■ Requirement : Configure rndc key with chrooted bind
■ OS Environment : Linux, RHEL 6.2, Centos
■ Implementation Steps :
1. Edit /etc/rndc.conf and add following lines :
options {
default-server 127.0.0.1;
default-key "rndckey";
};
server 127.0.0.1 {
key "rndckey";
};
key "rndckey" {
algorithm "hmac-md5";
secret "secret key will be placed here";
};
$ cd /var/named/chroot/etc/
$ dnssec-keygen -r /dev/urandom -a HMAC-MD5 -b 256 -n HOST rndc
5. Copy the key from private file and put it in /etc/rndc.conf at "secret" line.
6. Create a soft link :
$ln -s /var/named/chroot/etc/rndc.conf /etc/rndc.conf
8. Restart named and check status :
$service named restart
9. Verification :
$rndc status
Output will look like :
version: 9.7.3-P3-RedHat-9.7.3-2.el6_1.P3.2
CPUs found: 1
worker threads: 1
number of zones: 20
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running