[NBLUG/talk] bind9/rndc error upon reload

Sean seanvanco at gmail.com
Wed May 2 16:16:26 PDT 2007


I was able to get the bind daemon and rndc to function by using
modified copies of the configs from my primary server. I still don't
know what caused the problem initially, but turned out to be easily
fixed with this method.


Sean

On 5/1/07, Sean <seanvanco at gmail.com> wrote:
> I am having a problem with Bind9 that I have been working on for some
> time, and it's time to ask for help...
>
> I have two systems, one master and one slave (both running Debian
> 4.0), and it is the master that is having the problem. The primary
> master seems to have no errors, and the zone files seem to get updated
> (I suspect that the problem started sometime after I last started the
> bind service).
>
> Upon issuing the command /etc/init.d/bind9 reload, I get the following error:
>
> Reloading domain name service...: bindrndc: connection to remote host closed
> This may indicate that the remote server is using an older version of
> the command protocol, this host is not authorized to connect,
> or the key is invalid.
>  failed!
>
> I am fairly sure my config files are correct, but just in case the
> relevant portions are listed below. I did regenerate the key using
> rndc-confgen, but it had no effect. I did double check to make sure
> the key was the same for both servers in the named.conf and rndc.key
> files. I also checked file permissions.
>
> Any help will be much appreciated. I've done quite a bit of research
> on the internet, and nothing I've found has helped. The entries listed
> below are the same on both servers.
>
>
> Sean
>
>
> #named.conf:
>
> controls {
>         inet 127.0.0.1 port 953 allow { localhost;
> secondary_server_IP; } keys { rndc.key; };
> };
>
> allow-transfer { secondary_server_IP; };
>
> key "rndc.key" {
>         algorithm hmac-md5;
>         secret "[code removed]";
>
> };
>
>
> #rndc.key
>
> key "rndc.key" {
>         algorithm hmac-md5;
>         secret "[code removed]";
> };
>



More information about the talk mailing list