DNS and BIND: Working with RNDC Keys

15 minutes
  • 5 Learning Objectives

About this Hands-on Lab

BIND uses a shared secret key authentication method to grant privileges to hosts. It is important to know how to generate this key for administration purposes. In this hands-on lab we will learn to configure the RNDC key and configuration file, and link it to the `named` service. To accomplish this, we will install the BIND package and recreate the RNDC key and configuration. We will then copy the new configuration to the `named.conf` file. To complete this lab, you will have to show that a new configuration has been created and that DNS queries are being cached on `localhost`.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Install, start, and enable the `named` service.
# yum install bind bind-utils -y
# systemctl start named
# systemctl enable named
Recreate the RNDC key and configuration file.
  • Remove the rndc key file. rm /etc/rndc.key
  • Stop the named service. systemctl stop named
  • Generate an rndc key and configuration file. rndc-confgen -r /dev/urandom > /etc/rndc.conf
Link the RNDC configuration to the named configuration.
  • Open the /etc/rndc.conf file with vim /etc/rndc.conf
  • Copy the section "Copy to the named.conf file"
  • Open the /etc/named.conf file for editing with vim /etc/named.conf
  • Paste the section into /etc/named.conf just before the include statements and delete the # signs at the beginning of the lines.
Start the named service.

systemctl start named
Test the configuration to ensure DNS records are being cached on localhost.
nslookup www.google.com

Additional Resources

An application team at ABCCompany is experiencing and outage with their application. It was discovered that the key file for the named configuration was accidentally deleted. Since they were unable to restore the original file, we have been asked to recreate the RNDC key and link it to the named configuration.

  • Use the yum utility to install bind and bind-utils.
  • Remove the auto-generated /etc/rndc.key file in order to learn to configure and link new keys.
  • Create a new RNDC key and link it to the named configuration using rndc-confgen.
  • Use systemctl to start the named service.
  • Use the nslookup utility to verify that DNS records are being cached on localhost.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?