--- title: "Why does rndc log warning key file ... exists, but using default conf" slug: "aa-00722" description: "After upgrading BIND to a current version, you might be surprised to see a warning when using rndc commands." tags: ["rndc", "logs", "warning"] updated: 2018-10-12T21:21:48Z published: 2018-10-12T21:21:48Z --- > ## Documentation Index > Fetch the complete documentation index at: https://kb.isc.org/llms.txt > Use this file to discover all available pages before exploring further. # Why does rndc log warning key file ... exists, but using default configuration file (rndc.conf)? After upgrading BIND to a current version, you might be surprised to see this warning when using **rndc** commands (although the command should still work as before, unless you've made other configuration changes): ``` WARNING: key file (rndc.key) exists, but using default configuration file (rndc.conf) ``` Both **named** and **rndc** can operate with explicit or automatic control configuration. They do this by looking for the file **rndc.key** in the default configuration files directory. If there is no explicit configuration (the **controls** statement in **named.conf** for **named**, or the existence of the file **rndc.conf** for **rndc**), then the key in the **rndc.key** file will be used instead (if it exists). The rndc.key file isn't created automatically on installationUse `rndc-confgen -a` to create the **rndc.key** file. Unfortunately, in the situation where there is both an explicit configuration, and the file **rndc.key** exists, it can sometimes be confusing for troubleshooting to know which configuration option is in use, particularly if there are problems with issuing **rndc** commands. So from BIND 9.7.0, the warning was added so that the choice made by **rndc** was clearly indicated to the operator. Administrators who have made use of the **include** functionality of **named.conf** and **rndc.conf** to import an independently-generated **rndc.key** file will see this new warning, but can safely ignore it. Getting rid of the warning message There is no need to make any configuration changes if **rndc** commands are not failing, but administrators might prefer to ensure that any ambiguity is removed. Options include: - Removing the **rndc.key** file - Keeping **rndc.key**, but removing the **controls** statements from **named.conf** and deleting **rndc.conf** - If using **include** for **rndc.key**, you could put the file elsewhere and import it from there