Create RNDC Configuration (CRTRNDCCFG)

Where allowed to run: All environments (*ALL)
Threadsafe: No
Parameters
Examples
Error messages

The Create RNDC Configuration (CRTRNDCCFG) command generates configuration files for RNDC. It can be used as a convenient alternative to writing the rndc.conf file and the corresponding controls and key statements in named.conf.

Restrictions:

Top

Parameters

Keyword Description Choices Notes
AUTOCFG Automatic configuration *NO, *YES Optional
KEYFILE Key file Path name, *DFT Optional
RNDCADR Server RNDC IP address Character value, *DFT, *ANY4, *LOOPBACK4, *ANY6, *LOOPBACK6 Optional
RNDCPORT Server RNDC port 1-65535, 953 Optional
KEYNAME Key name Character value, *DFT Optional
KEYSIZE Key size 1-512, 128 Optional
ENTROPYSRC Entropy source Path name, *DFT Optional
TOSTMF Output file Path name, *STDOUT Optional
Top

Automatic configuration (AUTOCFG)

Specifies whether or not to do automatic RNDC configuration. This creates a /QIBM/UserData/OS400/DNS/_DYN/rndc-key._KID file that is read by both RNDC and the DNS server on startup. The rndc-key._KID file defines a default command channel and authentication key allowing RNDC to communicate with any DNS server on the local host.

If a more elaborate configuration than that generated by AUTO(*YES) is required, for example if RNDC is to be used remotely, you should run CRTRNDCCFG with AUTO(*NO) and set up rndc.conf and named.conf as directed by the output.

This parameter can only be used with the KEYFILE and TOSTMF parameters.

*NO
Do not create an automatic configuration. Instead, display a sample /QIBM/UserData/OS400/DNS/_DYN/rndc.conf file. This sample will also show the corresponding lines that need to be included into a named.conf for the configuration to work.
*YES
Create an automatic configuration that works for any local server, using a /QIBM/UserData/OS400/DNS/_DYN/rndc-key._KID file. You will also need to add a controls statement to the named.conf file to enable loopback addresses using the key "rndc-key". This can be done by inserting the following into named.conf:

include "/QIBM/UserData/OS400/DNS/_DYN/rndc-key._KID";
controls {
 inet 127.0.0.1
   port 953 allow {127.0.0.1;} keys {"rndc-key";};
 inet ::1
   port 953 allow {::1; }      keys {"rndc-key";};
};

If this file already exists, it will be overwritten.

If you originally created your RNDC key file using this method, you can periodically re-create the RNDC key file again using this method to change the key. If you do this, you may also need to reload your local DNS servers so they pick up the new key.

Top

Key file (KEYFILE)

Specifies, when *YES is specified for the AUTOCFG parameter, an alternate directory location for the rndc-key._KID file.

*DFT
The key file will be located in directory /QIBM/UserData/OS400/DNS/_DYN/.
path-name
Specify the path name for the directory which contains the rndc-key._KID file to use. If this file exists, it will be overwritten.
Top

Server RNDC IP address (RNDCADR)

Specifies the IP address where the DNS server listens for command channel connections from RNDC. This IP address should match the IP address listed in the controls statement in named.conf.

*DFT
Use loopback address 127.0.0.1 for IPv4 and loopback address '::1' for IPv6.
*ANY4
The IP address will be the IPv4 wildcard address. The wildcard address is '*'.
*LOOPBACK4
The IP address will be the IPv4 loopback address. The loopback address is 127.0.0.1.
*ANY6
The IP address will be the IPv6 wildcard address. The wildcard address is '::'.
*LOOPBACK6
The IP address will be the IPv6 loopback address. The loopback address is '::1'.
character-value
Specify a valid IPv4 or IPv6 internet address. Do not use a domain name.
Top

Domain name server port (RNDCPORT)

Specifies the command channel port where the DNS server listens for connections from RNDC. The default is 953. This port number should match the port number specified in any controls statement in named.conf.

953
Listen on port 953.
1-65535
Specify a valid port number.
Top

Key name (KEYNAME)

Specifies the key name of the RNDC authentication key. This must be a valid domain name.

*DFT
Use key name rndc-key.
character-value
Specify a key name that is a valid domain name.
Top

Key size (KEYSIZE)

Specifies the size of the authentication key, in bits.

128
Sets the size of the key to 128 bits.
1-512
Specify the length for the authentication key, in bits.
Top

Entropy source (ENTROPYSRC)

Specifies a source of random data for generating the authorization. If for some reason the default entropy file is not large enough, this parameter allows you to change the entropy source to one that is larger.

*DFT
The default entropy file will be used. A new entropy file is generated each time the command is invoked. The size of the default entropy file is 4096 bytes.
path-name
Specify the path for a stream file to serve as an entropy source.
Top

Output file (TOSTMF)

Specifies the name of a stream file where all command output is written.

*STDOUT
All command output goes to the standard output device (normally the display).
path-name
Specify the path for a stream file where output should be written.
Top

Examples

Example 1: Creating an Automatic RNDC Configuration File

CRTRNDCCFG AUTOCFG(*YES)

This command creates an automatic configuration. The file /QIBM/UserData/OS400/DNS/_DYN/rndc-key._KID is created.

The text seen between the "Start of named.conf" and "End of named.conf" lines are meant to be inserted into the named.conf file. For example, if your server is called "NS", this text would be inserted into the file /QIBM/UserData/OS400/DNS/NS/named.conf. Since these lines are commented out by the '#' character, you would also need to remove the comment characters to enable the key.

Sample output:

wrote key file "/QIBM/UserData/OS400/DNS/_DYN/rndc-key._KID"
# Start of named.conf
# include "/QIBM/UserData/OS400/DNS/_DYN/rndc-key._KID";
# End of named.conf

Example 2: Creating an RNDC Configuration File

CRTRNDCCFG RNDCPORT(953)
           KEYNAME('rndc-key')
           KEYSIZE(128)

This command displays a sample rndc.conf file on the display. The text seen between the "Start of rndc.conf" and "End of rndc.conf" lines are meant to be inserted into the file /QIBM/UserData/OS400/DNS/_DYN/rndc.conf.

Likewise, the text seen between the "Start of named.conf" and "End of named.conf" lines are meant to be inserted into the named.conf file. For example, if your server is called "NS", this text would be inserted into the file /QIBM/UserData/OS400/DNS/NS/named.conf. Since these lines are commented out by the '#' character, you would also need to remove the comment characters to enable the key and controls statements.

Sample output:

# Start of rndc.conf
key "rndc-key" {
  algorithm hmac-md5;
  secret "AQMJHsUaR3fOTUoA2Jcc2Q==";
};
options {
  default-key "rndc-key";
  default-server localhost;
  default-port 953;
};
# End of rndc.conf
# Start of named.conf
# key "rndc-key" {
#       algorithm hmac-md5;
#       secret "AQMJHsUaR3fOTUoA2Jcc2Q==";
# };
#
# controls {
#   inet 127.0.0.1
#     port 953 allow { 127.0.0.1; } keys { "rndc-key"; };
#   inet ::1
#     port 953 allow { ::1;       } keys { "rndc-key"; };
# };
# End of named.conf

Top

Error messages

*ESCAPE Messages

DNS0013
Error processing command parameters.
DNS0065
Option 33 of i5/OS is required, but is not installed.
TCP7124
Program &1 in library &2 type *PGM ended abnormally.
Top