Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
12-24-2003, 05:44 AM
|
#1
|
Member
Registered: Nov 2003
Location: india
Posts: 46
Rep:
|
DNS problem rndc: connect failed connection refused error
Hello
I have a problem with DNS on RH 9. I have configured a very small system with just 2 computers , one with RH 9 and another with windows. I have configured the system as follows :
linux system:
domain name : suchi.com
host name : suchin.suchi.com
ip : 10.10.10.1
name server : 10.10.10.1 i.e., suchin.suchi.com
email : root.suchin.suchi.com
I have configured the following files without errors( checked using named-checkzone and named-checkconf )
/var/named/localhost.zone
/var/named/named.root(cache file)
/var/named/suchi.com.zone
/var/named/10.10.10.in-addr.arpa.zone
/var/named/0.0.127.in-addr.arpa.zone
The problem is :
when i type named restart after any configuration changes , i get the following error
rndc: connect failed : connection refused.
I checked the rndc.key and it is the same as that in named.conf
also i checked the resolv.conf and it has the paths for all the hosts.
Would anybody please explain me why i have this problem and how to solve it.
|
|
|
12-25-2003, 07:50 PM
|
#2
|
Member
Registered: Jul 2003
Location: AT, Upper Austria
Posts: 33
Rep:
|
is there any named-output in /var/log/messages?
in addition to key "rndc_key" { ... }; you will need a control-section in your named.conf, which is looking something like this:
controls {
inet 127.0.0.1 allow { localhost; } keys { rndc_key; };
};
as you can see, this tells rndc where to look for the key and which ips are allowed to use rndc.
|
|
|
12-26-2003, 12:14 AM
|
#3
|
LQ Newbie
Registered: Dec 2003
Posts: 10
Rep:
|
My IT team ran into the same problem setting up a DNS server and it was very frustrating. Unless someone has a solid fix to give I would just start over if it is a new install heh.
The documentation on the web on how to fix this is VERY scarce, and I think it is some kind of bug in RH 9 or something. I tried to follow some steps on the red hat site in using a more secure rndc.key to fix it, but had no success. I spend roughly 4 hours trying to fix it, and eventually started from scratch and had a whole new install and DNS running in 2 hours.
On the second install I made backups of named.conf and relevant rndc files. I made all my entries in named.conf and added all zonefiles before restarting named. After noticing a few typo's in the zone files, I quickly fixed them and restarted named again. I kept restarting named d to an absolute minimum heh.
This does still keep me concerned, and will be on the watch for any fixes and or bugs in case this happens again.
|
|
|
12-26-2003, 04:10 AM
|
#4
|
Member
Registered: Jul 2003
Distribution: Red Hat, Fedora, Debian
Posts: 85
Rep:
|
what a co-incedence,
ystrday i got the same prob
but i was able to correct the prob in my case,
well check out the NS entries in each zone file, in my case one of the zone file has a wrong NS and believe me it caused a lot of probs
anyway if it is okay then try deleting all rndc entries and restart server, sometimes rndc keys get corrupted also.
|
|
|
12-26-2003, 07:52 AM
|
#5
|
Member
Registered: Nov 2003
Location: india
Posts: 46
Original Poster
Rep:
|
Yes,
I tried a new install and got it done. I used just one host(that of the linux box ) for the present. I lined up more after the dns got setup. This helped me avoid a lot of confusion. confirmed it using "dig" and ping.
Well, here, now i want to know whether the only way to connect windows systems to linux domain is using samba server , or can we connect the windows systems to a linux DNS server also. Presently other linux systems can connect to the DNS just setup , but other windows boxes donot seem to recognize the DNS.
|
|
|
12-26-2003, 07:55 AM
|
#6
|
Member
Registered: Nov 2003
Location: india
Posts: 46
Original Poster
Rep:
|
regarding controls section in the named.conf, i had previously (but unsuccessfully) attmpted all the types of modifications making sure that the same rndc key in named.conf(generated after rndc-confgen) matched the ones in rndc.key file and rndc.conf file. It would never yeild . That is how i thought of a new installation.
|
|
|
12-26-2003, 11:31 PM
|
#7
|
Member
Registered: Jul 2003
Distribution: Red Hat, Fedora, Debian
Posts: 85
Rep:
|
ofcource u can connect ur win box to dns.
