*nix Documentation Project
·  Home
 +   man pages
·  Linux HOWTOs
·  FreeBSD Tips
·  *niX Forums

  man pages->HP-UX 11i man pages -> rndc.conf (4)              


 rndc.conf(4)                                                   rndc.conf(4)

 NAME    [Toc]    [Back]
      rndc.conf - rndc configuration file

 DESCRIPTION    [Toc]    [Back]
      The BIND utility for controlling the name server, rndc, has its own
      configuration file /etc/rndc.conf.  This file has a structure and
      syntax similar to that of named's configuration file, named.conf.
      Statements are enclosed in braces and terminated with a semi-colon.
      Clauses in the statements are also semi-colon terminated.  The usual
      comment styles supported are:

                C style: /* */
                C++ style: // to end of line
                Unix style: # to end of line

      The syntax of the rndc.conf file is much simpler compared to that of
      named.conf.  This file includes three statements:

                options  statement
                server  statement
                key  statement

      The options statement contains two clauses: default-server and

      The default-server clause is used to specify the default server on
      which rndc runs, if the server is not specified on the command line
      when rndc is executed. The default-server keyword is followed by the
      name or address of a name server.

      The default-key clause is used to specify the default key that will be
      used to authenticate the server's commands and responses if a key is
      not specified using the -y option when executed on the command line.
      The default-key keyword is followed by the name of a key which is
      identified by the key statement.

      The server statement begins with an identifying string, the hostname
      or address for a name server.  This statement has a single clause,
      key.  The key name must match the name that is specified in the key

      The key statement begins with an identifying string, the name of the
      key.  This statement has two clauses: algorithm and secret.

      The algorithm clause identifies the encryption algorithm that rndc
      uses. Currently only HMAC-MD5 is supported.

      The secret clause contains the random key that will be used for
      authentication. It is base-64 encoded using the algorithm specified in
      the algorithm clause.  The base-64 string is enclosed in double

 Hewlett-Packard Company            - 1 -   HP-UX 11i Version 2: August 2003

 rndc.conf(4)                                                   rndc.conf(4)

      The BIND 9 program dnssec-keygen can be used to generate the base-64
      string for the secret clause.

 EXAMPLES    [Toc]    [Back]
      Host and key names must be quoted using double quotes if they match a
      keyword, such as having a key named "key".

      options {
               default-server  localhost;
               default-key     samplekey;

      server localhost {
                        key samplekey;

      key samplekey {
                     algorithm hmac-md5;
      secret "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";

      In the above example, rndc will by default use the server at localhost
      ( and the key called samplekey.  Commands to the localhost
      server will use the samplekey key.  The key statement indicates that
      samplekey uses the HMAC-MD5 algorithm and its secret clause contains
      the base-64 encoding of the HMAC-MD5 secret enclosed in double quotes.

      The secret can be generated using dnssec-keygen as follows:

           $ dnssec-keygen -a hmac-md5 -b 128 -n user rndc

      The base-64 string will appear in two files, Krndc.+157.+{random}.key
      and Krndc.+157.+{random}.private.  After extracting the key to be
      placed in the rndc.conf and named.conf key statements, the .key and
      .private files can be removed.

      The name server must be configured to accept rndc connections and to
      recognize the key specified in the rndc.conf file, using the controls
      statement in named.conf.

    LIMITATIONS    [Toc]    [Back]
      There is currently no way to specify the port on which rndc must run.

 AUTHOR    [Toc]    [Back]
      rndc.conf was developed by ISC (Internet Software Consortium).

 SEE ALSO    [Toc]    [Back]
      dnssec-keygen(1), rndc(1), named(1M).

 Hewlett-Packard Company            - 2 -   HP-UX 11i Version 2: August 2003
[ Back ]
 Similar pages
Name OS Title
rndc-confgen OpenBSD rndc key generation tool
rndc-confgen HP-UX rndc key generation tool
man.conf OpenBSD configuration file for man(1)
apt.conf Linux Configuration file for APT
amd.conf FreeBSD amd configuration file
tcpd.conf HP-UX configuration file for tcpd
login IRIX login configuration file
inetd.conf HP-UX configuration file for inetd
nsmb.conf FreeBSD configuration file for SMB requests
mk.conf NetBSD make configuration file
Copyright © 2004-2005 DeniX Solutions SRL
newsletter delivery service