On Fri, 2007-09-21 at 20:56 -0400, Robert Spangler wrote:
On Fri September 21 2007 18:50, Craig White wrote:
[root@srv1 etc]# kill 26598 [root@srv1 etc]# service named restart Stopping named: [FAILED] Starting named: [ OK ]
After you have killed named start it with 'start' not 'restart'.
---- yeah, I know, I'm lazy and just up arrow/return ----
if I try... # service named status rndc: connection to remote host closed This may indicate that the remote server is using an older version of the command protocol, this host is not authorized to connect, or the key is invalid.
but looking at my named.conf, I'm directly including rndc.key # grep rndc named.conf inet 127.0.0.1 allow { localhost; } keys { DYNAMIC_DNS_KEY; rndc.key; }; include "/etc/rndc.key";
This doesn't look right. My control section in named.conf is :
controls { inet 127.0.0.1 allow { any; } keys { rndc-key; };
---- it makes no difference if I only have 1 'key' in my control section or 2 - I have tried all combinations ----
No need for 'include '. Your rndc.conf should also be located in your chroot /etc dir.
---- likewise, it makes no difference whether 1 or both keys are stored in the file itself or 'include rndc.key' ----
Take notice to what is in between {} in the keys statement. This has to match what is in your rndc.conf file.
server localhost { key "rndc-key"; };
---- apparently CentOS-5 doesn't include rndc.conf but has a program called rndc-confgen and I copied over my named.conf/zone files etc from previous server.
/var/named/chroot/etc/rndc.conf options { default-server localhost; default-key "rndckey"; default-port 953; };
server localhost { key "rndckey"; };
include "/etc/rndc.key";
and then in /var/named/chroot/etc/named.conf
controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { DYNAMIC_DNS_KEY; "rndckey"; }; };
include "/etc/rndc.key";
no probs mate - thanks - it's solved
Craig