The rndc command controls the operation of a name server. If rndc is invoked with no command line options or arguments, it prints a short summary of the supported commands and the available options and their arguments.

rndc communicates with the name server over a TCP connection, sending commands authenticated with digital signatures. In the current versions of rndc and bind the only supported authentication algorithm is HMAC-MD5, which uses a shared secret on each end of the connection. This provides TSIG-style authentication for the command request and the name server's response. All commands sent over the channel must be signed by a key_id known to the server.

Type the following command as root to toggle query logging:

rndc querylog

Once this is done, you can view all logged queries usimg /var/log/messages file. To view those queries, type:

tail -f /var/log/messages

You might need to tail /var/log/syslog instead of /var/log/messages.

Type the following command as root to toggle query logging:

rndc querylog