format of /etc/rndc.conf

Kevin Darcy kcd at daimlerchrysler.com
Thu Oct 17 16:51:11 UTC 2002


"Christopher L. Barnard" wrote:

> Hmmm.  I added one more "server" line to my /etc/rndc.conf file, just in
> case it needed "localhost".
>
> server localhost {
>         key pprdint3key;
> };
>
> The "controls" statement in named.conf looks ok:
>
> controls {
>         inet 127.0.0.1 allow { localhost; } keys { pprdint3key; };
> };
>
> as do the "key" statement:
>
> key pprdint3key {
>         algorithm hmac-md5;
>         secret "xxxxx";
> };
>
> The /var/adm/messages file indicates that everything started:
>
> Oct 17 16:25:27 pprdint3 named[17842]: starting BIND 9.2.0 -u named -t /var/named
> Oct 17 16:25:27 pprdint3 named[17842]: command channel listening on 127.0.0.1#953
>
> but rndc still does not work:
>
> 24 pprdint3!/var/named/etc/domain >> /usr/local/sbin/rndc status
> rndc: connect failed: connection refused
>
> Any other suggestions?  Please?
>
> +-----------------------------------------------------------------------+
> | Christopher L. Barnard         O     When I was a boy I was told that |
> | cbarnard at tsg.cbot.com         / \    anybody could become president.  |
> | (312) 347-4901               O---O   Now I'm beginning to believe it. |
> | http://www.cs.uchicago.edu/~cbarnard                --Clarence Darrow |
> +----------PGP public key available via finger or PGP keyserver---------+
>
> > "Christopher L. Barnard" wrote:
> >
> > > This may be an odd one.  I tried to search the archive, but I may not
> > > have worded my query correctly.
> > >
> > > I am setting up a nameserver (Bind 9.2) for our Disaster site.  So a
> > > server that I am configuring needs  to respond to "pprdint3.prices.cbot.com",
> > > "pprdint3.dr.cbot.com", *and* "pprdint3.cbot.com".  In ordinary day-to-day
> > > work, it responds to both pprdint3.prices and pprdint3.dr; I just have an A
> > > record in both maps.  In case of disaster, It will become our company
> > > primary nameserver and also will become "pprdint3.cbot.com".  I believe I have
> > > documented the named.conf and bootstrap cache file so that anyone can do
> > > this in case it is ever needed, but I would like to configure the
> > > /etc/rndc.conf file so that it does not need to be touched.  So right
> > > now I have as the /etc/rndc.conf file
> > >
> > > options {
> > >         default-server pprdint3.dr.cbot.com;
> > >         default-key pprdint3key;
> > > };
> > >
> > > server pprdint3.dr.cbot.com {
> > >         key pprdint3key;
> > > };
> > >
> > > server pprdint3.cbot.com {
> > >         key pprdint3key;
> > > };
> > >
> > > server pprdint3.prices.cbot.com {
> > >         key pprdint3key;
> > > };
> > >
> > > key pprdint3key {
> > >         algorithm hmac-md5;
> > >         secret "xxxxx";
> > > };
> > >
> > > However, when I try to run rndc I get a
> > > rndc: connect failed: connection refused
> > > So something above is sufficiently bogus for rndc to refuse to even
> > > start.
> > > Is it possible for three "servers" to be allowed to send rndc commands
> > > and share the same key?  If so, what am I doing wrong?  Thanks much.
> >
> > Well, "connection refused" sounds like named isn't listening on port 953. What
> > are your "controls" and/or "key" configurations in /etc/named.conf? If it were a
> > key problem, I'd expect a "connection to remote host closed" error instead of
> > "connection refused".

Do any of the "server"s defined in rndc.conf resolve to 127.0.0.1?


- Kevin




More information about the bind-users mailing list