ae416d8efb4e43c71d723ed1af517082b165ef0fCampbell Barton<html>

ae416d8efb4e43c71d723ed1af517082b165ef0fCampbell Barton<head>

ae416d8efb4e43c71d723ed1af517082b165ef0fCampbell Barton<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">

ae416d8efb4e43c71d723ed1af517082b165ef0fCampbell Barton<title>rndc.conf</title>

ae416d8efb4e43c71d723ed1af517082b165ef0fCampbell Barton<meta name="generator" content="DocBook XSL Stylesheets V1.69.1">

ae416d8efb4e43c71d723ed1af517082b165ef0fCampbell Barton<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">

ae416d8efb4e43c71d723ed1af517082b165ef0fCampbell Barton<link rel="up" href="Bv9ARM.ch10.html" title="Manual pages">

ae416d8efb4e43c71d723ed1af517082b165ef0fCampbell Barton<link rel="prev" href="man.rndc.html" title="rndc">

ae416d8efb4e43c71d723ed1af517082b165ef0fCampbell Barton<link rel="next" href="man.rndc-confgen.html" title="rndc-confgen">

ae416d8efb4e43c71d723ed1af517082b165ef0fCampbell Barton</head>

ae416d8efb4e43c71d723ed1af517082b165ef0fCampbell Barton<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">

ae416d8efb4e43c71d723ed1af517082b165ef0fCampbell Barton<div class="navheader">

ae416d8efb4e43c71d723ed1af517082b165ef0fCampbell Barton<table width="100%" summary="Navigation header">

ae416d8efb4e43c71d723ed1af517082b165ef0fCampbell Barton<tr><th colspan="3" align="center"><code class="filename">rndc.conf</code></th></tr>

ae416d8efb4e43c71d723ed1af517082b165ef0fCampbell Barton<tr>

ae416d8efb4e43c71d723ed1af517082b165ef0fCampbell Barton<td width="20%" align="left">

ae416d8efb4e43c71d723ed1af517082b165ef0fCampbell Barton<a accesskey="p" href="man.rndc.html">Prev</a>�</td>

ae416d8efb4e43c71d723ed1af517082b165ef0fCampbell Barton<th width="60%" align="center">Manual pages</th>

ae416d8efb4e43c71d723ed1af517082b165ef0fCampbell Barton<td width="20%" align="right">�<a accesskey="n" href="man.rndc-confgen.html">Next</a>

ae416d8efb4e43c71d723ed1af517082b165ef0fCampbell Barton</td>

ae416d8efb4e43c71d723ed1af517082b165ef0fCampbell Barton</tr>

8dd5d698a9cc5d67d6d7a57ed28c1c4d2c49be17Campbell Barton</table>

03919b7845e461f72fa5d954b8124d27481c46b0JazzyNico<hr>

03919b7845e461f72fa5d954b8124d27481c46b0JazzyNico</div>

8dd5d698a9cc5d67d6d7a57ed28c1c4d2c49be17Campbell Barton<div class="refentry" lang="en">

8dd5d698a9cc5d67d6d7a57ed28c1c4d2c49be17Campbell Barton<a name="man.rndc.conf"></a><div class="titlepage"></div>

8dd5d698a9cc5d67d6d7a57ed28c1c4d2c49be17Campbell Barton<div class="refnamediv">

8dd5d698a9cc5d67d6d7a57ed28c1c4d2c49be17Campbell Barton<h2>Name</h2>

8dd5d698a9cc5d67d6d7a57ed28c1c4d2c49be17Campbell Barton<p><code class="filename">rndc.conf</code> &#8212; rndc configuration file</p>

ae416d8efb4e43c71d723ed1af517082b165ef0fCampbell Barton</div>

ae416d8efb4e43c71d723ed1af517082b165ef0fCampbell Barton<div class="refsynopsisdiv">

ae416d8efb4e43c71d723ed1af517082b165ef0fCampbell Barton<h2>Synopsis</h2>

ae416d8efb4e43c71d723ed1af517082b165ef0fCampbell Barton<div class="cmdsynopsis"><p><code class="command">rndc.conf</code> </p></div>

