240


Chapter 16. Berkeley Internet Name Domain (BIND)


address to be reversed and "


.in addr.arpa


" to be included after them. This allows the single block


of IP numbers used in the reverse name resolution zone file to be correctly attached with this zone.


16.3. Using


rndc


BIND includes a utility called


rndc


which allows you to use command line statements to administer


the


named


daemon, locally, or remotely. The


rndc


program uses the


/etc/rndc.conf


file for its


configuration options, which can be overridden with command line options.


In order to prevent unauthorized users on other systems from controlling BIND on your server, a


shared secret key method is used to explicitly grant privileges to particular hosts. In order for


rndc


to issue commands to any


named


, even on a local machine, the keys used in


/etc/named.conf


and


/etc/rndc.conf


must match.


16.3.1. Configuring


rndc


Before attempting to use the


rndc


command, verify that the proper configuration lines are in place in


the necessary files. Most likely, your configuration files are not properly set if you run


rndc


and see a


message that states:


rndc: connect: connection refused


16.3.1.1.


rndc


and


/etc/named.conf


In order for


rndc


to be allowed to connect to your


named


service, you must have a


controls


state 


ment in your


/etc/named.conf


file when


named


starts. The sample


controls


statement shown in


the next example will allow you to execute


rndc


commands locally.


controls {


inet 127.0.0.1 allow { localhost; } keys {


key name ; };


N


O


};


This statement tells


named


to listen on the default TCP port 953 of the loopback address and allow


rndc


commands coming from the localhost, if the proper key is given. The


key name relates to


O


O


the


key


statement, which is also in the


/etc/named.conf


file. The next example illustrates a sample


key


statement.


key " key name " {


N


O


algorithm hmac md5;


secret " key value ";


N


O


};


In this case, the


key value


is a HMAC MD5 key. You can generate your own HMAC MD5


O


O


keys with the following command:


dnssec keygen  a hmac md5  b


bit length


 n HOST


key file name


N


O


N


O


A key with at least a 256 bit length is good idea. The actual key that should be placed in the


key 


O


value


area can found in the


key file name


.


O


O


O


The name of the key used in


/etc/named.conf


should be something other than


key


.








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      

      tomcat hosting

      
 

    

  

  




Our partners: 
PHP: Hypertext Preprocessor Best Web Hosting
Java Web Hosting
Inexpensive Web Hosting 
Jsp Web Hosting 




Cheapest Web Hosting
Jsp Hosting
Cheap Hosting



Visionwebhosting.net Business web hosting division of Web 
Design Plus. All rights reserved