[sf-lug] bindrndc
Rick Moen
rick at linuxmafia.com
Mon May 14 22:15:57 PDT 2007
I wrote:
> Cutting to the chase, installation of my BIND9 package -- and presumably
> yours -- had not run the utility required to generate that keypair. So,
> rndc was inherently unable to authenticate. Therefore, it couldn't
> issue the command to stop that is part of the reload instruction.
Oh, and, as Michael suggests, one additional way I _could_ have been a
doofus, but thankfully didn't manage, would have been to firewall off
port 953/tcp even from localhost. Don't do that. ;->
This article tells more, including the older, more-fussy method of
writing a /etc/bind/rndc.conf configuration file -- as opposed to the
newer method of just running rndc-confgen to generate /etc/bind/rndc.key,
detailed in a series of comments below the article (and in my earlier
posting here):
http://www.debian-administration.org/articles/343
More information about the sf-lug
mailing list