rndc/bind9 weirdness

Matt matt at xtaz.net
Sat Oct 9 08:06:15 PDT 2004

Matt wrote:
> Clive Lin wrote:
>> On Sat, Oct 09, 2004 at 12:35:01PM +0100, Matt Smith wrote:
>>> Basically you can only reload it once and then it'll refuse to talk 
>>> unless
>>> you run /etc/rc.d/named restart.
>> Hi,
>>     My first guess is to verify the /etc/namedb ->
>> /var/named/etc/namedb link. I have production name server running with
>> 5.3-BETA7 in jail without problem, and I can `rndc reload` as many
>> times as I want. (some more jail specific tweaks, although still in
>> default chroot mode.)
>>     If my memory serves me right, I solved the same problem by make
>> the link correct.
>> Cheers
> The symlink and /var/named structure is fine as i completely rm -rf'd 
> them before letting the new named rc.d script create them. I found the 
> issue but am not sure what to do about it. On the second reload there is 
> a message in syslog saying:
> none:0: open: /etc/namedb/rndc.key: permission denied
> So I am assuming because the chroot is set to /var/named it can't access 
> this or something?

Ahh my fault. I found out what it was. In my named.conf I had this from 
when I used to run bind9 from ports with a rndc.conf instead of an rncd.key:

controls {
       inet port 953
       allow {; };

Commenting this out has made me able to reload it all the time. Sorry 
for the noise people!

Cheers ;-)


More information about the freebsd-current mailing list