keys for rndc and for TSIG
Ed Schmollinger
schmolli at frozencrow.org
Fri Jan 3 14:50:49 UTC 2003
On Thu, Jan 02, 2003 at 09:57:37PM -0800, Jun Wang wrote:
> I created rndc.key, rndc.conf and named.conf according
> to BIND 9 Ref manual, every worked just fine.
>
> But once I put a "key" statement in named.conf for
> server-to-server authentication, I can not run "rndc"
> any more, and got error response:
> "rndc: connection to remote host closed This may
> indicate that the remote server is using an older
> version of the command protocol, this host is not
> authorized to connect, or the key is invalid."
>
> also, the syslog shows "Jan 2 21:39:23 sparc5
> named[153]: [ID 866145 daemon.warning]
> /usr/local/etc/named.conf:6: couldn't find key
> 'local_key' for use with command channel
> 127.0.0.1#953"
>
> It looks like once I put "key" statement in
> named.conf, "rndc" can not find its key any more,
> which is referenced in rndc.conf and rndc.key.
Actually, it looks like named can't find the the key you're referencing.
Make sure that you defined local_key for the nameserver. (Did you add it
to or include it from named.conf?)
--
Ed Schmollinger - schmolli at frozencrow.org
More information about the bind-users
mailing list