rndc confusion

Paul Ooi Cong Jen paulooi at takizo.com
Thu Jan 27 02:53:41 UTC 2011


On 27-Jan-2011, at 10:39 AM, donovan jeffrey j wrote:

> Greetings
> 
> it has been a while since I have worked with named, and Ive seemed to wrap myself in a key confusion.
> 
> I had some issue with an invalid key so i ran rndc-confgen -a which gave me a new key in /etc/rndc.key.
> so now rndc works fine.
> 
> but when looked at /etc/rndc.conf the key was different than the  /etc/rndc.key. i thought they had to be the same for this to work. I'm assuming that i should replace the key the rndc.conf, or maybe it's not needed since I'm loading directly from named.conf ?

You can just copy the key from rndc.key to rndc.conf. It's suppose to be the same. If you don't invoke -a, it actually needed you to create it manually.

> 
> any insight or flames welcome.
> -j
> 
> config below;
> 
> named.conf
> 
> //
> // Include keys file
> //
> include "/etc/rndc.key";
> 
> controls  {
> 	inet 127.0.0.1 port 1234 allow { localhost; } keys { rndc-key; };
>   };
> 
> 
> options  {
> 	include "/usr/local/named/options";
>   };
> 
> logging {
> 	include "/usr/local/named/loggingOptions.conf";
> };
> 
> include "/etc/dns/privateView.conf.basd";
> 
> 
> rndc.conf
> 
> # Start of rndc.conf
> key "rndc-key" {
> 	algorithm hmac-md5;
> 	secret "xxx...Bmw==";
> };
> 
> options {
> 	default-key "rndc-key";
> 	default-server 127.0.0.1;
> 	default-port 1234;
> };
> # End of rndc.conf
> 
> 
> rndc.key
> key "rndc-key" {
> 	algorithm hmac-md5;
> 	secret "yyy,,,,,,3MA==";
> };
> 
> 
> ## end
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users




More information about the bind-users mailing list