Bug 768798

Summary: Bind does not provide /etc/rndc.key
Product: Red Hat Enterprise Linux 6 Reporter: Alexandre Ventura <ventura10>
Component: bindAssignee: Adam Tkac <atkac>
Status: CLOSED ERRATA QA Contact: qe-baseos-daemons
Severity: high Docs Contact:
Priority: medium    
Version: 6.4CC: azelinka, jpazdziora, ovasik
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 829827 (view as bug list) Environment:
Last Closed: 2012-06-20 13:40:39 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 829827    

Description Alexandre Ventura 2011-12-19 00:32:50 UTC 
Description of problem:
Package bind-9.7.3-2.el6_1.P3.3.x86_64 (maybe others) does not provide
/etc/rndc.key

Without /etc/rndc.key is impossible to run rndc commands, as shown:

[root@michelangelo ~]# rndc status
rndc: neither /etc/rndc.conf nor /etc/rndc.key was found

Version-Release number of selected component (if applicable):
bind-9.7.3-2.el6_1.P3.3.x86_64

How reproducible:
rpm2cpio bind-9.7.3-2.el6_1.P3.3.x86_64.rpm | cpio -t | grep rndc.key
  
Actual results:
<none>

Expected results:
./etc/rndc.key

Additional info:
Although "rpm -qlp <pkg.rpm>" reports the existence of this file, it does not exist.
Tests executed on CentOS 6, fresh install.
http://bugs.centos.org/view.php?id=5311
Comment 2 Adam Tkac 2011-12-19 09:49:06 UTC 
Previously, rndc.key was generated during package installation (via `rndc-confgen -a` command), but this feature was removed in RHEL 6.1 because users reported that installation of bind package sometimes hung due to lack of entropy in /dev/random.

I will check if it makes sense to add rndc.key generation into initscript, like sshd generates host RSA/DSA keys.
Comment 5 Ales Zelinka 2011-12-24 16:41:20 UTC 
Adam, will the key generation block service start? Can you (sys?)log the key generation to make users aware of it?
Comment 6 Adam Tkac 2012-01-02 10:55:44 UTC 
(In reply to comment #5)
> Adam, will the key generation block service start? Can you (sys?)log the key
> generation to make users aware of it?

Yes, key generation will block service start. I will add message which informs user about it.
Comment 11 errata-xmlrpc 2012-06-20 13:40:39 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0830.html