How to configure bind with rndc on centos 6
To Configure Bind with RNDC on CentOS 6
RNDC stands for Remote Name Daemon Controls which allows us to control the Daemon for a Bind DNS server from a remote machine. By default it uses the port number 953, so we can perform some task with the named daemon using rndc command from the client machine which is allowed to control the daemon by using a rndc key, here the key must be configured in both the named.conf file from bind server and rndc.conf file from the client side
Server Side:
RNDC key will be generated automatically after starting Bind Daemon, if it is not generated, use the below command to generate it
[root@ns1 ~]# rndc-confgen -a
wrote key file " /etc/rndc.key"
you can open your rndc.key file and copy it to the named.conf file
[root@ns1 ~]# vim /etc/named.conf
key " rndc-key" {
algorithm hmac-md5
secret " L8bw0I4nLP8WDNCHjhnoxg=="
}
controls {
inet * port 953
allow { 127.0.0.1 192.168.7.223 } keys { " rndc-key" }
}
you have to restart the service to make changes effective
[root@ns1 ~]# service named restart
Stopping named: [ OK ]
Starting named: [ OK ]
Client Side:
proceed to install the bind package on the client side machine using the following command :
[root@localhost ~]# yum install bind* -y
Loaded plugins: fastestmirror, refresh-packagekit, security
Setting up Install Process
base | 3.7 kB 00:00
base/primary_db | 4.7 MB 00:00
extras | 3.4 kB 00:00
extras/primary_db | 30 kB 00:00
updates | 3.4 kB 00:00
updates/primary_db | 7.0 MB 00:00
Resolving Dependencies
--> Running transaction check
---> Package bind.x86_64 32:9.8.2-0.62.rc1.el6_9.5 will be installed
---> Package bind-chroot.x86_64 32:9.8.2-0.62.rc1.el6_9.5 will be installed
---> Package bind-devel.x86_64 32:9.8.2-0.62.rc1.el6_9.5 will be installed
.
.
.
Installed:
bind.x86_64 32:9.8.2-0.62.rc1.el6_9.5 bind-chroot.x86_64 32:9.8.2-0.62.rc1.el6_9.5 bind-devel.x86_64 32:9.8.2-0.62.rc1.el6_9.5 bind-dyndb-ldap.x86_64 0:2.3-8.el6 bind-sdb.x86_64 32:9.8.2-0.62.rc1.el6_9.5
Dependency Installed:
postgresql-libs.x86_64 0:8.4.20-8.el6_9
Updated:
bind-libs.x86_64 32:9.8.2-0.62.rc1.el6_9.5 bind-utils.x86_64 32:9.8.2-0.62.rc1.el6_9.5
Complete!
once done, you can now generate rndc configuration
[root@localhost ~]# rndc-confgen
# Start of rndc.conf
key " rndc-key" {
algorithm hmac-md5
secret " dr+EU5Y3v44yqfngNo5u3Q=="
}
options {
default-key " rndc-key"
default-server 127.0.0.1
default-port 953
}
# End of rndc.conf
# Use with the following in named.conf, adjusting the allow list as needed:
# key " rndc-key" {
# algorithm hmac-md5
# secret " dr+EU5Y3v44yqfngNo5u3Q=="
# }
#
# controls {
# inet 127.0.0.1 port 953
# allow { 127.0.0.1 } keys { " rndc-key" }
# }
# End of named.conf
After that copy the output of above command to a new rndc configuration file /etc/rndc.conf
finally, let’ s check the named daemon status for DNS server from this client machine using rndc command
[root@localhost ~]# rndc status 192.168.7.222
version: 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.5
CPUs found: 1
worker threads: 1
number of zones: 22
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
With this, the method to Configure Bind with RNDC on CentOS 6 comes to an end.