> On Sat, 2005-12-17 at 13:24 -0300, |Lord_Zoo| wrote: > > So, then, I should not use rndc with bind? > > You can. You can use it as you want to. I've used it to stop the > server, you should also be able to get it to refresh/reload slaves zones > from the master, but I've had marginal success with that (yes, I have > got the keys set right, if anybody's about to make that suggestion). Most of the refresh/reload problems I have encountered were caused because I neglected to give the new Zone file a new higher, serial number in the Start of Authority (SOA) record. BTW, I use a 10 digit number generated from YYYMMDDNN. where YYYYMMDD is the year month and day of the update and NN is the number of changes on the date. NN is helpful, if like me you do not always type accurately. At my former job we did occasionally update the tables more than once a day. There are other related matters affecting zone transfers. The refresh and retry times in the SOA, and also the send notifies configuration item in the named.conf. A confession: After getting things (keys and configuration items) set up, and assuming that there are NO typos in the zone file(s) the zone transfers work flawlessly. How do I know? I check every one, "Just to be sure." :-) I also used rndc to reload the tables and obtain status, but I used /etc/init.d/named [start/stop/restart/status/reload] to accomplish the tasks to invoke rndc. > > If so, then this could be more easier, since I then I could assign an > > ACL of the server to wich send transfers or get from. > > Ideally, you want your systms to take care of themselves. Properly > setting up master and slave servers will do that. > > > The question is because, by default, bind come with rndc in fedora, > > and I don't wanted to create a new problem by disabling it. > > It's just a tool, there's no obligation to use it. You don't really > have to disable it either, as you can set named to only pay attention to > rndc on the local box (i.e. not be exploitable, remotely). IIRC it is true that you will need to check and/or configure the key on that system. It has been a long time since I had to set up a completely fresh DNS server. dlg > -- > Don't send private replies to my address, the mailbox is ignored. > I read messages from the public lists. > > -- > fedora-list mailing list > fedora-list@xxxxxxxxxx > To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list