format of /etc/rndc.conf

Christopher L. Barnard cbar44 at tsg.cbot.com
Thu Oct 17 16:39:09 UTC 2002 

Hmmm.  I added one more "server" line to my /etc/rndc.conf file, just in
case it needed "localhost".

server localhost {
        key pprdint3key;
};

The "controls" statement in named.conf looks ok:

controls {
        inet 127.0.0.1 allow { localhost; } keys { pprdint3key; };
};

as do the "key" statement:

key pprdint3key {
        algorithm hmac-md5;
        secret "xxxxx";
};

The /var/adm/messages file indicates that everything started:

Oct 17 16:25:27 pprdint3 named[17842]: starting BIND 9.2.0 -u named -t /var/named
Oct 17 16:25:27 pprdint3 named[17842]: command channel listening on 127.0.0.1#953

but rndc still does not work:

24 pprdint3!/var/named/etc/domain >> /usr/local/sbin/rndc status
rndc: connect failed: connection refused

Any other suggestions?  Please?

+-----------------------------------------------------------------------+
| Christopher L. Barnard         O     When I was a boy I was told that |
| cbarnard at tsg.cbot.com         / \    anybody could become president.  |
| (312) 347-4901               O---O   Now I'm beginning to believe it. |
| http://www.cs.uchicago.edu/~cbarnard                --Clarence Darrow |
+----------PGP public key available via finger or PGP keyserver---------+


> "Christopher L. Barnard" wrote:
> 
> > This may be an odd one.  I tried to search the archive, but I may not
> > have worded my query correctly.
> >
> > I am setting up a nameserver (Bind 9.2) for our Disaster site.  So a
> > server that I am configuring needs  to respond to "pprdint3.prices.cbot.com",
> > "pprdint3.dr.cbot.com", *and* "pprdint3.cbot.com".  In ordinary day-to-day
> > work, it responds to both pprdint3.prices and pprdint3.dr; I just have an A
> > record in both maps.  In case of disaster, It will become our company
> > primary nameserver and also will become "pprdint3.cbot.com".  I believe I have
> > documented the named.conf and bootstrap cache file so that anyone can do
> > this in case it is ever needed, but I would like to configure the
> > /etc/rndc.conf file so that it does not need to be touched.  So right
> > now I have as the /etc/rndc.conf file
> >
> > options {
> >         default-server pprdint3.dr.cbot.com;
> >         default-key pprdint3key;
> > };
> >
> > server pprdint3.dr.cbot.com {
> >         key pprdint3key;
> > };
> >
> > server pprdint3.cbot.com {
> >         key pprdint3key;
> > };
> >
> > server pprdint3.prices.cbot.com {
> >         key pprdint3key;
> > };
> >
> > key pprdint3key {
> >         algorithm hmac-md5;
> >         secret "xxxxx";
> > };
> >
> > However, when I try to run rndc I get a
> > rndc: connect failed: connection refused
> > So something above is sufficiently bogus for rndc to refuse to even
> > start.
> > Is it possible for three "servers" to be allowed to send rndc commands
> > and share the same key?  If so, what am I doing wrong?  Thanks much.
> 
> Well, "connection refused" sounds like named isn't listening on port 953. What
> are your "controls" and/or "key" configurations in /etc/named.conf? If it were a
> key problem, I'd expect a "connection to remote host closed" error instead of
> "connection refused".
> 
> 
> - Kevin
> 
> 
>

More information about the bind-users mailing list