• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

[SOLVED] Bind 9.11_1 in PfSense 2.3.3 Problems for generate RNDC-KEY

Scheduled Pinned Locked Moved DHCP and DNS
6 Posts 4 Posters 2.8k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • L
    luciano_frc
    last edited by Feb 27, 2017, 8:44 PM Feb 27, 2017, 3:26 PM

    If you do not generate the RNDC key
    I get the following result in SSH

    
    [2.3.3-RELEASE][root@ns.vnet]/root: rndc status
    rndc: neither /usr/local/etc/namedb/rndc.conf nor /usr/local/etc/namedb/rndc.key was found
    [2.3.3-RELEASE][root@ns.vnet]/root: 
    
    

    I generated the key using the following command

    'rndc-confgen -a' to generate the proper conf file, with a new   *
    *            random key, and appropriate file permissions. 
    

    As described here

    
    **********************************************************************
    *            _  _____ _____ _____ _   _ _____ ___ ___  _   _         *
    *           / \|_   _|_   _| ____| \ | |_   _|_ _/ _ \| \ | |        *
    *          / _ \ | |   | | |  _| |  \| | | |  | | | | |  \| |        *
    *         / ___ \| |   | | | |___| |\  | | |  | | |_| | |\  |        *
    *        /_/   \_\_|   |_| |_____|_| \_| |_| |___\___/|_| \_|        *
    *                                                                    *
    *   BIND requires configuration of rndc, including a "secret" key.   *
    *    The easiest, and most secure way to configure rndc is to run    *
    *   'rndc-confgen -a' to generate the proper conf file, with a new   *
    *            random key, and appropriate file permissions.           *
    *                                                                    *
    *     The /usr/local/etc/rc.d/named script will do that for you.     *
    *                                                                    *
    **********************************************************************
    
    

    Follows the command output at the terminal

    
    [2.3.3-RELEASE][root@ns.vnet]/root: rndc-confgen -a
    wrote key file "/usr/local/etc/namedb/rndc.key"
    [2.3.3-RELEASE][root@ns.vnet]/root: 
    
    

    I tested the connection with the RNDC Status command

    
    [2.3.3-RELEASE][root@ns.vnet]/root: rndc status
    rndc: connection to remote host closed
    This may indicate that
    * the remote server is using an older version of the command protocol,
    * this host is not authorized to connect,
    * the clocks are not synchronized,
    * the key signing algorithm is incorrect, or
    * the key is invalid.
    [2.3.3-RELEASE][root@ns.vnet]/root: 
    
    

    At this point I know I need to just put the key generated by rndc-confgen -a in the named.conf file
    And here is the big problem
    I have two named.conf files
    One is in chroot And should not be edited, look

    And another named.conf in /usr/local/etc/namedb/named.conf look this original file in http://txt.do/d138n

    I do not know where to enter rndc-key

    UPDATE*

    I was looking at the named file
    Which is in
    /usr/local/etc/rc.d/named
    I saw that there is a line talking about rndc

    
    	# Create an rndc.key file for the user if none exists
    	#
    	confgen_command="${_named_program_root}/sbin/rndc-confgen -a -b256 -u ${named_uid} \
    	    -c ${_named_confdir}/rndc.key"
    	if [ -s "${_named_confdir}/rndc.conf" ]; then
    		unset confgen_command
    	fi
    	if [ -s "${_named_confdir}/rndc.key" ]; then
    		case `stat -f%Su ${_named_confdir}/rndc.key` in
    		root|${named_uid}) ;;
    		*) ${confgen_command} ;;
    		esac
    	else
    		${confgen_command}
    	fi
    
    

    I also noticed that even deleting the named.conf and rndc.conf files from the / cf / directory which is the bind chroot
    They are recreated again, but the rndc key is not the same as that generated with rndc-confgen -a
    So rdnc can not connect and so the above errors
    In this script would it be possible for me to tell him where he should get the rndc.conf files and the key?
    Sorry for my ignorance, but really I am not aware enough for this change.
    And I appreciate all the help

    1 Reply Last reply Reply Quote 0
    • L
      luciano_frc
      last edited by Feb 27, 2017, 6:38 PM

      This script that starts bind http://pasted.co/3bc490e3
          I would like it not to replace the rndc.conf and rndc.key files
          But I do not know how to do it, would it be possible to help in this matter?
          I just need it

      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned
        last edited by Feb 27, 2017, 8:24 PM

        There is a GUI for BIND. Using BIND in a way you are attempting to do is completely unsupported.

        1 Reply Last reply Reply Quote 0
        • L
          luciano_frc
          last edited by Feb 27, 2017, 8:49 PM Feb 27, 2017, 8:44 PM

          thanks for the feedback
          But already solved

          Next step
          Do nsupdate update an A zone
          Or make the RFC2136 work in my PfSense 2.3.3

          1 Reply Last reply Reply Quote 0
          • S
            SBW1
            last edited by Feb 6, 2020, 6:10 PM

            How did you solve this? I am having the same problems.

            1 Reply Last reply Reply Quote 0
            • K
              kiokoman LAYER 8
              last edited by Feb 6, 2020, 7:20 PM

              the solution is in your 3d, it's almost a year that this ppl do not log on the forum.

              ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
              Please do not use chat/PM to ask for help
              we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
              Don't forget to Upvote with the 👍 button for any post you find to be helpful.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                This community forum collects and processes your personal information.
                consent.not_received