This matter has been resolved with input from Evan. I was able to add a file path for secroots to the named.conf file and push the output file to a temp directory that was not permission restricted.
secroots-file "/tmp/named.secroots" ; Ultimately when I ran "rndc secroots" it created the output file here: /tmp/systemd-private-b2ebff459df9471e8bf444e2d2b1116e-named.service-HX1NF5/tmp/named.secroots The data in the file seems to be as desired if I understand the KSK Rollover test correctly, I should see 20326 which pertains to the new key: [root@ns3 tmp]# cat named.secroots 06-Sep-2018 18:47:16.190 Start view internal-in ./RSASHA256/20326 ; managed ./RSASHA256/19036 ; managed dlv.isc.org/RSASHA1/19297 ; managed Start view external-in ./RSASHA256/20326 ; managed ./RSASHA256/19036 ; managed dlv.isc.org/RSASHA1/19297 ; managed Start view external-chaos dumpsecroots failed: not found I did not fully try Carl's input below but I believe it would have worked as well. I had performed a "chmod 770 /var/named" but I did not follow it up with the SELinux modification. The last error I had was SELinux barking so I'd anticipate his suggestion was the correct one. Does the 'named' user have write access to /var/named? The default redhat setup has /var/named as 0750, with /var/named/data as 0770. Also, the default redhat selinux config prevents named writing to /var/named. chmod 770 /var/named setsebool -P named_write_master_zones=true rndc secroots Thanks everyone for assisting with this matter.
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
