On Sat, 2006-11-18 at 16:03 +0100, kadafax wrote: > Hi list, > > here is what happened: > today I noticed some resolution's problems on my network. I did a > "service named status" and here was the output: > # /etc/init.d/named status > rndc: connection to remote host closed > This may indicate that the remote server is using an older version of > the command protocol, this host is not authorized to connect, > or the key is invalid. > > In the named's log, several entries like that: > general: error: invalid command from 127.0.0.1#42033: bad auth > > I am not using the key's authentication on my chrooted bind dns and it > was working great so far. > > Searching on rndc's files in /etc I've found mismatch for the key value > in /etc/rndc.conf and /etc/rndc.key. There was also a rndc.key.rpmnew file. > After giving the good value for the key entry (I've copied-pasted the > value from the .key file), the bind daemon seems to be happy now. > > My question is how things get broken because I didn't touch the bind's > config files for a year or so (only the zone files, sometime) ? Search the Centos archives for a complete explanation. Basically, a recent update changed the configurations (that's why you have an .rpmnew file) so that your rndc keys no longer match. After an update, it's always a good idea to updatedb and then locate *.rpmnew and/or *.rpmsave. The *potential* for the problem was reported *very* early after the 4.4 (?) update and those who watch the lists regularly avoided problems. > <snip> HTH -- Bill