David Alexandre M. de Carvalho david at di.ubi.pt
Mon Apr 6 15:05:12 UTC 2020

Hi all.
So I'm still fighting with dnssec in BIND 9.8.2 (oracle linux 6).
Unfortunately no automatic sigining before Bind 9.9, from what I read.

I can't sign my zone, I keep getting "dnssec-signzone: fatal: No signing keys specified or found."
By now I've tried to move the files generated with dnssec-keygen but no success.

I'm using bind-chroot and created a temp folder /var/named/my_keys. Here, I've created the 2 .key and .private files.
Since dnssec-signzone couldn't find the keys (even specifying -k or -K), I've copied them to /etc/pki/dnssec-keys and
run the command with the same result.
Now, I've copied all the key and private files to /var/named/chroot/var/named where my zone file exists (di.hosts)
running from there, I also get "dnssec-signzone: fatal: No signing keys specified or found."
I changed the owner and group to "named", and they are both readable.

Could anyone please tell me what am I doing wrong?

also, do I need to generate those 2 .key and .private files if I intend to sign my several reverse zones?
Thank you very much!

Os melhores cumprimentos
David Alexandre M. de Carvalho
Especialista de Informática
Departamento de Informática
Universidade da Beira Interior

More information about the bind-users mailing list