dns_dnssec_findzonekeys2: error reading WHATEVER.private: file not found

[Niall O'Reilly]

Hello.

Using BIND 9.16.1-Ubuntu (Stable Release) <id:d497c32> because that’s
what’s most simply available on Ubuntu 20.04.3 LTS (Focal Fossa),
I’m seeing messages reporting that private key files can’t be found,
such as the one in the subject line. The files look to me to be
present as expected.

I shall be grateful for any helpful advice.

The relevant part of my configuration is further down.

This appeared to work as expected on a development server running
9.18 from the ISC PPA. For production purposes, we would prefer
to rely, if possible, on what is available without adding a PPA.

Best regards,
Niall O’Reilly


```
dnssec-policy onboarding {
    // This policy attempts to match or accommodate what zonefactory did
    // YMMV!
    dnskey-ttl 3600;
    keys {
        ksk lifetime 3650d algorithm rsasha256;
        zsk lifetime 3650d algorithm rsasha256;
    };
    max-zone-ttl 3600;
    parent-ds-ttl 86400;
    parent-propagation-delay 48h;
    publish-safety 7d;
    retire-safety 7d;
    signatures-refresh 5d;
    signatures-validity 30d;
    signatures-validity-dnskey 30d;
    zone-propagation-delay 2h;
};

zone "foo.ie" {
    type primary;
    update-policy local;
    file "/etc/bind/dynamic/foo.ie/db.foo.ie";
    key-directory "/etc/bind/dynamic/foo.ie/";
    masterfile-format text;

    dnssec-policy onboarding;   # Policy under test
    // dnssec-policy default;      # triggers retirement of existing keys

    // auto-dnssec maintain;       # continues use of existing keys

    notify explicit;            # Testing: don't propagate confusion! ;-)
    also-notify {
        downstream-in-house;
    };
    allow-transfer {
        key in-house.ns.my-own.net.;
    };
};
```
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20220223/0e18c6af/attachment.htm>