Would like to change the default location of rndc.key

Mark Andrews Mark_Andrews at isc.org
Sun May 27 23:42:26 UTC 2007 

> Helene Montarou (QA/EMC) wrote:
> > Hi,
> > 
> > I am using BIND release 9.4.1 on windows 2000.
> > 
> > I would like to configure the DNS server to look for the rndc.key file
> > under a directory I specify.
> > In named.conf file, I set the following in/ options/ statement:
> > 
> >         directory "c:\myDir";
> > 
> > I generate the rndc.conf using rndc-confgen -a -c c:\myDir\rndc.key. The
> > file is created with the secret.
> > 
> > In the console, I got the following error when I start the DNS server:
> > 
> >         open: C:\WINNT\system32\dns\etc\rndc.key: file not found
> > 
> > How can I force the server to look for the file under another directory
> > than the default one?
> > In the reference manual, [ …***//**/ rndc/*/ will also look in
> > /etc/rndc.key (or whatever sysconfdir was defined when the BIND build
> > was configured) ]/
> > 
> > Do I have to build BIND to change the/ sysconfdir/?   
> > 
> 
> Currently it's hardcoded to look in etc/rndc.key. See
> lib/isc/win32/ntpaths.c as is rndc.conf. I don't think it can be changed
> outside the source code. Windows doesn't use sysconfdir. You can easily
> move it into the etc directory. Creating the file in one directory
> doesn't prevent you moving it. Also you don't need to create put BIND
> and it's configuration files in the system32 directory. I don't. The
> installer allows you to put it into any directory that you want.
> 
> > I thank you for any answer you will provide,
> > 
> 
> Please note that this is not a bug nor is it a bind8 question so you
> shouldn't be sending this to bind8-bugs.
> 
> Danny
> 
> > Best Regards,
> > 
> > Helene.
> > 

	rndc-confgen -a and -c are pretty much exclusive operations.
	You can load the key with "include <path>;" in named.conf
	You then add a controls block which references the key name
	to named.conf.  This will disable the read from the default
	location.

	include "c:\myDir\rndc.key";

	controls {
		inet 127.0.0.1 port 953 allow { any; } keys { rndc-key; };
	};

	Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org

More information about the bind-users mailing list