I have read a lot of threads about this topic and tried everything as best of my knowledge but I still can not make it to work.

Need specific directions on whats wrong, missing or how to debug the problem.


Here is the DHCP error:

14:49:05 Unable to add forward map from service2.example.com. to 192.168.1.150: timed out
14:49:05 DHCPREQUEST for 192.168.1.150 from 00:04:75:d3:9f:27 (service2) via ETH02
14:49:05 DHCPACK on 192.168.1.150 to 00:04:75:d3:9f:27 (service2) via ETH02
14:49:07 Unable to add forward map from service2.example.com. to 192.168.1.150: timed out
14:49:07 DHCPREQUEST for 192.168.1.150 from 00:04:75:d3:9f:27 (service2) via ETH02
14:49:07 DHCPACK on 192.168.1.150 to 00:04:75:d3:9f:27 (service2) via ETH02


Here is the system and software version:

Server is a ZEROSHELL with:
BIND 9.5.1-P2
Internet Systems Consortium DHCP Server V3.1.1
Linux version 2.6.25.20 (root@nexus.example.com) (gcc version 4.3.2 (GCC) ) #1 SMP Thu May 14 23:12:00 CEST 2009

Clients are Windows XP workstations


Here is my rndc.conf:
----------------------------------------------------------
key "rndc-key" {
algorithm hmac-md5;
secret "tZW4xN5xKEkf1P1QHN1iGQ==";
};

options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};
----------------------------------------------------------

Here is my dhcpd.conf:
---------------------------------------------------------
authoritative;
ddns-domainname "example.com.";
ddns-rev-domainname "in-addr.arpa";
ddns-update-style interim;
ddns-updates on;
allow client-updates;
allow unknown-clients;

key "rndc-key" {
algorithm hmac-md5;
secret "tZW4xN5xKEkf1P1QHN1iGQ==";
}

zone example.com {
primary 127.0.0.1;
key rndc-key;
}

zone 1.168.192.in-addr.arpa {
primary 127.0.0.1;
key rndc-key;
}

subnet 192.168.1.0 netmask 255.255.255.0 {
option routers 192.168.1.75;
option subnet-mask 255.255.255.0;
option domain-name "example.com";
option domain-name-servers 192.168.1.75;
default-lease-time 259200;
max-lease-time 604800;
range 192.168.1.150 192.168.1.250;
}
--------------------------------------------------------------

Here is my named.conf:
--------------------------------------------------------------
options {
directory "/var/register/system/dns/data/";
listen-on port 53 { any; };
allow-transfer {
192.168.0.20;
192.168.0.21;
};
also-notify {
192.168.0.20;
192.168.0.21;
};
version none;
};
logging {
category "general" { "general"; };
channel "general" {
file "/tmp/bind.log";
print-time yes;
};
category update { update_debug; };
channel update_debug {
file "/tmp/update-debug.log";
severity debug 3;
print-category yes;
print-severity yes;
print-time yes;
};
category security { security_info; };
channel security_info {
file "/tmp/named-auth.info";
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
};

key "rndc-key" {
algorithm hmac-md5;
secret "tZW4xN5xKEkf1P1QHN1iGQ==";
};

controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};

zone "." IN {
type hint;
file "root.cache";
};
zone "0.168.192.in-addr.arpa" {
type master;
database "ldap ldap://127.0.0.1/dc=0,dc=168,dc=192,dc=in-addr,dc=arpa,ou=DNS,dc=example,dc=com 172800";
allow-update { key "rndc-key"; };
};
zone "1.168.192.in-addr.arpa" {
type master;
database "ldap ldap://127.0.0.1/dc=1,dc=168,dc=192,dc=in-addr,dc=arpa,ou=DNS,dc=example,dc=com 172800";
allow-update { key "rndc-key"; };
};
zone "example.com" {
type master;
database "ldap ldap://127.0.0.1/dc=example,dc=com,ou=DNS,dc=example,dc=com 172800";
allow-update { key "rndc-key"; };
};
zone "conecodepr.com" {
type forward;
forwarders { 192.168.0.80;192.168.0.20;192.168.0.1; };
};
-------------------------------------------------------------

Is there any other information that is needed to be able to help me?
Please advice, I am a new with Linux, that is why I started this thread on the newbee forum.

