Re: ISC BIND 9.7.0b1 is now available

Is it serious? The file managed-keys.bind looks normal.

It's concerning. How many 5011-maintained zones are you running? Can I
see your managed-keys.bind file?

I would expect the result of this to be that keys are not properly updated
in managed-keys.bind until the problem with committing to the journal has
gone away. If it persists for more than one or two events, restart named.
If that doesn't fix it, delete managed-keys.bind.jnl and restart named
again.

I don't know how the journal's serial number would have gotten out of sync
like that. I'll have to look closer.

--
Evan Hunt -- each@xxxxxxx
Internet Systems Consortium, Inc.
.

Relevant Pages

  • Re: [fw-wiz] Allowing DNS servers to operate behind NetScreen 500
    ... If they do not, firewalls are going to ... Keys need to expire, be revoked, replaced, etc. in a real world crypto ... There are operational zones currently being signed. ... (operationally signing their zones.) ...
    (Firewall-Wizards)
  • BIND 9.7.2b1 is now available.
    ... BIND 9.7.2b1 is now available. ... The PGP signature of the binary kit for Windows XP and Window 2003 is at ... Zone configuration information for the new zones ... current managed keys combined with trusted keys. ...
    (comp.protocols.dns.bind)
  • Re: DNSSEC
    ... Or do you use the same keys for all zones? ... Some people may just decide not to bother signing reverse ... so you can do things like put SSHFP records on them. ...
    (comp.protocols.dns.bind)
  • Re: state terminology
    ... >the keys left inside. ... Yeah, comes closer. ... I also thought about cul-de-sac. ...
    (Linux-Kernel)
  • DNSSEC
    ... Do you just sign with one pair of keys for all zones? ... Gary L. Paveza, Jr. ... Beaver Valley Road Wilmington Delaware 19803 ...
    (comp.protocols.dns.bind)