[CentOS] named & rndc
Craig White
craigwhite at azapple.com
Sat Sep 22 02:01:48 UTC 2007
On Fri, 2007-09-21 at 20:56 -0400, Robert Spangler wrote:
> On Fri September 21 2007 18:50, Craig White wrote:
>
> > [root at srv1 etc]# kill 26598
> > [root at srv1 etc]# service named restart
> > Stopping named: [FAILED]
> > Starting named: [ OK ]
>
> After you have killed named start it with 'start' not 'restart'.
----
yeah, I know, I'm lazy and just up arrow/return
----
>
> > if I try...
> > # service named status
> > rndc: connection to remote host closed
> > This may indicate that the remote server is using an older version of
> > the command protocol, this host is not authorized to connect,
> > or the key is invalid.
> >
> > but looking at my named.conf, I'm directly including rndc.key
> > # grep rndc named.conf
> > inet 127.0.0.1 allow { localhost; } keys { DYNAMIC_DNS_KEY;
> > rndc.key; };
> > include "/etc/rndc.key";
>
> This doesn't look right. My control section in named.conf is :
>
> controls {
> inet 127.0.0.1 allow { any; }
> keys { rndc-key; };
----
it makes no difference if I only have 1 'key' in my control section or 2
- I have tried all combinations
----
>
> No need for 'include '. Your rndc.conf should also be located in your
> chroot /etc dir.
----
likewise, it makes no difference whether 1 or both keys are stored in
the file itself or 'include rndc.key'
----
>
> Take notice to what is in between {} in the keys statement. This has to match
> what is in your rndc.conf file.
> server localhost {
> key "rndc-key";
> };
----
apparently CentOS-5 doesn't include rndc.conf but has a program called
rndc-confgen and I copied over my named.conf/zone files etc from
previous server.
/var/named/chroot/etc/rndc.conf
options {
default-server localhost;
default-key "rndckey";
default-port 953;
};
server localhost {
key "rndckey";
};
include "/etc/rndc.key";
and then in /var/named/chroot/etc/named.conf
controls {
inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys {
DYNAMIC_DNS_KEY; "rndckey"; };
};
include "/etc/rndc.key";
no probs mate - thanks - it's solved
Craig
More information about the CentOS
mailing list