Configure RNDC Key for Bind9

Linux知识
0 66

csroad
csroad 举报
04月27日 03:58
Configure RNDC Key for Bind9 ( DNS Server )


Step 1: Create RNDC Key and Configuration File

First step is to create rndc key file and configuration file. rndc provides command line tool rndc-confgen to generate it.

# rndc-confgen

Sample Output:

# Start of rndc.conf
key "rndc-key" {
        algorithm hmac-md5;
        secret "DTngw5O8I5Axx631GjQ9pA==";
};

options {
        default-key "rndc-key";
        default-server 127.0.0.1;
        default-port 953;
};
# End of rndc.conf

# Use with the following in named.conf, adjusting the allow list as needed:
# key "rndc-key" {
#       algorithm hmac-md5;
#       secret "DTngw5O8I5Axx631GjQ9pA==";
# };
#
# controls {
#       inet 127.0.0.1 port 953
#               allow { 127.0.0.1; } keys { "rndc-key"; };
# };
# End of named.conf
Step 2: Configure RNDC Key and Configuration File

2.1 Copy entire output of #1 to /etc/rndc.conf.

2.2 Copy the key section of #1 to /etc/rndc.key file.

# cat /etc/rndc.key
key "rndc-key" {
        algorithm hmac-md5;
        secret "DTngw5O8I5Axx631GjQ9pA==";
};
Step 3: Configure named.conf to Use rndc key

Add below entry in named.conf. I have added it to above option’s section.

include "/etc/rndc.key";

controls {
        inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };
};
Step 4: Restart Bind Service

Before restarting bind service, I recommend to check configuration file first.

# named-checkconf /etc/named.conf
and
# named-checkconf -t /var/named/chroot /etc/named.conf

If above command shows nothing in output, means configuration is ok, Now restart bind service.

# /etc/init.d/named restart
Step 6: Test RNDC Setup

Test your setup using rndc command as below.

# rndc status

Sample output:

WARNING: key file (/etc/rndc.key) exists, but using default configuration file (/etc/rndc.conf)
version: 9.9.2-P2-RedHat-9.9.2-3.P2.el6
CPUs found: 1
worker threads: 1
UDP listeners per interface: 1
number of zones: 38
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running

Thanks You! for using this article.