<div dir="ltr">







Running bind 9.10.3-7.P2, with softhsm-2.0.0rc1-3 on Fedora 23.<br><br><br>I was able to sign the zones with dnssec-signzone-pkcs11 command line, <br><br><br># dnssec-signzone-pkcs11 <a href="http://example.com">example.com</a><br>Verifying the zone using the following algorithms: RSASHA2.<br>Zone fully signed:<br>Algorithm: RSASHA2: KSKs: 1 active, 0 stand-by, 0 revoked<br>ZSKs: 1 active, 0 stand-by, 0 revoked<br><br><br>but with dynamic signing the logs were showing  "dns_dnssec_findmatchingkeys: error reading key file Kexample.com.+008+01234.private: no engine"<br><br><br>Zone configuration:<br>zone "<a href="http://example.com">example.com</a>" IN {<br>        type master;<br>        file "zones/<a href="http://example.com">example.com</a>";<br>        auto-dnssec maintain;<br>        inline-signing yes;<br>};<br><br><br># rndc sign <a href="http://example.com">example.com</a><br>received control channel command 'sign <a href="http://example.com">example.com</a>'<br>zone <a href="http://example.com/IN">example.com/IN</a> (signed): reconfiguring zone keys<br>dns_dnssec_findmatchingkeys: error reading key file Kexample.com.+008+01234.private: no engine<br>dns_dnssec_findmatchingkeys: error reading key file Kexample.+008+05678.private: no engine<br>zone <a href="http://example.com/IN">example.com/IN</a> (signed): next key event: 21-Jan-2016 13:36:59.184<br><br>any idea?<div><br></div><div>Thanks,</div><div>Arun<br><br><br><br></div></div>