• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer navigation

The Geek Diary

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • VCS
  • Interview Questions
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
  • DevOps
    • Docker
    • Shell Scripting
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

How to use rndc command (command-line administration tool for named)

by admin

The rndc utility is a command-line tool to administer the named service, both locally and from a remote machine. To prevent unauthorized access to the service, rndc must be configured to listen on the selected port (port 953 by default), and an identical key must be used by both the service and the rndc utility. The rndc key is generated by using the following command:

# rndc-confgen -a
wrote key file "/etc/rndc.key"

This command creates the /etc/rndc.key file, which contains the key.

# cat /etc/rndc.key
key "rndc-key" {
        algorithm hmac-md5;
        secret "k7WFNCP01e1NwIgaIhvtQQ==";
};

To configure named to use the key, include the following entries in /etc/named.conf:

# vi /etc/named.conf<
include “/etc/rndc.key”;
controls {
         inet 127.0.0.1 allow { localhost; } keys { “rndckey”; }
};

The include statement allows files to be included so that potentially sensitive data can be placed in a separate file with restricted permissions. To ensure that only root can read the file, enter the following:

# chmod o-rwx /etc/rndc.key

The controls statement defines access information and the various security requirements necessary to use the rndc command.

  • inet: The example allows you to control rndc from a console on the localhost (127.0.0.1).
  • keys: Keys are used to authenticate various actions and are the primary access control method for remote administration. The example specifies using rndckey, which is defined in the /etc/rndc.key include file.

rndc command Examples

Type rndc to display usage of the utility and a list of available commands:

# rndc
Usage: rndc [-b address] [-c config] [-s server] [-p port]
        [-k key-file ] [-y key] [-V] command
command is one of the following:
  reload        Reload configuration file and zones.
  reload zone [class [view]]
                Reload a single zone.
  refresh zone [class [view]]
                Schedule immediate maintenance for a zone.
  retransfer zone [class [view]]
                Retransfer a single zone without checking the serial number.
  freeze        Suspend updates to all dynamic zones.
  freeze zone [class [view]]
                Suspend updates to a dynamic zone.
  thaw          Enable updates to all dynamic zones and reload them.
  thaw zone [class [view]]
                Enable updates to a frozen dynamic zone and reload it.
  sync [-clean] Dump changes to all dynamic zones to disk, and optionally
  ....

The following is an example of some of the rndc commands:

1. Use the rndc status command to check the current status of the named service:

# rndc status
number of zones: 3
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/1000
tcp clients: 0/100
server is up and running

Use the rndc reload command to reload both the configuration file and zones:

# rndc reload
server reload successful

Filed Under: CentOS/RHEL 6, CentOS/RHEL 7, Linux

Some more articles you might also be interested in …

  1. How to Change Password Of An LXC Container User Account
  2. How to Execute Scripts/Commands using /etc/rc.d/rc.local in CentOS/RHEL 7
  3. halt Command Examples in Linux
  4. How to disable avahi-daemon service in CentOS/RHEL
  5. How to disable FIPS mode on CentOS/RHEL 7
  6. How to avoid ssh from prompting key passphrase for passwordless logins
  7. Understanding SELinux Booleans
  8. pstree Command Examples in Linux
  9. gnome-terminal: command not found
  10. Configuring Persistent Storage in CentOS/RHEL 5,6 for Single Path using udev rules

You May Also Like

Primary Sidebar

Recent Posts

  • vgextend Command Examples in Linux
  • setpci command – configure PCI device
  • db_load command – generate db database
  • bsdtar command – Read and write tape archive files

© 2022 · The Geek Diary

  • Archives
  • Contact Us
  • Copyright