HP-UX IP Address and Client Management Administrator's Guide HP-UX 11i v2, HP-UX 11i v3

ManualsBrandsHP ManualsSoftwareHP-UX 11i v3 ONC and NFS Software

Generating the rndc.conf File

You can generate the configuration file rndc.conf using the rndc-confgen utility. A sample

configuration file rndc.conf is distributed with this release of BIND.

An example configuration file /etc/rndc.conf is as follows:

key rndckey {

algorithm “hmac-md5”;

secret “IbtRYdcP8k2mVtel6aYfbQ==”;

}; options {

default-server localhost;

default-key rndckey;

};

With this example as the /etc/rndc.conf configuration file, run the following command:

$ rndc reload

This connects to the 127.0.0.1 port 953 and reloads the name server if the name server on the local

machine is running with the following controls statement and if the configuration file

/etc/named.conf has a key statement for rndckey similar to the key statement in the

/etc/rndc.conffile:

controls {

inet 127.0.0.1 allow { 127.0.0.1; } keys { rndckey;

}; };

For more information, type man 4 rndc.conf at the HP-UX prompt.

You can also run rndc-confgen with the -a option to set up a rndc.key file to avoid the need

for a rndc.conf file and a control statement.

The syntax for rndc-confgen is as follows:

rndc-confgen [-a]

[-b keysize] [-c keyfile] [-h] [-k keyname] [-p port] [-r randomfile]

[-s address] [-t chrootdir] [-u user]

-a Configures rndc automatically. This option creates the file rndc.key in

the /etc directory, which is read by both rndc and named upon startup.

-b keysize

Specifies the size of the authentication key (in bits). The value ranges from

1–512 and the default value is 128 bits.

-c keysize Used with the -a option to specify an alternate location for the rndc.key

file.

-h

Prints a short summary of the options and arguments to the

rndc-confgen utility.

-k keyname Specifies the key name of the rndc authentication key. The default value

is rndc-key.

-p port Specifies the command channel port where named listens for connections

from rndc. The default value is 953.

-r random file

Specifies a source file of random data for generating authorization. The

default value is the keyboard input.

-s address Specifies the IP address where named listens for command channel

connections from rndc. The default value is the loopback address

127.0.0.1.

-t chrootdir Used with the -a option to specify a directory where named runs chroot.

An additional copy of the rndc.key file is written relative to this directory

for the chrooted named to identify the rndc.key file.

-u user Used with the -a option to set the owner of the generated rndc.key file.

If you specify the -t option along with the -u option, the owner of the

file in the chroot area is changed.

BIND Name Service Overview 23