rndc


 
Thread Tools Search this Thread
Top Forums UNIX for Dummies Questions & Answers rndc
# 1  
Old 03-16-2002
rndc

Ok,
each time i type
rndc reload
I get
rndc: decode base 64 secret: bad64 encoding.

I used dnssec-keygen to encode the actual key what am i doing wrong?

Thanks in advance below are my files i do use a key not just KEY KEY KEY
---AN INCLUDE FILE FOR ----NAMED.CONF
key "rndckey" {
algorithm hmac-md5;
secret "KEY KEY KEY";
};
-----------------
RNDC.CONF-----FILE
key rndc_key {
algorithm hmac-md5;
secret "KEY KEY KEY";
};
options {
default-server localhost;
default-key rndc_key;
};
-------------------------
# 2  
Old 03-18-2002
Ok, i think there is some steps missing. Check with this.

edit /etc/rndc.conf:

Code:
options {
    default-server  localhost;
    default-key     examplekey;
};

server localhost {
    key     examplekey;
};

key examplekey {
    algorithm hmac-md5;
    secret "somesecretkey";
};

/etc/named.conf:

options {
        directory "/etc/namedb";
        notify yes;                     // send NOTIFY messages.
        auth-nxdomain no;               // conform to RFC1035
        allow-recursion { localnets; };
};

controls {
        inet 127.0.0.1 allow { localhost; } keys { examplekey; };
};

key examplekey {
    algorithm hmac-md5;
    secret "somesecretkey";
};

...

I generated the two "secret" lines as recommended in the rndc.conf man page, although I suspect that any string will do.

dnssec-keygen -a hmac-md5 -b 128 -n user rndc

Then edit the file Krndc* and extract the key by hand.

Remember to chmod /etc/rndc.conf and /etc/named.conf to mode 600.
(I think one can use the named include directive to put the secret in some other file and only make the keyfile mode 600)
 
Login or Register to Ask a Question

Previous Thread | Next Thread

1 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Random script error with rndc

Hello coders, been running into an strange behavior into one of my script and i'm wondering if my code wouldn't be responsible. Bash on rhel 5.7 This is a basic check to see if bind is up and running on server. # rndc check INFO="Checking rndc" for DNS_SERVER in ${DNS_MASTER_SERVERS};... (10 Replies)
Discussion started by: maverick72
10 Replies
Login or Register to Ask a Question