Rndc and remote ns control

Mark.Andrews at nominum.com Mark.Andrews at nominum.com
Thu May 10 14:41:16 UTC 2001 

	It works.  Make sure the key names match, the keys are
	specified in both named.conf and rndc.conf, and that the
	clocks on the machines are in sync.

	In named.conf only the key and control clauses are involved,
	not the server clause.  As always check your logs.

	Mark

> 
> Let's say I've got two nameservers.  Both running 9.1.2/slack7.1.
> One is master for my domains, and the other is slave for the same domains.
> 
> It seems like rndc would be a great utility to use since, if I understand it
> right, I could remotely reload zones, etc.
> 
> I thought that having the connecting server ip in the controls statement
> would do the trick, but it didn't, so I added a server statement to
> named.conf, thinking that named would need to know about remote machine
> trying to connect to it w/ rndc.
> 
> server 24.168.100.121 {
>         bogus no;
>         provide-ixfr yes;
>         request-ixfr yes;
>         keys { dns-key-1;};
>         };
> 
> dns-key-1 has been defined on both machines in the rndc.conf and named.conf
> key statements (which brings up another question..  It seems odd to have the
> exact same string in both rndc.conf and named.conf.  I guess I look at it
> from a private/public approach, where you'd expect the rndc client to use a
> public key to authenticate w/ the server.. anyway) but I get
> 
> 11:29pm(luna at groundnoise)bind-9.1.2>rndc -s 128.228.20.14 -y dns-key-1
> reload
> rndc: connect: connection refused
> 
> I experimented w/ server statements in rndc.conf, thinking maybe rndc needed
> to know about the server(s) it would be connecting to, but didn't have any
> luck
> 
> my controls statement in named.conf has the server I'm trying to connect
> from defined
> 
> controls {
>         inet 127.0.0.1 allow { localhost; 24.168.100.121; }
>         keys { dns-key-1; };
> 
> I'm able to use rndc locally, and without any server statements in either
> rndc.conf or named.conf.
> 
> Any ideas?
> 
> **it seems like you always end up trying to solve these problems late at
> night when you're falling asleep on the desk..**
> 
> thanks everyone
> -ben t.
> 
--
Mark Andrews, Nominum Inc.
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at nominum.com

More information about the bind-users mailing list