[SOLVED] Bind 9.11_1 in PfSense 2.3.3 Problems for generate RNDC-KEY
-
If you do not generate the RNDC key
I get the following result in SSH[2.3.3-RELEASE][root@ns.vnet]/root: rndc status rndc: neither /usr/local/etc/namedb/rndc.conf nor /usr/local/etc/namedb/rndc.key was found [2.3.3-RELEASE][root@ns.vnet]/root:I generated the key using the following command
'rndc-confgen -a' to generate the proper conf file, with a new * * random key, and appropriate file permissions.As described here
********************************************************************** * _ _____ _____ _____ _ _ _____ ___ ___ _ _ * * / \|_ _|_ _| ____| \ | |_ _|_ _/ _ \| \ | | * * / _ \ | | | | | _| | \| | | | | | | | | \| | * * / ___ \| | | | | |___| |\ | | | | | |_| | |\ | * * /_/ \_\_| |_| |_____|_| \_| |_| |___\___/|_| \_| * * * * BIND requires configuration of rndc, including a "secret" key. * * The easiest, and most secure way to configure rndc is to run * * 'rndc-confgen -a' to generate the proper conf file, with a new * * random key, and appropriate file permissions. * * * * The /usr/local/etc/rc.d/named script will do that for you. * * * **********************************************************************Follows the command output at the terminal
[2.3.3-RELEASE][root@ns.vnet]/root: rndc-confgen -a wrote key file "/usr/local/etc/namedb/rndc.key" [2.3.3-RELEASE][root@ns.vnet]/root:I tested the connection with the RNDC Status command
[2.3.3-RELEASE][root@ns.vnet]/root: rndc status rndc: connection to remote host closed This may indicate that * the remote server is using an older version of the command protocol, * this host is not authorized to connect, * the clocks are not synchronized, * the key signing algorithm is incorrect, or * the key is invalid. [2.3.3-RELEASE][root@ns.vnet]/root:At this point I know I need to just put the key generated by rndc-confgen -a in the named.conf file
And here is the big problem
I have two named.conf files
One is in chroot And should not be edited, look
And another named.conf in /usr/local/etc/namedb/named.conf look this original file in http://txt.do/d138nI do not know where to enter rndc-key
UPDATE*
I was looking at the named file
Which is in
/usr/local/etc/rc.d/named
I saw that there is a line talking about rndc# Create an rndc.key file for the user if none exists # confgen_command="${_named_program_root}/sbin/rndc-confgen -a -b256 -u ${named_uid} \ -c ${_named_confdir}/rndc.key" if [ -s "${_named_confdir}/rndc.conf" ]; then unset confgen_command fi if [ -s "${_named_confdir}/rndc.key" ]; then case `stat -f%Su ${_named_confdir}/rndc.key` in root|${named_uid}) ;; *) ${confgen_command} ;; esac else ${confgen_command} fiI also noticed that even deleting the named.conf and rndc.conf files from the / cf / directory which is the bind chroot
They are recreated again, but the rndc key is not the same as that generated with rndc-confgen -a
So rdnc can not connect and so the above errors
In this script would it be possible for me to tell him where he should get the rndc.conf files and the key?
Sorry for my ignorance, but really I am not aware enough for this change.
And I appreciate all the help -
This script that starts bind http://pasted.co/3bc490e3
I would like it not to replace the rndc.conf and rndc.key files
But I do not know how to do it, would it be possible to help in this matter?
I just need it -
There is a GUI for BIND. Using BIND in a way you are attempting to do is completely unsupported.
-
thanks for the feedback
But already solved
Next step
Do nsupdate update an A zone
Or make the RFC2136 work in my PfSense 2.3.3 -
How did you solve this? I am having the same problems.
-
the solution is in your 3d, it's almost a year that this ppl do not log on the forum.