LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 04-27-2015, 01:10 PM   #1
bangnagr
Member
 
Registered: Jan 2013
Posts: 48

Rep: Reputation: 4
Help on rndc. Want to control remote bind server, but cant....


Hi All,

Please help me. I'm following the book - 'DNS and BIND, 5th Ed By Paul Albitz, Cricket Liu'. This RNDC is driving me crazy. I spent all day trying to configure rndc. Tried every possible combination in config files, but I just cant control remote server. Tried many tutorials from google, nothing helped. LQ is my last hope.

So, my story goes like this...

MASTER BIND SERVER:
Host: toystory.movie.edu
IP: 10.249.249.3/24
OS: CentOS 7.1


SLAVE BIND SERVER:
Host: wormhole.movie.edu
IP: 10.249.249.2/24
OS: CentOS 6.6


MASTER SERVER (toystory) CONFIGURATION FILES:
Code:
[root@toystory ~]# cat /etc/rndc.conf
key "toystory-key" {
	algorithm hmac-md5;
	secret "K9qBsQwusP6430cykS2AeA==";
};
options {
	default-key "toystory-key";
	default-server 127.0.0.1;
	default-port 953;
};

[root@toystory ~]# cat /etc/named.conf
key "toystory-key" {
	algorithm hmac-md5;
	secret "K9qBsQwusP6430cykS2AeA==";
};
controls {
	inet 127.0.0.1 port 953
		allow { 127.0.0.1; } keys { "toystory-key"; };
};
key "wormhole-key" {
	algorithm hmac-md5;
	secret "7PvoY3oysQz8DyASiUTlNA==";
};
controls {
	inet 10.249.249.3 port 953
		allow { 10.249.249.2; } keys { "wormhole-key"; };
};
SLAVE SERVER (wormhole) CONFIGURATION FILES:
Code:
[root@wormhole ~]# cat /etc/rndc.conf
key "wormhole-key" {
	algorithm hmac-md5;
	secret "7PvoY3oysQz8DyASiUTlNA==";
};
options {
	default-key "wormhole-key";
	default-server 127.0.0.1;
	default-port 953;
};

[root@wormhole ~]# cat /etc/named.conf
key "wormhole-key" {
	algorithm hmac-md5;
	secret "7PvoY3oysQz8DyASiUTlNA==";
};
controls {
	inet 127.0.0.1 port 953
		allow { 127.0.0.1; } keys { "wormhole-key"; };
};
server 10.249.249.3 {
  keys { "wormhole-key"; };
};
TESTING:

MASTER (toystory):
Code:
[root@toystory ~]# rndc status
version: 9.9.4-RedHat-9.9.4-18.el7_1.1 <id:8f9657aa>
CPUs found: 1
worker threads: 1
UDP listeners per interface: 1
number of zones: 104
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running

[root@toystory ~]# rndc -s wormhole.movie.edu status
rndc: connect failed: 10.249.249.2#953: connection refused
SLAVE (wormhole):
Code:
[root@wormhole ~]# rndc status
version: 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.2
CPUs found: 1
worker threads: 1
number of zones: 22
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
What I'm doing wrong? Please Help!!!

Thanks
 
Old 04-27-2015, 05:10 PM   #2
smallpond
Senior Member
 
Registered: Feb 2011
Location: Massachusetts, USA
Distribution: CentOS 6 (pre-systemd)
Posts: 2,609

Rep: Reputation: 702Reputation: 702Reputation: 702Reputation: 702Reputation: 702Reputation: 702Reputation: 702
What is in the log files: messages, syslog or secure?
 
Old 04-28-2015, 02:16 AM   #3
bangnagr
Member
 
Registered: Jan 2013
Posts: 48

Original Poster
Rep: Reputation: 4
Quote:
Originally Posted by smallpond View Post
What is in the log files: messages, syslog or secure?
I tried log files, but strangely, nothing happens in log files, no changes - not even a line is scrolled up. I'm pasting log files after server fresh boot.
For every log file debug, I issued command 'rndc -s wormhole.movie.edu status'. Nothing changes.

