| Where allowed to run: All environments (*ALL) Threadsafe: No |
Parameters Examples Error messages |
The Create RNDC Configuration (CRTRNDCCFG) command generates configuration files for RNDC. It can be used as a convenient alternative to writing the rndc.conf file and the corresponding controls and key statements in named.conf.
Restrictions:
| Top |
| Keyword | Description | Choices | Notes |
|---|---|---|---|
| AUTOCFG | Automatic configuration | *NO, *YES | Optional |
| KEYFILE | Key file | Path name, *DFT | Optional |
| RNDCADR | Server RNDC IP address | Character value, *DFT, *ANY4, *LOOPBACK4, *ANY6, *LOOPBACK6 | Optional |
| RNDCPORT | Server RNDC port | 1-65535, 953 | Optional |
| KEYNAME | Key name | Character value, *DFT | Optional |
| KEYSIZE | Key size | 1-512, 128 | Optional |
| ENTROPYSRC | Entropy source | Path name, *DFT | Optional |
| TOSTMF | Output file | Path name, *STDOUT | Optional |
| Top |
Specifies whether or not to do automatic RNDC configuration. This creates a /QIBM/UserData/OS400/DNS/_DYN/rndc-key._KID file that is read by both RNDC and the DNS server on startup. The rndc-key._KID file defines a default command channel and authentication key allowing RNDC to communicate with any DNS server on the local host.
If a more elaborate configuration than that generated by AUTO(*YES) is required, for example if RNDC is to be used remotely, you should run CRTRNDCCFG with AUTO(*NO) and set up rndc.conf and named.conf as directed by the output.
This parameter can only be used with the KEYFILE and TOSTMF parameters.
include "/QIBM/UserData/OS400/DNS/_DYN/rndc-key._KID";
controls {
inet 127.0.0.1
port 953 allow {127.0.0.1;} keys {"rndc-key";};
inet ::1
port 953 allow {::1; } keys {"rndc-key";};
};
If this file already exists, it will be overwritten.
If you originally created your RNDC key file using this method, you can periodically re-create the RNDC key file again using this method to change the key. If you do this, you may also need to reload your local DNS servers so they pick up the new key.
| Top |
Specifies, when *YES is specified for the AUTOCFG parameter, an alternate directory location for the rndc-key._KID file.
| Top |
Specifies the IP address where the DNS server listens for command channel connections from RNDC. This IP address should match the IP address listed in the controls statement in named.conf.
| Top |
Specifies the command channel port where the DNS server listens for connections from RNDC. The default is 953. This port number should match the port number specified in any controls statement in named.conf.
| Top |
Specifies the key name of the RNDC authentication key. This must be a valid domain name.
| Top |
Specifies the size of the authentication key, in bits.
| Top |
Specifies a source of random data for generating the authorization. If for some reason the default entropy file is not large enough, this parameter allows you to change the entropy source to one that is larger.
| Top |
Specifies the name of a stream file where all command output is written.
| Top |
Example 1: Creating an Automatic RNDC Configuration File
CRTRNDCCFG AUTOCFG(*YES)
This command creates an automatic configuration. The file /QIBM/UserData/OS400/DNS/_DYN/rndc-key._KID is created.
The text seen between the "Start of named.conf" and "End of named.conf" lines are meant to be inserted into the named.conf file. For example, if your server is called "NS", this text would be inserted into the file /QIBM/UserData/OS400/DNS/NS/named.conf. Since these lines are commented out by the '#' character, you would also need to remove the comment characters to enable the key.
Sample output:
wrote key file "/QIBM/UserData/OS400/DNS/_DYN/rndc-key._KID" # Start of named.conf # include "/QIBM/UserData/OS400/DNS/_DYN/rndc-key._KID"; # End of named.conf
Example 2: Creating an RNDC Configuration File
CRTRNDCCFG RNDCPORT(953)
KEYNAME('rndc-key')
KEYSIZE(128)
This command displays a sample rndc.conf file on the display. The text seen between the "Start of rndc.conf" and "End of rndc.conf" lines are meant to be inserted into the file /QIBM/UserData/OS400/DNS/_DYN/rndc.conf.
Likewise, the text seen between the "Start of named.conf" and "End of named.conf" lines are meant to be inserted into the named.conf file. For example, if your server is called "NS", this text would be inserted into the file /QIBM/UserData/OS400/DNS/NS/named.conf. Since these lines are commented out by the '#' character, you would also need to remove the comment characters to enable the key and controls statements.
Sample output:
# Start of rndc.conf
key "rndc-key" {
algorithm hmac-md5;
secret "AQMJHsUaR3fOTUoA2Jcc2Q==";
};
options {
default-key "rndc-key";
default-server localhost;
default-port 953;
};
# End of rndc.conf
# Start of named.conf
# key "rndc-key" {
# algorithm hmac-md5;
# secret "AQMJHsUaR3fOTUoA2Jcc2Q==";
# };
#
# controls {
# inet 127.0.0.1
# port 953 allow { 127.0.0.1; } keys { "rndc-key"; };
# inet ::1
# port 953 allow { ::1; } keys { "rndc-key"; };
# };
# End of named.conf
| Top |
*ESCAPE Messages
| Top |