invalid command from 127.0.0.1#1157: bad auth

phn at icke-reklam.ipsec.nu phn at icke-reklam.ipsec.nu
Fri Aug 16 08:23:27 UTC 2002 

Tarek Hamdy <thamdy at quixnet.net> wrote:

> Hey Guys,

> I have been working for weeks trying to get my DNS working properly. 
> My system is a Red Hat 7.2 running BIND 9.2.1 with a Firewall.   I got
> it chrooted, but now I am getting the following errors in the message
> log when I do an /etc/rc.d/init.d/named restart followed by
> /etc/rc.d/init.d/named status

> Aug 15 00:35:26 ham named[24328]: starting BIND 9.2.1 -u named -t
> /chroot/named2
> Aug 15 00:35:26 ham named[24328]: using 1 CPU
> Aug 15 00:35:27 ham named[24331]: loading configuration from
> '/etc/named.conf'
> Aug 15 00:35:27 ham named: named startup succeeded
> Aug 15 00:35:27 ham named[24331]: no IPv6 interfaces found
> Aug 15 00:35:27 ham named[24331]: listening on IPv4 interface lo,
> 127.0.0.1#53
> Aug 15 00:35:27 ham named[24331]: listening on IPv4 interface eth0,
> 192.168.113.33#53
> Aug 15 00:35:27 ham named[24331]: listening on IPv4 interface eth1,
> 208.184.11.178#53
> Aug 15 00:35:27 ham named[24331]: command channel listening on
> 127.0.0.1#953
> Aug 15 00:35:27 ham named[24331]: zone 0.0.127.in-addr.arpa/IN: loaded
> serial 2002010105
> Aug 15 00:35:27 ham named[24331]: zone 11.184.208.in-addr.arpa/IN:
> loaded serial 2002010105
> Aug 15 00:35:27 ham named[24331]: zone tarekham.com/IN: loaded serial
> 2002081101
> Aug 15 00:35:27 ham named[24331]: zone th.tarekham.com/IN: loaded
> serial 2002020601
> Aug 15 00:35:27 ham named[24331]: zone localhost/IN: loaded serial
> 2002010105
> Aug 15 00:35:27 ham named[24331]: running
> Aug 15 00:35:29 ham named[24331]: invalid command from 127.0.0.1#1157:
> bad auth

> When I do an /etc/rc.d/init.d/named status, at the command prompt I
> get:

> rndc: connection to remote host closed
> This may indicate that the remote server is using an aoldr version of
> the command protocol, this host os not authorized to connect, or the
> key is invalid.

> My named.conf is as follows:

> ## named.conf - configuration for bind
> #
> # Generated automatically by bindconf, alchemist et al.
> include "/etc/namedb/rn/rndc.key";
> options { 
>         directory "/etc/namedb/";
> 	pid-file "/var/run/named/named.pid";
>         forward first;
>         recursion yes;
>         forwarders{
>                 64.124.114.2;
>                 208.184.12.8; }; 	
>         auth-nxdomain yes;
>          query-source address * port 53;
> };
> zone  "0.0.127.in-addr.arpa" { 
>         type master; 
>         file  "0.0.127.in-addr.arpa.zone"; 
> };
> zone  "11.184.208.in-addr.arpa" { 
>         type master; 
>         file  "11.184.208.in-addr.arpa.zone"; 
> };
> zone  "localhost" { 
>         type master; 
>         file  "localhost.zone"; 
> };
> zone  "tarekham.com" { 
>         type master;
>         allow-transfer { 192.168.113.32/27; 64.124.114.2;  localhost;
> };
>         forwarders{ 64.124.114.2; 208.184.12.8; };
>         file "tarekham.com.zone"; 
> };
> zone  "th.tarekham.com" {
>         type master;
> 	file "th.tarekham.com.zone";

> I tried it without the include "/etc/namedb/rn/rndc.key"; statment, no
> change.  I tried renaming the /usr/local/sbin/rndc file, that just
> created more errors.   My local zone is follows:


> $TTL 86400
> @       IN     SOA @  root.localhost ( 
>                                         2002010105 ; serial
>                                         28800 ; refresh
>                                         7200 ; retry
>                                         604800 ; expire
>                                         43200 ; ttl
>  )
>         IN      NS  localhost.
>  	IN      A   127.0.0.1
> localhost       IN  A    127.0.0.1

> My mdc.conf is as follows:

> /* $Id: rndc.conf,v 1.7 2001/01/09 21:40:45 bwelling Exp $ */

> /*
>  * Sample rndc configuration file.
>  */

> options {
>         default-server  localhost;
>         default-key     "rndckey";
> };

> server localhost {
>         key     "rndckey";
> };

> key "rndckey" {
>         algorithm       hmac-md5;
>         secret "Over worte";
> };

> My rndc.key:


> key "rndc-key" {
> 	algorithm hmac-md5;
> 	secret "Over worte";
> };

> If anyone has any ideas of how to over come this error to get DNS
> working, I would appreciate it.

> Tarek Hamdy
> thamdy at nospamquixnet.net  remove the nospam

You seem to have trouble with rndc and the integration with RH startup
scripts.

Possibel areas :
- wrong rndc executed with rh scripts 
  check and doublecheck all affected scripts that they refer to
  the right binaries.
- linuxconf messing up named.conf
- bindconf munging your configuration

- a mix of executables, bith from whatever rh suppiled and your 9.2.1


-- 
Peter Håkanson         
        IPSec  Sverige      ( At Gothenburg Riverside )
           Sorry about my e-mail address, but i'm trying to keep spam out,
	   remove "icke-reklam" if you feel for mailing me. Thanx.

More information about the bind-users mailing list