Bind error messages (DNSKEY)

Evan Hunt each at isc.org
Sat Jul 10 16:14:33 UTC 2010


> I have recently started getting the following pair of error messages from
> bind:
> [...]
> Anyone know what these mean, and what I am suposed to do?

In named.conf, you have a trusted-keys statement containing a
key for the .bg domain, and it doesn't match the key that your
resolver fetched from the domain itself.  This could mean the
key is misconfigured on your end, or that they did something
wrong on their end, or, perhaps, that someone sent you forged
data.

If it's still happening, I'd suggest downloading a fresh copy of
the IANA ITAR (See https://itar.iana.org/instructions/ for details)
and compare it against what you've got in your configuration now.

The key I see in their zone right now (key id 46846) matches the
one in the ITAR.

-- 
Evan Hunt -- each at isc.org
Internet Systems Consortium, Inc.



More information about the bind-users mailing list