HP-UX Reference (11i v3 07/02) - 4 File Formats (vol 8)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals

371

372

373

374

375

376

377

378

379

380

rndc.conf(4) rndc.conf(4)

(BIND 9.3)

NAME

rndc.conf - rndc conﬁguration ﬁle

DESCRIPTION

rndc.conf is the conﬁguration ﬁle for

rndc, the BIND 9 name server control utility. This ﬁle has a

structure and syntax similar to the

named

conﬁguration ﬁle, named.conf .

The standard (default)

rndc conﬁguration ﬁle is located at

/etc/rndc.conf

. The standard (default)

named conﬁguration ﬁle is located at

/etc/named.conf.

Syntax

The syntax of the

rndc.conf ﬁle is much simpler than that of the

named.conf conﬁguration ﬁle. It

includes three statements and optional comments. Statement blocks are enclosed in braces and terminated

with a semicolon. Clauses in the statements are also semicolon-terminated.

options {

default-server

defserver ;

default-key

defkey ;

};

server

servername {

key

keyname ;

};

key keyname {

algorithm

algoname ;

secret "

secretvalue";

};

A servername or keyname must be quoted using double quotes if it matches a keyword, such as having a

key named "key".

The options Statement

The options statement speciﬁes the default server and key deﬁnition for the conﬁguration.

The default-server clause speciﬁes the default server on which

rndc runs, if the server is not

speciﬁed with the

-s option in the rndc command. defserver is the name or IP address of a name server

that is speciﬁed in a server statement.

The default-key clause speciﬁes the default key that will authenticate the server’s commands and

responses if a key is not speciﬁed with the -y option in the

rndc command. defkey is the name of a key

that is speciﬁed in a

key statement.

The server Statement

The server statement speciﬁes the servername of a name server, as a host name or an IP address.

The key clause speciﬁes a keyname that matches a keyname in a key statement.

Multiple

server statements are permitted.

The key Statement

The key statement speciﬁes the name, keyname, and deﬁnition of a key.

The algorithm clause identiﬁes the encryption algorithm, algoname. Currently only HMAC-MD5 is sup-

ported.

The secret clause contains the random key, secretvalue, that will be used for authentication. It is base-

64-encoded, using the algorithm speciﬁed in the algorithm clause. secretvalue is enclosed in double

quotes.

The BIND 9 program dnssec-keygen can be used to generate the secretvalue.

Multiple key statements are permitted.

Comments

The following comment styles are supported:

HP-UX 11i Version 3: February 2007 − 1 − Hewlett-Packard Company 375