From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.1b) Gecko/20020805

Description of problem:
When upgrading to the new errata packages for bind, my /etc/rndc.key file got
overwritten with the last 4 lines of /etc/rndc.conf.  This wouldn't have been so
bad if I hadn't modified /etc/rndc.conf ...

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1.modify rndc.conf to add something to the end of the file
2.install bind errata (bind-9.2.1-1.7x.2.i386.rpm)

	

Actual Results:  rndc.key gets overwritten with the last 4 lines of rndc.conf
(which may not be a valid "key" section).

Expected Results:  rndc.key stays the same.

Additional info:

I had been having some trouble getting the rndc command to work, so had played
around with the config files a bit.

I eventually got it working (added the missing include "/etc/rndc.key"; line in
named.conf).  While trying to fix it, I also modified the rndc.conf file
(changed it to use an include statement like in named.conf -- which seemed like
a good idea to ensure that named and rndc were using the same key).

After applying the errata update, the rndc.key file contained the following:
--- Cut here ---
};

include "/etc/rndc.key";

--- Cut here ---

By the way, have you considered structuring the config files this way? (an
include statement in both named.conf and rndc.conf).  This way it wouldn't be
necessary to restrict read access to /etc/rndc.conf (since the vulnerable data
would only be in /etc/rndc.key).