Applicable to:
- Plesk for Linux
Symptoms
-
The following warning messages appear in
/var/log/syslog
:CONFIG_TEXT: rndc[2531]: WARNING: key file (/etc/bind/rndc.key) exists, but using default configuration file (/etc/bind/rndc.conf)
-
When reloading the
rndc
utility the same warning appears:# rndc reload
WARNING: key file (/etc/bind/rndc.key) exists, but using default configuration file (/etc/bind/rndc.conf)
Cause
This is a Plesk bug with ID PPPM-6314, which will be fixed in future product updates.
Resolution
As a workaround, apply the following steps:
-
Connect to the Plesk server via SSH.
-
Make sure that the key in
/etc/bind/rndc.key
is the same as in/etc/bind/rndc.conf
:# cat /etc/bind/rndc.conf
key "rndc-key" {
algorithm hmac-md5;
secret "74dxteUlGhZ8B7FnU9I6wQ==";
};
... -
Move
/etc/bind/rndc.conf
to any another location, for example/root
:# mv /etc/bind/rndc.conf /root/
-
Reload the
rndc
utility:# rndc reload
After that,
/etc/bind/rndc.key
will be used.
Comments
8 comments
This solution does not seem to work for everyone... I'm using Plesk 17.5.3 with Ubuntu 16.0.4 latest versions and patches applied. I do have DNSSEC installed on a domain in Plesk but not making changes to that particular domain.
I renamed the file by:
mv /etc/bind/rndc.conf /etc/bind/rndc.confold
Restarted my Plesk server then made a change to a record and while I did that:
tail -f /var/log/syslog
Oct 21 11:16:03 mail systemd[1]: Reloading BIND Domain Name Server.
Oct 21 11:16:03 mail named[1135]: invalid command from 127.0.0.1#52594: bad auth
Oct 21 11:16:03 mail rndc[12285]: rndc: connection to remote host closed
Oct 21 11:16:03 mail rndc[12285]: This may indicate that
Oct 21 11:16:03 mail rndc[12285]: * the remote server is using an older version of the command protocol,
Oct 21 11:16:03 mail rndc[12285]: * this host is not authorized to connect,
Oct 21 11:16:03 mail rndc[12285]: * the clocks are not synchronized,
Oct 21 11:16:03 mail rndc[12285]: * the key signing algorithm is incorrect, or
Oct 21 11:16:03 mail rndc[12285]: * the key is invalid.
Oct 21 11:16:03 mail systemd[1]: bind9.service: Control process exited, code=exited status=1
Oct 21 11:16:03 mail systemd[1]: Reload failed for BIND Domain Name Server.
Renaming the file back to what it was and then restarting Plesk server then making DNS change and applying it goes back to original message
mv /etc/bind/rndc.confold /etc/bind/rndc.conf
reboot plesk then make same changes to dns
Oct 21 11:24:41 mail systemd[1]: Reloading BIND Domain Name Server.
Oct 21 11:24:41 mail rndc[2433]: WARNING: key file (/etc/bind/rndc.key) exists, but using default configuration file (/etc/bind/rndc.conf)
@Walter,
Hello! The workaround states that `/etc/bind/rndc.conf` should be moved to another location.
That is because `/etc/bind/rndc.conf` is a link:
That is why just renaming will not help.
Got it. Exactly where should this file be moved to so it will align with future bugfixes/updates?
@Walter,
Hello! The file should be moved somewhere outside of `/etc/bind/` folder.
For example, to `/root/`. I have updated the article accordingly.
Hello, although I followed the steps above, I still can't start bind9. I get the messages bellow:
May 16 18:07:46 vs1 rndc[17564]: WARNING: key file (/etc/bind/rndc.key) exists, but using default configuration file (/etc/bind/rndc.conf)
May 16 18:07:46 vs1 rndc[17564]: rndc: connect failed: 127.0.0.1#953: connection refused
How should I proceed?
Before I get the above message, I followed the steps of reinstalling bind9 according to this issue.
Hello @Alexandros Rapsomanikis,
Please run the following command and provide us with output:
# systemctl status named-chroot.service
I'm running Plesk on Debian. So the result of this command is:
Unit named-chroot.service could not be found.
Hi @Alexandros Rapsomanikis,
This issue occurs when the DNS service is not installed
However, the "named-chroot.service" is CentOS one, not Debian
Please, check the OS installed:
If it is still Debian-based OS then some misconfiguration in services is present. I suggest creating a request to Plesk Support Department
If it is a CentOS then this article is not applicable
Please sign in to leave a comment.