[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bind does not die

13.9.2011 18:53, Bob Proulx kirjoitti:
> Jari Fredriksson wrote:
>> 13.9.2011 7:01, Bob Proulx kirjoitti:
>>> Jari Fredriksson wrote:
>>>> jarif@spitfire:~$ sudo rndc stop
>>>> WARNING: key file (/etc/bind/rndc.key) exists, but using default
>>>> configuration file (/etc/bind/rndc.conf)
>>> That should not produce that warning.  A default installation does not
>>> have the file /etc/bind/rndc.conf present.  Do you have it?  Where did
>>> it come from?  Try moving it out of the way.
>>>> And, it stopped immediately! This is strange, why does it not stop when
>>>> rebooting...
>>> I expected that it would fail and not stop the named.  The
>>> /etc/init.d/bind9 script calls rndc stop and then waits, possibly
>>> forever, waiting for it to die.  I was expecting the above not to stop
>>> the named but to produce errors that would identify the problem.
>>> I think you should examine and clean your /etc/bind/ directory as
>>> appropriate.  From the warning above you have a /etc/bind/rndc.conf
>>> that may be causing problems.
>>> Bob
>> If I remove it, rndc does not work at all.
>> jarif@spitfire:/etc/bind$ sudo mv rndc.conf /tmp/
>> jarif@spitfire:/etc/bind$ sudo rndc reload
>> rndc: connection to remote host closed
>> This may indicate that
>> * the remote server is using an older version of the command protocol,
>> * this host is not authorized to connect,
>> * the clocks are not synchronized, or
>> * the key is invalid.
>> jarif@spitfire:/etc/bind$

OK. I did it. I copied

key "rndc-key" {
        algorithm hmac-md5;
        secret "EfoPh41zkCekeuQxDIBUHA==";

from that rndc.conf to rndc.key and removed the rndc.conf

Restarted binf and now all works.

The rndc.conf contained as follows:

# Start of rndc.conf
key "rndc-key" {
        algorithm hmac-md5;
        secret "EfoPh41zkCekeuQxDIBUHA==";

options {
        default-key "rndc-key";
        default-port 953;
# End of rndc.conf

> After moving that conf file out of the way you should kill the running
> named and then start things up without it.
>   # ps -e | grep named  # Is it running?
>   # killall named
>   # ps -e | grep named  # Verify stopped.
>   # service bind9 start
>   # ps -e | grep named  # Verify running.
> At that point I would hope that things would be working.
>   # service bind9 stop
>   # ps -e | grep named  # Verify stopped.
>   # service bind9 start
>   # ps -e | grep named  # Verify running.
> But perhaps it still won't be working properly.  If not then something
> is definitely broken with your installation.  I do not have any
> rndc.conf file present on any of my systems and am not emitting that
> error.  Therefore something in your configuration is referencing it.
> I think it should be possible to debug your problem to root cause.
> But it might be simpler to simply scrape it down to nothing, purge
> everything, and then reinstall it.  That should certainly put you back
> into a fully working state.  If you have local domains to serve you
> can merge your local configuration back in afterward.
> To simply purge and re-install everything.  Be sure to copy your local
> changes off first.  Not knowing if you have any let me suggest the
> following:
>   # cp -a /etc/bind /root/bind.save
>   # apt-get purge bind9
>   # ...manually verify /etc/bind is empty...  rm -rf /etc/bind
>   # apt-get install bind9
> That should make it to be as if the named was installed for the very
> first time without any previously existing configuration.  The default
> installation will be a simple caching nameserver suitable for most
> environments.  You can then customize it if needed.  Your previous
> configuration will be saved for your reference.
> Bob


Q:	What is the difference between Texas and yogurt?
A:	Yogurt has culture.

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: