managed-keys vs trust-anchors
Bob McDonald
bmcdonaldjr at gmail.com
Wed Jan 4 20:25:10 UTC 2023
Thanks Evan and Ondrej. I'll let the folks at FreeBSD know also. Their
bind packages still include that file.
Bob
On Wed, Jan 4, 2023, 14:59 Evan Hunt <each at isc.org> wrote:
> On Mon, Jan 02, 2023 at 07:33:46AM -0500, Bob McDonald wrote:
> > I've upgraded to bind 9.16.36.
> >
> > I went to the ISC site and picked up the bind.keys file.
> >
> > However, it is intended for use in bind 9.11 and contains the
> managed-keys
> > clause. This throws an error in the syslog messages during startup. It
> > appears to still function correctly.
> >
> > In the ARM for bind 9.16 it states that managed-keys clause is
> deprecated.
> > Replacing the managed-keys clause with the trust-anchors clause seems to
> > fix the issue. In the file itself it states the following:
> >
> > # This file is NOT expected to be user-configured.
> >
> > Perhaps I've missed something. If not, the documentation needs to be a
> bit
> > more clear on this. Would it be helpful to have a version of the
> bind.keys
> > file for bind 9.16 and above?
>
> Thanks for bringing this to our attention. It's no longer necessary
> to get the bind.keys file from the ISC website. We've updated the
> site to remove the downloadable version, and just put some explanatory
> text there instead.
>
> The bind.keys file was originally put there for reasons that aren't really
> applicable anymore; you can safely rely on the one that's compiled in to
> named now. Some background on this can be found in the discussion at
> https://www.mail-archive.com/bind-users@lists.isc.org/msg31664.html.
>
> (And, if for some odd reason you really do need to download a new copy of
> bind.keys instead of updating BIND, you can pull it from the source tree:
> https://gitlab.isc.org/isc-projects/bind9/-/blob/main/bind.keys.)
>
> --
> Evan Hunt -- each at isc.org
> Internet Systems Consortium, Inc.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20230104/ca57318b/attachment.htm>
More information about the bind-users
mailing list