BIND 9 DNS error: rndc: connect failed: host unreachable

I configured BIND 9.2.1 DNS server for master nameserver in Redhat 9. When I start this server it gives me this error:

rndc: connect failed: host unreachable


rajeevsrivasAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
badrulnmConnect With a Mentor Commented:
I got the same error message when I was setting up a named server early this month. I changed  the default rndc.conf, then it works. Try it.

File: /etc/rndc.conf

key "rndc-key" {
        algorithm       hmac-md5;
        secret "put-your-rndc-key-here";
};

options {
        default-key "rndc-key";
        default-server 127.0.0.1;
        default-port 953;
};
0
 
paranoidcookieCommented:
Is the server definatly running?

Can you past your rndc.conf and named.conf files?
0
 
rajeevsrivasAuthor Commented:
I ve not changed anything in rndc.conf:

options {
        default-server  localhost;
        default-key     "rndckey";
};

server localhost {
        key     "rndckey";
};

include "/etc/rndc.key";

Here is named.conf:

controls {
      inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
zone "." IN {
      type hint;
      file "named.ca";
};

zone "localhost" IN {
      type master;
      file "localhost.zone";
      allow-update { none; };
};

zone "0.0.127.in-addr.arpa" IN {
      type master;
      file "named.local";
      allow-update { none; };
};

include "/etc/rndc.key";



# Master Zone file
zone "rbit.edu.bt" IN {
      type master;
      file "rbit.zone";
      allow-update { none; };
};

zone "136.144.202.in-addr.arpa" IN {
      type master;
      file "202.144.136.zone";
      allow-update { none; };
};


0
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
de2ZotjesCommented:
check the existence of /etc/rndckey and more specifically whether there is a valid key "rndckey" in that file.
0
 
paranoidcookieCommented:
Also check syslog

grep named /var/log/messages

to see if there are any messages or warnings.
0
 
oni29Commented:
What do you have in your /etc/hosts file? Remove any entries for IPv6 if your machine isn't configured to use it. If Bind finds these values it tries to connect to the IPv6 loopback (as well as IPv4) which can cause the error message you mentioned.
0
 
rajeevsrivasAuthor Commented:
Yes, there is valid key in rndc.key

I do not have any enteries for IPv6.


This is my log file output. There is no error


Oct 18 13:29:48 rbitspace named[4130]: using 1 CPU
Oct 18 13:29:48 rbitspace named: named startup succeeded
Oct 18 13:29:48 rbitspace named[4130]: loading configuration from '/etc/named.conf'
Oct 18 13:29:48 rbitspace named[4130]: no IPv6 interfaces found
Oct 18 13:29:48 rbitspace named[4130]: listening on IPv4 interface lo, 127.0.0.1#53
Oct 18 13:29:48 rbitspace named[4130]: listening on IPv4 interface eth0, 202.144.136.4#53
Oct 18 13:29:48 rbitspace named[4130]: command channel listening on 127.0.0.1#953
Oct 18 13:29:48 rbitspace named[4130]: zone 0.0.127.in-addr.arpa/IN: loaded serial 1
Oct 18 13:29:48 rbitspace named[4130]: zone 136.144.202.in-addr.arpa/IN: loaded serial 3
Oct 18 13:29:48 rbitspace named[4130]: zone rbit.edu.bt/IN: loaded serial 2
Oct 18 13:29:48 rbitspace named[4130]: zone localhost/IN: loaded serial 1
Oct 18 13:29:48 rbitspace named[4130]: running
Oct 18 13:29:48 rbitspace named[4130]: zone 136.144.202.in-addr.arpa/IN: sending notifies (serial 3)
Oct 18 13:29:48 rbitspace named[4130]: zone rbit.edu.bt/IN: sending notifies (serial 2)


I ve one doubt. Do we have to change anything in router.
0
 
paranoidcookieConnect With a Mentor Commented:
If you do that make sure you restrict the read permissions on rndc.conf!
0
 
badrulnmCommented:
Good point, paranoidcookie. On my RH9, by default the read permissions of rndc.conf and rndc.key are the same.

# ls -l /etc/rndc.*
-rw-r-----    1 root     named         622 Oct  6 20:01 /etc/rndc.conf
-rw-r-----    1 root     named         132 Oct 14  2003 /etc/rndc.key
0
 
rajeevsrivasAuthor Commented:
Thanks badrulnm & paranoidcookie

Its working only on that box. When I use that DNS address on other machine its not working.

Do I ve to add anything more in Bind 9 conf files.

0
 
paranoidcookieCommented:
Im assuming you mean you cannot control the machine using rndc remotly, which is true.

If you want to be able to use rndc from other comps youll need to edit the controls line in named.conf at the minute its only listerning on loopback 127.0.01

Youll also need to copy the key file to the remote computers.

        algorithm       hmac-md5;
        secret "put-your-rndc-key-here";
};

options {
        default-key "rndc-key";
        default-server IPOFSERVER;
        default-port 953;
};


If you want to admin bind remotely (in a secure way) I would suggest using ssh into the box of an application like webmin (in ssl mode).
0
 
rajeevsrivasAuthor Commented:
No I don't mean that.

Actually, if i put this DNS address in the network config file of one of the machine in internal zone(LAN). I m not able to browse when i type url, but i can browse on ip address.

I can put this DNS server address in my LAN computers for browsing.
0
 
paranoidcookieCommented:
Oh right this techtechnically another question however if you post the zone files Im sure we will take a look

try adding the following to you named.conf

options {
     allow-recursion {laniprange;};
     allow-query {all;};

    ;
};
0
 
rajeevsrivasAuthor Commented:
OK, I will submit new question
0
All Courses

From novice to tech pro — start learning today.