Problem with bind and or dns cluster

[tomdchi]

I recently upgraded several of our servers to 11.32.2 and I am running Centos 6.2. On one of the servers when I edit dns zones I get the error:

Bind reloading on rps-server using rndc: WARNING: key file (/etc/rndc.key) exists, but using default configuration file (/etc/rndc.conf)
rndc: connect failed: 127.0.0.1#953: connection refused
Error reloading bind on rps-server: WARNING: key file (/etc/rndc.key) exists, but using default configuration file (/etc/rndc.conf)
rndc: connect failed: 127.0.0.1#953: connection refused

We use seperate dns servers so bind is disabled on all of our hosting servers. This only occurs on one of several servers that all use the same OS and WHM version.

Anyone know how to fix this? Is it any cause for concern?

 

[mohitmoudgil]

Same issue here. Looking for solution

 

[feijao]

Yes, We also have the exact same problem with a CentOS 5.8.

/scripts/fixndc did't fixed it too - I get no output from it.

 

[kalid]

Any solution..?

 

[mikelegg]

The same thing is happening on all of our 11.32.2 cPanel servers.

It's not actually a problem because the real nameservers are still being updated - it's just that cPanel is trying to update a local DNS server that is disabled. It is disconcerting to see an error message every time you edit a DNS zone though.

 

[rustamt]

I resolved this problem by deleting the file /etc/binddisable, it appear to cause this problem and I see no such file on the newly installed servers with CloudLinux 6.x and cPanel 11.32.2.

 

[Michael-MS]

I resolved this problem by deleting the file /etc/binddisable, it appear to cause this problem and I see no such file on the newly installed servers with CloudLinux 6.x and cPanel 11.32.2.

I have this same problem on a brand new server. All I did was enable DNS cluster and now I get the same error in the OP. I have a ticket open for it, and the cPanel tech said it's because the clustering wasn't setup properly. I don't remember this ever being an issue in the past and the /scripts/rndcfix used to always fix it. Is the new solution just to delete the binddisable file???

 

[JnB]

I have the same issue. Installed tuesday en set up the clustering yesterdag.

The /etc/binddisable file isn't there so any more idea's ?

 

[NetMantis]

It's a security related warning. It means your DNS is partially default config which means it may be possible for someone out there to compromise or gain access to the control side of your DNS server.

You need a unique key generated that isn't the standard unconfigured Bind 'default' installation.

That's basically it!

Your DNS should still function normally even with the current security warning messages and without you really needing to do anything at all whatsoever and you could just simply choose to ignore the messages but anyone with knowledge of the default configuration for bind might be able to make use of that knowledge for nefarious purposes and that in itself is the reason why the newer versions are issuing the alert.