Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

rndc reconfig does not work

26 views
Skip to first unread message

benjamin fernandis

unread,
Dec 28, 2012, 8:06:56 AM12/28/12
to bind-...@lists.isc.org
Hi,

As per my understanding, if we change anything in named.conf and then
if we require to enable changes without service restart, we go with
rndc reconfig.

So i tried it but it does not work.

first i use recursive dns service with direct root server contact and
then i add forwarder ip and then i run rndc reconfig command but still
no effect and then i run service named restart and it comes into
effect.


key "rndckey" {
algorithm hmac-md5;
secret "...";
};
controls {
inet 127.0.0.1 allow { 127.0.0.1; } keys { "rndckey"; };
};
options {
listen-on port 53 { localhost; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";

forwarders { 8.8.8.8; };
allow-query-cache { 192.168.1.0/24; };
recursion yes;


/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";

};
logging {


channel default_syslog {
// Send most of the named messages to syslog.
syslog local2;
severity debug;
};
zone "." IN {
type hint;
file "named.ca";
};


include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
include "/etc/rndc.key";



Is there any problem with my config ?

BR
Ben

Carsten Strotmann

unread,
Dec 29, 2012, 6:09:56 AM12/29/12
to benjamin fernandis, bind-...@lists.isc.org

Hello Ben,

benjamin fernandis <benjo...@gmail.com> writes:

> Hi,
>
> As per my understanding, if we change anything in named.conf and then
> if we require to enable changes without service restart, we go with
> rndc reconfig.
>
> So i tried it but it does not work.
>

"rndc reconfig" does only very specific tasks as documented in the ARM:

-Reload the configuration file and load new zones, but do not reload
-existing zone files even if they have changed. This is faster than a
-full reload when there is a large number of zones because it avoids the
-need to examine the modification times of the zones files.

"rndc reload" does more (reloads the configuration file named.conf and
all zones that have changed), but takes a long time on a system with many
many zones (> 10.000). On systems with not so many zones, I prefer to
always do "rndc reload". But that is a matter of taste.

For some configuration changes (for example change of IP addresses to
listen on, change of fundamental operations, new log-file entries) the
BIND nameserver requires a full restart, esp. if BIND is running as an
non-privileged user (not "root"), as some configuration steps require
root access (like opening network sockets on port 53).

I looks like as if the change you are applying falls in the third
category, however I currently do no have the time to verify that
myself. Maybe someone with knowledge on the inner workings of BIND 9 can
comment on this.

Best regards
and a happy new year 2013!

-- Carsten



Phil Mayers

unread,
Dec 29, 2012, 7:08:07 AM12/29/12
to bind-...@lists.isc.org
On 12/29/2012 11:09 AM, Carsten Strotmann wrote:

> For some configuration changes (for example change of IP addresses to
> listen on, change of fundamental operations, new log-file entries) the
> BIND nameserver requires a full restart, esp. if BIND is running as an
> non-privileged user (not "root"), as some configuration steps require
> root access (like opening network sockets on port 53).

Just to note, this specific change (new IPs) can be done with just
reconfig on some platforms (e.g. Linux) as bind uses underlying OS
mechanisms to listen on ports < 1024 as an unprivileged user.

But the general point stands that "reconfig" only does a subset of tasks.

benjamin fernandis

unread,
Dec 30, 2012, 11:45:57 AM12/30/12
to Phil Mayers, bind-...@lists.isc.org
Hi Phil,

I only added forwarders IP Into global configuration, but reload is not working.

My os is centos 6.

BR
Ben
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-...@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
0 new messages