Grokbase Groups CentOS centos July 2012
FAQ
Hello Mates,

I just reciently updated BIND on my CentOS 6.2 (don't remember which
version) but now I am using version: BIND version 9.8.2

The packages I have:
bind
bind-libs
bind-chroot
bind-utils
bind-devel


First of all, doing "service named status" it throws me:
WARNING: key file (/etc/rndc.key) exists, but using default configuration
file (/etc/rndc.conf)
rndc: connection to remote host closed
This may indicate that
* the remote server is using an older version of the command protocol,
* this host is not authorized to connect,
* the clocks are not synchronized, or
* the key is invalid.

After a Google search I found:

to remove rdnc.key and it was suppose to be working ok. and I chown
named:named the file /etc/named.conf, now if I do "service named status"
it throws me:
version: 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.1
CPUs found: 4
worker threads: 4
number of zones: 17
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
named (pid 1456) is running...

The thing is, whenever I want to check the domain name on intoDNS.com
service it says:
ERROR: One or more of your nameservers did not respond:
The ones that did not respond are:

and it show boths are bad, I thought may be a delay on propagate, but now I
have 2 hours waiting and still nothing. Any help?

Here is the /var/log/messages
Jul 25 00:17:57domain named[1456]: automatic empty zone: B.E.F.IP6.ARPA
Jul 25 00:17:57 domain named[1456]: automatic empty zone:
8.B.D.0.1.0.0.2.IP6.ARPA
Jul 25 00:17:57 domain named[1456]: command channel listening on
127.0.0.1#953
Jul 25 00:17:57 domain named[1456]: command channel listening on ::1#953
Jul 25 00:17:57 domain named[1456]: zone domain.info/IN: loaded serial
1343174545
Jul 25 00:17:57domain named[1456]: managed-keys-zone ./IN: loaded serial 3
Jul 25 00:17:57 domain named[1456]: running
Jul 25 00:17:57 domain named[1456]: zone domain/IN: sending notifies
(serial 1343174545)
Jul 25 00:17:57domain xinetd[1494]: xinetd Version 2.3.14 started with
libwrap loadavg labeled-networking options compiled in.
Jul 25 00:17:57 domainxinetd[1494]: Started working: 0 available services


P.S. I've tried removing the packages , reinstalling, stop using chroot,
etc.
--
Carlos Sura.-
www.carlossura.com

Search Discussions

  • Winter at Jul 24, 2012 at 9:35 pm

    On 7/24/2012 8:47 PM, Carlos Sura wrote:
    Hello Mates,

    I just reciently updated BIND on my CentOS 6.2 (don't remember which
    version) but now I am using version: BIND version 9.8.2
    Hello Carlos,

    When named is running:

    - Is port 53 listening?
    - Can you telnet into that port from another server?
    - Can you lookup (dig) your own domain or a remote domain from the server?
    - Were either xinetd or iptables updated or changed?


    W.
  • Carlos Sura at Jul 24, 2012 at 10:30 pm


    Hello Carlos,

    When named is running:

    - Is port 53 listening?
    - Can you telnet into that port from another server?
    - Can you lookup (dig) your own domain or a remote domain from the server?
    - Were either xinetd or iptables updated or changed?


    W.
    _______________________________________________
    CentOS mailing list
    CentOS at centos.org
    http://lists.centos.org/mailman/listinfo/centos

    Hi Winter, I really appreciate your answer.

    Yes, port 53 is listening on configuration and with netstat -atpn | grep -E
    ":953|:53" it shows named.
    Yes I can telnet from another server the port 53
    Well, this is what I get from dig
    ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.1 <<>> -x domain.com
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 32863
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

    ;; QUESTION SECTION:
    ;icom.domain.in-addr.arpa. IN PTR

    ;; AUTHORITY SECTION:
    in-addr.arpa. 1800 IN SOA b.in-addr-servers.arpa. nstld.iana.org.
    2011026079 1800 900 604800 3600

    ;; Query time: 51 msec
    ;; SERVER: 8.8.8.8#53(8.8.8.8)
    ;; WHEN: Wed Jul 25 02:28:44 2012
    ;; MSG SIZE rcvd: 121


    Iptables is deactivated and I have made: chkconfig iptables off and
    restarted to see if it works, and produces the same.
    --
    Carlos Sura.-
    www.carlossura.com
  • Carlos Sura at Jul 24, 2012 at 11:25 pm
    Ok,

    Here is the update:

    I deleted the line: ROOTDIR="/var/named/chroot"

    on /etc/sysconfig/named

    restarted named and now, it shows me:

    WARNING: key file (/etc/rndc.key) exists, but using default configuration
    file (/etc/rndc.conf)
    rndc: connection to remote host closed
    This may indicate that
    * the remote server is using an older version of the command protocol,
    * this host is not authorized to connect,
    * the clocks are not synchronized, or
    * the key is invalid.
    named (pid 3442) is running..

    but, after this, the Nameservers and DNS are working and solving.

    Anything to fix those awful messages?


    --
    Carlos Sura.-
    www.carlossura.com
  • Winter at Jul 25, 2012 at 2:14 pm

    but, after this, the Nameservers and DNS are working and solving.

    Anything to fix those awful messages?
    Hello again,


    I.
    Does your named.conf contain an entry for rndc-key?

    Along the lines of:

    key "rndc-key" {
    algorithm hmac-md5;
    secret "<insert hash here>";
    };


    II.
    Does rndc.conf have contain:

    key "rndc-key" {
    algorithm hmac-md5;
    secret "<same hash as named.conf entry";
    };

    options {
    default-key "rndc-key";
    default-server 127.0.0.1;
    default-port 953;
    };


    Basically do the rndc secrets in named.conf and rndc.conf match?

    I don't believe it's necessary to have an rndc.conf file and an rndc.key
    file. Just the .conf will do.

    And the time is correct on the server? :)


    W.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupcentos @
categoriescentos
postedJul 24, '12 at 8:47p
activeJul 25, '12 at 2:14p
posts5
users2
websitecentos.org
irc#centos

2 users in discussion

Carlos Sura: 3 posts Winter: 2 posts

Content

People

Support

Translate

site design / logo © 2023 Grokbase