[Flushing Cache] Resolver and forwader

Kevin Darcy kcd at daimlerchrysler.com
Thu Oct 2 23:47:36 UTC 2003


Jeremy Mauro wrote:

>A weird problem for me:
>I have a resolver that caches the DNS requests (Normal) that also
>forward to some external resolvers with the option "forward only"
>
>Everything works, except that:
>$rndc reload
>rndc: connection to remote host closed
>This may indicate that the remote server is using an older version of 
>the command protocol, this host is not authorized to connect,
>or the key is invalid.
>
>And I used the tool "rndc-confgen" to create the rndc key. So it is not
>a key problem.
>
>Any idea?
>I thing it is a problem due to the "forward only" as if the resolver
>tried to connect to the forwarder
>
>----
>$ cat rndc.conf 
># Start of rndc.conf
>key "rndc-key" {
>        algorithm hmac-md5;
>        secret "OPIRd5KCXXXXX";
>};
>
>options {
>        default-key "rndc-key";
>        default-server 127.0.0.1;
>        default-port 953;
>};
># End of rndc.conf
>--
>$ head -20 named.conf 
>########################################
># Generated by the post install package
>########################################
>
> key "rndc-key" {
>       algorithm hmac-md5;
>       secret "OPIRd5KXXXXX";
> };
> 
> controls {
>       inet 127.0.0.1 port 953
>               allow { 127.0.0.1; } keys { "rndc-key"; };
> };
>
I highly doubt that your rndc problems have anything to do with your 
forwarding configuration, since the "control" part of BIND is completely 
separate and apart from the other parts of BIND which do name resolution.

Offhand, your config files look to be in order.

Does the "-V" option to rndc give you any useful information?

                                                                         
                     - Kevin




More information about the bind-users mailing list