do not stupidly delete ZSK files

David Newman dnewman at
Thu Jul 30 02:29:29 UTC 2015

On 7/29/15 6:24 PM, Evan Hunt wrote:
> On Wed, Jul 29, 2015 at 05:56:20PM -0700, David Newman wrote:
>> 29-Jul-2015 17:18:19.439 general: warning:
>> dns_dnssec_keylistfromrdataset: error reading private key file
>> file not found
> Delete that key from the DNSKEY rrset in the zone and reload.
> If it's a dynamic zone, freeze it first, then edit the zone file,
> delete the key, increase the serial number, and thaw it.
> If it's not dynamic, same instructions, but without the freezing
> and thawing.

Thanks very much.

It's a static zone. The zone file did not have the key in it.

I dumped the signed file like this:

named-compilezone -f raw -F text -o

Then incremented the serial number and copied that over to the zone file
(after making a backup copy).

Same complaint in the log when reloading, though.

What else is required to get rid of this nonexistent key?

Thanks again


in named.conf:

       zone "" in {
                type master;
                file "dynamic/";
                allow-query { any; };
                allow-transfer { external-xfer; };
                notify yes;
                key-directory "managed-keys/";
                inline-signing yes;
                auto-dnssec maintain;

More information about the bind-users mailing list