1

I have installed bind-9.9.4-72 on CentOS 7.6 and everything seems working i can query my local zone and remote address etc. but somehow rndc not working

This is what i did to configure rndc

rndc-confgen > /tmp/rndc.out

and created two files from above output.

rndc.conf

# Start of rndc.conf key "rndc-key" { algorithm hmac-md5; secret "9da1tS0degu3ZfVIVRO/Dg=="; }; options { default-key "rndc-key"; default-server 127.0.0.1; default-port 953; }; # End of rndc.conf

rndc.key 

key "rndc-key" { algorithm hmac-md5; secret "9da1tS0degu3ZfVIVRO/Dg=="; };

named.conf 

 controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; 10.30.0.50;} keys { "rndc-key"; }; }; include "/etc/rndc.key";

Getting following Error

[root@ns1 etc]# rndc status rndc: connection to remote host closed This may indicate that * the remote server is using an older version of the command protocol, * this host is not authorized to connect, * the clocks are not synchronized, * the the key signing algorithm is incorrect, or * the key is invalid.

Detail outout

[root@ns1 etc]# rndc -V status create memory context create socket manager create task manager create task create logging context setting log tag creating log channel enabling log channel create parser get key decode base64 secret status post event using server 127.0.0.1 (127.0.0.1#953) create socket bind socket connect create message render message schedule recv send message rndc: connection to remote host closed

log file..

Dec 18 14:05:34 ns1 named[18947]: invalid command from 127.0.0.1#47203: failure Dec 18 14:05:58 ns1 named[18947]: invalid command from 127.0.0.1#54722: failure Dec 18 14:05:59 ns1 named[18947]: invalid command from 127.0.0.1#32822: failure Dec 18 14:06:03 ns1 named[18947]: invalid command from 127.0.0.1#56079: failure

I have also verified rndc and bind running on same version.

Improve this question

1 Answer 1

Reset to default
3

Solution:

If named cannot find the rndckey in /etc/rndc.key, it will report the error 'rndc: connection to remote host closed'.

When using rndc-confgen -a to create a new rndc key, the new key will be called rndc-key by default. Therefore, the /etc/rndc.key file will need to be edited and the key name changed to rndckey ( remove any - ) for the sake of named. Likewise the command:

rndc-confgen -a -k rndckey

make sure /etc/rndc.key is a soft link to /var/named/chroot/etc/rndc.key

ln -s /var/named/chroot/etc/rndc.key /etc/.

[root@ns1 etc]# rndc status version: 9.9.4-RedHat-9.9.4-72.el7 <id:8f9657aa> CPUs found: 2 worker threads: 2 UDP listeners per interface: 2 number of zones: 208 debug level: 0 xfers running: 0 xfers deferred: 0 soa queries in progress: 0 query logging is ON recursive clients: 0/0/1000 tcp clients: 0/100 server is up and running
Improve this answer
1
  • I had the error invalid command from 127.0.0.1#47119: failure and your clue about the key was right. My use case is Virtualmin with cluster slave servers running on Ubuntu and after a stock install I got that error. The commands to check rndc helped a lot. The solution was change algorithm from hmac-sha256; to hmac-md5; Commented Apr 15, 2023 at 4:14

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.