Re: auto update signatures dnssec
Hi there, On Wed, 29 Dec 2010 Alan Clegg wrote: In your named.conf, you should have key-directory ...; defined. The keys should be there (and readable by the named process). If you don't have a key-directory statement, then named will look in the working directory from which the process was started (which is normally a bad idea...) Perhaps named-checkconf should issue a warning if it finds that this option is not defined? -- 73, Ged. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: auto update signatures dnssec
fakessh @ pisze: zone fakessh.eu { type master; file /var/named/fakessh.eu.hosts; auto-dnssec maintain; update-policy local; key-directory /var/named/keyset-fakessh.eu; allow-transfer { 213.251.188.140;87.98.164.164; 195.234.42.1;94.23.59.30; }; }; is what the guidelines are good options hello responsible bind community. you gave me the answer, thank you to my question but I am having new problems. I encounter errors during the self resignatures i quote my multiple error : I do not know what it is [cut most log entries] Dec 28 22:04:02 r13151 named-sdb[24511]: /var/named/renelacroute.fr.hosts.jnl: create: permission denied Dec 28 22:04:02 r13151 named-sdb[24511]: dns_dnssec_findzonekeys2: error reading private key file fakessh.eu/DSA/9552: file not found Dec 28 22:04:02 r13151 named-sdb[24511]: dns_dnssec_findzonekeys2: error reading private key file fakessh.eu/DSA/47103: file not found First, where are the key files, related to bind directory (the one in options { directory })? Are the names correctly given to bind? it looks like bind cannot find them. Second, you need to give the user runing bind (probably named) rights to write to /var/named/renelacroute.fr.hosts.jnl directory. Torinthiel ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: auto update signatures dnssec
Le mardi 28 décembre 2010 à 16:42 -0500, Alan Clegg a écrit : On 12/28/2010 4:12 PM, fakessh @ wrote: named-sdb[24511]: /var/named/renelacroute.fr.hosts.jnl: create: permission denied Permissions are wrong on /var/named -- the named process needs to be able to write into it. Dec 28 22:04:02 r13151 named-sdb[24511]: dns_dnssec_findzonekeys2: error reading private key file fakessh.eu/DSA/9552: file not found It seems that the .key and .private files are not in the right place. Fix those two and I bet the rest go away... AlanC what is the right place ? AlanC i look the permissions after correction this seems correct -- gpg --keyserver pgp.mit.edu --recv-key 092164A7 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x092164A7 signature.asc Description: Ceci est une partie de message numériquement signée ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: auto update signatures dnssec
On 12/28/2010 5:04 PM, fakessh @ wrote: Dec 28 22:04:02 r13151 named-sdb[24511]: dns_dnssec_findzonekeys2: error reading private key file fakessh.eu/DSA/9552: file not found It seems that the .key and .private files are not in the right place. what is the right place ? In your named.conf, you should have key-directory ...; defined. The keys should be there (and readable by the named process). If you don't have a key-directory statement, then named will look in the working directory from which the process was started (which is normally a bad idea...) AlanC signature.asc Description: OpenPGP digital signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users