Using the rndc Utility
The rndc utility is a command line tool that allows you to administer the named service, both locally and from a remote machine. Its usage is as follows
rndc [option...] command [command-option]
Configuring the Utility
To prevent unauthorized access to the service, named must be configured to listen on the selected port (that is, 953 by default), and an identical key must be used by both the service and the rndc utility.
The rndc configuration is located in /etc/rndc.conf. If the file does not exist, the utility will use the key located in /etc/rndc.key, which was generated automatically during the installation process using the rndc-confgen -a command.
Using rndc
BIND includes a utility called rndc that allows you to administer the named daemon, locally or remotely, with command line statements. The rndc program uses the /etc/rndc.conf file for its configuration options, which can be overridden with command line options.
In order to prevent unauthorized users on other systems from controlling BIND on your server, a shared secret key method is used to explicitly grant privileges to particular hosts. In order for rndc to issue commands to any named, even on a local machine, the keys used in /etc/named.conf and /etc/rndc.conf must match.
When executing rndc on a properly configured localhost, the following commands are available:
halt — Stops the named service immediately.
querylog — Turns on logging of all queries made by clients to this nameserver.
refresh — Refreshes the nameserver’s database.
reload — Tells the nameserver to reload the zone files but keep all other previously cached responses. This allows you to make changes to zone files and have them take effect on your master and slave servers without losing all stored name resolutions.
If your changes only affected a particular zone, you can tell named to only reload that one zone. Type the name of the zone after the reload command.
stats — Dumps the current named stats to the /var/named/named.stats file.
stop — Stops the server gracefully, saving any dynamic update and IXFR data before exiting.
Fixing rndc error in WHM/cPanel
(ndc: connection failed: connection refused)
To get your name servers working, you will need to eliminate this error, it
is quite a simple fix and can be completed in a few minutes via the
standard cPanel /scripts
1. Login to your server as root via SSH
2. Run:
3. Run:
If not fixed then.
1. Login to your server as root via SSH
2. Run: vi /etc/rndc.conf
replace all instances of “rndc-key” with “rndckey”
3. Run: vi /etc/named.conf
replace all instances of “rndc-key” with “rndckey”
4. Run:
5. Run:
6. If you received an error in the last step, run /scripts/fixndc another
time.
7. Restart named.
