rndc/bind9 weirdness

Matt matt at xtaz.net
Sat Oct 9 08:06:15 PDT 2004


Matt wrote:
> Clive Lin wrote:
> 
>> On Sat, Oct 09, 2004 at 12:35:01PM +0100, Matt Smith wrote:
>>
>>> Basically you can only reload it once and then it'll refuse to talk 
>>> unless
>>> you run /etc/rc.d/named restart.
>>
>>
>>
>> Hi,
>>
>>     My first guess is to verify the /etc/namedb ->
>> /var/named/etc/namedb link. I have production name server running with
>> 5.3-BETA7 in jail without problem, and I can `rndc reload` as many
>> times as I want. (some more jail specific tweaks, although still in
>> default chroot mode.)
>>
>>     If my memory serves me right, I solved the same problem by make
>> the link correct.
>>
>> Cheers
>>
> 
> The symlink and /var/named structure is fine as i completely rm -rf'd 
> them before letting the new named rc.d script create them. I found the 
> issue but am not sure what to do about it. On the second reload there is 
> a message in syslog saying:
> 
> none:0: open: /etc/namedb/rndc.key: permission denied
> 
> So I am assuming because the chroot is set to /var/named it can't access 
> this or something?
> 

Ahh my fault. I found out what it was. In my named.conf I had this from 
when I used to run bind9 from ports with a rndc.conf instead of an rncd.key:

controls {
       inet 127.0.0.1 port 953
       allow { 127.0.0.1; };
};

Commenting this out has made me able to reload it all the time. Sorry 
for the noise people!

Cheers ;-)

Matt.


More information about the freebsd-current mailing list