0

Hi,

I was trying to configure multiple zones on my DNS on RHEL3 Box. The first zone went fine. The named service was stopped at that time. I started that service and then everything went fine. then i created another zone. But i did not stop the service while editing the /etc/named.conf file and then the zone and reverse files. Now it is giving me the error

rndc: connect failed: connection refused

everytime i try to stop the named service. I also tried various rndc commands but i get the same error message.

I tried removing DNS and then re installing it. I still get the same error. Can somebody help?

15
Contributors
19
Replies
22
Views
12 Years
Discussion Span
Last Post by micksatana
0

hi,

i managed to fix the problem. No worries. In case someone has the same problem feel free to PM me. would be happy to help

0

hi people......finally the rndc bug is out of the stadium......i have found the solution ......
it depends on only the permissions of files and directories...
rndc .conf ........root.named....755
named.conf.......named.named.....755
also if there is errror like ....permission denied on named.pid after running ....named -g -p 53.....then u have to change permissions....of /var/run/named derectory......where the pid resides.....

0

hi,

i managed to fix the problem. No worries. In case someone has the same problem feel free to PM me. would be happy to help

Hi sir,

This rndc is giving me hard time.
It would be so nice of you if you please help me to sort out from this issue.
I am getting the rndc:connection refused error.
I m using fedora core 1 as my OS.

0

Still having problems after making sure your rndc and named keys match? Here is what I did to solve the problem on my server.

1) Create /etc/rndc.key (use a key generator listed in the other posts to get your secret key)

key "rndckey" {
        algorithm hmac-md5 ;
        secret "MySecretKey";
};

2) Create /etc/rndc.conf (note the include of rndc.key, this ensures the named and rndc apps both have identical keys)

# Start of rndc.conf
options {
        default-server localhost;
        default-key "rndckey";
};

server localhost {
        key     "rndckey";
};

include "/etc/rndc.key";

3) Edit /etc/named.conf and change or add these sections:

options {
        directory "/etc/named";
        pid-file  "/var/run/named.pid";
};

zone "localhost" {
        allow-update { none; }; type master; file "localhost.zone"; };

.... blah,blah,blah.... more zones here....

include "/etc/rndc.key";

controls {
        inet * allow { any; } keys { rndckey; };
};

4) Create /etc/named/localhost.zone

$TTL 86400
@       IN      SOA     @       root    (
                                43 ; serial
                                10800 ; refresh
                                900 ; retry
                                604800 ; expire
                                86400 ; ttl
                                )



            IN      NS      @
            IN      A       127.0.0.1
            IN      AAAA    ::1

The winning combo was to use the include in both named.conf and rndc.conf so they key matches - AND - make sure a localhost zone file exists on the system. For some reason Bind9 was having issue with a hard-coded 127.0.0.1 in these files.

HTH,
Lance
Sr. Computer Geek
CharlestonSW.com

Edited by pyTony: fixed formating

0

Hi, i also having problem in rndc. is this applied to FC 3 ? Have to use resolv.conf ?

Rgds
Daniel

Edited by mike_2000_17: Fixed formatting

0

Hi, how do you fix your rndc connection problem ? i have FC 3. Step by step on how you do ? Thanks

Rgds
Daniel

Hi,

I was trying to configure multiple zones on my DNS on RHEL3 Box. The first zone went fine. The named service was stopped at that time. I started that service and then everything went fine. then i created another zone. But i did not stop the service while editing the /etc/named.conf file and then the zone and reverse files. Now it is giving me the error

rndc: connect failed: connection refused

everytime i try to stop the named service. I also tried various rndc commands but i get the same error message.

I tried removing DNS and then re installing it. I still get the same error. Can somebody help?

0

Ok. So how does one generate a key -- what key generator. How would I find this in another post?

Shinobi

Edited by pyTony: fixed formatting, removed code quote

0

hi people......finally the rndc bug is out of the stadium......i have found the solution ......
it depends on only the permissions of files and directories...
rndc .conf ........root.named....755
named.conf.......named.named.....755
also if there is errror like ....permission denied on named.pid after running ....named -g -p 53.....then u have to change permissions....of /var/run/named derectory......where the pid resides.....

? These are text files. Why would one need to make them executable?

0

? These are text files. Why would one need to make them executable?

Also, the current perms are 750. When I run into this error:

# service named stop
Stopping named: rndc: connect failed: connection refused
[ OK ]

I am root so I have r w and x already.

Thanks.

1

Just a quick note that may help.

I was having this problem on Mac OS X 10.4, I finally realised that the default named.conf file was setting named to listen for control commands on port 54, the rndc-confgen utility generates an rndc.conf file that specifies to connect on port 953. A quick change to named.conf sorted it all out!

Cheers
Dan

0

hi,

i managed to fix the problem. No worries. In case someone has the same problem feel free to PM me. would be happy to help

yes I can that problem as well working with RHEL4 with primary and slave name servers..says.. failed to connect: connection refused
any ideas..as this matter

0

by chance, what change did you do to the named.conf to sort out the port problem?

Just a quick note that may help.

I was having this problem on Mac OS X 10.4, I finally realised that the default named.conf file was setting named to listen for control commands on port 54, the rndc-confgen utility generates an rndc.conf file that specifies to connect on port 953. A quick change to named.conf sorted it all out!

