controls
Statement
controls {
[ inet ip_addr
port ip_port
allow { address_match_list; }; ]
[ unix path_name
perm number
owner number
group number; ]
};
The controls statement declares control channels to
be used by system administrators to affect the operation of the local
name server. These control channels are used by the ndc
utility to send commands to and retrieve non-DNS results from a name
server.
|
The |
A unix control channel is a FIFO in the file system,
and access to it is controlled by normal file system permissions. The
named daemon creates it with the specified file mode
bits (see the chmod(1) manual page), user and group
owner. Note that, unlike chmod, the mode bits specified
for perm will normally have a leading 0 so the number is
interpreted as octal. Also note that the user and group ownership
specified as owner and group must be given
as numbers, not names. It is recommended that the permissions be
restricted to administrative personnel only, or else any user on the
system might be able to manage the local name server.
An inet control channel is a TCP/IP socket accessible
to the Internet, created at the specified ip_port on the
specified ip_addr. Modern telnet clients are
capable of speaking directly to these sockets, and the control
protocol is ARPAnet-style text. It is recommended that you specify
only 127.0.0.1 for the ip_addr, and this only if you trust
all non-privileged users on the local host to manage your name
server.