Yet another rndc question
Kevin Darcy
kcd at daimlerchrysler.com
Sat Jan 14 01:00:23 UTC 2006
John Little wrote:
>Hi all,
>
>I'm not having much luck get named to start:
>john at ubuntuserver:~$ sudo rndc start
>rndc: connect failed: connection refused
>john at ubuntuserver:~$
>
>I have installed from source bind 9.3.2 onto ubuntu 5.10. I have read
>the documentation on the ISC site, the pages in Oreilly's DNS and Bind
>and several websites but still I can't find what's wrong. The only
>thing that I see in /var/log/messages regarding bind is:
>'process `named' is using obsolete setsockopt SO_BSDCOMPAT'
>
>My named.conf entries for rndc:
>include "/etc/bind/rndc.key";
>controls {
> inet 127.0.0.1 port 953
> allow { 127.0.0.1; } keys { "rndc-key"; };
>};
>
>My rndc.key file:
>key "rndc-key" {
> algorithm hmac-md5;
> secret "AZf73*****iuSkAwv*****==";
>};
>
>My rndc.conf file:
>options {
> default-server localhost;
> default-key "rndc-key";
>};
>
>key "rndc-key" {
> algorithm hmac-md5;
> secret "AZf73*****iuSkAwv*****==";
>};
>
>I also generated a key for dhcp using:
>sudo dnssec-keygen -a HMAC-MD5 -b 512 -n HOST dhcp-key and have it
>installed in my dhcpd.conf with the intention of using ddns when I get
>this working.
>
>Would somebody please give me some direction on this as to what I have
>set up incorrectly?
>
You shouldn't need an /etc/rndc.conf file at all. localhost is the
default server, and the default key is whatever rndc finds in rndc.key.
You should verify that something is listening on 127.0.0.1/953. If not,
then you forgot to reload/restart the nameserver after your most recent
change, or something is wrong and is preventing named from listening on
the rndc port on startup (there should be something in the logs about that).
Note that rndc has no "start" command. The nameserver needs to be
already running and listening before you can connect to it via the rndc
port.
- Kevin
More information about the bind-users
mailing list