In my bind configuration the 'allow-update' line looks like this: allow-update { key rndc-key; };

Further more, I would try:
Basically remove the quotes around the key.
The last thing that I have seen very quickly, is that at some places you forgot the semicolon after some of the brackets in named.conf. As you can see in the piece of code in this post, you have to end with }; at all times.

Arjan

OK Arjan.

I changed my named.conf as suggested (did not touch any other file)

But I still get the same errors:

10:11:44 Unable to add forward map from service2.example.com. to 192.168.1.150: timed out
10:11:44 DHCPREQUEST for 192.168.1.150 from 00:04:75:d3:9f:27 (service2) via ETH02
10:11:44 DHCPACK on 192.168.1.150 to 00:04:75:d3:9f:27 (service2) via ETH02
10:11:47 Unable to add forward map from service2.example.com. to 192.168.1.150: timed out
10:11:47 DHCPREQUEST for 192.168.1.150 from 00:04:75:d3:9f:27 (service2) via ETH02
10:11:47 DHCPACK on 192.168.1.150 to 00:04:75:d3:9f:27 (service2) via ETH02


new named.conf
---------------------------------------------------------------------
options {
directory "/var/register/system/dns/data/";
listen-on port 53 { any; };
allow-transfer {
192.168.0.20;
192.168.0.21;
};
also-notify {
192.168.0.20;
192.168.0.21;
};
version none;
};

logging {
category "general" { "general"; };
channel "general" {
file "/tmp/bind.log";
print-time yes;
};
category update { update_debug; };
channel update_debug {
file "/tmp/update-debug.log";
severity debug 3;
print-category yes;
print-severity yes;
print-time yes;
};
category security { security_info; };
channel security_info {
file "/tmp/named-auth.info";
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
};

key rndc-key {
algorithm hmac-md5;
secret "tZW4xN5xKEkf1P1QHN1iGQ==";
};

controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { rndc-key; };
};

zone "." IN {
type hint;
file "root.cache";
};
zone "0.168.192.in-addr.arpa" {
type master;
database "ldap ldap://127.0.0.1/dc=0,dc=168,dc=192,dc=in-addr,dc=arpa,ou=DNS,dc=example,dc=com 172800";
allow-update { key rndc-key; };
};
zone "1.168.192.in-addr.arpa" {
type master;
database "ldap ldap://127.0.0.1/dc=1,dc=168,dc=192,dc=in-addr,dc=arpa,ou=DNS,dc=example,dc=com 172800";
allow-update { key rndc-key; };
};
zone "example.com" {
type master;
database "ldap ldap://127.0.0.1/dc=example,dc=com,ou=DNS,dc=example,dc=com 172800";
allow-update { key rndc-key; };
};
zone "conecodepr.com" {
type forward;
forwarders { 192.168.0.80;192.168.0.20;192.168.0.1; };
};
------------------------------------------------------------------------

...

Is the user and group running named the owner of and have read & write access to the zone files?

Arjan

The distro is: Zeroshell

The user is the root account.

The zone files are actually handled by ldap as can be seen on the zone definitions.

Sorry, my bad...

Are there ldap related errors? It looks as if bind doesn't have access to ldap to store its DNS records.

Thank you for your interest in help me.

The LDAP logs did not show any errors. I think the problem is the Zeroshell Distro, so I decided to stop troubleshooting this problem and give a try to pfSense instead.

Thanks again;

Jose

I moved to pfSense and found that pfSense uses TinyDNS instead of BIND, so it created another problem of compatibility with Windows DNS Server, so I moved again.

Now I moved to Engarde Linux Distribution, but I still have the same kind of problems. I posted the question on the Engarde Forums but seems that no one knows how to help me, so I am posting the question here again.

I need help to configure DHCP DNS integration.
Meaning to have the DHCP to update the DNS when ever it refresh or assign the IP to a client.

I included my dhcpd.conf and named.conf for inspection.
Is it something wrong or missing that I need for the updates to happen?

