starting up DNS on Redhat 7.1

Michael Kjorling michael at kjorling.com
Wed May 2 22:12:49 UTC 2001 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This is a FAQ. In short:

/etc/rndc.conf should contain:
   options {
     default-server localhost;
     default-key localkey;
   };
   server localhost { key localkey; };
   key localkey {
     algorithm hmac-md5;
     secret "xx";
   };
And /etc/named.conf:
   key "localkey" {
     algorithm hmac-md5;
     secret "xx";
   }
   controls {
     inet 127.0.0.1 allow { localhost; } keys { localkey; };
   };

"xx" (the secret) is taken from the .private file and must be exactly
the same in both places. This will allow you to use rndc locally, but
not remotely, provided that you generated the secret correctly.


Michael Kjörling


On Wed, 2 May 2001, David Nelson wrote:

> On a new installation of RH71, I have configured the bind settings
> through bindconf. After all the settings are in and the symlinks
> are placed in the appropriate spots in the initialization level
> directories and named is started using the command
> /etc/rc.d/init.d/named start the named daemon starts. But when I
> try to get a status of the server it returns rndc: connect:
> connection refused I have been looking at the man pages for
> rndc.conf to try and figure out what to do, and the man pages are
> not clear about how to get the keyfiles up and running.
>
> I ran dnssec-keygen to get the .key and .private files, but now I
> am stuck.. I ran the keygen program in root from the root dir. and
> the files are there. I looked inside the files and do not see the
> secret to place inside the rndc.conf file. How are these files
> used to get the rndc.conf file working.

- -- 
Michael Kjörling - michael at kjorling.com - PGP: 8A70E33E
"We must be the change we wish to see" (Mahatma Gandhi)

^..^     Support the wolves in Norway -- go to     ^..^
 \/   http://home.no.net/ulvelist/protest_int.htm   \/

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8

iQA/AwUBOvCGYyqje/2KcOM+EQJw4ACaAha73LBmFbHltvy/RlZBeMr72aEAoNXR
fuRLR8I4e/qFAEwnBsAGviv2
=nM6E
-----END PGP SIGNATURE-----

More information about the bind-users mailing list