named.conf:
options {
directory "/var/named";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
listen-on port 53 { 127.0.0.1;
192.168.0.2; };
};
# Use with the following in named.conf, adjusting the allow list as needed:
key "rndckey" {
algorithm hmac-md5;
secret "K0X1SybSt5YF+hwaoyK3Cg==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndckey"; };
};
# End of named.conf
zone "." IN {
type hint;
file "named.ca";
..............
options {
default-key "rndckey";
default-server 127.0.0.1;
default-port 953;
};
# End of rndc.conf
# Use with the following in named.conf, adjusting the allow list as needed:
# key "rndckey" {
# algorithm hmac-md5;
# secret "K0X1SybSt5YF+hwaoyK3Cg==";
# };
#
# controls {
# inet 127.0.0.1 port 953
# allow { 127.0.0.1; } keys { "rndckey"; };
# };
# End of named.conf
error:
[root@localhost log]# rndc status
rndc: connect failed: connection refused
log:
Jun 17 05:21:31 localhost named[12581]: starting BIND 9.2.3 -u named -t /var/named/chroot
Jun 17 05:21:31 localhost named[12581]: using 1 CPU
Jun 17 05:21:31 localhost named[12581]: loading configuration from '/etc/named.conf'
Jun 17 05:21:31 localhost named[12581]: listening on IPv4 interface lo, 127.0.0.1#53
Jun 17 05:21:31 localhost named[12581]: listening on IPv4 interface eth0, 192.168.0.2#53
Jun 17 05:21:31 localhost named[12581]: couldn't add command channel 127.0.0.1#953: not found
Jun 17 05:21:31 localhost named[12581]: couldn't add command channel ::1#953: not found
Jun 17 05:21:31 localhost named[12581]: running
Jun 17 15:21:31 localhost named: named