The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Fedora fix for rndc error

Discussion in 'General Discussion' started by bonnmac, Apr 4, 2004.

  1. bonnmac

    bonnmac Well-Known Member

    Joined:
    Apr 26, 2003
    Messages:
    101
    Likes Received:
    0
    Trophy Points:
    16
    I was going nuts trying to figure out the rndc error on a new Fedora box. None of the fixes posted here were working. Here is the fix that worked for me.



    named was running chrooted. This is a install bug in Fedora, the fix for this is to comment out the 'ROOTDIR=' line in /etc/sysconfig/named.

    Hope this saves someone hours of looking like I had to do.
     
  2. SiteShack

    SiteShack Member

    Joined:
    Aug 22, 2003
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    Actually, I found the problem is in the named.conf

    Find this:

    controls {
    inet 127.0.0.1 allow { localhost; } keys { rndckey; };
    };


    Replace to this:

    controls {
    inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };
    };


    then do:

    service named stop

    now start the service:

    service named start

    No more errors about the rndckey.
     
  3. bonnmac

    bonnmac Well-Known Member

    Joined:
    Apr 26, 2003
    Messages:
    101
    Likes Received:
    0
    Trophy Points:
    16
    This has worked on some of my RH boxes, however this was not the case on this Fedora box. My above post is what fixed it.
     
  4. Alterego

    Alterego Member

    Joined:
    Mar 20, 2003
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    1
  5. GOT

    GOT Get Proactive!

    Joined:
    Apr 8, 2003
    Messages:
    900
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Norfolk, VA
    cPanel Access Level:
    DataCenter Provider
    Thank you. This solved my problem today.
     
  6. rhenderson

    rhenderson Well-Known Member

    Joined:
    Apr 21, 2005
    Messages:
    785
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Oklahoma
    cPanel Access Level:
    Root Administrator
    Thank you


    Thaank you, Thank you!!
     
  7. rviradia

    rviradia Well-Known Member

    Joined:
    Jul 25, 2005
    Messages:
    46
    Likes Received:
    0
    Trophy Points:
    6
    Thanks over a year later bonnmac , was racking my brains out, worked like a charm.
     
  8. bijo

    bijo Well-Known Member

    Joined:
    Aug 21, 2004
    Messages:
    475
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    India
    Hello,

    This is not a bug in fedora. The advantage of the chroot feature is that, when ever a hacker enters in to your system through a bind exploit, the hacker's can access only the named files located in the /var/named/chroot directory. He can't access any other files on your system. ;)
     
  9. rviradia

    rviradia Well-Known Member

    Joined:
    Jul 25, 2005
    Messages:
    46
    Likes Received:
    0
    Trophy Points:
    6
    So it it very unsafe to comment this out, if so, how to fix the problem with named, without commenting it out I get:

    root@host [~]# /usr/sbin/rndc reload
    rndc: connection to remote host closed
    This may indicate that the remote server is using an older version of
    the command protocol, this host is not authorized to connect,
    or the key is invalid.

    Thanks

     
  10. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    It's not unsafe. It's just a single layer of security. Bind still uses privelege separation, so the risk is usually acceptable if it gets things working for you. cPanel have improved the support for chroot bind in the CURRENT and EDGE trees so you may be able to revert in the future if you want.
     
  11. gighost

    gighost Member

    Joined:
    Aug 15, 2005
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Bingo we have a winner

    Thanks for the help on this even though I hadnt asked and yes you did save me many hours of racking the brain

    ;)
     
Loading...

Share This Page