ae416d8efb4e43c71d723ed1af517082b165ef0fCampbell Barton</div>

ae416d8efb4e43c71d723ed1af517082b165ef0fCampbell Barton<div class="refsect1" lang="en">

ae416d8efb4e43c71d723ed1af517082b165ef0fCampbell Barton<a name="id2585806"></a><h2>DESCRIPTION</h2>

ae416d8efb4e43c71d723ed1af517082b165ef0fCampbell Barton<p><code class="filename">rndc.conf</code> is the configuration file

ae416d8efb4e43c71d723ed1af517082b165ef0fCampbell Barton for <span><strong class="command">rndc</strong></span>, the BIND 9 name server control

ae416d8efb4e43c71d723ed1af517082b165ef0fCampbell Barton utility. This file has a similar structure and syntax to

ae416d8efb4e43c71d723ed1af517082b165ef0fCampbell Barton <code class="filename">named.conf</code>. Statements are enclosed

ae416d8efb4e43c71d723ed1af517082b165ef0fCampbell Barton in braces and terminated with a semi-colon. Clauses in

ae416d8efb4e43c71d723ed1af517082b165ef0fCampbell Barton the statements are also semi-colon terminated. The usual

comment styles are supported:

</p>

<p>

C style: /* */

</p>

<p>

C++ style: // to end of line

</p>

<p>

Unix style: # to end of line

</p>

<p><code class="filename">rndc.conf</code> is much simpler than

<code class="filename">named.conf</code>. The file uses three

statements: an options statement, a server statement

and a key statement.

</p>

<p>

The <code class="option">options</code> statement contains five clauses.

The <code class="option">default-server</code> clause is followed by the

name or address of a name server. This host will be used when

no name server is given as an argument to

<span><strong class="command">rndc</strong></span>. The <code class="option">default-key</code>

clause is followed by the name of a key which is identified by

a <code class="option">key</code> statement. If no

<code class="option">keyid</code> is provided on the rndc command line,

and no <code class="option">key</code> clause is found in a matching

<code class="option">server</code> statement, this default key will be

used to authenticate the server's commands and responses. The

<code class="option">default-port</code> clause is followed by the port

to connect to on the remote name server. If no

<code class="option">port</code> option is provided on the rndc command

line, and no <code class="option">port</code> clause is found in a

matching <code class="option">server</code> statement, this default port

will be used to connect.

The <code class="option">default-source-address</code> and

<code class="option">default-source-address-v6</code> clauses which

can be used to set the IPv4 and IPv6 source addresses

respectively.

</p>

<p>

After the <code class="option">server</code> keyword, the server

statement includes a string which is the hostname or address

for a name server. The statement has three possible clauses:

<code class="option">key</code>, <code class="option">port</code> and

<code class="option">addresses</code>. The key name must match the

name of a key statement in the file. The port number

specifies the port to connect to. If an <code class="option">addresses</code>

clause is supplied these addresses will be used instead of

the server name. Each address can take a optional port.

If an <code class="option">source-address</code> or <code class="option">source-address-v6</code>

of supplied then these will be used to specify the IPv4 and IPv6

source addresses respectively.

</p>

<p>

The <code class="option">key</code> statement begins with an identifying

string, the name of the key. The statement has two clauses.

<code class="option">algorithm</code> identifies the encryption algorithm

for <span><strong class="command">rndc</strong></span> to use; currently only HMAC-MD5

is

supported. This is followed by a secret clause which contains

the base-64 encoding of the algorithm's encryption key. The

base-64 string is enclosed in double quotes.

</p>

<p>

There are two common ways to generate the base-64 string for the

secret. The BIND 9 program <span><strong class="command">rndc-confgen</strong></span>

can

be used to generate a random key, or the

<span><strong class="command">mmencode</strong></span> program, also known as

<span><strong class="command">mimencode</strong></span>, can be used to generate a

base-64

string from known input. <span><strong class="command">mmencode</strong></span> does

not

ship with BIND 9 but is available on many systems. See the

EXAMPLE section for sample command lines for each.

