I got a request in private mail for an rndc setup cheat-sheet.  Let me
post it here to save other folks a bit of time.

/etc/rndc.conf:

options {
    default-server  localhost;
    default-key     examplekey;
};

server localhost {
    key     examplekey;
};

key examplekey {
    algorithm hmac-md5;
    secret "somesecretkey";
};

/etc/named.conf:

options {
        directory "/etc/namedb";
        notify yes;                     // send NOTIFY messages.
        auth-nxdomain no;               // conform to RFC1035
        allow-recursion { localnets; };
};

controls {
        inet 127.0.0.1 allow { localhost; } keys { examplekey; };
};

key examplekey {
    algorithm hmac-md5;
    secret "somesecretkey";
};

...

I generated the two "secret" lines as recommended in the rndc.conf man
page, although I suspect that any string will do.

	dnssec-keygen -a hmac-md5 -b 128 -n user rndc

Then edit the file Krndc* and extract the key by hand.

Remember to chmod /etc/rndc.conf and /etc/named.conf to mode 600.  (I
think one can use the named include directive to put the secret in
some other file and only make the keyfile mode 600.  I didn't do that
yet.)

-wolfgang
-- 
       Wolfgang Rupprecht <wolfgang+gnus@dailyplanet.wsrcc.com>
		    http://www.wsrcc.com/wolfgang/
Coming soon: GPS mapping tools for Open Systems. http://www.gnomad-mapping.com/