bind keyfile lookup failures

Alan Batie alan at peak.org
Wed Jan 9 21:37:08 UTC 2019


I've had bind 9.9.4 doing dnssec for a few years now.  All the zones are
configured with:

        key-directory "/var/named/keys";
        auto-dnssec maintain;
        inline-signing yes;

I just added a bunch of zones, and 8 of them are failing with:

dns_dnssec_findzonekeys2: error reading private key file
<ZONE>/RSASHA1/27456: file not found

I did an strace and find that when it looks for

K<ZONE>.+008+<NUMBER>.private

it's looking for a different <NUMBER>

I've re-run dnssec-keygen and rndc sign on the zones, but that doesn't
fix things.  I'm not sure what is going on or how to fix it...

The main impact is filling up the log file - these zones aren't tied
into the root chain yet, but I'd like to get it fixed...


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3978 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20190109/11112d0a/attachment-0001.bin>


More information about the bind-users mailing list