How to configure bind with rndc on centos 6

To Configure Bind with RNDC on CentOS 6

RNDC stands for Remote Name Daemon Controls which allows us to control the Daemon for a Bind DNS server from a remote machine. By default it uses the port number  953, so we can perform some task with the named daemon using rndc command from the client machine which is allowed to control the daemon by using a rndc key, here the key must be configured in both the named.conf file from bind server and rndc.conf file from the client side

Server Side:

RNDC key will be generated automatically after starting Bind Daemon, if it is not generated,  use the below command to generate it

[root@ns1 ~]# rndc-confgen -a
wrote key file " /etc/rndc.key"

you can open your rndc.key file and copy it to the named.conf file  

[root@ns1 ~]# vim /etc/named.conf 
key " rndc-key"  {
        algorithm hmac-md5 
        secret " L8bw0I4nLP8WDNCHjhnoxg=="  
} 
controls {
    inet * port 953
    allow { 127.0.0.1  192.168.7.223  } keys { " rndc-key"   } 
}

you have  to restart the service to make changes effective

[root@ns1 ~]# service named restart
Stopping named:                                            [  OK  ]
Starting named:                                            [  OK  ]

Client Side:

proceed  to install the bind package on the client side machine using the following command :  

[root@localhost ~]# yum install bind* -y
Loaded plugins: fastestmirror, refresh-packagekit, security
Setting up Install Process
base                                                                                                                                                                                         | 3.7 kB     00:00     
base/primary_db                                                                                                                                                                              | 4.7 MB     00:00     
extras                                                                                                                                                                                       | 3.4 kB     00:00     
extras/primary_db                                                                                                                                                                            |  30 kB     00:00     
updates                                                                                                                                                                                      | 3.4 kB     00:00     
updates/primary_db                                                                                                                                                                           | 7.0 MB     00:00     
Resolving Dependencies
-->  Running transaction check
--->  Package bind.x86_64 32:9.8.2-0.62.rc1.el6_9.5 will be installed
--->  Package bind-chroot.x86_64 32:9.8.2-0.62.rc1.el6_9.5 will be installed
--->  Package bind-devel.x86_64 32:9.8.2-0.62.rc1.el6_9.5 will be installed
.
.
.
Installed:
  bind.x86_64 32:9.8.2-0.62.rc1.el6_9.5  bind-chroot.x86_64 32:9.8.2-0.62.rc1.el6_9.5  bind-devel.x86_64 32:9.8.2-0.62.rc1.el6_9.5  bind-dyndb-ldap.x86_64 0:2.3-8.el6  bind-sdb.x86_64 32:9.8.2-0.62.rc1.el6_9.5 

Dependency Installed:
  postgresql-libs.x86_64 0:8.4.20-8.el6_9                                                                                                                                                                           

Updated:
  bind-libs.x86_64 32:9.8.2-0.62.rc1.el6_9.5                                                               bind-utils.x86_64 32:9.8.2-0.62.rc1.el6_9.5                                                              

Complete!

once done, you can now generate rndc configuration  

[root@localhost ~]# rndc-confgen 
# Start of rndc.conf
key " rndc-key"  {
    algorithm hmac-md5 
    secret " dr+EU5Y3v44yqfngNo5u3Q=="  
} 

options {
    default-key " rndc-key"  
    default-server 127.0.0.1 
    default-port 953 
} 
# End of rndc.conf

# Use with the following in named.conf, adjusting the allow list as needed:
# key " rndc-key"  {
#     algorithm hmac-md5 
#     secret " dr+EU5Y3v44yqfngNo5u3Q=="  
# } 
# 
# controls {
#     inet 127.0.0.1 port 953
#         allow { 127.0.0.1  } keys { " rndc-key"   } 
# } 
# End of named.conf

After that copy the output of above command to a new rndc configuration file /etc/rndc.conf

finally, let’ s check the named daemon status for DNS server from this client machine using rndc command

[root@localhost ~]# rndc status 192.168.7.222
version: 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.5
CPUs found: 1
worker threads: 1
number of zones: 22
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running

With this, the method to  Configure Bind with RNDC on CentOS 6 comes to an end.

Tag : CentOS Bind rndc (Remote Name Daemon Control)
FAQ
Q
How do I run setup.sh?
A
After extracting the Webmin tar file, cd into the webmin-1.890 directory and type ./setup.sh. Because the root user on many system does not have the current directory in his path, just typing
Q
How do I change my Webmin password if I can't login?
A
Included with the Webmin distribution is a program called changepass.pl to solve erecisely this problem. Assuming you have installed Webmin in /usr/libexec/webmin, you could change the passw
Q
Why do I have to update nameserver records at the registrar?
A
When you update your nameserver records at the registrar, the registrar can push your domain's DNS information to their DNS namespace.
Q
Why the need of using the RDNC
A
RNDC stands for Remote Name Daemon Controls which allows us to control the Daemon for a Bind DNS server from a remote machine. By default it uses the port number  953, so we can perform some
Q
when i check my rndc status i got the following error, why?
A
Any alternative you may missing neither rndc.conf file nor rndc.key file so you must generate it using following commands. To generate rndc configuration use the below command and copy the