Alessandro Dotti Contra

Linux/Unix DevOps


Control bind with rndc

rndc is a nice utility that allows to remotely control the operations of a bind nameserver. Let's see how we can used it with an already running `bind` installation.

Create the rndc key

#> rndc-confgen -a

This will generate a file called rndc.key with a secret shared key and the specification of the algorithm used for it's generation.

Create the rndc configuration file

Create a filed called rndc.conf. This is an example:

include "/etc/bind/rndc.key";

options {
        default-key "rndc-key";
    	default-server 127.0.0.1;
        default-port 953;
};

The statements in the options section define the default key to use and the address and port for the control channel.

Update the bind configuration file

Edit your named.conf configuration file, and add the following statements:

include "/etc/bind/rndc.conf";

controls {
        inet 127.0.0.1 port 953
        allow { 127.0.0.1; } keys { "rndc-key"; };
};

Restart your service; now you can use rndc to control your DNS server.