Engarde is running version 3.0.22

My network is:

Windows XP Client 192.168.1.151 DHCP Assign
|
^
Inside LAN 192.168.1.0/24
|
^
Engarde Inside NIC 192.168.1.75 Static IP, DHCP Server enabled
|||
Engarde Outside NIC 192.168.0.75 Static IP
|
^
Outside LAN 192.168.0.0/24 Static and DHCP assign by other DHCP server
|
^
Linksys Router Inside IP 192.168.0.90 Static IP
Linksys Router Outside IP Internet Static ISP Provider Assigned


My /etc/dhcpd.conf :
____________________________________________________

authoritative;
ddns-domainname "engnet.com.";
ddns-rev-domainname "in-addr.arpa.";
ddns-update-style interim;
ddns-updates on;
ignore client-updates;
allow unknown-clients;

key "rndc-key" {
algorithm hmac-md5;
secret "bF+l8xBFIDndq+QU5qhjkYEZMUJiBRa40clj8DCcuI2 ....";
};

zone engnet.com. {
primary 127.0.0.1;
key rndc-key;
}

subnet 192.168.1.0 netmask 255.255.255.0 {
### RangeID 1
option routers 192.168.1.75;
option subnet-mask 255.255.255.0;

option domain-name "engnet.com";
option domain-name-servers 192.168.1.75;

range 192.168.1.100 192.168.1.250;

default-lease-time 43200;
max-lease-time 86400;

zone 1.168.192.in-addr.arpa. {
primary 127.0.0.1;
key rndc-key;
}

}

_______________________________________________________
[end dhcpd.conf]


My /var/chroot/named/etc/named.conf :

_______________________________________________________
// This is a configuration file for named (from BIND 8.1 or later).
// It would normally be installed as /etc/named.conf.

controls {
inet 127.0.0.1 allow { localhost; } keys { rndc-key; };
};

include "/etc/rndc.key";

options {
# This was added for security purposes under BIND 9.
version "None of your business.";


directory "/var/named";
dump-file "/var/tmp/named_dump.db"; // _PATH_DUMPFILE
pid-file "/var/run/named.pid"; // _PATH_PIDFILE
statistics-file "/var/tmp/named.stats"; // _PATH_STATS
memstatistics-file "/var/tmp/named.memstats"; // _PATH_MEMSTATS

check-names master warn;
check-names slave warn;
check-names response warn;
notify yes;
datasize 20M;
allow-transfer {
any;
};
allow-query {
any;
};
forward only;
listen-on {
192.168.1.75;
};
forwarders {
192.168.0.80;
192.168.0.20;
192.168.0.1;
};
};


logging {
category lame-servers { null; };
category cname { null; };

// Configure default level of application debugging
channel named_debug {
file "/var/log/named.debug.log" versions 3 size 10m;
severity debug 4;
print-time yes;
print-category yes;
};
category default {
default_syslog; default_debug; named_debug;
};

// Send operating system problem messages to named.debug log
channel os_info {
severity debug;
file "/var/log/named.os.log" versions 3 size 5m;
print-time yes;
print-category yes;
};
category os { os_info; default_syslog; named_debug; };

// Record all queries to the box for now
// channel query_info {
// severity info;
// file "/var/log/named.query.log" versions 3 size 5m;
// print-time yes;
// print-category yes;
// };
// category queries { query_info; named_debug; };

// Print all security-related messages to named.security file
channel security_info {
severity debug;
file "/var/log/named.security.log" versions 3 size 5m;
print-time yes;
print-category yes;
};
category security { security_info; default_syslog; default_debug; };

// Print negative caching messages to named.cache.log
channel cache_info {
severity debug;
file "/var/log/named.cache.log" versions 3 size 5m;
print-time yes;
print-category yes;
};
category ncache { cache_info; default_syslog; default_debug; };

// Print any fatal problems to named.fatal.log
channel panic_info {
severity debug;
file "/var/log/named.panic.log" versions 3 size 5m;
print-time yes;
print-category yes;
};
category panic { panic_info; default_syslog; default_debug; };

// Print statistics information to named.stats.log
channel stats_info {
severity debug;
file "/var/log/named.stats.log" versions 3 size 5m;
print-time yes;
print-category yes;
};
category statistics { stats_info; };

channel response_info {
null;
};
category response-checks { response_info; };

};

zone "localhost" {
type master;
file "master/localhost";
check-names fail;
allow-update { none; };
allow-transfer { any; };
};

zone "0.0.127.in-addr.arpa" {
type master;
file "master/127.0.0";
allow-update { none; };
allow-transfer { any; };
};

zone "." {
type hint;
file "named.root";
};


zone "engnet.com." {
type master;
file "master/db.engnet.com.";
allow-query {
any;
};
allow-transfer {
any;
};
allow-update {
any;
};
};

zone "1.168.192.in-addr.arpa." {
type master;
file "master/db.1.168.192.in-addr.arpa.";
allow-query {
any;
};
allow-transfer {
any;
};
allow-update {
any;
};
};

For some reason I was not clear enough an someone post this at the Engarde Forum:

Hi,

You haven't really told us what you have done to make it work. What is the actual problem? What do the error logs say? Have you tried tcpdump to see if you are communicating with your dhcp server from the client? What clients are you using?

