On 27-Jan-2011, at 10:39 AM, donovan jeffrey j wrote:
> Greetings
>
> it has been a while since I have worked with named, and Ive seemed to wrap
> myself in a key confusion.
>
> I had some issue with an invalid key so i ran rndc-confgen -a which gave me a
> new key in /etc/rndc.key.
> so now rndc works fine.
>
> but when looked at /etc/rndc.conf the key was different than the
> /etc/rndc.key. i thought they had to be the same for this to work. I'm
> assuming that i should replace the key the rndc.conf, or maybe it's not
> needed since I'm loading directly from named.conf ?
You can just copy the key from rndc.key to rndc.conf. It's suppose to be the
same. If you don't invoke -a, it actually needed you to create it manually.
>
> any insight or flames welcome.
> -j
>
> config below;
>
> named.conf
>
> //
> // Include keys file
> //
> include "/etc/rndc.key";
>
> controls {
> inet 127.0.0.1 port 1234 allow { localhost; } keys { rndc-key; };
> };
>
>
> options {
> include "/usr/local/named/options";
> };
>
> logging {
> include "/usr/local/named/loggingOptions.conf";
> };
>
> include "/etc/dns/privateView.conf.basd";
>
>
> rndc.conf
>
> # Start of rndc.conf
> key "rndc-key" {
> algorithm hmac-md5;
> secret "xxx...Bmw==";
> };
>
> options {
> default-key "rndc-key";
> default-server 127.0.0.1;
> default-port 1234;
> };
> # End of rndc.conf
>
>
> rndc.key
> key "rndc-key" {
> algorithm hmac-md5;
> secret "yyy,,,,,,3MA==";
> };
>
>
> ## end
> _______________________________________________
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
