How do I set up rndc.conf and named.conf to allow remote control of my name server?
Answered Fri, 11 Jan 2002> I have multiple internal DNS servers that I would like to be able to control
> using RNDC from a single machine that is not one of the DNS servers. I have
> RNDC working locally on all of the DNS servers. Can you point me in the
> right direction as to what I need to do to achieve the setup that I mention above?
>
> I am assuming that I need an rndc.conf file on the central control box that
> has server and key statements for all of my DNS servers. I am also assuming
> that I need corresponding key and control statements in my named.conf file
> on the DNS servers. What I am having problems with is the format of the
> 'controls' statement that will allow RNDC input from a machine other than
> the localhost.
I'd expect something like this in named.conf:
acl control-box { 192.168.0.1; };
key localhost {algorithm hmac-md5;
secret "";
};
key control-box-<hostname> {
algorithm hmac-md5;
secret "";
};
controls {
inet * allow { localhost; control-box; } keys { localhost;
control-box-<hostname>; };
};
and something like this in rndc.conf on control-box:
key control-box-<hostname> {
algorithm hmac-md5;
secret "";
};
server <hostname> {
key { control-box-<hostname>; };
};
cricket