Panic Time! Key Generation Question

Martin McCormick martin at dc.cis.okstate.edu
Wed Apr 27 07:37:10 UTC 2011


Torinthiel writes:
> Try deleting the space. Just this. dnssec-keygen inserts space for
> readability purposes only. If you still have original *.key and
> *.private files, you can check it yourself, that the Key field in
> *private contains exactly the same as *.key, minus the space.

It actually had the space, also. I did remove the space in the
.key file and dhcp dynamic updates started working again but I
am still really stuck. If I take those key files and put them in
/home/martin/keys, nsupdate -d -k
$HOME/keys/Kkeyname.+random.key, the error is always file not
found or that the private key is invalid. It's just the files as
produced by the dnssec-keygen program.

The output of nsupdate is always:

Creating key...
could not read key from /home/martin/keys/Kkey_name.+157+18051.private:
 private key is invalid

I get the same results by using the .key file although they are
specified clearly in the path.

	I've been doing dynamic dns for about 6 years and
decided to change the key as the old one may have been
compromised. It worked fine and this one works everywhere now
except for nsupdate.

I am at my wits' end. Thanks for the help. I do not understand
why nsupdate is now broken.



More information about the bind-users mailing list