<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto">Hi,<div><br></div><div>running latest upstream version first might save you some time, it’s this:</div><div><br></div><div><div style="display: block;" class=""><div style="-webkit-user-select: all; -webkit-user-drag: element; display: inline-block;" class="apple-rich-link" draggable="true" role="link" data-url="https://gitlab.isc.org/isc-projects/bind9/-/issues/2895"><a style="border-radius:10px;font-family:-apple-system, Helvetica, Arial, sans-serif;display:block;-webkit-user-select:none;width:228px;user-select:none;-webkit-user-modify:read-only;user-modify:read-only;overflow:hidden;text-decoration:none;" class="lp-rich-link" rel="nofollow" href="https://gitlab.isc.org/isc-projects/bind9/-/issues/2895" dir="ltr" role="button" draggable="false" width="228"><table style="table-layout:fixed;border-collapse:collapse;width:228px;background-color:#E9E9EB;font-family:-apple-system, Helvetica, Arial, sans-serif;" class="lp-rich-link-emailBaseTable" cellpadding="0" cellspacing="0" border="0" width="228"><tbody><tr><td vertical-align="center" align="center"><img style="width:228px;filter:brightness(0.97);height:228px;" width="228" height="228" draggable="false" class="lp-rich-link-mediaImage" alt="Bind_9_Mark_ISC_Blue.png" src="cid:81767BA8-8695-4BEF-80B9-6E6FD22965DD"></td></tr><tr><td vertical-align="center"><table bgcolor="#E9E9EB" cellpadding="0" cellspacing="0" width="228" style="font-family:-apple-system, Helvetica, Arial, sans-serif;table-layout:fixed;background-color:rgba(233, 233, 235, 1);" class="lp-rich-link-captionBar"><tbody><tr><td style="padding:8px 0px 8px 0px;" class="lp-rich-link-captionBar-textStackItem"><div style="max-width:100%;margin:0px 16px 0px 16px;overflow:hidden;" class="lp-rich-link-captionBar-textStack"><div style="word-wrap:break-word;font-weight:500;font-size:12px;overflow:hidden;text-overflow:ellipsis;text-align:left;" class="lp-rich-link-captionBar-textStack-topCaption-leading"><a rel="nofollow" href="https://gitlab.isc.org/isc-projects/bind9/-/issues/2895" style="text-decoration: none" draggable="false"><font color="#000000" style="color: rgba(0, 0, 0, 1);">named can create unrecoverable managed-keys.jnl file (#2895) · Issues · ISC Open Source Projects / BIND · GitLab</font></a></div><div style="word-wrap:break-word;font-weight:400;font-size:11px;overflow:hidden;text-overflow:ellipsis;text-align:left;" class="lp-rich-link-captionBar-textStack-bottomCaption-leading"><a rel="nofollow" href="https://gitlab.isc.org/isc-projects/bind9/-/issues/2895" style="text-decoration: none" draggable="false"><font color="#A2A2A9" style="color: rgba(60, 60, 67, 0.6);">gitlab.isc.org</font></a></div></div></td></tr></tbody></table></td></tr></tbody></table></a></div><br></div></div><div><div style="display: block;" class=""><br></div><div style="display: block;" class="">Ondrej</div><div dir="ltr"><div>--</div>Ondřej Surý — ISC (He/Him)<div><br></div><div>My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.</div></div><div dir="ltr"><br><blockquote type="cite">On 28. 12. 2022, at 1:51, Philip Prindeville <philipp_subx@redfish-solutions.com> wrote:<br><br></blockquote></div><blockquote type="cite"><div dir="ltr"><span>Hi,</span><br><span></span><br><span>I notice that went Bind 9.18.7 comes up on OpenWRT, and I'm running it as a local resolver, resolution initially doesn't work and I get a lot of noise in /var/log/messages like:</span><br><span></span><br><span>Dec 27 17:27:12 OpenWrt named[13171]: validating org/DS: no valid signature found</span><br><span>Dec 27 17:27:12 OpenWrt named[13171]: no valid RRSIG resolving 'org/DS/IN': 193.0.14.129#53</span><br><span>Dec 27 17:27:12 OpenWrt named[13171]: validating org/DS: no valid signature found</span><br><span>Dec 27 17:27:12 OpenWrt named[13171]: no valid RRSIG resolving 'org/DS/IN': 198.97.190.53#53</span><br><span>Dec 27 17:27:12 OpenWrt named[13171]: validating org/DS: no valid signature found</span><br><span>Dec 27 17:27:12 OpenWrt named[13171]: no valid RRSIG resolving 'org/DS/IN': 202.12.27.33#53</span><br><span>Dec 27 17:27:12 OpenWrt named[13171]: broken trust chain resolving '_.linksys.pool.ntp.org/A/IN': 185.209.85.151#53</span><br><span>Dec 27 17:27:12 OpenWrt named[13171]: validating 0.linksys.pool.ntp.org/A: bad cache hit (org/DS)</span><br><span>Dec 27 17:27:12 OpenWrt named[13171]: broken trust chain resolving '0.linksys.pool.ntp.org/A/IN': 45.127.112.23#53</span><br><span>Dec 27 17:27:13 OpenWrt named[13171]: validating tabletcaptiveportal.com/A: bad cache hit (com/DS)</span><br><span>Dec 27 17:27:13 OpenWrt named[13171]: broken trust chain resolving 'tabletcaptiveportal.com/A/IN': 205.251.195.137#53</span><br><span>Dec 27 17:27:13 OpenWrt named[13171]:   validating syringanetworks.net/SOA: bad cache hit (net/DS)</span><br><span>Dec 27 17:27:13 OpenWrt named[13171]: broken trust chain resolving '_.voip.syringanetworks.net/A/IN': 66.232.66.3#53</span><br><span>Dec 27 17:27:13 OpenWrt named[13171]:   validating syringanetworks.net/SOA: bad cache hit (net/DS)</span><br><span>Dec 27 17:27:13 OpenWrt named[13171]: broken trust chain resolving '_._udp.voip.syringanetworks.net/A/IN': 66.232.66.3#53</span><br><span>Dec 27 17:27:13 OpenWrt named[13171]:   validating syringanetworks.net/SOA: bad cache hit (net/DS)</span><br><span>Dec 27 17:27:13 OpenWrt named[13171]: broken trust chain resolving '_sip._udp.voip.syringanetworks.net/SRV/IN': 66.232.66.3#53</span><br><span></span><br><span>Until I run a script that contains:</span><br><span></span><br><span>#!/bin/sh</span><br><span></span><br><span>rm -f /tmp/managed-keys.bind* /tmp/*.jnl</span><br><span></span><br><span>rndc managed-keys refresh</span><br><span>rndc managed-keys sync</span><br><span></span><br><span>/etc/init.d/named restart</span><br><span></span><br><span>And the "restart" command basically kills the old instance of the server, then restarts it.  Then the errors go away and everything works.</span><br><span></span><br><span>What does this point to as being wrong in the startup scripts so I can fix it?</span><br><span></span><br><span>Thanks,</span><br><span></span><br><span>-Philip</span><br><span></span><br><span></span><br><span></span><br><span></span><br><span>-- </span><br><span>Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list</span><br><span></span><br><span>ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.</span><br><span></span><br><span></span><br><span>bind-users mailing list</span><br><span>bind-users@lists.isc.org</span><br><span>https://lists.isc.org/mailman/listinfo/bind-users</span><br></div></blockquote></div></body></html>