Re: rndc: 'reload' failed: unexpected error

Hi Duan. Firstly, please upgrade to the latest BIND as 9.11 is very old now and has many security flaws that will not be fixed because it is obsolete. Secondly, after you have upgraded try it again and if the problem still exists, come back here. Cheers, Greg > On 13 Mar 2025, at 09:23, Duan D

Re: rndc stops listening

John, please report the issue to the ISC GitLab. Thanks, -- Ondřej Surý — ISC (He/Him) My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours. > On 7. 4. 2021, at 19:32, John Thurston wrote: > > I now see this same b

Re: rndc stops listening

I now see this same behavior running BIND 9.16.12 on Ubuntu I have never seen it on my instances running 9.11.x on Centos I'd sure like to figure out why (or even when) it stops listening on port 953. Does anyone have any suggestions? -- Do things because you should, not just because you can.

Re: rndc valid key types

On Tue, Jul 07, 2020 at 04:32:37PM -0700, Gregory Sloop wrote: > I've seen reports that only HMAC-MD5 is the only valid key type. That was the case at one time, but hasn't been for years. > Is there any (security) reason/implications to use something "better" > than MD5? MD5 is broken (as is SHA

Re: rndc - sync before reload?

On Fri, Jul 12, 2019 at 01:34:35AM +, John W. Blue wrote: > I have zero experience with dynamic zones on BIND because all of ours are > static. That said, and since nobody else has commented, it seems like it > would make sense to sync before reload. > > The man says that sync writes out to t

Re: rndc - sync before reload?

On 7/14/19 8:00 PM, John W. Blue wrote: > Please elaborate on the technical reason why instead of being terse. I'll give a short version: "rndc reload" existed from the early days of BIND with the first notice in CHANGES being [bug] 287 in 9.1.0b1. "rndc sync" came along with [func] 3084 in BIND

Re: rndc - sync before reload?

Please elaborate on the technical reason why instead of being terse. Thanks! John Sent from Nine<http://www.9folders.com/> From: Anand Buddhdev Sent: Saturday, July 13, 2019 4:48 PM To: John Thurston; bind-users@lists.isc.org Subject: Re: rndc - sync

Re: rndc - sync before reload?

On 10/07/2019 20:08, John Thurston wrote: Hi John, > On a server with both static and dynamic zones, is there any reason to > perform an: >   rndc sync > prior to issuing an: >   rndc reload No, there is no need for a sync before reload. Regards, Anand __

Re: rndc - sync before reload?

I have zero experience with dynamic zones on BIND because all of ours are static. That said, and since nobody else has commented, it seems like it would make sense to sync before reload. The man says that sync writes out to the journal which shouldn't ever be a bad thing. John Sent from Nine

Re: rndc status command hangs in bind 9.14.2

On Wed, 12 Jun 2019, Micha? K?pie? wrote: Hi Andi, Is there something different about 9.14 defaults that I now need to include in my config to get past this ? I am unable to reproduce this, things seem to work fine, at least on a fresh amd64 NetBSD 7.2 VM: # bin/rndc/rndc status ver

Re: rndc status command hangs in bind 9.14.2

Hi Andi, > Is there something different about 9.14 defaults that I now need to include > in my config to get past this ? I am unable to reproduce this, things seem to work fine, at least on a fresh amd64 NetBSD 7.2 VM: # bin/rndc/rndc status version: BIND 9.14.2 (Stable Release) run

Re: rndc and nsupdate failing to work for me

On 03/14/2019 04:40 AM, Niall O'Reilly wrote: > On 14 Mar 2019, at 5:17, Marc Chamberlin via bind-users wrote: > >> On 03/13/2019 08:33 PM, John W. Blue wrote: >>> As an option, instead of including /etc/rndc.key nothing prevents you >>> from including rndc.conf.  That way you are consistent with y

Re: rndc and nsupdate failing to work for me

On 03/14/2019 12:02 AM, Mark Andrews wrote: > "rndc showzone" only works if you also have "allow-new-zones yes;” set. Really??? Wow! Thanks Mark! I would never have guessed that, but yes it does make rndc much happier! > > The last time there was a complaint about UPDATE’s not sticking the > startu

