Make Homepage | Add To Favorites | Print Page | Submit News | Feedback | Contact | 

Your Technical Computer Information Resource!  
     

  Configuring RNDC for BIND9  
TACKtech Corp. > Articles > Software > FreeBSD

Configuring RNDC for BIND9 (TTID #323)

Author: Travis   Views: 62,771 /  Created: March 13, 2004
Configuring rndc for BIND 9 can be tricky. You need to first have a rndc.conf file created with a security key.

rndc-confgen -a -c /etc/namedb/rndc.conf -k dnsadmin -b 256

The -k option to set the key name that is generated by rndc-confgen to be something different than the default name of "rndc-key". It is highly recommended that you do change the key name, mostly on a DNS server that is on a network that you may not have full knowledge or control over the traffic flowing through it, mostly when you want to open up rndc use to other machines on that network.

The -b is option sets the key size, in bits, that is generated. By default, the key size is 128 bits, though the size can range from 1 to 512 bits. It is recommended that you use a key size of at least 256 bits if you are using this for a public DNS server.

This creates the rndc.conf file with this information.
key "rndc-key" {
    algorithm hmac-md5;
    secret "nm/hkdldjGjsdfjSdfsdDD==";
};


Add this to the file.
options {
    default-key "rndc-key";
    default-server 127.0.0.1;
};


Next you need to add the key info to the namedb.conf file.

key "dnsadmin" {
    algorithm hmac-md5;
    secret "secret-string";
};

controls {
    inet * allow { 127.0.0.1; } keys { "dnsadmin"; };
};


Now, stop and restart your bind service.



Control BIND with rndc using these options.
reload - Reload configuration file and zones.

reload zone [class [view]] - Reload the given zone.

refresh zone [class [view]] - Schedule zone maintenance for the given zone.

retransfer zone [class [view]] - Retransfer the given zone from the master.

freeze zone [class [view]] - Suspend updates to a dynamic zone. This allows manual edits to be made to a zone normally updated by dynamic update. It also causes changes in the journal file to be synced into the master and the journal file to be removed. All dynamic update attempts will be refused while the zone is frozen.

unfreeze zone [class [view]] - Enable updates to a frozen dynamic zone. This causes the server to reload the zone from disk, and re-enables dynamic updates after the load has completed. After a zone is unfrozen, dynamic updates will no longer be refused.

reconfig - Reload the configuration file and load new zones, but do not reload existing zone files even if they have changed. This is faster than a full reload when there is a large number of zones because it avoids the need to examine the modification times of the zones files.

stats - Write server statistics to the statistics file.

querylog - Toggle query logging. Query logging can also be enabled by explictly directing the queries category to a channel in the logging section of named.conf.

dumpdb - Dump the server's caches to the dump file.

stop - Stop the server, making sure any recent changes made through dynamic update or IXFR are first saved to the master files of the updated zones.

halt - Stop the server immediately. Recent changes made through dynamic update or IXFR are not saved to the master files, but will be rolled forward from the journal files when the server is restarted.

trace - Increment the servers debugging level by one.

trace level - Sets the server's debugging level to an explicit value.

notrace - Sets the server's debugging level to 0.

flush - Flushes the server's cache.

status - Display status of the server.

Revision History:

03.13.2004 - Inital Article. - Travis
03.13.2004 - Put options into a table. - Kevin 06.17.2007 - W3C validated page. - Kevin

Your Name:


Your E-Mail: (required)


Friend's E-Mail: (required)




View Our World Wide Web Customer Privacy Policy
  Featured Articles  
  Quick Links  
  Top Affiliates  
........