BIND uses a shared secret key authentication method to grant privileges to hosts. It is important to know how to generate this key for administration purposes. In this hands-on lab, we will learn to configure the RNDC key and configuration file, and link it to the `named` service. To accomplish this, we will install the BIND package and recreate the RNDC key and configuration. We will then copy the new configuration to the `named.conf` file. To complete this lab, you will have to show that a new configuration has been created and that DNS queries are being cached on `localhost`.
Successfully complete this lab by achieving the following learning objectives:
- Log in to the lab server with the `cloud_user` and issue `sudo -i` to gain root access.
$ ssh cloud_user@**.**.**.** . (your lab server IP) Password:
$ sudo -i [sudo] password for cloud_user: # # id uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
- Install the `bind` and `bind-utils` packages. Start and enable the `named` service.
# yum install -y bind bind-utils
- Start and enable the
# systemctl start named # systemctl enable named
- Recreate the RNDC key and configuration file.
# rm /etc/rndc.key
# systemctl stop named
Generate an rndc key and configuration file.
# rndc-confgen -r /dev/urandom > /etc/rndc.conf
- Link the RNDC configuration to the `named` configuration.
# vim /etc/rndc.conf
Copy the section "Copy to the named.conf file"
/etc/named.conffile for editing with
# vim /etc/named.conf
Paste the copied section into
/etc/named.confjust before the
includestatements and delete the # signs at the beginning of the lines.
- Start the `named` service.
# systemctl start named
- Test the configuration to ensure records are being cached on the localhost.
# nslookup www.google.com 127.0.0.1