rndc.key problems
Jeffrey J. Barteet
barteet at mrl.ucsb.edu
Tue Dec 9 02:23:34 UTC 2003
Mark,
thank you for the heads up. My confusion of rndc.conf and rndc.key is
clearly the issue.
And you're right about the submitted sample not matching up...the example
I submitted came from earlier in the day when I had started the email. At
that time I had experimented by putting the options section first in the
file before the key section. I had switched it back by the time I cut and
pasted the rndc.conf file into the email.
Thanks a million. I had become myopic to the problem.
-jeffrey
On Tue, 9 Dec 2003 Mark_Andrews at isc.org wrote:
>
> > Greetings,
> >
> > I've built and installed BIND 9.2.3 replacing my old 9.1.3 installation,
> > and I'm having an issue with my rndc.key that I can't figure out.
> >
> > When I run rndc status (or any other rndc command) I get:
> >
> > ./rndc status
> > rndc: error: /usr/local/bind-9.2.3//etc/rndc.key:2: unknown option
> > 'options'
> > rndc: could not load rndc configuration
>
> You are using a "rndc.conf" as a "rndc.key". The "rndc.key"
> parser does NOT know about options. The parser for "rndc.conf"
> does know about options. They are not interchangable.
>
> Also below does *not* match will the rndc.conf below.
> options is on line 6 not line 2 as reported by the error
> message.
>
> > My rndc.key is the 'stock' key generated by rndc-confgen.
>
> rndc.key is designed to be loaded by both named and rndc
> either directly due to lack of controls in named.conf or
> no rndc.conf or via 'include "rndc.key";' in named.conf
> and rndc.conf (9.2.x onwards).
>
> rndc.key is generated by "rndconfgen -a".
>
> rndc.conf is generated to stdout by "rndconfgen" (no -a)
> and includes a code segment (commented out) to be added to
> named.conf.
>
> I would be renaming /usr/local/bind-9.2.3/etc/rndc.key to
> /usr/local/bind-9.2.3/etc/rndc.conf.
>
> Mark
>
> > I installed the commented out section from the bottom of my rndc-confgen
> > into my named.conf file and I get not errors at startup of named.
> >
> > I'm not sure what I'm doing wrong. The contents of my rndc.key is as
> > follows (with my 'secret' key changed.)
> >
> > # Start of rndc.conf
> > key "rndc-key" {
> > algorithm hmac-md5;
> > secret "thisisnotmyrealkey";
> > };
> > options {
> > default-key "rndc-key";
> > default-server 127.0.0.1;
> > default-port 953;
> > };
> > # End of rndc.conf
> >
> > Any hints or suggestions appreciated.
> >
> > --
> > Jeffrey J. Barteet
> > Materials Research Laboratory
> > UC Santa Barbara, CA 93106
> > 805-893-8642
>
> >
> >
> --
> Mark Andrews, Internet Software Consortium
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
>
>
--
Jeffrey J. Barteet
Materials Research Laboratory
UC Santa Barbara, CA 93106
805-893-8642
More information about the bind-users
mailing list