Configure RNDC Key for Bind DNS server on CentOS 7

Objective

In order to administer DNS server (bind) from a command line, the RNDC utility needs to be correctly configured to avoid error message such as “rndc connect failed 127.0.0.1 connection refused“. The objective is to configure RNDC for Bind DNS server on CentOS 7 Linux.

Operating System and Software Versions

  • Operating System: – CentOS Linux release 7.4.1708 (Core) Linux
  • Software: – Bind 9

Requirements

Privileged access to your Ubuntu System as root or via sudo command is required.

Difficulty

EASY

Conventions

  • # – requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command
  • $ – requires given linux commands to be executed as a regular non-privileged user

Instructions

Generate RNDC Configuration

Start by execution of the rndc-confgen command to generate appropriate configuration settings:

# rndc-confgen


 generate rndc and bind configuration - centos

Execute the rndc-confgen linux command to generate rndc-key and appropriate configuration stanzas for Bind and RNDC services.

Configure RNDC

Insert the previously generated RNDC configuration stanza into the file /etc/rndc.key. Your code will be different:

key "rndc-key" {
        algorithm hmac-md5;
        secret "1KJjYVuDxsJpcmGIJs/0Uw==";
};

Confirm the file and ownership of the /etc/rndc.key file. The correct permissions will be:

# ls -l /etc/rndc.key 
-rw-r-----. 1 root named 91 May  7 14:15 /etc/rndc.key

Configure Bind service

Next, insert the following lines to the existing /etc/named.conf file:

include "/etc/rndc.key";
controls {
      inet 127.0.0.1 port 953
      allow { 127.0.0.1; } keys { "rndc-key"; };
};

Restart Bind DNS server

Lastly, restart named daemon:

# service named restart
Redirecting to /bin/systemctl restart named.service