rndc

Kevin Darcy kcd at daimlerchrysler.com
Wed Jul 17 15:15:24 UTC 2002


Okay, so apparently it didn't bind that port when it started. What do
your logs say?


- Kevin

"Georgeson, Evan [NCSUS Non J&J]" wrote:

>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Here's what's on my box...no 953
>
> UDP: IPv4
>    Local Address         Remote Address     State
> - -------------------- -------------------- -------
>       *.42                                  Idle
>       *.514                                 Idle
> 148.177.2.1.53                              Idle
> 10.28.8.1.53                                Idle
>       *.33951                               Idle
>       *.*                                   Unbound
>
> UDP: IPv6
>    Local Address                     Remote Address
> State      If
> - --------------------------------- ---------------------------------
> - ---------- -----
>       *.33951
> Idle
>
> TCP: IPv4
>    Local Address        Remote Address    Swind Send-Q Rwind Recv-Q
> State
> - -------------------- -------------------- ----- ------ ----- ------
> - -------
>       *.*                  *.*                0      0 24576      0
> IDLE
>       *.21                 *.*                0      0 24576      0
> LISTEN
>       *.23                 *.*                0      0 24576      0
> LISTEN
>       *.22                 *.*                0      0 24576      0
> LISTEN
> 148.177.2.1.53             *.*                0      0 24576      0
> LISTEN
> 10.28.8.1.53               *.*                0      0 24576      0
> LISTEN
> 10.28.8.1.23         10.28.9.254.60840    16279      0 24840      0
> ESTABLISHED
> 10.28.8.1.23         10.28.9.254.61012    16443      1 24840      0
> ESTABLISHED
>       *.*                  *.*                0      0 24576      0
> IDLE
>
> TCP: IPv6
>    Local Address                     Remote Address
> Swind Send-Q Rwind Recv-Q   State      If
> - --------------------------------- ---------------------------------
> - ----- ------ ----- ------ ----------- -----
>       *.*                               *.*
>   0      0 24576      0 IDLE
>       *.21                              *.*
>   0      0 24576      0 LISTEN
>       *.23                              *.*
>   0      0 24576      0 LISTEN
>
> - -----Original Message-----
> From: Kevin Darcy [mailto:kcd at daimlerchrysler.com]
> Sent: Wednesday, July 17, 2002 10:57 AM
> To: BIND Users (bind-users at isc.org)
> Subject: Re: rndc
>
> "Georgeson, Evan [NCSUS Non J&J]" wrote:
>
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Okay, this will probably draw some critcism but here goes....I'm
> > trying to get rndc to work on 9.1.3. From what I can gather from
> > DNS/BIND, as a minimum I need info in both my named.conf and a file
> >  called rndc.conf. Here's what I've tried to do. Please feel free
> > to  comment on areas where I should fix because I keep getting
> > "connection  refused" errors when running rndc.
> >
> > *       Create a key pair # dnssec-keygen -a hmac-md5 -b 512 -n
> > host rndc.key
> > *       Rename the generated key/private files created by
> > dnssec-keygen to "rndc.key" and "rndc.private". I also relocated
> > these files to /etc. *       Modified my named.conf with the
> > following:
> > include "/etc/rndc.key";
> >         };
> > controls {
> >         inet * allow {any;} keys {"rndc.key";};
> > };
> >
> > key "rndc.key" {
> >         algorithm hmac-md5;
> >         secret
> > "yS5NyCsVKZGc/G/8D5p0dtVyZnbbugZbxnOTHr1aXt1GH6Kk8A17dVe9
> > svk9HFyE81oKjJrKboyilekmVYfznA==";
> > };
> > *       Created /etc/rndc.conf and added the following:
> > options {
> >         default-server localhost;
> >         default-key "rndc.key";
> > };
> >
> > key "rndc.key" {
> >         algorithm hmac-md5;
> >         secret
> > "yS5NyCsVKZGc/G/8D5p0dtVyZnbbugZbxnOTHr1aXt1GH6Kk8A17dVe9
> > svk9HFyE81oKjJrKboyilekmVYfznA==";
> > };
> >
> > The contents of my rndc.key is this:
> >
> > rndc.key. IN KEY 512 3 157
> > yS5NyCsVKZGc/G/8D5p0dtVyZnbbugZbxnOTHr1aXt1GH6Kk8A17dVe9
> > svk9HFyE81oKjJrKboyilekmVYfznA==
> >
> > What am I doing wrong? It seems basic that I should want to be able
> > to  run rndc just like ndc. This is a caching server and requires
> > no zone  signing nor do I require encryption of any sort. I just
> > want to be  able to run cache dumps and stats and all the fun
> > little things like  that. Thank you in advance for any constructive
> > criticism you can  provide.
>
> Do you seen anything listening on port 953?
>
> Are there any relevant error messages in your logs?
>
> - - Kevin
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 7.1
>
> iQA/AwUBPTWHf2cmEMqSL6AwEQJv3wCg+Q66T+INPUnbYO1v5ZP0/R0pn6gAn1/C
> nGG/YDn7bJn6ZL0qFm76CcIR
> =EAd2
> -----END PGP SIGNATURE-----



More information about the bind-users mailing list