Date: Sat, 6 Jul 2002 09:33:22 -0500 (CDT) From: <randy@turbowarp.net> To: <m.seaman@infracaninophile.co.uk> Cc: <questions@freebsd.org> Subject: Re: Bind 9.2.1 rndc problems Message-ID: <3444.64.192.42.53.1025966002.squirrel@new.host.name> In-Reply-To: <20020706092918.GA7912@happy-idiot-talk.infracaninophi> References: <3011.64.192.42.53.1025896457.squirrel@new.host.name> <20020706092918.GA7912@happy-idiot-talk.infracaninophi>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Fri, Jul 05, 2002 at 02:14:17PM -0500, randy@turbowarp.net wrote:
>
>> For practical purposes it is serving up zones. But rndc is not
>> working. It's another daemon in my life that I want control over.
>
>> Which by what I have read is some problen to do with rndc keys or conf
>> file, but I will be darned if I can figure it out. I searched the
>> bind lists, read the Cricket book and found this to be a fairly common
>> problem that, for others, was easily fixed with minor adjustments.
>
> Just use the rndc-confgen program:
>
> happy-idiot-talk:/:# /usr/local/sbin/rndc-confgen
> # Start of rndc.conf
> key "rndc-key" {
> algorithm hmac-md5;
> secret "9a9sm+tnc77FgG+BIK6H/Q==";
> };
>
> options {
> default-key "rndc-key";
> default-server 127.0.0.1;
> default-port 953;
> };
> # End of rndc.conf
>
> # Use with the following in named.conf, adjusting the allow list as
> needed: # key "rndc-key" {
> # algorithm hmac-md5;
> # secret "9a9sm+tnc77FgG+BIK6H/Q==";
> # };
> #
> # controls {
> # inet 127.0.0.1 port 953
> # allow { 127.0.0.1; } keys { "rndc-key"; };
> # };
> # End of named.conf
>
My rndc-confgen doesn't work. It just hangs when I try to execute it.
But I generated a key differently and used this as a template. (Hindsight
makes me think that I could also have generated the rndc.conf on another
box.) :-0
I tried rndcontrol and got:
desert# rndcontrol
rndcontrol: rndcontrol: Operation not permitted
I figure some of these wierd problems due to desert is actually a virtual
Freebsd instance on a large platform. (I can't ping out, traceroute out,
no socket control, etc.)
> By default rndc-confgen(8) sets everything up to give access from the
> localhost, but read the man page for details on how to use it to set
> things up differently
>
>> I have tried so many different configurations and modifications of
>> files. Which leads me to believe that it may have something to do
>> with Freebsd specifics, such as file locations. I have rndc.conf in
>> /etc/rndc.conf; named.conf is in /etc/named/named.conf. I don't have
>> a separate key file since the key file is in named.conf.
>
> Hmmm... Unless you've overridden the standard ${PREFIX}, the bind9 port
> expects to find named.conf in /usr/local/etc/named.conf and
> rndc.conf in /usr/local/etc/rndc.conf --- if you absolutely must keep
> the config files in /etc, then you will have to tell rndc to look
> there:
>
> rndc -c /etc/rndc.conf ...
>
I didn;t do anything intentional to override the standard, so I don't
actually understand how things were working as they were. (Somehow the
/etc/namedb/named.conf was matching the /usr/local/etc/named.conf. I
removed the /etc/namedb/named.conf and am now using the default.
Thanks for all of your help!
>
> Cheers,
>
> Matthew
>
> --
> Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
> Savill Way
> Tel: +44 1628 476614 Marlow
> Fax: +44 0870 0522645 Bucks., SL7 1TH UK
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3444.64.192.42.53.1025966002.squirrel>