Evan, I ran the command and followed the directions to build out rndc as you have suggested. However, I am not sure that it made much of a difference. I should have been a little clearer from the beginning. I had worked with rndc to issue other commands and had received what appeared to be valid responses as if rndc was functional. I had somewhat assumed that rndc was baked in behind the scenes and ready to go. Either way I it has a rndc.conf and is specified in named.conf at this point.
I have two of these servers that are identical from an SW perspective. As a test, I issued "rndc secroots" on the server that I have modified to configure rndc and observed the following lines appear in the /var/log/messages file. When I issued "rndc secroots" from the non-modified file I get the same 3 lines. It acts like the process is running but it is unable to write output to the named.secroots file. Sep 6 14:33:13 ns2 named[31189]: received control channel command 'secroots' Sep 6 14:33:13 ns2 named[31189]: could not open secroots dump file 'named.secroots': permission denied Sep 6 14:33:13 ns2 named[31189]: dumpsecroots failed: permission denied As a test, I manually created named.secroots with weakened permissions to see if that made a difference but it still won't print output to it. [root@ns3 etc]# ls -lh named.secroots -rw-rw-rw-. 1 named named 0 Sep 6 13:52 named.secroots -----Original Message----- From: Evan Hunt [mailto:e...@isc.org] Sent: Thursday, September 06, 2018 1:22 PM To: Brent Swingle <br...@havilandtelco.com> Cc: bind-users@lists.isc.org Subject: Re: KSK Rollover On Thu, Sep 06, 2018 at 05:34:21PM +0000, Brent Swingle wrote: > This is the command that does not work and the output received: > [root@ns2 ~]# rndc secroots > rndc: 'secroots' failed: permission denied > [root@ns2 ~]# Have you set up your server to accept rndc commands? If not, run "rndc-confgen" and follow the directions. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users