Hello Mates,
I just reciently updated BIND on my CentOS 6.2 (don't remember which version) but now I am using version: BIND version 9.8.2
The packages I have: bind bind-libs bind-chroot bind-utils bind-devel
First of all, doing "service named status" it throws me: WARNING: key file (/etc/rndc.key) exists, but using default configuration file (/etc/rndc.conf) rndc: connection to remote host closed This may indicate that * the remote server is using an older version of the command protocol, * this host is not authorized to connect, * the clocks are not synchronized, or * the key is invalid.
After a Google search I found:
to remove rdnc.key and it was suppose to be working ok. and I chown named:named the file /etc/named.conf, now if I do "service named status" it throws me: version: 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.1 CPUs found: 4 worker threads: 4 number of zones: 17 debug level: 0 xfers running: 0 xfers deferred: 0 soa queries in progress: 0 query logging is OFF recursive clients: 0/0/1000 tcp clients: 0/100 server is up and running named (pid 1456) is running...
The thing is, whenever I want to check the domain name on intoDNS.com service it says: ERROR: One or more of your nameservers did not respond: The ones that did not respond are:
and it show boths are bad, I thought may be a delay on propagate, but now I have 2 hours waiting and still nothing. Any help?
Here is the /var/log/messages Jul 25 00:17:57domain named[1456]: automatic empty zone: B.E.F.IP6.ARPA Jul 25 00:17:57 domain named[1456]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA Jul 25 00:17:57 domain named[1456]: command channel listening on 127.0.0.1#953 Jul 25 00:17:57 domain named[1456]: command channel listening on ::1#953 Jul 25 00:17:57 domain named[1456]: zone domain.info/IN: loaded serial 1343174545 Jul 25 00:17:57domain named[1456]: managed-keys-zone ./IN: loaded serial 3 Jul 25 00:17:57 domain named[1456]: running Jul 25 00:17:57 domain named[1456]: zone domain/IN: sending notifies (serial 1343174545) Jul 25 00:17:57domain xinetd[1494]: xinetd Version 2.3.14 started with libwrap loadavg labeled-networking options compiled in. Jul 25 00:17:57 domainxinetd[1494]: Started working: 0 available services
P.S. I've tried removing the packages , reinstalling, stop using chroot, etc.
On 7/24/2012 8:47 PM, Carlos Sura wrote:
Hello Mates,
I just reciently updated BIND on my CentOS 6.2 (don't remember which version) but now I am using version: BIND version 9.8.2
Hello Carlos,
When named is running:
- Is port 53 listening? - Can you telnet into that port from another server? - Can you lookup (dig) your own domain or a remote domain from the server? - Were either xinetd or iptables updated or changed?
W.
Hello Carlos,
When named is running:
- Is port 53 listening?
- Can you telnet into that port from another server?
- Can you lookup (dig) your own domain or a remote domain from the server?
- Were either xinetd or iptables updated or changed?
W. _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Hi Winter, I really appreciate your answer.
Yes, port 53 is listening on configuration and with netstat -atpn | grep -E ":953|:53" it shows named. Yes I can telnet from another server the port 53 Well, this is what I get from dig ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.1 <<>> -x domain.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 32863 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION: ;icom.domain.in-addr.arpa. IN PTR
;; AUTHORITY SECTION: in-addr.arpa. 1800 IN SOA b.in-addr-servers.arpa. nstld.iana.org. 2011026079 1800 900 604800 3600
;; Query time: 51 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Wed Jul 25 02:28:44 2012 ;; MSG SIZE rcvd: 121
Iptables is deactivated and I have made: chkconfig iptables off and restarted to see if it works, and produces the same.
Ok,
Here is the update:
I deleted the line: ROOTDIR="/var/named/chroot"
on /etc/sysconfig/named
restarted named and now, it shows me:
WARNING: key file (/etc/rndc.key) exists, but using default configuration file (/etc/rndc.conf) rndc: connection to remote host closed This may indicate that * the remote server is using an older version of the command protocol, * this host is not authorized to connect, * the clocks are not synchronized, or * the key is invalid. named (pid 3442) is running..
but, after this, the Nameservers and DNS are working and solving.
Anything to fix those awful messages?
but, after this, the Nameservers and DNS are working and solving.
Anything to fix those awful messages?
Hello again,
I. Does your named.conf contain an entry for rndc-key?
Along the lines of:
key "rndc-key" { algorithm hmac-md5; secret "<insert hash here>"; };
II. Does rndc.conf have contain:
key "rndc-key" { algorithm hmac-md5; secret "<same hash as named.conf entry"; };
options { default-key "rndc-key"; default-server 127.0.0.1; default-port 953; };
Basically do the rndc secrets in named.conf and rndc.conf match?
I don't believe it's necessary to have an rndc.conf file and an rndc.key file. Just the .conf will do.
And the time is correct on the server? :)
W.
-
Carlos Sura -
Winter