rndc.conf.html revision 61e1dc26d62c2a0059e3ca7efe2ad0f4a5b8df92
1c57c3f79db0bf0358bbe6d7b5ad650c0c852f4bTinderbox User - Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User - Copyright (C) 2001 Internet Software Consortium.
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User - Permission to use, copy, modify, and distribute this software for any
1c57c3f79db0bf0358bbe6d7b5ad650c0c852f4bTinderbox User - purpose with or without fee is hereby granted, provided that the above
1c57c3f79db0bf0358bbe6d7b5ad650c0c852f4bTinderbox User - copyright notice and this permission notice appear in all copies.
1c57c3f79db0bf0358bbe6d7b5ad650c0c852f4bTinderbox User - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
1c57c3f79db0bf0358bbe6d7b5ad650c0c852f4bTinderbox User - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
1c57c3f79db0bf0358bbe6d7b5ad650c0c852f4bTinderbox User - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
1c57c3f79db0bf0358bbe6d7b5ad650c0c852f4bTinderbox User - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User - PERFORMANCE OF THIS SOFTWARE.
0ce865f8b2e652d6fe0c029e3538f4cc7e009fe1Tinderbox User<!-- $Id: rndc.conf.html,v 1.8 2004/04/07 00:57:01 marka Exp $ -->
0da02c26a6631c25f075a8e4ac6de9e58f49a0c2Tinderbox UserNAME="GENERATOR"
0da02c26a6631c25f075a8e4ac6de9e58f49a0c2Tinderbox UserCONTENT="Modular DocBook HTML Stylesheet Version 1.73
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox UserCLASS="REFENTRY"
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox UserBGCOLOR="#FFFFFF"
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox UserTEXT="#000000"
14a656f94b1fd0ababd84a772228dfa52276ba15Evan HuntLINK="#0000FF"
14a656f94b1fd0ababd84a772228dfa52276ba15Evan HuntVLINK="#840084"
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox UserALINK="#0000FF"
14a656f94b1fd0ababd84a772228dfa52276ba15Evan HuntCLASS="FILENAME"
14a656f94b1fd0ababd84a772228dfa52276ba15Evan HuntCLASS="REFNAMEDIV"
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox UserCLASS="FILENAME"
8a48b6b9b6fa8486f24b22d1972b2b6ebb36a4a4Tinderbox User> -- rndc configuration file</DIV
8a48b6b9b6fa8486f24b22d1972b2b6ebb36a4a4Tinderbox UserCLASS="REFSYNOPSISDIV"
8a48b6b9b6fa8486f24b22d1972b2b6ebb36a4a4Tinderbox UserCLASS="COMMAND"
8a48b6b9b6fa8486f24b22d1972b2b6ebb36a4a4Tinderbox UserCLASS="REFSECT1"
a1ff871f78b7d907d6fc3a382beea2a640fe8423Tinderbox User>DESCRIPTION</H2
801d3c8888d6026eb1fd31c23e51e4f54dbc317eTinderbox UserCLASS="FILENAME"
adabefa84c3dcf048566cc23fd457c577f208eeaTinderbox User> is the configuration file
adabefa84c3dcf048566cc23fd457c577f208eeaTinderbox UserCLASS="COMMAND"
adabefa84c3dcf048566cc23fd457c577f208eeaTinderbox User>, the BIND 9 name server control
801d3c8888d6026eb1fd31c23e51e4f54dbc317eTinderbox User utility. This file has a similar structure and syntax to
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox UserCLASS="FILENAME"
0da02c26a6631c25f075a8e4ac6de9e58f49a0c2Tinderbox User>. Statements are enclosed
0da02c26a6631c25f075a8e4ac6de9e58f49a0c2Tinderbox User in braces and terminated with a semi-colon. Clauses in
0da02c26a6631c25f075a8e4ac6de9e58f49a0c2Tinderbox User the statements are also semi-colon terminated. The usual
0da02c26a6631c25f075a8e4ac6de9e58f49a0c2Tinderbox User comment styles are supported:
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User> C style: /* */
0da02c26a6631c25f075a8e4ac6de9e58f49a0c2Tinderbox User> C++ style: // to end of line
eb2a5f51bd5c100799d93d51c9e22666cbd64d90Tinderbox User> Unix style: # to end of line
0da02c26a6631c25f075a8e4ac6de9e58f49a0c2Tinderbox UserCLASS="FILENAME"
0da02c26a6631c25f075a8e4ac6de9e58f49a0c2Tinderbox User> is much simpler than
14a656f94b1fd0ababd84a772228dfa52276ba15Evan HuntCLASS="FILENAME"
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User>. The file uses three
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User statements: an options statement, a server statement
0da02c26a6631c25f075a8e4ac6de9e58f49a0c2Tinderbox User and a key statement.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox UserCLASS="OPTION"
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User> statement contains three clauses.
