format of /etc/rndc.conf

[Christopher L. Barnard]

This may be an odd one.  I tried to search the archive, but I may not
have worded my query correctly.

I am setting up a nameserver (Bind 9.2) for our Disaster site.  So a
server that I am configuring needs  to respond to "pprdint3.prices.cbot.com",
"pprdint3.dr.cbot.com", *and* "pprdint3.cbot.com".  In ordinary day-to-day
work, it responds to both pprdint3.prices and pprdint3.dr; I just have an A
record in both maps.  In case of disaster, It will become our company
primary nameserver and also will become "pprdint3.cbot.com".  I believe I have
documented the named.conf and bootstrap cache file so that anyone can do
this in case it is ever needed, but I would like to configure the
/etc/rndc.conf file so that it does not need to be touched.  So right
now I have as the /etc/rndc.conf file

options {
        default-server pprdint3.dr.cbot.com;
        default-key pprdint3key;
}; 

server pprdint3.dr.cbot.com {
        key pprdint3key;
};

server pprdint3.cbot.com {
        key pprdint3key;
};

server pprdint3.prices.cbot.com {
        key pprdint3key;
};

key pprdint3key {
        algorithm hmac-md5;
        secret "xxxxx";
};

However, when I try to run rndc I get a
rndc: connect failed: connection refused
So something above is sufficiently bogus for rndc to refuse to even
start.
Is it possible for three "servers" to be allowed to send rndc commands
and share the same key?  If so, what am I doing wrong?  Thanks much.


Christopher L. Barnard                        Lead Systems Administrator
(312) 347-4901     Technology and Data Prod., The Chicago Board of Trade
cbarnard at tsg.cbot.com               http://www.cs.uchicago.edu/~cbarnard
    PGP public key available via MIT PGP keyserver or on my web page