On Feb 6 2011, Gilles Massen wrote:
I have a very peculiar behavior: a zone, signed by OpenDNSSEC and pushed
to Bind 9.7.2-P3 by scp was working fine. But now, completely out of the
blue, Bind decides to claim some authority over the zone: the SOA RRSIG
(only that one) is scrapped, and this is logged:
06-Feb-2011 15:10:59.373 general: warning: dns_dnssec_findzonekeys2:
error reading private key file dns.lu/RSASHA256/16129: file not found
06-Feb-2011 15:10:59.373 general: warning: dns_dnssec_findzonekeys2:
error reading private key file dns.lu/RSASHA256/13736: file not found
Additionally a journal file is build alongside the original zone file.
Why is this happening, and more importantly, how can I make it stop?
Restarting bind/removing the journal had no effect whatsoever!
BTW, another instance of 9.7.2-P3 gets the same zone, the same way, and
is still serving it normally.
Any help would be appreciated...
Presumably you are defining the zone to BIND as "type master".
Does your configuration also have an "allow-update" setting
(other than "none") for it, maybe only for the instance that
is giving you trouble? In that case BIND will take it that you
want it to do resigning as the RRSIGs approach expiry.
--
Chris Thompson
Email: c...@cam.ac.uk
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