0da02c26a6631c25f075a8e4ac6de9e58f49a0c2Tinderbox UserCLASS="OPTION"
0da02c26a6631c25f075a8e4ac6de9e58f49a0c2Tinderbox User>default-server</TT
0da02c26a6631c25f075a8e4ac6de9e58f49a0c2Tinderbox User> clause is followed by the
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User name or address of a name server. This host will be used when
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User no name server is given as an argument to
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox UserCLASS="COMMAND"
0da02c26a6631c25f075a8e4ac6de9e58f49a0c2Tinderbox UserCLASS="OPTION"
0da02c26a6631c25f075a8e4ac6de9e58f49a0c2Tinderbox User>default-key</TT
0da02c26a6631c25f075a8e4ac6de9e58f49a0c2Tinderbox User clause is followed by the name of a key which is identified by
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox UserCLASS="OPTION"
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User> statement. If no
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox UserCLASS="OPTION"
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt> is provided on the rndc command line,
0ce865f8b2e652d6fe0c029e3538f4cc7e009fe1Tinderbox UserCLASS="OPTION"
0ce865f8b2e652d6fe0c029e3538f4cc7e009fe1Tinderbox User> clause is found in a matching
0ce865f8b2e652d6fe0c029e3538f4cc7e009fe1Tinderbox UserCLASS="OPTION"
3cdd0f1bc921f19e790b4f795b90eabc94e9a74aTinderbox User> statement, this default key will be
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User used to authenticate the server's commands and responses. The
0da02c26a6631c25f075a8e4ac6de9e58f49a0c2Tinderbox UserCLASS="OPTION"
0da02c26a6631c25f075a8e4ac6de9e58f49a0c2Tinderbox User>default-port</TT
0da02c26a6631c25f075a8e4ac6de9e58f49a0c2Tinderbox User> clause is followed by the port
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User to connect to on the remote name server. If no
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox UserCLASS="OPTION"
0da02c26a6631c25f075a8e4ac6de9e58f49a0c2Tinderbox User> option is provided on the rndc command
0da02c26a6631c25f075a8e4ac6de9e58f49a0c2Tinderbox User line, and no <TT
0da02c26a6631c25f075a8e4ac6de9e58f49a0c2Tinderbox UserCLASS="OPTION"
0da02c26a6631c25f075a8e4ac6de9e58f49a0c2Tinderbox User> clause is found in a
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox UserCLASS="OPTION"
0da02c26a6631c25f075a8e4ac6de9e58f49a0c2Tinderbox User> statement, this default port
0da02c26a6631c25f075a8e4ac6de9e58f49a0c2Tinderbox User will be used to connect.
0da02c26a6631c25f075a8e4ac6de9e58f49a0c2Tinderbox User> After the <TT
0da02c26a6631c25f075a8e4ac6de9e58f49a0c2Tinderbox UserCLASS="OPTION"
2acf9aa8ffa476bee7003fd788539ed714733464Tinderbox User> keyword, the server statement
2acf9aa8ffa476bee7003fd788539ed714733464Tinderbox User includes a string which is the hostname or address for a name
2acf9aa8ffa476bee7003fd788539ed714733464Tinderbox User server. The statement has two possible clauses:
2acf9aa8ffa476bee7003fd788539ed714733464Tinderbox UserCLASS="OPTION"
fb2e132c5c1246d709ade9a2b3dad5ad72d35c5cTinderbox UserCLASS="OPTION"
fb2e132c5c1246d709ade9a2b3dad5ad72d35c5cTinderbox User>. The key name must
fb2e132c5c1246d709ade9a2b3dad5ad72d35c5cTinderbox User match the name of a key statement in the file. The port number
fb2e132c5c1246d709ade9a2b3dad5ad72d35c5cTinderbox User specifies the port to connect to.
