Hello! That makes no difference.
dns_dnssec_keylistfromrdataset: error reading private key file bitcorner.de/RSASHA1/16938: file not found I think it must have something to do with the name itself, could it be? The key is named Kbitcorner.de.+005+16938.private but named is looking for a key named bitcorner.de/RSASHA1/16938 or is it just substituting? There are also other private keys in the keysfolder but named complains about these two private keys only. All privates have permissions -rw------- Aug 4 00:09:22 bitmachine1 named[8460]: running Aug 4 00:09:22 bitmachine1 named[8460]: zone bitcorner.de/IN: sending notifies (serial 2016080306) Aug 4 00:09:22 bitmachine1 named[8460]: zone bitcorner.de/IN: reconfiguring zone keys Aug 4 00:09:22 bitmachine1 named[8460]: dns_dnssec_keylistfromrdataset: error reading private key file bitcorner.de/RSASHA1/16938: file not found Aug 4 00:09:22 bitmachine1 named[8460]: dns_dnssec_keylistfromrdataset: error reading private key file bitcorner.de/RSASHA1/20464: file not found Aug 4 00:09:22 bitmachine1 named[8460]: zone bitcorner.de/IN: next key event: 04-Aug-2016 01:09:22.432 Also I don't understand what zone bitcorner.de/IN: reconfiguring zone keys means. Meanwhile I was able to sign the zones, the error remains. Greetings Andreas Volker Janzen <vol...@janzen.onl> schrieb am 03.08.16 um 17:58:46 Uhr: > Hi, > > you need to 'chown named' the keyfiles. The bind process is unable to read > the files belonging to root. > > > Regards > Volker > > > > Am 03.08.2016 um 18:33 schrieb Andreas Meyer <a.me...@nimmini.de>: > > > > Hello! > > > > Just subscribed to the list. I wanted to implement DNSSEC > > with bind but have not luck with this one. > > > > When named starts it says it can't read the private keys. > > > > dns_dnssec_keylistfromrdataset: error reading private key file > > bitcorner.de/RSASHA1/16938: file not found > > dns_dnssec_keylistfromrdataset: error reading private key file > > bitcorner.de/RSASHA1/20464: file not found > > > > The keyfolder looks like this: > > > > -rw-r--r-- 1 root root 433 3. Aug 17:32 Kbitcorner.de.+005+16938.key > > -rw------- 1 root root 1010 3. Aug 17:32 Kbitcorner.de.+005+16938.private > > -rw-r--r-- 1 root root 607 3. Aug 17:33 Kbitcorner.de.+005+20464.key > > -rw------- 1 root root 1774 3. Aug 17:33 Kbitcorner.de.+005+20464.private > > -rw-r--r-- 1 named named 728 3. Aug 17:39 managed-keys.bind > > -rw-r--r-- 1 named named 512 3. Aug 17:39 managed-keys.bind.jnl > > > > # ps aux |grep named > > named 1458 0.0 1.1 186264 23896 ? Ssl 17:38 0:00 > > /usr/sbin/named -u named > > > > Signing of a domain fails: > > > > # dnssec-signzone -K /var/lib/named/keys -e +3024000 -N INCREMENT > > master/bitcorner.de.zone > > dnssec-signzone: fatal: No signing keys specified or found. > > > > I'm confused. Why does named look for a key bitcorner.de/RSASHA1/16938 > > althoug it is > > named Kbitcorner.de.+005+16938.private ? > > > > I took named out of the chroot but that changes nothing. > > > > Glad about every hint! > > > > Andreas > > _______________________________________________ > > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > > unsubscribe from this list > > > > bind-users mailing list > > bind-users@lists.isc.org > > https://lists.isc.org/mailman/listinfo/bind-users _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
