Stuck key in dnssec inline-signing

Brad S chronicjoker2u at
Wed Dec 16 12:50:40 UTC 2015

When I run the 

    rndc loadkey

command, in my logs I appear to have a stale key from an improper deletion.

    rndc reconfig

does not flush it out

error in logs:

    16-Dec-2015 02:22:29.983 general: warning: dns_dnssec_keylistfromrdataset: error reading private key file file not found 


named -v
BIND 9.10.3 <id:2799933>

How do I remove a stuck dnssec key from inline-signing in the rndc controls?

I tried to restart Bind, then delete the zone with rndc delzone and then reinsert the key as a way to kick the old key out. Not only did this not fix my error, now I get

    rndc addzone in external '{type slave; masters {; }; auto-dnssec maintain; inline-signing yes; key-directory "/home/mailer/"; file "/home/mailer/";};'
    rndc: 'addzone' failed: out of range
    dns_zone_loadnew failed: out of range

The command was working prior

new log error:

16-Dec-2015 03:06:16.359 general: error: zone (signed): journal rollforward failed: journal out of sync with zone
16-Dec-2015 03:06:16.359 general: error: zone (signed): not loaded due to errors.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the bind-users mailing list