Conversation with Gemini

You said

How do I recover from this error? /usr/local/etc/namedb/named.conf:7: unix control '/var/run/ndc': not supported

Gemini said

This error typically occurs when a BIND configuration file (named.conf) includes legacy ndc (Name Daemon Control) syntax that is no longer supported in modern versions of BIND (BIND 9 and later). The ndc utility was the control interface for BIND 8, whereas BIND 9 uses rndc.

To resolve this, you need to update the controls section of your configuration file.

1. Locate the Error

Open /usr/local/etc/namedb/named.conf and look at line 7. You will likely see a block that looks like this:

DNS Zone file
controls {
    unix "/var/run/ndc" perm 0600 owner 0 group 0;
};

2. Update to rndc Syntax

Modern BIND installations on FreeBSD (and other Unix-like systems) use an inet control channel or a unix socket specifically formatted for rndc.

The Quick Fix: If you do not require specialized remote control and just want the error to go away, you can comment out the offending lines by wrapping them in /* ... */ or prefixing them with //.

The Proper Fix: Replace the legacy ndc block with a standard rndc configuration. Usually, you can simply include the default rndc.key:

DNS Zone file
include "/usr/local/etc/namedb/rndc.key";

controls {
    inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; };
};

3. Generate a Key (If Missing)

If you don't have an rndc.key file yet, you can generate one using the following command in your terminal:

Bash
rndc-confgen -a

This will create /usr/local/etc/namedb/rndc.key with the appropriate permissions.

4. Verify and Restart

After saving the changes to named.conf, check the configuration for syntax errors before restarting the service:

Bash
named-checkconf /usr/local/etc/namedb/named.conf

If the command returns no output, the syntax is correct. You can then restart the service:

Bash
service named restart

Why this happened

The unix control directive was specific to the way BIND 8 handled local communication via a Unix domain socket. BIND 9 moved to a protocol-based approach (even for local communication) to provide better security and consistency across network interfaces. Since you are likely running a modern version of BIND on your system, the parser encounters that line and flags it as unsupported.

profile picture


Gemini is AI and can make mistakes.