rndc.conf.html revision 6564bfdd885e3e0f1c3764de0969ac54a84b0dca
1fdd2470b625a58b57d0b155e6caf8c4fc0afe8aAutomatic Updater - Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews - Copyright (C) 2001 Internet Software Consortium.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews - Permission to use, copy, modify, and distribute this software for any
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews - purpose with or without fee is hereby granted, provided that the above
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews - copyright notice and this permission notice appear in all copies.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews - PERFORMANCE OF THIS SOFTWARE.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews<!-- $Id: rndc.conf.html,v 1.9 2004/06/03 04:12:38 marka Exp $ -->
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsNAME="GENERATOR"
9b469e3c59015b1a4899c9d8395168126fe094fdAutomatic UpdaterCONTENT="Modular DocBook HTML Stylesheet Version 1.73
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsCLASS="REFENTRY"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsBGCOLOR="#FFFFFF"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsTEXT="#000000"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsLINK="#0000FF"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsVLINK="#840084"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsALINK="#0000FF"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsCLASS="FILENAME"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsCLASS="REFNAMEDIV"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsCLASS="FILENAME"
9b469e3c59015b1a4899c9d8395168126fe094fdAutomatic Updater> -- rndc configuration file</DIV
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsCLASS="REFSYNOPSISDIV"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews>Synopsis</H2
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsCLASS="COMMAND"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsCLASS="REFSECT1"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews>DESCRIPTION</H2
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsCLASS="FILENAME"
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews> is the configuration file
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsCLASS="COMMAND"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews>, the BIND 9 name server control
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews utility. This file has a similar structure and syntax to
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsCLASS="FILENAME"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews>. Statements are enclosed
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews in braces and terminated with a semi-colon. Clauses in
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews the statements are also semi-colon terminated. The usual
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews comment styles are supported:
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews> C style: /* */
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews> C++ style: // to end of line
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews> Unix style: # to end of line
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsCLASS="FILENAME"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews> is much simpler than
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsCLASS="FILENAME"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews>. The file uses three
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews statements: an options statement, a server statement
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews and a key statement.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsCLASS="OPTION"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews> statement contains three clauses.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsCLASS="OPTION"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews>default-server</TT
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews> clause is followed by the
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews name or address of a name server. This host will be used when
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews no name server is given as an argument to
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsCLASS="COMMAND"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsCLASS="OPTION"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews>default-key</TT
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews clause is followed by the name of a key which is identified by
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsCLASS="OPTION"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews> statement. If no
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsCLASS="OPTION"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews> is provided on the rndc command line,
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsCLASS="OPTION"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews> clause is found in a matching
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsCLASS="OPTION"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews> statement, this default key will be
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews used to authenticate the server's commands and responses. The
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsCLASS="OPTION"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews>default-port</TT
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews> clause is followed by the port
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews to connect to on the remote name server. If no
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsCLASS="OPTION"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews> option is provided on the rndc command
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews line, and no <TT
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsCLASS="OPTION"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews> clause is found in a
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews matching <TT
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsCLASS="OPTION"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews> statement, this default port
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews will be used to connect.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews> After the <TT
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsCLASS="OPTION"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews> keyword, the server statement
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews includes a string which is the hostname or address for a name
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews server. The statement has two possible clauses:
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsCLASS="OPTION"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews>. The key name must
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews match the name of a key statement in the file. The port number
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews specifies the port to connect to.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsCLASS="OPTION"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews> statement begins with an identifying
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews string, the name of the key. The statement has two clauses.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsCLASS="OPTION"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews> identifies the encryption algorithm
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsCLASS="COMMAND"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews> to use; currently only HMAC-MD5 is
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews supported. This is followed by a secret clause which contains
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews the base-64 encoding of the algorithm's encryption key. The
9b469e3c59015b1a4899c9d8395168126fe094fdAutomatic Updater base-64 string is enclosed in double quotes.
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews> There are two common ways to generate the base-64 string for the
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews secret. The BIND 9 program <B
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsCLASS="COMMAND"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews>rndc-confgen</B
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews be used to generate a random key, or the
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsCLASS="COMMAND"
9b469e3c59015b1a4899c9d8395168126fe094fdAutomatic Updater> program, also known as
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsCLASS="COMMAND"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews>mimencode</B
4abdfc917e6635a7c81d1f931a0c79227e72d025Mark Andrews>, can be used to generate a base-64
4abdfc917e6635a7c81d1f931a0c79227e72d025Mark Andrews string from known input. <B
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark AndrewsCLASS="COMMAND"
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews ship with BIND 9 but is available on many systems. See the
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews EXAMPLE section for sample command lines for each.