yes. And I when I previously failed to specify the correct key-directory, I got an error "found no private keys, unable to generate any signatures"
I corrected that error and now get the "failure" message everything is owned by named . options { dnssec-enable yes; dnssec-validation yes; key-directory "/config/namedb"; -- Jack Tavares ________________________________________ From: mark_andr...@isc.org [mark_andr...@isc.org] Sent: Wednesday, May 13, 2009 10:38 To: Jack Tavares Cc: bind-users@lists.isc.org Subject: Re: error while attempting to use nsupdate on a DNSSEC signed zone In message <4b18a8f75a6384449755bc7784073e93603b776...@exch11.olympus.f5net.com > Hello - > > (bind9.6.0-P1) > > I have set up a zone that is signed. > It is an island of security zone for testing purposes. > > I have set up a TSIG key and set the allow-update > to accept the key. > > I have followed every step, afaict, in the various > how-tos on how to sign a zone. > > But when I try to do an update, I get an error. > > All the error says is > signer "update.test.net" approved > 13-May-2009 14:16:37.947 client 127.0.0.1#2490: view external: updating zon= > e 'test.net/IN': adding an RR at 'blah.test.net' A > 13-May-2009 14:16:37.953 client 127.0.0.1#2490: view external: updating zon= > e 'test.net/IN': RRSIG/NSEC/NSEC3 update failed: failure > "failure" is all it says for a reason. > > I looked at the bind source, and there are some more useful error messages = > about keys etc. > But all I am getting is "failure". > > If i do the same nsupdate without DNSSEC, it works. > It appears there is something wrong with my setup and the regeneration of t= > he RRSIG/NSEC > keys is failing. (I have tried it with both NSEC and NSEC3 keys) > > I will put together a (simpler) named.conf and zone file that causes this a= > nd post that info, > but I was hoping that maybe somebody has seen this and has an idea. > > Thanks > > > -- > Jack Tavares Have you told named where the private keys are (key-directory)? -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: mark_andr...@isc.org _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users