# [SOLVED] dnssec-signzone: file not found

## SignOfZeta

I wrote a shell script to automate DNSSEC signings:

```
#!/bin/sh

if [ -f $1.zone ];

then

   echo "Will sign $1.zone"

else

   echo "$1.zone does not exist.";

   exit;

fi

if [ -f $1.ksk.key ];

then

   echo "Using pre-generated key-signing keypair."

else

   echo "Generating new key-signing keypair."

   KSKNAME=$(/usr/bin/dnssec-keygen -f KSK -e -a NSEC3RSASHA1 -b 2048 -n ZONE $1)

   /bin/mv $KSKNAME.key $1.ksk.key

   /bin/mv $KSKNAME.private $1.ksk.key.private

fi

if [ -f $1.zsk.key ];

then

   echo "Using pre-generated zone-signing keypair."

else

   echo "Generating zone-signing keypair."

   ZSKNAME=$(/usr/bin/dnssec-keygen -a NSEC3RSASHA1 -b 2048 -n ZONE $1)

   /bin/mv $ZSKNAME.key $1.zsk.key

   /bin/mv $ZSKNAME.private $1.zsk.key.private

fi

echo "Signing zone."

/usr/sbin/dnssec-signzone -t -N increment -H 10 -k $1.ksk.key -e +7776000 -o $1. $1.zone /var/bind/pri/$1.zsk.key

echo "Done."
```

So let's try this on example.com.zone:

```
# ./signzone.sh example.com

Will sign example.com.zone

Generating new key-signing keypair.

Generating zone-signing keypair.

Signing zone.

dnssec-signzone: cannot load dnskey /var/bind/pri/example.com.zsk.key: file not found

Done.
```

Um, no, it's right here.

```
# stat example.com.zsk.key

  File: `example.com.zsk.key'

  Size: 395          Blocks: 8          IO Block: 4096   regular file

Device: 6802h/26626d   Inode: 17989721    Links: 1

Access: (0644/-rw-r--r--)  Uid: (    0/    root)   Gid: (    0/    root)

Access: 2009-08-11 11:20:12.000000000 -0400

Modify: 2009-08-11 11:20:12.000000000 -0400

Change: 2009-08-11 11:20:12.000000000 -0400
```

What's going on here?  I'm using BIND and bind-tools 9.6.1, as I'd like to implement NSEC3.[/code]Last edited by SignOfZeta on Tue Aug 11, 2009 3:59 pm; edited 1 time in total

----------

## SignOfZeta

Thanks to some strace output, I solved my own problem.  The script named public keys with a .key extension, and private ones with a .key.private extension.  BIND's tools were expecting .key and .private.

----------

