If you do not generate the RNDC keyI get the following result in SSH[code][2.3.3-RELEASE][r...@ns.vnet]/root: rndc statusrndc: neither /usr/local/etc/namedb/rndc.conf nor /usr/local/etc/namedb/rndc.key was found[2.3.3-RELEASE][r...@ns.vnet]/root:[/code]I generated the key using the following command[code]'rndc-confgen -a' to generate the proper conf file, with a new ** random key, and appropriate file permissions. [/code]As described here[CODE]*********************************************************************** _ _____ _____ _____ _ _ _____ ___ ___ _ _ ** / \|_ _|_ _| ____| \ | |_ _|_ _/ _ \| \ | | ** / _ \ | | | | | _| | \| | | | | | | | | \| | ** / ___ \| | | | | |___| |\ | | | | | |_| | |\ | ** /_/ \_\_| |_| |_____|_| \_| |_| |___\___/|_| \_| ** ** BIND requires configuration of rndc, including a "secret" key. ** The easiest, and most secure way to configure rndc is to run ** 'rndc-confgen -a' to generate the proper conf file, with a new ** random key, and appropriate file permissions. ** ** The /usr/local/etc/rc.d/named script will do that for you. ** **********************************************************************[/CODE]Follows the command output at the terminal[code][2.3.3-RELEASE][r...@ns.vnet]/root: rndc-confgen -awrote key file "/usr/local/etc/namedb/rndc.key"[2.3.3-RELEASE][r...@ns.vnet]/root:[/code]I tested the connection with the RNDC Status command[code][2.3.3-RELEASE][r...@ns.vnet]/root: rndc statusrndc: connection to remote host closedThis may indicate that* the remote server is using an older version of the command protocol,* this host is not authorized to connect,* the clocks are not synchronized,* the key signing algorithm is incorrect, or* the key is invalid.[2.3.3-RELEASE][r...@ns.vnet]/root:[/code]At this point I know I need to just put the key generated by rndc-confgen -a in the named.conf fileAnd here is the big problemI have two named.conf filesOne is in chroot And should not be edited, lookAnd another named.conf in /usr/local/etc/namedb/named.conf look this original file in http://txt.do/d138n I do not know where to enter rndc-key UPDATE* I was looking at the named fileWhich is in/usr/local/etc/rc.d/namedI saw that there is a line talking about rndc[code] # Create an rndc.key file for the user if none exists # confgen_command="${_named_program_root}/sbin/rndc-confgen -a -b256 -u ${named_uid} \ -c ${_named_confdir}/rndc.key" if [ -s "${_named_confdir}/rndc.conf" ]; then unset confgen_command fi if [ -s "${_named_confdir}/rndc.key" ]; then case `stat -f%Su ${_named_confdir}/rndc.key` in root|${named_uid}) ;; *) ${confgen_command} ;; esac else ${confgen_command} fi[/code] I also noticed that even deleting the named.conf and rndc.conf files from the /cf/ directory which is the bind chrootThey are recreated again, but the rndc key is not the same as that generated with rndc-confgen -aSo rdnc can not connect and so the above errorsIn this script http://pasted.co/3bc490e3 would it be possible for me to tell him where he should get the rndc.conf files and the key?Sorry for my ignorance, but really I am not aware enough for this change.And I appreciate all the help _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