Re: rndc and nsupdate failing to work for me

On 14 Mar 2019, at 5:17, Marc Chamberlin via bind-users wrote: > On 03/13/2019 08:33 PM, John W. Blue wrote: >> >> As an option, instead of including /etc/rndc.key nothing prevents you >> from including rndc.conf.  That way you are consistent with your useage. Another option is to include rndc.ke

Re: rndc and nsupdate failing to work for me

"rndc showzone" only works if you also have "allow-new-zones yes;” set. The last time there was a complaint about UPDATE’s not sticking the startup procedure was wiping out the changes. Mark > On 14 Mar 2019, at 10:01 am, Marc Chamberlin via bind-users > wrote: > > Hello Bind Users, > > I ha

Re: rndc and nsupdate failing to work for me

Hi John,  thanks for replying and your thoughts! I will intersperse my feedback within your comments - On 03/13/2019 08:33 PM, John W. Blue wrote: > > Marc, > >   > > Regarding your rndc problem, I think you might be confusing rndc. > >   > > If rndc is invoked with no options, specifically “k”, t

RE: rndc and nsupdate failing to work for me

Marc, Regarding your rndc problem, I think you might be confusing rndc. If rndc is invoked with no options, specifically “k”, then rndc assumes the key it needs is in the rndc.conf file. If rndc.conf is not present, rndc will use the default rndc.key file. That said, since rndc knows there is

Re: RNDC Stats

N. Max Pierson wrote: > > Under Incoming Requests it has QUERY's among some other stats. Is this > the total queries across all zones? If it is, it doesn't seem to add up > to what the total of each zone added together in the per zone stats. Hmm, good question. I suspected it might be something t

Re: rndc reconfig: Unexpected end of input

Check named.conf with named-checkconf. > On 29 Aug 2018, at 4:34 am, J David wrote: > > After recently improving the tracking of errors coming from commands > running from scripts, we found that a large number of “rndc reconfig” > requests (about 15-20% of all requests) error out with exit statu

Re: rndc addzone type forward

> Unfortunately that's not currently possible. The configuration syntax is > misleading here. You configure forwarding in a view by putting a "zone" > statement in named.conf, but it doesn't actually build a zone *object*, > the way type "master" or "slave" does; it tells the server to set up a > d

Re: rndc addzone type forward

> I'm trying to add zone of type "forward" with rndc addzone, but it fails with: Unfortunately that's not currently possible. The configuration syntax is misleading here. You configure forwarding in a view by putting a "zone" statement in named.conf, but it doesn't actually build a zone *object*,

Re: rndc addzone type forward

Emil Natan wrote: > > I also compiled BIND 9.11.0rc3, but nothing changed, no more verbosity, > only the name of the .nzf file created changed from hash to plain text. Try 9.11.0-P1 which has a few changes since rc3. > Another finding is that the failure .nzf file is created, but it's empty > an

Re: rndc addzone type forward

Original Message Subject: Re: rndc addzone type forward Local Time: November 16, 2016 5:50 PM UTC Time: November 16, 2016 3:50 PM From: e...@foowatch.com To: bind-users@lists.isc.org Original Message Subject: Re: rndc addzone type forward Local Time

Re: rndc addzone type forward

Original Message Subject: Re: rndc addzone type forward Local Time: November 16, 2016 5:12 PM UTC Time: November 16, 2016 3:12 PM From: d...@dotat.at To: Emil Natan bind-users@lists.isc.org Emil Natan wrote: > > I'm trying to add zone of type "forward" w

Re: rndc addzone type forward

Emil Natan wrote: > > I'm trying to add zone of type "forward" with rndc addzone, but it fails with: > > rndc addzone zone.org '{type forward; forward only; forwarders { > 192.168.20.115; }; };' > rndc: 'addzone' failed: not found I think this happens if you are using a version before 9.11 (whic

Re: rndc on local host: need named running?

