Help on rndc. Want to control remote bind server, but cant....

bangnagr · 04-27-2015, 12:10 PM

Hi All,

Please help me. I'm following the book - 'DNS and BIND, 5th Ed By Paul Albitz, Cricket Liu'. This RNDC is driving me crazy. I spent all day trying to configure rndc. Tried every possible combination in config files, but I just cant control remote server. Tried many tutorials from google, nothing helped. LQ is my last hope.

So, my story goes like this...

MASTER BIND SERVER:
Host: toystory.movie.edu
IP: 10.249.249.3/24
OS: CentOS 7.1

SLAVE BIND SERVER:
Host: wormhole.movie.edu
IP: 10.249.249.2/24
OS: CentOS 6.6

MASTER SERVER (toystory) CONFIGURATION FILES:

Code:

[root@toystory ~]# cat /etc/rndc.conf
key "toystory-key" {
	algorithm hmac-md5;
	secret "K9qBsQwusP6430cykS2AeA==";
};
options {
	default-key "toystory-key";
	default-server 127.0.0.1;
	default-port 953;
};

[root@toystory ~]# cat /etc/named.conf
key "toystory-key" {
	algorithm hmac-md5;
	secret "K9qBsQwusP6430cykS2AeA==";
};
controls {
	inet 127.0.0.1 port 953
		allow { 127.0.0.1; } keys { "toystory-key"; };
};
key "wormhole-key" {
	algorithm hmac-md5;
	secret "7PvoY3oysQz8DyASiUTlNA==";
};
controls {
	inet 10.249.249.3 port 953
		allow { 10.249.249.2; } keys { "wormhole-key"; };
};

SLAVE SERVER (wormhole) CONFIGURATION FILES:

Code:

[root@wormhole ~]# cat /etc/rndc.conf
key "wormhole-key" {
	algorithm hmac-md5;
	secret "7PvoY3oysQz8DyASiUTlNA==";
};
options {
	default-key "wormhole-key";
	default-server 127.0.0.1;
	default-port 953;
};

[root@wormhole ~]# cat /etc/named.conf
key "wormhole-key" {
	algorithm hmac-md5;
	secret "7PvoY3oysQz8DyASiUTlNA==";
};
controls {
	inet 127.0.0.1 port 953
		allow { 127.0.0.1; } keys { "wormhole-key"; };
};
server 10.249.249.3 {
  keys { "wormhole-key"; };
};

TESTING:

MASTER (toystory):

Code:

[root@toystory ~]# rndc status
version: 9.9.4-RedHat-9.9.4-18.el7_1.1 <id:8f9657aa>
CPUs found: 1
worker threads: 1
UDP listeners per interface: 1
number of zones: 104
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running

[root@toystory ~]# rndc -s wormhole.movie.edu status
rndc: connect failed: 10.249.249.2#953: connection refused

SLAVE (wormhole):

Code:

[root@wormhole ~]# rndc status
version: 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.2
CPUs found: 1
worker threads: 1
number of zones: 22
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running

What I'm doing wrong? Please Help!!!

Thanks

smallpond · 04-27-2015, 04:10 PM

What is in the log files: messages, syslog or secure?

bangnagr · 04-28-2015, 01:16 AM

Quote:

Originally Posted by smallpond

What is in the log files: messages, syslog or secure?

I tried log files, but strangely, nothing happens in log files, no changes - not even a line is scrolled up. I'm pasting log files after server fresh boot.
For every log file debug, I issued command 'rndc -s wormhole.movie.edu status'. Nothing changes.

