format of /etc/rndc.conf
Christopher L. Barnard
cbar44 at tsg.cbot.com
Thu Oct 17 18:39:20 UTC 2002
I think I was just trying to get too fancy. localhost will always be
localhost, regardless of what zone this system my think it is in. So I
only have localhost everywhere, and it works fine.
+-----------------------------------------------------------------------+
| Christopher L. Barnard O When I was a boy I was told that |
| cbarnard at tsg.cbot.com / \ anybody could become president. |
| (312) 347-4901 O---O Now I'm beginning to believe it. |
| http://www.cs.uchicago.edu/~cbarnard --Clarence Darrow |
+----------PGP public key available via finger or PGP keyserver---------+
>
> "Christopher L. Barnard" wrote:
>
> > Hmmm. I added one more "server" line to my /etc/rndc.conf file, just in
> > case it needed "localhost".
> >
> > server localhost {
> > key pprdint3key;
> > };
> >
> > The "controls" statement in named.conf looks ok:
> >
> > controls {
> > inet 127.0.0.1 allow { localhost; } keys { pprdint3key; };
> > };
> >
> > as do the "key" statement:
> >
> > key pprdint3key {
> > algorithm hmac-md5;
> > secret "xxxxx";
> > };
> >
> > The /var/adm/messages file indicates that everything started:
> >
> > Oct 17 16:25:27 pprdint3 named[17842]: starting BIND 9.2.0 -u named -t /var/named
> > Oct 17 16:25:27 pprdint3 named[17842]: command channel listening on 127.0.0.1#953
> >
> > but rndc still does not work:
> >
> > 24 pprdint3!/var/named/etc/domain >> /usr/local/sbin/rndc status
> > rndc: connect failed: connection refused
> >
> > Any other suggestions? Please?
> >
> > +-----------------------------------------------------------------------+
> > | Christopher L. Barnard O When I was a boy I was told that |
> > | cbarnard at tsg.cbot.com / \ anybody could become president. |
> > | (312) 347-4901 O---O Now I'm beginning to believe it. |
> > | http://www.cs.uchicago.edu/~cbarnard --Clarence Darrow |
> > +----------PGP public key available via finger or PGP keyserver---------+
> >
> > > "Christopher L. Barnard" wrote:
> > >
> > > > This may be an odd one. I tried to search the archive, but I may not
> > > > have worded my query correctly.
> > > >
> > > > I am setting up a nameserver (Bind 9.2) for our Disaster site. So a
> > > > server that I am configuring needs to respond to "pprdint3.prices.cbot.com",
> > > > "pprdint3.dr.cbot.com", *and* "pprdint3.cbot.com". In ordinary day-to-day
> > > > work, it responds to both pprdint3.prices and pprdint3.dr; I just have an A
> > > > record in both maps. In case of disaster, It will become our company
> > > > primary nameserver and also will become "pprdint3.cbot.com". I believe I have
> > > > documented the named.conf and bootstrap cache file so that anyone can do
> > > > this in case it is ever needed, but I would like to configure the
> > > > /etc/rndc.conf file so that it does not need to be touched. So right
> > > > now I have as the /etc/rndc.conf file
> > > >
> > > > options {
> > > > default-server pprdint3.dr.cbot.com;
> > > > default-key pprdint3key;
> > > > };
> > > >
> > > > server pprdint3.dr.cbot.com {
> > > > key pprdint3key;
> > > > };
> > > >
> > > > server pprdint3.cbot.com {
> > > > key pprdint3key;
> > > > };
> > > >
> > > > server pprdint3.prices.cbot.com {
> > > > key pprdint3key;
> > > > };
> > > >
> > > > key pprdint3key {
> > > > algorithm hmac-md5;
> > > > secret "xxxxx";
> > > > };
> > > >
> > > > However, when I try to run rndc I get a
> > > > rndc: connect failed: connection refused
> > > > So something above is sufficiently bogus for rndc to refuse to even
> > > > start.
> > > > Is it possible for three "servers" to be allowed to send rndc commands
> > > > and share the same key? If so, what am I doing wrong? Thanks much.
> > >
> > > Well, "connection refused" sounds like named isn't listening on port 953. What
> > > are your "controls" and/or "key" configurations in /etc/named.conf? If it were a
> > > key problem, I'd expect a "connection to remote host closed" error instead of
> > > "connection refused".
>
> Do any of the "server"s defined in rndc.conf resolve to 127.0.0.1?
>
>
> - Kevin
>
>
More information about the bind-users
mailing list