Cheers
Dan

0

by chance, what change did you do to the named.conf to sort out the port problem?

OK well i figured out the problem why RNDC wasn't allowing a connection. oddly enough i REMOVED the controls { ... } statement in named.conf and everything booted up like a charm. Some quick syntax corrections in my serial for my zones files and I was in business in no time.

RH9 / BIND from RPM @ Install time.

0

Hi, i've been struggling with this problem for awhile now, but there's a little variant to my problem here. You all say that you can't start named at all until you fix the rndc key thing. Well, here's where the plot thickens: i can start and restart named as i see fit, when applying changes to it, but, every now and then, named stops, and when looking through the logs, i see that error message "rndc: connection refused". Why is this behaving like this? Has anyone of you guys seen this before?

Thanks in advance for the help, hope i can get this fixed.

0

I had exactly the same problem, and I've been battling it for days, until I eventually hit on the solution...

I tried everything: I checked all over the Internet, and found many people with the same problem, but few seem to have solved it, and when they do, they don't bother posting the solution!

I found several references to checking the named.conf and rndc.conf files, to make sure they refer to the same key, port and localhost.

I found several other references to checking that named really is listening on port 953.

But I found no references to what is ACTUALLY the problem in many cases: Even though the rndc.key matches in named.conf and rndc.conf, and named really is listening on port 953, none of that helps if iptables is blocking the communications!

In my case, the solution was simple (after beating my head against the wall for three days...)

Just tell iptables to allow your system to talk to itself on port 953!

Like this:

# iptables -I RH-Lokkit-0-50-INPUT -p tcp -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT --dport 953

(In my case, I'm using a firewall configuration that sets up the table "RH-Lokkit-0-50-INPUT": it might be different in your case!!! )

The IP address “127.0.0.1” is, of course, the loopback address for the system itself, and usually has the name “localhost”.

Yeah, it seems rather stupid that you have to specifically allow localhost LOOPBACK address to talk to itself on port 953, but that's exactly what the problem was!

If you want to make this permanent, then find out from where iptables loads its default set of rules at boot time, and insert the following line in your iptables file:

-A RH-Lokkit-0-50-INPUT -p tcp -m tcp -s 127.0.0.1 -d 127.0.0.1 --dport 953 -j ACCEPT

This should probably go in probably from /etc/sysconfig/iptables, but if you are not sure then you can look in the init script that launches iptables, like this:

# more /etc/init.d/iptables

Look for a line that says something like "IPTABLES_CONFIG=/etc/sysconfig/iptables". That will tell you where it loads the default configuration from. That's the file you need to edit, and insert the line above at the appropriate point (before the first “REJECT” rule.

I sure hope this helps someone! I know I would have LOVED to have this info three days ago...

0

I had the same problem; i was able to start named, but still recieved connection refused from rndc telnet to localhost. The solution for me, since this box resides behind fw's and has iptables removed was to go over permissions again and i found a few places that still were owned by named:root and they needed to be named:named. hope it helps someone. Thanks!

I had exactly the same problem, and I've been battling it for days, until I eventually hit on the solution...

I tried everything: I checked all over the Internet, and found many people with the same problem, but few seem to have solved it, and when they do, they don't bother posting the solution!

I found several references to checking the named.conf and rndc.conf files, to make sure they refer to the same key, port and localhost.

I found several other references to checking that named really is listening on port 953.

But I found no references to what is ACTUALLY the problem in many cases: Even though the rndc.key matches in named.conf and rndc.conf, and named really is listening on port 953, none of that helps if iptables is blocking the communications!

In my case, the solution was simple (after beating my head against the wall for three days...)

Just tell iptables to allow your system to talk to itself on port 953!

Like this:

# iptables -I RH-Lokkit-0-50-INPUT -p tcp -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT --dport 953

(In my case, I'm using a firewall configuration that sets up the table "RH-Lokkit-0-50-INPUT": it might be different in your case!!! )

The IP address “127.0.0.1” is, of course, the loopback address for the system itself, and usually has the name “localhost”.

Yeah, it seems rather stupid that you have to specifically allow localhost LOOPBACK address to talk to itself on port 953, but that's exactly what the problem was!

If you want to make this permanent, then find out from where iptables loads its default set of rules at boot time, and insert the following line in your iptables file:

-A RH-Lokkit-0-50-INPUT -p tcp -m tcp -s 127.0.0.1 -d 127.0.0.1 --dport 953 -j ACCEPT

This should probably go in probably from /etc/sysconfig/iptables, but if you are not sure then you can look in the init script that launches iptables, like this:

# more /etc/init.d/iptables

Look for a line that says something like "IPTABLES_CONFIG=/etc/sysconfig/iptables". That will tell you where it loads the default configuration from. That's the file you need to edit, and insert the line above at the appropriate point (before the first “REJECT” rule.

I sure hope this helps someone! I know I would have LOVED to have this info three days ago...

0

Using CentOS 5.2, bind-9.3.4-6.0.2.P1.el5_2

adding directory "/etc/named"; and pid-file "/var/run/named.pid" in options section causing named fail to start.

Edited by happygeek: fixed formatting

0

I faced this problem too...

But my solution so simple after try everything, it's not working..
Then when I use the following command..

service named restart

It just works :)

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.