<div dir="ltr">My bad. I spotted that afterwards.</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, 28 Nov 2024 at 13:48, Anand Buddhdev <<a href="mailto:anandb@ripe.net">anandb@ripe.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr">On Tue, 26 Nov 2024 at 09:40, Greg Choules via bind-users <<a href="mailto:bind-users@lists.isc.org" target="_blank">bind-users@lists.isc.org</a>> wrote:</div><div dir="ltr"><br></div><div>Hi Greg,</div><div><br></div><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div>Running "named-checkconf -p" will print your entire named configuration, following any include files. There *must* be a "controls" section in there or rndc could not work, since, from the ARM:</div></div></blockquote><div><br></div><div>A "controls" section is *not* required in named.conf. If there isn't one, BIND uses some defaults. From the BIND ARM:</div><div><br></div><div><span style="font-family:Lato,proxima-nova,"Helvetica Neue",Arial,sans-serif;font-size:16px;color:rgb(64,64,64);background-color:rgb(252,252,252)">"If no </span><a href="https://bind9.readthedocs.io/en/v9.18.31/reference.html#namedconf-statement-controls" title="namedconf-statement-controls" style="font-family:Lato,proxima-nova,"Helvetica Neue",Arial,sans-serif;font-size:16px;box-sizing:border-box;color:rgb(41,128,185);text-decoration-line:none;background-color:rgb(252,252,252)" target="_blank"><code style="box-sizing:border-box;font-family:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",Courier,monospace;font-size:12px;max-width:100%;background:rgb(255,255,255);border:1px solid rgb(225,228,229);padding:2px 5px;color:black;overflow-x:auto;font-weight:700;text-decoration-line:underline;text-decoration-style:dotted;text-decoration-color:gray"><span style="box-sizing:border-box">controls</span></code></a><span style="font-family:Lato,proxima-nova,"Helvetica Neue",Arial,sans-serif;font-size:16px;color:rgb(64,64,64);background-color:rgb(252,252,252)"> statement is present, </span><a href="https://bind9.readthedocs.io/en/v9.18.31/manpages.html#std-iscman-named" style="font-family:Lato,proxima-nova,"Helvetica Neue",Arial,sans-serif;font-size:16px;box-sizing:border-box;color:rgb(41,128,185);text-decoration-line:none;background-color:rgb(252,252,252)" target="_blank"><code style="box-sizing:border-box;font-family:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",Courier,monospace;font-size:12px;max-width:100%;background:rgb(255,255,255);border:1px solid rgb(225,228,229);padding:2px 5px;color:black;overflow-x:auto;font-weight:700;text-decoration-line:underline;text-decoration-style:dotted;text-decoration-color:gray"><span style="box-sizing:border-box">named</span></code></a><span style="font-family:Lato,proxima-nova,"Helvetica Neue",Arial,sans-serif;font-size:16px;color:rgb(64,64,64);background-color:rgb(252,252,252)"> sets up a default control channel listening on the loopback address 127.0.0.1 and its IPv6 counterpart, ::1. In this case, and also when the </span><a href="https://bind9.readthedocs.io/en/v9.18.31/reference.html#namedconf-statement-controls" title="namedconf-statement-controls" style="font-family:Lato,proxima-nova,"Helvetica Neue",Arial,sans-serif;font-size:16px;box-sizing:border-box;color:rgb(41,128,185);text-decoration-line:none;background-color:rgb(252,252,252)" target="_blank"><code style="box-sizing:border-box;font-family:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",Courier,monospace;font-size:12px;max-width:100%;background:rgb(255,255,255);border:1px solid rgb(225,228,229);padding:2px 5px;color:black;overflow-x:auto;font-weight:700;text-decoration-line:underline;text-decoration-style:dotted;text-decoration-color:gray"><span style="box-sizing:border-box">controls</span></code></a><span style="font-family:Lato,proxima-nova,"Helvetica Neue",Arial,sans-serif;font-size:16px;color:rgb(64,64,64);background-color:rgb(252,252,252)"> statement is present but does not have a </span><a href="https://bind9.readthedocs.io/en/v9.18.31/reference.html#namedconf-statement-keys" title="namedconf-statement-keys" style="font-family:Lato,proxima-nova,"Helvetica Neue",Arial,sans-serif;font-size:16px;box-sizing:border-box;color:rgb(41,128,185);text-decoration-line:none;background-color:rgb(252,252,252)" target="_blank"><code style="box-sizing:border-box;font-family:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",Courier,monospace;font-size:12px;max-width:100%;background:rgb(255,255,255);border:1px solid rgb(225,228,229);padding:2px 5px;color:black;overflow-x:auto;font-weight:700;text-decoration-line:underline;text-decoration-style:dotted;text-decoration-color:gray"><span