man.rndc.conf.html revision 3cddb2c552ee6582e8db0849c28747f6b6ca57fe
77ab862dca0158f88a107e105f868ba0f157a7e8Automatic Updater - Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - Copyright (C) 2000-2003 Internet Software Consortium.
ec5347e2c775f027573ce5648b910361aa926c01Automatic Updater - Permission to use, copy, modify, and/or distribute this software for any
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington - purpose with or without fee is hereby granted, provided that the above
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington - copyright notice and this permission notice appear in all copies.
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - PERFORMANCE OF THIS SOFTWARE.
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington<!-- $Id: man.rndc.conf.html,v 1.133 2009/07/15 01:13:11 tbox Exp $ -->
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington<link rel="up" href="Bv9ARM.ch10.html" title="Manual pages">
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington<link rel="prev" href="man.rndc.html" title="rndc">
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington<link rel="next" href="man.rndc-confgen.html" title="rndc-confgen">
d468b1b7b2ccfdf132df15f600be48dccf447eb1Evan Hunt<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington<table width="100%" summary="Navigation header">
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington<tr><th colspan="3" align="center"><code class="filename">rndc.conf</code></th></tr>
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington<a accesskey="p" href="man.rndc.html">Prev</a>�</td>
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington<th width="60%" align="center">Manual pages</th>
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington<td width="20%" align="right">�<a accesskey="n" href="man.rndc-confgen.html">Next</a>
f754fa97bc698cc251d227173a95e4d39a88ac01Mark Andrews<a name="man.rndc.conf"></a><div class="titlepage"></div>
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington<p><code class="filename">rndc.conf</code> — rndc configuration file</p>
4257a38160fbe96bd57189205c974915da973145Andreas Gustafsson<div class="cmdsynopsis"><p><code class="command">rndc.conf</code> </p></div>
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington<a name="id2607895"></a><h2>DESCRIPTION</h2>
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington<p><code class="filename">rndc.conf</code> is the configuration file
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington for <span><strong class="command">rndc</strong></span>, the BIND 9 name server control
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington utility. This file has a similar structure and syntax to
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein <code class="filename">named.conf</code>. Statements are enclosed
4257a38160fbe96bd57189205c974915da973145Andreas Gustafsson in braces and terminated with a semi-colon. Clauses in
4257a38160fbe96bd57189205c974915da973145Andreas Gustafsson the statements are also semi-colon terminated. The usual
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington comment styles are supported:
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington C style: /* */
bde20a0436dff13e2299cfd4230ddec54d396d02Mark Andrews C++ style: // to end of line
f754fa97bc698cc251d227173a95e4d39a88ac01Mark Andrews Unix style: # to end of line
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington<p><code class="filename">rndc.conf</code> is much simpler than
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington <code class="filename">named.conf</code>. The file uses three
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington statements: an options statement, a server statement
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington and a key statement.
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington The <code class="option">options</code> statement contains five clauses.
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington The <code class="option">default-server</code> clause is followed by the
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington name or address of a name server. This host will be used when
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington no name server is given as an argument to
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington <span><strong class="command">rndc</strong></span>. The <code class="option">default-key</code>
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington clause is followed by the name of a key which is identified by
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington a <code class="option">key</code> statement. If no
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington <code class="option">keyid</code> is provided on the rndc command line,
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington and no <code class="option">key</code> clause is found in a matching
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington <code class="option">server</code> statement, this default key will be
bde20a0436dff13e2299cfd4230ddec54d396d02Mark Andrews used to authenticate the server's commands and responses. The
bde20a0436dff13e2299cfd4230ddec54d396d02Mark Andrews <code class="option">default-port</code> clause is followed by the port
bde20a0436dff13e2299cfd4230ddec54d396d02Mark Andrews to connect to on the remote name server. If no
bde20a0436dff13e2299cfd4230ddec54d396d02Mark Andrews <code class="option">port</code> option is provided on the rndc command
bde20a0436dff13e2299cfd4230ddec54d396d02Mark Andrews line, and no <code class="option">port</code> clause is found in a
bde20a0436dff13e2299cfd4230ddec54d396d02Mark Andrews matching <code class="option">server</code> statement, this default port
bde20a0436dff13e2299cfd4230ddec54d396d02Mark Andrews will be used to connect.
bde20a0436dff13e2299cfd4230ddec54d396d02Mark Andrews The <code class="option">default-source-address</code> and
bde20a0436dff13e2299cfd4230ddec54d396d02Mark Andrews <code class="option">default-source-address-v6</code> clauses which
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington can be used to set the IPv4 and IPv6 source addresses
bde20a0436dff13e2299cfd4230ddec54d396d02Mark Andrews respectively.
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington After the <code class="option">server</code> keyword, the server
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington statement includes a string which is the hostname or address
75ace6601e66840436f52e61353ee0d400577b55Mark Andrews for a name server. The statement has three possible clauses:
9dafd058e3cfdd8218247811cea792588ec19052Andreas Gustafsson <code class="option">key</code>, <code class="option">port</code> and
9dafd058e3cfdd8218247811cea792588ec19052Andreas Gustafsson <code class="option">addresses</code>. The key name must match the
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington name of a key statement in the file. The port number
75ace6601e66840436f52e61353ee0d400577b55Mark Andrews specifies the port to connect to. If an <code class="option">addresses</code>
5fe21da364d4397c9a413fe689ce82dea36a7b29Mark Andrews clause is supplied these addresses will be used instead of
5fe21da364d4397c9a413fe689ce82dea36a7b29Mark Andrews the server name. Each address can take an optional port.
