All rollrec files, keyrec files, zone files, and authentication keys MUST be properly protected. If these files are not protected, then the security of the zone files may be compromised.
The .private portions of key files must
only be readable or writable by the root user.
The DNSSEC-Tools files must only be writable by the root user.