[SOLVED] Bind and rndc problems!! How do I remove rndc?
Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I've now repeatedly had serious problems with rndc and bind! If I restart the server, everything works fine (for a while), but I am unable to restart the server with either "rndc -s localhost stop/start" or "/etc/init.d/named restart".
In my bind log I get "bad auth" and the typical message appears on screen: "Something about wrong protocol etc..."
I've tried ALL the tips out there, but nothing is working.
And since this dns server is on my own local LAN (with no unautorized traffic), I want to remove ALL references to rndc!
It might be working for some of you, but it breaks my dns server every month, and then I'm back searching for solutions...
I'm using gentoo, so is there a way I can emerge with a USE flag to remove rndc control? Or is there a way to compile bind manually without rndc control? Or is it as simple as removing all references to rndc in the .conf files? (I believe I've tried the latter without success).
I just need a way to remove RNDC as the source of my nightmares!
I know I can use other DNS servers, but that's not an option! (As I'm dependant on the BIND structure for other scripts/programs.)
Seems like I found the problem that has been haunting me for all this time!
I was missing my server definition in the rndc.conf:
Code:
server localhost {
key "rndckey";
};
This caused the server to run properly, but left me unable to control it!
I find this a bit strange though, cause I have gone through all the documentation I could find. Plus I've posted my config files numerous times on several forums, but no one else has seen it either...
Well, at least it is working now!
C'ya in a month or so
I had something that seemed exactly like this problem today.
I have two separate servers, serving their separate sites, at separate physical location. Actually, the only thing they have in common, is their administrator (me) and OS (Gentoo Linux).
As I have only one public IP at each of these sites, and need two physically independent servers to be able to handle my DNS for either site in a regulatory fashion, these sites are going to be master and slave DNS servers for each other. You get the picture.
They have both run Bind9 from the start, but not properly set up with primary and secondary zones and zone transfers.
Today, I was not able to _stop_ named without using 'killall named'. I found this thread here, tried that, didn't work. However, while trying desperately to find out what was wrong, somewhere in the logs, I got an error concerning user rights. I checked, and found that somewhere along the line, ownership of most of the files in /chroot/dns/etc/bind/ were set to root.root, not named.named.
I ran 'chown named.named -R /chroot/dns/etc/bind/*', and everything seemed a lot better.
And i got a bonus as well, since I learned a bit more about securing the server with rndc-keys. Thanks, and I hope this can help others as well.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.