How to Fix rndc: connect failed: connection refused
Introduction
The error rndc: connect failed: connection refused usually occurs when the rndc command is unable to connect to the BIND/named service. Even though the command /etc/init.d/named start may show OK, the named service may not actually be running.
One common reason for this issue is that the named service is trying to write its PID file to /var/run/named.pid, but the named user does not have permission to write to that location.
To resolve this, the PID file path should be changed to:
/var/run/named/named.pid
This path is generally writable by the named service.
Prerequisites
Before proceeding, make sure you have:
- Root or sudo access to the server.
- BIND/named service installed.
- Access to the named configuration file:
/etc/named.conf
- Basic knowledge of Linux service commands.
Steps to Fix the Issue
Step 1: Check the named Service Status
Run the following command to check whether the named service is running:
service named status
or
/etc/init.d/named status
If the service is not running, try starting it:
/etc/init.d/named start
If it shows OK but the service is still not running, continue with the next steps.
Step 2: Open the named Configuration File
Open the BIND configuration file using any text editor:
vi /etc/named.conf
Step 3: Add the PID File Path
Inside the options section, add the following line:
pid-file "/var/run/named/named.pid";
Example:
options {
pid-file "/var/run/named/named.pid";
};
Step 4: Add rndc Key Configuration
If you are using rndc-confgen, make sure the key and controls section are properly added in the named.conf file.
Example configuration:
key "rndc-key" {
algorithm hmac-md5;
secret "DTKqPmkyorw5dFYCyz6Fiw==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
Your final configuration should look similar to this:
options {
pid-file "/var/run/named/named.pid";
};
key "rndc-key" {
algorithm hmac-md5;
secret "DTKqPmkyorw5dFYCyz6Fiw==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
Step 5: Check Configuration Syntax
Before restarting the service, verify the configuration syntax:
named-checkconf
If there is no output, the configuration is valid.
Step 6: Restart named Service
Restart the named service:
service named restart
or
/etc/init.d/named restart
Step 7: Verify rndc Status
Now check whether rndc is working:
rndc status
If everything is configured correctly, it should return the BIND server status instead of the connection refused error.
Conclusion
The rndc: connect failed: connection refused error can occur when the named service is not running properly or cannot create its PID file due to permission issues.
By adding the correct PID file path inside the options section of /etc/named.conf, the named service can write its PID file to the proper directory and start successfully.
After updating the configuration, always verify the syntax using named-checkconf and restart the named service. Once the service is running, the rndc status command should work properly.
