Discussion:
managed-keys-error since BIND-9.16.15
Tom
2021-04-30 11:15:53 UTC
Permalink
Hi

After upgrading to BIND-9.16.15, I have the following error in named.log:

30-Apr-2021 12:41:29.194 general: error: managed-keys.bind.jnw: journal
file corrupt: expected serial 1823, got 1824
30-Apr-2021 12:41:29.194 general: error: managed-keys-zone:
dns_journal_compact failed: unexpected error

$ l /var/named/managed-keys.bind*
-rw-r--r--. 1 named named 821 30. Apr 12:41 /var/named/managed-keys.bind
-rw-r--r--. 1 named named 4.5K 30. Apr 12:41
/var/named/managed-keys.bind.jnl

Yesterday (after initially starting the latest version) the error
occured the first time on server1. Then I stopped named on server1,
removed both files (.bind and .bind.jnl), and startet named again.

Today, the same error appeared one time on server2, but named seems
working fine, also DNSSEC verification. With "named-journalprint" I'm
able to print to content of the managed-keys.bind.jnl.

Any hints about this error?

Thank you.
Kind regards,
Tom
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-***@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Mark Andrews
2021-05-01 06:52:01 UTC
Permalink
Named should automatically correct this error. The journal version was not updated when the transaction header was updated. This has been corrected and named detects the unexpected transaction header and writes out a corrected journal.
--
Mark Andrews
Hi
30-Apr-2021 12:41:29.194 general: error: managed-keys.bind.jnw: journal file corrupt: expected serial 1823, got 1824
30-Apr-2021 12:41:29.194 general: error: managed-keys-zone: dns_journal_compact failed: unexpected error
$ l /var/named/managed-keys.bind*
-rw-r--r--. 1 named named 821 30. Apr 12:41 /var/named/managed-keys.bind
-rw-r--r--. 1 named named 4.5K 30. Apr 12:41 /var/named/managed-keys.bind.jnl
Yesterday (after initially starting the latest version) the error occured the first time on server1. Then I stopped named on server1, removed both files (.bind and .bind.jnl), and startet named again.
Today, the same error appeared one time on server2, but named seems working fine, also DNSSEC verification. With "named-journalprint" I'm able to print to content of the managed-keys.bind.jnl.
Any hints about this error?
Thank you.
Kind regards,
Tom
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-***@lists.isc.org
http
Tom
2021-05-03 05:31:35 UTC
Permalink
I see the same error also on a couple of slave zones on a updated
authoritative server, not only on the "managed-keys.bind"-file. So this
is also not critical and can be ignored?

03-May-2021 00:20:28.532 general: error:
/var/named/slave/example.com.hosts.jnw: journal file corrupt: expected
serial 2021050100, got 2021050300
03-May-2021 00:20:28.532 general: error: zone example.com/IN:
dns_journal_compact failed: unexpected error

Thank you.
Kind regards,
Tom
Post by Mark Andrews
Named should automatically correct this error. The journal version was not updated when the transaction header was updated. This has been corrected and named detects the unexpected transaction header and writes out a corrected journal.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-***@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Mark Andrews
2021-05-03 05:52:32 UTC
Permalink
I suspect we missed a auto detection case. Can you open ticket on https://gitlab.isc.org. We will need to see the journal and
whatever else was logged at the same time.

That said "named-journalprint -u /var/named/slave/example.com.hosts.jnl" should fix the issue. Only run this when named
is stopped.
I see the same error also on a couple of slave zones on a updated authoritative server, not only on the "managed-keys.bind"-file. So this is also not critical and can be ignored?
03-May-2021 00:20:28.532 general: error: /var/named/slave/example.com.hosts.jnw: journal file corrupt: expected serial 2021050100, got 2021050300
03-May-2021 00:20:28.532 general: error: zone example.com/IN: dns_journal_compact failed: unexpected error
Thank you.
Kind regards,
Tom
Post by Mark Andrews
Named should automatically correct this error. The journal version was not updated when the transaction header was updated. This has been corrected and named detects the unexpected transaction header and writes out a corrected journal.
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ***@isc.org

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-***@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Loading...