 |  |  |  |  |  |  |  |
DNS Problem - rndc: connect failed: connection refused
 |
•
•
•
•
Originally Posted by shinobi59
? These are text files. Why would one need to make them executable?
# service named stop
Stopping named: rndc: connect failed: connection refused
[ OK ]
I am root so I have r w and x already.
Thanks.
Just a quick note that may help.
I was having this problem on Mac OS X 10.4, I finally realised that the default named.conf file was setting named to listen for control commands on port 54, the rndc-confgen utility generates an rndc.conf file that specifies to connect on port 953. A quick change to named.conf sorted it all out!
Cheers
Dan
I was having this problem on Mac OS X 10.4, I finally realised that the default named.conf file was setting named to listen for control commands on port 54, the rndc-confgen utility generates an rndc.conf file that specifies to connect on port 953. A quick change to named.conf sorted it all out!
Cheers
Dan
•
•
•
•
Originally Posted by krishvij
hi,
i managed to fix the problem. No worries. In case someone has the same problem feel free to PM me. would be happy to help
yes I can that problem as well working with RHEL4 with primary and slave name servers..says.. failed to connect: connection refused
any ideas..as this matter
by chance, what change did you do to the named.conf to sort out the port problem?
•
•
•
•
Just a quick note that may help.
I was having this problem on Mac OS X 10.4, I finally realised that the default named.conf file was setting named to listen for control commands on port 54, the rndc-confgen utility generates an rndc.conf file that specifies to connect on port 953. A quick change to named.conf sorted it all out!
Cheers
Dan
•
•
•
•
Originally Posted by mengesb 
by chance, what change did you do to the named.conf to sort out the port problem?
RH9 / BIND from RPM @ Install time.
Hi, i've been struggling with this problem for awhile now, but there's a little variant to my problem here. You all say that you can't start named at all until you fix the rndc key thing. Well, here's where the plot thickens: i can start and restart named as i see fit, when applying changes to it, but, every now and then, named stops, and when looking through the logs, i see that error message "rndc: connection refused". Why is this behaving like this? Has anyone of you guys seen this before?
Thanks in advance for the help, hope i can get this fixed.
Thanks in advance for the help, hope i can get this fixed.
I had exactly the same problem, and I've been battling it for days, until I eventually hit on the solution...
I tried everything: I checked all over the Internet, and found many people with the same problem, but few seem to have solved it, and when they do, they don't bother posting the solution!
I found several references to checking the named.conf and rndc.conf files, to make sure they refer to the same key, port and localhost.
I found several other references to checking that named really is listening on port 953.
But I found no references to what is ACTUALLY the problem in many cases: Even though the rndc.key matches in named.conf and rndc.conf, and named really is listening on port 953, none of that helps if iptables is blocking the communications!
In my case, the solution was simple (after beating my head against the wall for three days...)
Just tell iptables to allow your system to talk to itself on port 953!
Like this:
# iptables -I RH-Lokkit-0-50-INPUT -p tcp -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT --dport 953
(In my case, I'm using a firewall configuration that sets up the table "RH-Lokkit-0-50-INPUT": it might be different in your case!!! )
The IP address “127.0.0.1” is, of course, the loopback address for the system itself, and usually has the name “localhost”.
Yeah, it seems rather stupid that you have to specifically allow localhost LOOPBACK address to talk to itself on port 953, but that's exactly what the problem was!
If you want to make this permanent, then find out from where iptables loads its default set of rules at boot time, and insert the following line in your iptables file:
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp -s 127.0.0.1 -d 127.0.0.1 --dport 953 -j ACCEPT
This should probably go in probably from /etc/sysconfig/iptables, but if you are not sure then you can look in the init script that launches iptables, like this:
# more /etc/init.d/iptables
Look for a line that says something like "IPTABLES_CONFIG=/etc/sysconfig/iptables". That will tell you where it loads the default configuration from. That's the file you need to edit, and insert the line above at the appropriate point (before the first “REJECT” rule.
I sure hope this helps someone! I know I would have LOVED to have this info three days ago...
I tried everything: I checked all over the Internet, and found many people with the same problem, but few seem to have solved it, and when they do, they don't bother posting the solution!
I found several references to checking the named.conf and rndc.conf files, to make sure they refer to the same key, port and localhost.
I found several other references to checking that named really is listening on port 953.
But I found no references to what is ACTUALLY the problem in many cases: Even though the rndc.key matches in named.conf and rndc.conf, and named really is listening on port 953, none of that helps if iptables is blocking the communications!
In my case, the solution was simple (after beating my head against the wall for three days...)
Just tell iptables to allow your system to talk to itself on port 953!
Like this:
# iptables -I RH-Lokkit-0-50-INPUT -p tcp -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT --dport 953
(In my case, I'm using a firewall configuration that sets up the table "RH-Lokkit-0-50-INPUT": it might be different in your case!!! )
The IP address “127.0.0.1” is, of course, the loopback address for the system itself, and usually has the name “localhost”.
Yeah, it seems rather stupid that you have to specifically allow localhost LOOPBACK address to talk to itself on port 953, but that's exactly what the problem was!