On Tuesday, August 30, 2016, Woodworth, John R < john.woodwo...@centurylink.com> wrote: > > I have a slightly unorthodox view on this which may even offer a bit more > > security. The answers are listed below inline. > > ... Thanks, John. Best regards, -Tom

Re: rndc on local host: need named running?

On Tuesday, August 30, 2016, Cathy Almond wrote: > On 28/08/2016 02:48, Lyle wrote: > > Use any in the allow stanza. > > You'll be using a shared key for this to work anyway, but I'd suggest > being slightly more paranoid than 'any' in the allow stanza - perhaps > the address range in which your

RE: rndc on local host: need named running?

> My plan is to have two remote, authoritative name servers > (master and slave) for my owned domains. I would like to use rndc > to control them from my local host. > > A couple of questions: Tom, I have a slightly unorthodox view on this which may even offer a bit more security. The answers a

Re: rndc on local host: need named running?

On 28/08/2016 02:48, Lyle wrote: > Use any in the allow stanza. You'll be using a shared key for this to work anyway, but I'd suggest being slightly more paranoid than 'any' in the allow stanza - perhaps the address range in which your local machine is to be allocated its address? ___

Re: rndc on local host: need named running?

Use any in the allow stanza. On 08/27/16 19:54, Tom Browder wrote: On Saturday, August 27, 2016, Lyle > wrote: On 08/27/16 10:54, Tom Browder wrote: https://calomel.org/dynamic_dns_ddns.htmlMy plan is to have two 2. Can I use rndc from my local host wh

Re: rndc on local host: need named running?

On Saturday, August 27, 2016, Lyle wrote: > On 08/27/16 10:54, Tom Browder wrote: > > https://calomel.org/dynamic_dns_ddns.htmlMy plan is to have two > > 2. Can I use rndc from my local host which doesn't have a fixed ip address? > > ... > Let me Google that for you and the answer is: > https://

Re: rndc on local host: need named running?

On 08/27/16 10:54, Tom Browder wrote: My plan is to have two remote, authoritative name servers (master and slave) for my owned domains. I would like to use rndc to control them from my local host. A couple of questions: 1. Does named need to be running on the local host? No. 2. Can I u

Re: rndc on local host: need named running?

On Saturday, August 27, 2016, Warren Kumari wrote: > On Saturday, August 27, 2016, Tom Browder > wrote: > >> My plan is to have two remote, authoritative name servers (master and >> slave) for my owned domains. I would like to use rndc to control them from >> my local host. >> A couple of quest

Re: rndc on local host: need named running?

On Saturday, August 27, 2016, Tom Browder wrote: > My plan is to have two remote, authoritative name servers (master and > slave) for my owned domains. I would like to use rndc to control them from > my local host. > > A couple of questions: > > 1. Does named need to be running on the local host

Re: rndc signing -list not working?a

> On Mon, Feb 22, 2016 at 10:52:25AM -0500, Thomas Schulz wrote: > > rndc signing -list adi.com in external > > > > I get 'No signing records found' > > > > Note that we use views and view external is what the world sees. I expected > > that the rndc signing command would show that the zone is si

Re: rndc signing -list not working?a

On Mon, Feb 22, 2016 at 10:52:25AM -0500, Thomas Schulz wrote: > rndc signing -list adi.com in external > > I get 'No signing records found' > > Note that we use views and view external is what the world sees. I expected > that the rndc signing command would show that the zone is signed. When a

Re: rndc status field meaning please

이윤호 wrote: > > CPUs found: 4 > ​ physical cpu ? That is per hyperthread, like /proc/cpuinfo on Linux. > worker threads: 4 > physical cpu in core? Number of POSIX threads set up by BIND. > UDP listeners per interface: 2 > very diffcult nic port intercafe? > one interface = udp :1 ? Th

Re: rndc status field meaning please

Hi, I don't think we do document the output from "rndc status" explicitly line by line in the BIND Administrator Manual, so I'll respond to your questions below, and I'll see about getting the documentation updated. For anything else you need to know, please refer to the manuals https://kb.isc.or

