Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
RNDC.CONF(5)							  RNDC.CONF(5)

       rndc.conf - rndc	configuration file


       rndc.conf  is  the  configuration file for rndc,	the BIND 9 name	server
       control utility.	This file  has	a  similar  structure  and  syntax  to
       named.conf.  Statements	are  enclosed  in braces and terminated	with a
       semi-colon. Clauses in the statements are also  semi-colon  terminated.
       The usual comment styles	are supported:

       C style:	/* */

       C++ style: // to	end of line

       Unix style: # to	end of line

       rndc.conf  is  much simpler than	named.conf. The	file uses three	state-
       ments: an options statement, a server statement and a key statement.

       The options  statement  contains	 three	clauses.   The	default-server
       clause  is  followed by the name	or address of a	name server. This host
       will be used when no name server	is given as an argument	to  rndc.  The
       default-key clause is followed by the name of a key which is identified
       by a key	statement. If no keyid is provided on the rndc	command	 line,
       and no key clause is found in a matching	server statement, this default
       key will	be used	to authenticate	the server's commands  and  responses.
       The  default-port  clause  is followed by the port to connect to	on the
       remote name server. If no port option is	provided on the	 rndc  command
       line,  and no port clause is found in a matching	server statement, this
       default port will be used to connect.

       After the server	keyword, the server statement includes a string	 which
       is  the	hostname  or  address for a name server. The statement has two
       possible	clauses: key and port. The key name must match the name	 of  a
       key  statement  in the file. The	port number specifies the port to con-
       nect to.

       The key statement begins	with an	identifying string, the	 name  of  the
       key.  The  statement has	two clauses.  algorithm	identifies the encryp-
       tion algorithm for rndc to use; currently only HMAC-MD5	is  supported.
       This is followed	by a secret clause which contains the base-64 encoding
       of the algorithm's encryption key. The base-64 string  is  enclosed  in
       double quotes.

       There  are  two	common ways to generate	the base-64 string for the se-
       cret. The BIND 9	program	rndc-confgen can be used to generate a	random
       key,  or	 the mmencode program, also known as mimencode,	can be used to
       generate	a base-64 string from known input. mmencode does not ship with
       BIND  9	but  is	available on many systems. See the EXAMPLE section for
       sample command lines for	each.

	   options {
	       default-server  localhost;
	       default-key     samplekey;

	     server localhost {
	       key	       samplekey;

	     key samplekey {
	       algorithm       hmac-md5;
	       secret	       "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";

       In the above example, rndc will by default use the server at  localhost
       (  and	 the  key called samplekey.  Commands to the localhost
       server will use the samplekey key, which	must also be  defined  in  the
       server's	 configuration	file  with  the	 same name and secret. The key
       statement indicates that	samplekey uses the HMAC-MD5 algorithm and  its
       secret  clause contains the base-64 encoding of the HMAC-MD5 secret en-
       closed in double	quotes.

       To generate a random secret with	rndc-confgen:


       A complete rndc.conf file, including the	randomly generated  key,  will
       be  written  to	the  standard  output.	Commented out key and controls
       statements for named.conf are also printed.

       To generate a base-64 secret with mmencode:

       echo "known plaintext for a secret" | mmencode

       The name	server must be configured to accept rndc  connections  and  to
       recognize  the  key specified in	the rndc.conf file, using the controls
       statement in named.conf.	 See the sections on the controls statement in
       the BIND	9 Administrator	Reference Manual for details.

       rndc(8),	 rndc-confgen(8),  mmencode(1),	BIND 9 Administrator Reference

       Internet	Systems	Consortium

BIND9				 June 30, 2000			  RNDC.CONF(5)


Want to link to this manual page? Use this URL:

home | help