Re: [knot-dns-users] Knot 2.5.2 fails to load DNSSEC keys

Hi, My Knot DNS was upgraded from 2.5.1 to 2.5.2 and now it is unable to load zone DNSSEC keys. Below are some relevant logs: Jun 27 07:10:03 vertigo knotd[18479]: info: [nxdomain.fi.] zone will be loaded Jun 27 07:10:03 vertigo knotd[18479]: info: [nxdomain.fi.] DNSSEC, loaded key, tag 14223, algorithm 8, KSK no, ZSK yes, public no, ready no, active yes Jun 27 07:10:03 vertigo knotd[18479]: info: [nxdomain.fi.] DNSSEC, loaded key, tag 61894, algorithm 8, KSK yes, ZSK no, public no, ready no, active yes Jun 27 07:10:03 vertigo knotd[18479]: error: [nxdomain.fi.] DNSSEC, keys validation failed (no keys for signing) Jun 27 07:10:03 vertigo knotd[18479]: error: [nxdomain.fi.] DNSSEC, failed to load keys (no keys for signing) Jun 27 07:10:03 vertigo knotd[18479]: 2017-06-27T07:10:03 error: [nxdomain.fi.] DNSSEC, failed to load keys (no keys for signing) Jun 27 07:10:03 vertigo knotd[18479]: error: [nxdomain.fi.] zone event 'load' failed (no keys for signing) When running "keymgr nxdomain.fi list", the keys are listed, though. I have also checked that the /var/lib/knot and everything under it is owned by knot:knot, so this shouldn't be a file permission issue. I also tried to manually set the key timing argument, but it didn't make any difference. Antti _______________________________________________ knot-dns-users mailing list knot-dns-users(a)lists.nic.cz https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users