I am running bind9 in a centos vps and started implementing dnssec so I have signed zonefiles for my domains but the following output shows up in the logfiles every hour
named[12181]: managed-keys-zone ./IN: No DNSKEY RRSIGs found for '.': success
named[12181]: managed-keys-zone ./IN: No DNSKEY RRSIGs found for 'dlv.isc.org': success
My named.conf file with the relevant information. I disabled dnssec-validation because bind throws tons of errors:
dnssec-enable yes;
dnssec-validation no;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
My question is what do these messages mean and is there anything that i can do so it doesn't show up in the logfiles? Google wasn't of much help tho.
My domains like example.com and sub.example.com are properly signed and have signatures in keys inside the zonefile so what do I do with the root zones?
Solved: It turns out my dns forwarders were filtering dnssec queries. In addition the vps had a wrong timezone setting. As soon as I corrected the timezone setting and changed my dns forwarders to server that support dnssec everything went flawlessly.