Red Hat Bugzilla – Bug 768798
Bind does not provide /etc/rndc.key
Last modified: 2013-05-22 03:26:01 EDT
Description of problem:
Package bind-9.7.3-2.el6_1.P3.3.x86_64 (maybe others) does not provide
Without /etc/rndc.key is impossible to run rndc commands, as shown:
[root@michelangelo ~]# rndc status
rndc: neither /etc/rndc.conf nor /etc/rndc.key was found
Version-Release number of selected component (if applicable):
rpm2cpio bind-9.7.3-2.el6_1.P3.3.x86_64.rpm | cpio -t | grep rndc.key
Although "rpm -qlp <pkg.rpm>" reports the existence of this file, it does not exist.
Tests executed on CentOS 6, fresh install.
Previously, rndc.key was generated during package installation (via `rndc-confgen -a` command), but this feature was removed in RHEL 6.1 because users reported that installation of bind package sometimes hung due to lack of entropy in /dev/random.
I will check if it makes sense to add rndc.key generation into initscript, like sshd generates host RSA/DSA keys.
Adam, will the key generation block service start? Can you (sys?)log the key generation to make users aware of it?
(In reply to comment #5)
> Adam, will the key generation block service start? Can you (sys?)log the key
> generation to make users aware of it?
Yes, key generation will block service start. I will add message which informs user about it.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.