Bind DNS

Common Issues

Issue: server booted with a time in the future, and bind / named downloaded the trust information with a future timestamp

Often you'll see this in the logs:
validating ./DNSKEY: unable to find a DNSKEY which verifies the DNSKEY RRset and also matches a trusted key for '.'
managed-keys-zone: No valid trust anchors for '.'

Solution:

1) shut down named
2) delete /var/named/dynamic/managed-keys.bind.jnl and create file just containing:
;BIND LOG V9
8
3) ensure new file is owned by the named user.
4) start up named

You'll see something like this in the logs:
Apr 28 12:49:00 XXXXXX named[4093]: managed-keys-zone: journal rollforward failed: no more
Apr 28 12:49:00 XXXXXX named[4093]: managed-keys-zone: unable to load from '/var/named/dynamic/managed-keys.bind.jnl'; renaming file to '/var/named/dynamic/jn-xMvuHJmM' for failure analysis and retransferring.

And then your dnssec should start working again...

There's probably better ways to trigger the resolution, but the above seems to work....

Bind DNS

Basic E-Mail Settings

Microsoft Office Outlook

Apple iPhone and iPad

Android Phone and Tablets

Apple Mac OS

Mozilla Thunderbird

Windows Mail

RACKCORP REST API

RACKCORP REST API EXAMPLES

Bind DNS

Common Issues

Issue: server booted with a time in the future, and bind / named downloaded the trust information with a future timestamp

No Comments