Re: named is not finding the keys for DNSSEC

2016-08-04 Thread Andreas Meyer
Hi! > Tony Finch schrieb am 04.08.16 um 09:21:36 Uhr: > > The error suggests to me that you have a key-directory mismatch, but you > > seem to have that under control. That was the right hint! I had no key-directory "/var/lib/named/keys"; specified in named.conf. There also is no key-directory

Re: named is not finding the keys for DNSSEC

2016-08-04 Thread Tony Finch
Andreas Meyer wrote: > Tony Finch schrieb am 04.08.16 um 09:21:36 Uhr: > > > > The error message refers to the key ID rather than the filename - in more > > recent versions it has been clarified to use the actual filename. > > Is it possible to look for the filename without upgrading bind or is >

Re: named is not finding the keys for DNSSEC

2016-08-04 Thread Andreas Meyer
Hello! Tony Finch schrieb am 04.08.16 um 09:21:36 Uhr: > > The key is named Kbitcorner.de.+005+16938.private but named is looking for > > a key named bitcorner.de/RSASHA1/16938 or is it just substituting? > > The error message refers to the key ID rather than the filename - in more > recent ver

Re: named is not finding the keys for DNSSEC

2016-08-04 Thread Tony Finch
Andreas Meyer wrote: > > dns_dnssec_keylistfromrdataset: error reading private key file > bitcorner.de/RSASHA1/16938: file not found > > I think it must have something to do with the name itself, could it be? > > The key is named Kbitcorner.de.+005+16938.private but named is looking for > a key n

Re: named is not finding the keys for DNSSEC

2016-08-03 Thread Andreas Meyer
Hello! That makes no difference. dns_dnssec_keylistfromrdataset: error reading private key file bitcorner.de/RSASHA1/16938: file not found I think it must have something to do with the name itself, could it be? The key is named Kbitcorner.de.+005+16938.private but named is looking for a key na

Re: named is not finding the keys for DNSSEC

2016-08-03 Thread Volker Janzen
Hi, you need to 'chown named' the keyfiles. The bind process is unable to read the files belonging to root. Regards Volker > Am 03.08.2016 um 18:33 schrieb Andreas Meyer : > > Hello! > > Just subscribed to the list. I wanted to implement DNSSEC > with bind but have not luck with this on

named is not finding the keys for DNSSEC

2016-08-03 Thread Andreas Meyer
Hello! Just subscribed to the list. I wanted to implement DNSSEC with bind but have not luck with this one. When named starts it says it can't read the private keys. dns_dnssec_keylistfromrdataset: error reading private key file bitcorner.de/RSASHA1/16938: file not found dns_dnssec_keylistfromr