13.9.2011 18:53, Bob Proulx kirjoitti:
> Jari Fredriksson wrote:
>> 13.9.2011 7:01, Bob Proulx kirjoitti:
>>> Jari Fredriksson wrote:
>>>> jarif@spitfire:~$ sudo rndc stop
>>>> WARNING: key file (/etc/bind/rndc.key) exists, but using default
>>>> configuration file (/etc/bind/rndc.conf)
>>>
>>> That should not produce that warning. A default installation does not
>>> have the file /etc/bind/rndc.conf present. Do you have it? Where did
>>> it come from? Try moving it out of the way.
>>>
>>>> And, it stopped immediately! This is strange, why does it not stop when
>>>> rebooting...
>>>
>>> I expected that it would fail and not stop the named. The
>>> /etc/init.d/bind9 script calls rndc stop and then waits, possibly
>>> forever, waiting for it to die. I was expecting the above not to stop
>>> the named but to produce errors that would identify the problem.
>>>
>>> I think you should examine and clean your /etc/bind/ directory as
>>> appropriate. From the warning above you have a /etc/bind/rndc.conf
>>> that may be causing problems.
>>>
>>> Bob
>>
>> If I remove it, rndc does not work at all.
>>
>> jarif@spitfire:/etc/bind$ sudo mv rndc.conf /tmp/
>> jarif@spitfire:/etc/bind$ sudo rndc reload
>> rndc: connection to remote host closed
>> This may indicate that
>> * the remote server is using an older version of the command protocol,
>> * this host is not authorized to connect,
>> * the clocks are not synchronized, or
>> * the key is invalid.
>> jarif@spitfire:/etc/bind$
OK. I did it. I copied
key "rndc-key" {
algorithm hmac-md5;
secret "EfoPh41zkCekeuQxDIBUHA==";
};
from that rndc.conf to rndc.key and removed the rndc.conf
Restarted binf and now all works.
The rndc.conf contained as follows:
# Start of rndc.conf
key "rndc-key" {
algorithm hmac-md5;
secret "EfoPh41zkCekeuQxDIBUHA==";
};
options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};
# End of rndc.conf
>
> After moving that conf file out of the way you should kill the running
> named and then start things up without it.
>
> # ps -e | grep named # Is it running?
> # killall named
> # ps -e | grep named # Verify stopped.
> # service bind9 start
> # ps -e | grep named # Verify running.
>
> At that point I would hope that things would be working.
>
> # service bind9 stop
> # ps -e | grep named # Verify stopped.
> # service bind9 start
> # ps -e | grep named # Verify running.
>
> But perhaps it still won't be working properly. If not then something
> is definitely broken with your installation. I do not have any
> rndc.conf file present on any of my systems and am not emitting that
> error. Therefore something in your configuration is referencing it.
>
> I think it should be possible to debug your problem to root cause.
> But it might be simpler to simply scrape it down to nothing, purge
> everything, and then reinstall it. That should certainly put you back
> into a fully working state. If you have local domains to serve you
> can merge your local configuration back in afterward.
>
> To simply purge and re-install everything. Be sure to copy your local
> changes off first. Not knowing if you have any let me suggest the
> following:
>
> # cp -a /etc/bind /root/bind.save
> # apt-get purge bind9
> # ...manually verify /etc/bind is empty... rm -rf /etc/bind
> # apt-get install bind9
>
> That should make it to be as if the named was installed for the very
> first time without any previously existing configuration. The default
> installation will be a simple caching nameserver suitable for most
> environments. You can then customize it if needed. Your previous
> configuration will be saved for your reference.
>
> Bob
--
Q: What is the difference between Texas and yogurt?
A: Yogurt has culture.
Attachment:
signature.asc
Description: OpenPGP digital signature