Tuesday, November 29, 2011

How to configure rndc key with chrooted bind on linux?


■ Requirement : Configure rndc key with chrooted bind
■ OS Environment : Linux, RHEL 6.2, Centos
■ Implementation Steps :

1. Edit /etc/rndc.conf and add following lines :

options {
default-server 127.0.0.1;
default-key "rndckey";
};

server 127.0.0.1 {
key "rndckey";
};

key "rndckey" {
algorithm "hmac-md5";
secret "secret key will be placed here";
};

$ cd /var/named/chroot/etc/
$ dnssec-keygen -r /dev/urandom -a HMAC-MD5 -b 256 -n HOST rndc

5. Copy the key from private file and put it in /etc/rndc.conf at "secret" line.
6. Create a soft link :

$ln -s /var/named/chroot/etc/rndc.conf /etc/rndc.conf

8. Restart named and check status :

$service named restart

9. Verification : 

$rndc status

Output will look like :

version: 9.7.3-P3-RedHat-9.7.3-2.el6_1.P3.2
CPUs found: 1
worker threads: 1
number of zones: 20
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running

2 comments:

  1. Great job¡¡¡ 6th tutorial... and finally yours works¡¡¡

    ReplyDelete
    Replies
    1. Thanks for this tutorial. These directions worked for me using Scientific Linux 6.2 and BIND-9.9.2-p1.

      Delete