Re: rndc flushname not working

On Mon, Apr 13, 2015 at 11:17:41AM -0700, Frank Even wrote: > I have to apologize for that. I'd still definitely be curious to know > what info is stored in the ADB though since according to the docs ADB > was never intended to be flushed with a "flushtree" (although that has > now apparently been

Re: rndc flushname not working

On Mon, Apr 13, 2015 at 11:10 AM, Evan Hunt wrote: > On Mon, Apr 13, 2015 at 11:05:05AM -0700, Frank Even wrote: >> ...and where could I find info on what is stored in ADB and any other >> particular items that flushname might not deal with? That's where my >> frustration largely is, that I can't

Re: rndc flushname not working

On Mon, Apr 13, 2015 at 11:05:05AM -0700, Frank Even wrote: > ...and where could I find info on what is stored in ADB and any other > particular items that flushname might not deal with? That's where my > frustration largely is, that I can't find clear documentation on this > point. I believe "rn

Re: rndc flushname not working

On Sat, Apr 11, 2015 at 6:49 AM, Tony Finch wrote: > There was a bug in 9.9 and earlier that rndc flushtree only flushed the main > cache, not adb or bad cache. This was fixed in 9.10 - see item 3606 in the > CHANGES file. ...and where could I find info on what is stored in ADB and any other pa

Re: rndc flushname not working

There was a bug in 9.9 and earlier that rndc flushtree only flushed the main cache, not adb or bad cache. This was fixed in 9.10 - see item 3606 in the CHANGES file. Tony. -- f.anthony.n.finchhttp://dotat.at ___ Please visit https://lists.isc.org

Re: rndc flushname not working

In this particular case, when the issue came to me, the name servers for the domain were able to return the result with no problems, other caching servers throughout the company had no issues, but this group of servers that apparently had tests run against the domain prior to it being fully setup

Re: rndc flushname not working

On Thu, Apr 9, 2015 at 1:48 PM, Matus UHLAR - fantomas wrote: > On 09.04.15 13:25, Frank Even wrote: >> >> Is there any place I can look to get a definitive answer in what cases >> "flushname" will and will not work? > > > it will work if you have old entries in the cache. > that will NOT help you

Re: rndc flushname not working

On 09.04.15 13:25, Frank Even wrote: Is there any place I can look to get a definitive answer in what cases "flushname" will and will not work? it will work if you have old entries in the cache. that will NOT help you if any of the servers that are supposed to be authoritative for a domain will

Re: rndc flushname not working

Is there any place I can look to get a definitive answer in what cases "flushname" will and will not work? I've been digging around in lists and docs and can't seem to find any definitive answers. I've been having odd troubles clearing a name from a cache and after even clearing the name and the

Re: rndc stop hangs, named stuck at FUTEX WAIT

named reference counts objects. When there is a unbalanced attach/detach, missing dns_rdataset_disassociate somewhere in the code one can get this on shutdown as named frees all memory. The only outstanding one I'm aware of is this one which will be fixed in the next maintanence release. https:/

Re: rndc stop hangs, named stuck at FUTEX WAIT

On Sat, Dec 13, 2014 at 11:05:52AM -0500, Chuck Anderson wrote: > For the second time (at least), an automatic BIND update on Scientific > Linux 6 (RHEL 6 clone) failed to restart the named process. The RPM > package runs this to restart: ... > Now I believe what is happening is "rndc stop" is han

RE: rndc flushname not working

Next time I'll dump the db. Frank -Original Message- From: bind-users-boun...@lists.isc.org [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Matus UHLAR - fantomas Sent: Thursday, December 11, 2014 10:32 AM To: bind-users@lists.isc.org Subject: Re: rndc flushname not working

Re: rndc flushname not working

On 09.12.14 21:36, Frank Bulk wrote: Perhaps it wasn't NXDOMAIN -- I didn't capture the output. But there definitely was not answer. The institution only has two authoritative nameserver entries, both pointing to the same IP, so all it was all down. In any case, why doesn't flushing the name w

