BIND 9 rndc hints (was: [rescue] Tricking DNS)
Loomis, Rip
rescue at sunhelp.org
Mon Oct 22 14:09:58 CDT 2001
> "works" now, except for:
>
> root at ohno:/var/adm> rndc stats
> rndc: decode base64 secret: bad base64 encoding
Bill--
For a real short (128-bit) HMAC-MD5 secret, use
d+crYgwNo6tWyMMuxTOufQ==
in both named.conf and rndc.conf, or just generate
your own with dnssec-keygen. The error you're
getting implies that named (or in this case rndc)
is having trouble putting the multi-line string
together into something it can decode.
The way that the Base64-encoded keying material
gets parsed out of named.conf is...interesting
in my experience. Usually the problem is
something as simple as dropping an "=" at the
end, or too many/not enough spaces, or....
Ack. I wish the BIND 9 parser provided more useful
feedback.
--Rip
More information about the rescue
mailing list