First step is to create rndc key file and configuration file. rndc provides command line tool rndc-confgen to generate it.
# rndc-confgen
Sample Output:
# Start of rndc.conf
key "rndc-key" {
algorithm hmac-md5;
secret "DTngw5O8I5Axx631GjQ9pA==";
};
options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};
# End of rndc.conf
# Use with the following in named.conf, adjusting the allow list as needed:
# key "rndc-key" {
# algorithm hmac-md5;
# secret "DTngw5O8I5Axx631GjQ9pA==";
# };
#
# controls {
# inet 127.0.0.1 port 953
# allow { 127.0.0.1; } keys { "rndc-key"; };
# };
# End of named.conf
Step 2: Configure RNDC Key and Configuration File2.1 Copy entire output of #1 to /etc/rndc.conf.
2.2 Copy the key section of #1 to /etc/rndc.key file.
# cat /etc/rndc.key
key "rndc-key" {
algorithm hmac-md5;
secret "DTngw5O8I5Axx631GjQ9pA==";
};
Step 3: Configure named.conf to Use rndc keyAdd below entry in named.conf. I have added it to above option’s section.
include "/etc/rndc.key";
controls {
inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };
};
Step 4: Restart Bind ServiceBefore restarting bind service, I recommend to check configuration file first.
# named-checkconf /etc/named.conf and # named-checkconf -t /var/named/chroot /etc/named.conf
If above command shows nothing in output, means configuration is ok, Now restart bind service.
# /etc/init.d/named restartStep 6: Test RNDC Setup
Test your setup using rndc command as below.
# rndc status
Sample output:
WARNING: key file (/etc/rndc.key) exists, but using default configuration file (/etc/rndc.conf) version: 9.9.2-P2-RedHat-9.9.2-3.P2.el6 CPUs found: 1 worker threads: 1 UDP listeners per interface: 1 number of zones: 38 debug level: 0 xfers running: 0 xfers deferred: 0 soa queries in progress: 0 query logging is OFF recursive clients: 0/0/1000 tcp clients: 0/100 server is up and running
Thanks You! for using this article.
