bind makes RRSIG disappear?
Chris Thompson
cet1 at cam.ac.uk
Sun Feb 6 18:20:33 UTC 2011
On Feb 6 2011, Gilles Massen wrote:
>I have a very peculiar behavior: a zone, signed by OpenDNSSEC and pushed
>to Bind 9.7.2-P3 by scp was working fine. But now, completely out of the
>blue, Bind decides to claim some authority over the zone: the SOA RRSIG
>(only that one) is scrapped, and this is logged:
>
>06-Feb-2011 15:10:59.373 general: warning: dns_dnssec_findzonekeys2:
>error reading private key file dns.lu/RSASHA256/16129: file not found
>06-Feb-2011 15:10:59.373 general: warning: dns_dnssec_findzonekeys2:
>error reading private key file dns.lu/RSASHA256/13736: file not found
>
>Additionally a journal file is build alongside the original zone file.
>
>Why is this happening, and more importantly, how can I make it stop?
>Restarting bind/removing the journal had no effect whatsoever!
>
>BTW, another instance of 9.7.2-P3 gets the same zone, the same way, and
>is still serving it normally.
>
>Any help would be appreciated...
Presumably you are defining the zone to BIND as "type master".
Does your configuration also have an "allow-update" setting
(other than "none") for it, maybe only for the instance that
is giving you trouble? In that case BIND will take it that you
want it to do resigning as the RRSIGs approach expiry.
--
Chris Thompson
Email: cet1 at cam.ac.uk
More information about the bind-users
mailing list