Read this HOWTO, written quite a while ago, but still highly recommended:

http://www.linuxquestions.org/linux/...P_Server_Howto

Regards,
Person

So I replied:

Hi,

Answering your questions in the hope that you could help me solve this problem:

[You haven't really told us what you have done to make it work.] By inspecting the dhcpd.conf and named.conf provided can be seen that I already added the:

dhcpd.conf:
ddns-update-style interim;
ddns-updates on;
etc ..

named.conf:
allow-update {
any;
};

[What is the actual problem?] I need help to configure DHCP DNS integration. Meaning to have the DHCP to update the DNS when ever it refresh or assign the IP to a client.

[What do the error logs say?]

At first there were no dhcpd/named error related logs for some time, now I am getting the following errors:

Filter by dhcpd:

Mar 25 09:48:34 engarde dhcpd: DHCPOFFER on 192.168.1.203 to 00:0c:29:c5:cc:62 (BATCH-HIST) via eth2
Mar 25 09:48:34 engarde dhcpd: Unable to add forward map from BATCH-HIST.engnet.com. to 192.168.1.203: connection refused
Mar 25 09:48:34 engarde dhcpd: DHCPREQUEST for 192.168.1.203 (192.168.1.75) from 00:0c:29:c5:cc:62 (BATCH-HIST) via eth2
Mar 25 09:48:34 engarde dhcpd: DHCPACK on 192.168.1.203 to 00:0c:29:c5:cc:62 (BATCH-HIST) via eth2
Mar 25 09:53:22 engarde dhcpd: DHCPDISCOVER from 00:0c:29:33:f1:94 via eth2
Mar 25 09:53:23 engarde dhcpd: DHCPOFFER on 192.168.1.158 to 00:0c:29:33:f1:94 (BATCH-EXEC) via eth2
Mar 25 09:53:23 engarde dhcpd: Unable to add forward map from BATCH-EXEC.engnet.com. to 192.168.1.158: connection refused
Mar 25 09:53:23 engarde dhcpd: DHCPREQUEST for 192.168.1.158 (192.168.1.75) from 00:0c:29:33:f1:94 (BATCH-EXEC) via eth2
Mar 25 09:53:23 engarde dhcpd: DHCPACK on 192.168.1.158 to 00:0c:29:33:f1:94 (BATCH-EXEC) via eth2
Mar 25 10:42:38 engarde dhcpd: Unable to add forward map from BackupServer.engnet.com. to 192.168.1.160: connection refused
Mar 25 10:42:38 engarde dhcpd: Wrote 10 leases to leases file.
Mar 25 10:42:39 engarde dhcpd: DHCPREQUEST for 192.168.1.160 from 00:0c:29:53:f9:b9 (BackupServer) via eth2
Mar 25 10:42:39 engarde dhcpd: DHCPACK on 192.168.1.160 to 00:0c:29:53:f9:b9 (BackupServer) via eth2
Mar 25 10:54:30 engarde dhcpd: Unable to add forward map from service2.engnet.com. to 192.168.1.152: connection refused
Mar 25 10:54:30 engarde dhcpd: DHCPREQUEST for 192.168.1.152 from 00:04:75:d3:9f:27 (service2) via eth2
Mar 25 10:54:30 engarde dhcpd: DHCPACK on 192.168.1.152 to 00:04:75:d3:9f:27 (service2) via eth2
Mar 25 10:54:38 engarde dhcpd: Unable to add forward map from SERVICE1.engnet.com. to 192.168.1.151: connection refused
Mar 25 10:54:38 engarde dhcpd: DHCPREQUEST for 192.168.1.151 from 00:10:b5:91:72:18 (SERVICE1) via eth2
Mar 25 10:54:38 engarde dhcpd: DHCPACK on 192.168.1.151 to 00:10:b5:91:72:18 (SERVICE1) via eth2
Mar 25 11:39:43 engarde dhcpd: DHCPINFORM from 192.168.1.160 via eth2
Mar 25 11:39:43 engarde dhcpd: DHCPACK to 192.168.1.160 (00:0c:29:53:f9:b9) via eth2
Mar 25 11:42:31 engarde dhcpd: DHCPINFORM from 192.168.1.159 via eth2
Mar 25 11:42:31 engarde dhcpd: DHCPACK to 192.168.1.159 (00:0c:29:78:dd:c7) via eth2

