"Fossies" - the Fresh Open Source Software Archive

Member "bind-9.17.5/doc/man/rndc.conf.5in" (4 Sep 2020, 6195 Bytes) of package /linux/misc/dns/bind9/9.17.5/bind-9.17.5.tar.xz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the last Fossies "Diffs" side-by-side code changes report for "rndc.conf.5in": 9.17.2_vs_9.17.3.

    1 .\" Man page generated from reStructuredText.
    2 .
    3 .TH "RNDC.CONF" "5" "@RELEASE_DATE@" "@PACKAGE_VERSION@" "BIND 9"
    4 .SH NAME
    5 rndc.conf \- rndc configuration file
    6 .
    7 .nr rst2man-indent-level 0
    8 .
    9 .de1 rstReportMargin
   10 \\$1 \\n[an-margin]
   11 level \\n[rst2man-indent-level]
   12 level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
   13 -
   14 \\n[rst2man-indent0]
   15 \\n[rst2man-indent1]
   16 \\n[rst2man-indent2]
   17 ..
   18 .de1 INDENT
   19 .\" .rstReportMargin pre:
   20 . RS \\$1
   21 . nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
   22 . nr rst2man-indent-level +1
   23 .\" .rstReportMargin post:
   24 ..
   25 .de UNINDENT
   26 . RE
   27 .\" indent \\n[an-margin]
   28 .\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
   29 .nr rst2man-indent-level -1
   30 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
   31 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
   32 ..
   33 .SH SYNOPSIS
   34 .sp
   35 \fBrndc.conf\fP
   36 .SH DESCRIPTION
   37 .sp
   38 \fBrndc.conf\fP is the configuration file for \fBrndc\fP, the BIND 9 name
   39 server control utility. This file has a similar structure and syntax to
   40 \fBnamed.conf\fP\&. Statements are enclosed in braces and terminated with a
   41 semi\-colon. Clauses in the statements are also semi\-colon terminated.
   42 The usual comment styles are supported:
   43 .sp
   44 C style: /* */
   45 .sp
   46 C++ style: // to end of line
   47 .sp
   48 Unix style: # to end of line
   49 .sp
   50 \fBrndc.conf\fP is much simpler than \fBnamed.conf\fP\&. The file uses three
   51 statements: an options statement, a server statement, and a key
   52 statement.
   53 .sp
   54 The \fBoptions\fP statement contains five clauses. The \fBdefault\-server\fP
   55 clause is followed by the name or address of a name server. This host
   56 is used when no name server is given as an argument to \fBrndc\fP\&.
   57 The \fBdefault\-key\fP clause is followed by the name of a key, which is
   58 identified by a \fBkey\fP statement. If no \fBkeyid\fP is provided on the
   59 rndc command line, and no \fBkey\fP clause is found in a matching
   60 \fBserver\fP statement, this default key is used to authenticate the
   61 server\(aqs commands and responses. The \fBdefault\-port\fP clause is followed
   62 by the port to connect to on the remote name server. If no \fBport\fP
   63 option is provided on the rndc command line, and no \fBport\fP clause is
   64 found in a matching \fBserver\fP statement, this default port is used
   65 to connect. The \fBdefault\-source\-address\fP and
   66 \fBdefault\-source\-address\-v6\fP clauses can be used to set the IPv4
   67 and IPv6 source addresses respectively.
   68 .sp
   69 After the \fBserver\fP keyword, the server statement includes a string
   70 which is the hostname or address for a name server. The statement has
   71 three possible clauses: \fBkey\fP, \fBport\fP, and \fBaddresses\fP\&. The key
   72 name must match the name of a key statement in the file. The port number
   73 specifies the port to connect to. If an \fBaddresses\fP clause is supplied,
   74 these addresses are used instead of the server name. Each address
   75 can take an optional port. If an \fBsource\-address\fP or
   76 \fBsource\-address\-v6\fP is supplied, it is used to specify the
   77 IPv4 and IPv6 source address, respectively.
   78 .sp
   79 The \fBkey\fP statement begins with an identifying string, the name of the
   80 key. The statement has two clauses. \fBalgorithm\fP identifies the
   81 authentication algorithm for \fBrndc\fP to use; currently only HMAC\-MD5
   82 (for compatibility), HMAC\-SHA1, HMAC\-SHA224, HMAC\-SHA256 (default),
   83 HMAC\-SHA384, and HMAC\-SHA512 are supported. This is followed by a secret
   84 clause which contains the base\-64 encoding of the algorithm\(aqs
   85 authentication key. The base\-64 string is enclosed in double quotes.
