2 - Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
3 - Copyright (C) 2001 Internet Software Consortium.
5 - Permission to use, copy, modify, and distribute this software for any
6 - purpose with or without fee is hereby granted, provided that the above
7 - copyright notice and this permission notice appear in all copies.
9 - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
10 - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
11 - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
12 - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
13 - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
14 - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
15 - PERFORMANCE OF THIS SOFTWARE.
18 <!-- $Id: rndc.conf.html,v 1.5.2.3 2004/06/03 05:21:16 marka Exp $ -->
26 CONTENT="Modular DocBook HTML Stylesheet Version 1.73
53 > -- rndc configuration file</DIV
55 CLASS="REFSYNOPSISDIV"
78 > is the configuration file
82 >, the BIND 9 name server control
83 utility. This file has a similar structure and syntax to
87 >. Statements are enclosed
88 in braces and terminated with a semi-colon. Clauses in
89 the statements are also semi-colon terminated. The usual
90 comment styles are supported:
96 > C++ style: // to end of line
99 > Unix style: # to end of line
105 > is much simpler than
109 >. The file uses three
110 statements: an options statement, a server statement
117 > statement contains three clauses.
121 > clause is followed by the
122 name or address of a name server. This host will be used when
123 no name server is given as an argument to
131 clause is followed by the name of a key which is identified by
139 > is provided on the rndc command line,
143 > clause is found in a matching
147 > statement, this default key will be
148 used to authenticate the server's commands and responses. The
152 > clause is followed by the port
153 to connect to on the remote name server. If no
157 > option is provided on the rndc command
161 > clause is found in a
165 > statement, this default port
166 will be used to connect.
172 > keyword, the server statement
173 includes a string which is the hostname or address for a name
174 server. The statement has two possible clauses:
182 match the name of a key statement in the file. The port number
183 specifies the port to connect to.
189 > statement begins with an identifying
190 string, the name of the key. The statement has two clauses.
194 > identifies the encryption algorithm
198 > to use; currently only HMAC-MD5 is
199 supported. This is followed by a secret clause which contains
200 the base-64 encoding of the algorithm's encryption key. The
201 base-64 string is enclosed in double quotes.
204 > There are two common ways to generate the base-64 string for the
205 secret. The BIND 9 program <B
209 be used to generate a random key, or the
213 > program, also known as
217 >, can be used to generate a base-64
218 string from known input. <B
222 ship with BIND 9 but is available on many systems. See the
223 EXAMPLE section for sample command lines for each.
234 CLASS="PROGRAMLISTING"
236 default-server localhost;
237 default-key samplekey;
246 secret "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";
250 > In the above example, <B
253 > will by default use
254 the server at localhost (127.0.0.1) and the key called samplekey.
255 Commands to the localhost server will use the samplekey key, which
256 must also be defined in the server's configuration file with the
257 same name and secret. The key statement indicates that samplekey
258 uses the HMAC-MD5 algorithm and its secret clause contains the
259 base-64 encoding of the HMAC-MD5 secret enclosed in double quotes.
262 > To generate a random secret with <B
279 > file, including the
280 randomly generated key, will be written to the standard
281 output. Commented out <TT
295 > To generate a base-64 secret with <B
304 >echo "known plaintext for a secret" | mmencode</B
315 >NAME SERVER CONFIGURATION</H2
317 > The name server must be configured to accept rndc connections and
318 to recognize the key specified in the <TT
322 file, using the controls statement in <TT
326 See the sections on the <TT
330 BIND 9 Administrator Reference Manual for details.
344 CLASS="REFENTRYTITLE"
351 CLASS="REFENTRYTITLE"
358 CLASS="REFENTRYTITLE"
364 >BIND 9 Administrator Reference Manual</I
376 > Internet Systems Consortium