@lbutlr <krem...@kreme.com> wrote: > > key-directory in named.conf refers to the location for the .private key > files, the .key files need to go with the domain conf files.
In my setup, all the key files (.private and .key) are in the `key-directory`, all the zone files are in a "zone" directory, and configuration files are (mostly) in "etc". I'm not sure why you say the .key files "need" to go anywhere. As I understand it, `named` doesn't use the .key files, but various other tools expect them to be next to the .private files. > Also, though this is more obvious, make sure you set the owner to bind > for akk the key files, as when you create them they will almost > certainly be owned by root. Yes, I keep stubbing my toe on this problem. My `key-directory` is set-gid `named` so I just need to `chgrp +r` the .private files after doing anything with them. I'm not sure what is the right way to fix this, since it's hard for a program to know what the sysadmin's security model for a group is. Maybe setgid on the directory is enough of a hint? dunno. Tony. -- f.anthony.n.finch <d...@dotat.at> http://dotat.at/ a fair, free and open society _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
