[Debian] dhcp3 talking to bind using rndc.key problem

[browolf]

have got dns bind and dhcp working separately, when I try and make dhcp talk to dns as per general net instructions. it has a problem with the key file

whether I have
include "/etc/bind/rndc.key";


or copy the key to /etc/dhcp3

when i restart dhcp it says

line 11 unknown key rndc.key

line 11 is the key line in dhcp3.conf

zone local.net {
primary 127.0.0.1;
key rndc.key; # line 11
}

the permissions on /etc/bind/rndc.key are
-rw-r----- bind bind

and the one i copied is

-rw-r----- root root

I just noticed the key file seems to be lacking an "r" that all the other files have.. e.g

-rw-r--r--- bind bind named.conf

maybe this has something to do with it but I dont know why the key file is different to the rest....

I'm a bit stuck on what to do to make it work. thanks

[powdarrmonkey]

Understanding Linux file permissions

Hint: do NOT grant all users access to the rndc.key. Instead, change its owner flags to be user: bind group: bind, which is what bind9 runs as on a Debian system.

[browolf]

Understanding Linux file permissions

Hint: do NOT grant all users access to the rndc.key. Instead, change its owner flags to be user: bind group: bind, which is what bind9 runs as on a Debian system.

yes but the rndc.key in /etc/bind/ already has bind bind permissions, and that missing r means other accounts cant read it i think. whatever account dhcp runs as, isnt a member of the bind group. but then apparently it doesnt run as root either...and there isnt a dhcpd user...

[powdarrmonkey]

One of my plans for tonight is to move DHCP+DDNS from my current router at home onto another box, so when I've done that I'll see if I can see why.

[browolf]

k thx
just had a thought, if the dhcp clients have no reason to talk to one-another, is there actually any point in having this functionality, since the dns is really just for caching internet related dns queries...?

[powdarrmonkey]

Depends if you want to be able to do local lookups or not. If you don't care, then why waste time doing it? (It's really cool when it works though.)

[browolf]

I cant see any need for local lookups and havent really got time for cool lol, Im out on a limb making this thing, so its figure it out as I go along. linux is good in this respect that it makes you think why you're doing things whereas windows does it all for you and you assume if it's there it must be there for a good reason. :-)

[powdarrmonkey]

it makes you think why you're doing things whereas windows does it all for you and you assume if it's there it must be there for a good reason. :-)

Couldn't have put it better. Why waste time making it work if you're never going to use it?