Date: Tue, 26 Nov 2013 10:21:44 +0000 From: Frank Leonhardt <frank2@fjl.co.uk> To: freebsd-questions@freebsd.org Subject: Re: Bind - error reading private key file Message-ID: <52947638.9090603@fjl.co.uk> In-Reply-To: <52946FB7.5050803@odyssey.dyndns.org> References: <52946FB7.5050803@odyssey.dyndns.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 26/11/2013 09:53, Ben Hutton wrote:
> I'm current trying to configure bind as per the handbook. Everything
> appears to be working except the Smart Signing section. As far as I
> can tell I've followed all the instructions correctly however I get
> the below error. Initially I thought I'd missed something so I
> started again from scratch but ended up with the same issue.
>
> Nov 26 20:38:51 web01 named[15623]: dns_dnssec_keylistfromrdataset:
> error reading private key file /domain///.com.au/RSASHA256/13095: file
> not found
> Nov 26 20:38:51 web01 named[15623]: dns_dnssec_keylistfromrdataset:
> error reading private key file /domain.///com.au/RSASHA256/63499: file
> not found
>
> The zone is configured as follows:
>
> zone "/domain.///com.au" {
> type master;
> key-directory "/etc/namedb/keys";
> update-policy local;
> auto-dnssec maintain;
> file "/etc/namedb/master//domain///.com.au.db.signed";
> };
>
> and the KSK and ZSK files have been moved to the "/etc/namedb/keys"
> folder.
>
> Please note I do not get any errors if I remove the following:
>
> key-directory "/etc/namedb/keys";
> update-policy local;
> auto-dnssec maintain;
>
> Bind is version BIND 9.8.4-P2 on FreeBSD 9.2-RELEASE
>
>
While you're waiting for a expert (who will understand the ///// stuff
in your files), bear in mind that named automatically runs in a chroot
environment. Or at least that's my understanding. I don't know if this
relates to the cause of your woes but I've had a few doah moments using
absolute paths and now I keep clear of them.
Regards, Frank
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?52947638.9090603>