My rndc errors trying to add a zone, which then makes loading a key impossible. It will sign the zone and create the files (.jnl and .signed), but that's it.
So it can/does read the key files, no permissions error and does accept the zone.
master attempt:
master logs:
slave attempt:
logs:
key method:
So it can/does read the key files, no permissions error and does accept the zone.
master attempt:
Code:
# rndc addzone domain.com in external '{type master; auto-dnssec maintain; inline-signing yes; key-directory "/home/ex-mailer-domains/domain.com/"; file "/home/mailer-domains/domain.com/domain.com.external"; update-policy { grant ddns-key zonesub ANY; };};'
# rndc loadkeys domain.com
# rndc signing -nsec3param 1 0 10 03F92714 domain.com.
master logs:
Code:
20-Dec-2015 22:46:35.959 general: error: zone domain.com/IN/external (signed): receive_secure_serial: unchanged
20-Dec-2015 22:56:34.930 general: error: zone domain.com/IN/external (signed): could not get zone keys for secure dynamic update
slave attempt:
Code:
# rndc delzone domain.com
The following files were in use and may now be removed:
/home/mailer-domains/domain.com/domain.com.external
/home/mailer-domains/domain.com/domain.com.external.signed
# rm /home/mailer-domains/domain.com/domain.com.external.signed
# rm /home/mailer-domains/domain.com/domain.com.external
# rndc addzone domain.com in external '{type slave; masters {108.61.190.64; }; auto-dnssec maintain; inline-signing yes; key-directory "/home/mailer-domains/domain.com"; file "/home/mailer-domains/domain.com/domain.com.external";};'
logs:
Code:
20-Dec-2015 20:59:49.777 general: error: dns_master_load: file format mismatch (not raw)
20-Dec-2015 20:59:49.777 general: error: zone domain.com/IN/external (unsigned): loading from master file /home/mailer-domains/domain.com/domain.com.external failed: not implemented
20-Dec-2015 20:59:49.779 general: warning: zone domain.com/IN/external (unsigned): unable to load from '/home/mailer-domains/domain.com/domain.com.external'; renaming file to '/home/mailer-domains/domain.com/db-bLOO3GyE' for failure analysis and retransferring.
20-Dec-2015 20:59:50.616 general: error: zone domain.com/IN/external (signed): receive_secure_serial: unchanged
20-Dec-2015 20:59:50.616 general: error: zone domain.com/IN/external (signed): receive_secure_serial: unchanged
key method:
Code:
# dnssec-keygen -a RSASHA256 -b 2048 -3 domain.com
Generating key pair..........................................................................................+++ ..................................................................................................................................+++
Kdomain.com.+008+61488
# dnssec-keygen -a RSASHA256 -b 2048 -3 -fk domain.com
Generating key pair..................+++ ................................................................................................................................+++
Kdomain.com.+008+50422
# rndc signing -list domain.com
Pending NSEC3 chain 1 0 10 03F92714