controls.html revision 9bff67898d55cddfcec9ce30cc2b1bb6211ec691
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<!--
- Copyright (C) 1999, 2000 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
- THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
- ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
- OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
- CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
- DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
- PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
- ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
- SOFTWARE.
-->
<HTML>
<HEAD>
<TITLE>BIND controls Statement</TITLE>
</HEAD>
<BODY>
<H2>BIND Configuration File Guide--<CODE>controls</CODE> Statement</H2>
<HR>
<A NAME="Syntax"><H3>Syntax</H3></A>
<PRE>
controls {
[ inet <VAR><A HREF="docdef.html">ip_addr</A></VAR>
port <VAR><A HREF="docdef.html">ip_port</A></VAR>
allow { <VAR><A HREF="address_list.html">address_match_list</A></VAR>; }; ]
[ unix <VAR><A HREF="docdef.html">path_name</A></VAR>
perm <VAR><A HREF="docdef.html">number</A></VAR>
owner <VAR><A HREF="docdef.html">number</A></VAR>
group <VAR><A HREF="docdef.html">number</A></VAR>; ]
};
</PRE>
<HR>
<A NAME="Usage"><H3>Definition and Usage</H3></A>
<P>The <CODE>controls</CODE statement declares control channels
to be used by system
administrators to affect the operation of the local name server. These
control channels are used by the <CODE>ndc</CODE> utility to send commands
to and retrieve non-DNS results from a name server.</P>
<P>A <CODE>unix</CODE> control channel is a FIFO in the file system,
and access to it is
controlled by normal file system permissions.
It is created by <CODE>named</CODE> with the specified file mode bits (see
the <CODE>chmod</CODE>(1) manual page), user and group owner.
Note that, unlike <CODE>chmod</CODE>, the mode bits specified for
<CODE>perm</CODE> will normally have a leading 0 so the number
is interpreted as octal. Also note that the user and group
ownership specified as <CODE>owner</CODE> and <CODE>group</CODE>
must be given as numbers, not names.
It is recommended that the
permissions be restricted to administrative personnel only, or else any
user on the system might be able to manage the local name server.</P>
<P>An <CODE>inet</CODE> control channel is a TCP/IP socket accessible
to the Internet, created at the specified <VAR>ip_port</VAR> on the
specified <VAR>ip_addr</VAR>.
Modern <VAR>telnet</VAR> clients are capable of speaking directly to these
sockets, and the control protocol is ARPAnet-style text. It is recommended
that 127.0.0.1 be the only <VAR>ip_addr</VAR> used, and this only if you
trust all non-privileged users on the local host to manage your name
server.</P>