Red Hat Bugzilla – Bug 768798
Bind does not provide /etc/rndc.key
Last modified: 2013-05-22 03:26:01 EDT
Description of problem: Package bind-9.7.3-2.el6_1.P3.3.x86_64 (maybe others) does not provide /etc/rndc.key Without /etc/rndc.key is impossible to run rndc commands, as shown: [root@michelangelo ~]# rndc status rndc: neither /etc/rndc.conf nor /etc/rndc.key was found Version-Release number of selected component (if applicable): bind-9.7.3-2.el6_1.P3.3.x86_64 How reproducible: rpm2cpio bind-9.7.3-2.el6_1.P3.3.x86_64.rpm | cpio -t | grep rndc.key Actual results: <none> Expected results: ./etc/rndc.key Additional info: Although "rpm -qlp <pkg.rpm>" reports the existence of this file, it does not exist. Tests executed on CentOS 6, fresh install. http://bugs.centos.org/view.php?id=5311
Previously, rndc.key was generated during package installation (via `rndc-confgen -a` command), but this feature was removed in RHEL 6.1 because users reported that installation of bind package sometimes hung due to lack of entropy in /dev/random. I will check if it makes sense to add rndc.key generation into initscript, like sshd generates host RSA/DSA keys.
Adam, will the key generation block service start? Can you (sys?)log the key generation to make users aware of it?
(In reply to comment #5) > Adam, will the key generation block service start? Can you (sys?)log the key > generation to make users aware of it? Yes, key generation will block service start. I will add message which informs user about it.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2012-0830.html