Skip to content

How to Fix BIND rndc Command Not Found Error

DodaTech Updated 2026-06-24 2 min read

In this tutorial, you'll learn about How to Fix BIND rndc Command Not Found Error. We cover key concepts, practical examples, and best practices to help you understand and apply this topic effectively.

BIND rndc command returns rndc: connect failed: connection refused or rndc: error: couldn't get key — the rndc control channel is not configured or the key file is missing.

The Problem

$ sudo rndc status
rndc: connect failed: 127.0.0.1#953: connection refused

Step-by-Step Fix

Step 1: Generate rndc configuration

sudo rndc-confgen -a

This creates /etc/bind/rndc.key with a shared secret.

Step 2: Verify rndc key file

cat /etc/bind/rndc.key

Expected:

key "rndc-key" {
    algorithm hmac-sha256;
    secret "BASE64_ENCODED_SECRET=";
};

Step 3: Include the key in named.conf

// /etc/bind/named.conf
include "/etc/bind/rndc.key";

controls {
    inet 127.0.0.1 port 953
        allow { 127.0.0.1; } keys { "rndc-key"; };
};

Step 4: Restart BIND

sudo systemctl restart bind9

Step 5: Test rndc communication

rndc status

Expected:

version: BIND 9.18.0
running on: server1
boot time: Mon, 24 Jun 2026 10:00:00 UTC
last configured: Mon, 24 Jun 2026 10:00:00 UTC
...

Step 6: Check rndc configuration

rndc-confgen -r /dev/urandom
# Shows both named.conf and rndc.conf sections

Prevention Tips

  • Run rndc-confgen -a during initial BIND setup
  • Keep rndc.key permissions as 640 (readable by bind user)
  • Use rndc stats to dump statistics
  • Test rndc connectivity after every BIND configuration change

Common Mistakes with rndc not found

  1. Placing the wildcard pattern first in case expressions, making all subsequent patterns unreachable
  2. Using head and tail instead of pattern matching, causing runtime errors on empty lists
  3. Forgetting that lazy evaluation defers computation until the value is forced, causing space leaks with unevaluated thunks

These mistakes appear frequently in real-world BIND code. DodaTech's contributors have identified these patterns through analysis of open-source projects and production systems.

Practice Exercise

Write a pure function that safely divides two integers using Maybe, then test it with edge cases like division by zero and negative numbers.

This exercise reinforces the concepts covered in this guide. Try implementing it before checking online solutions.

FAQ

### Why does rndc say "connection refused"?

BIND's control channel is not configured or is bound to a different interface. Ensure the controls block in named.conf allows connections from localhost and that BIND is running. Restart BIND after adding the controls configuration.

What is the rndc key used for?

The rndc key authenticates commands sent to the BIND name server. Without a matching key in both rndc.conf/rndc.key and named.conf, rndc commands are rejected. The key is generated by rndc-confgen and must be kept secret.

How do I use rndc from a remote machine?

Configure the controls block to listen on the external interface and specify the allowed IPs and key: controls { inet 0.0.0.0 port 953 allow { 10.0.0.0/8; } keys { "rndc-key"; }; };. On the remote machine, create an rndc.conf with the same key.

Built by the developers of DodaTech

Doda Browser, DodaZIP & Durga Antivirus Pro