• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Resolved Error code 1: rndc: connection failed: IP#953: Connection refused

Kingsley

Silver Pleskian
Hello;

I am trying to connect my Main server and a slave server but this message appears on the mainserver

Error code 1: rndc: connection failed: IP#953: Connection refused.

below is what was added to /etc/named.conf

Code:
key "rndc-key-45.33.11.89" {
  algorithm hmac-md5;
  secret "NDg2ZmEzY2JhNGRhODhlYzQ5ZGNjMg==";
};

controls {
    inet * port 953 allow { 45.33.11.89; 127.0.0.1; } keys { "rndc-key"; "rndc-key-45.33.11.89"; };
};
 
the main server is centos 7.

the slave are centos7 and ubuntu 16, same error displays on the main server,
 
# telnet 45.33.11.89 953
Trying 45.33.11.89...
telnet: connect to address 45.33.11.89: Connection refused

Maybe it is firewalled?
 
Error code 1: rndc: connection failed: IP#953: Connection refused.
Looks like you do not start 'named' service on slave DNS server or 'named' service do not listen port 953.

You can check this by command "netstat -anp4 | grep named", you should see like this:
tcp 0 0 xx.yy.11.89:53 0.0.0.0:* LISTEN 15272/named
tcp 0 0 xx.yy.11.89:953 0.0.0.0:* LISTEN 15272/named

[...]
 
# telnet 45.33.11.89 953
Trying 45.33.11.89...
telnet: connect to address 45.33.11.89: Connection refused

Maybe it is firewalled?

OS was removed... installing it back

however i dont know if firewall was enabled
 
Looks like you do not start 'named' service on slave DNS server or 'named' service do not listen port 953.

You can check this by command "netstat -anp4 | grep named", you should see like this:
tcp 0 0 xx.yy.11.89:53 0.0.0.0:* LISTEN 15272/named
tcp 0 0 xx.yy.11.89:953 0.0.0.0:* LISTEN 15272/named

[...]

when i enter the command netstat -anp4 | grep named nothing happens
 
I got this error

Code:
[root@li809-158 ~]# systemctl status named.service
● named.service - Berkeley Internet Name Domain (DNS)
   Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Tue 2017-02-21 06:53:26 UTC; 7s ago
  Process: 4691 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z /etc/named.conf; else echo "Checking of zone files is disabled"; fi (code=exited, status=1/FAILURE)

Feb 21 06:53:26 li809-158.members.linode.com systemd[1]: Starting Berkeley Internet Name Domain (DNS)...
Feb 21 06:53:26 li809-158.members.linode.com bash[4691]: /etc/named.conf.local:15: 'options' redefined near 'options'
Feb 21 06:53:26 li809-158.members.linode.com systemd[1]: named.service: control process exited, code=exited status=1
Feb 21 06:53:26 li809-158.members.linode.com systemd[1]: Failed to start Berkeley Internet Name Domain (DNS).
Feb 21 06:53:26 li809-158.members.linode.com systemd[1]: Unit named.service entered failed state.
Feb 21 06:53:26 li809-158.members.linode.com systemd[1]: named.service failed.
 
i created named.conf.local

and added the below code

Code:
key "rndc-key-45.33.11.89" {
      algorithm hmac-md5;
      secret "NzU3NTA0ZjdkODdkNzY0MWVlYjljOQ==";
    };
   
    controls {
        inet * port 953 allow { 45.33.11.89; 127.0.0.1; } keys { "rndc-key"; "rndc-key-45.33.11.89"; };
    };
*/

key "rndc-key" {
    algorithm hmac-md5;
    secret "NzU3NTA0ZjdkODdkNzY0MWVlYjljOQ==";
};

options {
    default-key "rndc-key";
    default-server 104.237.133.158;
    default-port 953;
};

my named.conf

Code:
options {
    listen-on port 53 { 127.0.0.1; };
    listen-on-v6 port 53 { ::1; };
    directory     "/var/named";
    dump-file     "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    allow-query     { localhost; };
    allow-new-zones yes;

    /*
     - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
     - If you are building a RECURSIVE (caching) DNS server, you need to enable
       recursion.
     - If your recursive DNS server has a public IP address, you MUST enable access
       control to limit queries to your legitimate users. Failing to do so will
       cause your server to become part of large scale DNS amplification
       attacks. Implementing BCP38 within your network would greatly
       reduce such attack surface
    */
    recursion yes;

    dnssec-enable yes;
    dnssec-validation yes;

    /* Path to ISC DLV key */
    bindkeys-file "/etc/named.iscdlv.key";

    managed-keys-directory "/var/named/dynamic";

    pid-file "/run/named/named.pid";
    session-keyfile "/run/named/session.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
    type hint;
    file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
include "/etc/named.conf.local";
 
/etc/named.conf.local:15: 'options' redefined near 'options'
So, you wrote twice "options", they conflict each other:
- original in named.conf
- one more in named.conf.local

Also, I found '*/' in a center of named.conf.local, I think it is a mistake.

