Centos 6.3 Bind hangs on "Generating /etc/rndc.key"
I'm installing bind on a clean Centos 6.3 system. In previous versions that would work like a charm, but now I get
Generating /etc/rndc.key
when trying to start bind after the installation. Why is this and does anyone know how to solve this?
Thank you!
Solution 1:
Try using
rndc-confgen -a -r /dev/urandom
If you're using bind-chroot, add :
rndc-confgen -a -r /dev/urandom -t /var/named/chroot
The result should be:
wrote key file "/etc/rndc.key"
wrote key file "/var/named/chroot/etc/rndc.key"
I've found the answer here and tested myself because I was having the same problem.
Cheers
Solution 2:
I'm sorry if this seems trite, but I suspect the error message means that the system is trying to generate an rndc key in /etc/rndc.key
. Such a key is needed for correct operation of BIND as it's configured out-the-box in CentOS, though it would only need to be created that first time.
I suspect it's hanging on the creation because you're ssh'ed onto a remote server, one without a handy human being attached via keyboard and mouse, who can provide the entropy that such a key generation requires.
You can test the first part of this hypothesis by doing
ls -al /etc/rndc.key
If it's not there, that's the problem.
You can test the second part by doing
sudo rndc-confgen -a -c /etc/rndc.key
on your remote server. If it hangs, try doing
rndc-confgen -a -c /tmp/disposable.key
on your remote server. If it, too, hangs, the problem is not with the file /etc/rndc.key
, but with the act of key generation, as I suspect. Try
rndc-confgen -a -c /tmp/disposable.key
on your local desktop (assuming that you have the bind
package installed, or whatever is suitable for your local distro). If that completes, the problem is very likely the availability of entropy (desktops have a lot of it, colocated servers less so; as I said, having a human being on the end of a HID cable makes lots of useful randomness available to the system).
You can either arrange for the remote system to have some entropy (which is somewhat beyond the scope of this answer), or generate the keyfile locally and copy it up to the server (it's only a correctly-formatted, pre-shared nonce secret).
If you do the latter, make sure the file is owned by root:named
and mode 440
on the remote system.
Solution 3:
I had the same problem, but fixed it. All I've done: just typed a few letters after it got stuck at generating and it started with no problems.
Solution 4:
RHEL 6 (on which CentOS is based) apparently no longer generates the rndc.key during installation - for details please refer to this bug report: Centos 6.3 Bind hangs on "Generating /etc/rndc.key"
As a result, the key is automatically generated on the first start of named service. The command line may seem confusing as it ends with column, like this:
[root@linx etc]# service named start
Generating /etc/rndc.key:
as if it prompts for input but it is not. It may take some time, maybe 30 - 60 seconds so just wait, it should finish like this:
[root@linx etc]# service named start
Generating /etc/rndc.key: [ OK ]
Starting named: [ OK ]
Hope it helps.