diff --git a/bin/rndc/rndc.conf.5 b/bin/rndc/rndc.conf.5 index 862b6803bc..ab85fe8166 100644 --- a/bin/rndc/rndc.conf.5 +++ b/bin/rndc/rndc.conf.5 @@ -75,7 +75,7 @@ the base-64 encoding of the algorithm's encryption key. The base-64 string is enclosed in double quotes. .PP There are two common ways to generate the base-64 string for the -secret. The BIND 9 program \fBdnssec-keygen\fR can +secret. The BIND 9 program \fBrndc-confgen\fR can be used to generate a random key, or the \fBmmencode\fR program, also known as \fBmimencode\fR, can be used to generate a base-64 @@ -110,21 +110,19 @@ same name and secret. The key statement indicates that samplekey uses the HMAC-MD5 algorithm and its secret clause contains the base-64 encoding of the HMAC-MD5 secret enclosed in double quotes. .PP -To generate a random secret with \fBdnssec-keygen\fR: +To generate a random secret with \fBrndc-confgen\fR: .PP -\fB$ dnssec-keygen -a hmac-md5 -b 128 -n user rndc\fR +\fBrndc-confgen\fR .PP -The base-64 string will appear in two files, -\fIKrndc.+157.+{random}.key\fR and -\fIKrndc.+157.+{random}.private\fR. After -extracting the key to be placed in the -\fIrndc.conf\fR and -\fInamed.conf\fR key statements, the -\&.key and .private files can be removed. +A complete \fIrndc.conf\fR file, including the +randomly generated key, will be written to the standard +output. Commented out \fBkey\fR and +\fBcontrols\fR statements for +\fInamed.conf\fR are also printed. .PP -To generate a random secret with \fBmmencode\fR: +To generate a base-64 secret with \fBmmencode\fR: .PP -\fB$ echo "known plaintext for a secret" | mmencode\fR +\fBecho "known plaintext for a secret" | mmencode\fR .SH "NAME SERVER CONFIGURATION" .PP The name server must be configured to accept rndc connections and @@ -135,7 +133,7 @@ BIND 9 Administrator Reference Manual for details. .SH "SEE ALSO" .PP \fBrndc\fR(8), -\fBdnssec-keygen\fR(8), +\fBrndc-confgen\fR(8), \fBmmencode\fR(1), \fIBIND 9 Administrator Reference Manual\fR. .SH "AUTHOR" diff --git a/bin/rndc/rndc.conf.html b/bin/rndc/rndc.conf.html index 14fdfd2282..93dad779dc 100644 --- a/bin/rndc/rndc.conf.html +++ b/bin/rndc/rndc.conf.html @@ -201,7 +201,7 @@ CLASS="COMMAND" > There are two common ways to generate the base-64 string for the secret. The BIND 9 program dnssec-keygenrndc-confgen can be used to generate a random key, or the

To generate a random secret with dnssec-keygenrndc-confgen:

$ dnssec-keygen -a hmac-md5 -b 128 -n user rndcrndc-confgen

The base-64 string will appear in two files, - Krndc.+157.+{random}.key and - Krndc.+157.+{random}.private. After - extracting the key to be placed in the - A complete rndc.conf and - file, including the + randomly generated key, will be written to the standard + output. Commented out key and + controls statements for + named.conf key statements, the - .key and .private files can be removed. +> are also printed.

To generate a random secret with To generate a base-64 secret with mmencode: @@ -300,7 +298,7 @@ CLASS="COMMAND" > $ echo "known plaintext for a secret" | mmencodeecho "known plaintext for a secret" | mmencode

dnssec-keygenrndc-confgen(8),
6.3. Zone File

The pathname of the file the server writes -its process ID in. If not specified, the default is operating system -dependent, but is usually -The pathname of the file the server writes its process ID +in. If not specified, the default is /var/run/named.pid or /etc/named.pid. The pid-file is used by programs that want to send signals to the running nameserver.

6.2.14.2. Forwarding

6.2.14.4. Interfaces

6.2.14.5. Query Address

Note: The address specified in the query-source currently applies only -to UDP queries; TCP queries always use a wildcard IP address and -a random unprivileged port.

option +is used for both UDP and TCP queries, but the port applies only to +UDP queries. TCP queries always use a random +unprivileged port.

6.2.14.7. Operating System Resource Limits

6.2.14.8. Server Resource Limits

6.2.14.9. Periodic Task Intervals

6.2.17. trusted-keys

6.2.18. trusted-keys

6.2.19. view

6.2.20. view

6.2.22. zone

6.2.22.1. Zone Types

6.2.22.2. Class

6.2.22.3. Zone Options

6.3. Zone File

6.3.1.1. Resource Records

6.3.1.2. Textual expression of RRs

6.3.2. Discussion of MX Records

6.3.4. Inverse Mapping in IPv4

6.3.5. Other Zone File Directives

6.3.5.1. The $ORIGIN

6.3.5.2. The $INCLUDE

6.3.5.3. The $TTL

6.3.6. BIND

7.2. chroot

7.2. chroot

7.2.1. The chroot

7.2.2. Using the setuid

8.1. Common Problems
8.2. Incrementing and Changing the Serial Number
8.3. Where Can I Get Help?

8.1. Common Problems

8.1.1. It's not working; how can I figure out what's wrong?

8.2. Incrementing and Changing the Serial Number

8.3. Where Can I Get Help?

A.1. Acknowledgements
A.3. General DNS

A.1. Acknowledgements

A.1.1. A Brief History of the DNS

A.2.1.1. HS = hesiod

A.2.1.2. CH = chaos

A.3. General DNS

Bibliography

Standards

[RFC974] 

[RFC1034] 

[RFC1035] 

[RFC2181] 

[RFC2308] 

[RFC1995] 

[RFC1996] 

[RFC2136] 

[RFC2845] 

Proposed Standards Still Under Development

[RFC1886] 

[RFC2065] 

[RFC2137] 

Other Important RFCs About DNS

[RFC1535] 

[RFC1536] 

[RFC1982] 

Resource Record Types

[RFC1183] 

[RFC1706] 

[RFC2168] 

[RFC1876] 

[RFC2052] 

[RFC2163] 

[RFC2230] 

DNS

[RFC1101] 

[RFC1123] 

[RFC1591] 

[RFC2317] 

DNS

[RFC1537] 

[RFC1912] 

[RFC1912] 

[RFC2010] 

[RFC2219] 

Other DNS

[RFC1464] 

[RFC1713] 

[RFC1794] 

[RFC2240] 

[RFC2345] 

[RFC2352] 

Obsolete and Unimplemented Experimental RRs

[RFC1712] 

A.4.3. Other Documents About BIND

Bibliography

6.2.17. trusted-keys
6.2.18. trusted-keys
6.2.19. view
6.2.20. view
6.2.22. zone

6.3. Zone File
6.3.2. Discussion of MX Records
6.3.4. Inverse Mapping in IPv4
6.3.5. Other Zone File Directives
6.3.6. BIND
7.2. chroot
7.2.1. The chroot
7.2.2. Using the setuid
8.1. Common Problems
8.1.1. It's not working; how can I figure out what's wrong?
8.2. Incrementing and Changing the Serial Number
8.3. Where Can I Get Help?
A.1. Acknowledgements
A.1.1. A Brief History of the DNS
A.3. General DNS
A.4.3. Other Documents About BIND