help needed w/rndc
Jim Reid
jim at rfc1035.com
Sat Feb 17 00:03:20 UTC 2001
>>>>> ">" == king <mrking01 at hotmail.com> writes:
>> I'm having a hard time understanding rndc (mostly what goes in
>> the "secret" string in named.conf and rndc.conf, and where to
>> put the key files after they're created). I've looked through
>> arm and manpages but I'm still stuck getting "rndc: decode
>> base64 secret: bad base64 encoding".
.... config file data snipped....
Thanks for showing the files as-is. This made it straightforward to
identify the problem. The base-64 key in rndc.conf is not the same as
the one in named.conf. The problem is that the rndc.conf key isn't a
valid base64-encoded string. [That's why rndc was complaining about
it.] The key is 77 bytes long and IIRC base-64 strings are always
padded to end on some multiple of 4 byte-boundary.
Your named.conf key is
"Q3FAMx77UIG6YeleBt9VDUCSa8rKZ459P7MYKOCxeQmlahCDlyvnmYgYfTSLXnB0
poaE+U/QzN1GcBzJziOgQQ=="
but the one in rndc.conf is:
"Q3FAMx77UIG6YeleBt9VDUCSa8rKZ459P7MYKOCxeQmlahCDlyvnmYgYfTSLXnB0
GcBzJziOgQQ=="
Maybe your mouse slipped and you didn't cut and paste the missing
"poaE+U/QzN1"?
More information about the bind-users
mailing list