Control Interface Options

Previous page
Table of content
Next page

BIND provides a command-line utility called rndc (or ndc in older versions) that allows an administrator to perform some administrative tasks. The newer rndc version allows these tasks to be performed on remote BIND servers as well as a server running locally, as it operates via a network socket. Common uses for this utility include stopping the named process, forcing a reload of configuration files, refreshing zone information, and triggering a dump of server stats. Because the rndc tool can be used to shut down the server, as well as other potentially dangerous actions, its use should be limited to a few trusted client addresses.

This page of the BIND module provides access to the controls section of the BIND configuration file and configures the hosts that are allowed to connect to the running BIND server.

Internet port access

If enabled, the first field must contain the local address on which the named server will listen for control requests. The port field can be the port on which you’d like the process to listen, or you can simply fill in an asterisk, “*”, to specify a randomly selected unprivileged port (unprivileged ports on a UNIX system are usually those above 1024). Finally, the allow field should contain the addresses of the hosts you would like to be able to administer your server from. Generally, unless you have a reason to do otherwise, security is most easily maintained by preventing access to all outside addresses. In such a case you would choose an address of 127.0.0.1 in the first field, a port of *, and an allow list containing only 127.0.0.1. Assuming your local machine is trusted, your server will be relatively secure.

Unix filing system access

As in the previous set of options, this directive specifies which clients will have access to the administrative channel of the running named process, but in this case, it is for the older style of communication using a UNIX FIFO pipe. A pipe in UNIX, is a mechanism by which a stream of data can be treated as a file, and vice versa. Or, in other words, it allows a running process to accept data being written into it as though it were a file and it can output data likewise in a form that can be read like a file.

If using this mechanism for communicating with your named process, you can choose a file name for the pipe, the permissions for the pipe, and the owner and group of the pipe. Care should be taken to make the file inaccessible to all but the administrative users of the system.

Note 

The UNIX pipe mechanism is not available in BIND 9. It has been deprecated in favor of using the network socket interface along with security keys. It is supported in BIND version 8.


Previous page
Table of content
Next page
The Book of Webmin... or How I Learned to Stop Worrying and Love UNIX
The Book of Webmin: Or How I Learned to Stop Worrying and Love UNIX
ISBN: 1886411921
EAN: 2147483647
Year: 2006
Pages: 142
Authors: Joe Cooper
BUY ON AMAZON
ERP and Data Warehousing in Organizations: Issues and Challenges
The .NET Developers Guide to Directory Services Programming
The CISSP and CAP Prep Guide: Platinum Edition
Programming Microsoft ASP.NET 3.5
Wireless Hacks: Tips & Tools for Building, Extending, and Securing Your Network
Microsoft WSH and VBScript Programming for the Absolute Beginner
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy