Centos 6.3 Bind hangs on "Generating /etc/rndc.key"

centos centos6 bind

I'm installing bind on a clean Centos 6.3 system. In previous versions that would work like a charm, but now I get

Generating /etc/rndc.key

when trying to start bind after the installation. Why is this and does anyone know how to solve this?

Thank you!


Solution 1:

Try using

rndc-confgen -a -r /dev/urandom

If you're using bind-chroot, add :

rndc-confgen -a -r /dev/urandom -t /var/named/chroot

The result should be:

wrote key file "/etc/rndc.key"

wrote key file "/var/named/chroot/etc/rndc.key"

I've found the answer here and tested myself because I was having the same problem.

Cheers

Solution 2:

I'm sorry if this seems trite, but I suspect the error message means that the system is trying to generate an rndc key in /etc/rndc.key. Such a key is needed for correct operation of BIND as it's configured out-the-box in CentOS, though it would only need to be created that first time.

I suspect it's hanging on the creation because you're ssh'ed onto a remote server, one without a handy human being attached via keyboard and mouse, who can provide the entropy that such a key generation requires.

You can test the first part of this hypothesis by doing

ls -al /etc/rndc.key

If it's not there, that's the problem.

You can test the second part by doing

sudo rndc-confgen -a -c /etc/rndc.key

on your remote server. If it hangs, try doing 

rndc-confgen -a -c /tmp/disposable.key

on your remote server. If it, too, hangs, the problem is not with the file /etc/rndc.key, but with the act of key generation, as I suspect. Try

rndc-confgen -a -c /tmp/disposable.key

on your local desktop (assuming that you have the bind package installed, or whatever is suitable for your local distro). If that completes, the problem is very likely the availability of entropy (desktops have a lot of it, colocated servers less so; as I said, having a human being on the end of a HID cable makes lots of useful randomness available to the system).

You can either arrange for the remote system to have some entropy (which is somewhat beyond the scope of this answer), or generate the keyfile locally and copy it up to the server (it's only a correctly-formatted, pre-shared nonce secret).

If you do the latter, make sure the file is owned by root:named and mode 440 on the remote system.

Solution 3:

I had the same problem, but fixed it. All I've done: just typed a few letters after it got stuck at generating and it started with no problems.

Solution 4:

RHEL 6 (on which CentOS is based) apparently no longer generates the rndc.key during installation - for details please refer to this bug report: Centos 6.3 Bind hangs on "Generating /etc/rndc.key"

As a result, the key is automatically generated on the first start of named service. The command line may seem confusing as it ends with column, like this:

[root@linx etc]# service named start 
Generating /etc/rndc.key:

as if it prompts for input but it is not. It may take some time, maybe 30 - 60 seconds so just wait, it should finish like this:

[root@linx etc]# service named start
Generating /etc/rndc.key:                                  [  OK  ]
Starting named:                                            [  OK  ]

Hope it helps.

Related

Which partition is my OS installed on?
Get Size of All Folders in Directory
using i7 "gamer" cpu in a HPC cluster
How to reset password for HP Proliant ML330 G6
sysctl -p /etc/sysctl.conf returns error
Dial-up server: Setting up a virtual POTS infrastructure
CentOS DNS not working - Cannot resolve any hostnames [closed]
When should you create additional domain in forest?
403 Forbidden Errors on Red Hat server
create zip based on contents of a file list
Tomcat 8 hangs on startup while deploying webapp. Possibly related to entropy generation
TCP sequence number