After an upgrade, I’ve noticed a few times that bind has refused to restart or reload, saying:
Stopping domain name service: namedrndc: connect failed: connection refused
This seems to be a permissions bug in debian, quite a long lasting one. In order to cheat-fix it quickly, I do the following:
chown bind:root /etc/bind/rndc.key
chmod 660
/etc/init.d/bind9 restart
That seems to fix it well enough. I think it’s a problem in that bind starts as one user, but runs as another. It may be that 440 are all the perms that are necessary. The debian bug report is here: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=169577