rndc

Georgeson, Evan [NCSUS Non J&J] EGeorges at NCSUS.JNJ.COM
Wed Jul 17 15:02:49 UTC 2002


 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Here's what's on my box...no 953

UDP: IPv4
   Local Address         Remote Address     State
- -------------------- -------------------- -------
      *.42                                  Idle
      *.514                                 Idle
148.177.2.1.53                              Idle
10.28.8.1.53                                Idle
      *.33951                               Idle
      *.*                                   Unbound

UDP: IPv6
   Local Address                     Remote Address                  
State      If  
- --------------------------------- ---------------------------------
- ---------- -----
      *.33951                                                      
Idle      

TCP: IPv4
   Local Address        Remote Address    Swind Send-Q Rwind Recv-Q 
State
- -------------------- -------------------- ----- ------ ----- ------
- -------
      *.*                  *.*                0      0 24576      0
IDLE
      *.21                 *.*                0      0 24576      0
LISTEN
      *.23                 *.*                0      0 24576      0
LISTEN
      *.22                 *.*                0      0 24576      0
LISTEN
148.177.2.1.53             *.*                0      0 24576      0
LISTEN
10.28.8.1.53               *.*                0      0 24576      0
LISTEN
10.28.8.1.23         10.28.9.254.60840    16279      0 24840      0
ESTABLISHED
10.28.8.1.23         10.28.9.254.61012    16443      1 24840      0
ESTABLISHED
      *.*                  *.*                0      0 24576      0
IDLE

TCP: IPv6
   Local Address                     Remote Address                
Swind Send-Q Rwind Recv-Q   State      If 
- --------------------------------- ---------------------------------
- ----- ------ ----- ------ ----------- -----
      *.*                               *.*                          
  0      0 24576      0 IDLE             
      *.21                              *.*                          
  0      0 24576      0 LISTEN           
      *.23                              *.*                          
  0      0 24576      0 LISTEN          

- -----Original Message-----
From: Kevin Darcy [mailto:kcd at daimlerchrysler.com] 
Sent: Wednesday, July 17, 2002 10:57 AM
To: BIND Users (bind-users at isc.org)
Subject: Re: rndc



"Georgeson, Evan [NCSUS Non J&J]" wrote:

>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Okay, this will probably draw some critcism but here goes....I'm 
> trying to get rndc to work on 9.1.3. From what I can gather from 
> DNS/BIND, as a minimum I need info in both my named.conf and a file
>  called rndc.conf. Here's what I've tried to do. Please feel free
> to  comment on areas where I should fix because I keep getting
> "connection  refused" errors when running rndc.
>
> *       Create a key pair # dnssec-keygen -a hmac-md5 -b 512 -n
> host rndc.key
> *       Rename the generated key/private files created by
> dnssec-keygen to "rndc.key" and "rndc.private". I also relocated
> these files to /etc. *       Modified my named.conf with the
> following:
> include "/etc/rndc.key";
>         };
> controls {
>         inet * allow {any;} keys {"rndc.key";};
> };
>
> key "rndc.key" {
>         algorithm hmac-md5;
>         secret 
> "yS5NyCsVKZGc/G/8D5p0dtVyZnbbugZbxnOTHr1aXt1GH6Kk8A17dVe9
> svk9HFyE81oKjJrKboyilekmVYfznA==";
> };
> *       Created /etc/rndc.conf and added the following:
> options {
>         default-server localhost;
>         default-key "rndc.key";
> };
>
> key "rndc.key" {
>         algorithm hmac-md5;
>         secret 
> "yS5NyCsVKZGc/G/8D5p0dtVyZnbbugZbxnOTHr1aXt1GH6Kk8A17dVe9
> svk9HFyE81oKjJrKboyilekmVYfznA==";
> };
>
> The contents of my rndc.key is this:
>
> rndc.key. IN KEY 512 3 157 
> yS5NyCsVKZGc/G/8D5p0dtVyZnbbugZbxnOTHr1aXt1GH6Kk8A17dVe9
> svk9HFyE81oKjJrKboyilekmVYfznA==
>
> What am I doing wrong? It seems basic that I should want to be able
> to  run rndc just like ndc. This is a caching server and requires
> no zone  signing nor do I require encryption of any sort. I just
> want to be  able to run cache dumps and stats and all the fun
> little things like  that. Thank you in advance for any constructive
> criticism you can  provide.

Do you seen anything listening on port 953?

Are there any relevant error messages in your logs?


- - Kevin



-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1

iQA/AwUBPTWHf2cmEMqSL6AwEQJv3wCg+Q66T+INPUnbYO1v5ZP0/R0pn6gAn1/C
nGG/YDn7bJn6ZL0qFm76CcIR
=EAd2
-----END PGP SIGNATURE-----




More information about the bind-users mailing list