Discussion:
unknown option 'trust-anchors'
(too old to reply)
@lbutlr
2020-07-05 13:51:29 UTC
Permalink
In named.conf I have
dnssec-enable yes;
dnssec-validation auto;

# rndc managed-keys status
view: _default
next scheduled event: Sun, 05 Jul 2020 20:43:00 GMT

name: .
keyid: 20326
algorithm: RSASHA256
flags: SEP
next refresh: Sun, 05 Jul 2020 20:43:00 GMT
trusted since: Mon, 21 Jan 2019 14:53:55 GMT
mail # rndc reload
rndc: 'reload' failed: failure
mail # tail /var/log/messages
Jul 5 07:41:24 mail.covisp.net named[53940] /usr/local/etc/namedb/bind.keys:29: unknown option 'trust-anchors'
Jul 5 07:41:24 mail.covisp.net named[53940] reloading configuration failed: failure

Bind is currently running just fine and has been since 8 June.

The bind.keys file has:

# See https://data.iana.org/root-anchors/root-anchors.xml for current trust
# anchor information for the root zone.

But that URL does not load and gives an XML error.
--
-=> <http://xkcd.com/241/>
<http://xkcd.com/304/>
<http://xkcd.com/635/> <=-
@lbutlr
2020-07-05 22:36:11 UTC
Permalink
Post by @lbutlr
mail # rndc reload
rndc: 'reload' failed: failure
mail # tail /var/log/messages
Jul 5 07:41:24 mail.covisp.net named[53940] /usr/local/etc/namedb/bind.keys:29: unknown option 'trust-anchors'
Jul 5 07:41:24 mail.covisp.net named[53940] reloading configuration failed: failur
When checking on things I see that despite INSTALLING bind 9.16 I neglected to restart bind at the time, so the running version is still 9.14.11. Could this be the cause of this issue? I am loathe to stop and restart named in case this is NOT the issue and I then end up with a non-functioning primary DNS.
--
'The only reason we're still alive now is that we're more fun alive
than dead,' said Granny's voice behind her. --Lords and Ladies
Mark Andrews
2020-07-05 23:27:25 UTC
Permalink
Yes, that is the issue.
Post by @lbutlr
Post by @lbutlr
mail # rndc reload
rndc: 'reload' failed: failure
mail # tail /var/log/messages
Jul 5 07:41:24 mail.covisp.net named[53940] /usr/local/etc/namedb/bind.keys:29: unknown option 'trust-anchors'
Jul 5 07:41:24 mail.covisp.net named[53940] reloading configuration failed: failur
When checking on things I see that despite INSTALLING bind 9.16 I neglected to restart bind at the time, so the running version is still 9.14.11. Could this be the cause of this issue? I am loathe to stop and restart named in case this is NOT the issue and I then end up with a non-functioning primary DNS.
--
'The only reason we're still alive now is that we're more fun alive
than dead,' said Granny's voice behind her. --Lords and Ladies
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ***@isc.org
Continue reading on narkive:
Loading...