As bind-9.1.3-4 ships in Red Hat Linux release 7.2 (Enigma), the settings in /etc/rndc.conf and named.conf are not immediately functional. The following works (with the secret key elided). A working setup should be included in /usr/share/doc/bind-9.?.? as perhaps: 'WORKING_conf' [root@... bin]# rpm -q bind ; cat /etc/named.conf ; \ echo "==========" ; cat /etc/rndc.conf bind-9.1.3-4 options { directory "/var/named"; /* * If there is a firewall between you and nameservers you want * to talk to, you might need to uncomment the query-source * directive below. Previous versions of BIND always asked * questions using port 53, but BIND 8.1 uses an unprivileged * port by default. */ // query-source address * port 53; recursion no; allow-transfer {127.0.0.1 ; } ; }; key "rndckey" { algorithm hmac-md5; secret "ao<elided>Ab"; }; controls { inet * allow { localhost; } keys { rndckey; }; }; zone "." { type hint; file "named.ca"; }; zone "0.0.127.in-addr.arpa" { type master; file "named.local"; }; zone "inputs.orbz.org" { type slave; file "inputs.orbz.org.db"; masters { 205.231.149.25; }; }; zone "outputs.orbz.org" { type slave; file "outputs.orbz.org.db"; masters { 205.231.149.25; }; }; ========== /* * Copyright (C) 2000, 2001 Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ /* $Id: rndc.conf,v 1.6.4.1 2001/01/09 22:32:57 bwelling Exp $ */ /* * Sample rndc configuration file. */ options { default-server localhost ; default-key "rndckey"; }; server localhost { key "rndckey"; }; key "rndckey" { algorithm hmac-md5; secret " "ao<elided>Ab"; }; ------------------ example ends ----------------------- -- Russ Herrold