bind 9.5.1b1(rndc.key) Problem
Kevin Darcy
kcd at chrysler.com
Fri Aug 22 22:00:54 UTC 2008
iman habibi wrote:
> Dear Admins
> I compiled bind 9.5.1b1 and installed it on solaris9.
> here are my compile options:
> ./configure --enable-shared=no --sysconfdir=/opt/namesurfer/config
> --sbindir=/opt/namesurfer/named --localstatedir=/opt/namesurfer
> --prefix=/opt/namesurfer
> but when i started named ,i saw that it got error with:
> -sh-3.2# Aug 21 21:32:00 lct-test named[23355]: [ID 873579
> daemon.notice]
> starting BIND 9.5.1b1
> Aug 21 21:32:00 lct-test named[23355]: [ID 873579 daemon.error]
> /opt/namesurfer/config/named.conf:14: unknown key 'rndckey'
> Aug 21 21:32:00 lct-test named[23355]: [ID 873579 daemon.crit]
> loading
> configuration: failure
> Aug 21 21:32:00 lct-test named[23355]: [ID 873579 daemon.crit] exiting
> (due
> to fatal error)
> however i put rndc.key in /opt/namesurfer/config!
> but when i delet this part of named.conf:
> inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndckey";};---
>
>> inet 127.0.0.1 port 953 allow { 127.0.0.1; };
>>
> the named start properly!
> how can i fix this problem without deleting "keys { "rndckey"; }"
> from named.conf?
> should i change my ./configure options for this or change some other
> things after compile?
> why bind get this error from named.conf?
> any idea would be appreciated
>
You can either
a) not specify a key in "controls", in which case named looks in
rndc.key to find the key, or
b) specify a key in "controls", in which case you need to have a
matching "key" statement elsewhere in named.conf, or "include"d into
named.conf (the latter is often done so that the read permissions on the
key file can be made much more restrictive than on named.conf itself).
Note that this has nothing to do with how you built BIND or your
./configure options.
- Kevin
More information about the bind-users
mailing list