
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">

<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>

</head>

<body dir="ltr">

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

<div style="margin:0px;font-size:12pt;color:black;background-color:rgb(255, 255, 255)">

I did guess that, but no luck. So I moved the cert and keys into a directory where dnsdist had write perms. </div>

<div style="margin:0px;font-size:12pt;color:black;background-color:rgb(255, 255, 255)">

<br>

</div>

<div style="margin:0px;font-size:12pt;color:black;background-color:rgb(255, 255, 255)">

[root@t2 ~]# ls /etc/dnsdist/ssl

<div style="margin:0px">pub.key  t2.xolentum.net.crt  t2.xolentum.net.key</div>

<div style="margin:0px"><br>

</div>

<div style="margin:0px">Perms :</div>

</div>

<div style="margin:0px;font-size:12pt;color:black;background-color:rgb(255, 255, 255)">

<br>

</div>

<div style="margin:0px;font-size:12pt;color:black;background-color:rgb(255, 255, 255)">

[root@t2 ~]# namei -l /etc/dnsdist/ssl

<div style="margin:0px">f: /etc/dnsdist/ssl</div>

<div style="margin:0px">dr-xr-xr-x root    root    /</div>

<div style="margin:0px">drwxr-xr-x root    root    etc</div>

<div style="margin:0px">drwxr-xr-x dnsdist dnsdist dnsdist</div>

<div style="margin:0px">drwxr-xr-x dnsdist dnsdist ssl</div>

<br>

But once again, no luck with this command although the fingerprint is shown:</div>

<div style="margin:0px;font-size:12pt;color:black;background-color:rgb(255, 255, 255)">

<br>

</div>

<div style="margin:0px;font-size:12pt;color:black;background-color:rgb(255, 255, 255)">

[root@t2 ~]#  dnsdist -e 'generateDNSCryptProviderKeys("/etc/dnsdist/ssl/pub.key", "/etc/dnsdist/ssl/t2.xolentum.net.key")' --verbose

<div style="margin:0px">Read configuration from '/etc/dnsdist/dnsdist.conf'</div>

<div style="margin:0px">Adding server to default pool</div>

<div style="margin:0px">Connecting to 127.0.0.1:5199</div>

<div style="margin:0px">Provider fingerprint is: 6BEA:CDAB:114C:E2E5:DA96:743F:A6FB:4941:CEF6:B434:9C8B:CA5F:FE44:A9B3:7F23:70C0</div>

<br>

And tried searching the entire /, no resolver.key or similar file found. </div>

<div style="margin:0px;font-size:12pt;color:black;background-color:rgb(255, 255, 255)">

<br>

</div>

<div style="margin:0px;font-size:12pt;color:black;background-color:rgb(255, 255, 255)">

[root@t2 ~]# find / -iname resolver* -type f

<div style="margin:0px">/usr/share/doc/libxml2-python-2.9.1/resolver.py</div>

<br>

Ideas?</div>

<br>

</div>

<div id="appendonsend"></div>

<hr style="display:inline-block;width:98%" tabindex="-1">

<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>From:</b> dnsdist <dnsdist-bounces@mailman.powerdns.com> on behalf of Jacob Bunk Nielsen via dnsdist <dnsdist@mailman.powerdns.com><br>

<b>Sent:</b> Monday, December 14, 2020 11:25 AM<br>

<b>To:</b> dnsdist@mailman.powerdns.com <dnsdist@mailman.powerdns.com><br>

<b>Subject:</b> Re: [dnsdist] DNScrypt with DNSDist</font>

<div> </div>

</div>

<div class="BodyFragment"><font size="2"><span style="font-size:11pt;">

<div class="PlainText">Hi<br>

<br>

<br>

On 13/12/2020 06.10, Sayan Bhattacharyya via dnsdist wrote:<br>

> Hello,<br>

><br>

> I'm trying to generate the resolver key using my certificate's public <br>

> and private keys, the command that I'm using on the DNSDist console is:<br>

><br>

> /generateDNSCryptProviderKeys("/etc/pki/tls/certs/public.key", <br>

> "/etc/pki/tls/private/private.key")/<br>

> /<br>

> /<br>

> I can see that my fingerprint is printed to the screen, however, I do <br>

> not get where is the key being save? It's neither in the CWD nor in <br>

> the//etc/dnsdist/directory. Where is the location?<br>

<br>

Did you check the paths that you entered in the dnsdist console? I.e. <br>

/etc/pki/tls/certs/ and /etc/pki/tls/private/ ? That's where I'd expect <br>

to find them when I read <a href="https://dnsdist.org/guides/dnscrypt.html">https://dnsdist.org/guides/dnscrypt.html</a><br>

<br>

<br>

Best regards,<br>

<br>

<br>

Jacob<br>

<br>

_______________________________________________<br>

dnsdist mailing list<br>

dnsdist@mailman.powerdns.com<br>

<a href="https://mailman.powerdns.com/mailman/listinfo/dnsdist">https://mailman.powerdns.com/mailman/listinfo/dnsdist</a><br>

</div>

</span></font></div>

</body>

</html>