<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>
</head>
<body dir="ltr">
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<div style="margin:0px;font-size:12pt;color:black;background-color:rgb(255, 255, 255)">
I did guess that, but no luck. So I moved the cert and keys into a directory where dnsdist had write perms. </div>
<div style="margin:0px;font-size:12pt;color:black;background-color:rgb(255, 255, 255)">
<br>
</div>
<div style="margin:0px;font-size:12pt;color:black;background-color:rgb(255, 255, 255)">
[root@t2 ~]# ls /etc/dnsdist/ssl
<div style="margin:0px">pub.key  t2.xolentum.net.crt  t2.xolentum.net.key</div>
<div style="margin:0px"><br>
</div>
<div style="margin:0px">Perms :</div>
</div>
<div style="margin:0px;font-size:12pt;color:black;background-color:rgb(255, 255, 255)">
<br>
</div>
<div style="margin:0px;font-size:12pt;color:black;background-color:rgb(255, 255, 255)">
[root@t2 ~]# namei -l /etc/dnsdist/ssl
<div style="margin:0px">f: /etc/dnsdist/ssl</div>
<div style="margin:0px">dr-xr-xr-x root    root    /</div>
<div style="margin:0px">drwxr-xr-x root    root    etc</div>
<div style="margin:0px">drwxr-xr-x dnsdist dnsdist dnsdist</div>
<div style="margin:0px">drwxr-xr-x dnsdist dnsdist ssl</div>
<br>
But once again, no luck with this command although the fingerprint is shown:</div>
<div style="margin:0px;font-size:12pt;color:black;background-color:rgb(255, 255, 255)">
<br>
</div>
<div style="margin:0px;font-size:12pt;color:black;background-color:rgb(255, 255, 255)">
[root@t2 ~]#  dnsdist -e 'generateDNSCryptProviderKeys("/etc/dnsdist/ssl/pub.key", "/etc/dnsdist/ssl/t2.xolentum.net.key")' --verbose
<div style="margin:0px">Read configuration from '/etc/dnsdist/dnsdist.conf'</div>
<div style="margin:0px">Adding server to default pool</div>
<div style="margin:0px">Connecting to 127.0.0.1:5199</div>
<div style="margin:0px">Provider fingerprint is: 6BEA:CDAB:114C:E2E5:DA96:743F:A6FB:4941:CEF6:B434:9C8B:CA5F:FE44:A9B3:7F23:70C0</div>
<br>
And tried searching the entire /, no resolver.key or similar file found. </div>
<div style="margin:0px;font-size:12pt;color:black;background-color:rgb(255, 255, 255)">
<br>
</div>
<div style="margin:0px;font-size:12pt;color:black;background-color:rgb(255, 255, 255)">
[root@t2 ~]# find / -iname resolver* -type f
<div style="margin:0px">/usr/share/doc/libxml2-python-2.9.1/resolver.py</div>
<br>
Ideas?</div>
<br>
</div>
<div id="appendonsend"></div>
<hr style="display:inline-block;width:98%" tabindex="-1">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>From:</b> dnsdist <dnsdist-bounces@mailman.powerdns.com> on behalf of Jacob Bunk Nielsen via dnsdist <dnsdist@mailman.powerdns.com><br>
<b>Sent:</b> Monday, December 14, 2020 11:25 AM<br>
<b>To:</b> dnsdist@mailman.powerdns.com <dnsdist@mailman.powerdns.com><br>
<b>Subject:</b> Re: [dnsdist] DNScrypt with DNSDist</font>
<div> </div>
</div>
<div class="BodyFragment"><font size="2"><span style="font-size:11pt;">
<div class="PlainText">Hi<br>
<br>
<br>
On 13/12/2020 06.10, Sayan Bhattacharyya via dnsdist wrote:<br>
> Hello,<br>
><br>
> I'm trying to generate the resolver key using my certificate's public <br>
> and private keys, the command that I'm using on the DNSDist console is:<br>
><br>
> /generateDNSCryptProviderKeys("/etc/pki/tls/certs/public.key", <br>
> "/etc/pki/tls/private/private.key")/<br>
> /<br>
> /<br>
> I can see that my fingerprint is printed to the screen, however, I do <br>
> not get where is the key being save? It's neither in the CWD nor in <br>
> the//etc/dnsdist/directory. Where is the location?<br>
<br>
Did you check the paths that you entered in the dnsdist console? I.e. <br>
/etc/pki/tls/certs/ and /etc/pki/tls/private/ ? That's where I'd expect <br>
to find them when I read <a href="https://dnsdist.org/guides/dnscrypt.html">https://dnsdist.org/guides/dnscrypt.html</a><br>
<br>
<br>
Best regards,<br>
<br>
<br>
Jacob<br>
<br>
_______________________________________________<br>
dnsdist mailing list<br>
dnsdist@mailman.powerdns.com<br>
<a href="https://mailman.powerdns.com/mailman/listinfo/dnsdist">https://mailman.powerdns.com/mailman/listinfo/dnsdist</a><br>
</div>
</span></font></div>
</body>
</html>