session.key and managed-keys

TCPWave Customer Care customercare at
Sun Jul 10 14:39:57 UTC 2011


Look at the directory statement of your named.conf. Go to that directory
and touch a file called managed-keys.bind.  Restart named. Your problem
should be solved.

cp /dev/null $DIR/managed-keys.bind if you are using a UNIX operating

This file lists the DNSSEC keys that BIND likes to keep up to date using
RFC 5011 trust anchor maintenance. If you are not using DNSSEC, you
don't need this file.

TCPWave Customer Care Team

On Sun, 2011-07-10 at 12:30 +0300, Emil Natan wrote:
> Hi,
> I have few boxes running BIND 9.7.3-P3. I do not use DNSSEC (for now)
> and dynamic updates (at all) and I have them explicitly disabled in
> named.conf (dnssec-enable   no; dnssec-validation no; allow-update
> { none; };) but I see named still searching for managed-keys.bind file
> and trying to create session.key file. In the general case it fails
> with file not found and permission denied which I know how to correct.
> My question is why BIND is forced to create files and especially the
> session.key? Is there a way to change that behavior?
> Thanks,
> ena
> _______________________________________________
> Please visit to unsubscribe from this list
> bind-users mailing list
> bind-users at

More information about the bind-users mailing list