rndc: connect: connection refused

Mark.Andrews at nominum.com Mark.Andrews at nominum.com
Sun Apr 1 22:23:41 UTC 2001 

> 
> 
> 
> Occasionally, when trying to use rndc if fails with the following message:
> 
> rndc:  connect:  connection refused
> 
> In times like these the only way to effectively reload the name server's zone
> files is to stop the server with "kill" and start it again with "in.named".  
> Any
> ideas what causes this error?  Here are the relevant records from named.conf:
> 
> controls {
>         inet 127.0.0.1 allow { localhost; } keys { rndc_key; };
> };
> 
> key "rndc_key" {
>         algorithm       hmac-md5;
>         secret "test";
> };
> 

	Keys are supposed to be defined *before* they are used, i.e.
	the key statement should be before the control statement.

> 
> On possibly a related note, we have noticed that named writes the following
> message when we stop the name server process:
> 
> Apr  1 12:31:03 dnsserver1 /usr/sbin/in.named[13716]: shutting down
> Apr  1 12:31:03 dnsserver1 /usr/sbin/in.named[13716]: no longer listening on
> 127.0.0.1#53
> Apr  1 12:31:03 dnsserver1 /usr/sbin/in.named[13716]: no longer listening on
> 10.30.120.8#53
> Apr  1 12:31:03 dnsserver1 /usr/sbin/in.named[13716]: mem.c:1404:
> REQUIRE(mpctx->allocated == 0) failed
> Apr  1 12:31:03 dnsserver1 /usr/sbin/in.named[13716]: exiting (due to asserti
> on
> failure)
> 
> In doing so it drops core to /var/named.

	This is fixed in BIND 9.1.1 along with a lot of other bugs.  I
	would recommend upgrading.

> Here are the log messages named writes when it starts:
> 
> Apr  1 12:31:22 dnsserver1 /usr/local/bin/in.named[14107]: starting BIND 9.1.
> 0
> Apr  1 12:31:22 dnsserver1 /usr/local/bin/in.named[14107]: using 1 CPU
> Apr  1 12:31:23 dnsserver1 /usr/local/bin/in.named[14107]: loading configurat
> ion
> from '/etc/named.conf'
> Apr  1 12:31:25 dnsserver1 /usr/local/bin/in.named[14107]: the default for th
> e
> 'auth-nxdomain' option is now 'no'
> Apr  1 12:31:25 dnsserver1 /usr/local/bin/in.named[14107]: option 'check-name
> s'
> is not implemented
> Apr  1 12:31:25 dnsserver1 /usr/local/bin/in.named[14107]: no IPv6 interfaces
> found
> Apr  1 12:31:25 dnsserver1 /usr/local/bin/in.named[14107]: listening on IPv4
> interface lo0, 127.0.0.1#53
> Apr  1 12:31:25 dnsserver1 /usr/local/bin/in.named[14107]: listening on IPv4
> interface hme0, 10.30.120.8#53

> Apr  1 12:31:25 dnsserver1 /usr/local/bin/in.named[14107]: the TSIG key for
> 'rndc_key' is too short to be secure

	The server doesn't like the key strength, use a longer key.

> Apr  1 12:31:25 dnsserver1 /usr/local/bin/in.named[14107]: command channel
> listening on 127.0.0.1#953
> Apr  1 12:31:29 dnsserver1 /usr/local/bin/in.named[14107]: running
> 
> Any help here would be appreciated.
> 
> John
> 
	Mark
--
Mark Andrews, Nominum Inc.
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at nominum.com

More information about the bind-users mailing list