17.2.3. Using the rndc Utility

The rndc utility is a command-line tool that allows you to administer the named service, both locally and from a remote machine. Its usage is as follows:
rndc [option...] command [command-option] Configuring the Utility

To prevent unauthorized access to the service, named must be configured to listen on the selected port (that is, 953 by default), and an identical key must be used by both the service and the rndc utility.

Table 17.7. Relevant files

Path Description
/etc/named.conf The default configuration file for the named service.
/etc/rndc.conf The default configuration file for the rndc utility.
/etc/rndc.key The default key location.
The rndc configuration is located in /etc/rndc.conf. If the file does not exist, the utility will use the key located in /etc/rndc.key, which was generated automatically during the installation process using the rndc-confgen -a command.
The named service is configured using the controls statement in the /etc/named.conf configuration file as described in Section, “Other Statement Types”. Unless this statement is present, only the connections from the loopback address (that is, will be allowed, and the key located in /etc/rndc.key will be used.
For more information on this topic, see manual pages and the BIND 9 Administrator Reference Manual listed in Section 17.2.7, “Additional Resources”.

Set the correct permissions

To prevent unprivileged users from sending control commands to the service, make sure only root is allowed to read the /etc/rndc.key file:
~]# chmod o-rwx /etc/rndc.key