IPnom Home • Manuals • FreeBSD

 FreeBSD Man Pages

Man Sections:Commands (1)System Calls (2)Library Functions (3)Device Drivers (4)File Formats (5)Miscellaneous (7)System Utilities (8)
Keyword Live Search (10 results max):
 Type in part of a command in the search box.



       rndc.conf - rndc configuration file




       rndc.conf  is  the  configuration file for rndc, the BIND 9 name server
       control utility. This file  has	a  similar  structure  and  syntax  to
       named.conf.  Statements	are  enclosed  in braces and terminated with a
       semi-colon. Clauses in the statements are also  semi-colon  terminated.
       The usual comment styles are supported:

       C style: /* */

       C++ style: // to end of line

       Unix style: # to end of line

       rndc.conf  is  much simpler than named.conf. The file uses three state-
       ments: an options statement, a server statement and a key statement.

       The options  statement  contains  three	clauses.   The	default-server
       clause  is  followed by the name or address of a name server. This host
       will be used when no name server is given as an argument to  rndc.  The
       default-key clause is followed by the name of a key which is identified
       by a key statement. If no keyid is provided on the rndc	command  line,
       and no key clause is found in a matching server statement, this default
       key will be used to authenticate the server's commands  and  responses.
       The  default-port  clause  is followed by the port to connect to on the
       remote name server. If no port option is provided on the  rndc  command
       line,  and no port clause is found in a matching server statement, this
       default port will be used to connect.

       After the server keyword, the server statement includes a string  which
       is  the	hostname  or  address for a name server. The statement has two
       possible clauses: key and port. The key name must match the name  of  a
       key  statement  in the file. The port number specifies the port to con-
       nect to.

       The key statement begins with an identifying string, the  name  of  the
       key.  The  statement has two clauses.  algorithm identifies the encryp-
       tion algorithm for rndc to use; currently only HMAC-MD5	is  supported.
       This is followed by a secret clause which contains the base-64 encoding
       of the algorithm's encryption key. The base-64 string  is  enclosed  in
       double quotes.

       There  are  two	common	ways  to  generate  the base-64 string for the
       secret. The BIND 9 program rndc-confgen can be used to generate a  ran-
       dom  key, or the mmencode program, also known as mimencode, can be used
       to generate a base-64 string from known input. mmencode does  not  ship
       with  BIND  9 but is available on many systems. See the EXAMPLE section
       for sample command lines for each.


	     key samplekey {
	       algorithm       hmac-md5;
	       secret	       "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";

       In the above example, rndc will by default use the server at  localhost
       (  and  the  key called samplekey.  Commands to the localhost
       server will use the samplekey key, which must also be  defined  in  the
       server's  configuration	file  with  the  same name and secret. The key
       statement indicates that samplekey uses the HMAC-MD5 algorithm and  its
       secret  clause  contains  the  base-64  encoding of the HMAC-MD5 secret
       enclosed in double quotes.

       To generate a random secret with rndc-confgen:


       A complete rndc.conf file, including the randomly generated  key,  will
       be  written  to	the  standard  output.	Commented out key and controls
       statements for named.conf are also printed.

       To generate a base-64 secret with mmencode:

       echo "known plaintext for a secret" | mmencode


       The name server must be configured to accept rndc  connections  and  to
       recognize  the  key specified in the rndc.conf file, using the controls
       statement in named.conf.  See the sections on the controls statement in
       the BIND 9 Administrator Reference Manual for details.


       rndc(8),  rndc-confgen(8),  mmencode(1), BIND 9 Administrator Reference


       Internet Systems Consortium

BIND9				 June 30, 2000			  RNDC.CONF(5)


Man(1) output converted with man2html , sed , awk