Date: Sat, 09 Oct 2004 16:06:14 +0100 From: Matt <matt@xtaz.net> Cc: current@freebsd.org Subject: Re: rndc/bind9 weirdness Message-ID: <4167FE66.7080001@xtaz.net> In-Reply-To: <4167FD01.3040305@xtaz.net> References: <52639.192.168.1.4.1097321701.squirrel@webmail.xtaz.net> <20041009144954.GA887@CARTIER.ro-inc> <4167FD01.3040305@xtaz.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Matt wrote:
> Clive Lin wrote:
>
>> On Sat, Oct 09, 2004 at 12:35:01PM +0100, Matt Smith wrote:
>>
>>> Basically you can only reload it once and then it'll refuse to talk
>>> unless
>>> you run /etc/rc.d/named restart.
>>
>>
>>
>> Hi,
>>
>> My first guess is to verify the /etc/namedb ->
>> /var/named/etc/namedb link. I have production name server running with
>> 5.3-BETA7 in jail without problem, and I can `rndc reload` as many
>> times as I want. (some more jail specific tweaks, although still in
>> default chroot mode.)
>>
>> If my memory serves me right, I solved the same problem by make
>> the link correct.
>>
>> Cheers
>>
>
> The symlink and /var/named structure is fine as i completely rm -rf'd
> them before letting the new named rc.d script create them. I found the
> issue but am not sure what to do about it. On the second reload there is
> a message in syslog saying:
>
> none:0: open: /etc/namedb/rndc.key: permission denied
>
> So I am assuming because the chroot is set to /var/named it can't access
> this or something?
>
Ahh my fault. I found out what it was. In my named.conf I had this from
when I used to run bind9 from ports with a rndc.conf instead of an rncd.key:
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; };
};
Commenting this out has made me able to reload it all the time. Sorry
for the noise people!
Cheers ;-)
Matt.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4167FE66.7080001>