DNSSEC key-file not found

Question

This is actually a follow-up on my previous question (my problem was solved) it can be found here: DNSSEC sign-zone results in fatal failure

However, I still want to use dnssec-signzone when creating my signed zone file.

After I corrected the syntax to

dnssec-signzone -o home.garage.top -N increment -k Khome.garage.top.+005+46921 home.db Khome.garage.top.+005+36051

I get the following output

dnssec-signzone: fatal: cannot load dnskey Khome.garage.top.+005+36051: file not found

I know what it implies, but I can't wrap my head around it. I've tried to append the keys to home.dband I've also tried to include them in `named.conf. The permissions on the file also looks ok

-rw-r--r--  root  bind

When I did the includes I used an absolute path to the files i.e /etc/bind/keyfile, they are located in the same directory as the db-file. Might not be best practice but unless that is an issue I'll let them stay right where they are until I get it working.

It looks as the KSK is found, but the ZSK is not.

I'll also include the contents of the files

KSK == home.garage.top IN DNSKEY 257 3 5 "keyhash"

ZSK == home.garage.top IN DNSKEY 256 3 5 "keyhash"

The commented activation dates in these files are December 27, so I take it that won't be a problem either.

Any suggestions, or should I try to redo the keys and start over?

Thanks in advance.

Answer 1

I managed to solve this at last, with some minor help by a friend (he's hard to reach around x-mas and surrounding days).

It is, apparently, crucial that the key-files are created within the bind-directory /etc/bind/or the signing will not work.

There are also several ways to add the key-files to the zone-file but the one I finally got working was by using $INCLUDE inside the zone-file.

I've spent hours on this and hopefully my answer will help someone in the future. We all learn something each day.