Warnings appear in syslog: key file exists, but using default configuration file

• 

  Walter October 21, 2017 15:29

  This solution does not seem to work for everyone...  I'm using Plesk 17.5.3 with Ubuntu 16.0.4 latest versions and patches applied.  I do have DNSSEC installed on a domain in Plesk but not making changes to that particular domain.

   

  I renamed the file by:

  mv /etc/bind/rndc.conf /etc/bind/rndc.confold

  Restarted my Plesk server then made a change to a record and while I did that:

  tail -f /var/log/syslog

  Oct 21 11:16:03 mail systemd[1]: Reloading BIND Domain Name Server.
  Oct 21 11:16:03 mail named[1135]: invalid command from 127.0.0.1#52594: bad auth
  Oct 21 11:16:03 mail rndc[12285]: rndc: connection to remote host closed
  Oct 21 11:16:03 mail rndc[12285]: This may indicate that
  Oct 21 11:16:03 mail rndc[12285]: * the remote server is using an older version of the command protocol,
  Oct 21 11:16:03 mail rndc[12285]: * this host is not authorized to connect,
  Oct 21 11:16:03 mail rndc[12285]: * the clocks are not synchronized,
  Oct 21 11:16:03 mail rndc[12285]: * the key signing algorithm is incorrect, or
  Oct 21 11:16:03 mail rndc[12285]: * the key is invalid.
  Oct 21 11:16:03 mail systemd[1]: bind9.service: Control process exited, code=exited status=1
  Oct 21 11:16:03 mail systemd[1]: Reload failed for BIND Domain Name Server.

   

  Renaming the file back to what it was and then restarting Plesk server then making DNS change and applying it goes back to original message

  mv /etc/bind/rndc.confold /etc/bind/rndc.conf

  reboot plesk then make same changes to dns

  Oct 21 11:24:41 mail systemd[1]: Reloading BIND Domain Name Server.
  Oct 21 11:24:41 mail rndc[2433]: WARNING: key file (/etc/bind/rndc.key) exists, but using default configuration file (/etc/bind/rndc.conf)

   

   

  0

  Permalink
• 

  Artyom Baranov October 21, 2017 22:02

  @Walter,

  Hello! The workaround states that `/etc/bind/rndc.conf` should be moved to another location.

  That is because `/etc/bind/rndc.conf` is a link:

  # ll /etc/bind/rndc.conf
  lrwxrwxrwx 1 root bind 33 Oct 29 2016 /etc/bind/rndc.conf -> /var/named/run-root/etc/rndc.conf

  That is why just renaming will not help.

  0

  Permalink
• 

  Walter October 22, 2017 20:28

  Got it. Exactly where should this file be moved to so it will align with future bugfixes/updates?

  0

  Permalink
• 

  Artyom Baranov October 23, 2017 03:55

  @Walter,

  Hello! The file should be moved somewhere outside of `/etc/bind/` folder.

  For example, to `/root/`. I have updated the article accordingly.

  0

  Permalink
• 

  Alexandros Rapsomanikis May 16, 2019 15:10

  Hello, although I followed the steps above, I still can't start bind9. I get the messages bellow:
  
  May 16 18:07:46 vs1 rndc[17564]: WARNING: key file (/etc/bind/rndc.key) exists, but using default configuration file (/etc/bind/rndc.conf)
  May 16 18:07:46 vs1 rndc[17564]: rndc: connect failed: 127.0.0.1#953: connection refused

  How should I proceed?

  Before I get the above message, I followed the steps of reinstalling bind9 according to this issue.

  0

  Permalink
• 

  Vladimir Chernikov May 16, 2019 16:12

  Hello @Alexandros Rapsomanikis,

  Please run the following command and provide us with output:
  # systemctl status named-chroot.service

  0

  Permalink
• 

  Alexandros Rapsomanikis May 17, 2019 05:54

  I'm running Plesk on Debian. So the result of this command is:

  Unit named-chroot.service could not be found.

  0

  Permalink
• 

  Nikita Nikushkin May 17, 2019 08:22

  Hi @Alexandros Rapsomanikis,

  This issue occurs when the DNS service is not installed

  However, the "named-chroot.service" is CentOS one, not Debian

  Please, check the OS installed:

  plesk -v | grep 'OS' | grep version

  If it is still Debian-based OS then some misconfiguration in services is present. I suggest creating a request to Plesk Support Department

  If it is a CentOS then this article is not applicable

  0

  Permalink

Please sign in to leave a comment.