Page 1 of 1

[SOLVED] BIND Unable to fetch DNSKEY set '.': timed out

Posted: 2020/06/09 09:59:47
by Al_Stu
Getting log messages like this. Especially at named start up.

Code: Select all

09-Jun-2020 02:14:22.296 general: warning: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out
The system does not have IPv6 Internet service. Removing (commenting out) the roots hint file AAAA entries solved the problem.
(/var/named/named.ca)

The more proper way though is to run named with the IPv4 only mode option flag (-4).
viewtopic.php?f=50&t=74591&sid=fd22655d ... a87916a4a5

BIND still worked. Though it occasionally had some resolver priming query troubles. As well as taking considerable time to be trusted.

A log message like this is what to expect.

Code: Select all

09-Jun-2020 02:15:50.015 general: info: managed-keys-zone: Key 20326 for zone . acceptance timer complete: key now trusted