broken trust chain
Tony Finch
dot at dotat.at
Fri Sep 25 19:55:25 UTC 2020
Josef Moellers <jmoellers at suse.de> wrote:
>
> I just foudn out that in the good case, the key in /etc/bind.keys is
> accepted, in the bad case it is not:
> good:managed-keys-zone: Key 20326 for zone . acceptance timer complete:
> key now trusted
> bad:managed-keys-zone: No DNSKEY RRSIGs found for '.': success
>
> So the question is: what causes this?
Sounds like you have a stale bind.keys file. You don't need this file:
`named` has a built-in copy which is up-to-date if you keep up with
patching. You should be able to fix it by deleting bind.keys and the
working files managed-keys.bind managed-keys.bind.jnl *.mkeys *.mkeys.jnl
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
Viking: North 6 to gale 8, occasionally severe gale 9 for a time. Rough,
becoming very rough or high. Showers. Good, occasionally moderate.
More information about the bind-workers
mailing list