Commit ac3c4e99 authored by Mark Andrews's avatar Mark Andrews

named.key -> rndc.key

parent a769eca4
......@@ -2,7 +2,7 @@
<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
<!-- File: $Id: Bv9ARM-book.xml,v 1.152 2001/07/30 22:55:23 gson Exp $ -->
<!-- File: $Id: Bv9ARM-book.xml,v 1.153 2001/08/06 04:42:24 marka Exp $ -->
<title>BIND 9 Administrator Reference Manual</title>
......@@ -813,11 +813,7 @@ configuration file. The default location for the
location can be specified with the <option>-c</option>
option. If the configuration file is not found,
<command>rndc</command> will also look in
<filename>/var/run/named.key</filename> (or wherever
<varname>localstatedir</varname> was defined when
the <acronym>BIND</acronym> build was configured).
The <filename>named.key</filename> file is generated by
<command>named</command> as described in
<filename>/etc/rndc.key</filename> to find a key to use
<xref linkend="controls_statement_definition_and_usage"/>.</para>
<para>The format of the configuration file is similar to
......@@ -2208,29 +2204,17 @@ the system has an interface.</para></entry>
must be signed by one of its specified keys to
be honored.</para>
<para>The <command>keys</command> clause is not strictly required.
If it is not present, then a random key will be generated automatically
and placed in a file named <filename>named.key</filename>, which is
usually in <filename>/var/run</filename> but will be wherever
<varname>localstatedir</varname> was specified as when
<acronym>BIND</acronym> was built. <filename>named.key</filename>
contains a complete <filename>rndc.conf</filename>-compatible
configuration and is used by <command>rndc</command> when it
cannot find its primary configuration file.</para>
<para>Similarly, <filename>named.key</filename> is generated when
no <command>controls</command> statement is present at all. In
that situation it will configure a control channel to run on</para>
<para>If <command>keys</command> clause does not exist
<command>named</command> will look for
<filename>/etc/rndc.key</filename> and use the key found
<para>There are two ways to disable the creation of
<filename>named.key</filename>. One is to ensure that all of your
<command>inet</command> control channels have a <command>keys</command>
clause. The other is to have a <command>controls</command> statement
with no <command>inet</command> phrases it all. The latter will
prevent the creation of any control channel.</para>
<para>Similarly, <filename>/etc/rndc.key.key</filename> is used
no <command>controls</command> statement is present at all. In
that situation it will configure control channels to run on
all interfaces.</para>
<para>The <filename>named.key</filename> feature was created to
<para>The <filename>/etc/rndc.key</filename> feature was created to
ease the transition of systems from <acronym>BIND</acronym> 8,
which did not have digital signatures on its command channel messages
and thus did not have a <command>keys</command> clause. Since
......@@ -2239,7 +2223,7 @@ the system has an interface.</para></entry>
have a high degree of configurability. You cannot easily change
the key name or the size of the secret, so you should make a
<filename>rndc.conf</filename> with your own key if you wish to change
those things. The <filename>named.key</filename> file also has its
those things. The <filename>/etc/rndc.key</filename> file also has its
permissions set such that only the owner of the file (the user that
<command>named</command> is running as) can access it. If you
desire greater flexibility in allowing other users to access
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment