# Applications

# Bind DNS

#### Common Issues

##### Issue: server booted with a time in the future, and bind / named downloaded the trust information with a future timestamp

Often you'll see this in the logs:  
validating ./DNSKEY: unable to find a DNSKEY which verifies the DNSKEY RRset and also matches a trusted key for '.'  
managed-keys-zone: No valid trust anchors for '.'

Solution:

1\) shut down named  
2\) delete /var/named/dynamic/managed-keys.bind.jnl and create file just containing:  
;BIND LOG V9  
8  
3\) ensure new file is owned by the named user.  
4\) start up named

You'll see something like this in the logs:  
Apr 28 12:49:00 XXXXXX named\[4093\]: managed-keys-zone: journal rollforward failed: no more  
Apr 28 12:49:00 XXXXXX named\[4093\]: managed-keys-zone: unable to load from '/var/named/dynamic/managed-keys.bind.jnl'; renaming file to '/var/named/dynamic/jn-xMvuHJmM' for failure analysis and retransferring.

And then your dnssec should start working again...

There's probably better ways to trigger the resolution, but the above seems to work....