Bind - error reading private key file
Frank Leonhardt
frank2 at fjl.co.uk
Tue Nov 26 10:31:14 UTC 2013
On 26/11/2013 09:53, Ben Hutton wrote:
> I'm current trying to configure bind as per the handbook. Everything
> appears to be working except the Smart Signing section. As far as I
> can tell I've followed all the instructions correctly however I get
> the below error. Initially I thought I'd missed something so I
> started again from scratch but ended up with the same issue.
>
> Nov 26 20:38:51 web01 named[15623]: dns_dnssec_keylistfromrdataset:
> error reading private key file /domain///.com.au/RSASHA256/13095: file
> not found
> Nov 26 20:38:51 web01 named[15623]: dns_dnssec_keylistfromrdataset:
> error reading private key file /domain.///com.au/RSASHA256/63499: file
> not found
>
> The zone is configured as follows:
>
> zone "/domain.///com.au" {
> type master;
> key-directory "/etc/namedb/keys";
> update-policy local;
> auto-dnssec maintain;
> file "/etc/namedb/master//domain///.com.au.db.signed";
> };
>
> and the KSK and ZSK files have been moved to the "/etc/namedb/keys"
> folder.
>
> Please note I do not get any errors if I remove the following:
>
> key-directory "/etc/namedb/keys";
> update-policy local;
> auto-dnssec maintain;
>
> Bind is version BIND 9.8.4-P2 on FreeBSD 9.2-RELEASE
>
>
While you're waiting for a expert (who will understand the ///// stuff
in your files), bear in mind that named automatically runs in a chroot
environment. Or at least that's my understanding. I don't know if this
relates to the cause of your woes but I've had a few doah moments using
absolute paths and now I keep clear of them.
Regards, Frank
More information about the freebsd-questions
mailing list