Results 1 to 3 of 3

Thread: Bind9 rndc-key issue

  1. #1

    Default Bind9 rndc-key issue

    Hello,
    I am currently working through the opensuse reference manual, and am attempting to run a BIND DNS.
    Attempting to use both yast, and the CL leads me to the same issue:

    named-checkconf /etc/named.conf
    Code:
    /etc/rndc.key:1: key 'rndc-key': already exists previous definition: /etc/rndc.key:1
    /etc/rndc.key:1: key 'rndc-key': already exists previous definition: /etc/rndc.key:1
    systemctl status named.service
    Code:
    ● named.service - Berkeley Internet Name Domain (DNS)
         Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)
         Active: failed (Result: exit-code) since Tue 2020-06-16 16:44:03 EDT; 42min ago
        Process: 21145 ExecStart=/usr/sbin/named.init start (code=exited, status=6)
    
    Jun 16 16:44:03 linux-7paf systemd[1]: Starting Berkeley Internet Name Domain (DNS)...
    Jun 16 16:44:03 linux-7paf named.init[21145]: Starting name server BIND
    Jun 16 16:44:03 linux-7paf named.init[21208]: Starting name server BIND
    Jun 16 16:44:03 linux-7paf named.init[21208]: etc/named.conf:17
    Jun 16 16:44:03 linux-7paf systemd[1]: named.service: Control process exited, code=exited, status=6/NOTCONFIGURED
    Jun 16 16:44:03 linux-7paf systemd[1]: named.service: Failed with result 'exit-code'.
    Jun 16 16:44:03 linux-7paf systemd[1]: Failed to start Berkeley Internet Name Domain (DNS).
    If I delete the /etc/rndc-key:
    Code:
    ● named.service - Berkeley Internet Name Domain (DNS)
         Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)
         Active: failed (Result: exit-code) since Tue 2020-06-16 17:42:35 EDT; 7s ago
        Process: 28201 ExecStart=/usr/sbin/named.init start (code=exited, status=6)
    
    Jun 16 17:42:35 linux-7paf named.init[28201]: Warning: File /etc/rndc.key not found. Creating it.
    Jun 16 17:42:35 linux-7paf named.init[28242]: rndc-confgen: The -r option has been deprecated.
    Jun 16 17:42:35 linux-7paf named.init[28243]: chmod: cannot access '/etc/rndc.key': No such file or directory
    Jun 16 17:42:35 linux-7paf named.init[28244]: chown: cannot access '/etc/rndc.key': No such file or directory
    Jun 16 17:42:35 linux-7paf named.init[28201]: Warning: File /etc/rndc.key not found. Skipping.
    Jun 16 17:42:35 linux-7paf named.init[28201]: Warning: File /etc/rndc.key not found. Skipping.
    Jun 16 17:42:35 linux-7paf named.init[28266]: /etc/rndc.key:1: key 'rndc-key': already exists previous definition: /etc/rndc.key:1
    Jun 16 17:42:35 linux-7paf systemd[1]: named.service: Control process exited, code=exited, status=6/NOTCONFIGURED
    Jun 16 17:42:35 linux-7paf systemd[1]: named.service: Failed with result 'exit-code'.
    Jun 16 17:42:35 linux-7paf systemd[1]: Failed to start Berkeley Internet Name Domain (DNS).
    named.conf file (I have left out comments, and line 17 being "options {"
    Code:
    options {
    
            # The directory statement defines the name server's working directory
            directory "/var/lib/named";
    
            dnssec-validation auto;
            managed-keys-directory "/var/lib/named/dyn/";
    
            listen-on port 53 { 127.0.0.1; };
            listen-on-v6 { any; };
    
            allow-query { 127.0.0.1; };
    
            notify no;
    
            disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
            include "/etc/named.d/forwarders.conf";
    };
    
    zone "." in {
            type hint;
            file "root.hint";
    };
    
    zone "localhost" in {
            type master;
            file "localhost.zone";
    };
    
    zone "0.0.127.in-addr.arpa" in {
            type master;
            file "127.0.0.zone";
    };
    
    zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" in {
            type master;
            file "127.0.0.zone";
    };
    
    include "/etc/named.conf.include";
    zone "dnsmz.com" in {
            file "master/dnsmz.com";
            type master;
            allow-transfer { any; };
    };
    logging {
            category xfer-in { log_syslog; };
            category xfer-out { log_syslog; };
            category default { log_syslog; };
            channel log_syslog { syslog; };
    };
    
    # You can insert further zone records for your own domains below or create
    # single files in /etc/named.d/ and add the file names to
    # NAMED_CONF_INCLUDE_FILES.
    # See /usr/share/doc/packages/bind/README.SUSE for more details.
    
    include "/etc/rndc.key";
    controls { inet 127.0.0.1 port 953 allow { localhost; } keys { "rndc-key"; };};
    
    zone "1.0.168.192.in-addr.arpa" in {
            allow-transfer { any; };
            file "master/1.0.168.192.in-addr.arpa";
            type master;
    }
    cat /etc/os-release
    Code:
    NAME="openSUSE Tumbleweed"
    # VERSION="20200614"
    ID="opensuse-tumbleweed"
    ID_LIKE="opensuse suse"
    VERSION_ID="20200614"
    PRETTY_NAME="openSUSE Tumbleweed"
    ANSI_COLOR="0;32"
    CPE_NAME="cpe:/o:opensuse:tumbleweed:20200614"
    BUG_REPORT_URL="https://bugs.opensuse.org"
    HOME_URL="https://www.opensuse.org/"
    LOGO="distributor-logo"
    If any more information is need please let me know, any help is appreciated.

