managed-keys update when outgoing UDP is blocked

Tony Finch dot at dotat.at
Mon Feb 24 23:47:03 UTC 2020


Branko Mijuskovic <branko.mijuskovic.hiag at gmail.com> wrote:
>
> We have an authoritative DNS hidden master (bind-9.11.4-9) running behind
> the network where outgoing UDP traffic to unlisted IPs is blocked.
>
> We are using DNSSEC and I've noticed that we are getting following errors
> in the bind9 logfile: 'managed-keys-zone/default: Unable to fetch DNSKEY
> set '.': timed out'

I have configured my hidden primary with a `forwarders` clause pointing at
my recursive servers, which should stop it from trying to talk to the
outside world.

Tony.
-- 
f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
Irish Sea: Westerly 5 to 7, occasionally gale 8 later in south. Moderate,
becoming rough or very rough in south. Wintry showers. Good, occasionally
poor.


More information about the bind-users mailing list