11/15/2016 · # cp rndc.key ns-example-com_rndc-key You can generate a new key with the following options: algorithm HMAC-MD5 – identifies 157 (required for a TSIG signature and only algorithm supported by BIND) length of 512 octets (multiple of 64 with a maximum length of 512 for the above algorithm) name : ns-example-com_rndc-key, // Managing acls (access control list) acl internals {127.0.0.0/8 192.168.0.0/24} // Load options include /etc/bind/named.conf.options // TSIG key used for the dynamic update include /etc/bind/ ns-example-com_rndc-key // Configure the communication channel for Administrative BIND9 with rndc // By default, they key is in the rndc.key file and is used by rndc and bind9 // on the localhost controls {inet.
5/27/2015 · //allow-update { key ns-example-com_rndc-key } allow-update { key rndc-key } //confusion between the file name to import ( ns-example-com_rndc-key ) and the key label ( rndc-key ) ? } zone 0.168.192.in-addr.arpa { type slave file /var/cache/bind/db.example.com.inv.zone masters { 192.168.0.2 } //see comment below (zone example.com) //forwarders {} //allow-update { key ns-example-com_rndc-key } allow-update { key rndc-key.
remove allow-update { key rndc-key } At the slave server modify the zones: # cd /etc # vi named.conf zone example.com IN { type slave file slaves/example.com masters { 192.168.1.11 }} Test DNS resolution. The following dig command can be run from either name server should return the records for the domain on that server.
The rndc.key file also has its permissions set such that only the owner of the file (the user that named is running as) can access it. If you desire greater flexibility in allowing other users to access rndc commands, then you need to create a rndc.conf file and make it group readable by a group that contains the users who should have access.
