BIND 9 rndc hints (was: [rescue] Tricking DNS)

Bill Bradford rescue at sunhelp.org
Mon Oct 22 12:15:35 CDT 2001 

On Mon, Oct 22, 2001 at 12:59:35PM -0400, Loomis, Rip wrote:
> 3.1	Create a configuration file for rndc to hold the required,
> shared secret key.  The default location for the rndc configuration
> file is /etc/rndc.conf (or /usr/local/etc/rndc.conf depending
> on the options passed to configure)
> 
> A sample minimal rndc configuration file is as follows:
>   key rndc_key {
>     algorithm "hmac-md5";
>     secret "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9y
>         GEgd29tYW4K";
>   };
>   options {
>     default-server localhost;
>     default-key rndc_key;
>   };
> 
> 3.2	Modify the named.conf file to use the shared secret key, by
> adding a new "control" directive.
>   controls {
>     inet 127.0.0.1 allow { localhost; } keys { rndc key; }
>   };
>   key rndc_key {
>     algorithm "hmac-md5";
>     secret "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9y          
>         IGEgd29tYW4K";
>   };

Tried this.  Didnt work.  Here's /var/adm/messages:

Oct 22 12:12:37 ohno.mrbill.net /usr/local/sbin/named[1732]: [ID 866145 daemon.notice] starting BIND 9.1.3
Oct 22 12:12:37 ohno.mrbill.net /usr/local/sbin/named[1732]: [ID 866145 daemon.error] /etc/named.conf:8: parse error near }
Oct 22 12:12:37 ohno.mrbill.net /usr/local/sbin/named[1732]: [ID 866145 daemon.crit] loading configuration: failure
Oct 22 12:12:37 ohno.mrbill.net /usr/local/sbin/named[1732]: [ID 866145 daemon.crit] exiting (due to fatal error)

Here's the relevant section of my /etc/named.conf:

options { 
        directory "/var/named"; 
        auth-nxdomain yes; 
};

COntrols {                                                                    
        inet 127.0.0.1 allow { localhost; } keys { rndc_key; }
};                                                                            

key rndc_key { 
        algorithm "hmac-md5";
        secret "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";
};                                                                            

and here's the /etc/rndc.conf:

key rndc_key {                                                                
    algorithm "hmac-md5";                                                       
    secret "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9y                    
        GEgd29tYW4K";                                                           
};                                                                            
options {                                                                     
    default-server localhost;                                                   
    default-key rndc_key;                                                       
};                                                                            

Suggestions?  Once I can get this working, I can generate a key for the box..

Bill

-- 
Bill Bradford
mrbill at mrbill.net
Austin, TX

More information about the rescue mailing list