invalid command from 127.0.0.1#1157: bad auth
phn at icke-reklam.ipsec.nu
phn at icke-reklam.ipsec.nu
Wed Aug 21 08:57:36 UTC 2002
Tarek Hamdy <thamdy at quixnet.net> wrote:
> Hey guys,
> I attempted to do a rndc-keygen -a to creat a new key, no success. I
> made some changes to the top part of the named.conf, to the rndc_key
> inserting spacs in front of and behind it
you mean "rndc-confgen -a " ??
> include "/etc/namedb/rn/rndc.key";
> controls {
> inet 127.0.0.1 allow { localhost; } keys { rndc_key; };
> };
> I reloaded DNS getting the following below:
> Aug 21 01:10:02 ham named: named startup succeeded
> Aug 21 01:10:02 ham named[15174]: no IPv6 interfaces found
> Aug 21 01:10:02 ham named[15174]: listening on IPv4 interface lo,
> 127.0.0.1#53
> Aug 21 01:10:02 ham named[15174]: listening on IPv4 interface eth0,
> 192.168.113.33#53
> Aug 21 01:10:02 ham named[15174]: listening on IPv4 interface eth1,
> 208.184.11.178#53
> Aug 21 01:10:03 ham named[15174]: /etc/named.conf:6: couldn't find key
> 'rndc_key' for use with command channel 127.0.0.1#953
This tells us that either there is no key at all in named.conf, or
named.conf includes a file that is unreadable or not at the place
it should.
Could you try to manually create /etc/rndc.key with the
following contents ( taken from the ARM-book ) :
key rndc_key {
algorithm "hmac-md5";
secret "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";
};
options {
default-server localhost;
default-key rndc_key;
};
And in /etc/named.conf you create a "key" statement and a "control"statement :
key rndc_key {
algorithm "hmac-md5";
secret "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";
};
controls {
inet 127.0.0.1 allow { localhost; } keys { rndc_key; };
};
Do change the keystrings, as long as they are equal in rndc.conf
and named.conf they should work.
--
Peter Håkanson
IPSec Sverige ( At Gothenburg Riverside )
Sorry about my e-mail address, but i'm trying to keep spam out,
remove "icke-reklam" if you feel for mailing me. Thanx.
More information about the bind-users
mailing list