DNSSSEC problem "Error generating zone keys"

F

FatBob

Verified User
Joined
Dec 13, 2020
Messages
9
Hi, I'm trying to enable DNSSSEC. I did everything as instruction says: https://help.directadmin.com/item.php?id=651
Unfortunately when I try to generate the keys I get the message:

"Error with dnssec.sh keygen: Starting keygen process for mydomain.com
dnssec-keygen: fatal: The -r option has been deprecated.
System random data is always used.

Cannot find /etc/bind/.key or /etc/bind/.private"
Click to expand...

I understand the message, but I don't know how to fix it. Can you help me out?

My OS is Ubuntu 20.04, all packages and DA are the latest ones - it's fresh installed.
 
You should remove the '-r' option in the script (/usr/local/directadmin/scripts/dnssec.sh).

See also:

Please fix dnssec.sh - deprecated -r option

When using newer versions of Bind the script dnssec.sh produces error: root@srv2:/usr/local/directadmin/scripts # ./dnssec.sh sign ... Starting signing process for ... dnssec-signzone: fatal: The -r options has been deprecated. This fatal error prevents the renewal of the domain which is a...
forum.directadmin.com forum.directadmin.com

dnssec-signzone: fatal: The -r options has been deprecated.

My zone expired and was not autorenewed. It could be related to this issue: root@srv2:/usr/local/directadmin/scripts # ./dnssec.sh sign Starting signing process for dnssec-signzone: fatal: The -r options has been deprecated. OS: FreeBSD 11.2 named: BIND 9.14.1 (Stable Release)
forum.directadmin.com forum.directadmin.com

@DirectAdmin Support : Maybe a bind version check in the script can solve this, as it looks like this also happens on Ubuntu 20.04 now.. :)
 
Nickske00 said:
You should remove the '-r' option in the script (/usr/local/directadmin/scripts/dnssec.sh).

See also:

Please fix dnssec.sh - deprecated -r option

When using newer versions of Bind the script dnssec.sh produces error: root@srv2:/usr/local/directadmin/scripts # ./dnssec.sh sign ... Starting signing process for ... dnssec-signzone: fatal: The -r options has been deprecated. This fatal error prevents the renewal of the domain which is a...
forum.directadmin.com forum.directadmin.com

dnssec-signzone: fatal: The -r options has been deprecated.

My zone expired and was not autorenewed. It could be related to this issue: root@srv2:/usr/local/directadmin/scripts # ./dnssec.sh sign Starting signing process for dnssec-signzone: fatal: The -r options has been deprecated. OS: FreeBSD 11.2 named: BIND 9.14.1 (Stable Release)
forum.directadmin.com forum.directadmin.com

@DirectAdmin Support : Maybe a bind version check in the script can solve this, as it looks like this also happens on Ubuntu 20.04 now.. :)
Click to expand...

Thank you :)

I commented out the entire line with the -r option in the file you mentioned and now it works.

All what's left is to figure out how to set it up at the domain registrar. I'll let you know how it went.
 
You must log in or register to reply here.
Back
Top