If you want to make this permanent, then find out from where iptables loads its default set of rules at boot time, and insert the following line in your iptables file:
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp -s 127.0.0.1 -d 127.0.0.1 --dport 953 -j ACCEPT
This should probably go in probably from /etc/sysconfig/iptables, but if you are not sure then you can look in the init script that launches iptables, like this:
# more /etc/init.d/iptables
Look for a line that says something like "IPTABLES_CONFIG=/etc/sysconfig/iptables". That will tell you where it loads the default configuration from. That's the file you need to edit, and insert the line above at the appropriate point (before the first “REJECT” rule.
I sure hope this helps someone! I know I would have LOVED to have this info three days ago...
I had the same problem; i was able to start named, but still recieved connection refused from rndc telnet to localhost. The solution for me, since this box resides behind fw's and has iptables removed was to go over permissions again and i found a few places that still were owned by named:root and they needed to be named:named. hope it helps someone. Thanks!
•
•
•
•
Originally Posted by Stuart.Allsop
I had exactly the same problem, and I've been battling it for days, until I eventually hit on the solution...
I tried everything: I checked all over the Internet, and found many people with the same problem, but few seem to have solved it, and when they do, they don't bother posting the solution!
I found several references to checking the named.conf and rndc.conf files, to make sure they refer to the same key, port and localhost.
I found several other references to checking that named really is listening on port 953.
But I found no references to what is ACTUALLY the problem in many cases: Even though the rndc.key matches in named.conf and rndc.conf, and named really is listening on port 953, none of that helps if iptables is blocking the communications!
In my case, the solution was simple (after beating my head against the wall for three days...)
Just tell iptables to allow your system to talk to itself on port 953!
Like this:
# iptables -I RH-Lokkit-0-50-INPUT -p tcp -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT --dport 953
(In my case, I'm using a firewall configuration that sets up the table "RH-Lokkit-0-50-INPUT": it might be different in your case!!! )
The IP address “127.0.0.1” is, of course, the loopback address for the system itself, and usually has the name “localhost”.
Yeah, it seems rather stupid that you have to specifically allow localhost LOOPBACK address to talk to itself on port 953, but that's exactly what the problem was!
If you want to make this permanent, then find out from where iptables loads its default set of rules at boot time, and insert the following line in your iptables file:
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp -s 127.0.0.1 -d 127.0.0.1 --dport 953 -j ACCEPT
This should probably go in probably from /etc/sysconfig/iptables, but if you are not sure then you can look in the init script that launches iptables, like this:
# more /etc/init.d/iptables
Look for a line that says something like "IPTABLES_CONFIG=/etc/sysconfig/iptables". That will tell you where it loads the default configuration from. That's the file you need to edit, and insert the line above at the appropriate point (before the first “REJECT” rule.
I sure hope this helps someone! I know I would have LOVED to have this info three days ago...
•
•
•
•
Originally Posted by CharlestonSW
Still having problems after making sure your rndc and named keys match? Here is what I did to solve the problem on my server.
1) Create /etc/rndc.key (use a key generator listed in the other posts to get your secret key)
key "rndckey" {
algorithm hmac-md5 ;
secret "MySecretKey";
};
2) Create /etc/rndc.conf (note the include of rndc.key, this ensures the named and rndc apps both have identical keys)
# Start of rndc.conf
options {
default-server localhost;
default-key "rndckey";
};
server localhost {
key "rndckey";
};
include "/etc/rndc.key";
3) Edit /etc/named.conf and change or add these sections:
options {
directory "/etc/named";
pid-file "/var/run/named.pid";
};
zone "localhost" {
allow-update { none; }; type master; file "localhost.zone"; };
.... blah,blah,blah.... more zones here....
include "/etc/rndc.key";
controls {
inet * allow { any; } keys { rndckey; };
};
4) Create /etc/named/localhost.zone
$TTL 86400
@ IN SOA @ root (
43 ; serial
10800 ; refresh
900 ; retry
604800 ; expire
86400 ; ttl
)
IN NS @
IN A 127.0.0.1
IN AAAA ::1
The winning combo was to use the include in both named.conf and rndc.conf so they key matches - AND - make sure a localhost zone file exists on the system. For some reason Bind9 was having issue with a hard-coded 127.0.0.1 in these files.
HTH,
Lance
Sr. Computer Geek
CharlestonSW.com
adding directory "/etc/named"; and pid-file "/var/run/named.pid" in options section causing named fail to start.
|
Other Threads in the *nix Software Forum
- Previous Thread: C++ wireless network libraries
- Next Thread: install software from cd with fc 6
Views: 64030 | Replies: 18
| Thread Tools | Search this Thread |
Latest *nix Software Posts
- Today's Posts
- Unanswered Threads
Related Forum Features
Tag cloud for *nix Software
2005 account apache bashscripting busybox cert debian dns emacs failed file forwarding free freebsd fsf gaming gnu government gpl grep lawsuits license linux ls mail make makefile mandriva microsoft nameserver news obama open port postfix ps3 recovery samba search security server sflc share sharing software solaris source stallman subdirectory ubuntu unix virtualization vmware xbox
