Bind rndc

From INIwiki
Jump to: navigation, search

Digg this!

<meta name="keywords" content="bind, rndc, error, howto, help"></meta> <meta name="description" content="Bind Errors and Troubleshooting"></meta>

rndc stands for the (I think) Remote Nameserver Daemon Controller utility. The name indicates that it's potentially able to carry out control of a nameserver from elsewhere, where "control" includes fine-grained operations short of stopping/starting/restarting the entire nameserver. E.g., you can force the reload of just one zone, without having to interrupt and restart the entire daemon.

Contents

[edit] Error bindrndc: connect failed: 127.0.0.1#953: connection refused error

It's _trying_ (badly) to say that the "rndc" utility provided as part of BIND9 is failing to connect to the necessary network socket on localhost. When you run the /etc/inid.d/bind9 script, I vaguely recall that for some (but not all) operations it invokes rndc behind the scenes.

[edit] Remove Existing Key File

remove the rndc file

Standard install

rm -f /etc/bind/rndc.key

chroot install

rm -f /var/lib/named/etc/bind/rndc.key

Remove the rndc key specification in the /etc/bind/named.conf file Standard install

vi /etc/bind/named.conf

chroot install

vi /var/lib/named/etc/bind/named.conf

[edit] Generate a new key

The rndc-confgen program will easily create a suitable key file. To take advantage of this mechanism, you may want to:

rndc-confgen -r /dev/urandom -a

[edit] Reference new key file

You need to reference in the named.conf file

vi /etc/bind/named.conf

add the following line towards the top (edit for you location)

include "/etc/bind/rndc.key";

[edit] Create new rndc.conf file

vi /etc/bind/rndc.conf
options {
        default-server localhost;
        default-key "rndc-key";
};
include "/etc/bind/rndc.key";


[edit] restart bind

Stop

/etc/init.d/bind9 stop

ensure all named connections are closed with

netstat -tap

If needed run a few time

killall named

Start bind

/etc/init.d/bind9 start

[edit] Errors

[edit] Error rndc: invalid command from xx.xx.xx.xx#1284: expired

Sync the clocks between the servers

[edit] Error invalid command from 127.0.0.1#2804: bad...

Verify Naming Search for "rndc-key" - verify name syntax

vi ./rndc.conf

Search for "rndc-key" - verify name syntax

vi/etc/named.conf

[edit] Error couldn't install keys for command channel 127.0.0.1#953: permission denied

Update permissions rndc.key ........root.bind....755

chown root.bind ./rndc.key
chmod 755 ./rndc.key

named.conf.......named.named.....755

chown bind.bind ./named.conf
chmod 755 ./named.conf


Reference:

http://linuxmafia.com/pipermail/sf-lug/2007q2/001485.html
zcat /usr/share/doc/bind9/README.Debian.gz | more
http://www.zonecut.net/dns/

Digg this!

Personal tools