From owner-freebsd-questions@FreeBSD.ORG Tue Nov 26 09:53:40 2013 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id E215AAD8 for ; Tue, 26 Nov 2013 09:53:40 +0000 (UTC) Received: from icp-osb-irony-out7.external.iinet.net.au (icp-osb-irony-out7.external.iinet.net.au [203.59.1.224]) by mx1.freebsd.org (Postfix) with ESMTP id 61073200A for ; Tue, 26 Nov 2013 09:53:39 +0000 (UTC) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: ApkFAF5ulFLLO2YW/2dsb2JhbABZgwc4iSi0aRZ0gyQgCRQWCBADAgECATQkBgIBAYdqAQMOnw6XQQZECYgijhQRAW2EHQOJQJAEhRQniyaDNS+BNQ X-IronPort-AV: E=Sophos;i="4.93,773,1378828800"; d="scan'208,217";a="178448099" Received: from unknown (HELO diablo.enlight) ([203.59.102.22]) by icp-osb-irony-out7.iinet.net.au with ESMTP; 26 Nov 2013 17:53:37 +0800 Received: from localhost (localhost.enlight [127.0.0.1]) by diablo.enlight (Postfix) with SMTP id 1B39CF7464 for ; Tue, 26 Nov 2013 17:53:46 +0800 (WST) Received: from [127.0.0.1] (skyline.enlight [192.168.2.4]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by diablo.enlight (Postfix) with ESMTPSA id 94757F7459 for ; Tue, 26 Nov 2013 17:53:45 +0800 (WST) Message-ID: <52946FB7.5050803@odyssey.dyndns.org> Date: Tue, 26 Nov 2013 17:53:59 +0800 From: Ben Hutton User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.1.1 MIME-Version: 1.0 To: freebsd-questions@FreeBSD.org Subject: Bind - error reading private key file X-DSPAM-Result: Innocent X-DSPAM-Processed: Tue Nov 26 17:53:45 2013 X-DSPAM-Confidence: 1.0000 X-DSPAM-Probability: 0.0023 X-DSPAM-Signature: 52946fa914202073812266 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.16 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Nov 2013 09:53:40 -0000 I'm current trying to configure bind as per the handbook. Everything appears to be working except the Smart Signing section. As far as I can tell I've followed all the instructions correctly however I get the below error. Initially I thought I'd missed something so I started again from scratch but ended up with the same issue. Nov 26 20:38:51 web01 named[15623]: dns_dnssec_keylistfromrdataset: error reading private key file /domain///.com.au/RSASHA256/13095: file not found Nov 26 20:38:51 web01 named[15623]: dns_dnssec_keylistfromrdataset: error reading private key file /domain.///com.au/RSASHA256/63499: file not found The zone is configured as follows: zone "/domain.///com.au" { type master; key-directory "/etc/namedb/keys"; update-policy local; auto-dnssec maintain; file "/etc/namedb/master//domain///.com.au.db.signed"; }; and the KSK and ZSK files have been moved to the "/etc/namedb/keys" folder. Please note I do not get any errors if I remove the following: key-directory "/etc/namedb/keys"; update-policy local; auto-dnssec maintain; Bind is version BIND 9.8.4-P2 on FreeBSD 9.2-RELEASE -- Regards Ben Hutton Email: ben.hutton@odyssey.dyndns.org