named.key -> rndc.key

doc/arm/Bv9ARM-book.xml

@@ -2,7 +2,7 @@
 <!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
                "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd">
 
-<!-- File: $Id: Bv9ARM-book.xml,v 1.152 2001/07/30 22:55:23 gson Exp $ -->
+<!-- File: $Id: Bv9ARM-book.xml,v 1.153 2001/08/06 04:42:24 marka Exp $ -->
 
 <book>
 <title>BIND 9 Administrator Reference Manual</title>
@@ -813,11 +813,7 @@ configuration file.  The default location for the
 location can be specified with the <option>-c</option>
 option.  If the configuration file is not found,
 <command>rndc</command> will also look in
-<filename>/var/run/named.key</filename> (or wherever
-<varname>localstatedir</varname> was defined when
-the <acronym>BIND</acronym> build was configured).
-The <filename>named.key</filename> file is generated by
-<command>named</command> as described in
+<filename>/etc/rndc.key</filename> to find a key to use
 <xref linkend="controls_statement_definition_and_usage"/>.</para>
 
 <para>The format of the configuration file is similar to
@@ -2208,29 +2204,17 @@ the system has an interface.</para></entry>
       must be signed by one of its specified keys to
       be honored.</para>
 
-      <para>The <command>keys</command> clause is not strictly required.
-      If it is not present, then a random key will be generated automatically
-      and placed in a file named <filename>named.key</filename>, which is
-      usually in <filename>/var/run</filename> but will be wherever
-      <varname>localstatedir</varname> was specified as when
-      <acronym>BIND</acronym> was built.  <filename>named.key</filename>
-      contains a complete <filename>rndc.conf</filename>-compatible
-      configuration and is used by <command>rndc</command> when it
-      cannot find its primary configuration file.</para>
+      <para>If <command>keys</command> clause does not exist
+      <command>named</command> will look for
+      <filename>/etc/rndc.key</filename> and use the key found
+      there.
 
-      <para>Similarly, <filename>named.key</filename> is generated when
+      <para>Similarly, <filename>/etc/rndc.key.key</filename> is used
       no <command>controls</command> statement is present at all.  In
-      that situation it will configure a control channel to run on
-      127.0.0.1.</para>
+      that situation it will configure control channels to run on
+      all interfaces.</para>
 
-      <para>There are two ways to disable the creation of
-      <filename>named.key</filename>.  One is to ensure that all of your
-      <command>inet</command> control channels have a <command>keys</command>
-      clause.  The other is to have a <command>controls</command> statement
-      with no <command>inet</command> phrases it all.  The latter will
-      prevent the creation of any control channel.</para>
-
-      <para>The <filename>named.key</filename> feature was created to
+      <para>The <filename>/etc/rndc.key</filename> feature was created to
       ease the transition of systems from <acronym>BIND</acronym> 8,
       which did not have digital signatures on its command channel messages
       and thus did not have a <command>keys</command> clause.  Since
@@ -2239,7 +2223,7 @@ the system has an interface.</para></entry>
       have a high degree of configurability.  You cannot easily change
       the key name or the size of the secret, so you should make a
       <filename>rndc.conf</filename> with your own key if you wish to change
-      those things.  The <filename>named.key</filename> file also has its
+      those things.  The <filename>/etc/rndc.key</filename> file also has its
       permissions set such that only the owner of the file (the user that
       <command>named</command> is running as) can access it.  If you
       desire greater flexibility in allowing other users to access