rndc: connect failed: connection refused

phn at icke-reklam.ipsec.nu phn at icke-reklam.ipsec.nu
Sun May 19 09:31:32 UTC 2002 

Mathias Kenfack <mtkenfack at hotmail.com> wrote:

> Hi guys,

> Please Heeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeelp. I've got 2 pro
> First:
> I have been trying to configure rndc with no luck so far. I am not
> sure what I am doing wrong. Here is part of my named.conf file

The example seems taken from the ARM book. There is some subtle 
differences that has to do with quoting and not quoting strings.

I thing that re-reading the arm example and adjusting the quoting will
resolve the problems.

Peter h


> controls {
>         inet 127.0.0.1 allow { localhost; } keys { rndc; };
> };

> key "rndc" {
>         algorithm hmac-md5;
>         secret "my-secret-key";
> };


> Here is my rndc.conf

> key "rndc" {
>         algorithm       hmac-md5;
>         secret "my-secret-key";
> };


> options {
>         default-server  localhost;
>         default-key     "rndc";
> };

> And here is my rndc.key

> key "rndc" {
>         algorithm       hmac-md5;
>         secret "my-secret-key";
> };

> I have tried so many thinks...

> If I remove rndc.conf from /etc and issue rndc status command, it
> works fine; but if I issue rndc reload command, nothing happens
> Now with both rndc.conf and rndc.key in /etc,
> rndc status and reload returns <rndc: connect failed: connection
> refused>

> Second:
> the secret key was generated using the following command
> dnssec-keygen -a hmac-md5 -b 128 -n HOST rndc
> This is what I get
> entropy.c:279: fcntl(3, F_SETFL, 4): Inappropriate ioctl for device
> You must use the keyboard to create entropy, since your system is
> lacking
> /dev/random (or equivalent)

> start typing:
>  
> I pasted a plain text file after <start typing> the generated key was
> then pasted in named.conf, rndc.conf and rndc.key

> I'm obviously doing something wrong. But what?
> Please help

> Mathias,


-- 
Peter Håkanson         
        IPSec  Sverige      ( At Gothenburg Riverside )
           Sorry about my e-mail address, but i'm trying to keep spam out,
	   remove "icke-reklam" if you feel for mailing me. Thanx.

More information about the bind-users mailing list