Asymmetric keys with rndc-confgen?

Mark Andrews Mark_Andrews at isc.org
Wed Jan 17 06:08:22 UTC 2007 

> Every time I've seen rndc-conf generat an hmac-md5 key, the text of the
> key has been the same everywhere.

	rndc uses a *shared* secret.
 
> Yesterday, using 9.3.3 (I believe), I got the following result (at the
> end of this).

	Which should be impossible given how it is printed.

        } else {
                printf("\
# Start of rndc.conf\n\
key \"%s\" {\n\
        algorithm hmac-md5;\n\
        secret \"%.*s\";\n\
};\n\
\n\
options {\n\
        default-key \"%s\";\n\
        default-server %s;\n\
        default-port %d;\n\
};\n\
# End of rndc.conf\n\
\n\
# Use with the following in named.conf, adjusting the allow list as needed:\n\
# key \"%s\" {\n\
#       algorithm hmac-md5;\n\
#       secret \"%.*s\";\n\
# };\n\
# \n\
# controls {\n\
#       inet %s port %d\n\
#               allow { %s; } keys { \"%s\"; };\n\
# };\n\
# End of named.conf\n",
                       keyname,
                       (int)isc_buffer_usedlength(&key_txtbuffer),
                       (char *)isc_buffer_base(&key_txtbuffer),
                       keyname, serveraddr, port,
                       keyname,
                       (int)isc_buffer_usedlength(&key_txtbuffer),
                       (char *)isc_buffer_base(&key_txtbuffer),
                       serveraddr, port, serveraddr, keyname);
        }

> Is there some syntax that will cause a public/private key by default
> with rndc.confgen?

	No.
 
> Note: this is not the key I am using, the one I am using IS the same in
> both rndc.conf and the bind include file.
> 
> (PS: Maybe asymetric is not the right word?)
> 
> -Dan
> 
> 
> # Start of rndc.conf
> key "rndc-key" {
>         algorithm hmac-md5;
>         secret "NlUtbtQyzxVpfQ51W1jEu+UsBN0A3vXs4K2d5Ob0Tzs=";
> };
> 
> options {
>         default-key "rndc-key";
>         default-server 127.0.0.1;
>         default-port 953;
> };
> # End of rndc.conf
> 
> # Use with the following in named.conf, adjusting the allow list as
> needed:
> # key "rndc-key" {
> #       algorithm hmac-md5;
> #       secret "K5YfO1+dX5ku5sXjzSrJyw==";
> # };
> #
> # controls {
> #       inet 127.0.0.1 port 953
> #               allow { 127.0.0.1; } keys { "rndc-key"; };
> # };
> # End of named.conf
> 
> 
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org

More information about the bind-users mailing list