This is actually a follow-up on my previous question (my problem was solved) it can be found here: DNSSEC sign-zone results in fatal failure
However, I still want to use dnssec-signzone
when creating my signed zone file.
After I corrected the syntax to
dnssec-signzone -o home.garage.top -N increment -k Khome.garage.top.+005+46921 home.db Khome.garage.top.+005+36051
I get the following output
dnssec-signzone: fatal: cannot load dnskey Khome.garage.top.+005+36051: file not found
I know what it implies, but I can't wrap my head around it. I've tried to append the keys to home.db
and I've also tried to include them in `named.conf. The permissions on the file also looks ok
-rw-r--r-- root bind
When I did the includes I used an absolute path to the files i.e /etc/bind/keyfile
, they are located in the same directory as the db-file. Might not be best practice but unless that is an issue I'll let them stay right where they are until I get it working.
It looks as the KSK is found, but the ZSK is not.
I'll also include the contents of the files
KSK == home.garage.top IN DNSKEY 257 3 5 "keyhash"
ZSK == home.garage.top IN DNSKEY 256 3 5 "keyhash"
The commented activation dates in these files are December 27, so I take it that won't be a problem either.
Any suggestions, or should I try to redo the keys and start over?
Thanks in advance.