Just spent a bit of time on missing a subtle rndc issue with Bind 9.9.1's control block -- either I'm missing a better way to do this, or perhaps bind should more appropriately issue a warning or fail to load instead of silently accepted my bad control block.
I did RTFM, and until I'd spent a bunch of time playing with permutations, I missed the subtle hints in the documentation. Perhaps I still am, in which case, I welcome a cleaner way to do this. Ultimately I believe the issues to be that 1) you can't use the same control port (993) for more than one inet statement and 2) using more than one key isn't going to work. I initially wanted the following, but had issues with getting rndc status to work from both places: controls { inet * port 953 allow { localhost; authorized-controllers; } keys { rndc-key; masterkey; }; }; Also tried: controls { inet 127.0.0.1 allow { localhost; } keys { rndc-key; }; inet * port 953 allow { authorized-controllers; } keys { masterkey; }; }; Ultimately it had to be set up as: controls { inet 127.0.0.1 port 953 allow { localhost; } keys { rndc-key; }; inet * port 9953 allow { authorized-controllers; } keys { masterkey; }; }; Is there a cleaner way (that works!) to set this up? If not, could it be made to work, or documentation/warnings be created to pound such ideas out of my head in the future?
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users