Master Server (toystory)

Code:

[root@toystory ~]# tail -f /var/named/data/named.run
automatic empty zone: D.F.IP6.ARPA
automatic empty zone: 8.E.F.IP6.ARPA
automatic empty zone: 9.E.F.IP6.ARPA
automatic empty zone: A.E.F.IP6.ARPA
automatic empty zone: B.E.F.IP6.ARPA
automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
reloading configuration succeeded
reloading zones succeeded
all zones loaded
running

[root@toystory ~]# tail -f /var/log/messages
Apr 28 11:19:06 toystory systemd: Starting user-0.slice.
Apr 28 11:19:06 toystory systemd: Created slice user-0.slice.
Apr 28 11:19:06 toystory systemd: Starting Session 1 of user root.
Apr 28 11:19:06 toystory systemd: Started Session 1 of user root.
Apr 28 11:19:06 toystory systemd-logind: New session 1 of user root.
Apr 28 11:19:43 toystory systemd: Starting Session 2 of user root.
Apr 28 11:19:43 toystory systemd: Started Session 2 of user root.
Apr 28 11:19:43 toystory systemd-logind: New session 2 of user root.
Apr 28 11:30:04 toystory systemd: Starting Cleanup of Temporary Directories...
Apr 28 11:30:04 toystory systemd: Started Cleanup of Temporary Directories.

[root@toystory ~]# tail -f /var/log/secure
Apr 28 11:15:21 toystory polkitd[604]: Loading rules from directory /etc/polkit-1/rules.d
Apr 28 11:15:21 toystory polkitd[604]: Loading rules from directory /usr/share/polkit-1/rules.d
Apr 28 11:15:21 toystory polkitd[604]: Finished loading, compiling and executing 2 rules
Apr 28 11:15:21 toystory polkitd[604]: Acquired the name org.freedesktop.PolicyKit1 on the system bus
Apr 28 11:15:26 toystory sshd[821]: Server listening on 0.0.0.0 port 22.
Apr 28 11:15:26 toystory sshd[821]: Server listening on :: port 22.
Apr 28 11:19:06 toystory sshd[1991]: Accepted password for root from 10.249.249.1 port 50186 ssh2
Apr 28 11:19:06 toystory sshd[1991]: pam_unix(sshd:session): session opened for user root by (uid=0)
Apr 28 11:19:43 toystory sshd[2021]: Accepted password for root from 10.249.249.1 port 50188 ssh2
Apr 28 11:19:43 toystory sshd[2021]: pam_unix(sshd:session): session opened for user root by (uid=0)

I've also opened rndc port in IPTABLES in both server and slave.

Code:

[root@toystory ~]# iptables -vL --line-number
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1     1999  187K ACCEPT     all  --  any    any     anywhere             anywhere             state RELATED,ESTABLISHED
2        0     0 ACCEPT     icmp --  any    any     anywhere             anywhere            
3       86  5546 ACCEPT     all  --  lo     any     anywhere             anywhere            
4        2   120 ACCEPT     tcp  --  any    any     anywhere             anywhere             state NEW tcp dpt:ssh
5        0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             state NEW tcp dpt:domain
6        1    71 ACCEPT     udp  --  any    any     anywhere             anywhere             state NEW udp dpt:domain
7        0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             state NEW tcp dpt:rndc
8        0     0 ACCEPT     udp  --  any    any     anywhere             anywhere             state NEW udp dpt:rndc
9       31  5362 REJECT     all  --  any    any     anywhere             anywhere             reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 REJECT     all  --  any    any     anywhere             anywhere             reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT 735 packets, 98076 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
     

[root@wormhole ~]# iptables -vL --line-numbers
Chain INPUT (policy ACCEPT 51 packets, 3852 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere            state NEW tcp dpt:domain 
2        0     0 ACCEPT     udp  --  any    any     anywhere             anywhere            state NEW udp dpt:domain 
3        7   420 ACCEPT     tcp  --  any    any     anywhere             anywhere            state NEW tcp dpt:rndc 
4        0     0 ACCEPT     udp  --  any    any     anywhere             anywhere            state NEW udp dpt:rndc 

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1       12  8789 ACCEPT     all  --  eth0   eth1    anywhere             anywhere            state RELATED,ESTABLISHED 
2       12   852 ACCEPT     all  --  eth1   eth0    anywhere             anywhere            

Chain OUTPUT (policy ACCEPT 41 packets, 6308 bytes)
num   pkts bytes target     prot opt in     out     source               destination