HP-UX Reference (11i v2 04/09) - 4 File Formats (vol 8)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals

291

292

293

294

295

296

297

298

299

300

rndc.conf(4) rndc.conf(4)

NAME

rndc.conf - rndc conﬁguration ﬁle

DESCRIPTION

The BIND utility for controlling the name server,

rndc, has its own conﬁguration ﬁle

/etc/rndc.conf

. This ﬁle has a structure and syntax similar to that of named’s conﬁguration ﬁle,

named.conf. Statements are enclosed in braces and terminated with a semi-colon. Clauses in the

statements are also semi-colon terminated. The usual comment styles supported are:

C style: /* */

C++ style: // to end of line

Unix style: # to end of line

The syntax of the rndc.conf ﬁle is much simpler compared to that of

named.conf. This ﬁle includes

three statements:

options statement

server statement

key statement

The options statement contains two clauses: default-server

and default-key.

The

default-server clause is used to specify the default server on which

rndc runs, if the server is

not speciﬁed on the command line when

rndc is executed. The default-server

keyword is followed

by the name or address of a name server.

The

default-key clause is used to specify the default key that will be used to authenticate the server’s

commands and responses if a key is not speciﬁed using the -y option when executed on the command

line. The default-key keyword is followed by the name of a key which is identiﬁed by the

key state-

ment.

The

server statement begins with an identifying string, the hostname or address for a name server.

This statement has a single clause, key. The key name must match the name that is speciﬁed in the

key

statement.

The

key statement begins with an identifying string, the name of the key. This statement has two

clauses: algorithm and secret.

The

algorithm clause identiﬁes the encryption algorithm that rndc uses. Currently only HMAC-MD5

is supported.

The

secret clause contains the random key that will be used for authentication. It is base-64 encoded

using the algorithm speciﬁed in the algorithm clause. The base-64 string is enclosed in double quotes.

The BIND 9 program

dnssec-keygen

can be used to generate the base-64 string for the secret

clause.

EXAMPLES

Host and key names must be quoted using double quotes if they match a keyword, such as having a key

named "key".

options {

default-server localhost;

default-key samplekey;

};

server localhost {

key samplekey;

};

key samplekey {

algorithm hmac-md5;

secret "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";

};

In the above example, rndc will by default use the server at localhost (127.0.0.1) and the key called sam-

plekey . Commands to the localhost server will use the samplekey key. The key statement indicates that

samplekey uses the HMAC-MD5 algorithm and its secret clause contains the base-64 encoding of the

HMAC-MD5 secret enclosed in double quotes.

HP-UX 11i Version 2: September 2004 − 1 − Hewlett-Packard Company Section 4−−279