new dnssec zone OK, error "zone_rekey:dns_zone_getdnsseckeys failed: not found" only in local bind logs ?
Sandro
lists at penguinpee.nl
Fri Oct 14 14:03:51 UTC 2022
On 14-10-2022 15:26, PGNet Dev wrote:
> zone "example.com" IN {
> type master; file "/namedb/master/example.com.zone";
> dnssec-policy "pgnd";
> key-directory "/keys/dnssec/example.com";
> update-policy { grant pgnd-external-rndc-key zonesub txt; };
> };
>
> what's the source of the "zone_rekey:dns_zone_getdnsseckeys"?
> specifically, what's not being found?
> have i missed/miconfig'd config, omitted a file/dir that current config expects, or is this a bug?
Did you check that BIND has access to key-directory?
In the example.com domain above you are using an absolute path. BIND
needs to be able to read and write in '/keys/dnssec/example.com'.
Normally this is a relative path. Relative to 'directory' option.
Think ownership, permission and things like SELinux, AppArmore depending
on your OS.
-- Sandro
More information about the bind-users
mailing list