DNS rndc service errror
#rndc start rndc: connect failed : connection refused why i am unable to start rndc services for reference #named.conf file // generated by named-bootconf.pl // secret must be the same as in /etc/rndc.conf key "key" { algorithm hmac-md5; secret "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K"; }; controls { inet 127.0.0.1 allow { any; } keys { "key"; }; }; options { pid-file "/var/run/named/named.pid"; directory "/var/named"; /* * If there is a firewall between you and nameservers you want * to talk to, you might need to uncomment the query-source * directive below. Previous versions of BIND always asked * questions using port 53, but BIND 8.1 uses an unprivileged * port by default. */ // query-source address * port 53; }; // // a caching only nameserver config // zone "." IN { type hint; file "named.ca"; }; zone "localhost" IN { type master; file "localhost.zone"; allow-update { none;}; }; zone "0.0.127.in-addr.arpa" IN { type master; file "named.local"; }; // workaround stupid stuff... (OE: Wed 17 Sep 2003) zone "ac" { type delegation-only; }; zone "cc" { type delegation-only; }; zone "com" { type delegation-only; }; zone "cx" { type delegation-only; }; zone "museum" { type delegation-only; }; zone "net" { type delegation-only; }; zone "nu" { type delegation-only; }; zone "ph" { type delegation-only; }; zone "sh" { type delegation-only; }; zone "tm" { type delegation-only; }; zone "ws" { type delegation-only; }; |
run
rndc-confgen it will generate some lines for /etc/named.conf and /etc/rndc.conf remove older lines about secret key lines in these files. and copy and past new lines generated by rndc-confgen. good luck |
After changing the keysercrets,
#rndc start rndc: 'start' failed : not implemented |
can u start named? and check status?
/etc/init.d/named start /etc/init.d/named status or rndc status what is your disrto ? |
emailssent
Is this Fedora ? Copy /etc/rndc.conf to /var/named/chroot/etc/rndc.conf Pete |
Quote:
Quote:
and i am using mandrake 9.2 |
i dont know about mdk 9.2. if it uses bind with chroot support, u can follow Pete M's suggestions.
i think the trouble is rndc key. this key is neceesary for high security. if your key is wrong, rndc fails. check your network configurtion too. if there is a trouble with your hostname, rndc can fail. your hostname probably is assigned in /etc/sysconfig/network file. and check if your $HOSTNAME is defined in /etc/hosts file also. it must have some lines this: Code:
127.0.0.1 yourhostname yourhostname.yourdomain.com localhost localhost.localdomain |
hostname is correctly set.
and for Pete M's suggestion i couldn't find and chroot directory under /var/named/ directory. |
so your bind works without chroot support.
i had same bind trouble with fedora and redhat distros. i always solved my trouble by regenerating keys. try regenerate key, and copy past again. and try to restart named twice. chek /var/log/messages if there is something wrong about bind or rndc. good luck |
Quote:
|
dont create it. if u have bind with chroot support, it will already create "chroot" directory automaticly. if u want bind with chroot support, install chroot rpm of bind.
|
controls {
inet 127.0.0.1 allow { any; } keys { "key"; }; }; So where is the port number defined in the above control statment for rndc to communicate with bind??? Example: // ------------------------------------------------------------------------ // Only allow localhost access from rndc // ------------------------------------------------------------------------ controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; }; }; |
Finally Solved ...
After struggling a lot with this I got it solved this way...
rndc-confgen > /etc/rndc.conf this generated something like: /etc/rndc.conf --------------------------------------------------- # Start of rndc.conf key "rndc-key" { algorithm hmac-md5; secret "gibberish-gibberish"; }; options { default-key "rndc-key"; default-server 127.0.0.1; default-port 953; }; # End of rndc.conf # Use with the following in named.conf, adjusting the allow list as needed: # key "rndc-key" { # algorithm hmac-md5; # secret "same-gibberish-gibberish-as-above"; # }; # # controls { # inet 127.0.0.1 port 953 # allow { 127.0.0.1; } keys { "rndc-key"; }; # }; # End of named.conf -------------------------------------------------------------------------- Then, I went to /etc/named.conf and replaced the include line for rndc.key with the last part (commented lines) of the rndc.conf file (obviously uncommented). also, I copied /etc/rndc.conf to /var/named/chroot/etc. restarted named, rndc start and vualá! # rndc status number of zones: 9 debug level: 0 xfers running: 0 xfers deferred: 0 soa queries in progress: 0 query logging is OFF server is up and running Hope this helps someone, eventually I figured it out, it just couldnt get a hold of the key file due to permissions, but whatever, I got it working... Gabriel Medina. |
All times are GMT -5. The time now is 05:09 PM. |