Bug 768798 - Bind does not provide /etc/rndc.key
Bind does not provide /etc/rndc.key
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: bind (Show other bugs)
6.4
x86_64 Linux
medium Severity high
: rc
: ---
Assigned To: Adam Tkac
qe-baseos-daemons
:
Depends On:
Blocks: 829827
  Show dependency treegraph
 
Reported: 2011-12-18 19:32 EST by Alexandre Ventura
Modified: 2013-05-22 03:26 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 829827 (view as bug list)
Environment:
Last Closed: 2012-06-20 09:40:39 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Alexandre Ventura 2011-12-18 19:32:50 EST
Description of problem:
Package bind-9.7.3-2.el6_1.P3.3.x86_64 (maybe others) does not provide
/etc/rndc.key

Without /etc/rndc.key is impossible to run rndc commands, as shown:

[root@michelangelo ~]# rndc status
rndc: neither /etc/rndc.conf nor /etc/rndc.key was found

Version-Release number of selected component (if applicable):
bind-9.7.3-2.el6_1.P3.3.x86_64

How reproducible:
rpm2cpio bind-9.7.3-2.el6_1.P3.3.x86_64.rpm | cpio -t | grep rndc.key
  
Actual results:
<none>

Expected results:
./etc/rndc.key

Additional info:
Although "rpm -qlp <pkg.rpm>" reports the existence of this file, it does not exist.
Tests executed on CentOS 6, fresh install.
http://bugs.centos.org/view.php?id=5311
Comment 2 Adam Tkac 2011-12-19 04:49:06 EST
Previously, rndc.key was generated during package installation (via `rndc-confgen -a` command), but this feature was removed in RHEL 6.1 because users reported that installation of bind package sometimes hung due to lack of entropy in /dev/random.

I will check if it makes sense to add rndc.key generation into initscript, like sshd generates host RSA/DSA keys.
Comment 5 Ales Zelinka 2011-12-24 11:41:20 EST
Adam, will the key generation block service start? Can you (sys?)log the key generation to make users aware of it?
Comment 6 Adam Tkac 2012-01-02 05:55:44 EST
(In reply to comment #5)
> Adam, will the key generation block service start? Can you (sys?)log the key
> generation to make users aware of it?

Yes, key generation will block service start. I will add message which informs user about it.
Comment 11 errata-xmlrpc 2012-06-20 09:40:39 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0830.html

Note You need to log in before you can comment on or make changes to this bug.