On Sat August 6 2005 1:49 pm, Paul Howarth wrote: > On Sat, 2005-08-06 at 08:53 -0400, Claude Jones wrote: > > While looking at DNS matters this am, I checked to see if BIND was > > running: > > > > cj]# service named status > > rndc: decode base64 secret: bad base64 encoding > > > > Can anyone tell me what this means? > > Your /etc/rndc.key probably hasn't got a proper secret in it. > Paul: I've been reading in circles on this, a good part of the day. I've read man pages on rncd.conf, named.conf, named; I'm reading Redhat docs on configuring BIND at the moment; it seem like each answer leads to a new question, and the hole gets deeper and deeper. For example, in reading on named.conf configuration, it says to use the include statement: include "/etc/rndc.key"; I find this statement in my current rndc.conf, but not in named.conf; does this mean that both configuration files should have the include statement? Unfortuantely, the rndc.conf section doesn't speak to this. Then there is the question of where to put a key if you generate a new one. I found some instructions from Alexander using google; "Simpler to only generate the value of the key you can use "dns-keygen". It will simply print out a new random key. Put it into the rndc.key file where now the @KEY@ appears. Keep care for location when running bind-chrooted, then the default location is /var/named/chroot/etc/rndc.key." I have no idea whether I'm running BIND-chrooted, so that set me off on an odyssey, but I can't figure it out - how do you tell? I think this probably sounds like a real dumb question, but swallowing any residual pride, there it is. I looked in /var/named/chroot/etc/rndc.key and found a value there. So, that led me to wonder where that got generated, which led me to think maybe I was somehow chrooted....well, if you can offer some further light here, it would be greatly appreciated. -- Claude Jones Bluemont, VA, USA
