rndc (Remote Name Daemon Control)
BIND uses a shared secret key authentication method to grant privileges to hosts to prevent unauthorized access to the named daemon, the supported authentication algorithm being HMAC-MD5, which uses a shared secret on each end of the connection. TSIG-style authentication is used for the command request and the name server's response. The commands must be signed by a key_id known to the server.