Have something to say? Contribute New Article Reply to this Article
DNS Problem - rndc: connect failed: connection refused
Hi,
I was trying to configure multiple zones on my DNS on RHEL3 Box. The first zone went fine. The named service was stopped at that time. I started that service and then everything went fine. then i created another zone. But i did not stop the service while editing the /etc/named.conf file and then the zone and reverse files. Now it is giving me the error
rndc: connect failed: connection refused
everytime i try to stop the named service. I also tried various rndc commands but i get the same error message.
I tried removing DNS and then re installing it. I still get the same error. Can somebody help?
hi,
i managed to fix the problem. No worries. In case someone has the same problem feel free to PM me. would be happy to help
hi,
i managed to fix the problem. No worries. In case someone has the same problem feel free to PM me. would be happy to help
Hi sir,
This rndc is giving me hard time.
It would be so nice of you if you please help me to sort out from this issue.
I am getting the rndc:connection refused error.
I m using fedora core 1 as my OS.
Still having problems after making sure your rndc and named keys match? Here is what I did to solve the problem on my server.
1) Create /etc/rndc.key (use a key generator listed in the other posts to get your secret key)
key "rndckey" {
algorithm hmac-md5 ;
secret "MySecretKey";
};
2) Create /etc/rndc.conf (note the include of rndc.key, this ensures the named and rndc apps both have identical keys)
# Start of rndc.conf
options {
default-server localhost;
default-key "rndckey";
};
server localhost {
key "rndckey";
};
include "/etc/rndc.key";
3) Edit /etc/named.conf and change or add these sections:
options {
directory "/etc/named";
pid-file "/var/run/named.pid";
};
zone "localhost" {
allow-update { none; }; type master; file "localhost.zone"; };
.... blah,blah,blah.... more zones here....
include "/etc/rndc.key";
controls {
inet * allow { any; } keys { rndckey; };
};
4) Create /etc/named/localhost.zone
$TTL 86400
@ IN SOA @ root (
43 ; serial
10800 ; refresh
900 ; retry
604800 ; expire
86400 ; ttl
)
IN NS @
IN A 127.0.0.1
IN AAAA ::1
The winning combo was to use the include in both named.conf and rndc.conf so they key matches - AND - make sure a localhost zone file exists on the system. For some reason Bind9 was having issue with a hard-coded 127.0.0.1 in these files.
HTH,
Lance
Sr. Computer Geek
CharlestonSW.com
Hi, i also having problem in rndc. is this applied to FC 3 ? Have to use resolv.conf ?
Rgds
Daniel
Still having problems after making sure your rndc and named keys match? Here is what I did to solve the problem on my server.
1) Create /etc/rndc.key (use a key generator listed in the other posts to get your secret key)
key "rndckey" { algorithm hmac-md5 ; secret "MySecretKey"; };
2) Create /etc/rndc.conf (note the include of rndc.key, this ensures the named and rndc apps both have identical keys)
# Start of rndc.conf options { default-server localhost; default-key "rndckey"; };
server localhost { key "rndckey"; };
include "/etc/rndc.key";
3) Edit /etc/named.conf and change or add these sections:
options { directory "/etc/named"; pid-file "/var/run/named.pid"; };
zone "localhost" { allow-update { none; }; type master; file "localhost.zone"; };
.... blah,blah,blah.... more zones here....
include "/etc/rndc.key";
controls { inet * allow { any; } keys { rndckey; }; };
4) Create /etc/named/localhost.zone
$TTL 86400 @ IN SOA @ root ( 43 ; serial 10800 ; refresh 900 ; retry 604800 ; expire 86400 ; ttl )
IN NS @ IN A 127.0.0.1 IN AAAA ::1
The winning combo was to use the include in both named.conf and rndc.conf so they key matches - AND - make sure a localhost zone file exists on the system. For some reason Bind9 was having issue with a hard-coded 127.0.0.1 in these files.
HTH, Lance Sr. Computer Geek CharlestonSW.com
Hi, how do you fix your rndc connection problem ? i have FC 3. Step by step on how you do ? Thanks
Rgds
Daniel
Hi,
I was trying to configure multiple zones on my DNS on RHEL3 Box. The first zone went fine. The named service was stopped at that time. I started that service and then everything went fine. then i created another zone. But i did not stop the service while editing the /etc/named.conf file and then the zone and reverse files. Now it is giving me the error
rndc: connect failed: connection refused
everytime i try to stop the named service. I also tried various rndc commands but i get the same error message.
I tried removing DNS and then re installing it. I still get the same error. Can somebody help?
rndc: connect failed: connection refused
please help me how to sort out this problem
my email-id is [email]chandanswarup@yahoo.co.in[/email]
Ok. So how does one generate a key -- what key generator. How would I find this in another post?
