Solved

BIND 9 DNS error: rndc: connect failed: host unreachable

Posted on 2004-10-15
14
2,970 Views
Last Modified: 2008-01-09
I configured BIND 9.2.1 DNS server for master nameserver in Redhat 9. When I start this server it gives me this error:

rndc: connect failed: host unreachable


0
Comment
Question by:rajeevsrivas
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
  • 2
  • +2
14 Comments
 
LVL 5

Expert Comment

by:paranoidcookie
ID: 12322157
Is the server definatly running?

Can you past your rndc.conf and named.conf files?
0
 

Author Comment

by:rajeevsrivas
ID: 12326158
I ve not changed anything in rndc.conf:

options {
        default-server  localhost;
        default-key     "rndckey";
};

server localhost {
        key     "rndckey";
};

include "/etc/rndc.key";

Here is named.conf:

controls {
      inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
zone "." IN {
      type hint;
      file "named.ca";
};

zone "localhost" IN {
      type master;
      file "localhost.zone";
      allow-update { none; };
};

zone "0.0.127.in-addr.arpa" IN {
      type master;
      file "named.local";
      allow-update { none; };
};

include "/etc/rndc.key";



# Master Zone file
zone "rbit.edu.bt" IN {
      type master;
      file "rbit.zone";
      allow-update { none; };
};

zone "136.144.202.in-addr.arpa" IN {
      type master;
      file "202.144.136.zone";
      allow-update { none; };
};


0
 
LVL 6

Expert Comment

by:de2Zotjes
ID: 12329823
check the existence of /etc/rndckey and more specifically whether there is a valid key "rndckey" in that file.
0
Don't Cry: How Liquid Web is Ensuring Security

WannaCry is just the start. Read how Liquid Web is protecting itself and its customers against new threats.

 
LVL 5

Expert Comment

by:paranoidcookie
ID: 12330039
Also check syslog

grep named /var/log/messages

to see if there are any messages or warnings.
0
 

Expert Comment

by:oni29
ID: 12335314
What do you have in your /etc/hosts file? Remove any entries for IPv6 if your machine isn't configured to use it. If Bind finds these values it tries to connect to the IPv6 loopback (as well as IPv4) which can cause the error message you mentioned.
0
 

Author Comment

by:rajeevsrivas
ID: 12336979
Yes, there is valid key in rndc.key

I do not have any enteries for IPv6.


This is my log file output. There is no error


Oct 18 13:29:48 rbitspace named[4130]: using 1 CPU
Oct 18 13:29:48 rbitspace named: named startup succeeded
Oct 18 13:29:48 rbitspace named[4130]: loading configuration from '/etc/named.conf'
Oct 18 13:29:48 rbitspace named[4130]: no IPv6 interfaces found
Oct 18 13:29:48 rbitspace named[4130]: listening on IPv4 interface lo, 127.0.0.1#53
Oct 18 13:29:48 rbitspace named[4130]: listening on IPv4 interface eth0, 202.144.136.4#53
Oct 18 13:29:48 rbitspace named[4130]: command channel listening on 127.0.0.1#953
Oct 18 13:29:48 rbitspace named[4130]: zone 0.0.127.in-addr.arpa/IN: loaded serial 1
Oct 18 13:29:48 rbitspace named[4130]: zone 136.144.202.in-addr.arpa/IN: loaded serial 3
Oct 18 13:29:48 rbitspace named[4130]: zone rbit.edu.bt/IN: loaded serial 2
Oct 18 13:29:48 rbitspace named[4130]: zone localhost/IN: loaded serial 1
Oct 18 13:29:48 rbitspace named[4130]: running
Oct 18 13:29:48 rbitspace named[4130]: zone 136.144.202.in-addr.arpa/IN: sending notifies (serial 3)
Oct 18 13:29:48 rbitspace named[4130]: zone rbit.edu.bt/IN: sending notifies (serial 2)


I ve one doubt. Do we have to change anything in router.
0
 
LVL 5

Accepted Solution

by:
badrulnm earned 350 total points
ID: 12355532
I got the same error message when I was setting up a named server early this month. I changed  the default rndc.conf, then it works. Try it.

File: /etc/rndc.conf

key "rndc-key" {
        algorithm       hmac-md5;
        secret "put-your-rndc-key-here";
};

options {
        default-key "rndc-key";
        default-server 127.0.0.1;
        default-port 953;
};
0
 
LVL 5

Assisted Solution

by:paranoidcookie
paranoidcookie earned 150 total points
ID: 12355802
If you do that make sure you restrict the read permissions on rndc.conf!
0
 
LVL 5

Expert Comment

by:badrulnm
ID: 12355838
Good point, paranoidcookie. On my RH9, by default the read permissions of rndc.conf and rndc.key are the same.

# ls -l /etc/rndc.*
-rw-r-----    1 root     named         622 Oct  6 20:01 /etc/rndc.conf
-rw-r-----    1 root     named         132 Oct 14  2003 /etc/rndc.key
0
 

Author Comment

by:rajeevsrivas
ID: 12378718
Thanks badrulnm & paranoidcookie

Its working only on that box. When I use that DNS address on other machine its not working.

Do I ve to add anything more in Bind 9 conf files.

0
 
LVL 5

Expert Comment

by:paranoidcookie
ID: 12378765
Im assuming you mean you cannot control the machine using rndc remotly, which is true.

If you want to be able to use rndc from other comps youll need to edit the controls line in named.conf at the minute its only listerning on loopback 127.0.01

Youll also need to copy the key file to the remote computers.

        algorithm       hmac-md5;
        secret "put-your-rndc-key-here";
};

options {
        default-key "rndc-key";
        default-server IPOFSERVER;
        default-port 953;
};


If you want to admin bind remotely (in a secure way) I would suggest using ssh into the box of an application like webmin (in ssl mode).
0
 

Author Comment

by:rajeevsrivas
ID: 12378933
No I don't mean that.

Actually, if i put this DNS address in the network config file of one of the machine in internal zone(LAN). I m not able to browse when i type url, but i can browse on ip address.

I can put this DNS server address in my LAN computers for browsing.
0
 
LVL 5

Expert Comment

by:paranoidcookie
ID: 12379089
Oh right this techtechnically another question however if you post the zone files Im sure we will take a look

try adding the following to you named.conf

options {
     allow-recursion {laniprange;};
     allow-query {all;};

    ;
};
0
 

Author Comment

by:rajeevsrivas
ID: 12418573
OK, I will submit new question
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question