Duplicate "controls" configuration causes mysterious errors
Summary
'rndc' commands do not work sometimes.
BIND version used
BIND 9.18.12
Steps to reproduce
Run 'rndc' commands, for example 'rndc status'.
What is the current bug behavior?
Running the 'rndc' command does not work sometimes. This can also happen with the first command of a session. It can also happen when the last command was run over 10 minutes ago. Running the command multiple times with an pause of 5 seconds between each command may result in the following:
works does not work works works does not work works works works works does not work does not work works
What is the expected correct behavior?
The command should always work.
If it is not possible that the command works in short succesion (e.g. 5 sec), it should at least always work as the first command of a session or if the most recent 'rndc' command lies more than a half a minute back.
Relevant configuration files
rndc.conf:
# Start of rndc.conf
key "rndc-key" {
algorithm hmac-sha256;
secret "redacted";
};
options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};
# End of rndc.confPart of named.conf:
key "rndc-key" {
algorithm hmac-sha256;
secret "redacted";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};Relevant logs and/or screenshots
An example of a command not working (does not only happen with 'status'):
root@servername:~# rndc status
WARNING: key file (/etc/bind/rndc.key) exists, but using default configuration file (/etc/bind/rndc.conf)
rndc: connection to remote host closed.
* This may indicate that the
* remote server is using an older
* version of the command protocol,
* this host is not authorized to connect,
* the clocks are not synchronized,
* the key signing algorithm is incorrect
* or the key is invalid.The Warning regarding the key file is also present in working commands.
Checking via 'journalctl -xeu named' shows this error message:
invalid command from 127.0.0.1#44453: bad auth