[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Missing something
Now that I have a permanent static IP address here in The Back Room(tm),
I'm setting up a primary DNS for my domain. Trouble is, it's been about
three years since I last did this and I've obviously forgotten something
in the initial configuration. This is for RHEL3u2, but the process
should be the same as any BIND9 setup:
(1) Create forward zone file (using redhad-config-bind utility)
(2) Check /etc/named.conf to make sure zone "protogeek.org" is there
(3) Run 'rndc-confgen -a' to create unique /etc/rndc.key file
(4) Run 'chkconfig named on' and 'service named start'
then
(5) Run 'rndc status'
Step (5) gives me the following error message:
rndc: connection to remote host closed
This may indicate that the remote server is using an older version of
the command protocol, this host is not authorized to connect,
or the key is invalid.
I don't buy the first or third suggestions. How do I configure things so
my host is authorized to connect?
My /etc/named.conf reads in part:
zone "protogeek.org" IN {
type master;
file "protogeek.org.zone";
allow-update { none; };
};
include "/etc/rndc.key";
My /etc/rndc.conf reads in part:
options {
default-server localhost;
default-key "rndckey";
};
include "/etc/rndc.key";
And finally, my /etc/rndc.key file contains:
key "rndckey" {
algorithm hmac-md5;
secret "I'll_bet_you_thought_I'd_show_you_this_:-)";
};
I know there was a time when you had to copy the contents of the
/etc/rndc.key file into /etc/rndc.conf as a separate stanza, but
security improvements now allow you to 'include "keyfilespec"'.
Can anybody tell me what's missing?
-- Doc
Robert G. (Doc) Savage, BSE(EE), CISSP, RHCE | Fairview Heights, IL
RHEL3/ESu2 on Tyan S2468UGN w/3G, dual Athlon MP 2800+, 1.1T RAID5
"Perfection is the enemy of good enough."
-- Admiral of the Fleet Sergei G. Gorshkov
-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.