man.rndc.conf.html revision ccc383f3a74bdf3559650c630bbca24b11d8f8ae
1bc5499c2a0fc5d2b11849e97cdd6305a64eb242Evan Hunt - Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
71cef386fae61275b03e203825680b39fedaa8c6Tinderbox User - Copyright (C) 2000-2003 Internet Software Consortium.
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User - Permission to use, copy, modify, and distribute this software for any
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User - purpose with or without fee is hereby granted, provided that the above
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User - copyright notice and this permission notice appear in all copies.
d6fa26d0adaec6c910115be34fe7a5a5f402c14fMark Andrews - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
1bc5499c2a0fc5d2b11849e97cdd6305a64eb242Evan Hunt - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
1bc5499c2a0fc5d2b11849e97cdd6305a64eb242Evan Hunt - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
1bc5499c2a0fc5d2b11849e97cdd6305a64eb242Evan Hunt - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
cd32f419a8a5432fbb139f56ee73cbf68b9350ccTinderbox User - PERFORMANCE OF THIS SOFTWARE.
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater<!-- $Id: man.rndc.conf.html,v 1.100 2008/10/28 01:11:27 tbox Exp $ -->
1bc5499c2a0fc5d2b11849e97cdd6305a64eb242Evan Hunt<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
1bc5499c2a0fc5d2b11849e97cdd6305a64eb242Evan Hunt<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
1bc5499c2a0fc5d2b11849e97cdd6305a64eb242Evan Hunt<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
1bc5499c2a0fc5d2b11849e97cdd6305a64eb242Evan Hunt<link rel="up" href="Bv9ARM.ch10.html" title="Manual pages">
7e71f05d8643aca84914437c900cb716444507e4Tinderbox User<link rel="prev" href="man.rndc.html" title="rndc">
1bc5499c2a0fc5d2b11849e97cdd6305a64eb242Evan Hunt<link rel="next" href="man.rndc-confgen.html" title="rndc-confgen">
1bc5499c2a0fc5d2b11849e97cdd6305a64eb242Evan Hunt<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
1bc5499c2a0fc5d2b11849e97cdd6305a64eb242Evan Hunt<tr><th colspan="3" align="center"><code class="filename">rndc.conf</code></th></tr>
1bc5499c2a0fc5d2b11849e97cdd6305a64eb242Evan Hunt<a accesskey="p" href="man.rndc.html">Prev</a>�</td>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<th width="60%" align="center">Manual pages</th>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<td width="20%" align="right">�<a accesskey="n" href="man.rndc-confgen.html">Next</a>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<a name="man.rndc.conf"></a><div class="titlepage"></div>
1bc5499c2a0fc5d2b11849e97cdd6305a64eb242Evan Hunt<p><code class="filename">rndc.conf</code> — rndc configuration file</p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<div class="cmdsynopsis"><p><code class="command">rndc.conf</code> </p></div>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<p><code class="filename">rndc.conf</code> is the configuration file
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User for <span><strong class="command">rndc</strong></span>, the BIND 9 name server control
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User utility. This file has a similar structure and syntax to
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <code class="filename">named.conf</code>. Statements are enclosed
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User in braces and terminated with a semi-colon. Clauses in
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User the statements are also semi-colon terminated. The usual
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User comment styles are supported:
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User C style: /* */
7e71f05d8643aca84914437c900cb716444507e4Tinderbox User C++ style: // to end of line
1bc5499c2a0fc5d2b11849e97cdd6305a64eb242Evan Hunt Unix style: # to end of line
fd0b768f4c23d22c89f8a156a632831583b7fb68Automatic Updater<p><code class="filename">rndc.conf</code> is much simpler than
1bc5499c2a0fc5d2b11849e97cdd6305a64eb242Evan Hunt <code class="filename">named.conf</code>. The file uses three
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User statements: an options statement, a server statement
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User and a key statement.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User The <code class="option">options</code> statement contains five clauses.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User The <code class="option">default-server</code> clause is followed by the
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User name or address of a name server. This host will be used when
1bc5499c2a0fc5d2b11849e97cdd6305a64eb242Evan Hunt no name server is given as an argument to
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <span><strong class="command">rndc</strong></span>. The <code class="option">default-key</code>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User clause is followed by the name of a key which is identified by
1bc5499c2a0fc5d2b11849e97cdd6305a64eb242Evan Hunt a <code class="option">key</code> statement. If no
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <code class="option">keyid</code> is provided on the rndc command line,
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User and no <code class="option">key</code> clause is found in a matching
