How to setup rndc for bind 9.

Answer

RNDC setup for bind9


SIMPLE rndc setup:
==================
# rndc-confgen -a --> Performs automatic rndc configuration. This creates a file rndc.key in /etc (or whatever sysconfdir was specified as when BIND was built) that is read by both rndc and named on startup. The rndc.key file defines a default command channel and authentication key allowing rndc to communicate with named with no further configuration. With this configuration you will *NOT* need rndc.conf or corresponding named.conf entries.


ADVANCED rndc setup:
====================
Run rndc-confgen to generate rndc.conf and named.conf stanzas. It will generate a new key each time it is run. It will not modify any files. With this configuration you will *NOT* have an rndc.key file.

# rndc-confgen > /tmp/rndc.out
# cat /tmp/rndc.out

# Start of rndc.conf
key "rndc-key" {
algorithm hmac-md5;
secret "CDc0KiCGav8j+/moT1nTJg==";
};

options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};
# End of rndc.conf

# Use with the following in named.conf, adjusting the allow list as needed:
# key "rndc-key" {
# algorithm hmac-md5;
# secret "CDc0KiCGav8j+/moT1nTJg==";
# };
#
# controls {
# inet 127.0.0.1 port 953
# allow { 127.0.0.1; } keys { "rndc-key"; };
# };
# End of named.conf

Create your rndc.conf as per above output, and add the corresponding named.conf stanza, then:

# refresh -s named.

Check if it works:
# rndc status
number of zones: 5
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
server is up and running