Evan,

I ran the command and followed the directions to build out rndc as you have 
suggested.  However, I am not sure that it made much of a difference.  I should 
have been a little clearer from the beginning.  I had worked with rndc to issue 
other commands and had received what appeared to be valid responses as if rndc 
was functional.  I had somewhat assumed that rndc was baked in behind the 
scenes and ready to go.  Either way I it has a rndc.conf and is specified in 
named.conf at this point.

I have two of these servers that are identical from an SW perspective.  As a 
test, I issued "rndc secroots" on the server that I have modified to configure 
rndc and observed the following lines appear in the /var/log/messages file.  
When I issued "rndc secroots" from the non-modified file I get the same 3 
lines.  It acts like the process is running but it is unable to write output to 
the named.secroots file.

Sep  6 14:33:13 ns2 named[31189]: received control channel command 'secroots'
Sep  6 14:33:13 ns2 named[31189]: could not open secroots dump file 
'named.secroots': permission denied 
Sep  6 14:33:13 ns2 named[31189]: dumpsecroots failed: permission denied


As a test, I manually created named.secroots with weakened permissions to see 
if that made a difference but it still won't print output to it.
[root@ns3 etc]# ls -lh named.secroots
-rw-rw-rw-. 1 named named 0 Sep  6 13:52 named.secroots



-----Original Message-----
From: Evan Hunt [mailto:e...@isc.org] 
Sent: Thursday, September 06, 2018 1:22 PM
To: Brent Swingle <br...@havilandtelco.com>
Cc: bind-users@lists.isc.org
Subject: Re: KSK Rollover

On Thu, Sep 06, 2018 at 05:34:21PM +0000, Brent Swingle wrote:
> This is the command that does not work and the output received:
> [root@ns2 ~]# rndc secroots
> rndc: 'secroots' failed: permission denied
> [root@ns2 ~]#

Have you set up your server to accept rndc commands?

If not, run "rndc-confgen" and follow the directions.

-- 
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to