Add BIND 9.2.4rc7.

[dragonfly.git] / contrib / bind-9.2.4rc7 / bin / rndc / rndc.conf.html

<!--
 - Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
 - Copyright (C) 2001  Internet Software Consortium.
 -
 - Permission to use, copy, modify, and distribute this software for any
 - purpose with or without fee is hereby granted, provided that the above
 - copyright notice and this permission notice appear in all copies.
 -
 - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
 - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
 - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
 - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
 - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
 - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 - PERFORMANCE OF THIS SOFTWARE.
-->

<!-- $Id: rndc.conf.html,v 1.5.2.3 2004/06/03 05:21:16 marka Exp $ -->

<HTML
><HEAD
><TITLE
>rndc.conf</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.73
"></HEAD
><BODY
CLASS="REFENTRY"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><H1
><A
NAME="AEN1"
><TT
CLASS="FILENAME"
>rndc.conf</TT
></A
></H1
><DIV
CLASS="REFNAMEDIV"
><A
NAME="AEN9"
></A
><H2
>Name</H2
><TT
CLASS="FILENAME"
>rndc.conf</TT
>&nbsp;--&nbsp;rndc configuration file</DIV
><DIV
CLASS="REFSYNOPSISDIV"
><A
NAME="AEN13"
></A
><H2
>Synopsis</H2
><P
><B
CLASS="COMMAND"
>rndc.conf</B
> </P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN16"
></A
><H2
>DESCRIPTION</H2
><P
>        <TT
CLASS="FILENAME"
>rndc.conf</TT
> is the configuration file
        for <B
CLASS="COMMAND"
>rndc</B
>, the BIND 9 name server control
        utility.  This file has a similar structure and syntax to
        <TT
CLASS="FILENAME"
>named.conf</TT
>.  Statements are enclosed
        in braces and terminated with a semi-colon.  Clauses in
        the statements are also semi-colon terminated.  The usual
        comment styles are supported:
    </P
><P
>        C style: /* */
    </P
><P
>        C++ style: // to end of line
    </P
><P
>        Unix style: # to end of line
    </P
><P
>        <TT
CLASS="FILENAME"
>rndc.conf</TT
> is much simpler than
        <TT
CLASS="FILENAME"
>named.conf</TT
>.  The file uses three
        statements: an options statement, a server statement
        and a key statement.
    </P
><P
>        The <TT
CLASS="OPTION"
>options</TT
> statement contains three clauses.
        The <TT
CLASS="OPTION"
>default-server</TT
> clause is followed by the
        name or address of a name server.  This host will be used when
        no name server is given as an argument to
        <B
CLASS="COMMAND"
>rndc</B
>.  The <TT
CLASS="OPTION"
>default-key</TT
>
        clause is followed by the name of a key which is identified by
        a <TT
CLASS="OPTION"
>key</TT
> statement.  If no
        <TT
CLASS="OPTION"
>keyid</TT
> is provided on the rndc command line,
        and no <TT
CLASS="OPTION"
>key</TT
> clause is found in a matching
        <TT
CLASS="OPTION"
>server</TT
> statement, this default key will be
        used to authenticate the server's commands and responses.  The
        <TT
CLASS="OPTION"
>default-port</TT
> clause is followed by the port
        to connect to on the remote name server.  If no
        <TT
CLASS="OPTION"
>port</TT
> option is provided on the rndc command
        line, and no <TT
CLASS="OPTION"
>port</TT
> clause is found in a
        matching <TT
CLASS="OPTION"
>server</TT
> statement, this default port
        will be used to connect.
    </P
><P
>        After the <TT
CLASS="OPTION"
>server</TT
> keyword, the server statement
        includes a string which is the hostname or address for a name
        server.  The statement has two possible clauses:
        <TT
CLASS="OPTION"
>key</TT
> and <TT
CLASS="OPTION"
>port</TT
>. The key name must
        match the name of a key statement in the file.  The port number
        specifies the port to connect to.
    </P
><P
>        The <TT
CLASS="OPTION"
>key</TT
> statement begins with an identifying
        string, the name of the key.  The statement has two clauses.
        <TT
CLASS="OPTION"
>algorithm</TT
> identifies the encryption algorithm
        for <B
CLASS="COMMAND"
>rndc</B
> to use; currently only HMAC-MD5 is
        supported.  This is followed by a secret clause which contains
        the base-64 encoding of the algorithm's encryption key.  The
        base-64 string is enclosed in double quotes.
    </P
><P
>        There are two common ways to generate the base-64 string for the
        secret.  The BIND 9 program <B
CLASS="COMMAND"
>rndc-confgen</B
> can
        be used to generate a random key, or the
        <B
CLASS="COMMAND"
>mmencode</B
> program, also known as
        <B
CLASS="COMMAND"
>mimencode</B
>, can be used to generate a base-64
        string from known input.  <B
CLASS="COMMAND"
>mmencode</B
> does not
        ship with BIND 9 but is available on many systems.  See the
        EXAMPLE section for sample command lines for each.
    </P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN54"
></A
><H2
>EXAMPLE</H2
><PRE
CLASS="PROGRAMLISTING"
>    options {
        default-server  localhost;
        default-key     samplekey;
      };

