LinuxQuestions.org - DNS rndc service errror

- Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)

- - DNS rndc service errror (https://www.linuxquestions.org/questions/linux-networking-3/dns-rndc-service-errror-229950/)

DNS rndc service errror

#rndc start
rndc: connect failed : connection refused

why i am unable to start rndc services

for reference
#named.conf file

// generated by named-bootconf.pl

// secret must be the same as in /etc/rndc.conf
key "key" {
algorithm hmac-md5;
secret
"c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";
};

controls {
inet 127.0.0.1 allow { any; } keys { "key"; };
};

options {
pid-file "/var/run/named/named.pid";
directory "/var/named";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
};

//
// a caching only nameserver config
//
zone "." IN {
type hint;
file "named.ca";
};

zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none;};
};

zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
};

// workaround stupid stuff... (OE: Wed 17 Sep 2003)
zone "ac" { type delegation-only; };
zone "cc" { type delegation-only; };
zone "com" { type delegation-only; };
zone "cx" { type delegation-only; };
zone "museum" { type delegation-only; };
zone "net" { type delegation-only; };
zone "nu" { type delegation-only; };
zone "ph" { type delegation-only; };
zone "sh" { type delegation-only; };
zone "tm" { type delegation-only; };
zone "ws" { type delegation-only; };

run
rndc-confgen
it will generate some lines for /etc/named.conf and /etc/rndc.conf
remove older lines about secret key lines in these files. and copy and past new lines generated by rndc-confgen.

good luck

After changing the keysercrets,

#rndc start
rndc: 'start' failed : not implemented

can u start named? and check status?
/etc/init.d/named start
/etc/init.d/named status
or
rndc status

what is your disrto ?

emailssent

Is this Fedora ?

Copy /etc/rndc.conf to /var/named/chroot/etc/rndc.conf

Pete

Quote:

emailssent

Is this Fedora ?

Copy /etc/rndc.conf to /var/named/chroot/etc/rndc.conf

Pete

no this is not fedora , it is mandrake 9.2

Quote:

can u start named? and check status?
/etc/init.d/named start
/etc/init.d/named status
or
rndc status

what is your disrto ?

yes i can start named but when i stop it says failed, that i can't stop it.

and i am using mandrake 9.2

i dont know about mdk 9.2. if it uses bind with chroot support, u can follow Pete M's suggestions.

i think the trouble is rndc key. this key is neceesary for high security. if your key is wrong, rndc fails.
check your network configurtion too. if there is a trouble with your hostname, rndc can fail.
your hostname probably is assigned in /etc/sysconfig/network file.
and check if your $HOSTNAME is defined in /etc/hosts file also.
it must have some lines this:

Code:

127.0.0.1 yourhostname yourhostname.yourdomain.com localhost localhost.localdomain

good luck

hostname is correctly set.

and for Pete M's suggestion i couldn't find and chroot directory under /var/named/ directory.

so your bind works without chroot support.

i had same bind trouble with fedora and redhat distros. i always solved my trouble by regenerating keys.
try regenerate key, and copy past again. and try to restart named twice.
chek /var/log/messages if there is something wrong about bind or rndc.

good luck

Quote:

Originally posted by Pete M
emailssent

Is this Fedora ?

Copy /etc/rndc.conf to /var/named/chroot/etc/rndc.conf

Pete

Im using FC2, but I don't have directory /var/named/chroot. How can i create it ?.

dont create it. if u have bind with chroot support, it will already create "chroot" directory automaticly. if u want bind with chroot support, install chroot rpm of bind.

controls {
inet 127.0.0.1 allow { any; } keys { "key"; };
};

So where is the port number defined in the above control statment for rndc to communicate with bind???
Example:

// ------------------------------------------------------------------------
// Only allow localhost access from rndc
// ------------------------------------------------------------------------
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};

Finally Solved ...

After struggling a lot with this I got it solved this way...

rndc-confgen > /etc/rndc.conf

this generated something like:
/etc/rndc.conf
---------------------------------------------------
# Start of rndc.conf
key "rndc-key" {
algorithm hmac-md5;
secret "gibberish-gibberish";
};

options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};
# End of rndc.conf

# Use with the following in named.conf, adjusting the allow list as needed:
# key "rndc-key" {
# algorithm hmac-md5;
# secret "same-gibberish-gibberish-as-above";
# };
#
# controls {
# inet 127.0.0.1 port 953
# allow { 127.0.0.1; } keys { "rndc-key"; };
# };
# End of named.conf
--------------------------------------------------------------------------

Then, I went to /etc/named.conf and replaced the include line for rndc.key with the last part (commented lines) of the rndc.conf file (obviously uncommented).

also, I copied /etc/rndc.conf to /var/named/chroot/etc.

restarted named, rndc start and vualá!

# rndc status
number of zones: 9
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
server is up and running

Hope this helps someone, eventually I figured it out, it just couldnt get a hold of the key file due to permissions, but whatever, I got it working...

Gabriel Medina.