remote rndc broken somehow...
Vinny Abello
vinny at tellurian.com
Thu Jun 16 17:23:14 UTC 2005
Hi all,
I have a weird problem that makes no sense from a troubleshooting perspective.
On BIND 9.3.1 on Windows Server 2003 and Windows XP as the client
running rndc: One of my team members here that admins our name
servers all of a sudden cannot use rndc from her workstation to
remotely admin two of three of our name servers. As far as we can
tell, nothing changed that should affect that. The only recent change
we made was limiting recursion, but that should have no effect as
inet control channel is allowing her IP address since it is in the
same /24 that all of our other working machines are in.
When talking to server 1 and 3 issuing any rndc command, it complains
that the connection was refused and the protocol on the server might
be old or the key incorrect. I know the key is correct because it
works on name server 2 which has the same key in the config file.
I've even copied the rndc.conf file from my own working machine to
hers and updated all the binary files and dll's for rndc on her
machine and still she can only talk to ns2. Everyone else as far as I
know has no problems with all three servers including myself.
In the logs I see this:
16-Jun-2005 12:43:49.020 general: invalid command from
www.xxx.yyy.zzz#1128: expired
(IP is masked)
So the server is seeing an invalid command coming from the machine
running rndc... I thought because the key was invalid, but as I said,
it works on one server that has the same key and I've copied the
rndc.conf containing the key to her machine and verified it's
actually using that copy with no difference in results.
What does "expired" mean at the end of the log entry? That might give
me some clue.
I'm kind of stumped. Any thoughts or suggestions would be appreciated.
Vinny Abello
Network Engineer
Server Management
vinny at tellurian.com
(973)300-9211 x 125
(973)940-6125 (Direct)
PGP Key Fingerprint: 3BC5 9A48 FC78 03D3 82E0 E935 5325 FBCB 0100 977A
Tellurian Networks - The Ultimate Internet Connection
http://www.tellurian.com (888)TELLURIAN
"Courage is resistance to fear, mastery of fear - not absence of
fear" -- Mark Twain
More information about the bind-users
mailing list