Thanks to everyone!...
I have solved this problem myself...
And just in case if someone has the same problem, as I realized
it is presented only on the Debian based systems...
Actually there is problem with rndc.key file, not in rndc.conf...
In /etc/bind/rndc.key file there are couple of lines that look like this:
Quote:
key "rndc-key" {
algorithm hmac-md5;
secret "xNs6leSB5Akl1Eqb7Jv3fw==";
};
|
and it is important to meet the same line "secret" in the /etc/bind/named.conf file...
To achieve this you need to run:
it would generate text similar to this:
Quote:
# Start of rndc.conf
key "rndc-key" {
algorithm hmac-md5;
secret "nV7KozncodpAs2qFxgcA+g==";
};
options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};
# End of rndc.conf
# Use with the following in named.conf, adjusting the allow list as needed:
# key "rndc-key" {
# algorithm hmac-md5;
# secret "nV7KozncodpAs2qFxgcA+g==";
# };
#
# controls {
# inet 127.0.0.1 port 953
# allow { 127.0.0.1; } keys { "rndc-key"; };
# };
# End of named.conf
|
Now, copy eahc block of code to its destination...
For example, first block is for rndc.key file (which is located in the /etc/bind directory),
and second block is commented for named.conf (this file is located in same directory as rndc.key e.g. /etc/bind)...
finally, we should have the same "secret" keys on both rndc.key and named.conf files...
P.S When you copy text generated by rndc-confgen utility in the named.conf file please note that lines are commented and do remove them...
Have fun!...
