[bind]rndc: connect failed: 127.0.0.1#953: connection refused

[root@localhost sbin]# ./named -v
bind 9.5.1-p3-v3.0.9

问题现象:

[root@localhost sbin]# ./rndc flush -p 10056
rndc: connect failed: 127.0.0.1#953: connection refused

 

问题分析:

看报错认为rndc使用的953端口,将端口换为953后报同样的错误

首先看了下bind的named.conf文件

......
include "/home/alipms/zxtest/bind981/etc/rndc.key";
controls {
        inet 127.0.0.1 port 10056 allow { 127.0.0.1; } keys { "rndc-key"; };
};
......

再看下rndc.key

key "rndc-key" {
        algorithm hmac-md5;
        secret "zwKd/d9neRFzJ8v/FVB8oA==";
};

最后查看了下bind的启动日志:

......
23-Jan-2014 08:47:55.106 command channel listening on 127.0.0.1#10056
......

可以确定rndc使用的是10056端口

[root@localhost sbin]# ./rndc -h
Usage: rndc [-b address] [-c config] [-s server] [-p port]
        [-k key-file ] [-y key] [-V] command
......

可以看到是rndc命令输入有误

 

解决方式:

将命令换为:

[root@localhost sbin]# ./rndc -p 10056 flush

查看bind日志为:

23-Jan-2014 09:15:33.387 received control channel command 'flush'
23-Jan-2014 09:15:33.388 flushing caches in all views succeeded

 

PS:

可以使用rndc-confgen直接生成rndc.key,rndc-confgen和rndc在同一目录下

[root@localhost sbin]# ./rndc-confgen -h
Usage:
 rndc-confgen [-a] [-b bits] [-c keyfile] [-k keyname] [-p port] [-r randomfile] [-s addr] [-t chrootdir] [-u user]
  -a:            generate just the key clause and write it to keyfile (/home/alipms/zxtest/bind981/etc/rndc.key)
  -b bits:       from 1 through 512, default 128; total length of the secret
  -c keyfile:    specify an alternate key file (requires -a)
  -k keyname:    the name as it will be used  in named.conf and rndc.conf
  -p port:       the port named will listen on and rndc will connect to
  -r randomfile: source of random data (use "keyboard" for key timing)
  -s addr:       the address to which rndc should connect
  -t chrootdir:  write a keyfile in chrootdir as well (requires -a)
  -u user:       set the keyfile owner to "user" (requires -a)
[root@localhost sbin]# ./rndc-confgen -p 10056 > ./rndc.key

查看生成的rndc.key

# Start of rndc.conf
key "rndc-key" {
        algorithm hmac-md5;
        secret "FT/3Iknv/lqLDlJFp9MkkQ==";
};

options {
        default-key "rndc-key";
        default-server 127.0.0.1;
        default-port 10056;
};
# End of rndc.conf

# Use with the following in named.conf, adjusting the allow list as needed:
# key "rndc-key" {
#       algorithm hmac-md5;
#       secret "FT/3Iknv/lqLDlJFp9MkkQ==";
# };
#
# controls {
#       inet 127.0.0.1 port 10056
#               allow { 127.0.0.1; } keys { "rndc-key"; };
# };
# End of named.conf

然后将注释部分:

 key "rndc-key" {
       algorithm hmac-md5;
       secret "FT/3Iknv/lqLDlJFp9MkkQ==";
 };

 controls {
       inet 127.0.0.1 port 10056
               allow { 127.0.0.1; } keys { "rndc-key"; };
 };

拷贝至named.conf文件中或拷贝至特定文件中,然后将该文件include至named.conf文件中即可

 

你可能感兴趣的:(bind,dns,rndc)