HP-UX Reference (11i v2 07/12) - 4 File Formats (vol 8)
r
rndc.conf(4) rndc.conf(4)
NAME
rndc.conf - rndc configuration file
DESCRIPTION
The BIND utility for controlling the name server,
rndc, has its own configuration file
/etc/rndc.conf
. This file has a structure and syntax similar to that of named’s configuration file,
named.conf . Statements are enclosed in braces and terminated with a semi-colon. Clauses in the state-
ments are also semi-colon terminated. The usual comment styles supported are:
C style: /* */
C++ style: // to end of line
Unix style: # to end of line
The syntax of the rndc.conf file is much simpler compared to that of
named.conf . This file includes
three statements:
options statement
server statement
key statement
The options statement contains two clauses: default-server
and default-key .
The
default-server clause is used to specify the default server on which
rndc runs, if the server is
not specified on the command line when
rndc is executed. The default-server
keyword is followed
by the name or address of a name server.
The
default-key clause is used to specify the default key that will be used to authenticate the server’s
commands and responses if a key is not specified using the -y option when executed on the command line.
The
default-key keyword is followed by the name of a key which is identified by the
key statement.
The
server statement begins with an identifying string, the hostname or address for a name server.
This statement has a single clause, key. The key name must match the name that is specified in the
key
statement.
The key statement begins with an identifying string, the name of the key. This statement has two clauses:
algorithm and secret.
The algorithm clause identifies the encryption algorithm that rndc uses. Currently only HMAC-MD5
is supported.
The secret clause contains the random key that will be used for authentication. It is base-64 encoded
using the algorithm specified in the algorithm clause. The base-64 string is enclosed in double quotes.
The BIND 9 program dnssec-keygen
can be used to generate the base-64 string for the secret
clause.
EXAMPLES
Host and key names must be quoted using double quotes if they match a keyword, such as having a key
named "key".
options {
default-server localhost;
default-key samplekey;
};
server localhost {
key samplekey;
};
key samplekey {
algorithm hmac-md5;
secret "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";
};
In the above example, rndc will by default use the server at localhost (127.0.0.1) and the key called sam-
plekey. Commands to the localhost server will use the samplekey key. The key statement indicates that
samplekey uses the HMAC-MD5 algorithm and its secret clause contains the base-64 encoding of the
HMAC-MD5 secret enclosed in double quotes.
HP-UX 11i Version 2: December 2007 Update − 1 − Hewlett-Packard Company 309