invalid command from 127.0.0.1#1157: bad auth
phn at icke-reklam.ipsec.nu
phn at icke-reklam.ipsec.nu
Fri Aug 16 08:23:27 UTC 2002
Tarek Hamdy <thamdy at quixnet.net> wrote:
> Hey Guys,
> I have been working for weeks trying to get my DNS working properly.
> My system is a Red Hat 7.2 running BIND 9.2.1 with a Firewall. I got
> it chrooted, but now I am getting the following errors in the message
> log when I do an /etc/rc.d/init.d/named restart followed by
> /etc/rc.d/init.d/named status
> Aug 15 00:35:26 ham named[24328]: starting BIND 9.2.1 -u named -t
> /chroot/named2
> Aug 15 00:35:26 ham named[24328]: using 1 CPU
> Aug 15 00:35:27 ham named[24331]: loading configuration from
> '/etc/named.conf'
> Aug 15 00:35:27 ham named: named startup succeeded
> Aug 15 00:35:27 ham named[24331]: no IPv6 interfaces found
> Aug 15 00:35:27 ham named[24331]: listening on IPv4 interface lo,
> 127.0.0.1#53
> Aug 15 00:35:27 ham named[24331]: listening on IPv4 interface eth0,
> 192.168.113.33#53
> Aug 15 00:35:27 ham named[24331]: listening on IPv4 interface eth1,
> 208.184.11.178#53
> Aug 15 00:35:27 ham named[24331]: command channel listening on
> 127.0.0.1#953
> Aug 15 00:35:27 ham named[24331]: zone 0.0.127.in-addr.arpa/IN: loaded
> serial 2002010105
> Aug 15 00:35:27 ham named[24331]: zone 11.184.208.in-addr.arpa/IN:
> loaded serial 2002010105
> Aug 15 00:35:27 ham named[24331]: zone tarekham.com/IN: loaded serial
> 2002081101
> Aug 15 00:35:27 ham named[24331]: zone th.tarekham.com/IN: loaded
> serial 2002020601
> Aug 15 00:35:27 ham named[24331]: zone localhost/IN: loaded serial
> 2002010105
> Aug 15 00:35:27 ham named[24331]: running
> Aug 15 00:35:29 ham named[24331]: invalid command from 127.0.0.1#1157:
> bad auth
> When I do an /etc/rc.d/init.d/named status, at the command prompt I
> get:
> rndc: connection to remote host closed
> This may indicate that the remote server is using an aoldr version of
> the command protocol, this host os not authorized to connect, or the
> key is invalid.
> My named.conf is as follows:
> ## named.conf - configuration for bind
> #
> # Generated automatically by bindconf, alchemist et al.
> include "/etc/namedb/rn/rndc.key";
> options {
> directory "/etc/namedb/";
> pid-file "/var/run/named/named.pid";
> forward first;
> recursion yes;
> forwarders{
> 64.124.114.2;
> 208.184.12.8; };
> auth-nxdomain yes;
> query-source address * port 53;
> };
> zone "0.0.127.in-addr.arpa" {
> type master;
> file "0.0.127.in-addr.arpa.zone";
> };
> zone "11.184.208.in-addr.arpa" {
> type master;
> file "11.184.208.in-addr.arpa.zone";
> };
> zone "localhost" {
> type master;
> file "localhost.zone";
> };
> zone "tarekham.com" {
> type master;
> allow-transfer { 192.168.113.32/27; 64.124.114.2; localhost;
> };
> forwarders{ 64.124.114.2; 208.184.12.8; };
> file "tarekham.com.zone";
> };
> zone "th.tarekham.com" {
> type master;
> file "th.tarekham.com.zone";
> I tried it without the include "/etc/namedb/rn/rndc.key"; statment, no
> change. I tried renaming the /usr/local/sbin/rndc file, that just
> created more errors. My local zone is follows:
> $TTL 86400
> @ IN SOA @ root.localhost (
> 2002010105 ; serial
> 28800 ; refresh
> 7200 ; retry
> 604800 ; expire
> 43200 ; ttl
> )
> IN NS localhost.
> IN A 127.0.0.1
> localhost IN A 127.0.0.1
> My mdc.conf is as follows:
> /* $Id: rndc.conf,v 1.7 2001/01/09 21:40:45 bwelling Exp $ */
> /*
> * Sample rndc configuration file.
> */
> options {
> default-server localhost;
> default-key "rndckey";
> };
> server localhost {
> key "rndckey";
> };
> key "rndckey" {
> algorithm hmac-md5;
> secret "Over worte";
> };
> My rndc.key:
> key "rndc-key" {
> algorithm hmac-md5;
> secret "Over worte";
> };
> If anyone has any ideas of how to over come this error to get DNS
> working, I would appreciate it.
> Tarek Hamdy
> thamdy at nospamquixnet.net remove the nospam
You seem to have trouble with rndc and the integration with RH startup
scripts.
Possibel areas :
- wrong rndc executed with rh scripts
check and doublecheck all affected scripts that they refer to
the right binaries.
- linuxconf messing up named.conf
- bindconf munging your configuration
- a mix of executables, bith from whatever rh suppiled and your 9.2.1
--
Peter Håkanson
IPSec Sverige ( At Gothenburg Riverside )
Sorry about my e-mail address, but i'm trying to keep spam out,
remove "icke-reklam" if you feel for mailing me. Thanx.
More information about the bind-users
mailing list