Just upgraded to fc3, and got the released updates.

> Nov 27 22:39:25 gateway named[13957]: /etc/rndc.key:1: configuring key
> 'rndckey': bad base64 encoding
> Nov 27 22:39:25 gateway named[13957]: loading configuration: bad base64
> encoding

> rndc.key doesn't actually have a key:
>
> cat rndc.key
> key "rndckey" {
> algorithm hmac-md5;
> secret "@KEY@";

There must be a hash for the secret and not such a placeholder.

> Regardless of whetther this is a bug or a feature, how do I fix this?
> Googling found rndc-confgen but I can't figure out how this coordinates
> with named.

Yes, rndc-confgen is the tool you have to use to create the key file.
Simpler to only generate the value of the key you can use "dns-keygen".
It will simply print out a new random key. Put it into the rndc.key file
where now the @KEY@ appears. Keep care for location when running
bind-chrooted, then the default location is
/var/named/chroot/etc/rndc.key.

It seems to be a bug. The postinstall script of the bind RPM should have
exchanged the placeholder with a key.