rndc-confgen -b 512 | grep -m 1 "secret" | cut -d '"' -f 2

root:~# rndc status
rndc: connection to remote host closed
This may indicate that
* the remote server is using an older version of the command protocol,
* this host is not authorized to connect,
* the clocks are not syncronized, or
* the key is invalid.

key rndc_key {
    algorithm "hmac-md5";
    secret "longkey";
};

options {
    default-server localhost;
    default-key    rndc_key;
};

//
// Do any local configuration here
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";

controls {
    inet 127.0.0.1 allow { localhost; } keys { rndc_key; };
};

key "rndc_key" {
        algorithm hmac-md5;
        secret "longkey";
};

include "/etc/bind/named.conf.options";

// prime the server with knowledge of the root servers
zone "." {
   type hint;
   file "/etc/bind/db.root";
};

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912

zone "localhost" {
   type master;
   file "/etc/bind/db.local";
};

zone "0.0.127.in-addr.arpa" in {
    type master;
    file "db.127.0.0";
};

include "/etc/bind/named.conf.local";

options {
   directory "/var/cache/bind";

   // If there is a firewall between you and nameservers you want
   // to talk to, you might need to uncomment the query-source
   // directive below.  Previous versions of BIND always asked
   // questions using port 53, but BIND 8.1 and later use an unprivileged
   // port by default.

   // query-source address * port 53;

   // If your ISP provided one or more IP addresses for stable
   // nameservers, you probably want to use them as forwarders. 
   // Uncomment the following block, and insert the addresses replacing
   // the all-0's placeholder.

   forwarders {
       192.168.0.1;
    };

   auth-nxdomain no;    # conform to RFC1035
   listen-on-v6 { any; };
};