2N/A - Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") 2N/A - Copyright (C) 2001 Internet Software Consortium. 2N/A - Permission to use, copy, modify, and distribute this software for any 2N/A - purpose with or without fee is hereby granted, provided that the above 2N/A - copyright notice and this permission notice appear in all copies. 2N/A - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 2N/A - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 2N/A - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 2N/A - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 2N/A - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 2N/A - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 2N/A - PERFORMANCE OF THIS SOFTWARE. 2N/ACONTENT="Modular DocBook HTML Stylesheet Version 1.73 2N/A> -- rndc configuration file</
DIV 2N/ACLASS="REFSYNOPSISDIV" 2N/A> is the configuration file
2N/A>, the BIND 9 name server control
2N/A utility. This file has a similar structure and syntax to
2N/A>. Statements are enclosed
2N/A in braces and terminated with a semi-colon. Clauses in
2N/A the statements are also semi-colon terminated. The usual
2N/A comment styles are supported:
2N/A> C++ style: // to end of line
2N/A> Unix style: # to end of line
2N/A> is much simpler than
2N/A>. The file uses three
2N/A statements: an options statement, a server statement
2N/A and a key statement.
2N/A> statement contains three clauses.
2N/A> clause is followed by the
2N/A name or address of a name server. This host will be used when
2N/A no name server is given as an argument to
2N/A clause is followed by the name of a key which is identified by
2N/A> is provided on the rndc command line,
2N/A> clause is found in a matching
2N/A> statement, this default key will be
2N/A used to authenticate the server's commands and responses. The
2N/A> clause is followed by the port
2N/A to connect to on the remote name server. If no
2N/A> option is provided on the rndc command
2N/A> clause is found in a
2N/A> statement, this default port
2N/A will be used to connect.
2N/A> keyword, the server statement
2N/A includes a string which is the hostname or address for a name
2N/A server. The statement has two possible clauses:
2N/A match the name of a key statement in the file. The port number
2N/A specifies the port to connect to.
2N/A> statement begins with an identifying
2N/A string, the name of the key. The statement has two clauses.
2N/A> identifies the encryption algorithm
2N/A> to use; currently only HMAC-MD5 is
2N/A supported. This is followed by a secret clause which contains
2N/A the base-64 encoding of the algorithm's encryption key. The
2N/A base-64 string is enclosed in double quotes.
2N/A> There are two common ways to generate the base-64 string for the
2N/A secret. The BIND 9 program <
B 2N/A be used to generate a random key, or the
2N/A> program, also known as
2N/A>, can be used to generate a base-64
2N/A string from known input. <
B 2N/A ship with BIND 9 but is available on many systems. See the
2N/A EXAMPLE section for sample command lines for each.
2N/ACLASS="PROGRAMLISTING" 2N/A default-server localhost;
2N/A default-key samplekey;
2N/A secret "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";
2N/A> In the above example, <
B 2N/A> will by default use
2N/A the server at localhost (127.0.0.1) and the key called samplekey.
2N/A Commands to the localhost server will use the samplekey key, which
2N/A must also be defined in the server's configuration file with the
2N/A same name and secret. The key statement indicates that samplekey
2N/A uses the HMAC-MD5 algorithm and its secret clause contains the
2N/A base-64 encoding of the HMAC-MD5 secret enclosed in double quotes.
2N/A> To generate a random secret with <
B 2N/A> file, including the
2N/A randomly generated key, will be written to the standard
2N/A output. Commented out <
TT 2N/A> To generate a base-64 secret with <
B 2N/A>echo "known plaintext for a secret" | mmencode</
B 2N/A>NAME SERVER CONFIGURATION</
H2 2N/A> The name server must be configured to accept rndc connections and
2N/A to recognize the key specified in the <
TT 2N/A file, using the controls statement in <
TT 2N/A See the sections on the <
TT 2N/A BIND 9 Administrator Reference Manual for details.
2N/ACLASS="REFENTRYTITLE" 2N/ACLASS="REFENTRYTITLE" 2N/ACLASS="REFENTRYTITLE" 2N/A>BIND 9 Administrator Reference Manual</
I 2N/A> Internet Software Consortium