I was looking all over the place trying to figure this out so time to write it down so I don’t forget next time.

I was using Virtualmin and BIND and trying to setup DNSSEC with it but was getting this error:

managed-keys.bind.jnl: open: permission denied
managed-keys-zone: keyfetch_done:dns_journal_open -> unexpected error
managed-keys-zone: error during managed-keys processing (unexpected error): DNSSEC validation may be at risk

No matter what I tried I could not get it to go away. The files in the folder were owned by bind:bind so it didn’t make any sense. Until I checked the /var/cache/bind folder permissions and saw they were root:bind and tried changing it to bind:bind only to not be able to access the folder at all.

At this point it dawned on me that the files inside the /var/cache/bind folder had the wrong owner. I changed them to root:bind as well and reloaded the config and the error was fixed. Thank goodness!