Problem with quering BIND on localhost

Niall O'Reilly Niall.oReilly at ucd.ie
Wed Oct 31 15:56:27 UTC 2007


On 31 Oct 2007, at 13:54, Johan Schröder wrote:

> and try to
> start the transfer from the master nameserver. But the transfer is not
> possible:
>
> # rndc reload domain.com
> rndc: connect failed: 127.0.0.1#953: connection refused

	That's not the transfer failing, but rndc telling you it
	wasn't able to tell your server (127.0.0.1 is localhost,
	after all) to do the reload.

	Is named listening for rndc commands on port 953?
	Have you set up the shared secret for rndc to use?
	Have you included this in both rndc.conf and named.conf?
	These files normally live in /etc and use an 'include'
	command to refer to the (rather less visible) file where the
	shared secret lives.  We keep them in /local/var/named/etc,
	thus:

keadeen(noreilly)124: grep  'include.*rndc'  /local/var/named/etc/ 
{named,rndc}.conf
/local/var/named/etc/named.conf:include "/etc/rndc.key";
/local/var/named/etc/rndc.conf:include "/etc/rndc.key";
keadeen(noreilly)125: ls -l /local/var/named/etc/{rndc*,named.conf}
-rw-r--r--    1 root     named        8703 Oct 30 13:24 /local/var/ 
named/etc/named.conf
-rw-r--r--    1 root     named        1103 Apr 25  2005 /local/var/ 
named/etc/rndc.conf
-rw-r-----    1 root     named          77 Apr 25  2005 /local/var/ 
named/etc/rndc.key
keadeen(noreilly)126:

	Note that rndc.key is not world-readable.

> When I have a look at the logs, I see this message:
> "zone transfer deferred due to quota"

	This is something different.

	It means that the master has already enough transfers
	in progress.  The delay introduced could be as little as
	a few seconds.  We see these regularly, with no adverse
	effects.

	/Niall




More information about the bind-users mailing list