Configure RNDC Key for Bind DNS server on CentOS 7


In order to administer DNS server (bind) from a command line, the RNDC utility needs to be correctly configured to avoid error message such as “rndc connect failed connection refused“. The objective is to configure RNDC for Bind DNS server on CentOS 7 Linux.

Operating System and Software Versions

  • Operating System: – CentOS Linux release 7.4.1708 (Core) Linux
  • Software: – Bind 9


Privileged access to your Ubuntu System as root or via sudo command is required.




  • # – requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command
  • $ – requires given linux commands to be executed as a regular non-privileged user


Generate RNDC Configuration

Start by execution of the rndc-confgen command to generate appropriate configuration settings:

# rndc-confgen

 generate rndc and bind configuration - centos

Execute the rndc-confgen linux command to generate rndc-key and appropriate configuration stanzas for Bind and RNDC services.

Configure RNDC

Insert the previously generated RNDC configuration stanza into the file /etc/rndc.key. Your code will be different:

key "rndc-key" {
        algorithm hmac-md5;
        secret "1KJjYVuDxsJpcmGIJs/0Uw==";

Confirm the file and ownership of the /etc/rndc.key file. The correct permissions will be:

# ls -l /etc/rndc.key 
-rw-r-----. 1 root named 91 May  7 14:15 /etc/rndc.key

Configure Bind service

Next, insert the following lines to the existing /etc/named.conf file:

include "/etc/rndc.key";
controls {
      inet port 953
      allow {; } keys { "rndc-key"; };

Restart Bind DNS server

Lastly, restart named daemon:

# service named restart
Redirecting to /bin/systemctl restart named.service