bind9 / rndc questions

Daniel J. Luke dluke at geeklair.net
Wed Jan 5 08:09:30 PST 2011 

On Jan 4, 2011, at 7:16 PM, William H. Magill wrote:
> 
> The saga continues.... This is my first crack at rndc under Bind 9 and never used ndc under BInd 8...
> 
> I've run ">sudo rndc-confgen -a"

that would have created /opt/local/etc/rndc.conf (and rndc would just work for you).

> The /opt/local/etc/rndc.key file contains:
> -------------------------<cut here>----------
> key "rndc-key" {
>        algorithm hmac-md5;
>        secret "stuff";
> };
> -------------------------<cut here>----------
> 
> Then I run and get:
> -------------------------<cut here>----------
>> sudo named-checkconf named.conf
> /opt/local/etc/rndc.key:1: unknown option 'key'
> -------------------------<cut here>----------
> 
> My named.conf has the following controls section:
> -------------------------<cut here>----------
> controls {
>        unix "/opt/local/var/named/ndc" perm 0660 owner 0 group 0;
> 
> // --------------------------------------------------------------------                                                                                                      
> // Define the rndc key for rndc command. Use "rndc-confgen -a -b 512"                                                                                                        
> // to create a new key                                                                                                                                                       
> // --------------------------------------------------------------------                                                                                                      
> 
> include "/opt/local/etc/rndc.key";
> 
> // ------------------------------------------------------------------------                                                                                                  
> // Only allow localhost access from rndc                                                                                                                                     
> // ------------------------------------------------------------------------                                                                                                  
> 	inet 127.0.0.1 port 953
> 	allow { 127.0.0.1; } keys { "rndc-key"; };
> };
> -------------------------<cut here>----------
> 
> If I delete the "include"
> 
> I get:
> -------------------------<cut here>--------------
>> sudo named-checkconf named.conf
> named.conf:87: unknown key 'rndc-key'
> -------------------------<cut here>---------------
> 
> I'm obviously not understanding something here.

the example rndc-confgen prints when you don't use '-a' looks like yours except without using the 'include' (but including the contents from rndc.conf in the named.conf, you could try that...

--
Daniel J. Luke                                                                   
+========================================================+                        
| *---------------- dluke at geeklair.net ----------------* |                          
| *-------------- http://www.geeklair.net -------------* |                          
+========================================================+                        
|   Opinions expressed are mine and do not necessarily   |                          
|          reflect the opinions of my employer.          |                          
+========================================================+

More information about the macports-users mailing list