This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 496670 - 'rndc-confgen -a' generating invalid key
'rndc-confgen -a' generating invalid key
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: bind (Show other bugs)
rawhide
All Linux
low Severity medium
: ---
: ---
Assigned To: Adam Tkac
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-04-20 12:02 EDT by Mace Moneta
Modified: 2013-04-30 19:42 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-04-21 13:10:44 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Mace Moneta 2009-04-20 12:02:49 EDT
Description of problem:

When I run 'rndc-confgen -a' to generate a key for rndc, restart named, and run 'rndc status' I get:

# rndc status
rndc: connection to remote host closed
This may indicate that
* the remote server is using an older version of the command protocol,
* this host is not authorized to connect,
* the clocks are not synchronized, or
* the key is invalid.

If I copy the rndc file from another system, and restart named, rndc works.

Version-Release number of selected component (if applicable):

bind-9.6.1-0.1.b1.fc11.x86_64

How reproducible:

Aways

Steps to Reproduce:
1./usr/sbin/rndc-confgen -a
2.service named restart
3.rndc status
  
Actual results:

rndc: connection to remote host closed
This may indicate that
* the remote server is using an older version of the command protocol,
* this host is not authorized to connect,
* the clocks are not synchronized, or
* the key is invalid.

Expected results:

Status report

Additional info: When I generate a key under F10 (bind-9.5.1-2.P2.fc10.i386) it works.
Comment 1 Adam Tkac 2009-04-21 04:32:23 EDT
Could you check if you don't override default rndc key in your named.conf, please? (or attach here your controls {}; statement from named.conf)
Comment 2 Mace Moneta 2009-04-21 11:15:01 EDT
Here you go:

controls {
        inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
Comment 3 Mace Moneta 2009-04-21 13:10:44 EDT
I found the problem.  I'm using bind-chroot, but the symlink of /var/named/chroot/etc/rndc.key to /etc/rndc.key was broken.  As a result, when running 'rndc-confgen -a', there were two different keys.  I re-established the symlink and it's working now.  Closing as not a bug.

Note You need to log in before you can comment on or make changes to this bug.