In this post, I’m using bind98-9.8.8 from ports on FreeBSD 9.3, in case that helps you.
Today, I was adjusting the pgcon.org domain as part of the move from the old server to the new server. This move would also see the website updated to PGCon 2015 and the use of Ansible for configuring that new server.
Reloading named
When I restarted named, this error appeared:
$ sudo service named reload rndc: neither /usr/local/etc/rndc.conf nor /usr/local/etc/rndc.key was found
It took about 15 minutes of searching and reading to figure out my solution.
Creating the key
I generated a key:
# rndc-confgen -r /dev/urandom > /usr/local/etc/rndc.conf
That file looked something like this:
# cat /usr/local/etc/rndc.conf
# Start of rndc.conf
key "rndc-key" {
algorithm hmac-md5;
secret "UvhP8t2aifXNylZcLOjUQQ==";
};
options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};
# End of rndc.conf
# Use with the following in named.conf, adjusting the allow list as needed:
# key "rndc-key" {
# algorithm hmac-md5;
# secret "UvhP8t2aifXNylZcLOjUQQ==";
# };
#
# controls {
# inet 127.0.0.1 port 953
# allow { 127.0.0.1; } keys { "rndc-key"; };
# };
# End of named.conf
Sharing the key with named
Then, as instructed in the above, I added this to the start of named.conf:
key "rndc-key" {
algorithm hmac-md5;
secret "UvhP8t2aifXNylZcLOjUQQ==";
};
controls {
inet 127.0.0.1 port 953 allow {127.0.0.1;} keys { rndc-key; };
};
Now the command just works:
$ sudo service named reload server reload successful
Setting permissions
After getting things working, you may wish to do this.
I changed the ownership and permissions on the two files in question:
# chown root:bind /usr/local/etc/rndc.conf /var/named/etc/namedb/named.conf # chmod 640 /usr/local/etc/rndc.conf /var/named/etc/namedb/named.conf
If you get it wrong, you may see this error:
# service named reload rndc: 'reload' failed: permission denied