Filter by named:

Mar 25 09:48:18 engarde named[3399]: master/db.1.168.192.in-addr.arpa..jnl: open: permission denied
Mar 25 09:48:18 engarde named[3399]: client 192.168.1.159#64320: updating zone '1.168.192.in-addr.arpa/IN': error: journal open failed: unexpected error
Mar 25 09:50:32 engarde named[3399]: client 192.168.1.155#1028: updating zone '1.168.192.in-addr.arpa/IN': deleting an RR
Mar 25 09:50:32 engarde named[3399]: master/db.1.168.192.in-addr.arpa..jnl: open: permission denied
Mar 25 09:50:32 engarde named[3399]: client 192.168.1.155#1028: updating zone '1.168.192.in-addr.arpa/IN': error: journal open failed: unexpected error
Mar 25 09:50:32 engarde named[3399]: client 192.168.1.155#1028: updating zone '1.168.192.in-addr.arpa/IN': deleting rrset at '155.1.168.192.in-addr.arpa' PTR
Mar 25 09:50:32 engarde named[3399]: client 192.168.1.155#1028: updating zone '1.168.192.in-addr.arpa/IN': adding an RR at '155.1.168.192.in-addr.arpa' PTR
Mar 25 09:50:32 engarde named[3399]: client 192.168.1.155#1028: updating zone '1.168.192.in-addr.arpa/IN': adding an RR at '155.1.168.192.in-addr.arpa' PTR
Mar 25 09:55:32 engarde named[3399]: client 192.168.1.155#1028: updating zone '1.168.192.in-addr.arpa/IN': deleting an RR
Mar 25 09:55:32 engarde named[3399]: master/db.1.168.192.in-addr.arpa..jnl: open: permission denied
Mar 25 09:55:32 engarde named[3399]: client 192.168.1.155#1028: updating zone '1.168.192.in-addr.arpa/IN': error: journal open failed: unexpected error
Mar 25 09:55:32 engarde named[3399]: client 192.168.1.155#1028: updating zone '1.168.192.in-addr.arpa/IN': deleting rrset at '155.1.168.192.in-addr.arpa' PTR
Mar 25 09:55:32 engarde named[3399]: client 192.168.1.155#1028: updating zone '1.168.192.in-addr.arpa/IN': adding an RR at '155.1.168.192.in-addr.arpa' PTR
Mar 25 09:55:32 engarde named[3399]: client 192.168.1.155#1028: updating zone '1.168.192.in-addr.arpa/IN': adding an RR at '155.1.168.192.in-addr.arpa' PTR
Mar 25 09:58:18 engarde named[3399]: client 192.168.1.159#55763: updating zone '1.168.192.in-addr.arpa/IN': deleting rrset at '159.1.168.192.in-addr.arpa' PTR
Mar 25 09:58:18 engarde named[3399]: client 192.168.1.159#55763: updating zone '1.168.192.in-addr.arpa/IN': adding an RR at '159.1.168.192.in-addr.arpa' PTR
Mar 25 09:58:18 engarde named[3399]: master/db.1.168.192.in-addr.arpa..jnl: open: permission denied
Mar 25 09:58:18 engarde named[3399]: client 192.168.1.159#55763: updating zone '1.168.192.in-addr.arpa/IN': error: journal open failed: unexpected error
Mar 25 10:03:18 engarde named[3399]: client 192.168.1.159#64332: updating zone '1.168.192.in-addr.arpa/IN': deleting rrset at '159.1.168.192.in-addr.arpa' PTR
Mar 25 10:03:18 engarde named[3399]: client 192.168.1.159#64332: updating zone '1.168.192.in-addr.arpa/IN': adding an RR at '159.1.168.192.in-addr.arpa' PTR
Mar 25 10:03:18 engarde named[3399]: master/db.1.168.192.in-addr.arpa..jnl: open: permission denied
Mar 25 10:03:18 engarde named[3399]: client 192.168.1.159#64332: updating zone '1.168.192.in-addr.arpa/IN': error: journal open failed: unexpected error
Mar 25 10:55:33 engarde named[3399]: client 192.168.1.155#1028: updating zone '1.168.192.in-addr.arpa/IN': deleting an RR
Mar 25 10:55:33 engarde named[3399]: master/db.1.168.192.in-addr.arpa..jnl: open: permission denied
Mar 25 10:55:33 engarde named[3399]: client 192.168.1.155#1028: updating zone '1.168.192.in-addr.arpa/IN': error: journal open failed: unexpected error
Mar 25 10:55:33 engarde named[3399]: client 192.168.1.155#1028: updating zone '1.168.192.in-addr.arpa/IN': deleting rrset at '155.1.168.192.in-addr.arpa' PTR
Mar 25 10:55:33 engarde named[3399]: client 192.168.1.155#1028: updating zone '1.168.192.in-addr.arpa/IN': adding an RR at '155.1.168.192.in-addr.arpa' PTR
Mar 25 10:55:33 engarde named[3399]: client 192.168.1.155#1028: updating zone '1.168.192.in-addr.arpa/IN': adding an RR at '155.1.168.192.in-addr.arpa' PTR
Mar 25 11:03:19 engarde named[3399]: client 192.168.1.159#57776: updating zone '1.168.192.in-addr.arpa/IN': deleting rrset at '159.1.168.192.in-addr.arpa' PTR
Mar 25 11:03:19 engarde named[3399]: client 192.168.1.159#57776: updating zone '1.168.192.in-addr.arpa/IN': adding an RR at '159.1.168.192.in-addr.arpa' PTR

