> On Oct 1 2010, Tony Finch wrote: > > >On Fri, 1 Oct 2010, Magali Bernard wrote: > >> > >> Oct 1 08:30:19 stroph named[24453]: set up managed keys zone for view > >> _default, file 'managed-keys.bind' > >> Oct 1 08:30:19 stroph named[24453]: managed-keys-zone ./IN: loading from > >> master file managed-keys.bind failed: file not found > >> Oct 1 08:30:19 stroph named[24453]: managed-keys-zone ./IN: loaded serial > >> 0 > >> > >> We do not sign (yet) our zones with DNSSEC, is it safe to turn off > >> dnssec-lookaside, and how ? > >> dnssec-lookaside no ? > > > >dnssec-lookaside is off by default, and both DLV and the managed keys zone > >relate to validation rather than serving signed zones. > > > >The managed keys zone is used for RFC 5011 trust anchor rollover which you > >can use with both DLV (via the "dnssec-lookaside auto;" setting) and the > >root trust anchor (which requires a managed-keys clause as below). Bind > >creates the managed keys zone if it isn't present, and the warning it logs > >when it does this is benign. > > Except that it is classified as an "error", not a "warning". And if you > don't have any managed keys, then it won't create the file, and so will > complain again the next time BIND is restarted. > > An empty file managed-keys.bind in BIND's working directory will get it > to shut up.
Thanks a lot ! I did: touch managed-keys.bind and now BIND is silently working. -- *--------------------------------------------------------------------* Magali BERNARD - DSI pôle Système, Réseau et Sécurité Université Jean Monnet de Saint-Étienne - FRANCE - A: Yes. > Q: Are you sure ? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting annoying in email ? _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users