rndc: connect: connection refused

Sun Apr 1 18:09:27 UTC 2001

Occasionally, when trying to use rndc if fails with the following message:

rndc:  connect:  connection refused

In times like these the only way to effectively reload the name server's zone
files is to stop the server with "kill" and start it again with "in.named".  Any
ideas what causes this error?  Here are the relevant records from named.conf:

controls {
        inet 127.0.0.1 allow { localhost; } keys { rndc_key; };
};

key "rndc_key" {
        algorithm       hmac-md5;
        secret "test";
};

On possibly a related note, we have noticed that named writes the following
message when we stop the name server process:

Apr  1 12:31:03 dnsserver1 /usr/sbin/in.named[13716]: shutting down
Apr  1 12:31:03 dnsserver1 /usr/sbin/in.named[13716]: no longer listening on
127.0.0.1#53
Apr  1 12:31:03 dnsserver1 /usr/sbin/in.named[13716]: no longer listening on
10.30.120.8#53
Apr  1 12:31:03 dnsserver1 /usr/sbin/in.named[13716]: mem.c:1404:
REQUIRE(mpctx->allocated == 0) failed
Apr  1 12:31:03 dnsserver1 /usr/sbin/in.named[13716]: exiting (due to assertion
failure)

In doing so it drops core to /var/named.  Here are the log messages named writes
when it starts:

Apr  1 12:31:22 dnsserver1 /usr/local/bin/in.named[14107]: starting BIND 9.1.0
Apr  1 12:31:22 dnsserver1 /usr/local/bin/in.named[14107]: using 1 CPU
Apr  1 12:31:23 dnsserver1 /usr/local/bin/in.named[14107]: loading configuration
from '/etc/named.conf'
Apr  1 12:31:25 dnsserver1 /usr/local/bin/in.named[14107]: the default for the
'auth-nxdomain' option is now 'no'
Apr  1 12:31:25 dnsserver1 /usr/local/bin/in.named[14107]: option 'check-names'
is not implemented
Apr  1 12:31:25 dnsserver1 /usr/local/bin/in.named[14107]: no IPv6 interfaces
found
Apr  1 12:31:25 dnsserver1 /usr/local/bin/in.named[14107]: listening on IPv4
interface lo0, 127.0.0.1#53
Apr  1 12:31:25 dnsserver1 /usr/local/bin/in.named[14107]: listening on IPv4
interface hme0, 10.30.120.8#53
Apr  1 12:31:25 dnsserver1 /usr/local/bin/in.named[14107]: the TSIG key for
'rndc_key' is too short to be secure
Apr  1 12:31:25 dnsserver1 /usr/local/bin/in.named[14107]: command channel
listening on 127.0.0.1#953
Apr  1 12:31:29 dnsserver1 /usr/local/bin/in.named[14107]: running

Any help here would be appreciated.

John

*******************Internet Email Confidentiality Footer*******************

Privileged/Confidential Information may be contained in this message.  If you
are not the addressee indicated in this message (or responsible for delivery of
the message to such person), you may not copy or deliver this message to anyone.
In such case, you should destroy this message and kindly notify the sender by
reply email. Please advise immediately if you or your employer does not consent
to Internet email for messages of this kind.  Opinions, conclusions and other
information in this message that do not relate to the official business of my
firm shall be understood as neither given nor endorsed by it.