Skip to main content

DNS: Working with RNDC Keys

Hands-On Lab


Photo of Cara Nolte

Cara Nolte

Linux Training Architect II





BIND uses a shared secret key authentication method to grant privileges to hosts. It is important to know how to generate this key for administration purposes. In this hands-on lab, we will learn to configure the RNDC key and configuration file, and link it to the named service. To accomplish this, we will install the BIND package and recreate the RNDC key and configuration. We will then copy the new configuration to the named.conf file. To complete this lab, you will have to show that a new configuration has been created and that DNS queries are being cached on localhost.

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

DNS: Working with RNDC Keys

In this lab, we will be working with RNDC. We will be recreating an RNDC key, and linking it to the named configuration, then we'll need to show that we have create a new configuration and that DNS queries are being cached on localhost

Before We Begin

To get started, we need to log in to our lab server using the cloud_user and provided password. Note that we need to change <"provided lab server IP"> to the IP provided by the lab credentials:

ssh cloud_user@<"provided lab server IP">

After, we need to use sudo -i to gain root access in the terminal:

sudo -i

Search for the id:


Install the bind and bind-utils packages

  1. Install the bind and bind-utils packages using yum:
yum install -y bind bind-utils
  1. Start and enable the named service:
systemctl start named

systemctl enable named
  1. Review the key we created:

    ls -al /etc/rndc.key
  2. Open the file with cat to see our secret strand:

    cat /etc/rndc.key

    Recreate the RNDC key and configuration file

  3. Remove the rndc.key file, and enter y when prompted:

    rm /etc/rndc.key
  4. Double-check it's removed using:

    rndc reload

    We get back a message saying it wasn't found.

  5. Stop the named service.

    systemctl stop named
  6. Generate the key and connect it to our configuration file.

    rndc-confgen -r /dev/urandom > /etc/rndc.conf

Link the RNDC configuration to the named Configuration

  1. Open the /etc/rndc.conf file with vim:

    more /etc/rndc.conf
  2. Copy the section under # End of rndc.conf

  3. Open the /etc/named.conf file for editing with vim.

    vim /etc/named.conf
  4. Paste the copied section into /etc/named.conf just before the include statements and delete the # signs at the beginning of each line except for the line beginning with # Use.

  5. Save the document using :wq~.

  6. Next, to check that there are no syntax errors, use named-checkconf.

  7. Next start and then reload the service:

    systemctl start named
    rndc reload

Start the named and Test the RNDC Configuration

  1. Start the named service.
    systemctl start named
  2. Test the configuration to ensure records are being cached on the localhost.


Congratulations on reconnecting and RNDC key to to the named service!