Bind 9.20 inline signing - not signing whole file, only dynamic updated entries.

Richard T.A. Neal richard at richardneal.com
Fri Apr 17 14:21:40 UTC 2026 

Hi Benoit,

Well that's great news - well done for working that out. Very pleased to hear you've finally been able to get it working.

Best,
Richard.
________________________________
From: bind-users <bind-users-bounces at lists.isc.org> on behalf of Benoît Panizzon <benoit.panizzon at imp.ch>
Sent: 17 April 2026 14:51
To: Peter Davies <peterd at isc.org>
Cc: bind-users at lists.isc.org <bind-users at lists.isc.org>
Subject: Re: Bind 9.20 inline signing - not signing whole file, only dynamic updated entries.

17-Apr-2026 15:44:45.348 dnssec: debug 3: keymgr: 0-31.57.161.157.in-addr.arpa done
17-Apr-2026 15:44:45.348 dnssec: error: zone 0-31.57.161.157.in-addr.arpa/IN (signed): zone_rekey:dns_keymgr_run failed: error occurred writing key to disk
17-Apr-2026 15:44:45.348 dnssec: error: zone 0-31.57.161.157.in-addr.arpa/IN (signed): zone_rekey failure: error occurred writing key to disk (retry in 600 seconds)

Ok - permissions!

Wow, how could I miss /etc/bind/keys belonging to root:bind with group permissions s-x

Keyfiles present.

name: 0-31.57.161.157.in-addr.arpa
type: primary
files: woody.ch.rev
serial: 2007126016
signed serial: 2007126025
nodes: 31
last loaded: Fri, 17 Apr 2026 09:04:20 GMT
secure: yes
inline signing: yes
key maintenance: automatic
next key event: Fri, 17 Apr 2026 15:52:43 GMT
next resign node: 20.0-31.57.161.157.in-addr.arpa/NSEC
next resign time: Sun, 26 Apr 2026 04:20:25 GMT
dynamic: yes
frozen: no
reconfigurable via modzone: no

secondary has loaded signed enries.

Thanks for your help and sorry that I missed something that obvious.

--
Mit freundlichen Grüssen

-Benoît Panizzon- @ HomeOffice und normal erreichbar
--
I m p r o W a r e   A G    -    Leiter Commerce Kunden
______________________________________________________

Zurlindenstrasse 29             Tel  +41 61 826 93 00
CH-4133 Pratteln                Fax  +41 61 826 93 01
Schweiz                         Web  http://www.imp.ch
______________________________________________________
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20260417/84ee48fc/attachment-0001.htm>

More information about the bind-users mailing list