Antwort: syslog errors....

[holger.honert at signal-iduna.de]

Hello,

you have to add the key statement in your zone oprions. If you are adding 
a phrase without the "key"-Statement, the named expects a defined acl with 
this paticular name.

Try this:

zone "zone1.com" in {
        type master;
        file "db.zone1.com";
        allow-transfer {
                key secret-key.; 
        };
};


Kind Regards/Freundlichen Gruß
 
Holger Honert
 
KOMS-97850
 
SIGNAL IDUNA Gruppe
Joseph-Scherer-Str. 3
 
44139 Dortmund
 
Phone: +49 231/135-4043
FAX: +49 231/135-2959
 
mailto: holger.honert at signal-iduna.de






RB <rbaki2002 at yahoo.com>
Gesendet von: bind-users-bounce at isc.org
17.06.2005 13:54
 
An:           bind-users at isc.org
Kopie: 
Thema:        syslog errors....


I'm getting the following errors in syslog while trying to start bind on a 
secured network.  I’ve included the config files below.  Although the 
errors seem very specific (and I noted “line 39” in the namedb9.con file), 
I cannot seem to resolve what it is complaining about.  Any help would be 
appreciated.  Thanks in advance.
 
Jun 16 14:35:45 dns-s1 named[422]: [ID 866145 daemon.warning] 
/usr/local/etc/namedb/namedb9.conf:39: undefined ACL ‘secret-key.'
Jun 16 14:35:46 dns-s1 named[422]: [ID 866145 daemon.crit] loading 
configuration: not found
Jun 16 14:35:46 dns-s1 named[422]: [ID 866145 daemon.crit] exiting (due to 
fatal error)
 
dns-s1/usr/local/etc/namedb: cat rndc.key
key "rndc-key" {
        algorithm hmac-md5;
        secret "stcVO8LLN6c7kx73XbcCJg==";
};
 
dns-s1/usr/local/etc/namedb: cat rndc.conf
# Start of rndc.conf
key "rndc-key" {
        algorithm hmac-md5;
        secret "stcVO8LLN6c7kx73XbcCJg==";
};
 
server 127.0.0.1 {
        key "rndc-key";
};
 
options {
        default-key "rndc-key";
        default-server 127.0.0.1;
        default-port 953;
};
 
server 10.10.0.164 {
        key "rndc-key";
};
# End of rndc.conf
 
dns-s1/usr/local/etc/namedb: cat namedb9.conf
//# Start of namedb9.conf
controls {
        inet 127.0.0.1 port 953
                allow { 127.0.0.1; } keys { "rndc-key"; };
};
 
key "rndc-key" {
        algorithm hmac-md5;
        secret "stcVO8LLN6c7kx73XbcCJg==";
};
 
acl "internals" { 10.10.0.0/16; };
 
options {
        directory "/usr/local/etc/namedb" ;
        pid-file "named.pid";
        allow-query { internals; };
        version "[secured]";
};
 
zone "." { type hint; file "db.root"; };
 
zone "localhost" {
        type master;
        file "db.localhost";
        notify no;
};
 
zone "0.0.127.in-addr.arpa" {
        type master;
        file "db.localhost.rev";
        notify no;
};
 
zone "zone1.com" in {
        type master;
        file "db.zone1.com";
        allow-transfer {
                secret-key.;  // THIS IS CAUSING THE ERROR  (LINE 39) //
        };
};
 
 zone "0.10.10.in-addr.arpa" in {
        type master;
        file "db.0.10.10";
        allow-transfer {
                secret-key.;
        };
};
 
zone "zone2.com" in {
        type master;
        file "db.zone2.com";
        allow-transfer {
                secret-key.;
        };
};
 
zone "zone3.com" in {
        type master;
        file "db.zone3.com";
        allow-transfer {
                secret-key.;
        };
};
 
server 10.10.0.164 {
        keys {secret-key. ;};
};
 
logging {
        channel "named9_system_channel" {
        file "named9_system.log" versions 10 size 50m;
        print-severity yes;
        print-time yes;
        print-category yes;
        severity debug 11;
        };
        category "general" {
        "named9_system_channel";
        };
};
 
# End of namedb9.conf
 
dns-s1/usr/local/etc/namedb: cat Ksecret-key.+157+33846.key
secret-key. IN KEY 512 3 157 5u+fuWZ2htEToKeIaB3nYQ==
 
dns-s1/usr/local/etc/namedb: cat Ksecret-key.+157+33846.private
Private-key-format: v1.2
Algorithm: 157 (HMAC_MD5)
Key: 5u+fuWZ2htEToKeIaB3nYQ==
 
 
---------------------------------
Yahoo! Sports
 Rekindle the Rivalries. Sign up for Fantasy Football