rndc

Georgeson, Evan [NCSUS Non J&J] EGeorges at NCSUS.JNJ.COM
Wed Jul 17 12:27:25 UTC 2002 

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Okay, this will probably draw some critcism but here goes....I'm trying
to get rndc to work on 9.1.3. From what I can gather from DNS/BIND,
as a minimum I need info in both my named.conf and a file called
rndc.conf. Here's what I've tried to do. Please feel free to comment
on areas where I should fix because I keep getting "connection
refused" errors when running rndc.

*	Create a key pair # dnssec-keygen -a hmac-md5 -b 512 -n host
rndc.key
*	Rename the generated key/private files created by dnssec-keygen to
"rndc.key" and "rndc.private". I also relocated these files to /etc.
*	Modified my named.conf with the following:
include "/etc/rndc.key";
        };
controls {
        inet * allow {any;} keys {"rndc.key";};
};

key "rndc.key" {
        algorithm hmac-md5;
        secret
"yS5NyCsVKZGc/G/8D5p0dtVyZnbbugZbxnOTHr1aXt1GH6Kk8A17dVe9
svk9HFyE81oKjJrKboyilekmVYfznA==";
};
*	Created /etc/rndc.conf and added the following:
options {
        default-server localhost;
        default-key "rndc.key";
};

key "rndc.key" {
        algorithm hmac-md5;
        secret
"yS5NyCsVKZGc/G/8D5p0dtVyZnbbugZbxnOTHr1aXt1GH6Kk8A17dVe9
svk9HFyE81oKjJrKboyilekmVYfznA==";
};

The contents of my rndc.key is this:

rndc.key. IN KEY 512 3 157
yS5NyCsVKZGc/G/8D5p0dtVyZnbbugZbxnOTHr1aXt1GH6Kk8A17dVe9
svk9HFyE81oKjJrKboyilekmVYfznA==

What am I doing wrong? It seems basic that I should want to be able
to run rndc just like ndc. This is a caching server and requires no
zone signing nor do I require encryption of any sort. I just want to
be able to run cache dumps and stats and all the fun little things
like that. Thank you in advance for any constructive criticism you
can provide.


Regards,
Evan Georgeson
QIP Support Engineer

Internetwork Defense Consultant
Email: egeorges at ncsus.jnj.com
Tel: (908) 429.3331
E-Page: 1740561 at worldcom.com



-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1

iQA/AwUBPTVjE2cmEMqSL6AwEQLM8wCfQF1nDjkDH+3ttYpHButnOknpqDoAoN1S
NkrFDmyQc30hvneF2zciweM0
=U4Jm
-----END PGP SIGNATURE-----

More information about the bind-users mailing list