rndc.key problems
Mark_Andrews at isc.org
Mark_Andrews at isc.org
Tue Dec 9 01:21:01 UTC 2003
> Greetings,
>
> I've built and installed BIND 9.2.3 replacing my old 9.1.3 installation,
> and I'm having an issue with my rndc.key that I can't figure out.
>
> When I run rndc status (or any other rndc command) I get:
>
> ./rndc status
> rndc: error: /usr/local/bind-9.2.3//etc/rndc.key:2: unknown option
> 'options'
> rndc: could not load rndc configuration
You are using a "rndc.conf" as a "rndc.key". The "rndc.key"
parser does NOT know about options. The parser for "rndc.conf"
does know about options. They are not interchangable.
Also below does *not* match will the rndc.conf below.
options is on line 6 not line 2 as reported by the error
message.
> My rndc.key is the 'stock' key generated by rndc-confgen.
rndc.key is designed to be loaded by both named and rndc
either directly due to lack of controls in named.conf or
no rndc.conf or via 'include "rndc.key";' in named.conf
and rndc.conf (9.2.x onwards).
rndc.key is generated by "rndconfgen -a".
rndc.conf is generated to stdout by "rndconfgen" (no -a)
and includes a code segment (commented out) to be added to
named.conf.
I would be renaming /usr/local/bind-9.2.3/etc/rndc.key to
/usr/local/bind-9.2.3/etc/rndc.conf.
Mark
> I installed the commented out section from the bottom of my rndc-confgen
> into my named.conf file and I get not errors at startup of named.
>
> I'm not sure what I'm doing wrong. The contents of my rndc.key is as
> follows (with my 'secret' key changed.)
>
> # Start of rndc.conf
> key "rndc-key" {
> algorithm hmac-md5;
> secret "thisisnotmyrealkey";
> };
> options {
> default-key "rndc-key";
> default-server 127.0.0.1;
> default-port 953;
> };
> # End of rndc.conf
>
> Any hints or suggestions appreciated.
>
> --
> Jeffrey J. Barteet
> Materials Research Laboratory
> UC Santa Barbara, CA 93106
> 805-893-8642
>
>
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
More information about the bind-users
mailing list