From Bugzilla Helper: User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.1b) Gecko/20020805 Description of problem: When upgrading to the new errata packages for bind, my /etc/rndc.key file got overwritten with the last 4 lines of /etc/rndc.conf. This wouldn't have been so bad if I hadn't modified /etc/rndc.conf ... Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1.modify rndc.conf to add something to the end of the file 2.install bind errata (bind-9.2.1-1.7x.2.i386.rpm) Actual Results: rndc.key gets overwritten with the last 4 lines of rndc.conf (which may not be a valid "key" section). Expected Results: rndc.key stays the same. Additional info: I had been having some trouble getting the rndc command to work, so had played around with the config files a bit. I eventually got it working (added the missing include "/etc/rndc.key"; line in named.conf). While trying to fix it, I also modified the rndc.conf file (changed it to use an include statement like in named.conf -- which seemed like a good idea to ensure that named and rndc were using the same key). After applying the errata update, the rndc.key file contained the following: --- Cut here --- }; include "/etc/rndc.key"; --- Cut here --- By the way, have you considered structuring the config files this way? (an include statement in both named.conf and rndc.conf). This way it wouldn't be necessary to restrict read access to /etc/rndc.conf (since the vulnerable data would only be in /etc/rndc.key).
Fixed in bind-9.2.1-14 rndc.key is a totally separate file now. Dan