[Opendnssec-user] Step by step Ubuntu 10.10 - signs zone but queries don't work
Jerry Lundström
jerry at opendnssec.org
Fri Mar 9 06:27:37 UTC 2012
Hi Derek,
On Fri, Mar 9, 2012 at 12:14 AM, Derek Brodeur <dazednkonfused at gmail.com> wrote:
> rndc: could not load rndc configuration
> rndc: error: none:0: open: /etc/bind/rndc.key: permission denied
> ---- this periodically spams my screen... what is going on with these
> errors? what permissions does this .key file need...?
Since you are using the ubuntu/debian opendnssec packages they are
running under a user called opendnssec and that use most likely does
not have access to the rndc.key. It needs access to this file when you
call rndc reload %zone in the notify command.
You can change the group of the key file:
chgrp opendnssec /etc/bind /etc/bind/rndc.key
chmod g+r /etc/bind /etc/bind/rndc.key
You could also make it world readable but that would compromise the
security of your server and I would not recommend that.
/Jerry
More information about the Opendnssec-user
mailing list