Comment 25 for bug 406122

> By default, both /etc/rndc.conf and /etc/rndc.key are mode 0640 and owned
> root:named so on the DNS server itself, someone would require named or root
> privileges to obtain the key; on external systems that may contain the RNDC key
> for updating, this would depend on that host's security.

Maybe I'm misunderstanding...could someone please clarify? Wouldn't this imply that as long as the box is secure that no malicious attacker could send a packet since they wouldn't have the correct permissions to access the RNDC key?