BIND session key

Question

When I restart or start my BIND DNS server, I'm getting the following in the /var/log/messages log file.

Jan 26 07:50:30 dev named[306]: could not create /jail/bind-9.9.4-P2/var/run/named/session.key
Jan 26 07:50:30 dev named[306]: failed to generate session key for dynamic DNS: permission denied

Any idea why this is the case? I searched around and it appears to be related to the "key-directory" setting in the named.conf file. However even if I set this to a writeable directory I'm still seeing this error. Any ideas?

@Iain CentOS release 6.5 (Final) with 2.6.32-431.el6.x86_64. I downloaded the source for BIND and run ./configure and ./make on my own. Not sure if that makes any difference. — user192702, Jan 31 '14 at 15:33

score 1 · Answer 1 · answered May 18 '15 at 17:42

You got the right idea, session.key might not be writeable or the path might not exist.

The BIND option key-directory you mention specifies the directory where the public and private DNSSEC key files should be found when performing dynamic update of secure zones.

Try to set the BIND option session-keyfile to the pathname of the file into which to write a TSIG session key. If not specified, the default is /var/run/named/session.key (and relative to your chroot jail).

E.g. in named.conf's options-section

session-keyfile "/var/bind/session.key";

BIND session key

1 Answers1