BIND/rndc Question

m3kgt · 11-26-2003, 01:17 PM

I am trying to get rndc setup on my servers, but I seem to be having a problem. I am not sure how to word this, or explain it, since I am not entirely sure I understand how it works... but this is my current setup and how I think I understand it should work...

ns1.domain.com - primary DNS server
ns2.domain.com - secondary DNS server (forward first)
ns3.domain.com - secondary DNS server (forward first)
ns4.domain.com - secondary DNS server (forward first)
ns5.domain.com - secondary DNS server (forward first)
mail1.domain.com - mail server (forward first)

I want ns1.domain.com to be the primary DNS server. I would like all the secondary DNS servers to pull their needed information from that one server (such as named.conf and the pz files). This would make it so I only have to manage the information on the one server and I can have it replicate across the other servers. I would also like the secondardy servers to forward first to the primary DNS server.

I have BIND 9.2.2 installed.

Below are my relevant config files...

####---- /etc/rndc.key -----####

key "rndc-key" {
algorithm hmac-md5;
secret "Zm9vYmFy";
};

####---- /etc/rndc.conf -----####

options {
default-server localhost;
default-key "rndc-key";
default-port 53;
};

server localhost {
key "rndc-key";
};

key "rndc-key" {
algorithm hmac-md5;
secret "Zm9vYmFy";
};

####---- /etc/named.conf -----####

options {
directory "/var/named";
};

controls {
inet 127.0.0.1 allow { localhost; } keys { rndc-key; };
};

key "rndc-key" {
algorithm hmac-md5;
secret "Zm9vYmFy" ;
};

This is what is displayed when I am on ns1 and I run the rndc -V status command....

create memory context
create socket manager
create task manager
create task
create logging context
setting log tag
creating log channel
enabling log channel
create parser
get key for server
get config key list
rndc: no key definition for name rndc-key

This is what is diplayed when I run the same command on one of the secondary servers (ns2 for example)....

create memory context
create socket manager
create task manager
create task
create logging context
setting log tag
creating log channel
enabling log channel
create parser
get key for server
get config key list
decode base64 secret
status
post event
using server [ns1 ip address was here] ([ns1 ip address was here]#53)
create socket
connect
create message
render message
schedule recv
send message
rndc: recv failed: connection reset

Sorry making this such a long post with some many nitty gritty details, but I am trying to be as thorough as possible so somebody out there might find it easier to help me. If this makes no sense, and is totally confusing... ask me to clearify.

Thanks!

m3kgt · 11-26-2003, 02:49 PM

I think I am going to scrap this whole setup for right now. I will just run named independatly on eash server. Its easier for now until I have time to figure out how to get rndc setup to work how I need it to.

If anybody has any insight about this.... feel free to still post it up.

nmolinos · 12-12-2003, 03:53 AM

You should try doing it without RNDC. It's a heck of a lot easier. I changed my setup from what you must have now (you said you are making dns independent on each server) to one Primary, and 3 secondary's.

Make your secondary's zone configurations (named.cconf) look something like this:

zone "domain.com" IN {
type slave;
file "zones/domain.com";
masters {xx.xx.xxx.x; };
};

xx.xx.xxx.x being your primary nameserver's IP address.
restart named, and it'll attempt to transfer the zones immediately. Try it out.