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater <code class="option">server</code> statement, this default key will be
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User used to authenticate the server's commands and responses. The
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <code class="option">default-port</code> clause is followed by the port
1bc5499c2a0fc5d2b11849e97cdd6305a64eb242Evan Hunt to connect to on the remote name server. If no
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <code class="option">port</code> option is provided on the rndc command
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User line, and no <code class="option">port</code> clause is found in a
1bc5499c2a0fc5d2b11849e97cdd6305a64eb242Evan Hunt matching <code class="option">server</code> statement, this default port
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User will be used to connect.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User The <code class="option">default-source-address</code> and
1bc5499c2a0fc5d2b11849e97cdd6305a64eb242Evan Hunt <code class="option">default-source-address-v6</code> clauses which
1bc5499c2a0fc5d2b11849e97cdd6305a64eb242Evan Hunt can be used to set the IPv4 and IPv6 source addresses
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User respectively.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User After the <code class="option">server</code> keyword, the server
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User statement includes a string which is the hostname or address
1bc5499c2a0fc5d2b11849e97cdd6305a64eb242Evan Hunt for a name server. The statement has three possible clauses:
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <code class="option">key</code>, <code class="option">port</code> and
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <code class="option">addresses</code>. The key name must match the
6f1205897504b8f50b1785975482c995888dd630Tinderbox User name of a key statement in the file. The port number
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User specifies the port to connect to. If an <code class="option">addresses</code>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User clause is supplied these addresses will be used instead of
6f1205897504b8f50b1785975482c995888dd630Tinderbox User the server name. Each address can take an optional port.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User If an <code class="option">source-address</code> or <code class="option">source-address-v6</code>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User of supplied then these will be used to specify the IPv4 and IPv6
8ec3c085233cedb22b05da36e2773c8f357a7e45Automatic Updater source addresses respectively.
6ea2385360e9e2167e65f9286447da9eea189457Tinderbox User The <code class="option">key</code> statement begins with an identifying
6ea2385360e9e2167e65f9286447da9eea189457Tinderbox User string, the name of the key. The statement has two clauses.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <code class="option">algorithm</code> identifies the encryption algorithm
6ea2385360e9e2167e65f9286447da9eea189457Tinderbox User for <span><strong class="command">rndc</strong></span> to use; currently only HMAC-MD5
6ea2385360e9e2167e65f9286447da9eea189457Tinderbox User supported. This is followed by a secret clause which contains
6ea2385360e9e2167e65f9286447da9eea189457Tinderbox User the base-64 encoding of the algorithm's encryption key. The
6ea2385360e9e2167e65f9286447da9eea189457Tinderbox User base-64 string is enclosed in double quotes.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User There are two common ways to generate the base-64 string for the
1bc5499c2a0fc5d2b11849e97cdd6305a64eb242Evan Hunt secret. The BIND 9 program <span><strong class="command">rndc-confgen</strong></span>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User be used to generate a random key, or the
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <span><strong class="command">mmencode</strong></span> program, also known as
1bc5499c2a0fc5d2b11849e97cdd6305a64eb242Evan Hunt <span><strong class="command">mimencode</strong></span>, can be used to generate a
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User string from known input. <span><strong class="command">mmencode</strong></span> does
12bfbed87cfffa65ac300b72c5665ab38a355c2fAutomatic Updater ship with BIND 9 but is available on many systems. See the
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User EXAMPLE section for sample command lines for each.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User default-server localhost;
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User default-key samplekey;
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User server localhost {
1bc5499c2a0fc5d2b11849e97cdd6305a64eb242Evan Hunt key samplekey;
1bc5499c2a0fc5d2b11849e97cdd6305a64eb242Evan Hunt server testserver {
1bc5499c2a0fc5d2b11849e97cdd6305a64eb242Evan Hunt key testkey;
1bc5499c2a0fc5d2b11849e97cdd6305a64eb242Evan Hunt addresses { localhost port 5353; };
1bc5499c2a0fc5d2b11849e97cdd6305a64eb242Evan Hunt key samplekey {
1bc5499c2a0fc5d2b11849e97cdd6305a64eb242Evan Hunt algorithm hmac-md5;
1bc5499c2a0fc5d2b11849e97cdd6305a64eb242Evan Hunt secret "6FMfj43Osz4lyb24OIe2iGEz9lf1llJO+lz";
1bc5499c2a0fc5d2b11849e97cdd6305a64eb242Evan Hunt key testkey {
1bc5499c2a0fc5d2b11849e97cdd6305a64eb242Evan Hunt algorithm hmac-md5;
1bc5499c2a0fc5d2b11849e97cdd6305a64eb242Evan Hunt secret "R3HI8P6BKw9ZwXwN3VZKuQ==";