man.rndc.conf.html revision fef3f65e38e8ed17891122cf8adbd31944063a68
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering - Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
d4f5a1f47dbd04f26f2ddf951c97c4cb0ebbbe62David Herrmann - Copyright (C) 2000-2003 Internet Software Consortium.
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering - Permission to use, copy, modify, and distribute this software for any
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering - purpose with or without fee is hereby granted, provided that the above
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering - copyright notice and this permission notice appear in all copies.
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering - PERFORMANCE OF THIS SOFTWARE.
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering<!-- $Id: man.rndc.conf.html,v 1.19 2006/02/06 03:36:54 marka Exp $ -->
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering<meta name="generator" content="DocBook XSL Stylesheets V1.69.1">
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering<link rel="up" href="Bv9ARM.ch10.html" title="Manual pages">
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering<link rel="prev" href="man.rndc.html" title="rndc">
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering<link rel="next" href="man.rndc-confgen.html" title="rndc-confgen">
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering<table width="100%" summary="Navigation header">
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering<tr><th colspan="3" align="center"><code class="filename">rndc.conf</code></th></tr>
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering<a accesskey="p" href="man.rndc.html">Prev</a>�</td>
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering<th width="60%" align="center">Manual pages</th>
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering<td width="20%" align="right">�<a accesskey="n" href="man.rndc-confgen.html">Next</a>
122676c9d9737f8591429fd5ffc9b454a994741dLennart Poettering<a name="man.rndc.conf"></a><div class="titlepage"></div>
122676c9d9737f8591429fd5ffc9b454a994741dLennart Poettering<p><code class="filename">rndc.conf</code> — rndc configuration file</p>
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering<div class="cmdsynopsis"><p><code class="command">rndc.conf</code> </p></div>
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering<a name="id2584688"></a><h2>DESCRIPTION</h2>
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering<p><code class="filename">rndc.conf</code> is the configuration file
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering for <span><strong class="command">rndc</strong></span>, the BIND 9 name server control
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering utility. This file has a similar structure and syntax to
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering <code class="filename">named.conf</code>. Statements are enclosed
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering in braces and terminated with a semi-colon. Clauses in
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering the statements are also semi-colon terminated. The usual
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering comment styles are supported:
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering C style: /* */
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering C++ style: // to end of line
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering Unix style: # to end of line
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering<p><code class="filename">rndc.conf</code> is much simpler than
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering <code class="filename">named.conf</code>. The file uses three
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering statements: an options statement, a server statement
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering and a key statement.
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering The <code class="option">options</code> statement contains five clauses.
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering The <code class="option">default-server</code> clause is followed by the
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering name or address of a name server. This host will be used when
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering no name server is given as an argument to
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering <span><strong class="command">rndc</strong></span>. The <code class="option">default-key</code>
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering clause is followed by the name of a key which is identified by
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering a <code class="option">key</code> statement. If no
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering <code class="option">keyid</code> is provided on the rndc command line,
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering and no <code class="option">key</code> clause is found in a matching
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering <code class="option">server</code> statement, this default key will be
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering used to authenticate the server's commands and responses. The
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering <code class="option">default-port</code> clause is followed by the port
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering to connect to on the remote name server. If no
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering <code class="option">port</code> option is provided on the rndc command
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering line, and no <code class="option">port</code> clause is found in a
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering matching <code class="option">server</code> statement, this default port
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering will be used to connect.
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering The <code class="option">default-source-address</code> and
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering <code class="option">default-source-address-v6</code> clauses which
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering can be used to set the IPv4 and IPv6 source addresses
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering After the <code class="option">server</code> keyword, the server
17c29493dc5c4c3ca886adfdc632d297c5eb06ebRonny Chevalier statement includes a string which is the hostname or address
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering for a name server. The statement has three possible clauses:
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering <code class="option">key</code>, <code class="option">port</code> and
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering <code class="option">addresses</code>. The key name must match the
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering name of a key statement in the file. The port number
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering specifies the port to connect to. If an <code class="option">addresses</code>
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering clause is supplied these addresses will be used instead of
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering the server name. Each address can take a optional port.
