Bind 9.3.1 Issue

Otis Surratt Jr. listacc at ocosa.com
Wed Nov 23 03:12:39 UTC 2005 

Hello,

I am new to bind. I migrated from w2k dns servers to bind 9 servers. I 
am running Bind 9.3.1 on FreeBSD 5.4 systems. Ever since I made the 
change I have had problems. I thought it would be a no brianer if I 
install webmin and did everything from there. My question is since I am 
using webmin 1.240 and the module for bind is bind8 will it still work 
with bind9 correctly? I know it works somewhat without the rndc keys (no 
security) but works off and on! My goal is to run public dns servers 
(ns1 - master ns2 -slave ns3 -slave soon ns4- slave) for my isp and make 
them secure with the rndc and setup acls. Since I have little experience 
with bind maybe someone here can help! I don't mind showing the keys I 
can generate different ones onces the fix is done! Would I need to allow 
my slave servers to be in the allowed list on the master. Lets fix rndc 
then go to acls later if possible!  :) 

I get the following errors from webmin on NS2 and NS3-


      NDC command failed : rndc: connection to remote host closed This
      may indicate that the remote server is using an older version of
      the command protocol, this host is not authorized to connect, or
      the key is invalid.

Also I have a master forward zone for a domain and it doesn't work. 
(e.g. It can be resolve across the Internet.) I get the error above when 
I try to reload that zone on the master dns server.

Without using the rndc I was getting bad dotted zero or quad zero. Now 
since added the keys to the picture when I reload any zone it gives me 
the error about. I reboot the entire master server but in webmin there 
is no key and if I ssh into the server and view rndc.conf or rndc.key it 
shows the key.

here is the rndc.conf

# Start of rndc.conf
key "rndc-key" {
        algorithm hmac-md5;
        secret "dnXVePWNK9pXRBJZ2mbWmw==";
};

options {
        default-key "rndc-key";
        default-server 127.0.0.1;
        default-port 953;
};
# End of rndc.conf

# Use with the following in named.conf, adjusting the allow list as needed:
# key "rndc-key" {
#       algorithm hmac-md5;
#       secret "dnXVePWNK9pXRBJZ2mbWmw==";


        default-key "rndc-key";
        default-server 127.0.0.1;
        default-port 953;
};
# End of rndc.conf

# Use with the following in named.conf, adjusting the allow list as needed:
# key "rndc-key" {
#       algorithm hmac-md5;
#       secret "dnXVePWNK9pXRBJZ2mbWmw==";
# };
#
# controls {
#       inet 127.0.0.1 port 953
#               allow { 127.0.0.1; } keys { "rndc-key"; };
# };
# End of named.conf

here is the rndc.key

key "rndc-key" {
        algorithm hmac-md5;
        secret "3SUa9kP+3vhWPuJuQ4WOUg==";


--


------------------------------------------------
Otis Surratt Jr. / listacc at ocosa.com
------------------------------------------------

More information about the bind-users mailing list