rndc: no key definition for name rndc.key

Mon Sep 22 03:48:21 UTC 2003

I am unable to eliminate the error message "rndc: no key definition for 
name rndc.key".

This is my first BIND configuration. I have used the procedure at 
http://www.soapi.com/howto/bind.htm; tried to include what I could 
gather from 
http://www.redhat.com/archives/redhat-install-list/2003-February/msg00312.html;
read the O'Reilly Cricket book; read every entry in Google for "rndc: no 
key definition for name rndc.key"; and so forth. I have apparently not 
absorbed that reading adequately. This problem may turn out to have a 
simple solution like an ommitted comma, and I am likely to take a 
beating for being so clueless, but I am stumped, want to learn how to 
fix this, and can find no better place to ask than this group. If anyone 
can point out my errors I would very much appreciate it.

This server runs Red Hat 9 relatively unmodified, a Linksys BEFW11S4 v2 
router, internal static IP 192.168.1.103, WAN IP from Earthlink, 
nameservers from registrar Namecheap. Apache seems to function normally, 
serving www.wallysanford.com, I can resolve everything I try on the web, 
and dig reports apparently normal answers. Port 53 is forwarded to 
192.168.1.103 by the router.

CONFIGURATION FILES follow:

NAMED.CONF

## named.conf - configuration for bind
#
# I have disabled the redhat-config-bind
#
# I don't want the tool to lose my updates and the option statement 
can't be updated.
#

# define the IPs which represent in-house addresses
acl internals { 127.0.0.1/24; 192.168.1.0/24; };

# Transaction Signatures (TSIG) Keyfile for Master<->Slave Zone 
Communication
include "/etc/rndc.key";

controls {
             inet 127.0.0.1 allow { localhost; } keys { rndckey; };
     };

options {
         notify no;
	query-source address * port 53;
         directory "/var/named/";
         allow-transfer { none; };                    // sample 
allow-transfer (no one)
         allow-query { internals; };                  // restrict query 
access
         allow-recursion { internals; };              // restrict recursion

# 	ISP Nameservers:
  	forwarders { 63.251.163.102; 216.52.184.230; };

     };

# include "/etc/named.custom";
# not needed since bagging RH config tool

# Not sure what I meant here ...
# zone "wallysanford.com" {
#	type slave;
#	file "wallysanford.com.zone";
#	masters {
#		 216.52.184.230;
#		 63.251.163.102;
#		 63.251.83.36;
#		};
# };

# Root (top-level) domain nameservers
zone  "." IN {
         type hint;
         file  "named.ca";
};

# Localhost Reverse Zone:
zone  "0.0.127.in-addr.arpa" {
	type master;
	file  "0.0.127.in-addr.arpa.zone";
};

zone  "localhost" {
         type master;
         file  "localhost.zone";
     };

#internal stuff: necessary?
zone  "1.168.192.in-addr.arpa" {
	type master;
	file  "1.168.192.in-addr.arpa.zone";
	allow-update { internals; };
};

zone  "wallysanford.com" {
	type master;
	file  "wallysanford.com.zone";
	allow-update { internals; };
         forwarders {216.52.184.230; 63.251.163.102; 63.251.83.36; };
};

# No zones of type slave?

RNDC.CONF

options {
         default-server  localhost;
# or "default-server  192.168.1.103; "?	
# or "default-server  wallysanford.com; "?
# or "default-server  wally.wallysanford.com; "?		
         default-key     "rndc.key";
};

# Necessary? Before or after server directives?
include "/etc/rndc.key";

server localhost {
         key     "rndc.key";
};

0.0.127.IN-ADDR.ARPA.ZONE

options {
         default-server  localhost;
# or "default-server  192.168.1.103; "?	
# or "default-server  wallysanford.com; "?
# or "default-server  wally.wallysanford.com; "?		
         default-key     "rndc.key";
};

include "/etc/rndc.key";

server localhost {
         key     "rndc.key";
};

1.168.192.IN-ADDR.ARPA.ZONE

$TTL 86400
@	IN	SOA	dns1.name-services.com.	wally.wallysanford.com (
# or "wallysanford.com	IN	SOA	dns1.name-services.com. 
wally.wallysanford.com ( "?
# or "wallysanford.com	IN	SOA	name-services.com.  wally.wallysanford.com 
( "?
			106 ; serial
			7200 ; refresh
			7200 ; retry
			604800 ; expire	
			86400 ; ttk
			)

	NS	dns1.name-services.com.
# or "wallysanford.com	IN	NS	dns1.name-services.com. " ?
1 IN  PTR  dns1.name-services.com. ; Nameserver
2 IN  PTR  www.wallysanford.com. ; Webserver
3 IN  PTR  wallysanford.com. ; Hostname

LOCALHOST.IN-ADR.ARPA.ZONE

$TTL 86400
localhost.in-addr.arpa	IN	SOA	localhost.in-addr.arpa. 
wally.wallysanford.com (
			2 ; serial
			7200 ; refresh
			7200 ; retry
			604800 ; expire	
			86400 ; ttk
			)

	NS	dns1.name-services.com.
#or 	"NS	name-services.com." ?
1       PTR     wallysanford.com.
# or "1       PTR     wally.wallysanford.com." ?

LOCALHOST.IN-ADDR.ARPA.ZONE

$TTL 86400
# or "wallysanford.com	IN	SOA	name-services.com.	wally.wallysanford.com 
( " ?
@	IN	SOA	dns1.name-services.com.  wally.wallysanford.com (
			48 ; serial
			7200 ; refresh
			7200 ; retry
			604800 ; expire	
			86400 ; ttl
			)

	IN	NS	dns1.name-services.com.
	A	192.168.1.103

WALLYSANFORD.COM.ZONE

$TTL 86400
# or "wallysanford.com	IN	SOA	name-services.com.	wally.wallysanford.com 
( " ?
@	IN	SOA	dns1.name-services.com.  wally.wallysanford.com (
			48 ; serial
			7200 ; refresh
			7200 ; retry
			604800 ; expire	
			86400 ; ttl
			)

	IN	NS	dns1.name-services.com.
	A	192.168.1.103

END CONFIGURATION FILES

I thank you in advance for your constructive comments.

-- 
Wally Sanford
http://wallysanford.com