Scribd
Upload
13 views

05-RNDC

The document provides instructions for configuring the rndc.conf file for the BIND 9 name server control utility, including steps to delete existing files, generate a new configuration file, and modify named.conf for controls. It outlines the structure of rndc.conf, detailing the options, server, and key statements required for proper configuration. Additionally, it explains the types of control channels supported by BIND and emphasizes the importance of the controls statement in named.conf.

Uploaded by

omshirdhankar2847
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
13 views

05-RNDC

The document provides instructions for configuring the rndc.conf file for the BIND 9 name server control utility, including steps to delete existing files, generate a new configuration file, and modify named.conf for controls. It outlines the structure of rndc.conf, detailing the options, server, and key statements required for proper configuration. Additionally, it explains the types of control channels supported by BIND and emphasizes the importance of the controls statement in named.conf.

Uploaded by

omshirdhankar2847
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

===================================

rndc.conf - rndc configuration file LDUP:22/9/2k4


name server control utility
===================================

* rndc.conf is the config file for rndc*, the BIND 9 name server control util.

Note : The name server must be configured to accept rndc connections and to
recognize the key specified in the rndc.conf file, using the controls
statement in named.conf.

=====================================
PART I - The practical Stuff to Do !
5 Steps
=====================================

1. Delete the following existing files if existent :


a. /etc/rndc.conf
b. /etc/rndc-key

2. Generate /etc/rndc.conf
# rndc-confgen > /etc/rndc.conf

3. Configure /etc/rndc.conf
Change : default-server 127.0.0.1;
to whatever your IP is

/etc/named.conf
===============

4. Modify /etc/named.conf for controls

a. Add your NS IP here, should look like this :

Before :
======

controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};

After :
=====

controls {
inet 192.168.1.3 allow { localhost; 192.168.1.3; } keys { rndc-key; };
};

5. Include the key statement from /etc/rndc.conf in /etc/named.conf :

a. Comment the following line :

#include "/etc/rndc-key";

b. Include the following lines from /etc/rndc.conf


[from the commented section for --> key "rndc-key" <--
key "rndc-key" {
algorithm hmac-md5;
secret "nk64UofDqwt/P/6wbTcxww==";
};

Done !!

6. # service named start


# socklist
# ps -el | grep named

7. rndc status
number of zones: 4
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
server is up and running

Testing Done !!

=====================================
PART II - /etc/rndc.conf
=====================================

This file has a similar structure and syntax to named.conf but simpler.

It has 3 statements, each with some clauses viz.,

- an 'options' statement
default-server clause
default-key clause
default-port clause
- a server statement
key clause
port clause
- a key statement
algorithm clause
secret clause

Details :
==========
The /etc/rndc.conf file uses three statements:

- an 'options' statement which itself contains 3 clauses


[These are the fallback defaults to use if none other related are found]

The clauses :

default-server : Name or Address of a name server, that will be used


when no name server is given.

Servername given on CLI to rndc - OVERRIDES this!

default-key : This default key will be used to authenticate the


server’s commands and responses.
keyid given on CLI to rndc OR if key clause is
specified in server statement - OVERRIDES this!

default-port : Port to connect to on the remote name server.

Port given on CLI to rndc OR if Port clause is


specified in server statement - OVERRIDES this!

- a server statement

After the server keyword, the server statement includes a string which
is the hostname or address for a name server.

Two clauses :

key : The key name must match the name of a key statement
in the file.

port : The port number specifies the port to connect to.

- a key statement

The key statement begins with an identifying string, the name of the
key.

Two clauses :

algorithm : identifies the encryption algorithm for rndc to use;


currently only HMAC-MD5 is supported.

secret : contains the base-64 encoding of the algorithm’s


encryption key. The base-64 string is enclosed
in double quotes.

Note : The 'controls' statement in named.conf tells the NS to create a control


channel and to listen on that channel for control msgs from rndc*.

BIND supports 2 types of channels :

unix :
A Unix domain socket that the NS creates on the local FS; rndc
then sends msgs to the NS by writing to the Unix domain socket
inet :
A TCP socket that the NS listens on; rndc sends msgs to the NS
by connecting to the TCP socket

BIND 9 uses port 953 by default and supports only inet [TCP sockets]

********************

You might also like