Re: rndc flushname not working

On Wed, Dec 10, 2014 at 3:36 AM, Matus UHLAR - fantomas wrote: > On 09.12.14 21:36, Frank Bulk wrote: > >> Perhaps it wasn't NXDOMAIN -- I didn't capture the output. But there >> definitely was not answer. The institution only has two authoritative >> nameserver entries, both pointing to the sa

Re: rndc flushname not working

On 09.12.14 21:36, Frank Bulk wrote: Perhaps it wasn't NXDOMAIN -- I didn't capture the output. But there definitely was not answer. The institution only has two authoritative nameserver entries, both pointing to the same IP, so all it was all down. In any case, why doesn't flushing the name w

RE: rndc flushname not working

riginal Message- From: Mark Andrews [mailto:ma...@isc.org] Sent: Tuesday, December 09, 2014 9:32 PM To: Frank Bulk Cc: bind-us...@isc.org Subject: Re: rndc flushname not working Nameservers being down does not result in NXDOMAIN responses. I suspect that some of the auth servers were pro

Re: rndc flushname not working

Nameservers being down does not result in NXDOMAIN responses. I suspect that some of the auth servers were producing NXDOMAIN incorrectly. Flushing the name won't help in those cases. In message <001001d01429$1c857f70$55907e50$@iname.com>, "Frank Bulk" writes: > Our ISP operations are running

Re: rndc (and now nsupdate too)

Am 31.07.2014 21:08, schrieb /dev/rob0: The proper tool to manage named configuration and operation, and which in the best Unix ethic is well suited for automation, is rndc(8). You can not always use rndc. For example you can add and delete zones, but you can not modify zones via rndc. regards

Re: rndc zonestatus meaning

> 3. how does bind count number of nodes in zonestatus ?(Mine is 5) The number of nodes in the zone database that have data (not counting NSEC3 nodes). In your case: example.com, ns.example.com, sub.example.com, ns.sub.example.com, and www.example.com makes five. > 4. What is nex key

Re: rndc zonestatus meaning

In message <102153bef555e7489ca5d54165c431a301301...@exchbsi02.ttt.co.th>, "Jittinan S uwanruengsri" writes: > > Hi, > > 1. #rncd zonestatus example.com > name: example.com > type: master > files: /usr/local/named/zone/example.com.zone > serial: 2013122402 > signed serial: 2013122405 > node

Re: php-library added -> Re: rndc (and now nsupdate too)

This recent thread, in which people are describing their scripts and GUI provisioning systems makes me think we should recruit a few of you who think you have a sweet provisioning system On 02.08.14 02:39, Reindl Harald wrote: at least i add the library i developed to maintain zone-files which

php-library added -> Re: rndc (and now nsupdate too)

> This recent thread, in which people are describing their scripts and > GUI provisioning systems makes me think we should recruit a few of > you who think you have a sweet provisioning system at least i add the library i developed to maintain zone-files which needs translation of the comments, to

Re: rndc (and now nsupdate too)

This recent thread, in which people are describing their scripts and GUI provisioning systems makes me think we should recruit a few of you who think you have a sweet provisioning system, to do a WebEX and describe it for everyone else who is looking for a better system. At the RIPE meeting in

Re: rndc (and now nsupdate too)

Mike Hoskins (michoski) wrote: > Tony Finch wrote: > > > >In our setup, changes made in the database are turned into an nsupdate > >script, so we don't need to bounce the name server and we can use > >BIND's automatic signing. > > no argument on nsupdate, but even if you copy files around...you d

Re: rndc (and now nsupdate too)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi everyone, On 01.08.14 15:58 Reindl Harald wrote: > the whole discussion about rndc or not rndc follow up therads and > side-threads startet after that reply below from me yesterday and > whoever brought "bounce" in the game did also not understand

Re: rndc (and now nsupdate too)

are simply missing the context the whole discussion about rndc or not rndc follow up therads and side-threads startet after that reply below from me yesterday and whoever brought "bounce" in the game did also not understand the context of the discussion all the threads about "rndc"

Re: rndc (and now nsupdate too)

