inline dnssec loadkeys fails

Sat, 19 Dec 2015 16:58:37 -0800 

I have using the exact same rndc method to load inline signing keys as what 
worked yesterday, but today the same steps are failing? a stuck key?
[\u@yoda:/usr/local/etc/namedb] # rndc flush
[\u@yoda:/usr/local/etc/namedb] # rndc reconfig
[\u@yoda:/usr/local/etc/namedb] # rndc addzone domain.com in external '{type 
master; auto-dnssec maintain; inline-signing yes; key-directory 
"/home/mailer-domains/domain.com/"; file 
"/home/mailer-domains/domain.com/domain.com.external"; update-policy { grant 
ddns-key zonesub ANY; };};'
[\u@yoda:/usr/local/etc/namedb] # rndc loadkeys domain.com
[\u@yoda:/usr/local/etc/namedb] # rndc signing -nsec3param 1 0 10 03F92714 
domain.com.

[\u@yoda:/usr/local/etc/namedb] # rndc zonestatus domain.com
name: domain.com
type: master
files: /home/mailer-domains/domain.com/domain.com.external
serial: 2015121923
signed serial: 2015121931
nodes: 9
last loaded: Sun, 20 Dec 2015 00:07:01 GMT
secure: no
key maintenance: automatic
next key event: Sun, 20 Dec 2015 01:18:20 GMT
dynamic: yes
frozen: no


error:
20-Dec-2015 01:30:56.735 general: info: received control channel command 
'signing -nsec3param 1 0 10 03F92714 domain.com.'
20-Dec-2015 01:30:56.735 general: debug 1: setnsec3param: zone 
domain.com/IN/external (signed): enter
20-Dec-2015 01:30:56.735 general: error: zone domain.com/IN/external (signed): 
could not get zone keys for secure dynamic update

the keys are present, valid and correct permissions. no other errors

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to