[Have you tried tcpdump to see if you are communicating with your dhcp server from the client? What clients are you using?]
I am new to Linux and Engarde. I do not even know that (tcpdump) exists or how to use it.
Also I though that it was clear from "My Network is" description that the clients are getting their IP assigned by DHCP and that were Windows Clients


I hope this has made the problem more clear!
Thanks for inquiring.

Jose

PS: In my opinion this feature (DHCP/DNS updates) should be included as part of the provided Web Configurator on any package, it even should be the default behavior between DHCP and DNS services.

Then after a couple of days I added the following:

From the named logs we see there is a permission denied error when trying to open the .jnl files.
So I am including the files permission setting of the .jnl for more info, so anyone may help me solve the problem.
The process list is below it.

Still waiting for help;

Jose T.

[root@engarde named]# ls -la
total 56
drwxr-xr-x 4 root root 4096 2010-03-02 13:08 .
drwxr-xr-x 6 root root 4096 2010-02-26 17:02 ..
drwx------ 2 named named 4096 2010-03-12 17:30 master
-rw------- 1 named root 4156 2007-03-03 11:24 named.conf
-rw------- 1 named root 2514 2008-11-20 10:41 named.root
-rw------- 1 named root 0 1998-07-24 08:50 *beep*
drwx------ 2 named named 4096 1998-07-24 08:50 slave

[root@engarde master]# ls -la
total 132
drwx------ 2 named named 4096 2010-03-12 17:30 .
drwxr-xr-x 4 root root 4096 2010-03-02 13:08 ..
-rwx------ 1 named named 201 2000-11-09 17:00 127.0.0
-rwx------ 1 named named 169 2000-11-09 17:00 bind
-rw-r--r-- 1 named named 434 2010-03-12 17:30 db.1.168.192.in-addr.arpa.
-rw-r--r-- 1 named named 58932 2010-03-12 17:16 db.1.168.192.in-addr.arpa..jnl
-rw-r--r-- 1 named named 389 2010-03-09 17:15 db.engnet.com.
-rw-r--r-- 1 named named 759 2010-03-09 17:01 db.engnet.com..jnl
-rwx------ 1 named named 169 2000-11-09 17:00 localhost


