Bug 107343 - /etc/rndc.key missing pre-generated key?
Summary: /etc/rndc.key missing pre-generated key?
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: bind (Show other bugs)
(Show other bugs)
Version: rawhide
Hardware: i586 Linux
medium
low
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Ben Levenson
URL:
Whiteboard:
Keywords:
Depends On:
Blocks: CambridgeBlocker
TreeView+ depends on / blocked
 
Reported: 2003-10-17 04:38 UTC by Daniel McNamara
Modified: 2007-11-30 22:10 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2003-10-17 14:44:10 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Daniel McNamara 2003-10-17 04:38:17 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624

Description of problem:
Possibly not a bug. But in previous versions of the Fedora core tests an install
of the bind package would create a pre-generated secret key in the /etc/rndc.key
file. In test 3 however this appears to missing with the file containing nothing
more than:

key "rndckey" {
        algorithm       hmac-md5;
        secret "@KEY@";
};

Lack of a pre-generated secret key means that named will not start
"out-of-the-box". I'm not sure if this was an oversight or a delibrate move to
force admins to create their own key.

Version-Release number of selected component (if applicable):
bind-9.2.2.P3-6

How reproducible:
Always

Steps to Reproduce:
1. Install minimal base of Fedora test 3
2. Install bind rpm
3. Attemtpt to start named - Although he start scripts claims success a check of
the logs shows that due to the lack of a proper secret key it exists.
    

Actual Results:  named failes to start with default config

Expected Results:  To get it to work out-of-the-box perhaps the key should be there?

Additional info:

Comment 1 Ryan Bowen 2003-10-17 13:42:15 UTC
I see the exact same behaviour : it appears like named starts ok, but exits due
to a fatal error due to the bade base64 encoding of the duff key in
/etc/rndc.key. This was not the case for RH8 or RH9; where a key was
auto-generated during install.

For Fedora Core 0.95 test 3, I used rndc-confgen and copied the proper base64
key to /etc/rndc.key, replacing "@KEY@". This creates a new key every time it's
run; but you do have to manually copy the key to the file. 

named now starts ok after the above key generation.

Comment 2 Daniel Walsh 2003-10-17 14:44:10 UTC
Fixed in bind-9.2.2.P3-8 on Rawhide.  You must uninstall and then reinstall, to
get the key generated.  Basically the install was changed to not do this on an
upgrade, but there was a bug.

Dan


Note You need to log in before you can comment on or make changes to this bug.