Hi all. So I'm still fighting with dnssec in BIND 9.8.2 (oracle linux 6). Unfortunately no automatic sigining before Bind 9.9, from what I read.
I can't sign my zone, I keep getting "dnssec-signzone: fatal: No signing keys specified or found." By now I've tried to move the files generated with dnssec-keygen but no success. I'm using bind-chroot and created a temp folder /var/named/my_keys. Here, I've created the 2 .key and .private files. Since dnssec-signzone couldn't find the keys (even specifying -k or -K), I've copied them to /etc/pki/dnssec-keys and run the command with the same result. Now, I've copied all the key and private files to /var/named/chroot/var/named where my zone file exists (di.hosts) running from there, I also get "dnssec-signzone: fatal: No signing keys specified or found." I changed the owner and group to "named", and they are both readable. Could anyone please tell me what am I doing wrong? also, do I need to generate those 2 .key and .private files if I intend to sign my several reverse zones? Thank you very much! Regards Os melhores cumprimentos David Alexandre M. de Carvalho --------------------------------------- Especialista de Informática Departamento de Informática Universidade da Beira Interior _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
