And you were right...

Since the zone was not being signed, I enabled the logs for dnssec, and found this error message:

dnssec: zone unau.edu.ar/IN (signed): zone_rekey:dns_dnssec_keymgr failed: error occurred writing key to disk dnssec: zone unau.edu.ar/IN (signed): zone_rekey failure: error occurred writing key to disk (retry in 600 seconds)

So, to bypass it had to change permissions of my /var/cache/bind/keys directory to rwxrwxr-- (774) and all the files therein to rw-rw-r-- (664).


One step closer, thanks to all :-). Best regards



El 29/6/23 a las 03:16, Matthijs Mekking escribió:
I suspect permissions on the key-directory are not yet correct:

    key-directory "/var/cache/bind/keys";

On 6/28/23 22:35, Daniel Armando Rodriguez via bind-users wrote:
However, as soon as I added this

        dnssec-policy "default";
        inline-signing yes;

Error came up again :-(
--
________________________________________________
        *Daniel A. Rodriguez*
/Informática, Conectividad y Sistemas/
Universidad Nacional del Alto Uruguay
San Vicente - Misiones - Argentina
informatica.unau.edu.ar <https://informatica.unau.edu.ar>
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to