------------------
Especialista de Informática
Departamento de Informática
Universidade da Beira Interior