CentOS 4.8, BIND 9.2.4
Hi All:
I have a rather annoying problem with rndc which I have not been able to resolve despite much searching and many attempts to correct. When making changes to our DNS entries I have tried to use the following procedures:
1. Flush the cache buffers:
rndc flush
2. Stop named:
rndc stop
3. Delete the journal files:
rm *.jnl
4. Edit the forward and/or reverse zone files as necessary.
5. Restart named:
rndc start
Everything works fine until the last command which fails with:
rndc: connect failed: connection refused
I can get around this by using "service named start" but I should not have to do this. Has anyone encountered something similar and can pass on some words of wisdom?
TIA
Regards, Hugh
Hello ,
I am facing same problem but with CentOS 5.4 and BIND 9.3.6 while I was having 5.3 named was working fine but now it give me same error in Service configuration panel to start named I have to reboot the system but if I give Service named restart it stops and fails to start only I can use service named reload on command line.
I did everything so far but no luck I shall try to go back to CentOS 5.3 thats the option I feel might work for me.
Regards.
On Wed, Nov 25, 2009 at 6:04 PM, Hugh E Cruickshank hugh@forsoft.com wrote:
CentOS 4.8, BIND 9.2.4
Hi All:
I have a rather annoying problem with rndc which I have not been able to resolve despite much searching and many attempts to correct. When making changes to our DNS entries I have tried to use the following procedures:
- Flush the cache buffers:
rndc flush
- Stop named:
rndc stop
- Delete the journal files:
rm *.jnl
Edit the forward and/or reverse zone files as necessary.
Restart named:
rndc start
Everything works fine until the last command which fails with:
rndc: connect failed: connection refused
I can get around this by using "service named start" but I should not have to do this. Has anyone encountered something similar and can pass on some words of wisdom?
TIA
Regards, Hugh
-- Hugh E Cruickshank, Forward Software, www.forward-software.com _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
From: Tariq Ismail Dalvi Sent: November 25, 2009 15:21
I am facing same problem but with CentOS 5.4 and BIND 9.3.6 while I was having 5.3 named was working fine but now it give me same error in Service configuration panel to start named I have to reboot the system but if I give Service named restart it stops and fails to start only I can use service named reload on command line.
Thank you for your reply but your problem seems to be different than mine. "service named start" and "service named restart" work fine on my system it is the "rndc start" which is failing.
Regards, Hugh
On Wed, 2009-11-25 at 15:27 -0800, Hugh E Cruickshank wrote:
From: Tariq Ismail Dalvi Sent: November 25, 2009 15:21
I am facing same problem but with CentOS 5.4 and BIND 9.3.6 while I was having 5.3 named was working fine but now it give me same error in Service configuration panel to start named I have to reboot the system but if I give Service named restart it stops and fails to start only I can use service named reload on command line.
Thank you for your reply but your problem seems to be different than mine. "service named start" and "service named restart" work fine on my system it is the "rndc start" which is failing.
---- are you running chroot?
do you have reference to 'include rndc.key' in your named.conf?
can chroot named.conf read the key?
Craig
On Wed, Nov 25, 2009 at 03:04:59PM -0800, Hugh E Cruickshank wrote:
CentOS 4.8, BIND 9.2.4
Flush the cache buffers:
rndc flush
Stop named:
rndc stop
Delete the journal files:
rm *.jnl
Edit the forward and/or reverse zone files as necessary.
Restart named:
rndc start
Everything works fine until the last command which fails with:
rndc: connect failed: connection refused
I can get around this by using "service named start" but I should not have to do this. Has anyone encountered something similar and can pass on some words of wisdom?
You are going through entirely too many steps.
1) Edit zone file
2) rndc reload foo.com
Also in the steps you have taken above you are stopping bind via rndc stop and then trying to start it with the unknown "start" command. Even if "start" was known it would not work, rndc communicated directly with named, and since it was already stopped in a previous step there is no way that your "start" (or any other command, reload, flush, whatever) could work at that point.
John
From: John R. Dennison Sent: November 25, 2009 15:26
You are going through entirely too many steps.
Edit zone file
rndc reload foo.com
I will give that a try.
Also in the steps you have taken above you are stopping bind via rndc stop and then trying to start it with the unknown "start" command. Even if "start" was known it would not work, rndc communicated directly with named, and since it was already stopped in a previous step there is no way that your "start" (or any other command, reload, flush, whatever) could work at that point.
That would explain a lot but it would have been more useful if the rndc command had returned an error saying something like "start command unknown" rather than accepting the command and indicating a communication problem.
Thanks very much for your informative reply.
Regards, Hugh
Also in the steps you have taken above you are stopping bind via rndc stop and then trying to start it with the unknown "start" command. Even if "start" was known it would not work, rndc communicated directly with named, and since it was already stopped in a previous step there is no way that your "start" (or any other command, reload, flush, whatever) could work at that point.
That would explain a lot but it would have been more useful if the rndc command had returned an error saying something like "start command unknown" rather than accepting the command and indicating a communication problem.
So file a bug with the BIND developers about this rather obvious 'bug'.
