new dnssec zone OK, error "zone_rekey:dns_zone_getdnsseckeys failed: not found" only in local bind logs ?

Mon Oct 17 02:09:57 UTC 2022

>> is there a way to determine what data is being attempted to write to which file/location on disk?
>> or, generally, any more detail about what "error occurred" ?
> 
> It will be attempting to write into the key-directory for the zone as defined by named.conf. It will be creating a new file and then renaming that to replace one of the exisiting files associated with that key, the .private or .state (I haven’t looked to see which) with updated content.

hm. thx.

the "key-directory for the zone as defined by named.conf" is correctly permed, and where bind9 successfully created/wrote the initial KSK/ZSK files.

hm.  i've got something else going on.  smells like pebkac.

time to try a clean install ...