rndc: connect: connection refused
Michael Kjorling
michael at kjorling.com
Thu Jun 28 16:51:22 UTC 2001
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Jun 28 2001 09:41 -0400, Leo wrote:
> When I tried to run the rndc utility, I can't because the connection is
> refused. I'm the root, No logs. and named is not running.
> # /usr/sbin/rndc reload
> rndc: connect: connection refused
How do you imagine a program should be there to answer a reload
request if it's not running? You need to start named first. Try
`/usr/local/sbin/named -u named &' at the prompt. (Provided that you
have a user `named', which most distributions have as standard. I know
Red Hat 6.2 does at least.
But your configuration doesn't look quite right either, so we'll go
on...
> I already read
> http://www.ipsec.nu/dns/bind9/Bv9ARM.html and download a Bind 9 Manual. I
> tried everything that I found and nothing happen.
>
> I created the key using
> /usr/sbin/dnssec-keygen -a hmac-md5 -b 128 -n USER rndc_key
>
> I'm new with linux and I need to setup a web server for multiples virtual
> domain with and without IPs
How you are going to set up a domain without an IP goes beyond my
comprehension, but OK. :-)
> Any help I really appreciate it.
> Thanks in advance
>
> Leo
>
>
> These are my rndc.con and named.conf
>
> rndc.conf
> ################################################
> options {
> default-server localhost;
> default-key rndc_key;
> };
>
> server localhost {
> key rndc_key;
> };
>
> key rndc_key {
> algorithm "hmac-md5";
> secret "xxxxxxxxxxxxxxxxxxxxx==";
> };
Looks OK, provided that the x'es are the actual key material
dnssec-keygen gave you. (Actually, any valid base64-encoded string
will do.) You may want to try to enclose the rndc_key's in quotation
marks, like this:
options { ... default-key "rndc_key"; };
server localhost { key "rndc_key"; };
> named.conf
> #################################################
I'm snipping it for clarity.
> key rndc_key {
> algorithm "hmac-md5";
> secret "xxxxxxxxxxxxxxxxxxxxxxxx==";
> };
The key name and secret must be exactly the same as specified in
rndc.conf.
> server 206.yyy.yyy.yyy{
> keys { rndc_key; }'
> };
Why? This doesn't seem neccessary at least, and it could break things
if you're unlucky.
> controls {
> inet 127.0.0.1 allow {localhost; 206.yyy.yyy.yyy} keys
> { rn
> };
Naughty word wrapping here, but I assume that the text is what your
named.conf contains. If so, here is your problem: first of all, on the
127.0.0.1 interface, you only need to list localhost. And the key name
specified under keys{} *MUST* be exactly what you use in rndc.conf's
and named.conf's key{} statements. Otherwise nothing will work.
Also, add a closing bracket for the controls{} statement. That should
do it.
Michael Kjörling
- --
Michael Kjörling - michael at kjorling.com - PGP: 8A70E33E
"We must be the change we wish to see" (Mahatma Gandhi)
^..^ Support the wolves in Norway -- go to ^..^
\/ http://home.no.net/ulvelist/protest_int.htm \/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE7O2CTKqN7/Ypw4z4RAupAAJwIbXfmrB2mZjKwEbNhbE42PqHLOwCdFPZO
KAdH0GwGmClWwjY9qjQaU5A=
=7YN1
-----END PGP SIGNATURE-----
More information about the bind-users
mailing list