rndc.conf, rndc.key, and chroot

Mark_Andrews at isc.org Mark_Andrews at isc.org
Mon Jan 7 22:16:45 UTC 2002


> 
> I've got a bind 9.2 server running in a chroot but I'm having issues with
> the rndc command.  I can successfully shut down the server, get status,
> etc., but when I try and reload the server, I get the following:
> 
> Jan  7 16:39:32 dns1 named[25280]: [ID 866145 daemon.error]
> /etc/named.conf:15: open: /etc/rndc.key: permission denied
> Jan  7 16:39:32 dns1 named[25280]: [ID 866145 daemon.error] reloading
> configuration failed: permission denied

	What user is named running as?  Who owns /etc/rndc.key?

	Remember if you are running as root on a Linux based OS
	named drops root's ability to override file permissions.

	Mark

> 
> I initially had the key "rndc-key" statement in my /etc/named.conf, so I put
> a chmod 640 on the file so it wasn't world readable.  I got the above error
> so I put the key statement in a rndc.key file and included that in the
> /etc/named.conf and then made the rndc.key file chmod 640, but the same
> thing happens.
> 
> Does anyone have the correct way of permissioning these files in a chroot
> environment so the rndc works?
> 
> Thanks
> 
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at isc.org


More information about the bind-users mailing list