I think you can remove 'options' section from named.conf.local. Also, you need change listen-on to "listen-on port 53 { 127.0.0.1; 104.237.133.158; };"
 
Last edited:
So, you wrote twice "options", they conflict each other:
- original in named.conf
- one more in named.conf.local

Also, I found '*/' in a center of named.conf.local, I think it is a mistake.

I think you can remove 'options' section from named.conf.local. Also, you need change listen-on to "listen-on port 53 { 127.0.0.1; 104.237.133.158 };"

Code:
[root@li809-158 ~]# systemctl status named.service
● named.service - Berkeley Internet Name Domain (DNS)
   Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Tue 2017-02-21 07:24:01 UTC; 1min 26s ago
  Process: 4738 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z /etc/named.conf; else echo "Checking of zone files is disabled"; fi (code=exited, status=1/FAILURE)

Feb 21 07:24:01 li809-158.members.linode.com systemd[1]: Starting Berkeley Internet Name Domain (DNS)...
Feb 21 07:24:01 li809-158.members.linode.com bash[4738]: /etc/named.conf:13: missing ';' before '}'
Feb 21 07:24:01 li809-158.members.linode.com systemd[1]: named.service: control process exited, code=exited status=1
Feb 21 07:24:01 li809-158.members.linode.com systemd[1]: Failed to start Berkeley Internet Name Domain (DNS).
Feb 21 07:24:01 li809-158.members.linode.com systemd[1]: Unit named.service entered failed state.
Feb 21 07:24:01 li809-158.members.linode.com systemd[1]: named.service failed.

named.conf.local

Code:
key "rndc-key-45.33.11.89" {
      algorithm hmac-md5;
      secret "NzU3NTA0ZjdkODdkNzY0MWVlYjljOQ==";
    };
    
    controls {
        inet * port 953 allow { 45.33.11.89; 127.0.0.1; } keys { "rndc-key"; "rndc-key-45.33.11.89"; };
};

named.conf

Code:
options {
    listen-on port 53 { 127.0.0.1; 104.237.133.158};
    listen-on-v6 port 53 { ::1; };
    directory     "/var/named";
    dump-file     "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    allow-query     { localhost; };
    allow-new-zones yes;

    /*
     stuffs were here
    */
    recursion yes;

    dnssec-enable yes;
    dnssec-validation yes;

    /* Path to ISC DLV key */
    bindkeys-file "/etc/named.iscdlv.key";

    managed-keys-directory "/var/named/dynamic";

    pid-file "/run/named/named.pid";
    session-keyfile "/run/named/session.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
    type hint;
    file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
include "/etc/named.conf.local";
 
Code:
[root@li809-158 ~]# systemctl status named.service
● named.service - Berkeley Internet Name Domain (DNS)
   Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled)
   Active: active (running) since Tue 2017-02-21 07:39:41 UTC; 1min 43s ago
  Process: 13901 ExecStart=/usr/sbin/named -u named $OPTIONS (code=exited, status=0/SUCCESS)
  Process: 13897 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z /etc/named.conf; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)
 Main PID: 13904 (named)
   CGroup: /system.slice/named.service
           └─13904 /usr/sbin/named -u named

Feb 21 07:39:41 li809-158.members.linode.com named[13904]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
Feb 21 07:39:41 li809-158.members.linode.com named[13904]: command channel listening on 0.0.0.0#953
Feb 21 07:39:41 li809-158.members.linode.com named[13904]: managed-keys-zone: loaded serial 0
Feb 21 07:39:41 li809-158.members.linode.com named[13904]: zone 0.in-addr.arpa/IN: loaded serial 0
Feb 21 07:39:41 li809-158.members.linode.com named[13904]: zone localhost/IN: loaded serial 0
Feb 21 07:39:41 li809-158.members.linode.com named[13904]: zone localhost.localdomain/IN: loaded serial 0
Feb 21 07:39:41 li809-158.members.linode.com named[13904]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
Feb 21 07:39:41 li809-158.members.linode.com named[13904]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
Feb 21 07:39:41 li809-158.members.linode.com named[13904]: all zones loaded
Feb 21 07:39:41 li809-158.members.linode.com named[13904]: running
 
Back
Top