9.7.0-P1 managed-keys.bind issues

[Mark Watts]

On Wed, 2010-04-14 at 13:10 +0100, Mark Watts wrote:
> I'm trying to setup a new 9.7.0-P1 server in order to (initially) do
> DNSSEC validation lookups.
> I'm using the Fedora 13 SRPM, recompiled on CentOS 5.4. SELinux is Off
> currently.
> 
> when I add the following to my options {} section, I get some log
> messages I don't understand...
> 
>         dnssec-enable yes;
>         dnssec-validation yes;
>         dnssec-lookaside auto;
> 
> Apr 14 12:06:34 dns01 named[4911]: zone managed-keys.bind/IN/_meta: loading from master file dynamic/managed-keys.bind failed: file not found
> Apr 14 12:06:34 dns01 named[4911]: dynamic/managed-keys.bind.jnl: create: file not found
> Apr 14 12:06:34 dns01 named[4911]: zone managed-keys.bind/IN/_meta: sync_keyzone:dns_journal_open -> unexpected error
> Apr 14 12:06:34 dns01 named[4911]: zone managed-keys.bind/IN/_meta: loaded serial 0
> Apr 14 12:06:35 dns01 named[4911]: zone managed-keys.bind/IN/_meta: Unable to fetch DNSKEY set 'dlv.isc.org': failure
> Apr 14 12:06:35 dns01 named[4911]: dynamic/managed-keys.bind.jnl: create: file not found
> Apr 14 12:06:35 dns01 named[4911]: zone managed-keys.bind/IN/_meta: keyfetch_done:dns_journal_open -> unexpected error
> 
> I can explain the "Unable to fetch DNSKEY" message; the server currently
> has no direct Internet access.
> 
> What do the other messages mean, and how can I resolve them?
> 
> Mark.

It would appear that these are all related. Allowing outbound DNS
queries fixed these messages.

Mark.

-- 
Mark Watts BSc RHCE MBCS
Senior Systems Engineer, Managed Services Manpower
www.QinetiQ.com
QinetiQ - Delivering customer-focused solutions
GPG Key: http://www.linux-corner.info/mwatts.gpg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20100414/9bcb431e/attachment.bin>