Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 107343

Summary: /etc/rndc.key missing pre-generated key?
Product: [Fedora] Fedora Reporter: Daniel McNamara <daniel>
Component: bindAssignee: Daniel Walsh <dwalsh>
Status: CLOSED RAWHIDE QA Contact: Ben Levenson <benl>
Severity: low Docs Contact:
Priority: medium    
Version: rawhideCC: chris.ricker
Target Milestone: ---   
Target Release: ---   
Hardware: i586   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2003-10-17 14:44:10 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 100643    

Description Daniel McNamara 2003-10-17 04:38:17 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624

Description of problem:
Possibly not a bug. But in previous versions of the Fedora core tests an install
of the bind package would create a pre-generated secret key in the /etc/rndc.key
file. In test 3 however this appears to missing with the file containing nothing
more than:

key "rndckey" {
        algorithm       hmac-md5;
        secret "@KEY@";
};

Lack of a pre-generated secret key means that named will not start
"out-of-the-box". I'm not sure if this was an oversight or a delibrate move to
force admins to create their own key.

Version-Release number of selected component (if applicable):
bind-9.2.2.P3-6

How reproducible:
Always

Steps to Reproduce:
1. Install minimal base of Fedora test 3
2. Install bind rpm
3. Attemtpt to start named - Although he start scripts claims success a check of
the logs shows that due to the lack of a proper secret key it exists.
    

Actual Results:  named failes to start with default config

Expected Results:  To get it to work out-of-the-box perhaps the key should be there?

Additional info:
Comment 1 Ryan Bowen 2003-10-17 13:42:15 UTC 
I see the exact same behaviour : it appears like named starts ok, but exits due
to a fatal error due to the bade base64 encoding of the duff key in
/etc/rndc.key. This was not the case for RH8 or RH9; where a key was
auto-generated during install.

For Fedora Core 0.95 test 3, I used rndc-confgen and copied the proper base64
key to /etc/rndc.key, replacing "@KEY@". This creates a new key every time it's
run; but you do have to manually copy the key to the file. 

named now starts ok after the above key generation.
Comment 2 Daniel Walsh 2003-10-17 14:44:10 UTC 
Fixed in bind-9.2.2.P3-8 on Rawhide.  You must uninstall and then reinstall, to
get the key generated.  Basically the install was changed to not do this on an
upgrade, but there was a bug.

Dan