107343 – /etc/rndc.key missing pre-generated key?

Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 107343 - /etc/rndc.key missing pre-generated key?

Summary: /etc/rndc.key missing pre-generated key?

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	bind
Sub Component:
Version:	rawhide
Hardware:	i586
OS:	Linux
Priority:	medium
Severity:	low
Target Milestone:	---
Assignee:	Daniel Walsh
QA Contact:	Ben Levenson
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	CambridgeBlocker
TreeView+	depends on / blocked

Reported:	2003-10-17 04:38 UTC by Daniel McNamara
Modified:	2007-11-30 22:10 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2003-10-17 14:44:10 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Daniel McNamara 2003-10-17 04:38:17 UTC

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624

Description of problem:
Possibly not a bug. But in previous versions of the Fedora core tests an install
of the bind package would create a pre-generated secret key in the /etc/rndc.key
file. In test 3 however this appears to missing with the file containing nothing
more than:

key "rndckey" {
        algorithm       hmac-md5;
        secret "@KEY@";
};

Lack of a pre-generated secret key means that named will not start
"out-of-the-box". I'm not sure if this was an oversight or a delibrate move to
force admins to create their own key.

Version-Release number of selected component (if applicable):
bind-9.2.2.P3-6

How reproducible:
Always

Steps to Reproduce:
1. Install minimal base of Fedora test 3
2. Install bind rpm
3. Attemtpt to start named - Although he start scripts claims success a check of
the logs shows that due to the lack of a proper secret key it exists.
    

Actual Results:  named failes to start with default config

Expected Results:  To get it to work out-of-the-box perhaps the key should be there?

Additional info:

Comment 1 Ryan Bowen 2003-10-17 13:42:15 UTC

I see the exact same behaviour : it appears like named starts ok, but exits due
to a fatal error due to the bade base64 encoding of the duff key in
/etc/rndc.key. This was not the case for RH8 or RH9; where a key was
auto-generated during install.

For Fedora Core 0.95 test 3, I used rndc-confgen and copied the proper base64
key to /etc/rndc.key, replacing "@KEY@". This creates a new key every time it's
run; but you do have to manually copy the key to the file. 

named now starts ok after the above key generation.

Comment 2 Daniel Walsh 2003-10-17 14:44:10 UTC

Fixed in bind-9.2.2.P3-8 on Rawhide.  You must uninstall and then reinstall, to
get the key generated.  Basically the install was changed to not do this on an
upgrade, but there was a bug.

Dan

Note You need to log in before you can comment on or make changes to this bug.