</p>

</div>

<div class="refsect1" lang="en">

<a name="id2586183"></a><h2>EXAMPLE</h2>

<pre class="programlisting">

options {

default-server localhost;

default-key samplekey;

};

</pre>

<p>

</p>

<pre class="programlisting">

server localhost {

key samplekey;

};

</pre>

<p>

</p>

<pre class="programlisting">

server testserver {

key testkey;

addresses { localhost port 5353; };

};

</pre>

<p>

</p>

<pre class="programlisting">

key samplekey {

algorithm hmac-md5;

secret "6FMfj43Osz4lyb24OIe2iGEz9lf1llJO+lz";

};

</pre>

<p>

</p>

<pre class="programlisting">

key testkey {

algorithm hmac-md5;

secret "R3HI8P6BKw9ZwXwN3VZKuQ==";

}

</pre>

<p>

</p>

<p>

In the above example, <span><strong class="command">rndc</strong></span> will by

default use

the server at localhost (127.0.0.1) and the key called samplekey.

Commands to the localhost server will use the samplekey key, which

must also be defined in the server's configuration file with the

same name and secret. The key statement indicates that samplekey

uses the HMAC-MD5 algorithm and its secret clause contains the

base-64 encoding of the HMAC-MD5 secret enclosed in double quotes.

</p>

<p>

If <span><strong class="command">rndc -s testserver</strong></span> is used then <span><strong class="command">rndc</strong></span> will

connect to server on localhost port 5353 using the key testkey.

</p>

<p>

To generate a random secret with <span><strong class="command">rndc-confgen</strong></span>:

</p>

<p><strong class="userinput"><code>rndc-confgen</code></strong>

</p>

<p>

A complete <code class="filename">rndc.conf</code> file, including

the

randomly generated key, will be written to the standard

output. Commented out <code class="option">key</code> and

<code class="option">controls</code> statements for

<code class="filename">named.conf</code> are also printed.

</p>

<p>

To generate a base-64 secret with <span><strong class="command">mmencode</strong></span>:

</p>

<p><strong class="userinput"><code>echo "known plaintext for a secret" | mmencode</code></strong>

</p>

</div>

<div class="refsect1" lang="en">

<a name="id2586373"></a><h2>NAME SERVER CONFIGURATION</h2>

<p>

The name server must be configured to accept rndc connections and

to recognize the key specified in the <code class="filename">rndc.conf</code>

file, using the controls statement in <code class="filename">named.conf</code>.

See the sections on the <code class="option">controls</code> statement in the

BIND 9 Administrator Reference Manual for details.

</p>

</div>

<div class="refsect1" lang="en">

<a name="id2586398"></a><h2>SEE ALSO</h2>

<p><span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,

<span class="citerefentry"><span class="refentrytitle">rndc-confgen</span>(8)</span>,

<span class="citerefentry"><span class="refentrytitle">mmencode</span>(1)</span>,

<em class="citetitle">BIND 9 Administrator Reference Manual</em>.

</p>

</div>

<div class="refsect1" lang="en">

<a name="id2586437"></a><h2>AUTHOR</h2>

<p><span class="corpauthor">Internet Systems Consortium</span>

</p>

</div>

</div>

<div class="navfooter">

<hr>

<table width="100%" summary="Navigation footer">

<tr>

<td width="40%" align="left">

<a accesskey="p" href="man.rndc.html">Prev</a>�</td>

<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch10.html">Up</a></td>

<td width="40%" align="right">�<a accesskey="n" href="man.rndc-confgen.html">Next</a>

</td>

</tr>

<tr>

<td width="40%" align="left" valign="top"><span class="application">rndc</span>�</td>

<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>

<td width="40%" align="right" valign="top">�<span class="application">rndc-confgen</span></td>

</tr>

</table>

</div>

</body>

</html>