remote rndc broken somehow...

Mark Andrews Mark_Andrews at isc.org
Thu Jun 16 23:11:57 UTC 2005


> Hi all,
> 
> I have a weird problem that makes no sense from a troubleshooting perspective
> .
> 
> On BIND 9.3.1 on Windows Server 2003 and Windows XP as the client 
> running rndc: One of my team members here that admins our name 
> servers all of a sudden cannot use rndc from her workstation to 
> remotely admin two of three of our name servers. As far as we can 
> tell, nothing changed that should affect that. The only recent change 
> we made was limiting recursion, but that should have no effect as 
> inet control channel is allowing her IP address since it is in the 
> same /24 that all of our other working machines are in.
> 
> When talking to server 1 and 3 issuing any rndc command, it complains 
> that the connection was refused and the protocol on the server might 
> be old or the key incorrect. I know the key is correct because it 
> works on name server 2 which has the same key in the config file. 
> I've even copied the rndc.conf file from my own working machine to 
> hers and updated all the binary files and dll's for rndc on her 
machine and still she can only talk to ns2. Everyone else as far as I 
> know has no problems with all three servers including myself.
> 
> In the logs I see this:
> 
> 16-Jun-2005 12:43:49.020 general: invalid command from 
> www.xxx.yyy.zzz#1128: expired
> 
> (IP is masked)
> 
> So the server is seeing an invalid command coming from the machine 
> running rndc... I thought because the key was invalid, but as I said, 
> it works on one server that has the same key and I've copied the 
> rndc.conf containing the key to her machine and verified it's 
> actually using that copy with no difference in results.
> 
> What does "expired" mean at the end of the log entry? That might give 
> me some clue.
> 
> I'm kind of stumped. Any thoughts or suggestions would be appreciated.
> 
> 
> Vinny Abello
> Network Engineer
> Server Management
> vinny at tellurian.com
> (973)300-9211 x 125
> (973)940-6125 (Direct)
> PGP Key Fingerprint: 3BC5 9A48 FC78 03D3 82E0  E935 5325 FBCB 0100 977A
> 
> Tellurian Networks - The Ultimate Internet Connection
> http://www.tellurian.com (888)TELLURIAN
> 
> "Courage is resistance to fear, mastery of fear - not absence of 
> fear" -- Mark Twain
> 
> 

	Your clocks are out of sync.

--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org



More information about the bind-users mailing list