Solved

BIND 9 DNS error: rndc: connect failed: host unreachable

Posted on 2004-10-15
14
2,844 Views
Last Modified: 2008-01-09
I configured BIND 9.2.1 DNS server for master nameserver in Redhat 9. When I start this server it gives me this error:

rndc: connect failed: host unreachable


0
Comment
Question by:rajeevsrivas
  • 5
  • 5
  • 2
  • +2
14 Comments
 
LVL 5

Expert Comment

by:paranoidcookie
ID: 12322157
Is the server definatly running?

Can you past your rndc.conf and named.conf files?
0
 

Author Comment

by:rajeevsrivas
ID: 12326158
I ve not changed anything in rndc.conf:

options {
        default-server  localhost;
        default-key     "rndckey";
};

server localhost {
        key     "rndckey";
};

include "/etc/rndc.key";

Here is named.conf:

controls {
      inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
zone "." IN {
      type hint;
      file "named.ca";
};

zone "localhost" IN {
      type master;
      file "localhost.zone";
      allow-update { none; };
};

zone "0.0.127.in-addr.arpa" IN {
      type master;
      file "named.local";
      allow-update { none; };
};

include "/etc/rndc.key";



# Master Zone file
zone "rbit.edu.bt" IN {
      type master;
      file "rbit.zone";
      allow-update { none; };
};

zone "136.144.202.in-addr.arpa" IN {
      type master;
      file "202.144.136.zone";
      allow-update { none; };
};


0
 
LVL 6

Expert Comment

by:de2Zotjes
ID: 12329823
check the existence of /etc/rndckey and more specifically whether there is a valid key "rndckey" in that file.
0
 
LVL 5

Expert Comment

by:paranoidcookie
ID: 12330039
Also check syslog

grep named /var/log/messages

to see if there are any messages or warnings.
0
 

Expert Comment

by:oni29
ID: 12335314
What do you have in your /etc/hosts file? Remove any entries for IPv6 if your machine isn't configured to use it. If Bind finds these values it tries to connect to the IPv6 loopback (as well as IPv4) which can cause the error message you mentioned.
0
 

Author Comment

by:rajeevsrivas
ID: 12336979
Yes, there is valid key in rndc.key

I do not have any enteries for IPv6.


This is my log file output. There is no error


Oct 18 13:29:48 rbitspace named[4130]: using 1 CPU
Oct 18 13:29:48 rbitspace named: named startup succeeded
Oct 18 13:29:48 rbitspace named[4130]: loading configuration from '/etc/named.conf'
Oct 18 13:29:48 rbitspace named[4130]: no IPv6 interfaces found
Oct 18 13:29:48 rbitspace named[4130]: listening on IPv4 interface lo, 127.0.0.1#53
Oct 18 13:29:48 rbitspace named[4130]: listening on IPv4 interface eth0, 202.144.136.4#53
Oct 18 13:29:48 rbitspace named[4130]: command channel listening on 127.0.0.1#953
Oct 18 13:29:48 rbitspace named[4130]: zone 0.0.127.in-addr.arpa/IN: loaded serial 1
Oct 18 13:29:48 rbitspace named[4130]: zone 136.144.202.in-addr.arpa/IN: loaded serial 3
Oct 18 13:29:48 rbitspace named[4130]: zone rbit.edu.bt/IN: loaded serial 2
Oct 18 13:29:48 rbitspace named[4130]: zone localhost/IN: loaded serial 1
Oct 18 13:29:48 rbitspace named[4130]: running
Oct 18 13:29:48 rbitspace named[4130]: zone 136.144.202.in-addr.arpa/IN: sending notifies (serial 3)
Oct 18 13:29:48 rbitspace named[4130]: zone rbit.edu.bt/IN: sending notifies (serial 2)


I ve one doubt. Do we have to change anything in router.
0
 
LVL 5

Accepted Solution

by:
badrulnm earned 350 total points
ID: 12355532
I got the same error message when I was setting up a named server early this month. I changed  the default rndc.conf, then it works. Try it.

File: /etc/rndc.conf

key "rndc-key" {
        algorithm       hmac-md5;
        secret "put-your-rndc-key-here";
};

options {
        default-key "rndc-key";
        default-server 127.0.0.1;
        default-port 953;
};
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 5

Assisted Solution

by:paranoidcookie
paranoidcookie earned 150 total points
ID: 12355802
If you do that make sure you restrict the read permissions on rndc.conf!
0
 
LVL 5

Expert Comment

by:badrulnm
ID: 12355838
Good point, paranoidcookie. On my RH9, by default the read permissions of rndc.conf and rndc.key are the same.

# ls -l /etc/rndc.*
-rw-r-----    1 root     named         622 Oct  6 20:01 /etc/rndc.conf
-rw-r-----    1 root     named         132 Oct 14  2003 /etc/rndc.key
0
 

Author Comment

by:rajeevsrivas
ID: 12378718
Thanks badrulnm & paranoidcookie

Its working only on that box. When I use that DNS address on other machine its not working.

Do I ve to add anything more in Bind 9 conf files.

0
 
LVL 5

Expert Comment

by:paranoidcookie
ID: 12378765
Im assuming you mean you cannot control the machine using rndc remotly, which is true.

If you want to be able to use rndc from other comps youll need to edit the controls line in named.conf at the minute its only listerning on loopback 127.0.01

Youll also need to copy the key file to the remote computers.

        algorithm       hmac-md5;
        secret "put-your-rndc-key-here";
};

options {
        default-key "rndc-key";
        default-server IPOFSERVER;
        default-port 953;
};


If you want to admin bind remotely (in a secure way) I would suggest using ssh into the box of an application like webmin (in ssl mode).
0
 

Author Comment

by:rajeevsrivas
ID: 12378933
No I don't mean that.

Actually, if i put this DNS address in the network config file of one of the machine in internal zone(LAN). I m not able to browse when i type url, but i can browse on ip address.

I can put this DNS server address in my LAN computers for browsing.
0
 
LVL 5

Expert Comment

by:paranoidcookie
ID: 12379089
Oh right this techtechnically another question however if you post the zone files Im sure we will take a look

try adding the following to you named.conf

options {
     allow-recursion {laniprange;};
     allow-query {all;};

    ;
};
0
 

Author Comment

by:rajeevsrivas
ID: 12418573
OK, I will submit new question
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Suggested Solutions

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now