When using nsupdate -l, nsupdate attempts to load session.key from /var/lib/run/named/session.key, but BIND, by default, stores session.key in /var/run/named/session.key. Either BIND should be corrected to use /var/lib/run/named/session.key by default, or bind-tools should be corrected to use /var/run/named/session.key by default. Reproducible: Always Steps to Reproduce: 1. nsupdate -l Actual Results: nsupdate tries to load session.key from /var/lib/run/named/session.key, which doesn't exist, because BIND is creating session.key at /var/run/named/session.key Expected Results: Either nsupdate should load session.key from /var/run/named/session.key, or BIND should create session.key at /var/lib/run/named/session.key Looking at log output for BIND, it mentions that it was configured with '--localstatedir=/var/lib' _and_ '--localstatedir=/var'. '--localstatedir=/var' appears after '--localstatedir=/var/lib' so it seems that it is winning out in BIND's configure script.
Fixed in CVS, thanks! Re-sync in about 1-2 hours and re-merge bind-tools. Note: It will still not work when using a chrooted named.