• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

dns bind faild"managed-keys-zone ./IN: loading from master file managed-keys.bind fai

M

majid alavizadeh

Guest
Hi

I use plesk 9.5.3 and dns fail every few minutes:

managed-keys-zone ./IN: loading from master file managed-keys.bind failed: file not found


Please help me its urgent for me
 
Just create empty this file. The file "managed-keys.bind" is used for managing keys in DNSSEC. By default, BIND is looking for it. Even though you might not be using this feature, creating the file in empty will make the error message go away.
 
The same

where do I create it?
Does it goes together with:
"zone 0.0.127.in-addr.arpa/IN: not loaded due to errors." and
"zone 0.0.127.in-addr.arpa/IN: NS 'myserver.de.0.0.127.in-addr.arpa' has no address records (A or AAAA)"?
 
Just create empty this file. The file "managed-keys.bind" is used for managing keys in DNSSEC. By default, BIND is looking for it. Even though you might not be using this feature, creating the file in empty will make the error message go away.

This tip ist very fat ****!

The missing file exists in /etc/bind/ and is named bind.keys

In standard- /etc/bind/named.conf ist a config-error .

Originally it looks
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";

there fails an entry

include "/etc/bind/bind.keys";

Edit /etc/bind/named.conf to

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
include "/etc/bind/bind.keys";

save the file and restart bind.

Thats all!

Not using this feature is a security risk, workers of Parallels should know and give better infos!
 
Last edited by a moderator:
'christiant123' your tip is a BULL **** ... RTFM ... before post.

# The bind.keys file is used to override built-in DNSSEC trust anchors
# which are included as part of BIND 9. As of the current release (BIND
# 9.7), the only trust anchor it sets is the one for the ISC DNSSEC
# Lookaside Validation zone ("dlv.isc.org"). Trust anchors for any other
# zones MUST be configured elsewhere; if they are configured here, they
# will not be recognized or used by named.
#
# This file also contains a copy of the trust anchor for the DNS root zone
# ("."). However, named does not use it; it is provided here for
# informational purposes only. To switch on DNSSEC validation at the
# root, the root key below can be copied into named.conf.
#
# The built-in DLV trust anchor in this file is used directly by named.
# However, it is not activated unless specifically switched on. To use
# the DLV key, set "dnssec-lookaside auto;" in the named.conf options.
# Without this option being set, the key in this file is ignored.
#
# This file is NOT expected to be user-configured.

This is a part of comments found in the "bind.keys" file.

This is not a problem if you are not using DNSSEC 'majid alavizadeh' and your BIND9 is working properly.
BUT if you don't want to see this error in your logs again then here is the solution.

Look in "named.conf.options" and check the option "directory" (default is "/var/cache/bind") which is the path of the working directory, go there and create an empty file "managed-keys.bind" with write and read permissions on the BIND9's user (default is "bind").

OR

Add this in the "named.conf.options" file:

options {
managed-keys-directory "/etc/bind";
};

and create an empty file "managed-keys.bind" in the "/etc/bind" folder.

That's all folks!!! Cheers!!!
 
Last edited by a moderator:
well, I tried both solutions (christiant123 & AgamemnonS)


from AgamemnonS:

the file '/var/cache/bind/managed-keys.bind' already existed there, with the right ownership

I then tried your second solution, with the option managed-keys-directory "/etc/bind"; in named.conf.options and by creating an empty "managed-keys.bind" file in /etc/bind with bind as owner of the file, but after that, I couldn't start my bind server anymore.

==> ../bind/bind.log <==
01-Dec-2011 20:35:12.294 general: error: journal.c:171: unexpected error:
01-Dec-2011 20:35:12.294 general: error: missing SOA


from christiant123

I then tried that solution and added include "/etc/bind/bind.keys"; in named.conf.
Same error on restart.

I then changed the ownership of the 'bind.keys' file, who had root ownership, to bind and it worked.


I'm no expert with bind, as I only use it to play on my small home lan network, so I can't say why it wasn't working with the first solution, but anyway, thanks for giving me a solution to this problem.

I'll RTFM for sure one day :p
 
Finally which solution is correct?
I have same problem with my plesk 9.5.4 version.
but I don't have "/etc/bind" path in my server. I see "dns/etc/named.conf" !!!

Thanks,
 
The fix for me was to delete the managed-keys files in /var/cache/bind
I had already put bind.keys in this folder and added to my main named.conf
Also I put
dnssec-lookaside auto;
in the named.conf.options

My first times with bind so don't really know 100% what any of this does yet! lol Planning on writing my own dynamic DNS type solution eventually for a sub domain
 
Back
Top