Archive:Docs/Drafts/AdministrationGuide/Servers/DNSBIND/Configuringrndc

= DNS and BIND =

Configuring the rndc tool
The rndc tool is used to control named. This tool can be used locally (on the same machine running named), or remotely. Run the following command to create the rndc configuration files:

/usr/local/sbin/rndc-confgen

This will produce the following output; however, the secret key will be different:

key "rndc-key" { algorithm hmac-md5; secret "sqDTXGGjF9nwpb4n6nxJhQ=="; };

options { default-key "rndc-key"; default-server 127.0.0.1; default-port 953; };



The first section (between  and  ) is for the rndc.conf file. Copy this into a new file and save it as. The following is an example  file:

key "rndc-key" { algorithm hmac-md5; secret "sqDTXGGjF9nwpb4n6nxJhQ=="; };

options { default-key "rndc-key"; default-server 127.0.0.1; default-port 953; };

The  file is self explanatory: an algorithm and a secret key are defined. You can set the IP address rndc will connect to along with the port using  and   respectively. The  file is the client side configuration. The IP address and port are for a remote server. If you are running rndc on the same server as named, leave the  and   options as their default.

Copy the next section into  after the options section:

key "rndc-key" { algorithm hmac-md5; secret "sqDTXGGjF9nwpb4n6nxJhQ=="; };

controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; }; };

This is the server side configuration. You can configure an IP address and port to listen on. These can be left as the default values. If you change the IP address here, conigure the /etc/rndc.conf  file:

key "rndc-key" { algorithm hmac-md5; secret "sqDTXGGjF9nwpb4n6nxJhQ=="; };

controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; }; };

Use the  option in   after the options section to include this file. Change the permissions appropriately, particularly so that the named user has read permissions:

include "/etc/bind/named_key";

rndc.conf Permissions
Run the following command as root to set the correct user and group for :

chown root:root rndc.conf

Run the following command as root to set the correct mode:

chmod 400 rndc.conf

If you are running SELinux, run the following command as root to set the correct SELinux context:

chcon -t named_conf_t /etc/rndc.conf

Note: the  file must be in the   directory, even when you are running bind in a chroot environment.

Using the rndc tool
After installation, an  file is created. Remove this file before using the rndc command. The following are useful rndc commands:


 * : write detailed statistical information about the DNS server to a file named  underneath the directory specified using   in named.conf. This tool requires that   be configured in named.conf.


 * : reloads all configuration and zone database files. Run this command after modifying configuration or zone database files so that your changes take affect.


 * : display statistical information about the DNS server. The output is similar to the following:

number of zones: 2 debug level: 0 xfers running: 0 xfers deferred: 0 soa queries in progress: 0 query logging is OFF recursive clients: 0/0/1000 tcp clients: 0/100 server is up and running

Run the following command as root to display a full list of rndc commands:

rndc

The rndc tool is located in the  directory. If this directory is not configured in your $PATH, run rndc using the following command:

/usr/local/sbin/rndc

{| border="1"
 * Administration Guide - TOC || Previous Page - Configuring Logging || Next Page - Checking Configuration Files
 * Administration Guide - TOC || Previous Page - Configuring Logging || Next Page - Checking Configuration Files