Fedora fix for rndc error

[bonnmac]

I was going nuts trying to figure out the rndc error on a new Fedora box. None of the fixes posted here were working. Here is the fix that worked for me.



named was running chrooted. This is a install bug in Fedora, the fix for this is to comment out the 'ROOTDIR=' line in /etc/sysconfig/named.

Hope this saves someone hours of looking like I had to do.

[SiteShack]

Actually, I found the problem is in the named.conf

Find this:

controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};


Replace to this:

controls {
inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };
};


then do:

service named stop

now start the service:

service named start

No more errors about the rndckey.

[bonnmac]

This has worked on some of my RH boxes, however this was not the case on this Fedora box. My above post is what fixed it.

Originally posted by SiteShack
Actually, I found the problem is in the named.conf

Find this:

controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};


Replace to this:

controls {
inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };
};


then do:

service named stop

now start the service:

service named start

No more errors about the rndckey.

[Alterego]

thanks for the heads up. That fixed an issue I had; although I had changed all instances of rndc-key to rndc.key previously, I had missed that important entry. Not bind starts up with all zones and no errors.

Also, found this thread helpful:
http://forums.cpanel.net/showthread....ht=reverse+ptr

[GOT]

Thank you. This solved my problem today.

[rhenderson]

I was going nuts trying to figure out the rndc error on a new Fedora box. None of the fixes posted here were working. Here is the fix that worked for me.



named was running chrooted. This is a install bug in Fedora, the fix for this is to comment out the 'ROOTDIR=' line in /etc/sysconfig/named.

Hope this saves someone hours of looking like I had to do.

Thaank you, Thank you!!

[rviradia]

Thanks over a year later bonnmac , was racking my brains out, worked like a charm.

[bijo]

I was going nuts trying to figure out the rndc error on a new Fedora box. None of the fixes posted here were working. Here is the fix that worked for me.
named was running chrooted. This is a install bug in Fedora, the fix for this is to comment out the 'ROOTDIR=' line in /etc/sysconfig/named.
Hope this saves someone hours of looking like I had to do.

Hello,

This is not a bug in fedora. The advantage of the chroot feature is that, when ever a hacker enters in to your system through a bind exploit, the hacker's can access only the named files located in the /var/named/chroot directory. He can't access any other files on your system.

[rviradia]

So it it very unsafe to comment this out, if so, how to fix the problem with named, without commenting it out I get:

root@host [~]# /usr/sbin/rndc reload
rndc: connection to remote host closed
This may indicate that the remote server is using an older version of
the command protocol, this host is not authorized to connect,
or the key is invalid.

Thanks

Hello,

This is not a bug in fedora. The advantage of the chroot feature is that, when ever a hacker enters in to your system through a bind exploit, the hacker's can access only the named files located in the /var/named/chroot directory. He can't access any other files on your system.

[chirpy]

It's not unsafe. It's just a single layer of security. Bind still uses privelege separation, so the risk is usually acceptable if it gets things working for you. cPanel have improved the support for chroot bind in the CURRENT and EDGE trees so you may be able to revert in the future if you want.

[gighost]

Thanks for the help on this even though I hadnt asked and yes you did save me many hours of racking the brain