Bug 768798 - Bind does not provide /etc/rndc.key
Summary: Bind does not provide /etc/rndc.key
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: bind
Version: 6.4
Hardware: x86_64
OS: Linux
Target Milestone: rc
: ---
Assignee: Adam Tkac
QA Contact: qe-baseos-daemons
Depends On:
Blocks: 829827
TreeView+ depends on / blocked
Reported: 2011-12-19 00:32 UTC by Alexandre Ventura
Modified: 2013-05-22 07:26 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 829827 (view as bug list)
Last Closed: 2012-06-20 13:40:39 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2012:0830 0 normal SHIPPED_LIVE bind bug fix and enhancement update 2012-06-19 20:49:20 UTC

Description Alexandre Ventura 2011-12-19 00:32:50 UTC
Description of problem:
Package bind-9.7.3-2.el6_1.P3.3.x86_64 (maybe others) does not provide

Without /etc/rndc.key is impossible to run rndc commands, as shown:

[root@michelangelo ~]# rndc status
rndc: neither /etc/rndc.conf nor /etc/rndc.key was found

Version-Release number of selected component (if applicable):

How reproducible:
rpm2cpio bind-9.7.3-2.el6_1.P3.3.x86_64.rpm | cpio -t | grep rndc.key
Actual results:

Expected results:

Additional info:
Although "rpm -qlp <pkg.rpm>" reports the existence of this file, it does not exist.
Tests executed on CentOS 6, fresh install.

Comment 2 Adam Tkac 2011-12-19 09:49:06 UTC
Previously, rndc.key was generated during package installation (via `rndc-confgen -a` command), but this feature was removed in RHEL 6.1 because users reported that installation of bind package sometimes hung due to lack of entropy in /dev/random.

I will check if it makes sense to add rndc.key generation into initscript, like sshd generates host RSA/DSA keys.

Comment 5 Ales Zelinka 2011-12-24 16:41:20 UTC
Adam, will the key generation block service start? Can you (sys?)log the key generation to make users aware of it?

Comment 6 Adam Tkac 2012-01-02 10:55:44 UTC
(In reply to comment #5)
> Adam, will the key generation block service start? Can you (sys?)log the key
> generation to make users aware of it?

Yes, key generation will block service start. I will add message which informs user about it.

Comment 11 errata-xmlrpc 2012-06-20 13:40:39 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.