From owner-freebsd-questions@FreeBSD.ORG Sat Oct 16 11:12:45 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2072416A4CE for ; Sat, 16 Oct 2004 11:12:45 +0000 (GMT) Received: from smtp.infracaninophile.co.uk (ns0.infracaninophile.co.uk [81.2.69.218]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8B59843D45 for ; Sat, 16 Oct 2004 11:12:43 +0000 (GMT) (envelope-from m.seaman@infracaninophile.co.uk) Received: from happy-idiot-talk.infracaninophile.co.uk (localhost [IPv6:::1]) i9GBCck0050998 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 16 Oct 2004 12:12:38 +0100 (BST) (envelope-from matthew@happy-idiot-talk.infracaninophile.co.uk) Received: (from matthew@localhost)i9GBCcCB050997; Sat, 16 Oct 2004 12:12:38 +0100 (BST) (envelope-from matthew) Date: Sat, 16 Oct 2004 12:12:38 +0100 From: Matthew Seaman To: =?utf-8?B?VXJvxaE=?= Gruber Message-ID: <20041016111238.GA50881@happy-idiot-talk.infracaninophile.co.uk> Mail-Followup-To: Matthew Seaman , =?utf-8?B?VXJvxaE=?= Gruber , freebsd-questions@freebsd.org References: <14010596201.20041016125522@sir-mag.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="8t9RHnE3ZwKMSgU+" Content-Disposition: inline In-Reply-To: <14010596201.20041016125522@sir-mag.com> User-Agent: Mutt/1.4.2.1i X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-1.5.6 (smtp.infracaninophile.co.uk [IPv6:::1]); Sat, 16 Oct 2004 12:12:38 +0100 (BST) X-Virus-Scanned: clamd / ClamAV version devel-20040904, clamav-milter version 0.75l on smtp.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-2.6 required=5.0 tests=ALL_TRUSTED,AWL autolearn=ham version=3.0.0 X-Spam-Checker-Version: SpamAssassin 3.0.0 (2004-09-13) on happy-idiot-talk.infracaninophile.co.uk cc: freebsd-questions@freebsd.org Subject: Re: bind9 control X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 16 Oct 2004 11:12:45 -0000 --8t9RHnE3ZwKMSgU+ Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Oct 16, 2004 at 12:55:22PM +0200, Uro=C5=A1 Gruber wrote: > Hello, >=20 > Today I transfer my domain from bind8 to bind9. It works ok, except ndc. > I read bind9 administrator manual. But there is always about rndc. >=20 > because bind is by default chrooted (which is great) ndc report an error >=20 > ndc: error: ctl_client: evConnect(fd 3): No such file or directory > ndc: error: cannot connect to command channel (/var/run/ndc) >=20 > I think I have to use rndc insted. But I want to know simple config to > allow controling local dns like ndc in old days. If all you want is to be able to control an instance of named on your local machine, you can use something like the following in your named.conf: // Authentication for communicating with rndc --- only listen on the lo= opback // port 953 for control connections key "rndc-key" { algorithm hmac-md5; secret "XXXXXXXXXXXXXXXXXXXXXX=3D=3D"; }; =20 controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; }; inet ::1 port 953 allow { ::1; } keys { "rndc-key"; }; }; That's basically copied with some small modifications from /usr/local/etc/rndc.conf, which you can automatically generate with a random key by: # rndc-confgen and following the instructions. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK --8t9RHnE3ZwKMSgU+ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQFBcQImiD657aJF7eIRAv7fAKCQnWm9s87J+HdKDB3QffVW+UcufACfS2qy AGBW3xET9P3IBwLosS+/K/8= =X/xm -----END PGP SIGNATURE----- --8t9RHnE3ZwKMSgU+--