11.5 Configuring rndc to Work Over IPv6

11.5.1 Problem

You want to use rndc over IPv6.

11.5.2 Solution

On a BIND 9.2.0 or later name server, add an inet controls statement to named.conf, telling the name server to listen on the host's IPv6 interface for control messages. For example:

controls {
    inet 123:4567:89ab:cdef:123:4567:89ab:cdef allow { any; } keys { "rndc-key"; };
};

Then specify the host's IPv6 address as the argument to rndc's -s option, as in:

# rndc -s 123:4567:89ab:cdef:123:4567:89ab:cdef status

If you would like to make that address the default for rndc to connect to, add a default-server options substatement to rndc.conf, like this:

options {
    default-server 123:4567:89ab:cdef:123:4567:89ab:cdef;
    default-key "rndc-key";
};

11.5.3 Discussion

If you don't want to rely entirely on IPv6 for the name server's control channel, you can use multiple inet controls substatements. For example:

controls {
    inet * allow { localhost; } keys { "rndc-key"; };
    inet 123:4567:89ab:cdef:123:4567:89ab:cdef allow { any; } keys { "rndc-key"; };
};

As with listen-on-v6, introduced in Section 11.2, you can't use the predefined localhost or localnets ACLs with an IPv6 interface in the controls statement.

11.5.4 See Also

Section 11.2.