Andreas Meyer <a.me...@nimmini.de> wrote: > Tony Finch <d...@dotat.at> schrieb am 04.08.16 um 09:21:36 Uhr: > > > > The error message refers to the key ID rather than the filename - in more > > recent versions it has been clarified to use the actual filename. > > Is it possible to look for the filename without upgrading bind or is > there a fix for this?
There isn't much debug logging in this area so you probably have to use something like truss or strace. > > > There are also other private keys in the keysfolder but named complains > > > about these two private keys only. All privates have permissions > > > -rw------- > > > > The error suggests to me that you have a key-directory mismatch, but you > > seem to have that under control. > > hm, after I added > > update-policy local; > auto-dnssec maintain; > > to another signed zone, bind complains for this one too not finding > the keys. That suggets to me that you used dnssec-signzone rather than signing automatically with named. (I thought your other error-free zones were being signed by named, so in those cases it was successfully loading the keys. But if named isn't signing those zones it isn't trying to load their keys, so the lack of errors does not tell us anything about the erroneous zone.) So maybe you don't have key-directory under control after all :-) You should double check that named is looking in the right place. Tony. -- f.anthony.n.finch <d...@dotat.at> http://dotat.at/ - I xn--zr8h punycode Tyne, Dogger, Fisher, German Bight, Humber: Southwesterly, becoming cyclonic in north Fisher, 5 to 7, veering westerly or northwesterly 5 or 6 later. Moderate or rough, becoming slight or moderate. Showers. Good. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
