Warnings appear in syslog: key file exists, but using default configuration file

Follow

Comments

4 comments

  • Avatar
    Walter

    This solution does not seem to work for everyone...  I'm using Plesk 17.5.3 with Ubuntu 16.0.4 latest versions and patches applied.  I do have DNSSEC installed on a domain in Plesk but not making changes to that particular domain.

     

    I renamed the file by:

    mv /etc/bind/rndc.conf /etc/bind/rndc.confold

    Restarted my Plesk server then made a change to a record and while I did that:

    tail -f /var/log/syslog

    Oct 21 11:16:03 mail systemd[1]: Reloading BIND Domain Name Server.
    Oct 21 11:16:03 mail named[1135]: invalid command from 127.0.0.1#52594: bad auth
    Oct 21 11:16:03 mail rndc[12285]: rndc: connection to remote host closed
    Oct 21 11:16:03 mail rndc[12285]: This may indicate that
    Oct 21 11:16:03 mail rndc[12285]: * the remote server is using an older version of the command protocol,
    Oct 21 11:16:03 mail rndc[12285]: * this host is not authorized to connect,
    Oct 21 11:16:03 mail rndc[12285]: * the clocks are not synchronized,
    Oct 21 11:16:03 mail rndc[12285]: * the key signing algorithm is incorrect, or
    Oct 21 11:16:03 mail rndc[12285]: * the key is invalid.
    Oct 21 11:16:03 mail systemd[1]: bind9.service: Control process exited, code=exited status=1
    Oct 21 11:16:03 mail systemd[1]: Reload failed for BIND Domain Name Server.

     

    Renaming the file back to what it was and then restarting Plesk server then making DNS change and applying it goes back to original message

    mv /etc/bind/rndc.confold /etc/bind/rndc.conf

    reboot plesk then make same changes to dns

    Oct 21 11:24:41 mail systemd[1]: Reloading BIND Domain Name Server.
    Oct 21 11:24:41 mail rndc[2433]: WARNING: key file (/etc/bind/rndc.key) exists, but using default configuration file (/etc/bind/rndc.conf)

     

     

  • Avatar
    Artyom Baranov

    @Walter,

    Hello! The workaround states that `/etc/bind/rndc.conf` should be moved to another location.

    That is because `/etc/bind/rndc.conf` is a link:

    # ll /etc/bind/rndc.conf
    lrwxrwxrwx 1 root bind 33 Oct 29 2016 /etc/bind/rndc.conf -> /var/named/run-root/etc/rndc.conf

    That is why just renaming will not help.

  • Avatar
    Walter

    Got it. Exactly where should this file be moved to so it will align with future bugfixes/updates?

  • Avatar
    Artyom Baranov

    @Walter,

    Hello! The file should be moved somewhere outside of `/etc/bind/` folder.

    For example, to `/root/`. I have updated the article accordingly.

Please sign in to leave a comment.

Have more questions? Submit a request