rndc TSIG problem in 9.1.3
Cricket Liu
cricket at menandmice.com
Wed Oct 10 19:26:18 UTC 2001
> We have two nameservers (name1 - 10.1.1.1, name2 - 10.1.1.2), one primary
> (name1) and the other secondary (name2), that are both running BIND 9.1.3.
> Following the BIND book, I set up the rndc.conf and rndc.keys files on
name1
> and name2 so that rndc can be used from name1 to manage name2 (e.g.
rndc -s
> name2 reload). However, I get the following errors when trying to run
rndc
> from name1:
>
> /etc> rndc -s name2 reload
> rndc: operation failed: verify failure (failed to verify signature)
> rndc: reload command failure: verify failure
>
> /etc> rndc -y name2-key -s name2 reload
> rndc: send remote authenticator: permission denied
You're telling rndc to use the key name2-key (either explicitly, with -y, or
using rndc.conf's server statement), but the named.conf file on name2
says:
> +----------------------- Portion of named.conf on name2 (secondary)
> -------------------------+
> controls {
> inet * allow { any; } keys { "rndc-key"; };
> };
That is, allow the key named rndc-key. The key names don't match.
cricket
Men & Mice
DNS Software & Services
www.menandmice.com
More information about the bind-users
mailing list