On Sun, 2005-08-07 at 21:24 -0400, Claude Jones wrote:
> On Sat August 6 2005 1:49 pm, Paul Howarth wrote:
> > On Sat, 2005-08-06 at 08:53 -0400, Claude Jones wrote:
> > > While looking at DNS matters this am, I checked to see if BIND was
> > > running:
> > >
> > > cj]# service named status
> > > rndc: decode base64 secret: bad base64 encoding
> > >
> > > Can anyone tell me what this means?
> >
> > Your /etc/rndc.key probably hasn't got a proper secret in it.
> >
>
> If Jeremy is correct, and I'm running bind-chroot (didn't I read along the
> way, that this is the FC4 default install?), then, here's what I've got:
> In /var/named/chroot/etc there are rdnc.key and named.conf -
> rdnc.key looks like this:
>
> key "rndckey" {
> algorithm hmac-md5;
> secret "cQQ08BlDIxazAR3ojoKFZWaH8f_long_string.....................";
> };
>
>
> named.conf - the relevant section - looks like this:
>
> include "/etc/rndc.key";
> key "rndckey" {
> algorithm hmac-md5;
> secret "sKXHs69HcF7C63BQLGNVQA==";
> };
There's your problem. The 'include "/etc/rndc.key"' is there so that
your named.conf and rndc.conf can share a secret (both include the same
file). However, your named.conf then introduces a new version of the
same key, with what appears to be too short a secret. Try removing the
lines:
key "rndckey" {
algorithm hmac-md5;
secret "sKXHs69HcF7C63BQLGNVQA==";
};
> The only rdnc.conf file I can find is in /etc
> It looks like this:
>
> options {
> default-server localhost;
> default-key "rndckey";
> };
>
> server localhost {
> key "rndckey";
> };
>
> include "/etc/rndc.key";
>
> This is pointing to the wrong file, no? Shouldn't it be pointing to the
> rndc.key file in /var/named/chroot/etc ????
/etc/rndc.key should be a symlink to the one in the chroot:
# ls -l /etc/rndc.key
lrwxrwxrwx 1 root root 30 Jul 20 04:46 /etc/rndc.key
-> /var/named/chroot/etc/rndc.key
Paul.
--
Paul Howarth <paul@xxxxxxxxxxxx>
