Bug 27442
| Summary: | rndc doesn't work | ||
|---|---|---|---|
| Product: | [Retired] Red Hat Linux | Reporter: | Chris Ricker <chris.ricker> |
| Component: | bind | Assignee: | Bernhard Rosenkraenzer <bero> |
| Status: | CLOSED RAWHIDE | QA Contact: | David Lawrence <dkl> |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | 7.1 | CC: | dr |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2001-06-21 22:21:11 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
This defect is considered MUST-FIX for Florence Release-Candidate #2 Fixed in 9.1.0-4 This doesn't seems to be fixed with bind-9.1.0-10 (7.1 package). I had to name
my key something other than "key" (such as "rndc_key") and set up the "control"
block to read:
controls {
inet 127.0.0.1 allow { localhost; } keys { rndc_key; };
};
Then, I had to got to /etc/rndc.conf and change the name of the key in three
places to "rndc_key" and reload named. Finally, rndc would work.
Is this normal? Seems like a bug to me...
bind doesn't have anything to do with the named.conf file (except that it reads and parses it). I've fixed up caching-nameserver now. |
BIND 9 replaces ndc with rndc. By default, the RPMs have rndc configured to work (kinda; the "default_key" and "key" names need to be something besides "key" as named sees that as a reserved term apparently; I've been naming them rndc_key in both rndc.conf and named.conf with good results), but they don't have named configured to work with rndc. At least the following needs to be added to /etc/named.conf: controls { inet 127.0.0.1 allow { localhost; } keys { rndc_key; }; }; key "rndc_key" { algorithm hmac-md5; secret "<same secret as in /etc/rndc.conf>"; }; where, obviously, the <same secret as in /etc/rndc.conf> is replaced with the actual secret from rndc.conf. Without the controls statement, named won't even be listening for rndc commands. Without the key statement, it won't be able to accept rndc commands from the local host. There are probably also changes that need to be made to the bindconf package to accomodate the rndc behavior, but I haven't had time to try it yet and see.... As shipped, though, bind is fundamentally broken if rndc doesn't work out-of-the-box on the local host.