Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 7 Jun 2003 15:51:03 -0700 (PDT)
From:      Doug Barton <DougB@FreeBSD.org>
To:        Matthew Dillon <dillon@apollo.backplane.com>
Cc:        freebsd-arch@freebsd.org
Subject:   Re: Way forward with BIND 8
Message-ID:  <20030607150857.S81111@znfgre.qbhto.arg>
In-Reply-To: <200306071805.h57I5q6Y036169@apollo.backplane.com>
References:  <20030605235254.W5414@znfgre.qbhto.arg> <20030606024813.Y5414@znfgre.qbhto.arg> <20030606233358.Y15459@znfgre.qbhto.arg> <200306071805.h57I5q6Y036169@apollo.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Sat, 7 Jun 2003, Matthew Dillon wrote:

>     If you install the bind9 port, and try to run rndc, you get this:
>
>     apollo:/home/dillon# rndc reload
>     rndc: neither /usr/local/etc/rndc.conf nor /usr/local/etc/rndc.key was found
>
>     To make rndc work properly you have rename rndc.conf.sample torndc.conf,
>     and you have to read the rndc.conf manual page to generate a new secret key

That's one way to do it, the other way to do it is to run rndc-confgen -a
as you described below. This is actually a better solution, since this
handles configuration, a new secret key, and proper file permissions all
in one. As for not doing any of this by default, we don't install a
named.conf file by default either. There is a lot of stuff the sysadmin
has to do in order to get named working, this is just one of them.

>     since the one in rndc.conf.sample is simply copied out of the distribution
>     and not actually secure (which is really a bad idea, even for a sample
>     file).  This is regardless of the fact that it's stupid to even require
>     a secret key for a local control program, but we can't do anything about
>     that :-).

Well, rndc can be configured for remote control too. Since by default it's
configured locally though, I decided that the easiest way to deal with it
would just be to copy the sample file. However, based on your feedback
here, I just added a pkg-message that gives some information about this
topic.

>     Additionally, the rndc-confgen program does not even appear to work,
>     at least not on my system.  If I run 'rndc-confgen -a' it just stays
>     stuck in a select() somewhere and does nothing.

http://people.freebsd.org/~dougb/randomness.html  :)

Thanks for the feedback,

Doug

-- 

    This .signature sanitized for your protection

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030607150857.S81111>