      server localhost {
        key             samplekey;
      };

      key samplekey {
        algorithm       hmac-md5;
        secret          "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";
      };
    </PRE
><P
>        In the above example, <B
CLASS="COMMAND"
>rndc</B
> will by default use
        the server at localhost (127.0.0.1) and the key called samplekey.
        Commands to the localhost server will use the samplekey key, which
        must also be defined in the server's configuration file with the
        same name and secret.  The key statement indicates that samplekey
        uses the HMAC-MD5 algorithm and its secret clause contains the
        base-64 encoding of the HMAC-MD5 secret enclosed in double quotes.
    </P
><P
>        To generate a random secret with <B
CLASS="COMMAND"
>rndc-confgen</B
>:
    </P
><P
>        <TT
CLASS="USERINPUT"
><B
>rndc-confgen</B
></TT
>
    </P
><P
>        A complete <TT
CLASS="FILENAME"
>rndc.conf</TT
> file, including the
        randomly generated key, will be written to the standard
        output.  Commented out <TT
CLASS="OPTION"
>key</TT
> and
        <TT
CLASS="OPTION"
>controls</TT
> statements for
        <TT
CLASS="FILENAME"
>named.conf</TT
> are also printed.
    </P
><P
>        To generate a base-64 secret with <B
CLASS="COMMAND"
>mmencode</B
>:
    </P
><P
>        <TT
CLASS="USERINPUT"
><B
>echo "known plaintext for a secret" | mmencode</B
></TT
>
    </P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN72"
></A
><H2
>NAME SERVER CONFIGURATION</H2
><P
>        The name server must be configured to accept rndc connections and
        to recognize the key specified in the <TT
CLASS="FILENAME"
>rndc.conf</TT
>
        file, using the controls statement in <TT
CLASS="FILENAME"
>named.conf</TT
>.
        See the sections on the <TT
CLASS="OPTION"
>controls</TT
> statement in the
        BIND 9 Administrator Reference Manual for details.
    </P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN78"
></A
><H2
>SEE ALSO</H2
><P
>      <SPAN
CLASS="CITEREFENTRY"
><SPAN
CLASS="REFENTRYTITLE"
>rndc</SPAN
>(8)</SPAN
>,
      <SPAN
CLASS="CITEREFENTRY"
><SPAN
CLASS="REFENTRYTITLE"
>rndc-confgen</SPAN
>(8)</SPAN
>,
      <SPAN
CLASS="CITEREFENTRY"
><SPAN
CLASS="REFENTRYTITLE"
>mmencode</SPAN
>(1)</SPAN
>,
      <I
CLASS="CITETITLE"
>BIND 9 Administrator Reference Manual</I
>.
    </P
></DIV
><DIV
CLASS="REFSECT1"
><A
NAME="AEN91"
></A
><H2
>AUTHOR</H2
><P
>        Internet Systems Consortium
    </P
></DIV
></BODY
></HTML
>