Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#993845: bind9-utils: /etc/bind/rndc.key is no longer used
9 views
Skip to first unread message
IOhannes m zmölnig
Sep 7, 2021, 3:50:04 AM9/7/21
to
Package: bind9-utils
Version: 1:9.16.15-1
Severity: normal
Dear Maintainer,
After a recent upgrade from buster to bullseye, my rndc setup was
broken.
Running any `rndc` command that requires authentication, I get an error:
```
$ rndc thaw
rndc: connection to remote host closed
This may indicate that
* the remote server is using an older version of the command protocol,
* this host is not authorized to connect,
* the clocks are not synchronized,
* the key signing algorithm is incorrect, or
* the key is invalid.
$
```
After a bit of investigation, I found that the problem is, that up to
and including buster, `rndc` (and `bind9`) would honour an
`/etc/bind/rndc.key` file (out of the box), but since bullseye only the
`/etc/rndc.key` file is used.
From reading old bug reports (e.g. #179353), i gather that the
/etc/bind/key.rndc was a Debian specific modification, and i guess it
was eventually removed.
The transition is easy enough, however, i haven't found any trace of a
documentation hinting at that.
I would have expected a NEWS entry, or at least a mention in the
changelog.Debian.
cheerio & mfgtfa
IOhannes
Version: 1:9.16.15-1
Severity: normal
Dear Maintainer,
After a recent upgrade from buster to bullseye, my rndc setup was
broken.
Running any `rndc` command that requires authentication, I get an error:
```
$ rndc thaw
rndc: connection to remote host closed
This may indicate that
* the remote server is using an older version of the command protocol,
* this host is not authorized to connect,
* the clocks are not synchronized,
* the key signing algorithm is incorrect, or
* the key is invalid.
$
```
After a bit of investigation, I found that the problem is, that up to
and including buster, `rndc` (and `bind9`) would honour an
`/etc/bind/rndc.key` file (out of the box), but since bullseye only the
`/etc/rndc.key` file is used.
From reading old bug reports (e.g. #179353), i gather that the
/etc/bind/key.rndc was a Debian specific modification, and i guess it
was eventually removed.
The transition is easy enough, however, i haven't found any trace of a
documentation hinting at that.
I would have expected a NEWS entry, or at least a mention in the
changelog.Debian.
cheerio & mfgtfa
IOhannes
0 new messages