controls.html   [plain text]

  <TITLE>BIND controls Statement</TITLE>

<H2>BIND Configuration File Guide--<CODE>controls</CODE> Statement</H2>


<A NAME="Syntax"><H3>Syntax</H3></A>

controls {
  [ inet <VAR><A HREF="docdef.html">ip_addr</A></VAR>
    port <VAR><A HREF="docdef.html">ip_port</A></VAR>
    allow { <VAR><A HREF="address_list.html">address_match_list</A></VAR>; }; ]
  [ unix <VAR><A HREF="docdef.html">path_name</A></VAR>
    perm <VAR><A HREF="docdef.html">number</A></VAR>
    owner <VAR><A HREF="docdef.html">number</A></VAR>
    group <VAR><A HREF="docdef.html">number</A></VAR>; ]


<A NAME="Usage"><H3>Definition and Usage</H3></A>

<P>The <CODE>controls</CODE> statement declares control channels
to be used by system
administrators to affect the operation of the local name server.  These
control channels are used by the <CODE>ndc</CODE> utility to send commands
to and retrieve non-DNS results from a name server.</P>

<P>A <CODE>unix</CODE> control channel is a FIFO in the file system,
and access to it is
controlled by normal file system permissions.
It is created by <CODE>named</CODE> with the specified file mode bits (see
the <CODE>chmod</CODE>(1) manual page), user and group owner.
Note that, unlike <CODE>chmod</CODE>, the mode bits specified for
<CODE>perm</CODE> will normally have a leading 0 so the number
is interpreted as octal.  Also note that the user and group
ownership specified as <CODE>owner</CODE> and <CODE>group</CODE>
must be given as numbers, not names.
It is recommended that the
permissions be restricted to administrative personnel only, or else any
user on the system might be able to manage the local name server.</P>

<P>On Solaris and SunOS machines the permissions and ownerships are applied
to the containing directory.
This is done because these operating systems
do not honour the permission on the UNIX domain socket.

<P>An <CODE>inet</CODE> control channel is a TCP/IP socket accessible
to the Internet, created at the specified <VAR>ip_port</VAR> on the
specified <VAR>ip_addr</VAR>.
Modern <VAR>telnet</VAR> clients are capable of speaking directly to these
sockets, and the control protocol is ARPAnet-style text.  It is recommended
that be the only <VAR>ip_addr</VAR> used, and this only if you
trust all non-privileged users on the local host to manage your name


<CENTER><P>[ <A HREF="config.html">BIND Config. File</A>
| <A HREF="">BIND Home</A>
| <A HREF="">ISC</A> ]</P></CENTER>

Last Updated: $Id: controls.html,v 2002/11/18 22:26:20 bbraun Exp $