$INCLUDE Kexamle.com.+007...

@lbutlr kremels at kreme.com
Sun Jul 5 05:10:39 UTC 2020

When a domain configuration file contains an include line for the key, where is that include looking for the key file?

I'm in a situation where the keys seems to work fine for updating DNSSEC, but nsdiff complains the key file is not found.

Obviously something in named.conf or the domain file is off as far as nstiff is concerned, and I’d like to fix it, but it’s hard to debug when the actual key update is working.

In Named.conf I have
key-directory   "/usr/local/etc/namedb/working/keys”;

And that is where the keyholes are stored.

But nsdiff returns an error the key file cannot be found.

Or I am using nstiff improperly?

nsdiff -k admin.key covisp.net  working/master/covisp.net
nsdiff: loading zone covisp.net. via AXFR from ns1.covisp.net.
zone covisp.net/IN: loaded serial 2019022695 (DNSSEC signed)
nsdiff: loading zone covisp.net. from file working/master/covisp.net
dns_master_load: working/master/covisp.net:48: Kcovisp.net.+007+34178.key: file not found
dns_master_load: working/master/covisp.net:49: Kcovisp.net.+007+46143.key: file not found
zone covisp.net/IN: loading from master file working/master/covisp.net failed: file not found
zone covisp.net/IN: not loaded due to errors.
nsdiff: missing SOA record

More information about the bind-users mailing list