Where is managed-keys.bind ?
Magali Bernard
Magali.Bernard at univ-st-etienne.fr
Fri Oct 1 14:57:29 UTC 2010
> On Oct 1 2010, Tony Finch wrote:
>
> >On Fri, 1 Oct 2010, Magali Bernard wrote:
> >>
> >> Oct 1 08:30:19 stroph named[24453]: set up managed keys zone for view _default, file 'managed-keys.bind'
> >> Oct 1 08:30:19 stroph named[24453]: managed-keys-zone ./IN: loading from master file managed-keys.bind failed: file not found
> >> Oct 1 08:30:19 stroph named[24453]: managed-keys-zone ./IN: loaded serial 0
> >>
> >> We do not sign (yet) our zones with DNSSEC, is it safe to turn off
> >> dnssec-lookaside, and how ?
> >> dnssec-lookaside no ?
> >
> >dnssec-lookaside is off by default, and both DLV and the managed keys zone
> >relate to validation rather than serving signed zones.
> >
> >The managed keys zone is used for RFC 5011 trust anchor rollover which you
> >can use with both DLV (via the "dnssec-lookaside auto;" setting) and the
> >root trust anchor (which requires a managed-keys clause as below). Bind
> >creates the managed keys zone if it isn't present, and the warning it logs
> >when it does this is benign.
>
> Except that it is classified as an "error", not a "warning". And if you
> don't have any managed keys, then it won't create the file, and so will
> complain again the next time BIND is restarted.
>
> An empty file managed-keys.bind in BIND's working directory will get it
> to shut up.
Thanks a lot ! I did:
touch managed-keys.bind
and now BIND is silently working.
--
*--------------------------------------------------------------------*
Magali BERNARD - DSI pôle Système, Réseau et Sécurité
Université Jean Monnet de Saint-Étienne - FRANCE
-
A: Yes.
> Q: Are you sure ?
>> A: Because it reverses the logical flow of conversation.
>>> Q: Why is top posting annoying in email ?
More information about the bind-users
mailing list