Following OpenBSD's automatic generation of ssh and isakmp keys,
prehaps the following would be a worthwhile addition to /etc/rc to
generate a key/config for rndc/named.
==============================================================
if [ ! -f /etc/rndc.conf ]; then
echo -n "rndc-confgen: generating new RNDC key... "
if /usr/sbin/rndc-confgen | tee /etc/rndc.conf \
| grep '^# [^SEU]' >> /var/named/etc/named.conf; then
chown root:named /etc/rndc.conf /var/named/etc/
rndc.conf
chmod 640 /etc/rndc.conf /var/named/etc/rndc.conf
echo done.
else
echo failed.
fi
fi
==============================================================
Notes:
1. I stopped short of piping through a "sed '/^#//'" so that it still
remains disabled by default.
2. I guess there is a better way than the late chown/chmod calls, but
I guess it's ok, since we are still pre-login during rc.
/Pete