Antwort: syslog errors....
holger.honert at signal-iduna.de
holger.honert at signal-iduna.de
Fri Jun 17 12:08:06 UTC 2005
Hello,
you have to add the key statement in your zone oprions. If you are adding
a phrase without the "key"-Statement, the named expects a defined acl with
this paticular name.
Try this:
zone "zone1.com" in {
type master;
file "db.zone1.com";
allow-transfer {
key secret-key.;
};
};
Kind Regards/Freundlichen GruÃ
Holger Honert
KOMS-97850
SIGNAL IDUNA Gruppe
Joseph-Scherer-Str. 3
44139 Dortmund
Phone: +49 231/135-4043
FAX: +49 231/135-2959
mailto: holger.honert at signal-iduna.de
RB <rbaki2002 at yahoo.com>
Gesendet von: bind-users-bounce at isc.org
17.06.2005 13:54
An: bind-users at isc.org
Kopie:
Thema: syslog errors....
I'm getting the following errors in syslog while trying to start bind on a
secured network. Iâve included the config files below. Although the
errors seem very specific (and I noted âline 39â in the namedb9.con file),
I cannot seem to resolve what it is complaining about. Any help would be
appreciated. Thanks in advance.
Jun 16 14:35:45 dns-s1 named[422]: [ID 866145 daemon.warning]
/usr/local/etc/namedb/namedb9.conf:39: undefined ACL âsecret-key.'
Jun 16 14:35:46 dns-s1 named[422]: [ID 866145 daemon.crit] loading
configuration: not found
Jun 16 14:35:46 dns-s1 named[422]: [ID 866145 daemon.crit] exiting (due to
fatal error)
dns-s1/usr/local/etc/namedb: cat rndc.key
key "rndc-key" {
algorithm hmac-md5;
secret "stcVO8LLN6c7kx73XbcCJg==";
};
dns-s1/usr/local/etc/namedb: cat rndc.conf
# Start of rndc.conf
key "rndc-key" {
algorithm hmac-md5;
secret "stcVO8LLN6c7kx73XbcCJg==";
};
server 127.0.0.1 {
key "rndc-key";
};
options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};
server 10.10.0.164 {
key "rndc-key";
};
# End of rndc.conf
dns-s1/usr/local/etc/namedb: cat namedb9.conf
//# Start of namedb9.conf
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
key "rndc-key" {
algorithm hmac-md5;
secret "stcVO8LLN6c7kx73XbcCJg==";
};
acl "internals" { 10.10.0.0/16; };
options {
directory "/usr/local/etc/namedb" ;
pid-file "named.pid";
allow-query { internals; };
version "[secured]";
};
zone "." { type hint; file "db.root"; };
zone "localhost" {
type master;
file "db.localhost";
notify no;
};
zone "0.0.127.in-addr.arpa" {
type master;
file "db.localhost.rev";
notify no;
};
zone "zone1.com" in {
type master;
file "db.zone1.com";
allow-transfer {
secret-key.; // THIS IS CAUSING THE ERROR (LINE 39) //
};
};
zone "0.10.10.in-addr.arpa" in {
type master;
file "db.0.10.10";
allow-transfer {
secret-key.;
};
};
zone "zone2.com" in {
type master;
file "db.zone2.com";
allow-transfer {
secret-key.;
};
};
zone "zone3.com" in {
type master;
file "db.zone3.com";
allow-transfer {
secret-key.;
};
};
server 10.10.0.164 {
keys {secret-key. ;};
};
logging {
channel "named9_system_channel" {
file "named9_system.log" versions 10 size 50m;
print-severity yes;
print-time yes;
print-category yes;
severity debug 11;
};
category "general" {
"named9_system_channel";
};
};
# End of namedb9.conf
dns-s1/usr/local/etc/namedb: cat Ksecret-key.+157+33846.key
secret-key. IN KEY 512 3 157 5u+fuWZ2htEToKeIaB3nYQ==
dns-s1/usr/local/etc/namedb: cat Ksecret-key.+157+33846.private
Private-key-format: v1.2
Algorithm: 157 (HMAC_MD5)
Key: 5u+fuWZ2htEToKeIaB3nYQ==
---------------------------------
Yahoo! Sports
Rekindle the Rivalries. Sign up for Fantasy Football
More information about the bind-users
mailing list