rndc.key vs. rndc.conf
online-reg
Jeremy C. Reed
> Hi All: One more conf issue on bind 9.7.1-P2
>
> After running rndc-confgen and reloading BIND I?m getting this error:
>
> WARNING: key file (/etc/namedb/rndc.key) exists, but using default
> configuration file (/etc/namedb/rndc.conf)
> rndc: connection to remote host closed
> This may indicate that
> * the remote server is using an older version of the command protocol,
> * this host is not authorized to connect,
> * the clocks are not synchronized, or
> * the key is invalid.
>
> It seems like I have a valid key in both files...what do I need to change?
And clocks are close in time?
Also this same problem could happen if you have a custom key file, but
it is still using the default configuration file instead (so maybe using
old, wrong key).
Doug Barton
Hash: SHA256
On 10/2/2010 5:08 PM, online-reg wrote:
| Hi All: One more conf issue on bind 9.7.1-P2
| After running rndc-confgen and reloading BIND I?m getting this error:
| WARNING: key file (/etc/namedb/rndc.key) exists, but using default
| configuration file (/etc/namedb/rndc.conf)
| rndc: connection to remote host closed
| This may indicate that
| * the remote server is using an older version of the command protocol,
| * this host is not authorized to connect,
| * the clocks are not synchronized, or
| * the key is invalid.
| It seems like I have a valid key in both files...what do I need to change?
I'm guessing from the /etc/namedb path above that you're using FreeBSD.
In that case there is no reason to use rndc.conf, as FreeBSD generates
an rndc.key file for you.
1. Stop named ('service named stop' or '/etc/rc.d/named stop')
2. rm /etc/rndc.conf
3. Start named ('service named start' or '/etc/rc.d/named start')
4. rndc status
hth,
Doug
- --
Breadth of IT experience, and | Nothin' ever doesn't change,
depth of knowledge in the DNS. | but nothin' changes much.
Yours for the right price. :) | -- OK Go
http://SupersetSolutions.com/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (MingW32)
iQEcBAEBCAAGBQJMqAh+AAoJEFzGhvEaGryEV5AH/jsw9Ym7yxubcHUhwaN8X1Ar
ft2zWwczSZec6Tt63RHz1phJ+ynvtmHcDcQ5QptBgZvPHz8LoPMd2FUBKWkHhdNi
B9mhfV1Vgr6aAknULMixVoQSVzdrExQUd+q0WJQKphLRXFtCRHWD34yJq4zk1kDi
RneCmXCRXuLS1qhU+Ffd8teX7+deZZCTFtaErsaJDGSN6mjGg2LF1v0myoKy9iq4
zf9uN2CpLjaQiMgjXDsZc+SN2GEARIhpFz+yiwMAz199YOJxbrBHFpwZte3hIEBw
j/k91RxoRyueijSii3oEVZVAbfmJePijddmpPWBH5tTUAfzmARCK74F5lUuvsBo=
=Vqt0
-----END PGP SIGNATURE-----
online-reg
> | After running rndc-confgen and reloading BIND I?m getting this error:
> | WARNING: key file (/etc/namedb/rndc.key) exists, but using default
> | configuration file (/etc/namedb/rndc.conf)
> | rndc: connection to remote host closed
> | This may indicate that
> | * the remote server is using an older version of the command protocol,
> | * this host is not authorized to connect,
> | * the clocks are not synchronized, or
> | * the key is invalid.
> | It seems like I have a valid key in both files...what do I need to
> change?
>
> I'm guessing from the /etc/namedb path above that you're using FreeBSD.
> In that case there is no reason to use rndc.conf, as FreeBSD generates
> an rndc.key file for you.
>
> 1. Stop named ('service named stop' or '/etc/rc.d/named stop')
> 2. rm /etc/rndc.conf
> 3. Start named ('service named start' or '/etc/rc.d/named start')
> 4. rndc status
>
confused was after installing 9.7.1-P2 from the ports collection on FreeBSD
8.1, it installed an "rndc.conf.sample" file in "/etc/namedb/"...I tried
renaming that file and using it, saw some errors, and then ran rndc-confgen,
which created the "rndc.key" file instead.