Articles in this section

See more

Warnings appear in syslog: key file exists, but using default configuration file

Avatar
Pavel Mikhaylov
Updated
Follow

Applicable to:

  • Plesk Onyx for Linux

Symptoms

  • Warnings can be found in /var/log/syslog:

    CONFIG_TEXT: May 22 22:22:01 test1 rndc[2531]: WARNING: key file (/etc/bind/rndc.key) exists, but using default configuration file (/etc/bind/rndc.conf)May 22 22:22:02 test1 rndc[3223]: WARNING: key file (/etc/bind/rndc.key) exists, but using default configuration file (/etc/bind/rndc.conf)May 22 22:22:03 test1 rndc[3353]: WARNING: key file (/etc/bind/rndc.key) exists, but using default configuration file (/etc/bind/rndc.conf)

Cause

This is a Plesk bug with ID #PPPM-6314 which will be fixed in future product updates.

Resolution

To work around the issue, follow these steps:

  1. Connect to the server via SSH;

  2. Make sure that the key in /etc/bind/rndc.key is the same as in /etc/bind/rndc.conf:

    # cat /etc/bind/rndc.conf
    key "rndc-key" {
    algorithm hmac-md5;
    secret "74dxteUlGhZ8B7FnU9I6wQ==";
    };
    <...>

  3. Move /etc/bind/rndc.conf to another location:

    # mv /etc/bind/rndc.conf /root/

  4. Reload rndc:

    # rndc reload

After that, /etc/bind/rndc.key will be used.

Comments

4 comments

Sort by Date Votes
  • Avatar
    Walter

    This solution does not seem to work for everyone...  I'm using Plesk 17.5.3 with Ubuntu 16.0.4 latest versions and patches applied.  I do have DNSSEC installed on a domain in Plesk but not making changes to that particular domain.

     

    I renamed the file by:

    mv /etc/bind/rndc.conf /etc/bind/rndc.confold

    Restarted my Plesk server then made a change to a record and while I did that:

    tail -f /var/log/syslog

    Oct 21 11:16:03 mail systemd[1]: Reloading BIND Domain Name Server.
    Oct 21 11:16:03 mail named[1135]: invalid command from 127.0.0.1#52594: bad auth
    Oct 21 11:16:03 mail rndc[12285]: rndc: connection to remote host closed
    Oct 21 11:16:03 mail rndc[12285]: This may indicate that
    Oct 21 11:16:03 mail rndc[12285]: * the remote server is using an older version of the command protocol,
    Oct 21 11:16:03 mail rndc[12285]: * this host is not authorized to connect,
    Oct 21 11:16:03 mail rndc[12285]: * the clocks are not synchronized,
    Oct 21 11:16:03 mail rndc[12285]: * the key signing algorithm is incorrect, or
    Oct 21 11:16:03 mail rndc[12285]: * the key is invalid.
    Oct 21 11:16:03 mail systemd[1]: bind9.service: Control process exited, code=exited status=1
    Oct 21 11:16:03 mail systemd[1]: Reload failed for BIND Domain Name Server.

     

    Renaming the file back to what it was and then restarting Plesk server then making DNS change and applying it goes back to original message

    mv /etc/bind/rndc.confold /etc/bind/rndc.conf

    reboot plesk then make same changes to dns

    Oct 21 11:24:41 mail systemd[1]: Reloading BIND Domain Name Server.
    Oct 21 11:24:41 mail rndc[2433]: WARNING: key file (/etc/bind/rndc.key) exists, but using default configuration file (/etc/bind/rndc.conf)

     

     

    0
    Permalink
  • Avatar
    Artyom Baranov

    @Walter,

    Hello! The workaround states that `/etc/bind/rndc.conf` should be moved to another location.

    That is because `/etc/bind/rndc.conf` is a link:

    # ll /etc/bind/rndc.conf
    lrwxrwxrwx 1 root bind 33 Oct 29 2016 /etc/bind/rndc.conf -> /var/named/run-root/etc/rndc.conf

    That is why just renaming will not help.

    0
    Permalink
  • Avatar
    Walter

    Got it. Exactly where should this file be moved to so it will align with future bugfixes/updates?

    0
    Permalink
  • Avatar
    Artyom Baranov

    @Walter,

    Hello! The file should be moved somewhere outside of `/etc/bind/` folder.

    For example, to `/root/`. I have updated the article accordingly.

    0
    Permalink

Please sign in to leave a comment.

Have more questions? Submit a request

Related articles