Introduction

The error rndc: connect failed: connection refused usually occurs when the rndc command is unable to connect to the BIND/named service. Even though the command /etc/init.d/named start may show OK, the named service may not actually be running.

One common reason for this issue is that the named service is trying to write its PID file to /var/run/named.pid, but the named user does not have permission to write to that location.

To resolve this, the PID file path should be changed to:

/var/run/named/named.pid

This path is generally writable by the named service.


Prerequisites

Before proceeding, make sure you have:

  1. Root or sudo access to the server.
  2. BIND/named service installed.
  3. Access to the named configuration file:
/etc/named.conf
  1. Basic knowledge of Linux service commands.

Steps to Fix the Issue

Step 1: Check the named Service Status

Run the following command to check whether the named service is running:

service named status

or

/etc/init.d/named status

If the service is not running, try starting it:

/etc/init.d/named start

If it shows OK but the service is still not running, continue with the next steps.


Step 2: Open the named Configuration File

Open the BIND configuration file using any text editor:

vi /etc/named.conf

Step 3: Add the PID File Path

Inside the options section, add the following line:

pid-file "/var/run/named/named.pid";

Example:

options {
    pid-file "/var/run/named/named.pid";
};

Step 4: Add rndc Key Configuration

If you are using rndc-confgen, make sure the key and controls section are properly added in the named.conf file.

Example configuration:

key "rndc-key" {
      algorithm hmac-md5;
      secret "DTKqPmkyorw5dFYCyz6Fiw==";
};

controls {
      inet 127.0.0.1 port 953
              allow { 127.0.0.1; } keys { "rndc-key"; };
};

Your final configuration should look similar to this:

options {
    pid-file "/var/run/named/named.pid";
};

key "rndc-key" {
      algorithm hmac-md5;
      secret "DTKqPmkyorw5dFYCyz6Fiw==";
};

controls {
      inet 127.0.0.1 port 953
              allow { 127.0.0.1; } keys { "rndc-key"; };
};

Step 5: Check Configuration Syntax

Before restarting the service, verify the configuration syntax:

named-checkconf

If there is no output, the configuration is valid.


Step 6: Restart named Service

Restart the named service:

service named restart

or

/etc/init.d/named restart

Step 7: Verify rndc Status

Now check whether rndc is working:

rndc status

If everything is configured correctly, it should return the BIND server status instead of the connection refused error.


Conclusion

The rndc: connect failed: connection refused error can occur when the named service is not running properly or cannot create its PID file due to permission issues.

By adding the correct PID file path inside the options section of /etc/named.conf, the named service can write its PID file to the proper directory and start successfully.

After updating the configuration, always verify the syntax using named-checkconf and restart the named service. Once the service is running, the rndc status command should work properly.

Leave a Reply