Re: [SLUG] bind: rndc setup, where the keygen files go ?
> Voytek wrote: >>yes, I have, though, that's a bit of a moot point at this time, as, I >>can't even reload named, so, whatever change I make, won't get reflected >>till I can control named > You do not need to have named running to check your zone files and the > rest of > it including your configuration. > > Also, examine the following files: > > 1. /etc/sysconfig/named empty, except for comments > 2. /etc/init.d/named on 1st look, that will start/stop bind without rndc, but, uses rnds for other functions... I think..? I should've tried it before I gave up, maybe > 3. /var/log/messages after starting named and especially when it fails. it was essentially pointing out that authentication was failing Oscar, I've given up on trying to make it work (once I've figured out how to disable the key requirements...) fwiw, the bind and zones are seemingly OK, as, the dns server is working fine, as master dns I'll try it again at another time... maybe... -- Voytek -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] bind: rndc setup, where the keygen files go ?
Voytek wrote: yes, I have, though, that's a bit of a moot point at this time, as, I can't even reload named, so, whatever change I make, won't get reflected till I can control named You do not need to have named running to check your zone files and the rest of it including your configuration. Also, examine the following files: 1. /etc/sysconfig/named 2. /etc/init.d/named 3. /var/log/messages after starting named and especially when it fails. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] bind: rndc setup, where the keygen files go ?
> Did you check the following: > 1. Your zone files to confirm that your target DNS > are precisely correct. Oscar, yes, I have, though, that's a bit of a moot point at this time, as, I can't even reload named, so, whatever change I make, won't get reflected till I can control named > > 2. Your /etc/resolve.conf points to these DNS and > nothing more and nothing less. > > 3. Your rndc.conf and rndc.key are in the right > place. They may not always be in /etc/. They > maybe in other directory like, I think my rndc key is the problem, but, I've tried it now every which way I could think of, with no success -- Voytek -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] bind: rndc setup, where the keygen files go ?
Voytek wrote: well, using the docs you pointed out, it does tell me that the file is not required, but, I'm still not getting past 'connect failed: connection refused' This rings a very familiar bell - just a few weeks ago someone reportted exactly the same error (which says that nobody is listening on that port) with that application. Could it be that your dns server doesn't listen on that port? Or maybe rndc tries to connect to the wrong host/port? Try digging up the archives of the last month or two. Cheers, --Amos -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] bind: rndc setup, where the keygen files go ?
Did you check the following:
1. Your zone files to confirm that your target DNS
are precisely correct.
2. Your /etc/resolve.conf points to these DNS and
nothing more and nothing less.
3. Your rndc.conf and rndc.key are in the right
place. They may not always be in /etc/. They
maybe in other directory like,
/var/named/chroot/etc
if you are running change-rooted DNS, etc.
and depending on your named.conf.
Voytek wrote:
Have you read,
http://ops.ietf.org/dns/dynupd/secure-ddns-howto.html
Oscar,
no, not until now
I was using RedHat's ReferenceGuide/s1-bind-rndc.html
well, using the docs you pointed out, it does tell me that the file is not
required, but, I'm still not getting past
'connect failed: connection refused'
obviously, I'm still missing something:
named.conf includes:
.
controls {
inet 127.0.0.1 allow { localhost; } keys { sbt.net.au; };
};
include "/etc/rndc.key";
.
rndc.key has:
key "sbt.net.au" {
algorithm hmac-md5;
secret "stuff removed";
};
rndc.conf has:
options {
default-server localhost;
default-key "sbt.net.au";
};
server localhost {
key "sbt.net.au";
};
key "sbt.net.au" {
algorithm hmac-md5;
secret "stuff removed";
};
but, all I get is:
# rndc status
rndc: connect failed: connection refused
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] bind: rndc setup, where the keygen files go ?
>
> Have you read,
> http://ops.ietf.org/dns/dynupd/secure-ddns-howto.html
Oscar,
no, not until now
I was using RedHat's ReferenceGuide/s1-bind-rndc.html
well, using the docs you pointed out, it does tell me that the file is not
required, but, I'm still not getting past
'connect failed: connection refused'
obviously, I'm still missing something:
named.conf includes:
.
controls {
inet 127.0.0.1 allow { localhost; } keys { sbt.net.au; };
};
include "/etc/rndc.key";
.
rndc.key has:
key "sbt.net.au" {
algorithm hmac-md5;
secret "stuff removed";
};
rndc.conf has:
options {
default-server localhost;
default-key "sbt.net.au";
};
server localhost {
key "sbt.net.au";
};
key "sbt.net.au" {
algorithm hmac-md5;
secret "stuff removed";
};
but, all I get is:
# rndc status
rndc: connect failed: connection refused
--
Voytek
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] bind: rndc setup, where the keygen files go ?
Have you read, http://ops.ietf.org/dns/dynupd/secure-ddns-howto.html ??? Voytek wrote: Hi all, I'm trying to config bind on RH73, the rndc setup the docs tell me to generate some key with something like: # dnssec-keygen -a hmac-md5 -b 256 -n HOST my_dns Kmy_dns.+157+23903 that makes a couple of files like so # ls Kmy_dns.+157+23903.key Kmy_dns.+157+23903.private is there any special place to keep these files ? '/etc' ? in the rndc.conf directives: do I use the name I gave it, like: 'my_dns' ? or, do I use the file names returned by dnssec-keygen, like, 'Kmy_dns.+157+23903' ? whatever I use, I get: rndc reload rndc: no key definition for name my_dns rndc: no key definition for name Kmy_dns -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
[SLUG] bind: rndc setup, where the keygen files go ?
Hi all, I'm trying to config bind on RH73, the rndc setup the docs tell me to generate some key with something like: # dnssec-keygen -a hmac-md5 -b 256 -n HOST my_dns Kmy_dns.+157+23903 that makes a couple of files like so # ls Kmy_dns.+157+23903.key Kmy_dns.+157+23903.private is there any special place to keep these files ? '/etc' ? in the rndc.conf directives: do I use the name I gave it, like: 'my_dns' ? or, do I use the file names returned by dnssec-keygen, like, 'Kmy_dns.+157+23903' ? whatever I use, I get: rndc reload rndc: no key definition for name my_dns rndc: no key definition for name Kmy_dns -- Voytek -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
