Configuring rndc to Work Over IPv6

.5.1 Problem

You want to use rndc over IPv6.

.5.2 Solution

On a BIND 9.2.0 or later name server, add an inet controls statement to named.conf, telling the name server to listen on the hosts IPv6 interface for control messages. For example:

controls { inet 123:4567:89ab:cdef:123:4567:89ab:cdef allow { any; } keys { "rndc-key"; }; };

Then specify the hosts IPv6 address as the argument to rndcs -s option, as in:

# rndc -s 123:4567:89ab:cdef:123:4567:89ab:cdef status

If you would like to make that address the default for rndc to connect to, add a default-server options substatement to rndc.conf, like this:

options { default-server 123:4567:89ab:cdef:123:4567:89ab:cdef; default-key "rndc-key"; };

.5.3 Discussion

If you don want to rely entirely on IPv6 for the name servers control channel, you can use multiple inet controls substatements. For example:

controls { inet * allow { localhost; } keys { "rndc-key"; }; inet 123:4567:89ab:cdef:123:4567:89ab:cdef allow { any; } keys { "rndc-key"; }; };

As with listen-on-v6, introduced in Section 11.2, you can use the predefined localhost or localnets ACLs with an IPv6 interface in the controls statement.

.5.4 See Also

Section 11.2.