hookooekoo |
06-02-2004 06:12 PM |
Setting up Bind and rndc.key on Fedora Core 2
Hi all, any help would be greatly appreciated.
I have setup a perfectly working DNS server on Red Hat 9, but I am not as lucky with a chroot-bind on Fedora. The problem I am having is with the rndc key, and I have had little luck searching for guides and/or answers.
I ran rndc-confgen and got the following,
Code:
# Start of rndc.conf
key "rndckey" {
algorithm hmac-md5;
secret "q3k3SzpxASgKHCZpG1LeMw==";
};
options {
default-key "rndckey";
default-server 127.0.0.1;
default-port 953;
};
# End of rndc.conf
# Use with the following in named.conf, adjusting the allow list as needed:
# key "rndckey" {
# algorithm hmac-md5;
# secret "q3k3SzpxASgKHCZpG1LeMw==";
# };
#
# controls {
# inet 127.0.0.1 port 953
# allow { 127.0.0.1; } keys { "rndckey"; };
# };
# End of named.conf
I put each corresponding code into rndc.conf and named.conf.
Code:
[root@ns3 etc]# cat named.conf
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
include "/var/named/chroot/etc/named.custom";
include "/var/named/chroot/etc/rndc.key";
# Use with the following in named.conf, adjusting the allow list as needed:
key "rndckey" {
algorithm hmac-md5;
secret "q3k3SzpxASgKHCZpG1LeMw==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndckey"; };
};
zone "0.0.127.in-addr.arpa" {
type master;
file "0.0.127.in-addr.arpa.zone";
};
and rndc.conf
Code:
[root@ns3 etc]# cat rndc.conf
# Start of rndc.conf
key "rndckey" {
algorithm hmac-md5;
secret "q3k3SzpxASgKHCZpG1LeMw==";
};
options {
default-key "rndckey";
default-server 127.0.0.1;
default-port 953;
};
# End of rndc.conf
And this step I a m not sure about, as rndc.key was empty, so I added the code again here.
Code:
[root@ns3 etc]# cat rndc.key
key "rndckey" {
algorithm hmac-md5;
secret "q3k3SzpxASgKHCZpG1LeMw==";
};
I have also done the following...
I have added to /etc/sysconfig/iptables
Code:
-A RH-Firewall-1-INPUT -m state --state NEW -p tcp --dport 53 -j
and made sure named had ownership of rndc.key and all named files in the chroot directory.
Now to the ever popular problem.
Code:
[root@ns3 named]# /etc/init.d/named restart
Stopping named: rndc: connect failed: connection refused
[FAILED]
Starting named: [ OK ]
|