u need to specify the domain name and the IP add of name server in the n/w settings
one more thing u need to add in the named.conf for this,
add allow-query in the options block , so that dns will reply to the queries from outside
e.g.,
allow-query { 127.0.0.1; 192.168.0.0/24;};
|
|
|
08-22-2005, 11:32 AM
|
#8
|
LQ Newbie
Registered: Aug 2005
Location: INDIA
Distribution: RedHat Linux 9.0
Posts: 2
Rep:
|
|
|
|
08-22-2005, 11:32 AM
|
#9
|
LQ Newbie
Registered: Aug 2005
Location: INDIA
Distribution: RedHat Linux 9.0
Posts: 2
Rep:
|
Re:
|
|
|
09-22-2005, 12:51 PM
|
#10
|
LQ Newbie
Registered: Sep 2005
Posts: 1
Rep:
|
The solution
I was having the same problem with Redhat9 Yesterday , when i was trying to force the
Mail queue , sendmail coldn’t resolve the domain name , the error message was the following
Transient parse error -- message queued for future delivery
then I check the named service status with the following status
Cd /etc/rc.d/init.d ./named status
And the answer of the command was
rndc: connect failed : connection refused
Assuming that was a named missconfiguration problem id check my named.conf file
And the content was this :
------------------------------------------------------------------------------------------------------------------
controls {
inet 192.168.0.4 port 53 allow {
localhost;
};
};
include "/etc/named.custom";
include "/etc/rndc.key";
-------------------------------------------------------------------------------------------------------------------
I’d never input this data at the file , webmin did it , im sure , then I’d restore mi named.conf to this config
------------------------------------------------------------------------------------------------
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
include "/etc/named.custom";
include "/etc/rndc.key";
----------------------------------------------------------------------------------------------------------------------
Still without work , then I remove this line ( assuming a damaged key ):
---------------------------------------------------------------------------------------------------
include "/etc/rndc.key";
---------------------------------------------------------------------------------------------------
And then I’d restart named with this command cd /etc/rc.d/init.d ./named restart
After that I’d check the named status
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
server is up and running
And now my sendmail is running without problems ,
Expecting to be helpful , and sorry 4 my spanglish
Leo
|
|
|
01-01-2006, 07:17 PM
|
#11
|
LQ Newbie
Registered: Jan 2006
Posts: 1
Rep:
|
check to see if your /var partition (or whichever partition that your dns records are stored)
is full.
Last edited by miahac; 01-01-2006 at 07:19 PM.
|
|
|
04-13-2006, 06:44 AM
|
#12
|
Member
Registered: Sep 2005
Location: Bangladesh
Distribution: RH 7.2, 8, 9, Fedora
Posts: 217
Rep:
|
Same problem is happening to me... i've tries by commenting both controls {... }; and include "/etc/rndc.key" but relult = 0. now i also don;t know what to do. When rndc having prob, the dns works to resolv but it takes a looooong time to restart named/the whole server.
|
|
|
08-19-2006, 09:06 AM
|
#13
|
Member
Registered: Nov 2003
Location: india
Posts: 46
Original Poster
Rep:
|
the previous problem was something to do with the OS
same way in which ldap has issues in FC5, this was some problem in the earlier linux. Now everything is fine (NEIF) !
|
|
|
05-27-2007, 03:19 AM
|
#14
|
LQ Newbie
Registered: May 2007
Location: Santiago, Chile
Distribution: RH
Posts: 2
Rep:
|
This might fix it...
I had exactly the same problem, and I've been battling it for days, until I eventually hit on the solution...
I tried everything: I checked all over the Internet, and found many people with the same problem, but few seem to have solved it, and when they do, they don't bother posting the solution!
I found several references to checking the named.conf and rndc.conf files, to make sure they refer to the same key, port and localhost.
I found several other references to checking that named really is listening on port 953.
But I found no references to what is ACTUALLY the problem in many cases: Even though the rndc.key matches in named.conf and rndc.conf, and named really is listening on port 953, none of that helps if iptables is blocking the communications!
In my case, the solution was simple (after beating my head against the wall for three days...)
Just tell iptables to allow your system to talk to itself on port 953!
Like this:
# iptables -I RH-Lokkit-0-50-INPUT -p tcp -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT --dport 953
(In my case, I'm using a firewall configuration that sets up the table "RH-Lokkit-0-50-INPUT": it might be different in your case!!! )
The IP address “127.0.0.1” is, of course, the loopback address for the system itself, and usually has the name “localhost”.
Yeah, it seems rather stupid that you have to specifically allow localhost LOOPBACK address to talk to itself on port 953, but that's exactly what the problem was!
If you want to make this permanent, then find out from where iptables loads its default set of rules at boot time, and insert the following line in your iptables file:
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp -s 127.0.0.1 -d 127.0.0.1 --dport 953 -j ACCEPT
This should probably go in probably from /etc/sysconfig/iptables, but if you are not sure then you can look in the init script that launches iptables, like this:
# more /etc/init.d/iptables
Look for a line that says something like "IPTABLES_CONFIG=/etc/sysconfig/iptables". That will tell you where it loads the default configuration from. That's the file you need to edit, and insert the line above at the appropriate point (before the first “REJECT” rule.
I sure hope this helps someone! I know I would have LOVED to have this info three days ago...
|
|
|
05-27-2007, 12:51 PM
|
#15
|
Senior Member
Registered: Oct 2003
Location: New York City
Distribution: Debian Sid 2.6.32
Posts: 2,100
Rep:
|
Guys, RH9 is ancient, and has not been supported in years. It should not be used on a system anymore. In fact, it never should have been used, as it is complete and total crap to begin with.
Check out this thread from the security forum to see if your particular OS is still supported. RH is way out of the picture, and trying to run it on a server is an invitation to be hacked.
http://www.linuxquestions.org/questi...d.php?t=524803
Peace,
JimBass
|
|
|
All times are GMT -5. The time now is 06:04 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|