rndc in chroot?

Jef Elliott jef_umd at umd.umich.edu
Wed Dec 15 23:18:18 UTC 2004


I've been following various documents for configuring bind9, including
http://www.cymru.com/Documents/secure-bind-template.html . It links to
http://en.tldp.org/HOWTO/Chroot-BIND-HOWTO-2.html for information on how 
to set up chroot under linux. I'm trying this on Debian stable, bind 
version is 9.2.1

Everything works ok so far, but I can't get rndc to play nice in the 
chroot jail.

Following the Bind9 Admin's ref. manual, I've run the rndc-confgen and 
created rndc.conf and put the proper lines in the named.conf file.

If I just add the Control section of the output into named.conf, when 
trying to run 'rndc reload' I get:

rndc: connection to remote host closed
This may indicate that the remote server is using an older version of
the command protocol, this host is not authorized to connect,
or the key is invalid.

If I include the Key section of the output (doing so isn't mentioned in 
the ref. manual, but the rndc.conf output does mention this)., I get an 
error starting named in daemon.log:

named[23747]: loading configuration from '/etc/bind/named.conf'
named[23747]: /etc/bind/named.conf:177: key 'rndc-key': already exists
named[23747]: /etc/bind/named.conf:177: key 'rndc-key': already exists
named[23747]: loading configuration: failure

I can't quite find any documents that mention using being able to use 
rndc in a chroot environment, but I also can't quite find any documents 
that say that you *can't* use it. Any pointers or links would be 


More information about the bind-users mailing list