DNS and rndc

frannack · #1 24th February 2004, 08:30 AM

Hello,

I'm trying to use rndc after configuring the dns server, that means all this files (rndc.key, named.conf, rndc.conf). But now, each time that I try to use rndc, I get a connection failed. But the key is the same, there's an include /etc/rdnc.key in named.conf and in rndc.conf. Is it possible that I have a problem with my firewall (iptables)? I read somewhere the line controls ... in named.conf make the named deamon use the TCP port 953.

Does anybody have an idea.

thank's

Franck

mhelios · #2 24th February 2004, 08:35 AM

You could try temporarily disabling the firewall with `/sbin/service iptables stop` to confirm a firewall problem. If your connection is working with Iptables down, look in the documentation for hints on how what ports to open (953 possibly).

mhelios · #3 24th February 2004, 08:42 AM

See this for help on configuring rndc:
http://www.redhat.com/docs/manuals/l...bind-rndc.html

You may need to open port 53 as well depending on how you configured things.

frannack · #4 24th February 2004, 09:03 AM

Thanks,

i'll try all this tonight & I'll let you know.

Thanks again for your quich reply

Franck

frannack · #5 25th February 2004, 05:43 AM

Ok, I killed my firewall (iptables) and try to do a rndc reload, then I got a "rndc: connection to remote host closed
This may indicate that the remote server is using an older version of
the command protocol, this host is not authorized to connect,
or the key is invalid." message.

Does any body have an idea.

attached are my conf files

Thanks

Franck

// generated by named-bootconf.pl

options {
directory "/var/named";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
query-source address * port 53;
};

// named.conf
controls {
inet * allow { any; } keys { "rndc-key"; };
};

zone "." IN {
type hint;
file "named.ca";
};

zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};

zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};

include "/etc/rndc.key";

// rndc.key
key "rndc-key" {
algorithm hmac-md5;
secret "wXXXXXXXXXXXXeCQ==";
};

// rndc.conf
options {
default-server localhost;
default-key "rndc-key";
};

server localhost {
key "rndc-key";
};

include "/etc/rndc.key";

mhelios · #6 26th February 2004, 12:53 PM

Try changing any instances of "rndc-key" to "rndckey". i.e. remove the dash. The reload bind.

frannack · #7 26th February 2004, 01:30 PM

ok, now it's working, after a long long search.

In the file rndc.key, we must use 127.0.0.1 instead of localhost.
don't ask why, it's in the faq.
I also had to copy the key from rndc.key in /var/named and put it in rndc.key in /etc. I don't know why, I included /etc/rndc.key in named.conf and rndc.conf in /etc but named seems to take the one in /var/named and not the one in /etc.

That's it

hope it can help somebody else.

And thanks again for your ideas

Franck