Good Afternoon,
I have a newly configured bind9 server with two dynamic zones that I
cannot seem to get working. I've ensured I have a key-directory
configured and I've confirmed that the keys exist and are readable by
bind but I'm unable to resolve the issue. The zones themselves work
fine, but dynamic updates are failing. If it's relevant, bind is
running inside an LXD container.
Logs:
Mar 29 15:50:39 bind named[99]: client 192.168.0.3#2093/key
ddns_update: signer "ddns_update" approved
Mar 29 15:50:39 bind named[99]: client 192.168.0.3#2093/key
ddns_update: updating zone 'mcguire.local/IN': adding an RR at 'am335x-
opt.mcguire.local' A 192.168.0.165
Mar 29 15:50:39 bind named[99]: client 192.168.0.3#2093/key
ddns_update: updating zone 'mcguire.local/IN': adding an RR at 'am335x-
opt.mcguire.local' TXT "3154a902d1b045a4064274c0d6b5
Mar 29 15:50:39 bind named[99]: dns_dnssec_findzonekeys2: error reading
private key file mcguire.local/RSASHA256/43356: file not found
Mar 29 15:50:39 bind named[99]: dns_dnssec_findzonekeys2: error reading
private key file mcguire.local/RSASHA256/43345: file not found
Mar 29 15:50:39 bind named[99]: client 192.168.0.3#2093/key
ddns_update: updating zone 'mcguire.local/IN': found no active private
keys, unable to generate any signatures
Mar 29 15:50:39 bind named[99]: client 192.168.0.3#2093/key
ddns_update: updating zone 'mcguire.local/IN': RRSIG/NSEC/NSEC3 update
failed: not found
Zone config:
zone "0.168.192.in-addr.arpa" IN {
type master;
file "/etc/bind/zones/db.0.168.192.in-addr.arpa.signed";
auto-dnssec maintain;
key-directory "/etc/bind/keys";
inline-signing yes;
allow-update { key DDNS_UPDATE; };
};
zone "mcguire.local" IN {
type master;
file "/etc/bind/zones/db.mcguire.local.signed";
auto-dnssec maintain;
key-directory "/etc/bind/keys";
inline-signing yes;
allow-update { key DDNS_UPDATE; };
};
Key directory and relevant keys:
File: /etc/bind/keys/
[...]
Access: (0755/drwxr-xr-x) Uid: ( 0/ root) Gid:
( 112/ bind)
-rw-r--r-- 1 bind bind 627 Mar 28 12:11 K0.168.192.in-
addr.arpa.+008+04239.key
-rw-r----- 1 bind bind 1776 Mar 28 12:11 K0.168.192.in-
addr.arpa.+008+04239.private
-rw-r--r-- 1 bind bind 972 Mar 28 12:12 K0.168.192.in-
addr.arpa.+008+05959.key
-rw-r----- 1 bind bind 3316 Mar 28 12:12 K0.168.192.in-
addr.arpa.+008+05959.private
-rw-r--r-- 1 bind bind 955 Mar 28 12:11 Kmcguire.local.+008+43345.key
-rw-r----- 1 bind bind 3316 Mar 28 12:11
Kmcguire.local.+008+43345.private
-rw-r--r-- 1 bind bind 610 Mar 28 12:11 Kmcguire.local.+008+43356.key
-rw-r----- 1 bind bind 1776 Mar 28 12:11
Kmcguire.local.+008+43356.private
Any ideas?
Regards,
-Ryan_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
