<
corpauthor>Internet Systems Consortium, Inc.</
corpauthor>
<
refentrytitle><
application>ddns-confgen</
application></
refentrytitle>
<
refmiscinfo>BIND9</
refmiscinfo>
<
refname><
application>ddns-confgen</
application></
refname>
<
refpurpose>ddns key generation tool</
refpurpose>
<
holder>Internet Systems Consortium, Inc. ("ISC")</
holder>
<
cmdsynopsis sepchar=" ">
<
command>tsig-keygen</
command>
<
arg choice="opt" rep="norepeat"><
option>-a <
replaceable class="parameter">algorithm</
replaceable></
option></
arg>
<
arg choice="opt" rep="norepeat"><
option>-h</
option></
arg>
<
arg choice="opt" rep="norepeat"><
option>-r <
replaceable class="parameter">randomfile</
replaceable></
option></
arg>
<
arg choice="opt" rep="norepeat">name</
arg>
<
cmdsynopsis sepchar=" ">
<
command>ddns-confgen</
command>
<
arg choice="opt" rep="norepeat"><
option>-a <
replaceable class="parameter">algorithm</
replaceable></
option></
arg>
<
arg choice="opt" rep="norepeat"><
option>-h</
option></
arg>
<
arg choice="opt" rep="norepeat"><
option>-k <
replaceable class="parameter">keyname</
replaceable></
option></
arg>
<
arg choice="opt" rep="norepeat"><
option>-q</
option></
arg>
<
arg choice="opt" rep="norepeat"><
option>-r <
replaceable class="parameter">randomfile</
replaceable></
option></
arg>
<
group choice="opt" rep="norepeat">
<
arg choice="plain" rep="norepeat">-s <
replaceable class="parameter">name</
replaceable></
arg>
<
arg choice="plain" rep="norepeat">-z <
replaceable class="parameter">zone</
replaceable></
arg>
<
refsection><
info><
title>DESCRIPTION</
title></
info>
<
command>tsig-keygen</
command> and <
command>ddns-confgen</
command>
are invocation methods for a utility that generates keys for use
in TSIG signing. The resulting keys can be used, for example,
to secure dynamic DNS updates to a zone or for the
<
command>rndc</
command> command channel.
When run as <
command>tsig-keygen</
command>, a domain name
can be specified on the command line which will be used as
the name of the generated key. If no name is specified,
the default is <
constant>tsig-key</
constant>.
When run as <
command>ddns-confgen</
command>, the generated
key is accompanied by configuration text and instructions
that can be used with <
command>nsupdate</
command> and
<
command>named</
command> when setting up dynamic DNS,
including an example <
command>update-policy</
command>
statement. (This usage similar to the
<
command>rndc-confgen</
command> command for setting
up command channel security.)
Note that <
command>named</
command> itself can configure a
local DDNS key for use with <
command>nsupdate -l</
command>:
it does this when a zone is configured with
<
command>update-policy local;</
command>.
<
command>ddns-confgen</
command> is only needed when a
more elaborate configuration is required: for instance,
if <
command>nsupdate</
command> is to be used from a remote
<
refsection><
info><
title>OPTIONS</
title></
info>
<
term>-a <
replaceable class="parameter">algorithm</
replaceable></
term>
Specifies the algorithm to use for the TSIG key. Available
choices are: hmac-md5, hmac-sha1, hmac-sha224, hmac-sha256,
hmac-sha384 and hmac-sha512. The default is hmac-sha256.
Options are case-insensitive, and the "hmac-" prefix
Prints a short summary of options and arguments.
<
term>-k <
replaceable class="parameter">keyname</
replaceable></
term>
Specifies the key name of the DDNS authentication key.
The default is <
constant>ddns-key</
constant> when neither
the <
option>-s</
option> nor <
option>-z</
option> option is
specified; otherwise, the default
is <
constant>ddns-key</
constant> as a separate label
followed by the argument of the option,
e.g.,
The key name must have the format of a valid domain name,
consisting of letters, digits, hyphens and periods.
(<
command>ddns-confgen</
command> only.) Quiet mode: Print
only the key, with no explanatory text or usage examples;
This is essentially identical to <
command>tsig-keygen</
command>.
<
term>-r <
replaceable class="parameter">randomfile</
replaceable></
term>
Specifies a source of random data for generating the
authorization. If the operating system does not provide a
<
filename>/
dev/
random</
filename> or equivalent device, the
default source of randomness is keyboard input.
<
filename>randomdev</
filename> specifies the name of a
character device or file containing random data to be used
instead of the default. The special value
<
filename>keyboard</
filename> indicates that keyboard input
<
term>-s <
replaceable class="parameter">name</
replaceable></
term>
(<
command>ddns-confgen</
command> only.)
Generate configuration example to allow dynamic updates
of a single hostname. The example <
command>
named.conf</
command>
text shows how to set an update policy for the specified
<
replaceable class="parameter">name</
replaceable>
using the "name" nametype. The default key name is
ddns-key.<
replaceable class="parameter">name</
replaceable>.
Note that the "self" nametype cannot be used, since
the name to be updated may differ from the key name.
This option cannot be used with the <
option>-z</
option> option.
<
term>-z <
replaceable class="parameter">zone</
replaceable></
term>
(<
command>ddns-confgen</
command> only.)
Generate configuration example to allow dynamic updates
of a zone: The example <
command>
named.conf</
command> text
shows how to set an update policy for the specified
<
replaceable class="parameter">zone</
replaceable>
using the "zonesub" nametype, allowing updates to
all subdomain names within that
<
replaceable class="parameter">zone</
replaceable>.
This option cannot be used with the <
option>-s</
option> option.
<
refsection><
info><
title>SEE ALSO</
title></
info>
<
refentrytitle>nsupdate</
refentrytitle><
manvolnum>1</
manvolnum>
<
refentrytitle>
named.conf</
refentrytitle><
manvolnum>5</
manvolnum>
<
refentrytitle>named</
refentrytitle><
manvolnum>8</
manvolnum>
<
citetitle>BIND 9 Administrator Reference Manual</
citetitle>.