fb2e132c5c1246d709ade9a2b3dad5ad72d35c5cTinderbox UserCLASS="OPTION"
fb2e132c5c1246d709ade9a2b3dad5ad72d35c5cTinderbox User> statement begins with an identifying
fb2e132c5c1246d709ade9a2b3dad5ad72d35c5cTinderbox User string, the name of the key. The statement has two clauses.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox UserCLASS="OPTION"
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User>algorithm</TT
0da02c26a6631c25f075a8e4ac6de9e58f49a0c2Tinderbox User> identifies the encryption algorithm
0da02c26a6631c25f075a8e4ac6de9e58f49a0c2Tinderbox UserCLASS="COMMAND"
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User> to use; currently only HMAC-MD5 is
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User supported. This is followed by a secret clause which contains
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User the base-64 encoding of the algorithm's encryption key. The
0da02c26a6631c25f075a8e4ac6de9e58f49a0c2Tinderbox User base-64 string is enclosed in double quotes.
0da02c26a6631c25f075a8e4ac6de9e58f49a0c2Tinderbox User> There are two common ways to generate the base-64 string for the
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User secret. The BIND 9 program <B
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox UserCLASS="COMMAND"
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User>rndc-confgen</B
0da02c26a6631c25f075a8e4ac6de9e58f49a0c2Tinderbox User be used to generate a random key, or the
0da02c26a6631c25f075a8e4ac6de9e58f49a0c2Tinderbox UserCLASS="COMMAND"
0da02c26a6631c25f075a8e4ac6de9e58f49a0c2Tinderbox User> program, also known as
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox UserCLASS="COMMAND"
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User>, can be used to generate a base-64
0da02c26a6631c25f075a8e4ac6de9e58f49a0c2Tinderbox User string from known input. <B
0da02c26a6631c25f075a8e4ac6de9e58f49a0c2Tinderbox UserCLASS="COMMAND"
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User ship with BIND 9 but is available on many systems. See the
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User EXAMPLE section for sample command lines for each.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox UserCLASS="REFSECT1"
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox UserCLASS="PROGRAMLISTING"
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User default-server localhost;
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User default-key samplekey;
ffe29868b4bbc64953fc5d0de51f988c20158967Tinderbox User server localhost {
ffe29868b4bbc64953fc5d0de51f988c20158967Tinderbox User key samplekey;
ffe29868b4bbc64953fc5d0de51f988c20158967Tinderbox User key samplekey {
ffe29868b4bbc64953fc5d0de51f988c20158967Tinderbox User algorithm hmac-md5;
ffe29868b4bbc64953fc5d0de51f988c20158967Tinderbox User secret "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";
ffe29868b4bbc64953fc5d0de51f988c20158967Tinderbox User> In the above example, <B
ffe29868b4bbc64953fc5d0de51f988c20158967Tinderbox UserCLASS="COMMAND"
ffe29868b4bbc64953fc5d0de51f988c20158967Tinderbox User> will by default use
ffe29868b4bbc64953fc5d0de51f988c20158967Tinderbox User the server at localhost (127.0.0.1) and the key called samplekey.
ffe29868b4bbc64953fc5d0de51f988c20158967Tinderbox User Commands to the localhost server will use the samplekey key, which
ffe29868b4bbc64953fc5d0de51f988c20158967Tinderbox User must also be defined in the server's configuration file with the
ffe29868b4bbc64953fc5d0de51f988c20158967Tinderbox User same name and secret. The key statement indicates that samplekey
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt uses the HMAC-MD5 algorithm and its secret clause contains the
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User base-64 encoding of the HMAC-MD5 secret enclosed in double quotes.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User> To generate a random secret with <B
14a656f94b1fd0ababd84a772228dfa52276ba15Evan HuntCLASS="COMMAND"
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User>rndc-confgen</B
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox UserCLASS="USERINPUT"
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt>rndc-confgen</B
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt> A complete <TT
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox UserCLASS="FILENAME"