-Original Message- From: Reindl Harald Organization: the lounge interactive design Date: Friday, August 1, 2014 at 9:23 AM To: "bind-users@lists.isc.org" Subject: Re: rndc (and now nsupdate too) > >Am 01.08.2014 um 15:14 schrieb Mike Hoskins (michoski): >> Fro

Re: rndc (and now nsupdate too)

Am 01.08.2014 um 15:14 schrieb Mike Hoskins (michoski): > From: Tony Finch > Date: Friday, August 1, 2014 at 5:31 AM > To: Reindl Harald > Cc: "bind-users@lists.isc.org" > Subject: Re: rndc (and now nsupdate too) > >> Reindl Harald wrote: >>&g

Re: rndc (and now nsupdate too)

-Original Message- From: Tony Finch Date: Friday, August 1, 2014 at 5:31 AM To: Reindl Harald Cc: "bind-users@lists.isc.org" Subject: Re: rndc (and now nsupdate too) >Reindl Harald wrote: >> Am 31.07.2014 um 21:08 schrieb /dev/rob0: >> > >> > T

Re: rndc (and now nsupdate too)

Reindl Harald wrote: > Am 31.07.2014 um 21:08 schrieb /dev/rob0: > > > > The proper tool to manage zone data is nsupdate(8). Likewise well > > suited for automation. > > zone file *editing*? > > sorry, no, i developed 2008 a interface to create all zone files based > on database records, write th

Re: rndc

On 8/1/14, 1:58 AM, Reindl Harald wrote: > i did not pretend it's a perfect solution in every environment > but it is suiteable for many and so a valid opportunity Sorry, yours is a bad solution for most and doing rndc correctly is a much better solution for nearly everyone. There, I said it. A

Re: rndc (and now nsupdate too)

On 7/31/2014 3:08 PM, /dev/rob0 wrote: On Thu, Jul 31, 2014 at 05:56:08PM +0200, Reindl Harald wrote: Am 31.07.2014 um 17:41 schrieb /dev/rob0: On Thu, Jul 31, 2014 at 01:32:03PM +0200, Reindl Harald wrote: i am doing reloads of named with "killall -HUP named" just because i disabled rndc comp

Re: rndc (and now nsupdate too)

Am 31.07.2014 um 21:08 schrieb /dev/rob0: > On Thu, Jul 31, 2014 at 05:56:08PM +0200, Reindl Harald wrote: >> don't get me wrong but if someone creates *any* bind >> configuration and zone-files with self developed software > > ... that someone is almost surely doing it wrong. "Zone files"? >

Re: rndc (and now nsupdate too)

On Thu, Jul 31, 2014 at 05:56:08PM +0200, Reindl Harald wrote: > Am 31.07.2014 um 17:41 schrieb /dev/rob0: > > On Thu, Jul 31, 2014 at 01:32:03PM +0200, Reindl Harald wrote: > >> i am doing reloads of named with "killall -HUP named" just > >> because i disabled rndc completly for security reasons

Re: rndc

Am 31.07.2014 um 20:51 schrieb /dev/rob0: > On Thu, Jul 31, 2014 at 12:11:40PM -0400, Kevin Darcy wrote: >> kill -HUP is way more disruptive than necessary for a mere >> interface scan. It's overkill. > > Furthermore, on a server with lots of zones, it could cause a DoS > while zones are reload

Re: rndc

On Thu, Jul 31, 2014 at 12:11:40PM -0400, Kevin Darcy wrote: > kill -HUP is way more disruptive than necessary for a mere > interface scan. It's overkill. Furthermore, on a server with lots of zones, it could cause a DoS while zones are reloading, and named is unable to answer. -- http://rob0

Re: rndc

On 7/31/2014 11:56 AM, Reindl Harald wrote: Am 31.07.2014 um 17:41 schrieb /dev/rob0: On Thu, Jul 31, 2014 at 01:32:03PM +0200, Reindl Harald wrote: i am doing reloads of named with "killall -HUP named" just because i disabled rndc completly for security reasons and configurations are generate

