format of /etc/rndc.conf
Kevin Darcy
kcd at daimlerchrysler.com
Thu Oct 17 16:51:11 UTC 2002
"Christopher L. Barnard" wrote:
> Hmmm. I added one more "server" line to my /etc/rndc.conf file, just in
> case it needed "localhost".
>
> server localhost {
> key pprdint3key;
> };
>
> The "controls" statement in named.conf looks ok:
>
> controls {
> inet 127.0.0.1 allow { localhost; } keys { pprdint3key; };
> };
>
> as do the "key" statement:
>
> key pprdint3key {
> algorithm hmac-md5;
> secret "xxxxx";
> };
>
> The /var/adm/messages file indicates that everything started:
>
> Oct 17 16:25:27 pprdint3 named[17842]: starting BIND 9.2.0 -u named -t /var/named
> Oct 17 16:25:27 pprdint3 named[17842]: command channel listening on 127.0.0.1#953
>
> but rndc still does not work:
>
> 24 pprdint3!/var/named/etc/domain >> /usr/local/sbin/rndc status
> rndc: connect failed: connection refused
>
> Any other suggestions? Please?
>
> +-----------------------------------------------------------------------+
> | Christopher L. Barnard O When I was a boy I was told that |
> | cbarnard at tsg.cbot.com / \ anybody could become president. |
> | (312) 347-4901 O---O Now I'm beginning to believe it. |
> | http://www.cs.uchicago.edu/~cbarnard --Clarence Darrow |
> +----------PGP public key available via finger or PGP keyserver---------+
>
> > "Christopher L. Barnard" wrote:
> >
> > > This may be an odd one. I tried to search the archive, but I may not
> > > have worded my query correctly.
> > >
> > > I am setting up a nameserver (Bind 9.2) for our Disaster site. So a
> > > server that I am configuring needs to respond to "pprdint3.prices.cbot.com",
> > > "pprdint3.dr.cbot.com", *and* "pprdint3.cbot.com". In ordinary day-to-day
> > > work, it responds to both pprdint3.prices and pprdint3.dr; I just have an A
> > > record in both maps. In case of disaster, It will become our company
> > > primary nameserver and also will become "pprdint3.cbot.com". I believe I have
> > > documented the named.conf and bootstrap cache file so that anyone can do
> > > this in case it is ever needed, but I would like to configure the
> > > /etc/rndc.conf file so that it does not need to be touched. So right
> > > now I have as the /etc/rndc.conf file
> > >
> > > options {
> > > default-server pprdint3.dr.cbot.com;
> > > default-key pprdint3key;
> > > };
> > >
> > > server pprdint3.dr.cbot.com {
> > > key pprdint3key;
> > > };
> > >
> > > server pprdint3.cbot.com {
> > > key pprdint3key;
> > > };
> > >
> > > server pprdint3.prices.cbot.com {
> > > key pprdint3key;
> > > };
> > >
> > > key pprdint3key {
> > > algorithm hmac-md5;
> > > secret "xxxxx";
> > > };
> > >
> > > However, when I try to run rndc I get a
> > > rndc: connect failed: connection refused
> > > So something above is sufficiently bogus for rndc to refuse to even
> > > start.
> > > Is it possible for three "servers" to be allowed to send rndc commands
> > > and share the same key? If so, what am I doing wrong? Thanks much.
> >
> > Well, "connection refused" sounds like named isn't listening on port 953. What
> > are your "controls" and/or "key" configurations in /etc/named.conf? If it were a
> > key problem, I'd expect a "connection to remote host closed" error instead of
> > "connection refused".
Do any of the "server"s defined in rndc.conf resolve to 127.0.0.1?
- Kevin
More information about the bind-users
mailing list