HP-UX Reference (11i v3 07/02) - 4 File Formats (vol 8)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals

371

372

373

374

375

376

377

378

379

380

rndc.conf(4) rndc.conf(4)

(BIND 9.3)

C: /* comment */

C++: // to end of line

UNIX: # to end of line

Name Server Conﬁguration

The name server must be conﬁgured to accept

rndc connections and to recognize the key speciﬁed in the

rndc.conf ﬁle, using the controls statement in

named.conf .

WARNINGS

Currently, there is no way to specify the port on which

rndc must run.

EXAMPLES

Example 1

Here is a sample

rndc.conf ﬁle:

options {

default-server localhost;

default-key samplekey;

};

server localhost {

key samplekey;

};

key samplekey {

algorithm hmac-md5;

secret "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";

};

In this example, rndc will, by default, use the server at localhost (127.0.0.1) and the key named

sam-

plekey

. Commands directed to the localhost server will use the samplekey key. The key state-

ment indicates that

samplekey uses the HMAC-MD5 algorithm and its secret clause contains the

base-64 encoding of the HMAC-MD5 secret enclosed in double quotes.

Example 2

To generate a random secretvalue with the rndc-confgen command (see rndc-confgen(1)):

$ rndc-confgen

A complete rndc.conf ﬁle, including the randomly generated key, is written to standard output.

Commented-out key and controls

statements for named.conf are also written.

Example 3

To generate the secretvalue with the

dnssec-keygen

command (see dnssec-keygen(1)):

$ dnssec-keygen -a hmac-md5 -b 128 -n user rndc

The base-64 secretvalue will appear in two ﬁles, Krndc.+157.+ keyid.key and

Krndc.+157.+ keyid.private. After you copy the secretvalue into key statements in the

rndc.conf and named.conf ﬁles, you can delete the .key and .private ﬁles.

AUTHOR

rndc.conf was developed by the Internet Systems Consortium (ISC).