managed-keys-zone ./IN: No DNSKEY RRSIGs found for '.': success

Paul B. Henson henson at acm.org
Wed Nov 23 23:39:14 UTC 2011 

On Wed, Nov 23, 2011 at 02:02:42PM -0800, Paul B. Henson wrote:
> Still seeing these... No ideas anybody :)?
> 
> Looks like they're always paired with an EDNS log line:
> 
> Nov 23 13:35:19 atlas named[28846]: success resolving './DNSKEY' (in
> '.'?) after disabling EDNS
> Nov 23 13:35:19 atlas named[28846]: managed-keys-zone ./IN/internal: No
> DNSKEY RRSIGs found for '.': success

For the archives, it turns out that we're evaluating a new packetshaper
on our border, specifically the Procera PL8720, and it was
misclassifying dns traffic as uTP (a newer UDP based bittorrent
protocol), and dropping some of it :(. After adding our dns servers to
an exception list so the unit was no longer managing their traffic the
problem stopped.


> On Tue, Nov 22, 2011 at 11:14:08AM -0800, Paul B. Henson wrote:
> > Yesterday I started getting messages like:
> > 
> > Nov 22 10:29:01 gemini named[28532]: managed-keys-zone ./IN: No DNSKEY
> > RRSIGs found for '.': success
> > 
> > Nov 22 10:53:44 titan named[15260]: managed-keys-zone ./IN/external: No
> > DNSKEY RRSIGs found for '.': success
> > Nov 22 10:53:54 titan named[15260]: managed-keys-zone ./IN/internal: No
> > DNSKEY RRSIGs found for '.': success
> > 
> > 
> > in my logs. Looks like they're showing up once per hour since they
> > started, the same message on all my servers, both recursive and
> > authorative. Didn't find anything useful searching for the message.
> > Everything still seems to be working fine. Other than upgrading from
> > 9.7.4 to 9.7.4_p1 last week nothing's changed on my side.
> > 
> > Any thoughts on what this means and why it just started out of the blue?
> 
> -- 
> Paul B. Henson  |  (909) 979-6361  |  http://www.csupomona.edu/~henson/
> Operating Systems and Network Analyst  |  henson at csupomona.edu
> California State Polytechnic University  |  Pomona CA 91768
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

-- 
Paul B. Henson  |  (909) 979-6361  |  http://www.csupomona.edu/~henson/
Operating Systems and Network Analyst  |  henson at csupomona.edu
California State Polytechnic University  |  Pomona CA 91768

More information about the bind-users mailing list