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering If an <code class="option">source-address</code> or <code class="option">source-address-v6</code>
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering of supplied then these will be used to specify the IPv4 and IPv6
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering source addresses respectively.
d4f5a1f47dbd04f26f2ddf951c97c4cb0ebbbe62David Herrmann The <code class="option">key</code> statement begins with an identifying
d4f5a1f47dbd04f26f2ddf951c97c4cb0ebbbe62David Herrmann string, the name of the key. The statement has two clauses.
d4f5a1f47dbd04f26f2ddf951c97c4cb0ebbbe62David Herrmann <code class="option">algorithm</code> identifies the encryption algorithm
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering for <span><strong class="command">rndc</strong></span> to use; currently only HMAC-MD5
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering supported. This is followed by a secret clause which contains
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering the base-64 encoding of the algorithm's encryption key. The
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering base-64 string is enclosed in double quotes.
17c29493dc5c4c3ca886adfdc632d297c5eb06ebRonny Chevalier There are two common ways to generate the base-64 string for the
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering secret. The BIND 9 program <span><strong class="command">rndc-confgen</strong></span>
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering be used to generate a random key, or the
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering <span><strong class="command">mmencode</strong></span> program, also known as
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering <span><strong class="command">mimencode</strong></span>, can be used to generate a
997b2b438c2d272e3bc8df6e4b42dba3b70cb056Josh Triplett string from known input. <span><strong class="command">mmencode</strong></span> does
997b2b438c2d272e3bc8df6e4b42dba3b70cb056Josh Triplett ship with BIND 9 but is available on many systems. See the
997b2b438c2d272e3bc8df6e4b42dba3b70cb056Josh Triplett EXAMPLE section for sample command lines for each.
997b2b438c2d272e3bc8df6e4b42dba3b70cb056Josh Triplett default-server localhost;
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering default-key samplekey;
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering server localhost {
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering key samplekey;
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering server testserver {
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering addresses { localhost port 5353; };
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering key samplekey {
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering algorithm hmac-md5;
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering secret "6FMfj43Osz4lyb24OIe2iGEz9lf1llJO+lz";
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering algorithm hmac-md5;
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering secret "R3HI8P6BKw9ZwXwN3VZKuQ==";
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering In the above example, <span><strong class="command">rndc</strong></span> will by
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering the server at localhost (127.0.0.1) and the key called samplekey.
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering Commands to the localhost server will use the samplekey key, which
f9e00a9f5870a9bcae2de8bf1cb3ce04703112e1Lennart Poettering must also be defined in the server's configuration file with the
13e92f3966552091085982f4ebdeb38721f04a30Lennart Poettering same name and secret. The key statement indicates that samplekey
13e92f3966552091085982f4ebdeb38721f04a30Lennart Poettering uses the HMAC-MD5 algorithm and its secret clause contains the
13e92f3966552091085982f4ebdeb38721f04a30Lennart Poettering base-64 encoding of the HMAC-MD5 secret enclosed in double quotes.
13e92f3966552091085982f4ebdeb38721f04a30Lennart Poettering If <span><strong class="command">rndc -s testserver</strong></span> is used then <span><strong class="command">rndc</strong></span> will
13e92f3966552091085982f4ebdeb38721f04a30Lennart Poettering connect to server on localhost port 5353 using the key testkey.
