rndc in chroot?
Jef Elliott
jef_umd at umd.umich.edu
Wed Dec 15 23:18:18 UTC 2004
Hi,
I've been following various documents for configuring bind9, including
http://www.cymru.com/Documents/secure-bind-template.html . It links to
http://en.tldp.org/HOWTO/Chroot-BIND-HOWTO-2.html for information on how
to set up chroot under linux. I'm trying this on Debian stable, bind
version is 9.2.1
Everything works ok so far, but I can't get rndc to play nice in the
chroot jail.
Following the Bind9 Admin's ref. manual, I've run the rndc-confgen and
created rndc.conf and put the proper lines in the named.conf file.
If I just add the Control section of the output into named.conf, when
trying to run 'rndc reload' I get:
rndc: connection to remote host closed
This may indicate that the remote server is using an older version of
the command protocol, this host is not authorized to connect,
or the key is invalid.
If I include the Key section of the output (doing so isn't mentioned in
the ref. manual, but the rndc.conf output does mention this)., I get an
error starting named in daemon.log:
named[23747]: loading configuration from '/etc/bind/named.conf'
named[23747]: /etc/bind/named.conf:177: key 'rndc-key': already exists
named[23747]: /etc/bind/named.conf:177: key 'rndc-key': already exists
named[23747]: loading configuration: failure
I can't quite find any documents that mention using being able to use
rndc in a chroot environment, but I also can't quite find any documents
that say that you *can't* use it. Any pointers or links would be
appreciated.
jef
More information about the bind-users
mailing list