named fails due to rndckey

Alexander Dalloz ad+lists at uni-x.org
Sun Nov 28 05:14:17 UTC 2004


Am So, den 28.11.2004 schrieb sean darcy um 5:12:

> Just upgraded to fc3, and got the released updates.

> Nov 27 22:39:25 gateway named[13957]: /etc/rndc.key:1: configuring key 
> 'rndckey': bad base64 encoding
> Nov 27 22:39:25 gateway named[13957]: loading configuration: bad base64 
> encoding

> rndc.key doesn't actually have a key:
> 
> cat rndc.key
> key "rndckey" {
>         algorithm       hmac-md5;
>         secret "@KEY@";

There must be a hash for the secret and not such a placeholder.

> Regardless of whetther  this is a bug or a feature, how do I fix this?  
> Googling found  rndc-confgen but I can't figure out how this coordinates 
> with named.

Yes, rndc-confgen is the tool you have to use to create the key file.
Simpler to only generate the value of the key you can use "dns-keygen".
It will simply print out a new random key. Put it into the rndc.key file
where now the @KEY@ appears. Keep care for location when running
bind-chrooted, then the default location is
/var/named/chroot/etc/rndc.key.

It seems to be a bug. The postinstall script of the bind RPM should have
exchanged the placeholder with a key.

> sean

Alexander


-- 
Alexander Dalloz | Enger, Germany | new address - new key: 0xB366A773
legal statement: http://www.uni-x.org/legal.html
Fedora GNU/Linux Core 2 (Tettnang) on Athlon kernel 2.6.9-1.6_FC2smp 
Serendipity 06:14:12 up 8 days, 1:01, load average: 1.28, 1.00, 0.86 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20041128/ab23d6aa/attachment-0001.sig>


More information about the fedora-list mailing list