DNS, Bind, rndc update issue
 

It seems I can only get my config and zone files to refresh by restarting bind.. when i try to 'rndc reload' i don't get an error, but it doesnt update. I noticed this when I tried to stop and restart bind and got this error.

/etc/init.d/named stop
Shutting down named: rndc: connection to remote host closed
This may indicate that the remote server is using an older version of
the command protocol, this host is not authorized to connect,
or the key is invalid.

here is my rndc.conf

options {
default-server 127.0.0.1;
default-key "rndckey";
};

server 127.0.0.1 {
key "rndckey";
};

key "rndckey" {
algorithm "hmac-md5";
secret ".........";

named.conf

controls {
inet 127.0.0.1 allow { 127.0.0.1; } keys { rndckey; };
};

key "rndckey" {
algorithm "hmac-md5";
secret "same as rndc.conf";
}

Did I miss somehting in either of these conf's?

EDIT: In addition, I had changed key's recently. After the change, I was able to stop and start without issue. But this is the first time I tried stopping it since then, and now it is giving me the above mentioned error message.

This is on SuSe 9.2

I had the same problem awhile back too. Removing the rndc.conf file fixed it. Apparently on of the BIND updates changed the operation of rndc. It seems to now pull the auth info for local host from the named.conf. Very strange, wouldn't believe it if someone told me that... :)

removing the rndc.conf file? like not using the conf file at all will fix it? Thats odd. I will have to give it a try during off hours. Thanks.

It was very odd. Make a backup before you try it!

Okay.. heres what happens after removing rndc.conf:

shell#>rndc reload
rndc: connect failed: connection refused

so i ran 'rndc-confgen' and created an new rndc.conf file and modified the named.conf file, and i am now back to square one. any other suggestions?


EDIT: I just realized I was using a different login as my original post.

alright.. I solved part of the problem.... The /etc/init.d/named was setting rndc as /usr/local/sbin, but when I was trying to reload i was using /usr/sbin/ rndc. The problem still is that it still doesnt update the zones... i check /var/log/messages and it says loading configuration from '/etc/named.conf'... now Im running bind in a chroot jail, i did create a symlink in /etc/named.conf that points to the /etc in named's chroot... problem is, if rndc is reading named.conf, is it reading it unchrooted, so if it sees /conf in the named.conf file, it thinks its really /conf and not /chroot/named/conf.. i tried creating a symlink from /conf to /chroot/named/conf but that didnt work... Anyone shed some light?

Is it possible that when you're editing your zone files you're forgetting to update your serial value?

just a thought..

good luck

Kurt

Definitely updating the serial in my zone files.

the fact that my messages log says that its loading named.conf, tells me its working... i think the problem could be that rndc is reading /etc/named.conf which looks at /conf, which as far as rndc is concerned, should mean /conf, but to named its /chroot/named/conf... is rndc setup where it doesnt give an error if it doesnt find the zone file, it just checks the conf file and tries it but doesnt give an error if the zone file is not found?