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington If an <code class="option">source-address</code> or <code class="option">source-address-v6</code>
f754fa97bc698cc251d227173a95e4d39a88ac01Mark Andrews of supplied then these will be used to specify the IPv4 and IPv6
f754fa97bc698cc251d227173a95e4d39a88ac01Mark Andrews source addresses respectively.
f754fa97bc698cc251d227173a95e4d39a88ac01Mark Andrews The <code class="option">key</code> statement begins with an identifying
f754fa97bc698cc251d227173a95e4d39a88ac01Mark Andrews string, the name of the key. The statement has two clauses.
f754fa97bc698cc251d227173a95e4d39a88ac01Mark Andrews <code class="option">algorithm</code> identifies the encryption algorithm
f754fa97bc698cc251d227173a95e4d39a88ac01Mark Andrews for <span><strong class="command">rndc</strong></span> to use; currently only HMAC-MD5
f754fa97bc698cc251d227173a95e4d39a88ac01Mark Andrews supported. This is followed by a secret clause which contains
f754fa97bc698cc251d227173a95e4d39a88ac01Mark Andrews the base-64 encoding of the algorithm's encryption key. The
f754fa97bc698cc251d227173a95e4d39a88ac01Mark Andrews base-64 string is enclosed in double quotes.
2e740e169dbebe0a4e1c2b0ff2be7f90ad0a4ae1Mark Andrews There are two common ways to generate the base-64 string for the
2e740e169dbebe0a4e1c2b0ff2be7f90ad0a4ae1Mark Andrews secret. The BIND 9 program <span><strong class="command">rndc-confgen</strong></span>
f754fa97bc698cc251d227173a95e4d39a88ac01Mark Andrews be used to generate a random key, or the
f754fa97bc698cc251d227173a95e4d39a88ac01Mark Andrews <span><strong class="command">mmencode</strong></span> program, also known as
f754fa97bc698cc251d227173a95e4d39a88ac01Mark Andrews <span><strong class="command">mimencode</strong></span>, can be used to generate a
f754fa97bc698cc251d227173a95e4d39a88ac01Mark Andrews string from known input. <span><strong class="command">mmencode</strong></span> does
cf300e03de3df3ff422db922520bf07c686c86daMark Andrews ship with BIND 9 but is available on many systems. See the
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington EXAMPLE section for sample command lines for each.
f754fa97bc698cc251d227173a95e4d39a88ac01Mark Andrews default-server localhost;
2e740e169dbebe0a4e1c2b0ff2be7f90ad0a4ae1Mark Andrews default-key samplekey;
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington server localhost {
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington key samplekey;
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington server testserver {
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington addresses { localhost port 5353; };
5455f30a7532738d750252c00e649890c694ee30Brian Wellington key samplekey {
60213f2815a7e6584a2285546d05633fa7b6f5b4Mark Andrews algorithm hmac-md5;
60213f2815a7e6584a2285546d05633fa7b6f5b4Mark Andrews secret "6FMfj43Osz4lyb24OIe2iGEz9lf1llJO+lz";
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews key testkey {
cde7dfea4c1267a2b526114f4ea80fe9db1fc557Brian Wellington algorithm hmac-md5;
109580e7e5c92b98c641836ccb5949b4802ffcedMark Andrews secret "R3HI8P6BKw9ZwXwN3VZKuQ==";
a9ae9d743c7f85bec44e95b1f62c7a2a114a2fd6Mark Andrews In the above example, <span><strong class="command">rndc</strong></span> will by
e64aa1b4f2ed83c2a7b8b3667fb13ef67ccf14e9Michael Graff the server at localhost (127.0.0.1) and the key called samplekey.
e64aa1b4f2ed83c2a7b8b3667fb13ef67ccf14e9Michael Graff Commands to the localhost server will use the samplekey key, which
e64aa1b4f2ed83c2a7b8b3667fb13ef67ccf14e9Michael Graff must also be defined in the server's configuration file with the
72ddc4cef9c6a6de53aae530dea1ddbb90631131Mark Andrews same name and secret. The key statement indicates that samplekey
72ddc4cef9c6a6de53aae530dea1ddbb90631131Mark Andrews uses the HMAC-MD5 algorithm and its secret clause contains the
2a71a21346ce6a098b7daf98358d5bdced8e6eb6Mark Andrews base-64 encoding of the HMAC-MD5 secret enclosed in double quotes.
d2ef84e07b67e72a4bd9c729c6b8228067d17584Mark Andrews If <span><strong class="command">rndc -s testserver</strong></span> is used then <span><strong class="command">rndc</strong></span> will
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington connect to server on localhost port 5353 using the key testkey.
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington To generate a random secret with <span><strong class="command">rndc-confgen</strong></span>:
c5cde9d5a70c921da901a23845e740ccc7a8c4e4Mark Andrews<p><strong class="userinput"><code>rndc-confgen</code></strong>
1b4e6163bed546ca7f8ad186f3eabfebacc36bc1Brian Wellington A complete <code class="filename">rndc.conf</code> file, including