error reading private key file, ddns_update update failed not found

Ryan McGuire rmcguire at libretechconsulting.com
Fri Mar 30 20:57:46 UTC 2018


Good Afternoon,

I have a newly configured bind9 server with two dynamic zones that I
cannot seem to get working. I've ensured I have a key-directory
configured and I've confirmed that the keys exist and are readable by
bind but I'm unable to resolve the issue. The zones themselves work
fine, but dynamic updates are failing. If it's relevant, bind is
running inside an LXD container.

Logs:

Mar 29 15:50:39 bind named[99]: client 192.168.0.3#2093/key
ddns_update: signer "ddns_update" approved
Mar 29 15:50:39 bind named[99]: client 192.168.0.3#2093/key
ddns_update: updating zone 'mcguire.local/IN': adding an RR at 'am335x-
opt.mcguire.local' A 192.168.0.165
Mar 29 15:50:39 bind named[99]: client 192.168.0.3#2093/key
ddns_update: updating zone 'mcguire.local/IN': adding an RR at 'am335x-
opt.mcguire.local' TXT "3154a902d1b045a4064274c0d6b5
Mar 29 15:50:39 bind named[99]: dns_dnssec_findzonekeys2: error reading
private key file mcguire.local/RSASHA256/43356: file not found
Mar 29 15:50:39 bind named[99]: dns_dnssec_findzonekeys2: error reading
private key file mcguire.local/RSASHA256/43345: file not found
Mar 29 15:50:39 bind named[99]: client 192.168.0.3#2093/key
ddns_update: updating zone 'mcguire.local/IN': found no active private
keys, unable to generate any signatures
Mar 29 15:50:39 bind named[99]: client 192.168.0.3#2093/key
ddns_update: updating zone 'mcguire.local/IN': RRSIG/NSEC/NSEC3 update
failed: not found

Zone config:

zone "0.168.192.in-addr.arpa" IN {
  type master;
  file "/etc/bind/zones/db.0.168.192.in-addr.arpa.signed";
  auto-dnssec maintain;
  key-directory "/etc/bind/keys";
  inline-signing yes;
  allow-update { key DDNS_UPDATE; };
};
zone "mcguire.local" IN {
  type master;
  file "/etc/bind/zones/db.mcguire.local.signed";
  auto-dnssec maintain;
  key-directory "/etc/bind/keys";
  inline-signing yes;
  allow-update { key DDNS_UPDATE; };
};

Key directory and relevant keys:

File: /etc/bind/keys/
[...]
Access: (0755/drwxr-xr-x)  Uid: (    0/    root)   Gid:
(  112/    bind)

-rw-r--r-- 1 bind bind  627 Mar 28 12:11 K0.168.192.in-
addr.arpa.+008+04239.key
-rw-r----- 1 bind bind 1776 Mar 28 12:11 K0.168.192.in-
addr.arpa.+008+04239.private
-rw-r--r-- 1 bind bind  972 Mar 28 12:12 K0.168.192.in-
addr.arpa.+008+05959.key
-rw-r----- 1 bind bind 3316 Mar 28 12:12 K0.168.192.in-
addr.arpa.+008+05959.private
-rw-r--r-- 1 bind bind  955 Mar 28 12:11 Kmcguire.local.+008+43345.key
-rw-r----- 1 bind bind 3316 Mar 28 12:11
Kmcguire.local.+008+43345.private
-rw-r--r-- 1 bind bind  610 Mar 28 12:11 Kmcguire.local.+008+43356.key
-rw-r----- 1 bind bind 1776 Mar 28 12:11
Kmcguire.local.+008+43356.private

Any ideas?

Regards,

-Ryan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20180330/f4e43a64/attachment.html>


More information about the bind-users mailing list