Date: Sun, 6 May 2007 13:01:54 -0700 (PDT) From: Tim Judd <tjudd2k@yahoo.com> To: freebsd-questions@freebsd.org, admin2@enabled.com Subject: re: rndc.key auth issues and rndc.key file Message-ID: <442861.50541.qm@web62411.mail.re1.yahoo.com>
next in thread | raw e-mail | index | archive | help
------ I receive the digest of the mails, so I have copied/pasted the original without the quoting (>) characters. ------ --QUOTE: Date: Thu, 03 May 2007 13:50:40 -0700 From: Noah <admin2@enabled.com> Subject: rndc.key auth issues and rndc.key file To: User Questions <freebsd-questions@freebsd.org> Message-ID: <463A4B20.3070402@enabled.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Hey there FreeBSD'ers, So I am trying to figure out what is the best configuration for bind on my FreeBSD6.2 system. # pkg_info | grep bind bind9-9.3.4 Completely new version of the BIND DNS suite with updated D # grep named /etc/rc.conf named_enable="YES" named_symlink_enable="YES" named_program="/usr/local/sbin/named" something keeps not ending up correctly configured. I made an rndc.key file # ls -l /var/named/etc/namedb/rndc.key -rw------- 1 root wheel 97 May 3 13:37 /var/named/etc/namedb/rndc.key and then placed a copy of those contents in my /var/named/etc/namedb/named.conf file. now when I restart (stop) named I receive an error: # /etc/rc.d/named restart Stopping named: rndc failed, trying killall: . Starting named. what on earth am I doing wrong? --/QUOTE: FreeBSD 6.2-R gives you BIND 9.3.3. FreeBSD 6.2-STABLE gives you BIND 9.3.4. 9.4 (and patches) have been released from ISC, but I don't see ANY difference between the version in the "world" and the one from ports/packages. First question I have is is there something in the world BIND that isn't available in the packages/ports? the restart command tells BIND to stop via BIND's control channel (typically 127.0.0.1:953 and maybe an IPv6 address). Since the command in that script is only calling: rndc stop 2>/dev/null; I can see only two causes right now. 1) rndc itself will never work (some config error or other problem). 2) the BIND control channel (port 953) isn't listening, so rndc itself may be working, but it can't control BIND. Check for listening sockets. sockstat -l -p 953 if you get listening sockets, try a status. rndc status if you fail on status, then it's time to investigate keys. rndc is not very helpful on error messages. I kind of think rndc was built for the software developers (ISC) and not very end-user consumer friendly. I have a good feeling that this message is correct in it's entirety. However, I am human and would accept corrections. If opportunity doesn't knock, build a door. "I can" is a way of life. More and Bigger is not always Better. The road to success is always uphill. __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?442861.50541.qm>