Tag : rndc (Remote Name Daemon Control)

Tag description

rndc (Remote Name Daemon Control) is Command-line control of DNS program named daemon or BIND (Berkeley Internet Name Domain) from the localhost or a remote host.

Tag info

Syntax: rndc [option...] command [command-option]

[-b source-address] [-c config-file] [-k key-file] [-s server] [-p port] [-V verbose logging] [-y key_id]

rndc sends named digitally signed and authenticated commands to a BIND DNS server over a TCP connection. The configuration file for rndc is ‘/etc/rndc.conf’ which stores authentication and configuration information such as the name server to connect to and which key to use for the digital signature. The rndc utility is started when named is started using the initialization script. The default-port is port number 953.

BIND uses a shared secret key authentication method to grant privileges to hosts to prevent unauthorized access to the named daemon, the supported authentication algorithm being HMAC-MD5, which uses a shared secret on each end of the connection. TSIG-style authentication is used for the command request and the name server's response. The commands must be signed by a key_id known to the server.

Related articles under rndc (Remote Name Daemon Control)