rndc: no key definition for name rndc.key
Wally Sanford
PleaseSubstituteMyActualFirstNameHere at wallysanford.com
Mon Sep 22 03:48:21 UTC 2003
I am unable to eliminate the error message "rndc: no key definition for
name rndc.key".
This is my first BIND configuration. I have used the procedure at
http://www.soapi.com/howto/bind.htm; tried to include what I could
gather from
http://www.redhat.com/archives/redhat-install-list/2003-February/msg00312.html;
read the O'Reilly Cricket book; read every entry in Google for "rndc: no
key definition for name rndc.key"; and so forth. I have apparently not
absorbed that reading adequately. This problem may turn out to have a
simple solution like an ommitted comma, and I am likely to take a
beating for being so clueless, but I am stumped, want to learn how to
fix this, and can find no better place to ask than this group. If anyone
can point out my errors I would very much appreciate it.
This server runs Red Hat 9 relatively unmodified, a Linksys BEFW11S4 v2
router, internal static IP 192.168.1.103, WAN IP from Earthlink,
nameservers from registrar Namecheap. Apache seems to function normally,
serving www.wallysanford.com, I can resolve everything I try on the web,
and dig reports apparently normal answers. Port 53 is forwarded to
192.168.1.103 by the router.
CONFIGURATION FILES follow:
NAMED.CONF
## named.conf - configuration for bind
#
# I have disabled the redhat-config-bind
#
# I don't want the tool to lose my updates and the option statement
can't be updated.
#
# define the IPs which represent in-house addresses
acl internals { 127.0.0.1/24; 192.168.1.0/24; };
# Transaction Signatures (TSIG) Keyfile for Master<->Slave Zone
Communication
include "/etc/rndc.key";
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
options {
notify no;
query-source address * port 53;
directory "/var/named/";
allow-transfer { none; }; // sample
allow-transfer (no one)
allow-query { internals; }; // restrict query
access
allow-recursion { internals; }; // restrict recursion
# ISP Nameservers:
forwarders { 63.251.163.102; 216.52.184.230; };
};
# include "/etc/named.custom";
# not needed since bagging RH config tool
# Not sure what I meant here ...
# zone "wallysanford.com" {
# type slave;
# file "wallysanford.com.zone";
# masters {
# 216.52.184.230;
# 63.251.163.102;
# 63.251.83.36;
# };
# };
# Root (top-level) domain nameservers
zone "." IN {
type hint;
file "named.ca";
};
# Localhost Reverse Zone:
zone "0.0.127.in-addr.arpa" {
type master;
file "0.0.127.in-addr.arpa.zone";
};
zone "localhost" {
type master;
file "localhost.zone";
};
#internal stuff: necessary?
zone "1.168.192.in-addr.arpa" {
type master;
file "1.168.192.in-addr.arpa.zone";
allow-update { internals; };
};
zone "wallysanford.com" {
type master;
file "wallysanford.com.zone";
allow-update { internals; };
forwarders {216.52.184.230; 63.251.163.102; 63.251.83.36; };
};
# No zones of type slave?
RNDC.CONF
options {
default-server localhost;
# or "default-server 192.168.1.103; "?
# or "default-server wallysanford.com; "?
# or "default-server wally.wallysanford.com; "?
default-key "rndc.key";
};
# Necessary? Before or after server directives?
include "/etc/rndc.key";
server localhost {
key "rndc.key";
};
0.0.127.IN-ADDR.ARPA.ZONE
options {
default-server localhost;
# or "default-server 192.168.1.103; "?
# or "default-server wallysanford.com; "?
# or "default-server wally.wallysanford.com; "?
default-key "rndc.key";
};
include "/etc/rndc.key";
server localhost {
key "rndc.key";
};
1.168.192.IN-ADDR.ARPA.ZONE
$TTL 86400
@ IN SOA dns1.name-services.com. wally.wallysanford.com (
# or "wallysanford.com IN SOA dns1.name-services.com.
wally.wallysanford.com ( "?
# or "wallysanford.com IN SOA name-services.com. wally.wallysanford.com
( "?
106 ; serial
7200 ; refresh
7200 ; retry
604800 ; expire
86400 ; ttk
)
NS dns1.name-services.com.
# or "wallysanford.com IN NS dns1.name-services.com. " ?
1 IN PTR dns1.name-services.com. ; Nameserver
2 IN PTR www.wallysanford.com. ; Webserver
3 IN PTR wallysanford.com. ; Hostname
LOCALHOST.IN-ADR.ARPA.ZONE
$TTL 86400
localhost.in-addr.arpa IN SOA localhost.in-addr.arpa.
wally.wallysanford.com (
2 ; serial
7200 ; refresh
7200 ; retry
604800 ; expire
86400 ; ttk
)
NS dns1.name-services.com.
#or "NS name-services.com." ?
1 PTR wallysanford.com.
# or "1 PTR wally.wallysanford.com." ?
LOCALHOST.IN-ADDR.ARPA.ZONE
$TTL 86400
# or "wallysanford.com IN SOA name-services.com. wally.wallysanford.com
( " ?
@ IN SOA dns1.name-services.com. wally.wallysanford.com (
48 ; serial
7200 ; refresh
7200 ; retry
604800 ; expire
86400 ; ttl
)
IN NS dns1.name-services.com.
A 192.168.1.103
WALLYSANFORD.COM.ZONE
$TTL 86400
# or "wallysanford.com IN SOA name-services.com. wally.wallysanford.com
( " ?
@ IN SOA dns1.name-services.com. wally.wallysanford.com (
48 ; serial
7200 ; refresh
7200 ; retry
604800 ; expire
86400 ; ttl
)
IN NS dns1.name-services.com.
A 192.168.1.103
END CONFIGURATION FILES
I thank you in advance for your constructive comments.
--
Wally Sanford
http://wallysanford.com
More information about the bind-users
mailing list