Problem with quering BIND on localhost
Niall O'Reilly
Niall.oReilly at ucd.ie
Wed Oct 31 15:56:27 UTC 2007
On 31 Oct 2007, at 13:54, Johan Schröder wrote:
> and try to
> start the transfer from the master nameserver. But the transfer is not
> possible:
>
> # rndc reload domain.com
> rndc: connect failed: 127.0.0.1#953: connection refused
That's not the transfer failing, but rndc telling you it
wasn't able to tell your server (127.0.0.1 is localhost,
after all) to do the reload.
Is named listening for rndc commands on port 953?
Have you set up the shared secret for rndc to use?
Have you included this in both rndc.conf and named.conf?
These files normally live in /etc and use an 'include'
command to refer to the (rather less visible) file where the
shared secret lives. We keep them in /local/var/named/etc,
thus:
keadeen(noreilly)124: grep 'include.*rndc' /local/var/named/etc/
{named,rndc}.conf
/local/var/named/etc/named.conf:include "/etc/rndc.key";
/local/var/named/etc/rndc.conf:include "/etc/rndc.key";
keadeen(noreilly)125: ls -l /local/var/named/etc/{rndc*,named.conf}
-rw-r--r-- 1 root named 8703 Oct 30 13:24 /local/var/
named/etc/named.conf
-rw-r--r-- 1 root named 1103 Apr 25 2005 /local/var/
named/etc/rndc.conf
-rw-r----- 1 root named 77 Apr 25 2005 /local/var/
named/etc/rndc.key
keadeen(noreilly)126:
Note that rndc.key is not world-readable.
> When I have a look at the logs, I see this message:
> "zone transfer deferred due to quota"
This is something different.
It means that the master has already enough transfers
in progress. The delay introduced could be as little as
a few seconds. We see these regularly, with no adverse
effects.
/Niall
More information about the bind-users
mailing list