Bug 841316 - init daemon uses wrong path if /etc/rndc.conf exists
init daemon uses wrong path if /etc/rndc.conf exists
Status: CLOSED DUPLICATE of bug 997743
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: bind (Show other bugs)
All Linux
unspecified Severity medium
: rc
: ---
Assigned To: Tomáš Hozza
: Patch
Depends On:
Blocks: 1070830
  Show dependency treegraph
Reported: 2012-07-18 12:34 EDT by Timothy
Modified: 2014-04-23 10:21 EDT (History)
2 users (show)

See Also:
Fixed In Version: bind-9.8.2-0.26.rc1.el6
Doc Type: Bug Fix
Doc Text:
Cause: The named initscript checks the existence of rndc.key file on the server start-up. Consequence: User having a custom rndc configuration may include a key from a file located in other than the default place. In such situation the initsctipt generates a rndc.key in the default location even if it is not needed and used. Fix: The initscript was fixed to check for include statement with "rndc.key" in the rndc configuration before generating the rndc.key file. Result: As a result, if user has a custom rndc configuration including a rndc.key file from other than the default location, then the initscript will not generate a rndc.key file in the default location during the server start-up
Story Points: ---
Clone Of:
Last Closed: 2014-04-23 10:21:32 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Patch that should fix the described problem (1.24 KB, patch)
2012-07-18 12:34 EDT, Timothy
no flags Details | Diff
Generate rndc.key only if there is NO custom rndc.conf with path (1.02 KB, patch)
2013-04-08 06:59 EDT, Tomáš Hozza
atkac: review+
Details | Diff

  None (edit)
Description Timothy 2012-07-18 12:34:18 EDT
Created attachment 598934 [details]
Patch that should fix the described problem

Description of problem:
When starting or restarting bind, there is always a new key generetad in /etc/rndc.key. This is wrong because I have specified a path in /etc/rndc.conf. My key is located in /etc/named/rndc.key.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Use a config file for rndc, rndc.conf, that looks like this
# rndc.conf
include "/etc/named/rndc.key";

options {
        default-key "rndc.key";
        default-port 953;
2. restart bind 
Actual results:
a key is generated in /etc/rndc.key

Expected results:
no key in /etc/rndc.key

Additional info:
There are two problems here:
- depending on machine type, this can take a rather long time (using a virtual machine, it takes more than one minute)
- We have a third party tool which always tries to take the key in /etc/rndc.key if this key exists. It refuses to work, because, it takes the wrong key when a new one is generated...
I've attached a patch which could you give a better hint of what I mean.
Comment 2 Adam Tkac 2012-09-05 08:13:56 EDT
I'm still not sure about the patch but you are right this is a bug. Thanks for the report!
Comment 4 Tomáš Hozza 2013-04-08 06:59:34 EDT
Created attachment 732640 [details]
Generate rndc.key only if there is NO custom rndc.conf with path

Basically if you need to have custom rndc.conf with path to rndc.key then you
should also generate the key by yourself.

The attached patch changes initscript behaviour so that now the rndc.key will
be generated in /etc only if there is no rndc.key AND there is no /etc/rndc.conf
with "include" line with the path to rndc.key.
Comment 6 RHEL Product and Program Management 2013-10-13 20:33:37 EDT
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated
in the current release, Red Hat is unable to address this
request at this time.

Red Hat invites you to ask your support representative to
propose this request, if appropriate, in the next release of
Red Hat Enterprise Linux.

Note You need to log in before you can comment on or make changes to this bug.