style="box-sizing:border-box">keys</span></code></a><span style="font-family:Lato,proxima-nova,"Helvetica Neue",Arial,sans-serif;font-size:16px;color:rgb(64,64,64);background-color:rgb(252,252,252)"> clause, </span><a href="https://bind9.readthedocs.io/en/v9.18.31/manpages.html#std-iscman-named" style="font-family:Lato,proxima-nova,"Helvetica Neue",Arial,sans-serif;font-size:16px;box-sizing:border-box;color:rgb(41,128,185);text-decoration-line:none;background-color:rgb(252,252,252)" target="_blank"><code style="box-sizing:border-box;font-family:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",Courier,monospace;font-size:12px;max-width:100%;background:rgb(255,255,255);border:1px solid rgb(225,228,229);padding:2px 5px;color:black;overflow-x:auto;font-weight:700;text-decoration-line:underline;text-decoration-style:dotted;text-decoration-color:gray"><span style="box-sizing:border-box">named</span></code></a><span style="font-family:Lato,proxima-nova,"Helvetica Neue",Arial,sans-serif;font-size:16px;color:rgb(64,64,64);background-color:rgb(252,252,252)"> attempts to load the command channel key from the file </span><code style="font-size:12px;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;box-sizing:border-box;font-family:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",Courier,monospace;max-width:100%;border:1px solid rgb(225,228,229);padding:2px 5px;color:black;overflow-x:auto"><span style="box-sizing:border-box">/etc/rndc.key</span></code><span style="font-family:Lato,proxima-nova,"Helvetica Neue",Arial,sans-serif;font-size:16px;color:rgb(64,64,64);background-color:rgb(252,252,252)">. To create an </span><code style="font-size:12px;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;box-sizing:border-box;font-family:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",Courier,monospace;max-width:100%;border:1px solid rgb(225,228,229);padding:2px 5px;color:black;overflow-x:auto"><span style="box-sizing:border-box">rndc.key</span></code><span style="font-family:Lato,proxima-nova,"Helvetica Neue",Arial,sans-serif;font-size:16px;color:rgb(64,64,64);background-color:rgb(252,252,252)"> file, run </span><a href="https://bind9.readthedocs.io/en/v9.18.31/manpages.html#cmdoption-rndc-confgen-a" style="font-family:Lato,proxima-nova,"Helvetica Neue",Arial,sans-serif;font-size:16px;box-sizing:border-box;color:rgb(41,128,185);text-decoration-line:none;background-color:rgb(252,252,252)" target="_blank"><code style="box-sizing:border-box;font-family:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",Courier,monospace;font-size:12px;max-width:100%;background:rgb(255,255,255);border:1px solid rgb(225,228,229);padding:2px 5px;color:black;overflow-x:auto;font-weight:700;text-decoration-line:underline;text-decoration-style:dotted;text-decoration-color:gray"><span style="box-sizing:border-box">rndc-confgen</span> <span style="box-sizing:border-box">-a</span></code></a><span style="font-family:Lato,proxima-nova,"Helvetica Neue",Arial,sans-serif;font-size:16px;color:rgb(64,64,64);background-color:rgb(252,252,252)">."</span></div><div><span style="font-family:Lato,proxima-nova,"Helvetica Neue",Arial,sans-serif;font-size:16px;color:rgb(64,64,64);background-color:rgb(252,252,252)"><br></span></div><div><span style="font-family:Lato,proxima-nova,"Helvetica Neue",Arial,sans-serif;font-size:16px;color:rgb(64,64,64);background-color:rgb(252,252,252)">Since this is Ubuntu, BIND on it has been compiled with "sysconfdir" set to "/etc/bind", and so a missing "controls" section will make BIND load the key from "/etc/bind/rndc.key".</span></div><div><span style="font-family:Lato,proxima-nova,"Helvetica Neue",Arial,sans-serif;font-size:16px;color:rgb(64,64,64);background-color:rgb(252,252,252)"><br></span></div><div><span style="font-family:Lato,proxima-nova,"Helvetica Neue",Arial,sans-serif;font-size:16px;color:rgb(64,64,64);background-color:rgb(252,252,252)">This is why "rndc" just works for Luis. Our BIND configuration files also do not have a "controls" section, and we rely on the default behaviour.</span></div><div><span style="font-family:Lato,proxima-nova,"Helvetica Neue",Arial,sans-serif;font-size:16px;color:rgb(64,64,64);background-color:rgb(252,252,252)"><br></span></div><div><span style="font-family:Lato,proxima-nova,"Helvetica Neue",Arial,sans-serif;font-size:16px;color:rgb(64,64,64);background-color:rgb(252,252,252)">Regards,</span></div><div><span style="font-family:Lato,proxima-nova,"Helvetica Neue",Arial,sans-serif;font-size:16px;color:rgb(64,64,64);background-color:rgb(252,252,252)">Anand</span></div></div></div>
</blockquote></div>