How to make DNS master server?? Problems!!!

kayasaman · 09-21-2008, 06:47 PM

I have taken out the part options and created a file called rndc.conf and put that section in there.

Now I get the error:

Code:

Stopping domain name service...: bindrndc: get config key list: not found
 failed!

which indicates that it doesn't like the command 'options'?

So maybe if there's something else that I could use maybe an updated command or something then perhaps it will work?

Or perhaps it's because I am running bind chrooted I don't know

Mr. C. · 09-21-2008, 07:14 PM

I don't see anything obvious. Move the options group above the key group?

Starting named won't care about rndc.conf.

Mr. C. · 09-21-2008, 07:15 PM

The get config key list error occurs because you have no default key listed. You need one for rndc to use. See previous post.

kayasaman · 09-21-2008, 07:27 PM

Hmm ok reversed the options group to the top of the rndc.key file however it is still complaining??

Code:

Stopping domain name service...: bindrndc: error: /etc/bind/rndc.key:1: unknown option 'Options'
rndc: could not load rndc configuration
 failed!
Starting domain name service...: bind.

The above error is gone as I added the options part back into rndc.key and removed rndc.conf completely. But am back to square 2 as I've already passed one!

kayasaman · 09-21-2008, 07:33 PM

Hmm maybe Debian just didn't implement 'options' with rndc or used a different verison??

Mr. C. · 09-21-2008, 07:33 PM

Yeah, I didn't think that was the problem, but wanted to know for sure (thanks for verifying!). Bind doesn't have much concern about order of these groups.

BUT, now I see your error message is different:

error: /etc/bind/rndc.key:1: unknown option 'Options'

The keyword is lowercase. Your previous options error did not show the first letter in uppercase though.

kayasaman · 09-21-2008, 07:40 PM

It was upercase for some reason?? Anyway changed it to lower case and reversed the 'options' back to below the 'key' part.

Error:

Code:

rndc: error: /etc/bind/rndc.key:6: unknown option 'options'
rndc: could not load rndc configuration

So now I'm not sure what to do!

Unless I can reset the system to like before without the use of a key? as then rndc did load! - or reload in my case

Mr. C. · 09-21-2008, 07:42 PM

The options statement has been around since at least v9.2. The OP is using 9.3.4-P1.

kayasaman · 09-21-2008, 07:45 PM

Ok so again, this is part of the named file:

Code:

 key "rndc-key" {
       algorithm hmac-md5;
       secret "JJqB3jsb8+VJIJOfwSdySw==";
 };

 controls {
       inet 127.0.0.1 port 953
               allow { 127.0.0.1; } keys { "rndc-key"; };
 };

rndc.key file:

Code:

key "rndc-key" {
        algorithm hmac-md5;
        secret "JJqB3jsb8+VJIJOfwSdySw==";
};

options {
        default-key "rndc-key";
        default-server 127.0.0.1;
        default-port 953;
};

which was the output generated by rndc-confgen!

I can run it again and see what happens?

billymayday · 09-21-2008, 07:47 PM

I hate to ask a dumb question, but perhaps a new set of eyes helps.

Where do you refer to rndc.key? I can see rndc-key in named.conf, but to "include" or otherwise for rndc.key (unless named.conf.options perhaps?)

Edit sorry - was typing as you made your last post - point remains the same even if it looks a little odd.

kayasaman · 09-21-2008, 07:52 PM

hmm I haven't used any include statements at all!

I don't know if I need to though, but maybe the Debian implementation of this needs that?

All my google'ing for Debian and rndc keys just showed people without the 'options' part in the rndc.key file however the wierd thing is that the system complains with it or without it.

So either the server is experiancing PMT (Pre Mechanical Tension) or I'm missing something vital here.

Mr. C. · 09-21-2008, 08:03 PM

You can include, or copy/paste - so long as the data is seen consistently in both named.conf and rndc.conf and rndc.key.

The error is that you have your options statement in your rndc.key file, and it should be in your rndc.conf file.

kayasaman · 09-21-2008, 08:06 PM

Ok I added an include line into my named.conf file.

include "/etc/bind/rndc.key";

and I removed the options part from the key and put it into rndc.conf.

Which I think is what I did last time?

Anyway now my error is:

Code:

rndc: get config key list: not found

which at least isn't so large as before!

I will attempt to put the include statement into rndc.conf too - maybe it will work?

kayasaman · 09-21-2008, 08:08 PM

???

Code:

rndc: connection to remote host closed
This may indicate that the remote server is using an older version of
the command protocol, this host is not authorized to connect,
or the key is invalid.

with include "/etc/bind/rndc.key"; statement added.

kayasaman · 09-21-2008, 08:16 PM

Ok reverted back to old config: no 'include' line in rndc.conf

- same error as before!

get config key list: not found