ERROR: Failed to create fetch for DNSKEY update
Peter
pmc at citylink.dinoex.sub.org
Mon Nov 15 02:41:44 UTC 2021
Hi all,
I continuousely happen to see this message:
> local0.warn named[2291]:
> dnssec: warning: managed-keys-zone: Failed to create fetch for DNSKEY update
I see it on different nameservers, at different sites, with and
without views, with and without IPv6, and I see it every time when
named is restarted.
I couldn't find the message mentioned on google etc.
The docs say DNSSEC for a mere recursive server should work out of the
box with the defaults. Apparently it doesn't, but where could I find a
clue about what my config is missing? (I have nothing at all
configured concerning DNSSEC.)
----------------------------------------
Other clues failing, I took a look at the source, and I suppose things to
bo like that:
lib/dns/zone.c:zone_refreshkeys()
if (result == ISC_R_SUCCESS) {
fetching = true;
} else {
...skipping...
dnssec_log(zone, ISC_LOG_WARNING,
"Failed to create fetch for DNSKEY update %d", result);
lib/dns/resolver.c:dns_resolver_createfetch()
lib/dns/resolver.c:fctx_create()
lib/dns/view.c:dns_view_findzonecut()
} else if (result != ISC_R_SUCCESS) {
/*
* Something is broken.
*/
(could have almost imagined that ...)
lib/dns/zone.c:dns_zone_getdb()
if (zone->db == NULL) {
result = DNS_R_NOTLOADED;
-----------------------------------------------------
So this doesn't give a clue either :(
Wondering
* WHAT is broken?
* Why does it happen only to me?
Cheerio,
PMc
More information about the bind-users
mailing list