  2. #2
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    12,296
    Blog Entries
    2

    Default Re: Bind9 rndc-key issue

    As you seem to have determined, something has changed in how the BIND server configuration is generated and read so you should file a big report on your findings to https://bugzilla.opensuse.org.

    But before you do so,
    there is one more thing you can do to possibly fix your immediate situation and add to your report...
    You can try to find where the duplicate key may exist.

    I recommend using the "locate" utility which works faster and a bit differently than the "find" utility.. and can be installed as part of the mlocate package.
    To install,
    Code:
    zyppter in mlocate
    After installed, the database of your entire system will update automatically every 24 hrs, but you won't want to wait that long for first use or after any changes to your system.
    Updating the database is simple, just run the following and wait a few seconds
    Code:
    updatedb
    Once your database is as up to date as you need, you can run "locate text_string" where e the text string can be as short ( file name fragment) or as long((typically part of the path)
    Some examples
    Code:
    locate rndc.key
    locate rndc.key:1
    locate bin/ssh
    Awhile back, I observed that some files like kernel objects (.ko) were not found by locate, but may have been a bug. Shortly after I posted that, those files were part of locate results.

    Of course, the above can identify all instances of rndc.key on your system which can go a long ways towards identifying possible conflicting duplicates.
    Whatever your findings, be sure to report to bugzilla so the problem can be fixed.

    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

  3. #3

    Default Re: Bind9 rndc-key issue

    Hello Tsu,

    As you advised I installed mlocate, running the updatedb command after

    locate rndc.key:
    Code:
    /etc/rndc.key
    /var/lib/named/etc/rndc.key
    This method has found the duplicate key. After using rm to remove both files (ls in the directories to check, as well as updatedb again and another locate rndc.key command showed no results),
    running systemctl start named.service yields:

    Code:
    ● named.service - Berkeley Internet Name Domain (DNS)
         Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)
         Active: failed (Result: exit-code) since Tue 2020-06-16 19:50:14 EDT; 5s ago
        Process: 3967 ExecStart=/usr/sbin/named.init start (code=exited, status=6)
    
    Jun 16 19:50:14 linux-7paf named.init[3967]: Warning: File /etc/rndc.key not found. Creating it.
    Jun 16 19:50:14 linux-7paf named.init[4007]: rndc-confgen: The -r option has been deprecated.
    Jun 16 19:50:14 linux-7paf named.init[4008]: chmod: cannot access '/etc/rndc.key': No such file or directory
    Jun 16 19:50:14 linux-7paf named.init[4009]: chown: cannot access '/etc/rndc.key': No such file or directory
    Jun 16 19:50:14 linux-7paf named.init[3967]: Warning: File /etc/rndc.key not found. Skipping.
    Jun 16 19:50:14 linux-7paf named.init[3967]: Warning: File /etc/rndc.key not found. Skipping.
    Jun 16 19:50:14 linux-7paf named.init[4030]: /etc/named.d/rndc-access.conf:2: open: /etc/rndc.key: file not found
    Jun 16 19:50:14 linux-7paf systemd[1]: named.service: Control process exited, code=exited, status=6/NOTCONFIGURED
    Jun 16 19:50:14 linux-7paf systemd[1]: named.service: Failed with result 'exit-code'.
    Jun 16 19:50:14 linux-7paf systemd[1]: Failed to start Berkeley Internet Name Domain (DNS).
    Removing just the /etc/rndc.key, and not the one in /var/lib/named/etc/rndc.key then running
    systemctl start named.service:
    Code:
    ● named.service - Berkeley Internet Name Domain (DNS)
         Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)
         Active: failed (Result: exit-code) since Tue 2020-06-16 20:04:07 EDT; 2s ago
        Process: 5027 ExecStart=/usr/sbin/named.init start (code=exited, status=1/FAILURE)
    
    Jun 16 20:04:06 linux-7paf named[5093]: found 12 CPUs, using 12 worker threads
    Jun 16 20:04:06 linux-7paf named[5093]: using 12 UDP listeners per interface
    Jun 16 20:04:07 linux-7paf named[5093]: using up to 21000 sockets
    Jun 16 20:04:07 linux-7paf named[5093]: loading configuration from '/etc/named.conf'
    Jun 16 20:04:07 linux-7paf named[5093]: /etc/named.d/rndc-access.conf:2: open: /etc/rndc.key: permission denied
    Jun 16 20:04:07 linux-7paf named[5093]: loading configuration: permission denied
    Jun 16 20:04:07 linux-7paf named[5093]: exiting (due to fatal error)
    Jun 16 20:04:07 linux-7paf systemd[1]: named.service: Control process exited, code=exited, status=1/FAILURE
    Jun 16 20:04:07 linux-7paf systemd[1]: named.service: Failed with result 'exit-code'.
    Jun 16 20:04:07 linux-7paf systemd[1]: Failed to start Berkeley Internet Name Domain (DNS).
    So now I get a different error, but much more common issue which I resolved by running:
    chown named:named /var/lib/named/etc/rndc.key
    chmod 644 /var/lib/named/etc/rndc.key

    After this systemctl start named.service executes silently, and named is running

    Thank you for the quick, and very useful help Tsu.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •