Bug 496670

Summary: 'rndc-confgen -a' generating invalid key
Product: [Fedora] Fedora Reporter: Mace Moneta <moneta.mace>
Component: bindAssignee: Adam Tkac <atkac>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: rawhideCC: atkac, moneta.mace, ovasik, pwouters
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-04-21 17:10:44 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Mace Moneta 2009-04-20 16:02:49 UTC
Description of problem:

When I run 'rndc-confgen -a' to generate a key for rndc, restart named, and run 'rndc status' I get:

# rndc status
rndc: connection to remote host closed
This may indicate that
* the remote server is using an older version of the command protocol,
* this host is not authorized to connect,
* the clocks are not synchronized, or
* the key is invalid.

If I copy the rndc file from another system, and restart named, rndc works.

Version-Release number of selected component (if applicable):

bind-9.6.1-0.1.b1.fc11.x86_64

How reproducible:

Aways

Steps to Reproduce:
1./usr/sbin/rndc-confgen -a
2.service named restart
3.rndc status
  
Actual results:

rndc: connection to remote host closed
This may indicate that
* the remote server is using an older version of the command protocol,
* this host is not authorized to connect,
* the clocks are not synchronized, or
* the key is invalid.

Expected results:

Status report

Additional info: When I generate a key under F10 (bind-9.5.1-2.P2.fc10.i386) it works.

Comment 1 Adam Tkac 2009-04-21 08:32:23 UTC
Could you check if you don't override default rndc key in your named.conf, please? (or attach here your controls {}; statement from named.conf)

Comment 2 Mace Moneta 2009-04-21 15:15:01 UTC
Here you go:

controls {
        inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};

Comment 3 Mace Moneta 2009-04-21 17:10:44 UTC
I found the problem.  I'm using bind-chroot, but the symlink of /var/named/chroot/etc/rndc.key to /etc/rndc.key was broken.  As a result, when running 'rndc-confgen -a', there were two different keys.  I re-established the symlink and it's working now.  Closing as not a bug.