LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Help on rndc. Want to control remote bind server, but cant.... (https://www.linuxquestions.org/questions/linux-newbie-8/help-on-rndc-want-to-control-remote-bind-server-but-cant-4175540904/)

bangnagr 04-27-2015 12:10 PM
Help on rndc. Want to control remote bind server, but cant....
 
Hi All,

Please help me. I'm following the book - 'DNS and BIND, 5th Ed By Paul Albitz, Cricket Liu'. This RNDC is driving me crazy. I spent all day trying to configure rndc. Tried every possible combination in config files, but I just cant control remote server. Tried many tutorials from google, nothing helped. LQ is my last hope.

So, my story goes like this...

MASTER BIND SERVER:
Host: toystory.movie.edu
IP: 10.249.249.3/24
OS: CentOS 7.1

SLAVE BIND SERVER:
Host: wormhole.movie.edu
IP: 10.249.249.2/24
OS: CentOS 6.6

MASTER SERVER (toystory) CONFIGURATION FILES:
Code:
[root@toystory ~]# cat /etc/rndc.conf
key "toystory-key" {
        algorithm hmac-md5;
        secret "K9qBsQwusP6430cykS2AeA==";
};
options {
        default-key "toystory-key";
        default-server 127.0.0.1;
        default-port 953;
};

[root@toystory ~]# cat /etc/named.conf
key "toystory-key" {
        algorithm hmac-md5;
        secret "K9qBsQwusP6430cykS2AeA==";
};
controls {
        inet 127.0.0.1 port 953
                allow { 127.0.0.1; } keys { "toystory-key"; };
};
key "wormhole-key" {
        algorithm hmac-md5;
        secret "7PvoY3oysQz8DyASiUTlNA==";
};
controls {
        inet 10.249.249.3 port 953
                allow { 10.249.249.2; } keys { "wormhole-key"; };
};
SLAVE SERVER (wormhole) CONFIGURATION FILES:
Code:
[root@wormhole ~]# cat /etc/rndc.conf
key "wormhole-key" {
        algorithm hmac-md5;
        secret "7PvoY3oysQz8DyASiUTlNA==";
};
options {
        default-key "wormhole-key";
        default-server 127.0.0.1;
        default-port 953;
};

[root@wormhole ~]# cat /etc/named.conf
key "wormhole-key" {
        algorithm hmac-md5;
        secret "7PvoY3oysQz8DyASiUTlNA==";
};
controls {
        inet 127.0.0.1 port 953
                allow { 127.0.0.1; } keys { "wormhole-key"; };
};
server 10.249.249.3 {
  keys { "wormhole-key"; };
};
TESTING:

MASTER (toystory):
Code:
[root@toystory ~]# rndc status
version: 9.9.4-RedHat-9.9.4-18.el7_1.1 <id:8f9657aa>
CPUs found: 1
worker threads: 1
UDP listeners per interface: 1
number of zones: 104
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running

[root@toystory ~]# rndc -s wormhole.movie.edu status
rndc: connect failed: 10.249.249.2#953: connection refused
SLAVE (wormhole):
Code:
[root@wormhole ~]# rndc status
version: 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.2
CPUs found: 1
worker threads: 1
number of zones: 22
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
What I'm doing wrong? Please Help!!!

Thanks

smallpond 04-27-2015 04:10 PM
What is in the log files: messages, syslog or secure?

bangnagr 04-28-2015 01:16 AM
Quote:
Originally Posted by smallpond (Post 5354067)
What is in the log files: messages, syslog or secure?
I tried log files, but strangely, nothing happens in log files, no changes - not even a line is scrolled up. I'm pasting log files after server fresh boot.
For every log file debug, I issued command 'rndc -s wormhole.movie.edu status'. Nothing changes.

Master Server (toystory)

Code:
[root@toystory ~]# tail -f /var/named/data/named.run
automatic empty zone: D.F.IP6.ARPA
automatic empty zone: 8.E.F.IP6.ARPA
automatic empty zone: 9.E.F.IP6.ARPA
automatic empty zone: A.E.F.IP6.ARPA
automatic empty zone: B.E.F.IP6.ARPA
automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
reloading configuration succeeded
reloading zones succeeded
all zones loaded
running

