Issue Problems with DNSSEC with some domains.

[andreios]

Server operating system version

Ubuntu 22.04

Plesk version and microupdate number

18.0.59 Update #2

I have some domains on my server where DNSSEC works flawlessly, but also some where it simply doesn't work. I have already tried 'plesk repair dns -y' and 'plesk repair installation', regenerate the keys. Also I have a domain that gives the error:

named[2037]: dns_dnssec_keylistfromrdataset: error reading keys/exampl.com/Kexample.com.+008+50383.private: file not found

I deleted the signed zone files for this domain, '/var/named/run-root/var/example.com.signed*' but the error still occurs.

In the attached files you see two domains with tewo different looking problems. The result is mixed with the debbug log from named.

 

[andreios]

Turns out the DNSKEYs are not saved correctly by Plesk, I can detect only one of the DNSKEYS as shown in Plesk in /var/keys/in-es.info/Kidomain.info
/*key
I have tried to regenerate the keys, and the files where replaced.

-rw-r--r--  1 bind root  602 Apr 10 08:15 Kidomain.info.+008+02066.key
-rw-------  1 bind root 1,8K Apr 10 08:15 Kdomain.info.+008+02066.private
-rw-r--r--  1 bind root  428 Apr 10 08:15 Kdomain.info.+008+03595.key
-rw-------  1 bind root 1012 Apr 10 08:15 Kdomain.info.+008+03595.private
-rw-r--r--  1 bind root  603 Apr 10 08:15 Kdomain.info.+008+32254.key
-rw-------  1 bind root 1,8K Apr 10 08:15 Kdomain.info.+008+32254.private

But still only one key of the DNSKEYs from Plesk are there. On working domains both keys are found there.
Where did the wrong key from?