|
|
rndc.conf(4) Kernel Interfaces Manual rndc.conf(4) NAME
rndc.conf - rndc configuration file DESCRIPTION
is the configuration file for the BIND 9 name server control utility. This file has a structure and syntax similar to the configuration file, The standard (default) configuration file is located at The standard (default) configuration file is located at Syntax The syntax of the file is much simpler than that of the configuration file. It includes three statements and optional comments. Statement blocks are enclosed in braces and terminated with a semicolon. Clauses in the statements are also semicolon-terminated. A servername or keyname must be quoted using double quotes if it matches a keyword, such as having a key named . The options Statement The statement specifies the default server and key definition for the configuration. The clause specifies the default server on which runs, if the server is not specified with the option in the command. defserver is the name or IP address of a name server that is specified in a statement. The clause specifies the default key that will authenticate the server's commands and responses if a key is not specified with the option in the command. defkey is the name of a key that is specified in a statement. The server Statement The statement specifies the servername of a name server, as a host name or an IP address. The clause specifies a keyname that matches a keyname in a statement. Multiple statements are permitted. The key Statement The statement specifies the name, keyname, and definition of a key. The clause identifies the encryption algorithm, algoname. Currently only is supported. The clause contains the random key, secretvalue, that will be used for authentication. It is base-64-encoded, using the algorithm speci- fied in the clause. secretvalue is enclosed in double quotes. The BIND 9 program can be used to generate the secretvalue. Multiple statements are permitted. Comments The following comment styles are supported: C: C++: UNIX: Name Server Configuration The name server must be configured to accept connections and to recognize the key specified in the file, using the statement in WARNINGS
Currently, there is no way to specify the port on which must run. EXAMPLES
Example 1 Here is a sample file: In this example, will, by default, use the server at (127.0.0.1) and the key named Commands directed to the server will use the key. The statement indicates that uses the HMAC-MD5 algorithm and its clause contains the base-64 encoding of the HMAC-MD5 secret enclosed in double quotes. Example 2 To generate a random secretvalue with the command (see rndc-confgen(1)): A complete file, including the randomly generated key, is written to standard output. Commented-out and statements for are also written. Example 3 To generate the secretvalue with the command (see dnssec-keygen(1)): The base-64 secretvalue will appear in two files, and After you copy the secretvalue into statements in the and files, you can delete the and files. AUTHOR
was developed by the Internet Systems Consortium (ISC). SEE ALSO
dnssec-keygen(1), rndc(1), rndc-confgen(1), named(1M). available online at available from the Internet Systems Consortium at BIND 9.3 rndc.conf(4)