rndc.conf(4)rndc.conf(4)NAMErndc.conf - rndc configuration file
DESCRIPTION
is the configuration file for the BIND 9 name server control utility.
This file has a structure and syntax similar to the configuration file,
The standard (default) configuration file is located at The standard
(default) configuration file is located at
Syntax
The syntax of the file is much simpler than that of the configuration
file. It includes three statements and optional comments. Statement
blocks are enclosed in braces and terminated with a semicolon. Clauses
in the statements are also semicolon-terminated.
A servername or keyname must be quoted using double quotes if it
matches a keyword, such as having a key named .
The options Statement
The statement specifies the default server and key definition for the
configuration.
The clause specifies the default server on which runs, if the server is
not specified with the option in the command. defserver is the name or
IP address of a name server that is specified in a statement.
The clause specifies the default key that will authenticate the
server's commands and responses if a key is not specified with the
option in the command. defkey is the name of a key that is specified
in a statement.
The server Statement
The statement specifies the servername of a name server, as a host name
or an IP address.
The clause specifies a keyname that matches a keyname in a statement.
Multiple statements are permitted.
The key Statement
The statement specifies the name, keyname, and definition of a key.
The clause identifies the encryption algorithm, algoname. Currently
only is supported.
The clause contains the random key, secretvalue, that will be used for
authentication. It is base-64-encoded, using the algorithm specified
in the clause. secretvalue is enclosed in double quotes.
The BIND 9 program can be used to generate the secretvalue.
Multiple statements are permitted.
Comments
The following comment styles are supported:
C:
C++:
UNIX:
Name Server Configuration
The name server must be configured to accept connections and to recog‐
nize the key specified in the file, using the statement in
WARNINGS
Currently, there is no way to specify the port on which must run.
EXAMPLES
Example 1
Here is a sample file:
In this example, will, by default, use the server at (127.0.0.1) and
the key named Commands directed to the server will use the key. The
statement indicates that uses the HMAC-MD5 algorithm and its clause
contains the base-64 encoding of the HMAC-MD5 secret enclosed in double
quotes.
Example 2
To generate a random secretvalue with the command (see rndc-conf‐
gen(1)):
A complete file, including the randomly generated key, is written to
standard output. Commented-out and statements for are also written.
Example 3
To generate the secretvalue with the command (see dnssec-keygen(1)):
The base-64 secretvalue will appear in two files, and After you copy
the secretvalue into statements in the and files, you can delete the
and files.
AUTHOR
was developed by the Internet Systems Consortium (ISC).
SEE ALSOdnssec-keygen(1), rndc(1), rndc-confgen(1), named(1M).
available online at
available from the Internet Systems Consortium at
BIND 9.3 rndc.conf(4)