Red Hat Bugzilla – Bug 202012
rndc.conf change breaks working bind config
Last modified: 2007-11-16 20:14:46 EST
Description of problem:
A custom named.conf contains include "/etc/rndc.key"
rndc.conf prior to the U8 update also contained include "/etc/rndc.key"
The U8 update changes rndc.conf to include a hardcoded key statement instead of
This results in rndc nolonger being able to authenticate itself to named.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Existing named.conf must contain include "/etc/rndc.key"
2. Existing /etc/rndc.conf must be unmodified (so it will be updated during the
3. Upgrade from 9.2.4-7_EL3 to 9.2.4-14_EL3
4. service named status
rndc: connection to remote host closed
This may indicate that the remote server is using an older version of
the command protocol, this host is not authorized to connect,
or the key is invalid.
rndc status output
Checking a clean install of bind-9.2.4_14_EL3 on a pristine machine that's never
seen bind before also produces a non-working config. That is one where the
default named.conf includes /etc/rndc.key but /etc/rndc.conf hardcodes a
Thanks for the report.
from bind.spec file:
#%patch1 -p1 -b .key
# This patch now in 'bind-9.2.4-5.backport.patch'
This might be true but there is no bind-9.2.4-5.backport.patch in spec.
There is: Patch9: bind-9.2.4-5_backport.patch
which doesn't include necessary bits for rndc.conf patching.
Enabling Patch1 again fixes this problem.
Oh. and this same bug affects rhel-4U4 users.
Created attachment 134430 [details]
bind-9.2.1-key.patch really fixes this problem, unfortunately it isn't included
*** Bug 208237 has been marked as a duplicate of this bug. ***
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.