Make rndc work with multiple servers
Description
rndc
only works with one set of key/server/port per rndc.conf
.
As a result, we often have to create multiple rndc
script files, one for each server and ften at different rndc-control port number. All using the different /etc/bind/rndc.conf
config filespec.
such that:
File: /usr/local/bin/rndc-bastion.sh
#!/bin/bash
rndc -c /etc/bind/rndc-bastion.conf $1 $2 $3 $4 $5 $6 $7 $8 $9
It would be nice if we could do
#
$ rndc -s ns1.example.test reload
$ rndc -k bastion_keyname reload
using the following enhanced rndc.conf
File: /etc/bind/rndc.conf
options {
default-server ns1.nice.host;
default-port 953;
default-key "rndc-key";
};
# works with `rndc -k bastion reload`
key "bastion" {
algorithm hmac-md5;
secret "xxxxxxxxxxxxxxxxxx==";
server “ns2.example.invalid;
port 954;
};
# works with `rndc -s ns987.big.site reload`
server ns987.big.site port 954 {
algorithm hmac-sha1024;
secret-file “/etc/bind/keys/n987.big.site”;
};
# works too
include “/etc/bind/headend.support.large.site.rndc.conf”;
Request
-
Support
include
clause in rndc.conf. -
support “server” or “target ” as a key-index at the
rndc
command line. -
support
server
clause inrndc.conf
.
and enjoy using the same rndc
for different nameservers.
Of cours, all selected CLI options for rndc
are subjected to availability.