BIND9: rndc ?

Simon Waters Simon at wretched.demon.co.uk
Fri Nov 15 15:46:44 UTC 2002



kamran remin wrote:
> 
> i have installed bind9 on a server and when i do a portscan on that
> server, i see that port 953 / rndc is open. do i need this utility? can
> i disable this somewhere?

You need it listening if and only if you use rndc to control
bind from a remote location.

I usually restrict it to 127.0.0.1 thus;

// controls on BIND 9 are restricted to localhost 
controls { 
        inet 127.0.0.1 allow { localhost; } keys { rndc_key; }; 
};  

The use of keys for rndc configuration is discussed in the
Administrator Reference Manual, at www.isc.org amongst other
places.




More information about the bind-users mailing list