Bind 9 Administrator Reference Manual
Chapter 6. BIND 9 Configuration Reference
file rndc.key in /etc (or whatever sysconfdir was specified as when BIND was built). To create a
rndc.key file, run rndc-confgen -a.
The rndc.key feature was created to ease the transition of systems from BIND 8, which did not have
digital signatures on its command channel messages and thus did not have a keys clause. It makes it
possible to use an existing BIND 8 configuration file in BIND 9 unchanged, and still have rndc work the
same way ndc worked in BIND 8, simply by executing the command rndc-confgen -a after BIND
9 is installed.
Since the rndc.key feature is only intended to allow the backward-compatible usage of BIND 8
configuration files, this feature does not have a high degree of configurability. You cannot easily change
the key name or the size of the secret, so you should make a rndc.conf with your own key if you wish
to change those things. The rndc.key file also has its permissions set such that only the owner of the
file (the user that named is running as) can access it. If you desire greater flexibility in allowing other
users to access rndc commands then you need to create an rndc.conf and make it group readable by a
group that contains the users who should have access.
The UNIX control channel type of BIND 8 is not supported in BIND 9, and is not expected to be added
in future releases. If it is present in the controls statement from a BIND 8 configuration file, it is ignored
and a warning is logged.
To disable the command channel, use an empty controls statement: controls { };.
6.2.5. include Statement Grammar
include filename;
6.2.6. include Statement Definition and Usage
The include statement inserts the specified file at the point that the include statement is encountered.
The include statement facilitates the administration of configuration files by permitting the reading or
writing of some things but not others. For example, the statement could include private keys that are
readable only by a nameserver.
6.2.7. key Statement Grammar
key key_id {
algorithm string;
secret string;
};
50