Re: 9.7.1-P2 managed-keys error
> 02-Oct-2010 17:33:53.125 general: error: managed-keys-zone ./IN: loading > from master file managed-keys.bind failed: file not found > > I've googled around but am not clear on what's causing this error? Does this > file need to be created manually for BIND to be able to write to it? I have > a directory "/etc/namedb/working", and permissions are: > > drwxr-xr-x 2 bind wheel 512 Jul 18 19:23 . > drwxr-xr-x 6 root wheel 512 Oct 2 15:52 .. https://lists.isc.org/mailman/htdig/bind-users/2010-October/081249.html -- *------------* Magali BERNARD - DSI pôle Système, Réseau et Sécurité Université Jean Monnet de Saint-Étienne - FRANCE - A: Yes. > Q: Are you sure ? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting annoying in email ? ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Where is managed-keys.bind ?
> On Oct 1 2010, Tony Finch wrote: > > >On Fri, 1 Oct 2010, Magali Bernard wrote: > >> > >> Oct 1 08:30:19 stroph named[24453]: set up managed keys zone for view > >> _default, file 'managed-keys.bind' > >> Oct 1 08:30:19 stroph named[24453]: managed-keys-zone ./IN: loading from > >> master file managed-keys.bind failed: file not found > >> Oct 1 08:30:19 stroph named[24453]: managed-keys-zone ./IN: loaded serial > >> 0 > >> > >> We do not sign (yet) our zones with DNSSEC, is it safe to turn off > >> dnssec-lookaside, and how ? > >> dnssec-lookaside no ? > > > >dnssec-lookaside is off by default, and both DLV and the managed keys zone > >relate to validation rather than serving signed zones. > > > >The managed keys zone is used for RFC 5011 trust anchor rollover which you > >can use with both DLV (via the "dnssec-lookaside auto;" setting) and the > >root trust anchor (which requires a managed-keys clause as below). Bind > >creates the managed keys zone if it isn't present, and the warning it logs > >when it does this is benign. > > Except that it is classified as an "error", not a "warning". And if you > don't have any managed keys, then it won't create the file, and so will > complain again the next time BIND is restarted. > > An empty file managed-keys.bind in BIND's working directory will get it > to shut up. Thanks a lot ! I did: touch managed-keys.bind and now BIND is silently working. -- ** Magali BERNARD - DSI pôle Système, Réseau et Sécurité Université Jean Monnet de Saint-Étienne - FRANCE - A: Yes. > Q: Are you sure ? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting annoying in email ? ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Where is managed-keys.bind ?
Hello bind-users, Today I jumped from BIND 9.6.2 to 9.7.2-P2 Seems to be ok, except: Oct 1 08:30:19 stroph named[24453]: set up managed keys zone for view _default, file 'managed-keys.bind' Oct 1 08:30:19 stroph named[24453]: managed-keys-zone ./IN: loading from master file managed-keys.bind failed: file not found Oct 1 08:30:19 stroph named[24453]: managed-keys-zone ./IN: loaded serial 0 We do not sign (yet) our zones with DNSSEC, is it safe to turn off dnssec-lookaside, and how ? dnssec-lookaside no ? Any other suggestion ? Thanks in advance, -- *----* Magali BERNARD - DSI pôle Système, Réseau et Sécurité Université Jean Monnet de Saint-Étienne - FRANCE - A: Yes. > Q: Are you sure ? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting annoying in email ? ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
