|
|
controls Statement
controls {
[ inet ip_addr
port ip_port
allow { address_match_list; }; ]
[ unix path_name
perm number
owner number
group number; ]
};
The controls statement declares control channels
to be used by system
administrators to affect the operation of the local name server. These
control channels are used by the ndc utility to send commands
to and retrieve non-DNS results from a name server.
A unix control channel is a FIFO in the file system,
and access to it is
controlled by normal file system permissions.
It is created by named with the specified file mode bits (see
the chmod(1) manual page), user and group owner.
Note that, unlike chmod, the mode bits specified for
perm will normally have a leading 0 so the number
is interpreted as octal. Also note that the user and group
ownership specified as owner and group
must be given as numbers, not names.
It is recommended that the
permissions be restricted to administrative personnel only, or else any
user on the system might be able to manage the local name server.
On Solaris and SunOS machines the permissions and ownerships are applied to the containing directory. This is done because these operating systems do not honour the permission on the UNIX domain socket.
An inet control channel is a TCP/IP socket accessible
to the Internet, created at the specified ip_port on the
specified ip_addr.
Modern telnet clients are capable of speaking directly to these
sockets, and the control protocol is ARPAnet-style text. It is recommended
that 127.0.0.1 be the only ip_addr used, and this only if you
trust all non-privileged users on the local host to manage your name
server.
[ BIND Config. File | BIND Home | ISC ]