Re: rndc

Am 31.07.2014 um 17:41 schrieb /dev/rob0: > On Thu, Jul 31, 2014 at 01:32:03PM +0200, Reindl Harald wrote: >> i am doing reloads of named with "killall -HUP named" just because >> i disabled rndc completly for security reasons and configurations >> are generated with own software only needs nam

Re: rndc addzone gets permission denied

Seems previously I made some mistake when tried to make writable /var/named... Currently chmod g+w /var/named resolved the problem. Thanks to all! 2014/1/13 Leonard Mills > You previously showed your unsuccessful rndc command. It contained: > 'type slave; file "slaves/zone.local"; > > Un

Re: rndc addzone gets permission denied

You previously showed your unsuccessful rndc command.  It contained: 'type slave; file "slaves/zone.local"; Unless you override the defaults, that says: "use the file /var/named/slaves/zone.local". So it appears that the directory /var/named/slaves was not writable. Hth, Len On Su

Re: rndc addzone gets permission denied

Mark, I've read the phrase a lot ) What't is the working directory for named in Centos 6 installation? I already tried to chmod 777 /var/named /etc/named /usr/lib64/bind... 2014/1/13 Mark Andrews > > It is trying to create a .nzf (new zone file) file in the working > directory. > > -- > Mark An

Re: rndc addzone gets permission denied

It is trying to create a .nzf (new zone file) file in the working directory. -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/ma

Re: rndc addzone gets permission denied

On Sun, 12 Jan 2014, Georgy Goshin wrote: named -g too shows only received command and do not shows which permission is denied 12-Jan-2014 19:42:48.133 received control channel command 'addzone zone.local { type slave; file "slaves/zone.local"; masters { 172.31.199.154; }; };' 12-Jan-2014 19:43

Re: rndc addzone gets permission denied

named -g too shows only received command and do not shows which permission is denied 12-Jan-2014 19:42:48.133 received control channel command 'addzone zone.local { type slave; file "slaves/zone.local"; masters { 172.31.199.154; }; };' 12-Jan-2014 19:43:05.826 received control channel command 'add

Re: rndc addzone gets permission denied

I slaved the root zone without a file statement in my named.conf for the slaved file and it worked. I added the file statement later to my named.con as I wanted a local copy for quicker startup. I think I may have touched the file to get it started though. When I finally looked at it, I foun

Re: rndc addzone gets permission denied

On 12/01/14 12:17, Georgy Goshin wrote: Selinux disabled, /var/named/slave is 770 and owned by named. Is there a It should go without saying that wholesale disabling of SELinux, if your distro enables it by default, is unwise. If you must, set the specific daemon to disabled. We run with SE

Re: rndc addzone gets permission denied

Selinux disabled, /var/named/slave is 770 and owned by named. Is there a way to get any debug output to see which permission is denied? 12.01.2014 11:40 пользователь "Elia Pinto" написал: > It is Selinux related > > Try ausearch -m avc for finding. Put named in permissive mode > > Best > Il 12/ge

Re: rndc addzone gets permission denied

It is Selinux related Try ausearch -m avc for finding. Put named in permissive mode Best Il 12/gen/2014 00:13 "Georgy Goshin" ha scritto: > Hi, > > CentOS, 6.5, default bind package bind-9.8.2-0.17.rc1.el6_4.6.x86_64. > > trying to add slave zone with command rndc addzone "zone.local" '{ type >

Re: rndc addzone gets permission denied

> but getting rndc: 'addzone' failed: permission denied, nothing on the logs, > only received control channel command 'addzone zone.local { type slave; > file "slaves/zone.local"; masters { 172.31.199.154; }; };' even after rndc > trace 99. > > allow-new-zones yes; > > tried with chmod 777 for /var

Re: rndc addzone gets permission denied

I would suspect your chmod 777 was inappropriate as I believe you should have just chmod'd var/named/slaves. The chmod isn't inheritable like windows. -- Jason Hellenthal Voice: 95.30.17.6/616 JJH48-ARIN > On Jan 11, 2014, at 19:11, Mikael Johansson > wrote: > > On 12 Jan 2014 00:14, Geo

