13.9.2011 18:53, Bob Proulx kirjoitti: > Jari Fredriksson wrote: >> 13.9.2011 7:01, Bob Proulx kirjoitti: >>> Jari Fredriksson wrote: >>>> jarif@spitfire:~$ sudo rndc stop >>>> WARNING: key file (/etc/bind/rndc.key) exists, but using default >>>> configuration file (/etc/bind/rndc.conf) >>> >>> That should not produce that warning. A default installation does not >>> have the file /etc/bind/rndc.conf present. Do you have it? Where did >>> it come from? Try moving it out of the way. >>> >>>> And, it stopped immediately! This is strange, why does it not stop when >>>> rebooting... >>> >>> I expected that it would fail and not stop the named. The >>> /etc/init.d/bind9 script calls rndc stop and then waits, possibly >>> forever, waiting for it to die. I was expecting the above not to stop >>> the named but to produce errors that would identify the problem. >>> >>> I think you should examine and clean your /etc/bind/ directory as >>> appropriate. From the warning above you have a /etc/bind/rndc.conf >>> that may be causing problems. >>> >>> Bob >> >> If I remove it, rndc does not work at all. >> >> jarif@spitfire:/etc/bind$ sudo mv rndc.conf /tmp/ >> jarif@spitfire:/etc/bind$ sudo rndc reload >> rndc: connection to remote host closed >> This may indicate that >> * the remote server is using an older version of the command protocol, >> * this host is not authorized to connect, >> * the clocks are not synchronized, or >> * the key is invalid. >> jarif@spitfire:/etc/bind$
OK. I did it. I copied
key "rndc-key" {
algorithm hmac-md5;
secret "EfoPh41zkCekeuQxDIBUHA==";
};
from that rndc.conf to rndc.key and removed the rndc.conf
Restarted binf and now all works.
The rndc.conf contained as follows:
# Start of rndc.conf
key "rndc-key" {
algorithm hmac-md5;
secret "EfoPh41zkCekeuQxDIBUHA==";
};
options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};
# End of rndc.conf
>
> After moving that conf file out of the way you should kill the running
> named and then start things up without it.
>
> # ps -e | grep named # Is it running?
> # killall named
> # ps -e | grep named # Verify stopped.
> # service bind9 start
> # ps -e | grep named # Verify running.
>
> At that point I would hope that things would be working.
>
> # service bind9 stop
> # ps -e | grep named # Verify stopped.
> # service bind9 start
> # ps -e | grep named # Verify running.
>
> But perhaps it still won't be working properly. If not then something
> is definitely broken with your installation. I do not have any
> rndc.conf file present on any of my systems and am not emitting that
> error. Therefore something in your configuration is referencing it.
>
> I think it should be possible to debug your problem to root cause.
> But it might be simpler to simply scrape it down to nothing, purge
> everything, and then reinstall it. That should certainly put you back
> into a fully working state. If you have local domains to serve you
> can merge your local configuration back in afterward.
>
> To simply purge and re-install everything. Be sure to copy your local
> changes off first. Not knowing if you have any let me suggest the
> following:
>
> # cp -a /etc/bind /root/bind.save
> # apt-get purge bind9
> # ...manually verify /etc/bind is empty... rm -rf /etc/bind
> # apt-get install bind9
>
> That should make it to be as if the named was installed for the very
> first time without any previously existing configuration. The default
> installation will be a simple caching nameserver suitable for most
> environments. You can then customize it if needed. Your previous
> configuration will be saved for your reference.
>
> Bob
--
Q: What is the difference between Texas and yogurt?
A: Yogurt has culture.
signature.asc
Description: OpenPGP digital signature
