From owner-freebsd-questions@FreeBSD.ORG Sun May 6 20:28:36 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 99EE616A406 for ; Sun, 6 May 2007 20:28:36 +0000 (UTC) (envelope-from tjudd2k@yahoo.com) Received: from web62411.mail.re1.yahoo.com (web62411.mail.re1.yahoo.com [69.147.75.88]) by mx1.freebsd.org (Postfix) with SMTP id 4B9EA13C45A for ; Sun, 6 May 2007 20:28:36 +0000 (UTC) (envelope-from tjudd2k@yahoo.com) Received: (qmail 50953 invoked by uid 60001); 6 May 2007 20:01:54 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID; b=FM42zE8DkveHnyHkuoeazcyYBaV9hpz/JzyRhclzLP3VTiX97wROOLgtyjtyjxChqlLshOwHlfF8TJrt+sG5qvGJxkCFN8+26EdhDUKgMpwFakTL2d9Pj5FqmTn9COnQj1+57xzt06ROfv2DaUolDrcFklEtqCUB+5ezzk46/BU=; Received: from [68.35.59.3] by web62411.mail.re1.yahoo.com via HTTP; Sun, 06 May 2007 13:01:54 PDT Date: Sun, 6 May 2007 13:01:54 -0700 (PDT) From: Tim Judd To: freebsd-questions@freebsd.org, admin2@enabled.com MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Message-ID: <442861.50541.qm@web62411.mail.re1.yahoo.com> Cc: Subject: re: rndc.key auth issues and rndc.key file X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 06 May 2007 20:28:36 -0000 ------ I receive the digest of the mails, so I have copied/pasted the original without the quoting (>) characters. ------ --QUOTE: Date: Thu, 03 May 2007 13:50:40 -0700 From: Noah Subject: rndc.key auth issues and rndc.key file To: User Questions Message-ID: <463A4B20.3070402@enabled.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Hey there FreeBSD'ers, So I am trying to figure out what is the best configuration for bind on my FreeBSD6.2 system. # pkg_info | grep bind bind9-9.3.4 Completely new version of the BIND DNS suite with updated D # grep named /etc/rc.conf named_enable="YES" named_symlink_enable="YES" named_program="/usr/local/sbin/named" something keeps not ending up correctly configured. I made an rndc.key file # ls -l /var/named/etc/namedb/rndc.key -rw------- 1 root wheel 97 May 3 13:37 /var/named/etc/namedb/rndc.key and then placed a copy of those contents in my /var/named/etc/namedb/named.conf file. now when I restart (stop) named I receive an error: # /etc/rc.d/named restart Stopping named: rndc failed, trying killall: . Starting named. what on earth am I doing wrong? --/QUOTE: FreeBSD 6.2-R gives you BIND 9.3.3. FreeBSD 6.2-STABLE gives you BIND 9.3.4. 9.4 (and patches) have been released from ISC, but I don't see ANY difference between the version in the "world" and the one from ports/packages. First question I have is is there something in the world BIND that isn't available in the packages/ports? the restart command tells BIND to stop via BIND's control channel (typically 127.0.0.1:953 and maybe an IPv6 address). Since the command in that script is only calling: rndc stop 2>/dev/null; I can see only two causes right now. 1) rndc itself will never work (some config error or other problem). 2) the BIND control channel (port 953) isn't listening, so rndc itself may be working, but it can't control BIND. Check for listening sockets. sockstat -l -p 953 if you get listening sockets, try a status. rndc status if you fail on status, then it's time to investigate keys. rndc is not very helpful on error messages. I kind of think rndc was built for the software developers (ISC) and not very end-user consumer friendly. I have a good feeling that this message is correct in it's entirety. However, I am human and would accept corrections. If opportunity doesn't knock, build a door. "I can" is a way of life. More and Bigger is not always Better. The road to success is always uphill. __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com