Re: rndc addzone gets permission denied

On 12 Jan 2014 00:14, Georgy Goshin wrote: > > Hi, > > CentOS, 6.5, default bind package bind-9.8.2-0.17.rc1.el6_4.6.x86_64. > > trying to add slave zone with command rndc addzone "zone.local" '{ type > slave; file "slaves/zone.local"; masters { 172.31.199.154; }; };' > > but getting rndc: 'addzo

Re: rndc refresh fails for signed zones

> Am I correct in thinking that in the case of a hidden master and a chain > of slaves, that the first publicly acessable slave would do the signing > and that in any case only one instance of bind should do the signing? The signer doesn't even have to be publicly accessible if you don't want it t

Re: rndc refresh fails for signed zones

Thomas Schulz wrote: > > Am I correct in thinking that in the case of a hidden master and a chain > of slaves, that the first publicly acessable slave would do the signing > and that in any case only one instance of bind should do the signing? It is better if the hidden master does the signing, s

Re: rndc refresh fails for signed zones

On Dec 12 2013, Thomas Schulz wrote: Sorry for the bad advice. Am I correct in thinking that in the case of a hidden master and a chain of slaves, that the first publicly acessable slave would do the signing and that in any case only one instance of bind should do the signing? It would be str

Re: rndc refresh fails for signed zones

Sorry for the bad advice. Am I correct in thinking that in the case of a hidden master and a chain of slaves, that the first publicly acessable slave would do the signing and that in any case only one instance of bind should do the signing? Tom Schulz Applied Dynamics Intl. sch...@adi.com ___

Re: rndc refresh fails for signed zones

On 11.12.2013 21:09, Mark Andrews wrote: For normal slave zones (unsigned) it works fine. Is this a known bug? >Where can I open a bug report? Any workarounds? You can report bugs tobind9-b...@isc.org. That being said this one is trivial. Thanks, works fine. regards Klaus _

Re: rndc refresh fails for signed zones

In message <52a85d1b.2010...@pernau.at>, Klaus Darilion writes: > Hi! > > # named -V > BIND 9.9.3-rl.13204.02-P2 > > I have configured slave zones with inline signing: > > zone "mydomain.at" { > type slave; > file "/etc/bind/mydomain.at"; > masters { 1.2.3.4; }; >

Re: rndc refresh fails for signed zones

In article , sch...@adi.com (Thomas Schulz) wrote: > Also, also-notify does not make much sense for a slave. A permissible configuration is one where A transfers from B, and B transfers from C. It then makes sense for C to notify B, and B to notify A. -- Barry Margolin Arlington, MA

Re: rndc refresh fails for signed zones

> > For normal slave zones (unsigned) it works fine. Is this a known bug? > > Where can I open a bug report? Any workarounds? Bug reports can go to bind9-b...@isc.org. > I believe that only the master can sign the zone. > Also, also-notify does not make much sense for a slave. With inline-signin

Re: rndc refresh fails for signed zones

> Hi! > > # named -V > BIND 9.9.3-rl.13204.02-P2 > > I have configured slave zones with inline signing: > > zone "mydomain.at" { > type slave; > file "/etc/bind/mydomain.at"; > masters { 1.2.3.4; }; > key-directory "/etc/bind/keys"; > auto-dnssec main

Re: rndc refresh fails for signed zones

Same problem with: # named -V BIND 9.9.4-P1 On 11.12.2013 13:39, Klaus Darilion wrote: Hi! # named -V BIND 9.9.3-rl.13204.02-P2 I have configured slave zones with inline signing: zone "mydomain.at" { type slave; file "/etc/bind/mydomain.at"; masters { 1.2.3.4; };

Re: rndc addzone, global allow-new-zones, 'file not found'

In message <20131211120707.11028b38@loki>, Tobias Wolter writes: > > On Wed, 11 Dec 2013 22:01:02 +1100 > Mark Andrews wrote: > > > create the initial zone contents and put it in master/metazone.zone. > > Thanks, I feared that that was a necessary step. > > No way around that requirement

  1   2   3   >