rndc: connect: connection refused

Michael Kjorling michael at kjorling.com
Thu Jun 28 16:51:22 UTC 2001 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Jun 28 2001 09:41 -0400, Leo wrote:

> When I tried to run the rndc utility, I can't because the connection is
> refused. I'm the root, No logs. and named is not running.
> # /usr/sbin/rndc reload
> rndc: connect: connection refused

How do you imagine a program should be there to answer a reload
request if it's not running? You need to start named first. Try
`/usr/local/sbin/named -u named &' at the prompt. (Provided that you
have a user `named', which most distributions have as standard. I know
Red Hat 6.2 does at least.

But your configuration doesn't look quite right either, so we'll go
on...


> I already read
> http://www.ipsec.nu/dns/bind9/Bv9ARM.html and download a Bind 9 Manual. I
> tried everything that I found and nothing happen.
>
> I created the key using
>  /usr/sbin/dnssec-keygen -a hmac-md5 -b 128 -n USER rndc_key
>
> I'm new with linux and I need to setup a web server for multiples virtual
> domain with and without IPs

How you are going to set up a domain without an IP goes beyond my
comprehension, but OK. :-)


> Any help I really appreciate it.
> Thanks in advance
>
> Leo
>
>
> These are my rndc.con and named.conf
>
> rndc.conf
> ################################################
> options {
>         default-server  localhost;
>         default-key     rndc_key;
> };
>
> server localhost {
>         key     rndc_key;
> };
>
> key rndc_key {
>         algorithm       "hmac-md5";
>         secret  "xxxxxxxxxxxxxxxxxxxxx==";
> };

Looks OK, provided that the x'es are the actual key material
dnssec-keygen gave you. (Actually, any valid base64-encoded string
will do.) You may want to try to enclose the rndc_key's in quotation
marks, like this:

	options { ... default-key "rndc_key"; };
	server localhost { key "rndc_key"; };


> named.conf
> #################################################

I'm snipping it for clarity.


> key rndc_key {
>         algorithm       "hmac-md5";
>         secret  "xxxxxxxxxxxxxxxxxxxxxxxx==";
> };

The key name and secret must be exactly the same as specified in
rndc.conf.


> server 206.yyy.yyy.yyy{
>     keys { rndc_key; }'
> };

Why? This doesn't seem neccessary at least, and it could break things
if you're unlucky.

> controls {
>         inet    127.0.0.1       allow {localhost; 206.yyy.yyy.yyy}     keys
> { rn
> };

Naughty word wrapping here, but I assume that the text is what your
named.conf contains. If so, here is your problem: first of all, on the
127.0.0.1 interface, you only need to list localhost. And the key name
specified under keys{} *MUST* be exactly what you use in rndc.conf's
and named.conf's key{} statements. Otherwise nothing will work.

Also, add a closing bracket for the controls{} statement. That should
do it.


Michael Kjörling

- -- 
Michael Kjörling - michael at kjorling.com - PGP: 8A70E33E
"We must be the change we wish to see" (Mahatma Gandhi)

^..^     Support the wolves in Norway -- go to     ^..^
 \/   http://home.no.net/ulvelist/protest_int.htm   \/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE7O2CTKqN7/Ypw4z4RAupAAJwIbXfmrB2mZjKwEbNhbE42PqHLOwCdFPZO
KAdH0GwGmClWwjY9qjQaU5A=
=7YN1
-----END PGP SIGNATURE-----

More information about the bind-users mailing list