HOWTO : Fix bind9 managed-keys-zone: Unable to fetch DNSKEY set '.'

kaiyel · 2022-11-10 17:45:18

I had a need for a local caching-only name server and installed my goto resolver
bind9 on a fresh Chimaera instance.

apt-get install -y bind9 bind9-utils

Out of the box I discovered an error logged to syslog and all lookups failed :

managed-keys-zone: Unable to fetch DNSKEY set '.': timed out

The default location for the "bind.keys" file is "/etc/bind.keys", but the package
locates that file as "/etc/bind/bind.keys". As such it was necessary to specify the
current file location by editing the "/etc/bind/named.conf.options" config :

vi /etc/bind/named.conf.options

such that :

dnssec-validation auto;
bindkeys-file "/etc/bind/bind.keys";

And, after saving, remove the (likely junked) cache file and journal :

rm /var/cache/bind/managed-keys.bind*

Restart bind and my caching server is now usable.

--K

The officially official Devuan Forum!

#1 2022-11-10 17:45:18

HOWTO : Fix bind9 managed-keys-zone: Unable to fetch DNSKEY set '.'

Board footer