(1) I include the rndc.key file and have it readable only to named group named. Then I don't have to worry about having the same secret in two files. The rndc.conf file is only needed if you're going to do something out of the ordinary, e.g., use rndc from a remote server. [But see #3]
(2) I don't like sending secrets out in e-mail, YMMV. (3) I've had problems where something [I never took the time to figure out what] came up using port 953 before 'named' did, but on the box's twin, it didn't. I changed the port for both 'named' and 'rndc'. For this, you do need the "rndc.conf" file, IIRC. -- /*********************************************************************\ ** ** Joe Yao j...@tux.org - Joseph S. D. Yao ** \*********************************************************************/ _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
