After upgrading BIND
to a current version, you might be surprised to see this warning when using rndc commands, (although the command should still work as before, unless you've made other configuration changes):
WARNING: key file (rndc.key) exists, but using default configuration file (rndc.conf)
Both named and rndc can operate with explicit or automatic control configuration. They do this by looking for the file rndc.key in the default configuration files directory.
If there is no explicit configuration (the controls statement in named.conf for named, or the existence of the file rndc.conf for rndc), then the key in the rndc.key file will be used instead (if it exists).
Use "rndc-confgen -a" to create the rndc.key file
Unfortunately, in the situation where there is both an explicit configuration, and the file rndc.key exists, it can sometimes be confusing for troubleshooting to know which configuration option is in use, particularly if there are problems with issuing rndc commands. So from BIND 9.7.0, the warning was added so that the choice made by rndc was clearly indicated to the operator.
Administrators who have made use of the named.conf and rndc.conf $INCLUDE functionality to import an independently-generated rndc.key file will see this new warning, but can safely ignore it.
There is no need to make any configuration changes if rndc commands are not failing, but administrators might prefer to ensure that any ambiguity is removed. Options include:
- Removing the rndc.key file
- Keeping rndc.key, but removing the controls statements from named.conf and deleting rndc.conf
- If using $INCLUDE for rndc.key, you could put the file elsewhere and import it from there.
© 2001-2017 Internet Systems ConsortiumFor assistance with problems and questions for which you have not been able to find an answer in our Knowledge Base, we recommend searching our community mailing list archives and/or posting your question there (you will need to register there first for your posts to be accepted). The bind-users and the dhcp-users lists particularly have a long-standing and active membership.ISC relies on the financial support of the community to fund the development of its open source software products. If you would like to support future product evolution and maintenance as well having peace of mind knowing that our team of experts are poised to provide you with individual technical assistance whenever you call upon them, then please consider our Professional Subscription Support services - details can be found on our main website.