我已经安装bind-9.9.4-72在 CentOS 7.6 上,一切似乎都正常工作,我可以查询我的本地区域和远程地址等,但不知何故rndc不工作
这就是我所做的配置rndc
rndc-confgen > /tmp/rndc.out
并根据上面的输出创建了两个文件。
rndc.conf
# Start of rndc.conf
key "rndc-key" {
algorithm hmac-md5;
secret "9da1tS0degu3ZfVIVRO/Dg==";
};
options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};
# End of rndc.conf
rndc.key
key "rndc-key" {
algorithm hmac-md5;
secret "9da1tS0degu3ZfVIVRO/Dg==";
};
命名配置文件
controls {
inet 127.0.0.1 port 953 allow { 127.0.0.1; 10.30.0.50;} keys { "rndc-key"; };
};
include "/etc/rndc.key";
出现以下错误
[root@ns1 etc]# rndc status
rndc: connection to remote host closed
This may indicate that
* the remote server is using an older version of the command protocol,
* this host is not authorized to connect,
* the clocks are not synchronized,
* the the key signing algorithm is incorrect, or
* the key is invalid.
详细输出
[root@ns1 etc]# rndc -V status
create memory context
create socket manager
create task manager
create task
create logging context
setting log tag
creating log channel
enabling log channel
create parser
get key
decode base64 secret
status
post event
using server 127.0.0.1 (127.0.0.1#953)
create socket
bind socket
connect
create message
render message
schedule recv
send message
rndc: connection to remote host closed
日志档案..
Dec 18 14:05:34 ns1 named[18947]: invalid command from 127.0.0.1#47203: failure
Dec 18 14:05:58 ns1 named[18947]: invalid command from 127.0.0.1#54722: failure
Dec 18 14:05:59 ns1 named[18947]: invalid command from 127.0.0.1#32822: failure
Dec 18 14:06:03 ns1 named[18947]: invalid command from 127.0.0.1#56079: failure
我还验证了 rndc 和 bind 在同一版本上运行。
答案1
解决方案:
如果named在/etc/rndc.key中找不到rndckey,它将报告error 'rndc: connection to remote host closed'.
当使用rndc-confgen -a创建新的rndc密钥时,新密钥默认称为rndc-key。因此,/etc/rndc.key需要编辑该文件并将密钥名称更改为密钥(删除任何-)为了命名。同样的命令:
rndc-confgen -a -k rndckey
确保/etc/rndc.key是一个软链接/var/named/chroot/etc/rndc.key
ln -s /var/named/chroot/etc/rndc.key /etc/.
[root@ns1 etc]# rndc status
version: 9.9.4-RedHat-9.9.4-72.el7 <id:8f9657aa>
CPUs found: 2
worker threads: 2
UDP listeners per interface: 2
number of zones: 208
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is ON
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running