1

I've installed a fresh Centos server and installed bind and bind-utils to it. The content of /etc/named.conf is:

# create new
 options {
    directory "/var/named";
    allow-query { localhost; 10.1.2.0/24; };
    allow-transfer { localhost; 10.1.2.0/24; };
    recursion yes;
};
controls {
    inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
view "internal" {
    match-clients {
        localhost;
        10.1.2.0/24;
    };
    zone "." IN {
        type hint;
        file "named.ca";
    };
    zone "amadeus.netvision" IN {
        type master;
        file "amadeus.netvision.lan";
        allow-update { none; };
    };
    zone "0.0.10.in-addr.arpa" IN {
        type master;
        file "0.0.10.db";
        allow-update { none; };
    };
    zone "localdomain" IN {
        type master;
        file "localdomain.zone";
        allow-update { none; };
    };
    zone "localhost" IN {
        type master;
        file "localhost.zone";
        allow-update { none; };
    };
    zone "0.0.127.in-addr.arpa" IN {
        type master;
        file "named.local";
        allow-update { none; };
    };
    zone "255.in-addr.arpa" IN {
        type master;
        file "named.broadcast";
        allow-update { none; };
    };
    zone "0.in-addr.arpa" IN {
        type master;
        file "named.zero";
        allow-update { none; };
    };
};
view "external" {
    match-clients { any; };
    allow-query { any; };
    recursion no;
    zone "amadeus.netvision" IN {
        type master;
        file "amadeus.netvision.wan";
        allow-update { none; };
    };
};
include "/etc/rndc.key";

# allow-query ⇒ query range you permit
# allow-transfer ⇒ the range you permit to transfer zone info
# recursion ⇒ allow or not to search recursively
# view "internal" { *** }; ⇒ write for internal definition
# view "external" { *** }; ⇒ write for external definition
# For How to write for reverse resolving, Write network address reversely like below.
# 10.1.2.0/24
# network address⇒ 10.1.2.0
# range of network⇒ 10.1.2.0 - 10.0.0.255
# how to write⇒ 0.0.10.in-addr.arpa
# 172.16.0.80/29
# network address⇒ 172.16.0.80
# range of network⇒ 172.16.0.80 - 172.16.0.87
# how to write⇒ 80.0.16.172.in-addr.arpa

When I try to start the named daemon i get the following error:

[root@srv ~]# service named restart
Stopping named:                                            [  OK  ]
Starting named: 
Error in named configuration:
/etc/named.conf:9: unknown key 'rndckey'
                                                           [FAILED]
[root@srv ~]#

I don't understand what I'm doing wrong, I've created the rndc.key using the next command: rndc-confgen -a -c /etc/rndc.key and it created the key but I still get the same error. The file is present in the correct path: /etc/rndc.key and it's included in the /etc/named.conf file.

Itai Ganot
  • 10,644
  • 29
  • 93
  • 146
  • What does /etc/rndc.key look like? (you may want to blank out the secret) – USD Matt Aug 05 '13 at 12:14
  • 1
    I bet it's an ordering issue. Try moving the `include "/etc/rndc.key";` line to the top of the file. I think that at the time you're trying to reference the key it has been defined yet. – larsks Aug 05 '13 at 12:57

2 Answers2

2

I just experienced the above symptom.

While my case was slightly different and this isn't the exact answer to the above question, hopefully this might help someone out...

In my case I had specified the key inside of the options block which is incorrect.

The key statement must be defined outside of any other statement (like the options statement block) in the named.conf config file.

ie the following is incorrect:

options {
    ...
    include "/etc/rndc.key";
};

The following is correct:

options {
    ...
};        
include "/etc/rndc.key";
maloo
  • 162
  • 1
  • 8
1

Check the file /etc/rndc.key and see which is the name of the key. For example:

key "rndc-key" {

This name should be be specified in named.conf

keys { rndc-key; };
Laurentiu Roescu
  • 2,266
  • 17
  • 17