help with rndc fail
Lyle Giese
lyle at lcrcomputer.net
Sat Jan 15 14:55:53 UTC 2011
pyh at mail.nsbeta.info wrote:
>
> I don't know what's the problem.
> Just copied the config files to another host and run bind master on
> it, everything works fine, including the zone transfer for multi-views.
> Thanks.
> pyh at mail.nsbeta.info writes:
>>
>> And, the named version is:
>> # named -v
>> BIND 9.6.1-P2
>> I'm pretty sure the secret in both named.conf and rndc.conf are the
>> same.
>> Thanks.
>>
>> pyh at mail.nsbeta.info writes:
>>>
>>> Hello gurus,
>>> my rndc related commands in bind master with multi-views run
>>> fail,but in slave it's running correctly.
>>> # rndc status
>>> rndc: connection to remote host closed
>>> This may indicate that
>>> * the remote server is using an older version of the command protocol,
>>> * this host is not authorized to connect,
>>> * the clocks are not synchronized, or
>>> * the key is invalid.
>>> Here is the named.conf for master.
>>> Please help,thanks in advance.
>>> -------------
>>> options {
>>> directory "/var/cache/bind";
>>> recursion no;
>>> };
>>>
>>> # ACLs begin
>>> include "/etc/bind/tel.acl";
>>> include "/etc/bind/uni.acl";
>>> include "/etc/bind/edu.acl";
>>> # ACLs end
>>>
>>> # views for ISP begin
>>> view "uni" {
>>> match-clients {
>>> key "unikey";
>>> UNI;
>>> };
>>> allow-update {key "unikey";};
>>> allow-transfer { key "unikey"; };
>>> server 202.104.186.180 { keys "unikey"; };
>>> # zone begin uni
>>> zone "test.nsbeta.info" {
>>> type master;
>>> file "test.nsbeta.info.uni.db";
>>> };
>>> # zone end uni
>>> };
>>> view "edu" {
>>> match-clients {
>>> key "edukey";
>>> EDU;
>>> };
>>> allow-update {key "edukey";};
>>> allow-transfer { key "edukey"; };
>>> server 202.104.186.180 { keys "edukey"; };
>>> # zone begin edu
>>> zone "test.nsbeta.info" {
>>> type master;
>>> file "test.nsbeta.info.edu.db";
>>> };
>>> # zone end edu
>>> };
>>> view "tel" {
>>> match-clients {
>>> key "telkey";
>>> any;
>>> };
>>> allow-update {key "telkey";};
>>> allow-transfer { key "telkey"; };
>>> server 202.104.186.180 { keys "telkey"; };
>>> # zone begin tel
>>> zone "test.nsbeta.info" {
>>> type master;
>>> file "test.nsbeta.info.tel.db";
>>> };
>>> # zone end tel
>>> };
>>> # views for ISP end
>>>
>>> # rndc key begin
>>> key "rndc-key" {
>>> algorithm hmac-md5;
>>> secret "SUpgZRkpZVeteRiTIxQw6w==";
>>> };
>>> controls {
>>> inet 127.0.0.1 port 953
>>> allow { 127.0.0.1; } keys { "rndc-key"; };
>>> };
>>> # rndc key end
>>> # customized keys begin
>>> key "edukey" {
>>> algorithm hmac-md5;
>>> secret "***";
>>> };
>>> key "unikey" {
>>> algorithm hmac-md5;
>>> secret "***";
>>> };
>>> key "telkey" {
>>> algorithm hmac-md5;
>>> secret "***";
>>> };
>>> # customized keys end
>>> _______________________________________________
>>> bind-users mailing list
>>> bind-users at lists.isc.org
>>> https://lists.isc.org/mailman/listinfo/bind-users
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
In my named.conf I have the following stanza:
key rndc_key {
algorithm hmac-md5;
secret "*********";
};
controls {
inet 127.0.0.1 allow { localhost; } keys { rndc_key; };
};
I don't bother with the port part as 953 is the default port and I don't
have quotes around rndc_key either.
I don't remember if you posted your rndc.conf also.
You might also want to use netstat to check to see if named is listening
on port 953 and if you are getting any errors in syslog from named when
you are trying to connect with rndc.
Lyle Giese
LCR Computer Services, Inc.
More information about the bind-users
mailing list