Where is managed-keys.bind ?
Chris Thompson
cet1 at cam.ac.uk
Fri Oct 1 14:09:52 UTC 2010
On Oct 1 2010, Tony Finch wrote:
>On Fri, 1 Oct 2010, Magali Bernard wrote:
>>
>> Oct 1 08:30:19 stroph named[24453]: set up managed keys zone for view _default, file 'managed-keys.bind'
>> Oct 1 08:30:19 stroph named[24453]: managed-keys-zone ./IN: loading from master file managed-keys.bind failed: file not found
>> Oct 1 08:30:19 stroph named[24453]: managed-keys-zone ./IN: loaded serial 0
>>
>> We do not sign (yet) our zones with DNSSEC, is it safe to turn off
>> dnssec-lookaside, and how ?
>> dnssec-lookaside no ?
>
>dnssec-lookaside is off by default, and both DLV and the managed keys zone
>relate to validation rather than serving signed zones.
>
>The managed keys zone is used for RFC 5011 trust anchor rollover which you
>can use with both DLV (via the "dnssec-lookaside auto;" setting) and the
>root trust anchor (which requires a managed-keys clause as below). Bind
>creates the managed keys zone if it isn't present, and the warning it logs
>when it does this is benign.
Except that it is classified as an "error", not a "warning". And if you
don't have any managed keys, then it won't create the file, and so will
complain again the next time BIND is restarted.
An empty file managed-keys.bind in BIND's working directory will get it
to shut up.
--
Chris Thompson
Email: cet1 at cam.ac.uk
More information about the bind-users
mailing list