Symptoms
Secondary DNS does not synchronize zone.
Following error in task manager, during updating DNS zone:
Multiple errors during NS update: Destination host 'dns2.ppa.comKCS' (#5), IP '192.0.2.2' : Internal error: /usr/sbin/rndc /usr/sbin/rndc reconfig failed with code 1 saying: STDOUT: '' STDERR 'WARNING: key file (/etc/rndc.key) exists, but using default configuration file (/etc/rndc.conf) rndc: connection to remote host closed This may indicate that * the remote server is using an older version of the command protocol, * this host is not authorized to connect, * the clocks are not synchronized, or * the key is invalid. '. .
Cause
Key rndc.key
missing or does not match in configuration files /etc/named.conf
and /etc/rndc.conf
.
Resolution
Check permissions for
/etc/rndc.key
and/var/named/run-root/etc/rndc.key
. It should be the following:[root@server ~]# ls -la /etc/rndc.key lrwxrwxrwx 1 root root 32 Oct 2 14:11 /etc/rndc.key -> /var/named/run-root/etc/rndc.key [root@server ~]# ls -la /var/named/run-root/etc/rndc.key -rw-r----- 1 root named 97 Oct 2 14:11 /var/named/run-root/etc/rndc.key
Make sure that
"rndc.key"
value matches in both configuration files/etc/named.conf
and/etc/rndc.conf
:[root@server ~]# cat /etc/rndc.conf | grep rndc.key include "/etc/rndc.key"; default-key "rndc-key"; [root@server ~]# cat /etc/named.conf | grep rndc.key include "/etc/rndc.key"; allow { 127.0.0.1; } keys { "rndc-key"; };
If
rndc.key
value is defined explicitly, for example:key "rndc-key" { algorithm hmac-md5; secret "HfWnMPHYeYEjIKbv060myhayHEWVLg3JzCTvH4Ln5qg="; };
You need to make sure that corresponding values algorithm and secret values are identical in /etc/rndc.conf
and /etc/named.conf
configuration files.
If you need to regenerate rndc.key, please refer to the article