Re: auto update signatures dnssec
Hi there, On Wed, 29 Dec 2010 Alan Clegg wrote: In your named.conf, you should have key-directory ...; defined. The keys should be there (and readable by the named process). If you don't have a key-directory statement, then named will look in the working directory from which the process was started (which is normally a bad idea...) Perhaps named-checkconf should issue a warning if it finds that this option is not defined? -- 73, Ged. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: auto update signatures dnssec
fakessh @ pisze:
zone fakessh.eu {
type master;
file /var/named/fakessh.eu.hosts;
auto-dnssec maintain;
update-policy local;
key-directory /var/named/keyset-fakessh.eu;
allow-transfer { 213.251.188.140;87.98.164.164;
195.234.42.1;94.23.59.30; };
};
is what the guidelines are good options
hello responsible bind community.
you gave me the answer, thank you to my question but I am having new
problems.
I encounter errors during the self resignatures
i quote my multiple error :
I do not know what it is
[cut most log entries]
Dec 28 22:04:02 r13151
named-sdb[24511]: /var/named/renelacroute.fr.hosts.jnl: create:
permission denied
Dec 28 22:04:02 r13151 named-sdb[24511]: dns_dnssec_findzonekeys2: error
reading private key file fakessh.eu/DSA/9552: file not found
Dec 28 22:04:02 r13151 named-sdb[24511]: dns_dnssec_findzonekeys2: error
reading private key file fakessh.eu/DSA/47103: file not found
First, where are the key files, related to bind directory (the one in
options { directory })?
Are the names correctly given to bind?
it looks like bind cannot find them.
Second, you need to give the user runing bind (probably named) rights to
write to /var/named/renelacroute.fr.hosts.jnl directory.
Torinthiel
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: auto update signatures dnssec
Le mardi 28 décembre 2010 à 16:42 -0500, Alan Clegg a écrit : On 12/28/2010 4:12 PM, fakessh @ wrote: named-sdb[24511]: /var/named/renelacroute.fr.hosts.jnl: create: permission denied Permissions are wrong on /var/named -- the named process needs to be able to write into it. Dec 28 22:04:02 r13151 named-sdb[24511]: dns_dnssec_findzonekeys2: error reading private key file fakessh.eu/DSA/9552: file not found It seems that the .key and .private files are not in the right place. Fix those two and I bet the rest go away... AlanC what is the right place ? AlanC i look the permissions after correction this seems correct -- gpg --keyserver pgp.mit.edu --recv-key 092164A7 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x092164A7 signature.asc Description: Ceci est une partie de message numériquement signée ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: auto update signatures dnssec
On 12/28/2010 5:04 PM, fakessh @ wrote: Dec 28 22:04:02 r13151 named-sdb[24511]: dns_dnssec_findzonekeys2: error reading private key file fakessh.eu/DSA/9552: file not found It seems that the .key and .private files are not in the right place. what is the right place ? In your named.conf, you should have key-directory ...; defined. The keys should be there (and readable by the named process). If you don't have a key-directory statement, then named will look in the working directory from which the process was started (which is normally a bad idea...) AlanC signature.asc Description: OpenPGP digital signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
