Show Table of Contents
17.2.3. Using the rndc Utility
The
rndc utility is a command-line tool that allows you to administer the named service, both locally and from a remote machine. Its usage is as follows:
rndc [option...] command [command-option]17.2.3.1. Configuring the Utility
To prevent unauthorized access to the service,
named must be configured to listen on the selected port (that is, 953 by default), and an identical key must be used by both the service and the rndc utility.
Table 17.7. Relevant files
The
rndc configuration is located in /etc/rndc.conf. If the file does not exist, the utility will use the key located in /etc/rndc.key, which was generated automatically during the installation process using the rndc-confgen -a command.
The
named service is configured using the controls statement in the /etc/named.conf configuration file as described in Section 17.2.1.2, “Other Statement Types”. Unless this statement is present, only the connections from the loopback address (that is, 127.0.0.1) will be allowed, and the key located in /etc/rndc.key will be used.
For more information on this topic, see manual pages and the BIND 9 Administrator Reference Manual listed in Section 17.2.7, “Additional Resources”.
Important
To prevent unprivileged users from sending control commands to the service, make sure only root is allowed to read the
/etc/rndc.key file:
~]# chmod o-rwx /etc/rndc.key
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.