Alessandro Dotti Contra's personal website

• home
• blog
• alex
• techies
• floss
• ict
• scrivere
• miscellanea

System administration

• tuning
• virtualization
• filesystems
• raid
• userland
• sysadmin miscellanea

Networking

• dns
• httpd
• smtp
• ldap

Security

• hardening
• securing services
• firewalls
• tls
• encryption

Development

• programming tools
• languages
• frameworks
• webdesign
• dummy code

DBMS

• databases design
• dbms administration

rndc configuration

rndc is a nice utility that allows to remotely control the operations of a bind nameserver. Let's see how we can used it with an already running bind installation.

Create the rndc key

#> rndc-confgen -a

This will generate a file called rndc.key with a secret shared key and the specification of the algorithm used for it's generation.

Create the rndc configuration file

Create a filed called rndc.conf. This is an example:

include "/etc/bind/rndc.key";

options {
        default-key "rndc-key";
        default-server 127.0.0.1;
        default-port 953;
};

The statements in the options section define the default key to use and the address and port for the control channel.

Update the bind configuration file

Edit your named.conf configuration file, and add the following statements:

include "/etc/bind/rndc.conf";

controls {
        inet 127.0.0.1 port 953
                allow { 127.0.0.1; } keys { "rndc-key"; };
};

Restart your service; now you can use rndc to control your DNS server.