Alessandro Dotti Contra

Control bind with rndc

rndc is a nice utility that allows to remotely control the operations of a bind nameserver. Let's see how we can used it with an already running bind installation.

Create the rndc key

#> rndc-confgen -a

This will generate a file called rndc.key with a secret shared key and the specification of the algorithm used for it's generation.

Create the rndc configuration file

Create a file called rndc.conf. This is an example: 

include "/etc/bind/rndc.key";
options {
	default-key "rndc-key";
	default-server 127.0.0.1;
	default-port 953;
};

The statements in the options section define the default key to use and the address and port for the control channel.

Update the bind configuration file

Edit your named.conf configuration file, and add the following statements: 

include "/etc/bind/rndc.conf";

controls {
	 inet 127.0.0.1 port 953
	 allow { 127.0.0.1; } keys { "rndc-key"; };
};

Restart your service; now you can use rndc to control your DNS server.