From owner-freebsd-questions@FreeBSD.ORG Tue Nov 26 10:31:14 2013 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 8ED13774 for ; Tue, 26 Nov 2013 10:31:14 +0000 (UTC) Received: from bs1.fjl.org.uk (bs1.fjl.org.uk [84.45.41.196]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id EB1DE22B6 for ; Tue, 26 Nov 2013 10:31:13 +0000 (UTC) Received: from [192.168.1.34] (host86-150-247-154.range86-150.btcentralplus.com [86.150.247.154]) (authenticated bits=0) by bs1.fjl.org.uk (8.14.4/8.14.4) with ESMTP id rAQALdVN036566 (version=TLSv1/SSLv3 cipher=DHE-DSS-CAMELLIA256-SHA bits=256 verify=NO) for ; Tue, 26 Nov 2013 10:21:39 GMT (envelope-from frank2@fjl.co.uk) Message-ID: <52947638.9090603@fjl.co.uk> Date: Tue, 26 Nov 2013 10:21:44 +0000 From: Frank Leonhardt Organization: Frank Leonhardt User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20130801 Thunderbird/17.0.8 MIME-Version: 1.0 To: freebsd-questions@freebsd.org Subject: Re: Bind - error reading private key file References: <52946FB7.5050803@odyssey.dyndns.org> In-Reply-To: <52946FB7.5050803@odyssey.dyndns.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.16 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.16 Precedence: list Reply-To: frank2@fjl.co.uk List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Nov 2013 10:31:14 -0000 On 26/11/2013 09:53, Ben Hutton wrote: > I'm current trying to configure bind as per the handbook. Everything > appears to be working except the Smart Signing section. As far as I > can tell I've followed all the instructions correctly however I get > the below error. Initially I thought I'd missed something so I > started again from scratch but ended up with the same issue. > > Nov 26 20:38:51 web01 named[15623]: dns_dnssec_keylistfromrdataset: > error reading private key file /domain///.com.au/RSASHA256/13095: file > not found > Nov 26 20:38:51 web01 named[15623]: dns_dnssec_keylistfromrdataset: > error reading private key file /domain.///com.au/RSASHA256/63499: file > not found > > The zone is configured as follows: > > zone "/domain.///com.au" { > type master; > key-directory "/etc/namedb/keys"; > update-policy local; > auto-dnssec maintain; > file "/etc/namedb/master//domain///.com.au.db.signed"; > }; > > and the KSK and ZSK files have been moved to the "/etc/namedb/keys" > folder. > > Please note I do not get any errors if I remove the following: > > key-directory "/etc/namedb/keys"; > update-policy local; > auto-dnssec maintain; > > Bind is version BIND 9.8.4-P2 on FreeBSD 9.2-RELEASE > > While you're waiting for a expert (who will understand the ///// stuff in your files), bear in mind that named automatically runs in a chroot environment. Or at least that's my understanding. I don't know if this relates to the cause of your woes but I've had a few doah moments using absolute paths and now I keep clear of them. Regards, Frank