rndc
Kevin Darcy
kcd at daimlerchrysler.com
Wed Jul 17 15:15:24 UTC 2002
Okay, so apparently it didn't bind that port when it started. What do
your logs say?
- Kevin
"Georgeson, Evan [NCSUS Non J&J]" wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Here's what's on my box...no 953
>
> UDP: IPv4
> Local Address Remote Address State
> - -------------------- -------------------- -------
> *.42 Idle
> *.514 Idle
> 148.177.2.1.53 Idle
> 10.28.8.1.53 Idle
> *.33951 Idle
> *.* Unbound
>
> UDP: IPv6
> Local Address Remote Address
> State If
> - --------------------------------- ---------------------------------
> - ---------- -----
> *.33951
> Idle
>
> TCP: IPv4
> Local Address Remote Address Swind Send-Q Rwind Recv-Q
> State
> - -------------------- -------------------- ----- ------ ----- ------
> - -------
> *.* *.* 0 0 24576 0
> IDLE
> *.21 *.* 0 0 24576 0
> LISTEN
> *.23 *.* 0 0 24576 0
> LISTEN
> *.22 *.* 0 0 24576 0
> LISTEN
> 148.177.2.1.53 *.* 0 0 24576 0
> LISTEN
> 10.28.8.1.53 *.* 0 0 24576 0
> LISTEN
> 10.28.8.1.23 10.28.9.254.60840 16279 0 24840 0
> ESTABLISHED
> 10.28.8.1.23 10.28.9.254.61012 16443 1 24840 0
> ESTABLISHED
> *.* *.* 0 0 24576 0
> IDLE
>
> TCP: IPv6
> Local Address Remote Address
> Swind Send-Q Rwind Recv-Q State If
> - --------------------------------- ---------------------------------
> - ----- ------ ----- ------ ----------- -----
> *.* *.*
> 0 0 24576 0 IDLE
> *.21 *.*
> 0 0 24576 0 LISTEN
> *.23 *.*
> 0 0 24576 0 LISTEN
>
> - -----Original Message-----
> From: Kevin Darcy [mailto:kcd at daimlerchrysler.com]
> Sent: Wednesday, July 17, 2002 10:57 AM
> To: BIND Users (bind-users at isc.org)
> Subject: Re: rndc
>
> "Georgeson, Evan [NCSUS Non J&J]" wrote:
>
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Okay, this will probably draw some critcism but here goes....I'm
> > trying to get rndc to work on 9.1.3. From what I can gather from
> > DNS/BIND, as a minimum I need info in both my named.conf and a file
> > called rndc.conf. Here's what I've tried to do. Please feel free
> > to comment on areas where I should fix because I keep getting
> > "connection refused" errors when running rndc.
> >
> > * Create a key pair # dnssec-keygen -a hmac-md5 -b 512 -n
> > host rndc.key
> > * Rename the generated key/private files created by
> > dnssec-keygen to "rndc.key" and "rndc.private". I also relocated
> > these files to /etc. * Modified my named.conf with the
> > following:
> > include "/etc/rndc.key";
> > };
> > controls {
> > inet * allow {any;} keys {"rndc.key";};
> > };
> >
> > key "rndc.key" {
> > algorithm hmac-md5;
> > secret
> > "yS5NyCsVKZGc/G/8D5p0dtVyZnbbugZbxnOTHr1aXt1GH6Kk8A17dVe9
> > svk9HFyE81oKjJrKboyilekmVYfznA==";
> > };
> > * Created /etc/rndc.conf and added the following:
> > options {
> > default-server localhost;
> > default-key "rndc.key";
> > };
> >
> > key "rndc.key" {
> > algorithm hmac-md5;
> > secret
> > "yS5NyCsVKZGc/G/8D5p0dtVyZnbbugZbxnOTHr1aXt1GH6Kk8A17dVe9
> > svk9HFyE81oKjJrKboyilekmVYfznA==";
> > };
> >
> > The contents of my rndc.key is this:
> >
> > rndc.key. IN KEY 512 3 157
> > yS5NyCsVKZGc/G/8D5p0dtVyZnbbugZbxnOTHr1aXt1GH6Kk8A17dVe9
> > svk9HFyE81oKjJrKboyilekmVYfznA==
> >
> > What am I doing wrong? It seems basic that I should want to be able
> > to run rndc just like ndc. This is a caching server and requires
> > no zone signing nor do I require encryption of any sort. I just
> > want to be able to run cache dumps and stats and all the fun
> > little things like that. Thank you in advance for any constructive
> > criticism you can provide.
>
> Do you seen anything listening on port 953?
>
> Are there any relevant error messages in your logs?
>
> - - Kevin
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 7.1
>
> iQA/AwUBPTWHf2cmEMqSL6AwEQJv3wCg+Q66T+INPUnbYO1v5ZP0/R0pn6gAn1/C
> nGG/YDn7bJn6ZL0qFm76CcIR
> =EAd2
> -----END PGP SIGNATURE-----
More information about the bind-users
mailing list