rndc: the key is invalid

Problem:

———
Issue:
———
While starting named, or when running /etc/rc.d/init.d/named status, you get the following error:
rndc: connection to remote host closed This may indicate that the remote server is using an older version of the command protocol, this host is not authorized to connect, or the key is invalid.


Solution:

——-
Fix:
——-

Run rndc-confgen.
running rndc-confgen would ouput something like this:
# Start of rndc.conf
key “rndc-key” {
algorithm hmac-md5;
secret “lYzcmf255w8BC6PHTSYCQA==”;
};

options {
default-key “rndc-key”;
default-server 127.0.0.1;
default-port 953;
};
# End of rndc.conf

# Use with the following in named.conf, adjusting the allow list as needed:
# key “rndc-key” {
# algorithm hmac-md5;
# secret “lYzcmf255w8BC6PHTSYCQA==”;
# };
#
# controls {
# inet 127.0.0.1 port 953
# allow { 127.0.0.1; } keys { “rndc-key”; };
# };
# End of named.conf

do as mentioned in the output, that is, copy the rndc.conf part to /etc/rndc.conf (of course, remove all the existing entries)
in /etc/named.conf, remove the existing key and controls section, and paste the one from the output of rndc-confgen.
restart named (/etc/rc.d/init.d/named restart).
This fixes the issue

Leave a Comment