On Monday 08 August 2005 2:34 am, Paul Howarth wrote:
> On Sun, 2005-08-07 at 21:24 -0400, Claude Jones wrote:
> > rdnc.key looks like this:
> >
> > key "rndckey" {
> > algorithm hmac-md5;
> > secret
> > "cQQ08BlDIxazAR3ojoKFZWaH8f_long_string....................."; };
> >
> >
> > named.conf - the relevant section - looks like this:
> >
> > include "/etc/rndc.key";
> > key "rndckey" {
> > algorithm hmac-md5;
> > secret "sKXHs69HcF7C63BQLGNVQA==";
> > };
>
> There's your problem. The 'include "/etc/rndc.key"' is there so that
> your named.conf and rndc.conf can share a secret (both include the same
> file). However, your named.conf then introduces a new version of the
> same key, with what appears to be too short a secret. Try removing the
> lines:
>
> key "rndckey" {
> algorithm hmac-md5;
> secret "sKXHs69HcF7C63BQLGNVQA==";
> };
>
> > The only rdnc.conf file I can find is in /etc
> > It looks like this:
> >
> > options {
> > default-server localhost;
> > default-key "rndckey";
> > };
> >
> > server localhost {
> > key "rndckey";
> > };
> >
> > include "/etc/rndc.key";
> >
> > This is pointing to the wrong file, no? Shouldn't it be pointing to the
> > rndc.key file in /var/named/chroot/etc ????
>
> /etc/rndc.key should be a symlink to the one in the chroot:
>
> # ls -l /etc/rndc.key
> lrwxrwxrwx 1 root root 30 Jul 20 04:46 /etc/rndc.key
> -> /var/named/chroot/etc/rndc.key
Some progress: I deleted the lines you suggested from named.conf and I removed
the rndc.key from /etc, then created a symlink in /etc to the rndc.key file
in /var/named/chroot/etc
Now, I get the following when I restart named:
[root@viewridgeproductions2 ~]# service named restart
Stopping named: [FAILED]
Starting named: [ OK ]
[root@viewridgeproductions2 ~]#
It can't stop the service, but it can start it now...
This hasn't cured the original problem which started this whole thread, but,
fixing broken things, even if only partially, is good ;-)
--
Claude Jones
Bluemont, VA, USA