   86 .sp
   87 There are two common ways to generate the base\-64 string for the secret.
   88 The BIND 9 program \fBrndc\-confgen\fP can be used to generate a random
   89 key, or the \fBmmencode\fP program, also known as \fBmimencode\fP, can be
   90 used to generate a base\-64 string from known input. \fBmmencode\fP does
   91 not ship with BIND 9 but is available on many systems. See the Example
   92 section for sample command lines for each.
   93 .SH EXAMPLE
   94 .INDENT 0.0
   95 .INDENT 3.5
   96 .sp
   97 .nf
   98 .ft C
   99 options {
  100   default\-server  localhost;
  101   default\-key     samplekey;
  102 };
  103 .ft P
  104 .fi
  105 .UNINDENT
  106 .UNINDENT
  107 .INDENT 0.0
  108 .INDENT 3.5
  109 .sp
  110 .nf
  111 .ft C
  112 server localhost {
  113   key             samplekey;
  114 };
  115 .ft P
  116 .fi
  117 .UNINDENT
  118 .UNINDENT
  119 .INDENT 0.0
  120 .INDENT 3.5
  121 .sp
  122 .nf
  123 .ft C
  124 server testserver {
  125   key     testkey;
  126   addresses   { localhost port 5353; };
  127 };
  128 .ft P
  129 .fi
  130 .UNINDENT
  131 .UNINDENT
  132 .INDENT 0.0
  133 .INDENT 3.5
  134 .sp
  135 .nf
  136 .ft C
  137 key samplekey {
  138   algorithm       hmac\-sha256;
  139   secret          "6FMfj43Osz4lyb24OIe2iGEz9lf1llJO+lz";
  140 };
  141 .ft P
  142 .fi
  143 .UNINDENT
  144 .UNINDENT
  145 .INDENT 0.0
  146 .INDENT 3.5
  147 .sp
  148 .nf
  149 .ft C
  150 key testkey {
  151   algorithm   hmac\-sha256;
  152   secret      "R3HI8P6BKw9ZwXwN3VZKuQ==";
  153 };
  154 .ft P
  155 .fi
  156 .UNINDENT
  157 .UNINDENT
  158 .sp
  159 In the above example, \fBrndc\fP by default uses the server at
  160 localhost (127.0.0.1) and the key called "samplekey". Commands to the
  161 localhost server use the "samplekey" key, which must also be defined
  162 in the server\(aqs configuration file with the same name and secret. The
  163 key statement indicates that "samplekey" uses the HMAC\-SHA256 algorithm
  164 and its secret clause contains the base\-64 encoding of the HMAC\-SHA256
  165 secret enclosed in double quotes.
  166 .sp
  167 If \fBrndc \-s testserver\fP is used, then \fBrndc\fP connects to the server
  168 on localhost port 5353 using the key "testkey".
  169 .sp
  170 To generate a random secret with \fBrndc\-confgen\fP:
  171 .sp
  172 \fBrndc\-confgen\fP
  173 .sp
  174 A complete \fBrndc.conf\fP file, including the randomly generated key,
  175 is written to the standard output. Commented\-out \fBkey\fP and
  176 \fBcontrols\fP statements for \fBnamed.conf\fP are also printed.
  177 .sp
  178 To generate a base\-64 secret with \fBmmencode\fP:
  179 .sp
  180 \fBecho "known plaintext for a secret" | mmencode\fP
  181 .SH NAME SERVER CONFIGURATION
  182 .sp
  183 The name server must be configured to accept rndc connections and to
  184 recognize the key specified in the \fBrndc.conf\fP file, using the
  185 controls statement in \fBnamed.conf\fP\&. See the sections on the
  186 \fBcontrols\fP statement in the BIND 9 Administrator Reference Manual for
  187 details.
  188 .SH SEE ALSO
  189 .sp
  190 \fBrndc(8)\fP, \fBrndc\-confgen(8)\fP, \fBmmencode(1)\fP, BIND 9 Administrator Reference Manual.
  191 .SH AUTHOR
  192 Internet Systems Consortium
  193 .SH COPYRIGHT
  194 2020, Internet Systems Consortium
  195 .\" Generated by docutils manpage writer.
  196 .