Shinobi
Still having problems after making sure your rndc and named keys match? Here is what I did to solve the problem on my server.
1) Create /etc/rndc.key (use a key generator listed in the other posts to get your secret key)
key "rndckey" { algorithm hmac-md5 ; secret "MySecretKey"; };
2) Create /etc/rndc.conf (note the include of rndc.key, this ensures the named and rndc apps both have identical keys)
# Start of rndc.conf options { default-server localhost; default-key "rndckey"; };
server localhost { key "rndckey"; };
include "/etc/rndc.key";
3) Edit /etc/named.conf and change or add these sections:
options { directory "/etc/named"; pid-file "/var/run/named.pid"; };
zone "localhost" { allow-update { none; }; type master; file "localhost.zone"; };
.... blah,blah,blah.... more zones here....
include "/etc/rndc.key";
controls { inet * allow { any; } keys { rndckey; }; };
4) Create /etc/named/localhost.zone
$TTL 86400 @ IN SOA @ root ( 43 ; serial 10800 ; refresh 900 ; retry 604800 ; expire 86400 ; ttl )
IN NS @ IN A 127.0.0.1 IN AAAA ::1
The winning combo was to use the include in both named.conf and rndc.conf so they key matches - AND - make sure a localhost zone file exists on the system. For some reason Bind9 was having issue with a hard-coded 127.0.0.1 in these files.
HTH, Lance Sr. Computer Geek CharlestonSW.com
hi people......finally the rndc bug is out of the stadium......i have found the solution ...... it depends on only the permissions of files and directories... rndc .conf ........root.named....755 named.conf.......named.named.....755 also if there is errror like ....permission denied on named.pid after running ....named -g -p 53.....then u have to change permissions....of /var/run/named derectory......where the pid resides.....
? These are text files. Why would one need to make them executable?
? These are text files. Why would one need to make them executable?
Also, the current perms are 750. When I run into this error:
# service named stop
Stopping named: rndc: connect failed: connection refused
[ OK ]
I am root so I have r w and x already.
Thanks.
Just a quick note that may help.
I was having this problem on Mac OS X 10.4, I finally realised that the default named.conf file was setting named to listen for control commands on port 54, the rndc-confgen utility generates an rndc.conf file that specifies to connect on port 953. A quick change to named.conf sorted it all out!
Cheers
Dan
hi, i managed to fix the problem. No worries. In case someone has the same problem feel free to PM me. would be happy to help
yes I can that problem as well working with RHEL4 with primary and slave name servers..says.. failed to connect: connection refused
any ideas..as this matter
by chance, what change did you do to the named.conf to sort out the port problem?
Just a quick note that may help.
I was having this problem on Mac OS X 10.4, I finally realised that the default named.conf file was setting named to listen for control commands on port 54, the rndc-confgen utility generates an rndc.conf file that specifies to connect on port 953. A quick change to named.conf sorted it all out!
Cheers Dan
by chance, what change did you do to the named.conf to sort out the port problem?
OK well i figured out the problem why RNDC wasn't allowing a connection. oddly enough i REMOVED the controls { ... } statement in named.conf and everything booted up like a charm. Some quick syntax corrections in my serial for my zones files and I was in business in no time.
RH9 / BIND from RPM @ Install time.
Hi, i've been struggling with this problem for awhile now, but there's a little variant to my problem here. You all say that you can't start named at all until you fix the rndc key thing. Well, here's where the plot thickens: i can start and restart named as i see fit, when applying changes to it, but, every now and then, named stops, and when looking through the logs, i see that error message "rndc: connection refused". Why is this behaving like this? Has anyone of you guys seen this before?
Thanks in advance for the help, hope i can get this fixed.
I had exactly the same problem, and I've been battling it for days, until I eventually hit on the solution...
I tried everything: I checked all over the Internet, and found many people with the same problem, but few seem to have solved it, and when they do, they don't bother posting the solution!
I found several references to checking the named.conf and rndc.conf files, to make sure they refer to the same key, port and localhost.
I found several other references to checking that named really is listening on port 953.
But I found no references to what is ACTUALLY the problem in many cases: Even though the rndc.key matches in named.conf and rndc.conf, and named really is listening on port 953, none of that helps if iptables is blocking the communications!
In my case, the solution was simple (after beating my head against the wall for three days...)
Just tell iptables to allow your system to talk to itself on port 953!
Like this:
# iptables -I RH-Lokkit-0-50-INPUT -p tcp -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT --dport 953
(In my case, I'm using a firewall configuration that sets up the table "RH-Lokkit-0-50-INPUT": it might be different in your case!!! )
The IP address “127.0.0.1” is, of course, the loopback address for the system itself, and usually has the name “localhost”.