13e92f3966552091085982f4ebdeb38721f04a30Lennart Poettering To generate a random secret with <span><strong class="command">rndc-confgen</strong></span>:
7da81d33c147f4d6397efa1fdd08ba0a40c9c457Lennart Poettering<p><strong class="userinput"><code>rndc-confgen</code></strong>
7da81d33c147f4d6397efa1fdd08ba0a40c9c457Lennart Poettering A complete <code class="filename">rndc.conf</code> file, including
7da81d33c147f4d6397efa1fdd08ba0a40c9c457Lennart Poettering randomly generated key, will be written to the standard
7da81d33c147f4d6397efa1fdd08ba0a40c9c457Lennart Poettering output. Commented out <code class="option">key</code> and
13e92f3966552091085982f4ebdeb38721f04a30Lennart Poettering <code class="option">controls</code> statements for
13e92f3966552091085982f4ebdeb38721f04a30Lennart Poettering <code class="filename">named.conf</code> are also printed.
b62a309a47dd11e11729616767421397b6ca7053Zbigniew Jędrzejewski-Szmek To generate a base-64 secret with <span><strong class="command">mmencode</strong></span>:
78b6b7ceb2c76a3e29aeaa4b00c257be0706bffcLennart Poettering<p><strong class="userinput"><code>echo "known plaintext for a secret" | mmencode</code></strong>
a65b82457735df2ef58736a55846f400124a8dc0Zbigniew Jędrzejewski-Szmek<a name="id2585201"></a><h2>NAME SERVER CONFIGURATION</h2>
a65b82457735df2ef58736a55846f400124a8dc0Zbigniew Jędrzejewski-Szmek The name server must be configured to accept rndc connections and
a65b82457735df2ef58736a55846f400124a8dc0Zbigniew Jędrzejewski-Szmek to recognize the key specified in the <code class="filename">rndc.conf</code>
2a97b03b3b087e724867e7501ae0c1535ee35031Umut Tezduyar Lindskog file, using the controls statement in <code class="filename">named.conf</code>.
b62a309a47dd11e11729616767421397b6ca7053Zbigniew Jędrzejewski-Szmek See the sections on the <code class="option">controls</code> statement in the
b62a309a47dd11e11729616767421397b6ca7053Zbigniew Jędrzejewski-Szmek BIND 9 Administrator Reference Manual for details.
b62a309a47dd11e11729616767421397b6ca7053Zbigniew Jędrzejewski-Szmek<p><span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
78b6b7ceb2c76a3e29aeaa4b00c257be0706bffcLennart Poettering <span class="citerefentry"><span class="refentrytitle">rndc-confgen</span>(8)</span>,
78b6b7ceb2c76a3e29aeaa4b00c257be0706bffcLennart Poettering <span class="citerefentry"><span class="refentrytitle">mmencode</span>(1)</span>,
b62a309a47dd11e11729616767421397b6ca7053Zbigniew Jędrzejewski-Szmek <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
b62a309a47dd11e11729616767421397b6ca7053Zbigniew Jędrzejewski-Szmek<a name="id2585260"></a><h2>AUTHOR</h2>
b62a309a47dd11e11729616767421397b6ca7053Zbigniew Jędrzejewski-Szmek<p><span class="corpauthor">Internet Systems Consortium</span>
4ffd29fda1a2621d8f1711ccaad723d327fef93aLennart Poettering<table width="100%" summary="Navigation footer">
4ffd29fda1a2621d8f1711ccaad723d327fef93aLennart Poettering<a accesskey="p" href="man.rndc.html">Prev</a>�</td>
4ffd29fda1a2621d8f1711ccaad723d327fef93aLennart Poettering<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch10.html">Up</a></td>
4ffd29fda1a2621d8f1711ccaad723d327fef93aLennart Poettering<td width="40%" align="right">�<a accesskey="n" href="man.rndc-confgen.html">Next</a>
4ffd29fda1a2621d8f1711ccaad723d327fef93aLennart Poettering<td width="40%" align="left" valign="top"><span class="application">rndc</span>�</td>
4ffd29fda1a2621d8f1711ccaad723d327fef93aLennart Poettering<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
4ffd29fda1a2621d8f1711ccaad723d327fef93aLennart Poettering<td width="40%" align="right" valign="top">�<span class="application">rndc-confgen</span></td>