[sf-lug] bindrndc

Rick Moen rick at linuxmafia.com
Mon May 14 22:15:57 PDT 2007


I wrote:

> Cutting to the chase, installation of my BIND9 package -- and presumably
> yours -- had not run the utility required to generate that keypair.  So,
> rndc was inherently unable to authenticate.  Therefore, it couldn't
> issue the command to stop that is part of the reload instruction.

Oh, and, as Michael suggests, one additional way I _could_ have been a
doofus, but thankfully didn't manage, would have been to firewall off
port 953/tcp even from localhost.  Don't do that.  ;->

This article tells more, including the older, more-fussy method of
writing a /etc/bind/rndc.conf configuration file -- as opposed to the
newer method of just running rndc-confgen to generate /etc/bind/rndc.key, 
detailed in a series of comments below the article (and in my earlier
posting here):

http://www.debian-administration.org/articles/343





More information about the sf-lug mailing list