I think I understand the root cause of this bug: the way that /usr/share/perl5/Net/DNS/SEC/Tools/rollmgr.pm invokes rndc is incorrect when zones have a view. When there is a view, there are additional MANDATORY arguments
So: circa line 1153 we see: `$rndc reload $zone >/dev/null 2>&1`; Removing the redirect to /dev/null so that the error can be seen reveals this: rndc: 'reload' failed: not found no matching zone 'myzone.org' in any view The correct invocation should have been this: `$rndc reload $zone IN $view`; where view is the appropriate view for the zone being signed. >From some rndc docs: > rndc reload class and view arguments are only optional > if no views are defined in the named configuration. > > If any views are defined in the named configuration, > then ALL zones must be in a view, and the view name > is required in order to identify a zone. Cannot provide a patch; adding the required $view argument trickles through the entire toolchain. Two hacks are possible: -- write a cronjob to reload zones nightly -- edit rollmgr.pm and invoke rndc reload without any zone argument (i.e. reload all zones)