Bind 9.20 inline signing - not signing whole file, only dynamic updated entries.

Ondřej Surý ondrej at isc.org
Fri Apr 17 15:18:04 UTC 2026 

It is always DNS, except when it is permissions...

Have a great weekend everyone,
--
Ondřej Surý (He/Him)
ondrej at isc.org

ADHD brain at work: I sometimes lose track of my inbox. Please feel free to send a gentle nudge if you're waiting on a reply!

My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.

> On 17. 4. 2026, at 15:51, Benoît Panizzon <benoit.panizzon at imp.ch> wrote:
> 
> 17-Apr-2026 15:44:45.348 dnssec: debug 3: keymgr: 0-31.57.161.157.in-addr.arpa done
> 17-Apr-2026 15:44:45.348 dnssec: error: zone 0-31.57.161.157.in-addr.arpa/IN (signed): zone_rekey:dns_keymgr_run failed: error occurred writing key to disk
> 17-Apr-2026 15:44:45.348 dnssec: error: zone 0-31.57.161.157.in-addr.arpa/IN (signed): zone_rekey failure: error occurred writing key to disk (retry in 600 seconds)
> 
> Ok - permissions!
> 
> Wow, how could I miss /etc/bind/keys belonging to root:bind with group permissions s-x
> 
> Keyfiles present.
> 
> name: 0-31.57.161.157.in-addr.arpa
> type: primary
> files: woody.ch.rev
> serial: 2007126016
> signed serial: 2007126025
> nodes: 31
> last loaded: Fri, 17 Apr 2026 09:04:20 GMT
> secure: yes
> inline signing: yes
> key maintenance: automatic
> next key event: Fri, 17 Apr 2026 15:52:43 GMT
> next resign node: 20.0-31.57.161.157.in-addr.arpa/NSEC
> next resign time: Sun, 26 Apr 2026 04:20:25 GMT
> dynamic: yes
> frozen: no
> reconfigurable via modzone: no
> 
> secondary has loaded signed enries.
> 
> Thanks for your help and sorry that I missed something that obvious.
> 
> -- 
> Mit freundlichen Grüssen
> 
> -Benoît Panizzon- @ HomeOffice und normal erreichbar
> -- 
> I m p r o W a r e   A G    -    Leiter Commerce Kunden
> ______________________________________________________
> 
> Zurlindenstrasse 29             Tel  +41 61 826 93 00
> CH-4133 Pratteln                Fax  +41 61 826 93 01
> Schweiz                         Web  http://www.imp.ch
> ______________________________________________________
> -- 
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list.

More information about the bind-users mailing list