DNSSEC Error Log - named[4132]: managed-keys-zone/“externals”: Unable to fetch DNSKEY set '.': timed out
LeBlanc, Daniel James
daniel.leblanc at bellaliant.ca
Fri Aug 2 18:39:38 UTC 2019
Hello All.
I am receiving the following log entry a couple of times per hour on my ISC BIND 9.14.0 VMs:
named[4132]: managed-keys-zone/“externals”: Unable to fetch DNSKEY set '.': timed out
This is occurring only on my authoritative servers and only for the view that I do not have recursion enabled for (the “externals” view; the “internals” view has recursion enabled and it is working). I determined this as follows:
~]$ sudo /var/named/sbin/rndc secroots -
secure roots as of 02-Aug-2019 10:24:22.455:
Start view “internals”
Secure roots:
./RSASHA256/20326 ; managed
Negative trust anchors:
Start view “externals”
Secure roots:
./RSASHA256/20326 ; initializing managed
./RSASHA256/19036 ; initializing managed
Negative trust anchors:
I have the following statements defined in options:
bindkeys-file "keys/bind.keys";
dnssec-enable yes;
dnssec-validation auto;
dnssec-accept-expired no;
dnssec-lookaside no;
Is there a way that I can disable the managed-key lookups for the “externals” view while leaving it in place for the “internals” view? I tried moving the bindkeys-file to the internals view only but named wouldn’t start.
Thanks!
Daniel J. LeBlanc, P.Eng., MBA, DTME | Senior Network Architect | Bell Canada
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20190802/3e9b7a2b/attachment.html>
More information about the bind-users
mailing list