From: Christopher Chan Sent: November 25, 2009 15:50
Also in the steps you have taken above you are stopping bind via rndc stop and then trying to start it with the unknown "start" command. Even if "start" was known it would not work, rndc communicated directly with named, and since it was already stopped in a previous step there is no way that your "start" (or any other command, reload, flush, whatever) could work at that point.
That would explain a lot but it would have been more useful if the rndc command had returned an error saying something like "start command unknown" rather than accepting the command and indicating a communication problem.
So file a bug with the BIND developers about this rather obvious 'bug'.
Good suggestion and I have done so.
hec
On Wed, Nov 25, 2009 at 03:36:09PM -0800, Hugh E Cruickshank wrote:
That would explain a lot but it would have been more useful if the rndc command had returned an error saying something like "start command unknown" rather than accepting the command and indicating a communication problem.
It's operating per design and it's operating properly; rndc is nothing more than an interface to allow admins to provide commands to the running named instance and if named isn't running there is nothing that rndc is able to do from that point forward so it indicates to the user that it can't communicate - seems logical to me.
John
From: John R. Dennison Sent: November 25, 2009 15:57
On Wed, Nov 25, 2009 at 03:36:09PM -0800, Hugh E Cruickshank wrote:
That would explain a lot but it would have been more useful if the rndc command had returned an error saying something like "start command unknown" rather than accepting the command and indicating a communication problem.
It's operating per design and it's operating properly; rndc is nothing more than an interface to allow admins to provide commands to the running named instance and if named isn't running there is nothing that rndc is able to do from that point forward so it indicates to the user that it can't communicate - seems logical to me.
I can see that point of view but that sure does not help the poor guy or gal trying to figure out a problem like I had. I have been chasing this one off and on for weeks (if not months).
hec
On Wed, Nov 25, 2009 at 04:19:48PM -0800, Hugh E Cruickshank wrote:
I can see that point of view but that sure does not help the poor guy or gal trying to figure out a problem like I had. I have been chasing this one off and on for weeks (if not months).
Hmm, perhaps... But a quick perusal of "man rndc" would have shown that there is no "start" command and the phrasing "communicates with the nameserver over a TCP connection. would have been a clue that the nameserver needed to be running :)
John
From: John R. Dennison Sent: November 25, 2009 16:31
Hmm, perhaps... But a quick perusal of "man rndc" would have shown that there is no "start" command and the phrasing "communicates with the nameserver over a TCP connection. would have been a clue that the nameserver needed to be running :)
True but in my feeble defence I was following someone else's example procedures (and following them blindly it would seem). I would think that my suggested change, while not strictly required, would result in improved usability of the software.
Regards, Hugh
On Thu, Nov 26, 2009 at 1:04 AM, Hugh E Cruickshank hugh@forsoft.com wrote:
CentOS 4.8, BIND 9.2.4 3. Delete the journal files: rm *.jnl
why to do that? you can do simple zone update by: rndc freeze [zone] if you got error like: rndc: 'freeze' failed: not found try than: rndc freeze [zone] in internal
edit you zone rndc unfreeze [zone] [in internal] rndc reload
From: Arturas Skauronas Sent: November 25, 2009 16:04
On Thu, Nov 26, 2009 at 1:04 AM, Hugh E Cruickshank hugh@forsoft.com wrote:
CentOS 4.8, BIND 9.2.4 3. Delete the journal files: rm *.jnl
why to do that? you can do simple zone update by: rndc freeze [zone] if you got error like: rndc: 'freeze' failed: not found try than: rndc freeze [zone] in internal
edit you zone rndc unfreeze [zone] [in internal] rndc reload
I agree. I have already revised my procedures to reflect the change. The procedures I had in place were based on someone else's procedures that were post to a web page. I now suspect that the posting was rather dated.
Regards, Hugh
Hugh E Cruickshank wrote:
I can get around this by using "service named start" but I should not have to do this. Has anyone encountered something similar and can pass on some words of wisdom?
yes, don't use rndc the whole concept is stupid to begin with.
nate
rndc: connect failed: connection refused
Here is what works for me:
cd /var/named/chroot/etc rndc-confgen > rndc.key chown root.named rndc.key
vi rndc.key and remove everything except the key section.
vi /var/named/chroot/etc/named.conf and copy the rndckey from /var/named/chroot/etc/rndc.key into this section
key "rndckey" { algorithm hmac-md5; secret "[RNDC key]"; };
I hope this helps, Neil
-- Neil Aggarwal, (281)846-8957, http://UnmeteredVPS.net CentOS 5.4 VPS with unmetered bandwidth only $25/month! 7 day free trial, Google Checkout accepted
Neil Aggarwal wrote:
rndc: connect failed: connection refused
Here is what works for me:
I hope this helps,
I doubt that would help at all if BIND is not running...hence the connection refused message.
The OP only ran into this when trying to do 'rndc start'. ;-)
-
Arturas Skauronas -
Christopher Chan -
Craig White -
Hugh E Cruickshank -
John R. Dennison -
nate -
Neil Aggarwal -
Tariq Ismail Dalvi