LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 03-03-2005, 10:45 AM   #1
jujuman
LQ Newbie
 
Registered: Mar 2005
Posts: 5

Rep: Reputation: 0
DNS, Bind, rndc update issue


It seems I can only get my config and zone files to refresh by restarting bind.. when i try to 'rndc reload' i don't get an error, but it doesnt update. I noticed this when I tried to stop and restart bind and got this error.

/etc/init.d/named stop
Shutting down named: rndc: connection to remote host closed
This may indicate that the remote server is using an older version of
the command protocol, this host is not authorized to connect,
or the key is invalid.

here is my rndc.conf

options {
default-server 127.0.0.1;
default-key "rndckey";
};

server 127.0.0.1 {
key "rndckey";
};

key "rndckey" {
algorithm "hmac-md5";
secret ".........";

named.conf

controls {
inet 127.0.0.1 allow { 127.0.0.1; } keys { rndckey; };
};

key "rndckey" {
algorithm "hmac-md5";
secret "same as rndc.conf";
}

Did I miss somehting in either of these conf's?

EDIT: In addition, I had changed key's recently. After the change, I was able to stop and start without issue. But this is the first time I tried stopping it since then, and now it is giving me the above mentioned error message.

This is on SuSe 9.2
 
Old 03-03-2005, 01:44 PM   #2
Brian Knoblauch
Member
 
Registered: Jan 2005
Distribution: SuSE (x86), NetBSD (Sparc), Solaris (Sparc & 32-bit x86)
Posts: 278

Rep: Reputation: 30
I had the same problem awhile back too. Removing the rndc.conf file fixed it. Apparently on of the BIND updates changed the operation of rndc. It seems to now pull the auth info for local host from the named.conf. Very strange, wouldn't believe it if someone told me that...
 
Old 03-03-2005, 02:09 PM   #3
jujuman
LQ Newbie
 
Registered: Mar 2005
Posts: 5

Original Poster
Rep: Reputation: 0
removing the rndc.conf file? like not using the conf file at all will fix it? Thats odd. I will have to give it a try during off hours. Thanks.
 
Old 03-03-2005, 02:18 PM   #4
Brian Knoblauch
Member
 
Registered: Jan 2005
Distribution: SuSE (x86), NetBSD (Sparc), Solaris (Sparc & 32-bit x86)
Posts: 278

Rep: Reputation: 30
Quote:
Originally posted by jujuman
removing the rndc.conf file? like not using the conf file at all will fix it? Thats odd. I will have to give it a try during off hours. Thanks.
It was very odd. Make a backup before you try it!
 
Old 03-03-2005, 06:16 PM   #5
Jerman
LQ Newbie
 
Registered: Sep 2004
Posts: 7

Rep: Reputation: 0
Okay.. heres what happens after removing rndc.conf:

shell#>rndc reload
rndc: connect failed: connection refused

so i ran 'rndc-confgen' and created an new rndc.conf file and modified the named.conf file, and i am now back to square one. any other suggestions?


EDIT: I just realized I was using a different login as my original post.

Last edited by Jerman; 03-03-2005 at 06:18 PM.
 
Old 03-03-2005, 09:17 PM   #6
Jerman
LQ Newbie
 
Registered: Sep 2004
Posts: 7

Rep: Reputation: 0
alright.. I solved part of the problem.... The /etc/init.d/named was setting rndc as /usr/local/sbin, but when I was trying to reload i was using /usr/sbin/ rndc. The problem still is that it still doesnt update the zones... i check /var/log/messages and it says loading configuration from '/etc/named.conf'... now Im running bind in a chroot jail, i did create a symlink in /etc/named.conf that points to the /etc in named's chroot... problem is, if rndc is reading named.conf, is it reading it unchrooted, so if it sees /conf in the named.conf file, it thinks its really /conf and not /chroot/named/conf.. i tried creating a symlink from /conf to /chroot/named/conf but that didnt work... Anyone shed some light?

Last edited by Jerman; 03-03-2005 at 09:18 PM.
 
Old 03-03-2005, 09:46 PM   #7
KurtAKARebuild
LQ Newbie
 
Registered: Feb 2005
Location: Australia
Distribution: Debian, Reformed Slackwareist
Posts: 20

Rep: Reputation: 0
Is it possible that when you're editing your zone files you're forgetting to update your serial value?

just a thought..

good luck

Kurt

Last edited by KurtAKARebuild; 03-06-2005 at 07:07 PM.
 
Old 03-03-2005, 11:08 PM   #8
Jerman
LQ Newbie
 
Registered: Sep 2004
Posts: 7

Rep: Reputation: 0
Quote:
Originally posted by KurtAKARebuild
Is it possible that when you're editing your zone files you're forgetting to update your serial value?

just a thought..

good luck

Kurt
[KRW Digital www.krwdigital.com]
Definitely updating the serial in my zone files.
 
Old 03-04-2005, 09:02 AM   #9
jujuman
LQ Newbie
 
Registered: Mar 2005
Posts: 5

Original Poster
Rep: Reputation: 0
the fact that my messages log says that its loading named.conf, tells me its working... i think the problem could be that rndc is reading /etc/named.conf which looks at /conf, which as far as rndc is concerned, should mean /conf, but to named its /chroot/named/conf... is rndc setup where it doesnt give an error if it doesnt find the zone file, it just checks the conf file and tries it but doesnt give an error if the zone file is not found?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Bind 9 rndc connection refused. 360 Linux - Networking 2 10-15-2010 02:47 PM
Bind Dns Issue?? treedstang Linux - Networking 2 07-04-2004 01:09 AM
BIND DNS update objorkum Linux - Networking 2 04-16-2004 10:26 AM
Dyn. update of DNS zone in BIND 9.2.1 on RH8.0? Tom Bombadil Linux - Networking 0 03-11-2004 10:44 AM
BIND/rndc Question m3kgt Linux - Networking 2 12-12-2003 03:53 AM


All times are GMT -5. The time now is 12:21 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration