(10-26-2018, 05:34 AM)james30263 Wrote: Worked perfect! Thanks, I was editing the wrong bind config file. Now all errors are gone.
Now I only have warnings. I will google this when I have time to see what I can figure out. I would bet it has something to do with me changing IP's on the server.
Code:21-Oct-2018 03:27:01.992 security: warning: using built-in DLV key for view _default
21-Oct-2018 04:03:19.561 general: warning: managed-keys-zone: Unable to fetch DNSKEY set 'dlv.isc.org': SERVFAIL
21-Oct-2018 05:03:21.977 general: warning: managed-keys-zone: Unable to fetch DNSKEY set 'dlv.isc.org': SERVFAIL
21-Oct-2018 11:03:29.614 general: warning: managed-keys-zone: Unable to fetch DNSKEY set 'dlv.isc.org': SERVFAIL
21-Oct-2018 17:03:42.632 general: warning: managed-keys-zone: Unable to fetch DNSKEY set 'dlv.isc.org': SERVFAIL
23-Oct-2018 03:04:10.389 general: warning: managed-keys-zone: Unable to fetch DNSKEY set 'dlv.isc.org': SERVFAIL
23-Oct-2018 05:04:15.579 general: warning: managed-keys-zone: Unable to fetch DNSKEY set 'dlv.isc.org': SERVFAIL
24-Oct-2018 22:05:02.886 general: warning: managed-keys-zone: Unable to fetch DNSKEY set 'dlv.isc.org': SERVFAIL
25-Oct-2018 05:05:08.553 general: warning: managed-keys-zone: Unable to fetch DNSKEY set 'dlv.isc.org': SERVFAIL
25-Oct-2018 06:05:11.034 general: warning: managed-keys-zone: Unable to fetch DNSKEY set 'dlv.isc.org': SERVFAIL
I am only guessing here but you may have a domain set up with DNSSEC that doesn't have the required keys registered at the registry, or you may need to update another of the config settings in your config file to update an outdated URL? Like I said, I am only guessing and I do not currently implement DNSSEC but if you find out any more about this can you post an update here for future reference?
Thanks, Keith.
EDIT: There's a reference in the named.conf file to this file:
Code:
/etc/named.iscdlv.key
If you look in there, that URL (dlv.isc.org) is referenced along with this warning:
Code:
NOTE: The ISC DLV zone is being phased out as of February 2017
so I guess it's something that needs updating or disabling.
I'll let you investigate this one and report back!
Keith