named is not finding the keys for DNSSEC

Tony Finch dot at
Thu Aug 4 08:21:36 UTC 2016

Andreas Meyer <a.meyer at> wrote:
> dns_dnssec_keylistfromrdataset: error reading private key file file not found
> I think it must have something to do with the name itself, could it be?
> The key is named but named is looking for
> a key named or is it just substituting?

The error message refers to the key ID rather than the filename - in more
recent versions it has been clarified to use the actual filename.

> There are also other private keys in the keysfolder but named complains
> about these two private keys only. All privates have permissions -rw-------

The error suggests to me that you have a key-directory mismatch, but you
seem to have that under control.

Are you chrooting named, and if so, does your inside-chroot and
outside-chroot match?

Stupid question: are the zones for the other keys actually signed?

> Also I don't understand what zone reconfiguring zone keys
> means.

It means named is checking for any key changes.

f.anthony.n.finch  <dot at>  -  I xn--zr8h punycode
Faeroes: North 4 or 5, becoming variable 3 later. Moderate, occasionally rough
at first in southeast. Showers. Good.

More information about the bind-users mailing list