<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> <HTML> <HEAD> <TITLE>BIND controls Statement</TITLE> </HEAD> <BODY> <H2>BIND Configuration File Guide--<CODE>controls</CODE> Statement</H2> <HR> <A NAME="Syntax"><H3>Syntax</H3></A> <PRE> controls { [ inet <VAR><A HREF="docdef.html">ip_addr</A></VAR> port <VAR><A HREF="docdef.html">ip_port</A></VAR> allow { <VAR><A HREF="address_list.html">address_match_list</A></VAR>; }; ] [ unix <VAR><A HREF="docdef.html">path_name</A></VAR> perm <VAR><A HREF="docdef.html">number</A></VAR> owner <VAR><A HREF="docdef.html">number</A></VAR> group <VAR><A HREF="docdef.html">number</A></VAR>; ] }; </PRE> <HR> <A NAME="Usage"><H3>Definition and Usage</H3></A> <P>The <CODE>controls</CODE> statement declares control channels to be used by system administrators to affect the operation of the local name server. These control channels are used by the <CODE>ndc</CODE> utility to send commands to and retrieve non-DNS results from a name server.</P> <P>A <CODE>unix</CODE> control channel is a FIFO in the file system, and access to it is controlled by normal file system permissions. It is created by <CODE>named</CODE> with the specified file mode bits (see the <CODE>chmod</CODE>(1) manual page), user and group owner. Note that, unlike <CODE>chmod</CODE>, the mode bits specified for <CODE>perm</CODE> will normally have a leading 0 so the number is interpreted as octal. Also note that the user and group ownership specified as <CODE>owner</CODE> and <CODE>group</CODE> must be given as numbers, not names. It is recommended that the permissions be restricted to administrative personnel only, or else any user on the system might be able to manage the local name server.</P> <P>On Solaris and SunOS machines the permissions and ownerships are applied to the containing directory. This is done because these operating systems do not honour the permission on the UNIX domain socket. <P>An <CODE>inet</CODE> control channel is a TCP/IP socket accessible to the Internet, created at the specified <VAR>ip_port</VAR> on the specified <VAR>ip_addr</VAR>. Modern <VAR>telnet</VAR> clients are capable of speaking directly to these sockets, and the control protocol is ARPAnet-style text. It is recommended that 127.0.0.1 be the only <VAR>ip_addr</VAR> used, and this only if you trust all non-privileged users on the local host to manage your name server.</P> <HR> <CENTER><P>[ <A HREF="config.html">BIND Config. File</A> | <A HREF="http://www.isc.org/products/BIND/">BIND Home</A> | <A HREF="http://www.isc.org/">ISC</A> ]</P></CENTER> <HR> <ADDRESS> Last Updated: $Id: controls.html,v 1.1.1.3 2002/11/18 22:26:20 bbraun Exp $ </ADDRESS> </BODY> </HTML>