DNS services no longer work due to missing files
deron.meranda at gmail.com
Thu Jul 22 08:33:57 UTC 2010
> .... The change that is
> needed is to change the "include" lines in /etc/named.conf, deleting the
> include "/etc/pki/dnssec-keys//named.dnssec.keys";
> include "/etc/pki/dnssec-keys//dlv/dlv.isc.org.conf";
> and inserting a single line:
> include "/etc/named.iscdlv.key";
That file does not seem to be available for Fedora 11.
So for the benefit of the F11 folks who got hit with this bug
but didn't likewise get a patch or fix, you have a couple options.
1. Disable dnssec in bind.
Edit the /etc/named.conf file and comment out (or change to "no") the
dnssec-enable option. Also comment out all the includes at the bottom
that try to load the top level keys (comment with two "//" to the end
of the line),
2. Use dnssec by manually install the keys.
Download the current official key from ISC. For information
(including useful instructions) see the web page
and then download the current official key, in named format,
if you're serious about security, you should validate the PGP
signature given on their web site.
Then also create the symlink (or copy the file) to its /etc location
so other programs (unbound) find it where expected,
ln -s /etc/pki/dnssec-keys/dlv.isc.org.named.conf /etc/named.iscdlv.key
(The reason you need to keep the key or a copy under /etc/pki/... is so
that it can be read if running named in a chroot environment)
Now edit the /etc/named.conf file and replace the include statements
at the bottom that reference /etc/pki, with just a single include
Your bind/named DNS server should once again be happy,
and using dnssec.
More information about the users