Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 16 Oct 2004 12:12:38 +0100
From:      Matthew Seaman <m.seaman@infracaninophile.co.uk>
To:        =?utf-8?B?VXJvxaE=?= Gruber <uros@sir-mag.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: bind9 control
Message-ID:  <20041016111238.GA50881@happy-idiot-talk.infracaninophile.co.uk>
In-Reply-To: <14010596201.20041016125522@sir-mag.com>
References:  <14010596201.20041016125522@sir-mag.com>

next in thread | previous in thread | raw e-mail | index | archive | help

--8t9RHnE3ZwKMSgU+
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, Oct 16, 2004 at 12:55:22PM +0200, Uro=C5=A1 Gruber wrote:
> Hello,
>=20
>   Today I transfer my domain from bind8 to bind9. It works ok, except ndc.
>   I read  bind9 administrator manual. But there is always about rndc.
>=20
>   because bind is by default chrooted (which is great) ndc report an error
>=20
> ndc: error: ctl_client: evConnect(fd 3): No such file or directory
> ndc: error: cannot connect to command channel (/var/run/ndc)
>=20
>   I think I have to use rndc insted. But I want to know simple config to
>   allow controling local dns like ndc in old days.

If all you want is to be able to control an instance of named on your
local machine, you can use something like the following in your
named.conf:

    // Authentication for communicating with rndc --- only listen on the lo=
opback
    // port 953 for control connections
    key "rndc-key" {
        algorithm hmac-md5;
        secret "XXXXXXXXXXXXXXXXXXXXXX=3D=3D";
    };
    =20
    controls {
        inet 127.0.0.1 port 953
            allow { 127.0.0.1; } keys { "rndc-key"; };
        inet ::1 port 953
            allow { ::1; } keys { "rndc-key"; };
    };

That's basically copied with some small modifications from
/usr/local/etc/rndc.conf, which you can automatically generate with a
random key by:

    # rndc-confgen

and following the instructions.

	Cheers,

	Matthew

--=20
Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK

--8t9RHnE3ZwKMSgU+
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (FreeBSD)

iD8DBQFBcQImiD657aJF7eIRAv7fAKCQnWm9s87J+HdKDB3QffVW+UcufACfS2qy
AGBW3xET9P3IBwLosS+/K/8=
=X/xm
-----END PGP SIGNATURE-----

--8t9RHnE3ZwKMSgU+--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041016111238.GA50881>