rndc confusion

pyh at mail.nsbeta.info pyh at mail.nsbeta.info
Thu Jan 27 02:49:48 UTC 2011


The keyname and keyvalue in named.conf, rndc.key and rndc.conf have to be 
the same. For me I don't have the rndc.key file,but have the left two. 
Surely the keyname/keyvalue in these files should be the same. 

Regards. 

donovan jeffrey j writes: 

> Greetings 
> 
> it has been a while since I have worked with named, and Ive seemed to wrap myself in a key confusion. 
> 
> I had some issue with an invalid key so i ran rndc-confgen -a which gave me a new key in /etc/rndc.key.
> so now rndc works fine. 
> 
> but when looked at /etc/rndc.conf the key was different than the  /etc/rndc.key. i thought they had to be the same for this to work. I'm assuming that i should replace the key the rndc.conf, or maybe it's not needed since I'm loading directly from named.conf ? 
> 
> any insight or flames welcome.
> -j 
> 
> config below; 
> 
> named.conf 
> 
> //
> // Include keys file
> //
> include "/etc/rndc.key"; 
> 
> controls  {
> 	inet 127.0.0.1 port 1234 allow { localhost; } keys { rndc-key; };
>    }; 
> 
> 
> options  {
> 	include "/usr/local/named/options";
>    }; 
> 
> logging {
> 	include "/usr/local/named/loggingOptions.conf";
> }; 
> 
> include "/etc/dns/privateView.conf.basd"; 
> 
> 
> rndc.conf 
> 
> # Start of rndc.conf
> key "rndc-key" {
> 	algorithm hmac-md5;
> 	secret "xxx...Bmw==";
> }; 
> 
> options {
> 	default-key "rndc-key";
> 	default-server 127.0.0.1;
> 	default-port 1234;
> };
> # End of rndc.conf 
> 
> 
> rndc.key
> key "rndc-key" {
> 	algorithm hmac-md5;
> 	secret "yyy,,,,,,3MA==";
> }; 
> 
> 
> ## end
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users



More information about the bind-users mailing list