rndc

[Kevin Darcy]

"Georgeson, Evan [NCSUS Non J&J]" wrote:

>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Okay, this will probably draw some critcism but here goes....I'm trying
> to get rndc to work on 9.1.3. From what I can gather from DNS/BIND,
> as a minimum I need info in both my named.conf and a file called
> rndc.conf. Here's what I've tried to do. Please feel free to comment
> on areas where I should fix because I keep getting "connection
> refused" errors when running rndc.
>
> *       Create a key pair # dnssec-keygen -a hmac-md5 -b 512 -n host
> rndc.key
> *       Rename the generated key/private files created by dnssec-keygen to
> "rndc.key" and "rndc.private". I also relocated these files to /etc.
> *       Modified my named.conf with the following:
> include "/etc/rndc.key";
>         };
> controls {
>         inet * allow {any;} keys {"rndc.key";};
> };
>
> key "rndc.key" {
>         algorithm hmac-md5;
>         secret
> "yS5NyCsVKZGc/G/8D5p0dtVyZnbbugZbxnOTHr1aXt1GH6Kk8A17dVe9
> svk9HFyE81oKjJrKboyilekmVYfznA==";
> };
> *       Created /etc/rndc.conf and added the following:
> options {
>         default-server localhost;
>         default-key "rndc.key";
> };
>
> key "rndc.key" {
>         algorithm hmac-md5;
>         secret
> "yS5NyCsVKZGc/G/8D5p0dtVyZnbbugZbxnOTHr1aXt1GH6Kk8A17dVe9
> svk9HFyE81oKjJrKboyilekmVYfznA==";
> };
>
> The contents of my rndc.key is this:
>
> rndc.key. IN KEY 512 3 157
> yS5NyCsVKZGc/G/8D5p0dtVyZnbbugZbxnOTHr1aXt1GH6Kk8A17dVe9
> svk9HFyE81oKjJrKboyilekmVYfznA==
>
> What am I doing wrong? It seems basic that I should want to be able
> to run rndc just like ndc. This is a caching server and requires no
> zone signing nor do I require encryption of any sort. I just want to
> be able to run cache dumps and stats and all the fun little things
> like that. Thank you in advance for any constructive criticism you
> can provide.

Do you seen anything listening on port 953?

Are there any relevant error messages in your logs?


- Kevin