keys for rndc and for TSIG

Ed Schmollinger schmolli at
Fri Jan 3 14:50:49 UTC 2003

On Thu, Jan 02, 2003 at 09:57:37PM -0800, Jun Wang wrote:
> I created rndc.key, rndc.conf and named.conf according
> to BIND 9 Ref manual, every worked just fine.
> But once I put a "key" statement in named.conf for
> server-to-server authentication, I can not run "rndc"
> any more, and got error response:
> "rndc: connection to remote host closed This may
> indicate that the remote server is using an older
> version of the command protocol, this host is not
> authorized to connect, or the key is invalid."
> also, the syslog shows "Jan  2 21:39:23 sparc5
> named[153]: [ID 866145 daemon.warning]
> /usr/local/etc/named.conf:6: couldn't find key
> 'local_key' for use with command channel
> It looks like once I put "key" statement in
> named.conf, "rndc" can not find its key any more,
> which is referenced in rndc.conf and rndc.key.

Actually, it looks like named can't find the the key you're referencing.
Make sure that you defined local_key for the nameserver.  (Did you add it
to or include it from named.conf?)

Ed Schmollinger - schmolli at

More information about the bind-users mailing list