Master Server (toystory)

Code:
[root@toystory ~]# tail -f /var/named/data/named.run
automatic empty zone: D.F.IP6.ARPA
automatic empty zone: 8.E.F.IP6.ARPA
automatic empty zone: 9.E.F.IP6.ARPA
automatic empty zone: A.E.F.IP6.ARPA
automatic empty zone: B.E.F.IP6.ARPA
automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
reloading configuration succeeded
reloading zones succeeded
all zones loaded
running

[root@toystory ~]# tail -f /var/log/messages
Apr 28 11:19:06 toystory systemd: Starting user-0.slice.
Apr 28 11:19:06 toystory systemd: Created slice user-0.slice.
Apr 28 11:19:06 toystory systemd: Starting Session 1 of user root.
Apr 28 11:19:06 toystory systemd: Started Session 1 of user root.
Apr 28 11:19:06 toystory systemd-logind: New session 1 of user root.
Apr 28 11:19:43 toystory systemd: Starting Session 2 of user root.
Apr 28 11:19:43 toystory systemd: Started Session 2 of user root.
Apr 28 11:19:43 toystory systemd-logind: New session 2 of user root.
Apr 28 11:30:04 toystory systemd: Starting Cleanup of Temporary Directories...
Apr 28 11:30:04 toystory systemd: Started Cleanup of Temporary Directories.

[root@toystory ~]# tail -f /var/log/secure
Apr 28 11:15:21 toystory polkitd[604]: Loading rules from directory /etc/polkit-1/rules.d
Apr 28 11:15:21 toystory polkitd[604]: Loading rules from directory /usr/share/polkit-1/rules.d
Apr 28 11:15:21 toystory polkitd[604]: Finished loading, compiling and executing 2 rules
Apr 28 11:15:21 toystory polkitd[604]: Acquired the name org.freedesktop.PolicyKit1 on the system bus
Apr 28 11:15:26 toystory sshd[821]: Server listening on 0.0.0.0 port 22.
Apr 28 11:15:26 toystory sshd[821]: Server listening on :: port 22.
Apr 28 11:19:06 toystory sshd[1991]: Accepted password for root from 10.249.249.1 port 50186 ssh2
Apr 28 11:19:06 toystory sshd[1991]: pam_unix(sshd:session): session opened for user root by (uid=0)
Apr 28 11:19:43 toystory sshd[2021]: Accepted password for root from 10.249.249.1 port 50188 ssh2
Apr 28 11:19:43 toystory sshd[2021]: pam_unix(sshd:session): session opened for user root by (uid=0)
I've also opened rndc port in IPTABLES in both server and slave.
Code:
[root@toystory ~]# iptables -vL --line-number
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1     1999  187K ACCEPT     all  --  any    any     anywhere             anywhere             state RELATED,ESTABLISHED
2        0     0 ACCEPT     icmp --  any    any     anywhere             anywhere            
3       86  5546 ACCEPT     all  --  lo     any     anywhere             anywhere            
4        2   120 ACCEPT     tcp  --  any    any     anywhere             anywhere             state NEW tcp dpt:ssh
5        0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             state NEW tcp dpt:domain
6        1    71 ACCEPT     udp  --  any    any     anywhere             anywhere             state NEW udp dpt:domain
7        0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             state NEW tcp dpt:rndc
8        0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             state NEW udp dpt:rndc
9       31  5362 REJECT     all  --  any    any     anywhere             anywhere             reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 REJECT     all  --  any    any     anywhere             anywhere             reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT 735 packets, 98076 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
     

[root@wormhole ~]# iptables -vL --line-numbers
Chain INPUT (policy ACCEPT 51 packets, 3852 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere            state NEW tcp dpt:domain 
2        0     0 ACCEPT     udp  --  any    any     anywhere             anywhere            state NEW udp dpt:domain 
3        7   420 ACCEPT     tcp  --  any    any     anywhere             anywhere            state NEW tcp dpt:rndc 
4        0     0 ACCEPT     udp  --  any    any     anywhere             anywhere            state NEW udp dpt:rndc 

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1       12  8789 ACCEPT     all  --  eth0   eth1    anywhere             anywhere            state RELATED,ESTABLISHED 
2       12   852 ACCEPT     all  --  eth1   eth0    anywhere             anywhere            

Chain OUTPUT (policy ACCEPT 41 packets, 6308 bytes)
num   pkts bytes target     prot opt in     out     source               destination
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
bind rndc not work:"rndc: connect failed: timed out" echox Linux - Server 2 08-20-2010 01:19 AM
[SOLVED] Bind and rndc problems!! How do I remove rndc? TylerD75 Linux - Server 4 01-06-2010 09:40 AM
what is the best way using remote control to control rhel server? hocheetiong Linux - Newbie 1 11-02-2007 04:10 AM
BIND/rndc Question m3kgt Linux - Networking 2 12-12-2003 04:53 AM
Questions (remote control & mount --bind) DenShinobi Linux - Newbie 2 02-05-2002 10:57 PM


All times are GMT -5. The time now is 08:30 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration