On Oct 1 2010, Tony Finch wrote:

On Fri, 1 Oct 2010, Magali Bernard wrote:

Oct  1 08:30:19 stroph named[24453]: set up managed keys zone for view 
_default, file 'managed-keys.bind'
Oct  1 08:30:19 stroph named[24453]: managed-keys-zone ./IN: loading from 
master file managed-keys.bind failed: file not found
Oct  1 08:30:19 stroph named[24453]: managed-keys-zone ./IN: loaded serial 0

We do not sign (yet) our zones with DNSSEC, is it safe to turn off
dnssec-lookaside, and how ?
dnssec-lookaside no ?

dnssec-lookaside is off by default, and both DLV and the managed keys zone
relate to validation rather than serving signed zones.

The managed keys zone is used for RFC 5011 trust anchor rollover which you
can use with both DLV (via the "dnssec-lookaside auto;" setting) and the
root trust anchor (which requires a managed-keys clause as below). Bind
creates the managed keys zone if it isn't present, and the warning it logs
when it does this is benign.

Except that it is classified as an "error", not a "warning". And if you
don't have any managed keys, then it won't create the file, and so will
complain again the next time BIND is restarted.

An empty file managed-keys.bind in BIND's working directory will get it
to shut up.

Chris Thompson
Email: c...@cam.ac.uk
bind-users mailing list

Reply via email to