Hello! Just subscribed to the list. I wanted to implement DNSSEC with bind but have not luck with this one.
When named starts it says it can't read the private keys. dns_dnssec_keylistfromrdataset: error reading private key file bitcorner.de/RSASHA1/16938: file not found dns_dnssec_keylistfromrdataset: error reading private key file bitcorner.de/RSASHA1/20464: file not found The keyfolder looks like this: -rw-r--r-- 1 root root 433 3. Aug 17:32 Kbitcorner.de.+005+16938.key -rw------- 1 root root 1010 3. Aug 17:32 Kbitcorner.de.+005+16938.private -rw-r--r-- 1 root root 607 3. Aug 17:33 Kbitcorner.de.+005+20464.key -rw------- 1 root root 1774 3. Aug 17:33 Kbitcorner.de.+005+20464.private -rw-r--r-- 1 named named 728 3. Aug 17:39 managed-keys.bind -rw-r--r-- 1 named named 512 3. Aug 17:39 managed-keys.bind.jnl # ps aux |grep named named 1458 0.0 1.1 186264 23896 ? Ssl 17:38 0:00 /usr/sbin/named -u named Signing of a domain fails: # dnssec-signzone -K /var/lib/named/keys -e +3024000 -N INCREMENT master/bitcorner.de.zone dnssec-signzone: fatal: No signing keys specified or found. I'm confused. Why does named look for a key bitcorner.de/RSASHA1/16938 althoug it is named Kbitcorner.de.+005+16938.private ? I took named out of the chroot but that changes nothing. Glad about every hint! Andreas _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
