LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Fedora (https://www.linuxquestions.org/questions/fedora-35/)
-   -   Setting up Bind and rndc.key on Fedora Core 2 (https://www.linuxquestions.org/questions/fedora-35/setting-up-bind-and-rndc-key-on-fedora-core-2-a-189002/)

hookooekoo 06-02-2004 06:12 PM
Setting up Bind and rndc.key on Fedora Core 2
 
Hi all, any help would be greatly appreciated.

I have setup a perfectly working DNS server on Red Hat 9, but I am not as lucky with a chroot-bind on Fedora. The problem I am having is with the rndc key, and I have had little luck searching for guides and/or answers.

I ran rndc-confgen and got the following,

Code:
# Start of rndc.conf
key "rndckey" {
        algorithm hmac-md5;
        secret "q3k3SzpxASgKHCZpG1LeMw==";
};

options {
        default-key "rndckey";
        default-server 127.0.0.1;
        default-port 953;
};
# End of rndc.conf


# Use with the following in named.conf, adjusting the allow list as needed:
# key "rndckey" {
#      algorithm hmac-md5;
#      secret "q3k3SzpxASgKHCZpG1LeMw==";
# };
#
# controls {
#      inet 127.0.0.1 port 953
#              allow { 127.0.0.1; } keys { "rndckey"; };
# };
# End of named.conf
I put each corresponding code into rndc.conf and named.conf.

Code:
[root@ns3 etc]# cat named.conf
controls {
        inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
 
include "/var/named/chroot/etc/named.custom";
 
include "/var/named/chroot/etc/rndc.key";
 
# Use with the following in named.conf, adjusting the allow list as needed:

key "rndckey" {
        algorithm hmac-md5;
        secret "q3k3SzpxASgKHCZpG1LeMw==";
};
 
 controls {
      inet 127.0.0.1 port 953
              allow { 127.0.0.1; } keys { "rndckey"; };
};
 
zone  "0.0.127.in-addr.arpa" {
        type master;
        file  "0.0.127.in-addr.arpa.zone";
};
and rndc.conf

Code:
[root@ns3 etc]# cat rndc.conf
# Start of rndc.conf
key "rndckey" {
        algorithm hmac-md5;
        secret "q3k3SzpxASgKHCZpG1LeMw==";
};
options {
        default-key "rndckey";
        default-server 127.0.0.1;
        default-port 953;
};
# End of rndc.conf
And this step I a m not sure about, as rndc.key was empty, so I added the code again here.


Code:
[root@ns3 etc]# cat rndc.key
key "rndckey" {
        algorithm hmac-md5;
        secret "q3k3SzpxASgKHCZpG1LeMw==";
};
I have also done the following...

I have added to /etc/sysconfig/iptables

Code:
-A RH-Firewall-1-INPUT -m state --state NEW -p tcp --dport 53 -j
and made sure named had ownership of rndc.key and all named files in the chroot directory.

Now to the ever popular problem.

Code:
[root@ns3 named]# /etc/init.d/named restart
Stopping named: rndc: connect failed: connection refused
[FAILED]
Starting named: [  OK  ]

hookooekoo 06-02-2004 06:40 PM
I have actuually changed rndc.conf to the following to reflect how it was done in RH 9


Code:
[root@ns3 etc]# cat rndc.conf
options {
        default-server  localhost;
        default-key    "rndckey";
};

server localhost {
        key    "rndckey";
};

include "/var/named/chroot/etc/rndc.key";
still same error.

aneeshep 04-07-2010 12:28 AM
hi,

just try this command as root

Code:
lsof -i :953
you will get output like this (if named daemon is running)

Code:
COMMAND  PID  USER  FD  TYPE DEVICE SIZE NODE NAME
named  3470 named  22u  IPv4  12464      TCP localhost.localdomain:rndc (LISTEN)
Named daemon is listening on port 953 for rndc requests. So you should open port 953 in the firewall for rndc to work properly .Hope this help.

Aneesh
-----------------------------
findasolution.in
-----------------------------


All times are GMT -5. The time now is 08:45 PM.