FW: bind9 questions
James A Griffin
agriffin at cpcug.org
Thu Mar 1 16:35:28 UTC 2001
There are missing clause/phrases.
See below.
Regards,
Jim
Timothy.Moseley at hurlburt.af.mil wrote:
>
> Okay, now we are getting somewhere, if all I need to do is add a key
> statement to my named.conf file that is empty then I will give that a try,
> the manuals do not state that you can use a null value in the key statement.
> I do not have to worry about anybody on my network running rndc, that is
> what the OSI and FBI are for. I will try the null thing and let you know if
> it works.
>
> NOPE.
> So I guess w/out the key bind9 does not work.
>
> Then again this is the response I get now when I do the rndc reload command
>
> rndc reload
> rndc: connect: connection refused
>
> Here is my rndc.conf file as it appears now:
>
> key rndc_key {
> algorithm "hmac-md5";
> secret " ";
> };
I'm not sure it will make any difference, but you need the following in
rndc.conf.
server localhost {
key rndc_key;
};
>
> options {
> default-server localhost;
> default-key rndc_key;
> };
>
> Here is my named.conf as it appears now:
>
> / generated by named-bootconf.pl
>
> acl localhost {
> primary_internal_dns;
> };
> controls {
> inet localhost allow { 127.0.0.1; } keys { rndc_key; };
And I think you should include the 'algorithm "hmac-md5" and secret " "'
phrases as well.
> key rndc_key { };
>
> options {
> directory "/var/named";
> pid-file "/usr/local/etc/named.pid";
> auth-nxdomain yes;
> statistics-file "/var/named/stats";
> transfer-format many-answers;
> transfer-source primary_internal_dns;
> forward only;
> forwarders {
> internal firewall IP's;
> };
> allow-transfer { none; };
> };
>
> Anybody have a guess?
More information about the bind-users
mailing list