Brad, FWIW, I personally like to reconfig then flush. Not that it will help you with the issue at hand but for me it keeps any blackholed domains from getting into cache.
John Sent from Nine<http://www.9folders.com/> From: Brad S <chronicjoke...@yahoo.com> Sent: Dec 19, 2015 6:54 PM To: bind-users@lists.isc.org;ma...@isc.org Subject: inline dnssec loadkeys fails I have using the exact same rndc method to load inline signing keys as what worked yesterday, but today the same steps are failing? a stuck key? [\u@yoda:/usr/local/etc/namedb] # rndc flush [\u@yoda:/usr/local/etc/namedb] # rndc reconfig [\u@yoda:/usr/local/etc/namedb] # rndc addzone domain.com in external '{type master; auto-dnssec maintain; inline-signing yes; key-directory "/home/mailer-domains/domain.com/"; file "/home/mailer-domains/domain.com/domain.com.external"; update-policy { grant ddns-key zonesub ANY; };};' [\u@yoda:/usr/local/etc/namedb] # rndc loadkeys domain.com [\u@yoda:/usr/local/etc/namedb] # rndc signing -nsec3param 1 0 10 03F92714 domain.com. [\u@yoda:/usr/local/etc/namedb] # rndc zonestatus domain.com name: domain.com type: master files: /home/mailer-domains/domain.com/domain.com.external serial: 2015121923 signed serial: 2015121931 nodes: 9 last loaded: Sun, 20 Dec 2015 00:07:01 GMT secure: no key maintenance: automatic next key event: Sun, 20 Dec 2015 01:18:20 GMT dynamic: yes frozen: no error: 20-Dec-2015 01:30:56.735 general: info: received control channel command 'signing -nsec3param 1 0 10 03F92714 domain.com.' 20-Dec-2015 01:30:56.735 general: debug 1: setnsec3param: zone domain.com/IN/external (signed): enter 20-Dec-2015 01:30:56.735 general: error: zone domain.com/IN/external (signed): could not get zone keys for secure dynamic update the keys are present, valid and correct permissions. no other errors
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
