BIND includes a utility called rndc which allows you to use command line statements to administer the named daemon, locally, or remotely. The rndc program uses the /etc/rndc.conf file for its configuration options, which can be overridden with command line options. In order to prevent unauthorized users on other systems from controlling BIND on your server, a shared secret key method is used to explicitly grant privileges to particular hosts. In order for rndc to issue commands to any named, even on a local machine, the keys used in /etc/named.conf
and /etc/rndc.conf
must match.
Run the Bind key generator for rndc.conf
It teminal window enter:
cd /root /usr/sbin/dnssec-keygen -a hmac-md5 -b 128 -n user rndc
this command creates two files with names starting Krndc.....
In the one with the .private extension you will find something like:
Private-key-format: v1.2
Algorithm: 157 (HMAC_MD5)
Key: Nds78kjheRT8Ovwe==
The last line is what you're interested in as its the authentication key and
should be put into /etc/rndc.conf
and /etc/named.conf
It's easy to edit from gnome desktop simply select file manager then change
to /etc directory right click on the rndc.conf
file and select edit.
Edit the file /etc/rndc.conf
so that it looks something like this :
replace the 72.96.52.127
ip address to your server ip address :
options {
default-server 72.96.52.127;
default-key rndc_key;
};
server localhost {
key rndc_key;
};
key rndc_key {
algorithm hmac-md5;
secret "Nds78kjheRT8Ovwe==";
};
Next, edit /etc/named.conf
to
[rememeber to replace the 72.96.52.127 ip address to your server ip address]
key rndc_key {
algorithm hmac-md5;
secret "Nds78kjheRT8Ovwe==";
};
controls {inet 72.96.52.127 port 953 allow {localhost;} keys {rndc_key;} ; };
Once you've done that restart 'named' as follows :
/etc/rc.d/init.d/named restart