RDNC key question

Vigilance Monitoring no_spam at aracnet.com
Tue Nov 22 04:46:35 UTC 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

"Kevin Darcy" <kcd at daimlerchrysler.com> wrote in message
news:dltr7i$9ja$1 at sf1.isc.org...
> Vigilance Monitoring wrote:
>
> >-----BEGIN PGP SIGNED MESSAGE-----
> >Hash: SHA1
> >
> >bind-9.2.4-2 on RHEL4
> >
> >I recently built a slave DNS server and everything seems to be
> >working fine.  However, /etc/init.d/named stop|restart does not
> >work (doesn't stop named).  I think the problem may be with the
> >rdnc key.
> >
> >
> >[root at plain named]# rndc -V status
> >rndc: connection to remote host closed
> >This may indicate that the remote server is using an older version
> >of the command protocol, this host is not authorized to connect,
> >or the key is invalid.
> >
> >/var/log/messages:
> >
> >Nov 20 22:22:33 plain named[13030]: invalid command from
> >127.0.0.1#34229: bad auth
> >Nov 20 22:25:38 plain named[13609]: /etc/named.conf:63: couldn't
> >find key 'rndc-key' for use with command channel 127.0.0.1#953
> >Nov 20 22:25:43 plain named[13609]: invalid command from
> >127.0.0.1#34274: bad auth
> >Nov 20 22:25:43 plain named[13609]: invalid command from
> >127.0.0.1#34275: bad auth
> >Nov 20 22:25:50 plain named[13609]: invalid command from
> >127.0.0.1#34276: bad auth
> >Nov 20 22:26:54 plain named[13609]: invalid command from
> >127.0.0.1#34291: bad auth
> >
> >/etc/named.conf:
> >
> >include "/etc/rndc.key";
> >
> >controls {
> >        inet 127.0.0.1 port 953
> >        allow { 127.0.0.1; } keys { "rndc-key"; };
> >};
> >
> >What do I need to do to fix this please?  TIA!!!
> >
> The error messages imply that there is no definition of a key named
>  "rndc-key" in the file /etc/rndc.key. Check the contents of the
> file.  Feel free to post it here with the "secret" part anonymized
> and nothing  else (otherwise you may obscure the real source of the
> problem). Or,  just generate and install a new key after you've
> posted the old one  publically.
>
> Another possibility is that you haven't restarted named since you
> added  the key definition, so named doesn't "see" it yet.
> Understand that you  can't use "rndc stop" until you've gotten rndc
> working -- you'll have to  "bootstrap" things with manual stops and
> starts until rndc is working.
>
>
>
>                                                             - Kevin
>
Thanks Kevin.  Yep, there is no key definition in /etc/rndc.conf.  So
how do I create a key and get everything established properly (this
has always happened pretty much automatically/magically for me in the
past.

/etc/rndc.conf:

options {
        default-server  localhost;
        default-key     "rndckey";
};

server localhost {
        key     "rndckey";
};

include "/etc/rndc.key";

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
Comment: foobar

iQA/AwUBQ4KiqFPfRV42MJPXEQK9mACfdhj3q0o1aEcL5Zwotv7j1zIQ3soAoJMV
11T2ryTDaSW+GlahOO+67Ppx
=A8n+
-----END PGP SIGNATURE-----




More information about the bind-users mailing list