DNS: Working with RNDC Keys

15 minutes
  • 6 Learning Objectives

About this Hands-on Lab

BIND uses a shared secret key authentication method to grant privileges to hosts. It is important to know how to generate this key for administration purposes. In this hands-on lab, we will learn to configure the RNDC key and configuration file, and link it to the `named` service. To accomplish this, we will install the BIND package and recreate the RNDC key and configuration. We will then copy the new configuration to the `named.conf` file. To complete this lab, you will have to show that a new configuration has been created and that DNS queries are being cached on `localhost`.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Log in to the lab server with the `cloud_user` and issue `sudo -i` to gain root access.
$ ssh cloud_user@**.**.**.** . (your lab server IP)
$ sudo -i
[sudo] password for cloud_user: 
# id
uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
Install the `bind` and `bind-utils` packages. Start and enable the `named` service.
  1. Install bind and bind-utils:
    # yum install -y bind bind-utils
  2. Start and enable the named service:
    # systemctl start named
    # systemctl enable named
Recreate the RNDC key and configuration file.
  1. Remove the rndc.key file.

    # rm /etc/rndc.key
  2. Stop the named service.

    # systemctl stop named
  3. Generate an rndc key and configuration file.

    # rndc-confgen -r /dev/urandom > /etc/rndc.conf
Link the RNDC configuration to the `named` configuration.
  1. Open the /etc/rndc.conf file with vim:

    # vim /etc/rndc.conf
  2. Copy the section "Copy to the named.conf file"

  3. Open the /etc/named.conf file for editing with vim.

    # vim /etc/named.conf
  4. Paste the copied section into /etc/named.conf just before the include statements and delete the # signs at the beginning of the lines.

Start the `named` service.
 # systemctl start named
Test the configuration to ensure records are being cached on the localhost.
# nslookup www.google.com

Additional Resources

The application team at ABC Company is experiencing an outage with their application. It was discovered that the key file for the named configuration was accidentally deleted. Since they were unable to restore the original file, we have been asked to recreate the RNDC key and link it to the named configuration.

  • Use the yum utility to install bind and bind-utils.
  • Remove the auto-generated /etc/rndc.key file in order to configure and link new keys.
  • Create a new RNDC key and link it to the named configuration using rndc-confgen.
  • Use systemctl to start the named service.
  • Use the nslookup utility to verify that DNS records are being cached on localhost.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?