inline dnssec loadkeys fails

Brad S chronicjoker2u at
Sun Dec 20 00:53:57 UTC 2015

I have using the exact same rndc method to load inline signing keys as what worked yesterday, but today the same steps are failing? a stuck key?
[\u at yoda:/usr/local/etc/namedb] # rndc flush
[\u at yoda:/usr/local/etc/namedb] # rndc reconfig
[\u at yoda:/usr/local/etc/namedb] # rndc addzone in external '{type master; auto-dnssec maintain; inline-signing yes; key-directory "/home/mailer-domains/"; file "/home/mailer-domains/"; update-policy { grant ddns-key zonesub ANY; };};'
[\u at yoda:/usr/local/etc/namedb] # rndc loadkeys
[\u at yoda:/usr/local/etc/namedb] # rndc signing -nsec3param 1 0 10 03F92714

[\u at yoda:/usr/local/etc/namedb] # rndc zonestatus
type: master
files: /home/mailer-domains/
serial: 2015121923
signed serial: 2015121931
nodes: 9
last loaded: Sun, 20 Dec 2015 00:07:01 GMT
secure: no
key maintenance: automatic
next key event: Sun, 20 Dec 2015 01:18:20 GMT
dynamic: yes
frozen: no

20-Dec-2015 01:30:56.735 general: info: received control channel command 'signing -nsec3param 1 0 10 03F92714'
20-Dec-2015 01:30:56.735 general: debug 1: setnsec3param: zone (signed): enter
20-Dec-2015 01:30:56.735 general: error: zone (signed): could not get zone keys for secure dynamic update

the keys are present, valid and correct permissions. no other errors
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the bind-users mailing list