um, you might want to edit your post and take that secret part out... It can be used to take over your dns server.

Btw, it looks good... One thing, you might need to explicitely specify the -c -s -p and -k parameters when you run rndc... I didn't have to with fc5 though.

Also, run 'tcpdump -s 0 -X -n -nn -i lo -l' (or run ethereal if you've got xwindows) when you run rndc to make sure that it is communicating correctly with bind. (It might be wise to turn off iptables for this test too, just to make sure it's not a firewall issue). You're looking for back and forth communication... Finally, whats the state of selinux on your system?

I removed the secret. Thanks!

Selinux is OFF!

I thought about the firewall issue too but that's not it. I tried either way and rndc won't connect.

tcpdump -s 0 -X -n -nn -i lo -l

this starts dumping tons of junk but basically I can see its the DNS resolution taking action. So I guess this is working...

Sorry, I didn't think your loopback had much communication... add " port 53 and port 953" to that tcpdump command to show only named traffic. If you want to test rndc, then only add " port 953"

rndc -k /etc/rndc.key -s 127.0.0.1 -p 953 flush

named is listening to port 953 as well as 53 right?

netstat -a -n -p|grep "named"

Btw, I'm using 9.3.2 ... it's possible that earlier versions of rndc lack features, or perhaps you need to specify some extra commands in your named.conf file to enable rndc due to how Centos compiled bind.