Articles in this section

See more

[BUG] Warnings appear in syslog: key file exists, but using default configuration file

Avatar
Kuzma Ivanov
Updated
Follow

Applicable to:

  • Plesk Onyx for Linux

Symptoms

  • The following warning messages appear in /var/log/syslog:

    CONFIG_TEXT: rndc[2531]: WARNING: key file (/etc/bind/rndc.key) exists, but using default configuration file (/etc/bind/rndc.conf)

  • When reloading the rndc utility the same warning appears:

    # rndc reload
    WARNING: key file (/etc/bind/rndc.key) exists, but using default configuration file (/etc/bind/rndc.conf)

Cause

This is a Plesk bug with ID PPPM-6314, which will be fixed in future product updates.

Resolution

As a workaround, apply the following steps:

  1. Connect to the Plesk server via SSH.

  2. Make sure that the key in /etc/bind/rndc.key is the same as in /etc/bind/rndc.conf:

    # cat /etc/bind/rndc.conf
    key "rndc-key" {
    algorithm hmac-md5;
    secret "74dxteUlGhZ8B7FnU9I6wQ==";
    };
    ...

  3. Move /etc/bind/rndc.conf to any another location, for example /root:

    # mv /etc/bind/rndc.conf /root/

  4. Reload the rndc utility:

    # rndc reload

    After that, /etc/bind/rndc.key will be used.

Comments

8 comments

Sort by Date Votes
  • Avatar
    Walter

    This solution does not seem to work for everyone...  I'm using Plesk 17.5.3 with Ubuntu 16.0.4 latest versions and patches applied.  I do have DNSSEC installed on a domain in Plesk but not making changes to that particular domain.

     

    I renamed the file by:

    mv /etc/bind/rndc.conf /etc/bind/rndc.confold

    Restarted my Plesk server then made a change to a record and while I did that:

    tail -f /var/log/syslog

    Oct 21 11:16:03 mail systemd[1]: Reloading BIND Domain Name Server.
    Oct 21 11:16:03 mail named[1135]: invalid command from 127.0.0.1#52594: bad auth
    Oct 21 11:16:03 mail rndc[12285]: rndc: connection to remote host closed
    Oct 21 11:16:03 mail rndc[12285]: This may indicate that
    Oct 21 11:16:03 mail rndc[12285]: * the remote server is using an older version of the command protocol,
    Oct 21 11:16:03 mail rndc[12285]: * this host is not authorized to connect,
    Oct 21 11:16:03 mail rndc[12285]: * the clocks are not synchronized,
    Oct 21 11:16:03 mail rndc[12285]: * the key signing algorithm is incorrect, or
    Oct 21 11:16:03 mail rndc[12285]: * the key is invalid.
    Oct 21 11:16:03 mail systemd[1]: bind9.service: Control process exited, code=exited status=1
    Oct 21 11:16:03 mail systemd[1]: Reload failed for BIND Domain Name Server.

     

    Renaming the file back to what it was and then restarting Plesk server then making DNS change and applying it goes back to original message

    mv /etc/bind/rndc.confold /etc/bind/rndc.conf

    reboot plesk then make same changes to dns

    Oct 21 11:24:41 mail systemd[1]: Reloading BIND Domain Name Server.
    Oct 21 11:24:41 mail rndc[2433]: WARNING: key file (/etc/bind/rndc.key) exists, but using default configuration file (/etc/bind/rndc.conf)

     

     

    0
    Comment actions Permalink
  • Avatar
    Artyom Baranov

    @Walter,

    Hello! The workaround states that `/etc/bind/rndc.conf` should be moved to another location.

    That is because `/etc/bind/rndc.conf` is a link:

    # ll /etc/bind/rndc.conf
    lrwxrwxrwx 1 root bind 33 Oct 29 2016 /etc/bind/rndc.conf -> /var/named/run-root/etc/rndc.conf

    That is why just renaming will not help.

    0
    Comment actions Permalink
  • Avatar
    Walter

    Got it. Exactly where should this file be moved to so it will align with future bugfixes/updates?

    0
    Comment actions Permalink
  • Avatar
    Artyom Baranov

    @Walter,

    Hello! The file should be moved somewhere outside of `/etc/bind/` folder.

    For example, to `/root/`. I have updated the article accordingly.

    0
    Comment actions Permalink
  • Avatar
    Alexandros Rapsomanikis

    Hello, although I followed the steps above, I still can't start bind9. I get the messages bellow:

    May 16 18:07:46 vs1 rndc[17564]: WARNING: key file (/etc/bind/rndc.key) exists, but using default configuration file (/etc/bind/rndc.conf)
    May 16 18:07:46 vs1 rndc[17564]: rndc: connect failed: 127.0.0.1#953: connection refused

    How should I proceed?

    Before I get the above message, I followed the steps of reinstalling bind9 according to this issue.

    0
    Comment actions Permalink
  • Avatar
    Vladimir Chernikov

    Hello @Alexandros Rapsomanikis,

    Please run the following command and provide us with output:
    # systemctl status named-chroot.service

    0
    Comment actions Permalink
  • Avatar
    Alexandros Rapsomanikis

    I'm running Plesk on Debian. So the result of this command is:

    Unit named-chroot.service could not be found.

    0
    Comment actions Permalink
  • Avatar
    Nikita Nikushkin

    Hi @Alexandros Rapsomanikis,

    This issue occurs when the DNS service is not installed

    However, the "named-chroot.service" is CentOS one, not Debian

    Please, check the OS installed:

    plesk -v | grep 'OS' | grep version

    If it is still Debian-based OS then some misconfiguration in services is present. I suggest creating a request to Plesk Support Department

    If it is a CentOS then this article is not applicable

    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request

Related articles