1

I am running bind9 in a centos vps and started implementing dnssec so I have signed zonefiles for my domains but the following output shows up in the logfiles every hour

named[12181]: managed-keys-zone ./IN: No DNSKEY RRSIGs found for '.': success
named[12181]: managed-keys-zone ./IN: No DNSKEY RRSIGs found for 'dlv.isc.org': success

My named.conf file with the relevant information. I disabled dnssec-validation because bind throws tons of errors:

        dnssec-enable yes;      
        dnssec-validation no;   
        dnssec-lookaside auto;  

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";
        managed-keys-directory "/var/named/dynamic";
};

zone "." IN {
        type hint;
        file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

My question is what do these messages mean and is there anything that i can do so it doesn't show up in the logfiles? Google wasn't of much help tho.

My domains like example.com and sub.example.com are properly signed and have signatures in keys inside the zonefile so what do I do with the root zones?

Solved: It turns out my dns forwarders were filtering dnssec queries. In addition the vps had a wrong timezone setting. As soon as I corrected the timezone setting and changed my dns forwarders to server that support dnssec everything went flawlessly.

Cœur
  • 37,241
  • 25
  • 195
  • 267
Paul Nemeth
  • 36
  • 1
  • 4
  • 1
    Stack Overflow is a site for programming and development questions. This question appears to be off-topic because it is not about programming or development. See [What topics can I ask about here](http://stackoverflow.com/help/on-topic) in the Help Center. Perhaps [Super User](http://superuser.com/) or [Unix & Linux Stack Exchange](http://unix.stackexchange.com/) would be a better place to ask. – jww Jan 07 '18 at 12:34
  • True, but it helped me out as well... lol – Gwyneth Llewelyn Feb 26 '18 at 08:58

0 Answers0