rndc.key vs. rndc.conf

online-reg online-reg at enigmedia.com
Sun Oct 3 13:54:53 UTC 2010


> | Hi All: One more conf issue on bind 9.7.1-P2
> | After running rndc-confgen and reloading BIND I?m getting this error:
> | WARNING: key file (/etc/namedb/rndc.key) exists, but using default
> | configuration file (/etc/namedb/rndc.conf)
> | rndc: connection to remote host closed
> | This may indicate that
> | * the remote server is using an older version of the command protocol,
> | * this host is not authorized to connect,
> | * the clocks are not synchronized, or
> | * the key is invalid.
> | It seems like I have a valid key in both files...what do I need to 
> change?
>
> I'm guessing from the /etc/namedb path above that you're using FreeBSD.
> In that case there is no reason to use rndc.conf, as FreeBSD generates
> an rndc.key file for you.
>
> 1. Stop named ('service named stop' or '/etc/rc.d/named stop')
> 2. rm /etc/rndc.conf
> 3. Start named ('service named start' or '/etc/rc.d/named start')
> 4. rndc status
>
Thanks again...removing the rndc.conf file worked! I think where I became 
confused was after installing 9.7.1-P2 from the ports collection on FreeBSD 
8.1, it installed an "rndc.conf.sample" file in "/etc/namedb/"...I tried 
renaming that file and using it, saw some errors, and then ran rndc-confgen, 
which created the "rndc.key" file instead. 




More information about the bind-users mailing list