this is what fixed the problem
3 steps to solve our problem
1. we create a new key using below ONE line bash command
first
cd /etc
now create the new nameserver key rndc-key which by default is saved to the file named rndc.key THIS folder.
rndc-confgen -b 512 | grep -m 1 "secret" | cut -d '"' -f 2
the output in your shell will be something like below BUT longer !
KgX0x/KFDE9Ylzq7JAbGs==
at the same time the new rndc.key is generated -- check for time stamp using
ls -la rndc.key for verification
2. step
in your
/etc/named.conf
you should have two entries OUTSIDE your "options" as below - one for
controls
another one for
key "rndc-key"
hence here below the full content you either have or need to add to your named.conf
------------- quote
controls {
inet 127.0.0.1 allow { localhost; } keys { rndc-key; };
};
key "rndc-key" {
algorithm hmac-md5;
secret "here BETWEEN the 2 double-quotes - you copy and paste your initially generated key as shown in your shell - NOT the content of your rndc.key file !!";
};
------------- unquote
3. step
now we look at your
rndc.conf file
which should read
------- quote
# Start of rndc.conf
key "rndc-key" {
algorithm hmac-md5;
secret "here again you copy and paste the shell output of your generated rncd-key";
};
options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};
------- unquote
another attempt to restart your name-server bind9 should be successful
but first we want to TEST out named.conf configuration using the tool available from the bind9 package.
in your shell enter
named-checkconf
the output is self-explaining and detailed if you have any syntax error
rcnamed restart
Shutting down name server BIND done
Starting name server BIND done
in case anyone else occurs