Apple Event: May 7th at 7 am PT

Learn more

Add to your calendar 

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: tArre
tArre Author
User level: Level 1
85 points

managed-keys-zone ./IN/com.apple.ServerAdmin.DNS.public: loading from master file XXXXXXXX.mkeys failed: file not found

Hi all!


Just for archive purpouses, because i think i've just solved that!

This is a solution to that, with a final question for gurus and partners.


i've watch that error on /Library/Logs/named.log:

managed-keys-zone ./IN/com.apple.ServerAdmin.DNS.public: loading from master file XXXXXXXX.mkeys failed: file not found


i'm worry about this error beacuse it seems to be related to DNSSEC keys failed to be loaded for the root "." dns servers.


if i can't trust root servers... how can i trust any other dns queries?! =)


in my /etc/named.conf I only see this line related to keys:

include "/etc/rndc.key";


in other *nix distributions i used to see also this line:

include "/etc/bind.key";


So i look for this file and found it in /etc/bind.keys


Following instructions in /etc/bind.keys header, i've added the "manages-keys" at the end of my named.conf


# /etc/bind.keys

# (...)

# This file also contains a copy of the trust anchor for the DNS root zone

# ("."). However, named does not use it; it is provided here for

# informational purposes only. To switch on DNSSEC validation at the

# root, the root key below can be copied into named.conf.

(...)


After restart the DNS service the named.log show me that:


29-Sep-2011 13:16:16.900 managed-keys-zone ./IN/com.apple.ServerAdmin.DNS.public: loading from master file 7f737fd4dc4fec34dd276a5842ba8a5370c4a8ddba94a5002e26b5e8d7122d44.mkeys failed: file not found

29-Sep-2011 13:16:16.904 running

29-Sep-2011 13:16:20.964 managed-keys-zone ./IN/com.apple.ServerAdmin.DNS.public: No DNSKEY RRSIGs found for '.': success

29-Sep-2011 13:16:20.968 managed-keys-zone ./IN/com.apple.ServerAdmin.DNS.public: No DNSKEY RRSIGs found for 'dlv.isc.org': success


i love success =) but unfortunatelly, the "missing file" error keeps there...


i continue reading /etc/bind.keys header, and i see:

# The built-in DLV trust anchor in this file is used directly by named.

# However, it is not activated unless specifically switched on. To use

# the DLV key, set "dnssec-lookaside auto;" in the named.conf options.

# Without this option being set, the key in this file is ignored.


... so i added at the "options {}" section of my named.conf the following:

dnssec-lookaside auto;


I restarted the service, and:

29-Sep-2011 13:23:10.162 running


great! =)

hope that helps!



And finally here comes my question, is that properly done?, and is bind/named getting automaticly the right keys, and performing the checks?

thanks!


t

Xserve, Mac OS X (10.7.1)

Posted on Sep 29, 2011 4:30 AM

Reply
1 reply

managed-keys-zone ./IN/com.apple.ServerAdmin.DNS.public: loading from master file XXXXXXXX.mkeys failed: file not found

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up