[root@engarde master]# ps -ef
UID PID PPID C STIME TTY TIME CMD
root 1 0 0 Mar23 ? 00:00:27 init [3]
root 2 0 0 Mar23 ? 00:00:00 [kthreadd]
root 3 2 0 Mar23 ? 00:00:00 [migration/0]
root 4 2 0 Mar23 ? 00:00:06 [ksoftirqd/0]
root 5 2 0 Mar23 ? 00:00:00 [watchdog/0]
root 6 2 0 Mar23 ? 00:01:00 [events/0]
root 7 2 0 Mar23 ? 00:00:00 [khelper]
root 62 2 0 Mar23 ? 00:00:00 [kblockd/0]
root 63 2 0 Mar23 ? 00:00:00 [kacpid]
root 64 2 0 Mar23 ? 00:00:00 [kacpi_notify]
root 131 2 0 Mar23 ? 00:00:00 [ata/0]
root 132 2 0 Mar23 ? 00:00:00 [ata_aux]
root 135 2 0 Mar23 ? 00:00:00 [ksuspend_usbd]
root 141 2 0 Mar23 ? 00:00:00 [khubd]
root 144 2 0 Mar23 ? 00:00:00 [kseriod]
root 176 2 0 Mar23 ? 00:00:00 [pdflush]
root 177 2 0 Mar23 ? 00:00:16 [pdflush]
root 178 2 0 Mar23 ? 00:00:00 [kswapd0]
root 179 2 0 Mar23 ? 00:00:00 [aio/0]
root 916 2 0 Mar23 ? 00:00:10 [kjournald]
root 986 2 0 Mar23 ? 00:00:04 [kjournald]
root 987 2 0 Mar23 ? 00:00:07 [kjournald]
root 1163 2 0 Mar23 ? 00:00:00 [scsi_eh_0]
root 1255 1 0 Mar23 ? 00:00:00 pump -i eth1
root 3243 1 0 Mar23 ? 00:00:17 /sbin/syslog-ng --cfgfile=/etc/s
root 3251 1 0 Mar23 ? 00:00:00 klogd -c 1
root 3264 1 0 Mar23 ? 00:00:07 crond
root 3353 1 0 Mar23 ? 00:00:00 /usr/sbin/smartd
root 3365 1 0 Mar23 ? 00:00:00 /usr/sbin/acpid
root 3383 1 0 Mar23 ? 00:00:00 xinetd -reuse -stayalive
named 3399 1 0 Mar23 ? 00:00:43 /usr/sbin/named -4 -c /var/named
ntp 3419 1 0 Mar23 ? 00:00:42 ntpd -A -c /etc/ntp/ntp.conf -f
root 3429 1 0 Mar23 ? 00:00:00 /usr/sbin/sshd
root 3441 1 0 Mar23 ? 00:00:01 /usr/sbin/dhcpd
root 3459 1 0 Mar23 tty1 00:00:00 /sbin/mingetty tty1
root 3460 1 0 Mar23 tty2 00:00:00 /sbin/mingetty tty2
root 3461 1 0 Mar23 tty3 00:00:00 /sbin/mingetty tty3
root 3462 1 0 Mar23 tty4 00:00:00 /sbin/mingetty tty4
root 3463 1 0 Mar23 tty5 00:00:00 /sbin/mingetty tty5
root 3464 1 0 Mar23 tty6 00:00:00 /sbin/mingetty tty6
root 26955 3429 0 13:32 ? 00:00:00 sshd: root@ttyp0
root 26959 26955 0 13:32 ttyp0 00:00:00 -bash
root 26974 26959 0 13:32 ttyp0 00:00:00 newrole -r sysadm_r
root 26975 26974 0 13:32 ttyp0 00:00:00 -/bin/bash
root 27065 26975 0 13:41 ttyp0 00:00:00 ps -ef
root 28293 1 0 Mar26 ? 00:00:23 webtoold

Is rndc.key accessable?
Is the key in rndc.key the same as in dhcpd.conf?

To test if the file was accesible I changed the named.conf from
Include "/etc/rndc.key";
To
Include "/var/chroot/named/etc/rndc.key";

Restarted the named service and it failed with a file not found error.
Then I change back to
Include "/etc/rndc.key";

Restarted again and the service started succesfully. So the file is accessible.

The key is the same as in the dhcpd.conf, I cut part of it in this thread as this is supposed to be not published. For chance I recheck again and is the same.

Jose