[root@toystory ~]# tail -f /var/log/messages
Apr 28 11:19:06 toystory systemd: Starting user-0.slice.
Apr 28 11:19:06 toystory systemd: Created slice user-0.slice.
Apr 28 11:19:06 toystory systemd: Starting Session 1 of user root.
Apr 28 11:19:06 toystory systemd: Started Session 1 of user root.
Apr 28 11:19:06 toystory systemd-logind: New session 1 of user root.
Apr 28 11:19:43 toystory systemd: Starting Session 2 of user root.
Apr 28 11:19:43 toystory systemd: Started Session 2 of user root.
Apr 28 11:19:43 toystory systemd-logind: New session 2 of user root.
Apr 28 11:30:04 toystory systemd: Starting Cleanup of Temporary Directories...
Apr 28 11:30:04 toystory systemd: Started Cleanup of Temporary Directories.

[root@toystory ~]# tail -f /var/log/secure
Apr 28 11:15:21 toystory polkitd[604]: Loading rules from directory /etc/polkit-1/rules.d
Apr 28 11:15:21 toystory polkitd[604]: Loading rules from directory /usr/share/polkit-1/rules.d
Apr 28 11:15:21 toystory polkitd[604]: Finished loading, compiling and executing 2 rules
Apr 28 11:15:21 toystory polkitd[604]: Acquired the name org.freedesktop.PolicyKit1 on the system bus
Apr 28 11:15:26 toystory sshd[821]: Server listening on 0.0.0.0 port 22.
Apr 28 11:15:26 toystory sshd[821]: Server listening on :: port 22.
Apr 28 11:19:06 toystory sshd[1991]: Accepted password for root from 10.249.249.1 port 50186 ssh2
Apr 28 11:19:06 toystory sshd[1991]: pam_unix(sshd:session): session opened for user root by (uid=0)
Apr 28 11:19:43 toystory sshd[2021]: Accepted password for root from 10.249.249.1 port 50188 ssh2
Apr 28 11:19:43 toystory sshd[2021]: pam_unix(sshd:session): session opened for user root by (uid=0)
I've also opened rndc port in IPTABLES in both server and slave.
Code:
[root@toystory ~]# iptables -vL --line-number
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num  pkts bytes target    prot opt in    out    source              destination       
1    1999  187K ACCEPT    all  --  any    any    anywhere            anywhere            state RELATED,ESTABLISHED
2        0    0 ACCEPT    icmp --  any    any    anywhere            anywhere           
3      86  5546 ACCEPT    all  --  lo    any    anywhere            anywhere           
4        2  120 ACCEPT    tcp  --  any    any    anywhere            anywhere            state NEW tcp dpt:ssh
5        0    0 ACCEPT    tcp  --  any    any    anywhere            anywhere            state NEW tcp dpt:domain
6        1    71 ACCEPT    udp  --  any    any    anywhere            anywhere            state NEW udp dpt:domain
7        0    0 ACCEPT    tcp  --  any    any    anywhere            anywhere            state NEW tcp dpt:rndc
8        0    0 ACCEPT    udp  --  any    any    anywhere            anywhere            state NEW udp dpt:rndc
9      31  5362 REJECT    all  --  any    any    anywhere            anywhere            reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num  pkts bytes target    prot opt in    out    source              destination       
1        0    0 REJECT    all  --  any    any    anywhere            anywhere            reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT 735 packets, 98076 bytes)
num  pkts bytes target    prot opt in    out    source              destination       
   

[root@wormhole ~]# iptables -vL --line-numbers
Chain INPUT (policy ACCEPT 51 packets, 3852 bytes)
num  pkts bytes target    prot opt in    out    source              destination       
1        0    0 ACCEPT    tcp  --  any    any    anywhere            anywhere            state NEW tcp dpt:domain
2        0    0 ACCEPT    udp  --  any    any    anywhere            anywhere            state NEW udp dpt:domain
3        7  420 ACCEPT    tcp  --  any    any    anywhere            anywhere            state NEW tcp dpt:rndc
4        0    0 ACCEPT    udp  --  any    any    anywhere            anywhere            state NEW udp dpt:rndc

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num  pkts bytes target    prot opt in    out    source              destination       
1      12  8789 ACCEPT    all  --  eth0  eth1    anywhere            anywhere            state RELATED,ESTABLISHED
2      12  852 ACCEPT    all  --  eth1  eth0    anywhere            anywhere           

Chain OUTPUT (policy ACCEPT 41 packets, 6308 bytes)
num  pkts bytes target    prot opt in    out    source              destination


All times are GMT -5. The time now is 02:52 PM.