When a domain configuration file contains an include line for the key, where is that include looking for the key file?
I'm in a situation where the keys seems to work fine for updating DNSSEC, but nsdiff complains the key file is not found. Obviously something in named.conf or the domain file is off as far as nstiff is concerned, and I’d like to fix it, but it’s hard to debug when the actual key update is working. In Named.conf I have key-directory "/usr/local/etc/namedb/working/keys”; And that is where the keyholes are stored. But nsdiff returns an error the key file cannot be found. Or I am using nstiff improperly? nsdiff -k admin.key covisp.net working/master/covisp.net nsdiff: loading zone covisp.net. via AXFR from ns1.covisp.net. zone covisp.net/IN: loaded serial 2019022695 (DNSSEC signed) OK nsdiff: loading zone covisp.net. from file working/master/covisp.net dns_master_load: working/master/covisp.net:48: Kcovisp.net.+007+34178.key: file not found dns_master_load: working/master/covisp.net:49: Kcovisp.net.+007+46143.key: file not found zone covisp.net/IN: loading from master file working/master/covisp.net failed: file not found zone covisp.net/IN: not loaded due to errors. nsdiff: missing SOA record _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
