Hello,
I'm having this error after add RR using nsupdate:
named[18254]: dns_dnssec_findzonekeys2: error reading private key file
my.zone.com/NSEC3RSASHA1/42969: file not found
Keytag 42969 is the KSK.
My named.conf is setup with the KSK to sign only dnskey:
-------------------------------------------------
options {
[..]
dnssec-dnskey-kskonly yes;
update-check-ksk yes;
}
-------------------------------------------------
Can't I store private ksk in my other machine for secutiry questions?
Can I ignoring this error?
Recommendations?
Thanks in advance,
Noel Rocha
On 06/10/2011 01:11 PM, Noel Rocha wrote:
Hello,
I have a question about dnssec when zones are dynamically updated and
very time are changed for users.
KSK needs be stored in "key-directory"? I want to store in unmounted
volume and I will mount when is need.
P.S: I have some KSKs and ZSKs.
Thanks in advance,
Noel Rocha
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
