Thanks Jeremy
Logging section from named.conf
logging {
channel "named-log" {
file "/usr/local/named-jail9.10.3P4/var/adm/named.log" versions
3 size 30m;
severity info;
print-time yes; print-category yes; print-severity yes;
};
channel "named-lame" {
file "/usr/local/named-jail9.10.3P4/var/adm/named.lame"
versions 3 size 30m;
severity info;
print-time yes; print-category yes; print-severity yes;
};
channel "named-querylog" {
file "/usr/local/named-jail9.10.3P4/var/adm/named.querylog"
versions 3 size 30m;
severity dynamic;
print-time yes; print-category yes; print-severity yes;
};
category "general" { "named-log"; };
category "security" { "named-log"; };
category "xfer-in" { "named-log"; };
category "xfer-out" { "named-log"; };
category "client" { "named-log"; };
category "update" { "named-log"; };
category "lame-servers" { "named-lame"; };
category "queries" { "named-querylog"; };
category edns-disabled { null; };
/* category "delegation-only" { "named-querylog"; }; */
};
And yes the directory "/usr/local/named-jail9.10.3P4/var/adm/" exists and the
files are there....owned by named:named.
I know it using rndc is a good practice but is there an option to specify in
named.conf to disable it?
-----Original Message-----
From: Jeremy C. Reed [mailto:jr...@isc.org]
Sent: Friday, April 08, 2016 9:37 AM
To: Bhangui, Sandeep - BLS CTR <bhangui.sand...@bls.gov>
Cc: Bind Users Mailing List <bind-users@lists.isc.org>
Subject: Re: Question about managed-keys-zone
On Fri, 8 Apr 2016, Bhangui, Sandeep - BLS CTR wrote:
> '--enable-newstats' '--with-libxml2' '--enable-fullreport' 'CFLAGS=-O2
Unrelated to your problem, but the --enable-newstats configure switch is not
used for BIND 9.10.
> 1. Cannot seem to start named and it seems that it is looking for some
> keys to validation locally.
(I reordered your email some:)
> Apr 7 15:15:32 cfdnsquar01 named[37952]: isc_stdio_open
> '/usr/local/named-jail9.10.3P4/var/adm/named.log' failed: file not
> found Apr 7 15:15:32 cfdnsquar01 named[37952]: configuring logging:
> file not found Apr 7 15:15:32 cfdnsquar01 named[37952]: loading
> configuration: file not found Apr 7 15:15:32 cfdnsquar01
> named[37952]: exiting (due to fatal error)
Your named cannot start due to logging configuration. You didn't share your
configuration elated to it, but does the directory
/usr/local/named-jail9.10.3P4/var/adm/ exist?
> I believe managed-key-zone validation is by default enabled in
> Bind......is there an option that I can use in named.conf file to
> disable that so that it does not look for the key......I guess this is
> just a self-validation on the master itself and has nothing to do with
> DNSSEC signing as it seems I am not even able to get the named up...
Yes, it is unrelated.
> I guess question is do I have an option that I can specify such that
> it will not look for self-validation keys at all so that I do not have
> to deal with rndc.key and rndc.conf or is this something I cannot get
> by with when I use "views" ? Or am I not understanding this properly?
The rndc keys (used for connecting to the control interface) are unrelated to
the keys used with DNSSEC. But for operations it is a good idea. See the ARM
and/or rndc-confgen manpage about generating the rndc configuration.
Let's get your named startup working first before we work on your goal.
(If I understand correctly, you want named to serve internally unsigned zones,
an external appliance will sign the zones, and then named can then serve the
signed zones publicly.)
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
