绑定9.9.4 rndc:与关闭的远程主机的连接

Question

我已在bind-9.9.4-72 7.6上安装了CentOS，一切似乎都正常，我可以查询本地区域和远程地址等，但不知何故，rndc无法工作

这就是我在配置rndc时所做的

rndc-confgen > /tmp/rndc.out

并根据上面的输出创建了两个文件。

rndc.conf

# Start of rndc.conf
key "rndc-key" {
    algorithm hmac-md5;
    secret "9da1tS0degu3ZfVIVRO/Dg==";
};

options {
    default-key "rndc-key";
    default-server 127.0.0.1;
    default-port 953;
};
# End of rndc.conf

rndc.key

key "rndc-key" {
    algorithm hmac-md5;
    secret "9da1tS0degu3ZfVIVRO/Dg==";
};

named.conf

    controls {
        inet 127.0.0.1 port 953 allow { 127.0.0.1; 10.30.0.50;} keys { "rndc-key"; };
    };

include "/etc/rndc.key";

跟踪误差

[root@ns1 etc]# rndc status
rndc: connection to remote host closed
This may indicate that
* the remote server is using an older version of the command protocol,
* this host is not authorized to connect,
* the clocks are not synchronized,
* the the key signing algorithm is incorrect, or
* the key is invalid.

细节输出

[root@ns1 etc]# rndc -V status
create memory context
create socket manager
create task manager
create task
create logging context
setting log tag
creating log channel
enabling log channel
create parser
get key
decode base64 secret
status
post event
using server 127.0.0.1 (127.0.0.1#953)
create socket
bind socket
connect
create message
render message
schedule recv
send message
rndc: connection to remote host closed

日志文件..。

Dec 18 14:05:34 ns1 named[18947]: invalid command from 127.0.0.1#47203: failure
Dec 18 14:05:58 ns1 named[18947]: invalid command from 127.0.0.1#54722: failure
Dec 18 14:05:59 ns1 named[18947]: invalid command from 127.0.0.1#32822: failure
Dec 18 14:06:03 ns1 named[18947]: invalid command from 127.0.0.1#56079: failure

我还验证了在相同版本上运行的rndc和bind。

Answer 1

解决方案：

如果命名不能在/etc/rndc.key中找到rndckey，它将报告error 'rndc: connection to remote host closed'。

当使用rndc-confgen -a创建新的rndc密钥时，默认情况下新密钥将被称为rndc-键。因此，为了命名，需要编辑/etc/rndc.key文件并将密钥名更改为rndckey (删除任何- )。同样，命令：

rndc-confgen -a -k rndckey

确保/etc/rndc.key是到/var/named/chroot/etc/rndc.key的软链接

ln -s /var/named/chroot/etc/rndc.key /etc/.

[root@ns1 etc]# rndc status
version: 9.9.4-RedHat-9.9.4-72.el7 <id:8f9657aa>
CPUs found: 2
worker threads: 2
UDP listeners per interface: 2
number of zones: 208
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is ON
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running