Yeah, it seems rather stupid that you have to specifically allow localhost LOOPBACK address to talk to itself on port 953, but that's exactly what the problem was!
If you want to make this permanent, then find out from where iptables loads its default set of rules at boot time, and insert the following line in your iptables file:
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp -s 127.0.0.1 -d 127.0.0.1 --dport 953 -j ACCEPT
This should probably go in probably from /etc/sysconfig/iptables, but if you are not sure then you can look in the init script that launches iptables, like this:
# more /etc/init.d/iptables
Look for a line that says something like "IPTABLES_CONFIG=/etc/sysconfig/iptables". That will tell you where it loads the default configuration from. That's the file you need to edit, and insert the line above at the appropriate point (before the first “REJECT” rule.
I sure hope this helps someone! I know I would have LOVED to have this info three days ago...
I had the same problem; i was able to start named, but still recieved connection refused from rndc telnet to localhost. The solution for me, since this box resides behind fw's and has iptables removed was to go over permissions again and i found a few places that still were owned by named:root and they needed to be named:named. hope it helps someone. Thanks!
I had exactly the same problem, and I've been battling it for days, until I eventually hit on the solution...
I tried everything: I checked all over the Internet, and found many people with the same problem, but few seem to have solved it, and when they do, they don't bother posting the solution!
I found several references to checking the named.conf and rndc.conf files, to make sure they refer to the same key, port and localhost.
I found several other references to checking that named really is listening on port 953.
But I found no references to what is ACTUALLY the problem in many cases: Even though the rndc.key matches in named.conf and rndc.conf, and named really is listening on port 953, none of that helps if iptables is blocking the communications!
In my case, the solution was simple (after beating my head against the wall for three days...)
Just tell iptables to allow your system to talk to itself on port 953!
Like this:
# iptables -I RH-Lokkit-0-50-INPUT -p tcp -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT --dport 953
(In my case, I'm using a firewall configuration that sets up the table "RH-Lokkit-0-50-INPUT": it might be different in your case!!! )
The IP address “127.0.0.1” is, of course, the loopback address for the system itself, and usually has the name “localhost”.
Yeah, it seems rather stupid that you have to specifically allow localhost LOOPBACK address to talk to itself on port 953, but that's exactly what the problem was!
If you want to make this permanent, then find out from where iptables loads its default set of rules at boot time, and insert the following line in your iptables file:
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp -s 127.0.0.1 -d 127.0.0.1 --dport 953 -j ACCEPT
This should probably go in probably from /etc/sysconfig/iptables, but if you are not sure then you can look in the init script that launches iptables, like this:
# more /etc/init.d/iptables
Look for a line that says something like "IPTABLES_CONFIG=/etc/sysconfig/iptables". That will tell you where it loads the default configuration from. That's the file you need to edit, and insert the line above at the appropriate point (before the first “REJECT” rule.
I sure hope this helps someone! I know I would have LOVED to have this info three days ago...
Still having problems after making sure your rndc and named keys match? Here is what I did to solve the problem on my server.
1) Create /etc/rndc.key (use a key generator listed in the other posts to get your secret key)
key "rndckey" { algorithm hmac-md5 ; secret "MySecretKey"; };
2) Create /etc/rndc.conf (note the include of rndc.key, this ensures the named and rndc apps both have identical keys)
# Start of rndc.conf options { default-server localhost; default-key "rndckey"; };
server localhost { key "rndckey"; };
include "/etc/rndc.key";
3) Edit /etc/named.conf and change or add these sections:
options { directory "/etc/named"; pid-file "/var/run/named.pid"; };
zone "localhost" { allow-update { none; }; type master; file "localhost.zone"; };
.... blah,blah,blah.... more zones here....
include "/etc/rndc.key";
controls { inet * allow { any; } keys { rndckey; }; };
4) Create /etc/named/localhost.zone
$TTL 86400 @ IN SOA @ root ( 43 ; serial 10800 ; refresh 900 ; retry 604800 ; expire 86400 ; ttl )
IN NS @ IN A 127.0.0.1 IN AAAA ::1
The winning combo was to use the include in both named.conf and rndc.conf so they key matches - AND - make sure a localhost zone file exists on the system. For some reason Bind9 was having issue with a hard-coded 127.0.0.1 in these files.
HTH, Lance Sr. Computer Geek CharlestonSW.com
Using CentOS 5.2, bind-9.3.4-6.0.2.P1.el5_2
addingdirectory "/etc/named"; and pid-file "/var/run/named.pid" in options section causing named fail to start.
I faced this problem too...
But my solution so simple after try everything, it's not working..
Then when I use the following command..
service named restart
It just works :)
This article has been dead for over three months
You
View similar articles that have also been tagged:
networking
© 2012 DaniWeb® LLC
