Re: 9.7.1-P2 managed-keys error
02-Oct-2010 17:33:53.125 general: error: managed-keys-zone ./IN: loading from master file managed-keys.bind failed: file not found I've googled around but am not clear on what's causing this error? Does this file need to be created manually for BIND to be able to write to it? I have a directory /etc/namedb/working, and permissions are: drwxr-xr-x 2 bind wheel 512 Jul 18 19:23 . drwxr-xr-x 6 root wheel 512 Oct 2 15:52 .. https://lists.isc.org/mailman/htdig/bind-users/2010-October/081249.html -- ** Magali BERNARD - DSI pôle Système, Réseau et Sécurité Université Jean Monnet de Saint-Étienne - FRANCE - A: Yes. Q: Are you sure ? A: Because it reverses the logical flow of conversation. Q: Why is top posting annoying in email ? ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Where is managed-keys.bind ?
Hello bind-users, Today I jumped from BIND 9.6.2 to 9.7.2-P2 Seems to be ok, except: Oct 1 08:30:19 stroph named[24453]: set up managed keys zone for view _default, file 'managed-keys.bind' Oct 1 08:30:19 stroph named[24453]: managed-keys-zone ./IN: loading from master file managed-keys.bind failed: file not found Oct 1 08:30:19 stroph named[24453]: managed-keys-zone ./IN: loaded serial 0 We do not sign (yet) our zones with DNSSEC, is it safe to turn off dnssec-lookaside, and how ? dnssec-lookaside no ? Any other suggestion ? Thanks in advance, -- ** Magali BERNARD - DSI pôle Système, Réseau et Sécurité Université Jean Monnet de Saint-Étienne - FRANCE - A: Yes. Q: Are you sure ? A: Because it reverses the logical flow of conversation. Q: Why is top posting annoying in email ? ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Where is managed-keys.bind ?
On Oct 1 2010, Tony Finch wrote: On Fri, 1 Oct 2010, Magali Bernard wrote: Oct 1 08:30:19 stroph named[24453]: set up managed keys zone for view _default, file 'managed-keys.bind' Oct 1 08:30:19 stroph named[24453]: managed-keys-zone ./IN: loading from master file managed-keys.bind failed: file not found Oct 1 08:30:19 stroph named[24453]: managed-keys-zone ./IN: loaded serial 0 We do not sign (yet) our zones with DNSSEC, is it safe to turn off dnssec-lookaside, and how ? dnssec-lookaside no ? dnssec-lookaside is off by default, and both DLV and the managed keys zone relate to validation rather than serving signed zones. The managed keys zone is used for RFC 5011 trust anchor rollover which you can use with both DLV (via the dnssec-lookaside auto; setting) and the root trust anchor (which requires a managed-keys clause as below). Bind creates the managed keys zone if it isn't present, and the warning it logs when it does this is benign. Except that it is classified as an error, not a warning. And if you don't have any managed keys, then it won't create the file, and so will complain again the next time BIND is restarted. An empty file managed-keys.bind in BIND's working directory will get it to shut up. Thanks a lot ! I did: touch managed-keys.bind and now BIND is silently working. -- ** Magali BERNARD - DSI pôle Système, Réseau et Sécurité Université Jean Monnet de Saint-Étienne - FRANCE - A: Yes. Q: Are you sure ? A: Because it reverses the logical flow of conversation. Q: Why is top posting annoying in email ? ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users