On Fri, 2007-09-21 at 20:56 -0400, Robert Spangler wrote: > On Fri September 21 2007 18:50, Craig White wrote: > > > [root at srv1 etc]# kill 26598 > > [root at srv1 etc]# service named restart > > Stopping named: [FAILED] > > Starting named: [ OK ] > > After you have killed named start it with 'start' not 'restart'. ---- yeah, I know, I'm lazy and just up arrow/return ---- > > > if I try... > > # service named status > > rndc: connection to remote host closed > > This may indicate that the remote server is using an older version of > > the command protocol, this host is not authorized to connect, > > or the key is invalid. > > > > but looking at my named.conf, I'm directly including rndc.key > > # grep rndc named.conf > > inet 127.0.0.1 allow { localhost; } keys { DYNAMIC_DNS_KEY; > > rndc.key; }; > > include "/etc/rndc.key"; > > This doesn't look right. My control section in named.conf is : > > controls { > inet 127.0.0.1 allow { any; } > keys { rndc-key; }; ---- it makes no difference if I only have 1 'key' in my control section or 2 - I have tried all combinations ---- > > No need for 'include '. Your rndc.conf should also be located in your > chroot /etc dir. ---- likewise, it makes no difference whether 1 or both keys are stored in the file itself or 'include rndc.key' ---- > > Take notice to what is in between {} in the keys statement. This has to match > what is in your rndc.conf file. > server localhost { > key "rndc-key"; > }; ---- apparently CentOS-5 doesn't include rndc.conf but has a program called rndc-confgen and I copied over my named.conf/zone files etc from previous server. /var/named/chroot/etc/rndc.conf options { default-server localhost; default-key "rndckey"; default-port 953; }; server localhost { key "rndckey"; }; include "/etc/rndc.key"; and then in /var/named/chroot/etc/named.conf controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { DYNAMIC_DNS_KEY; "rndckey"; }; }; include "/etc/rndc.key"; no probs mate - thanks - it's solved Craig