Hi Antti,
as a very first thing - can you check the permissions on *mdb files in your
kasp-db directory?
Ondřej
On 27 June 2017 06:26:02 Antti Ristimäki <antti(a)nxdomain.fi> wrote:
Hi,
My Knot DNS was upgraded from 2.5.1 to 2.5.2 and now it is unable to
load zone DNSSEC keys. Below are some relevant logs:
Jun 27 07:10:03 vertigo knotd[18479]: info: [nxdomain.fi.] zone will be
loaded
Jun 27 07:10:03 vertigo knotd[18479]: info: [nxdomain.fi.] DNSSEC,
loaded key, tag 14223, algorithm 8, KSK no, ZSK yes, public no, ready
no, active yes
Jun 27 07:10:03 vertigo knotd[18479]: info: [nxdomain.fi.] DNSSEC,
loaded key, tag 61894, algorithm 8, KSK yes, ZSK no, public no, ready
no, active yes
Jun 27 07:10:03 vertigo knotd[18479]: error: [nxdomain.fi.] DNSSEC, keys
validation failed (no keys for signing)
Jun 27 07:10:03 vertigo knotd[18479]: error: [nxdomain.fi.] DNSSEC,
failed to load keys (no keys for signing)
Jun 27 07:10:03 vertigo knotd[18479]: 2017-06-27T07:10:03 error:
[nxdomain.fi.] DNSSEC, failed to load keys (no keys for signing)
Jun 27 07:10:03 vertigo knotd[18479]: error: [nxdomain.fi.] zone event
'load' failed (no keys for signing)
When running "keymgr nxdomain.fi list", the keys are listed, though. I
have also checked that the /var/lib/knot and everything under it is
owned by knot:knot, so this shouldn't be a file permission issue. I also
tried to manually set the key timing argument, but it didn't make any
difference.
Antti
_______________________________________________
knot-dns-users mailing list
knot-dns-users(a)lists.nic.cz
https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users
_______________________________________________
knot-dns-users mailing list
knot-dns-users(a)lists.nic.cz