ddns-confgen.docbook revision 14a656f94b1fd0ababd84a772228dfa52276ba15
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - Copyright (C) 2009, 2014 Internet Systems Consortium, Inc. ("ISC")
689023771c563d8660e45d439a207e06e96de28fMark Andrews - Permission to use, copy, modify, and/or distribute this software for any
689023771c563d8660e45d439a207e06e96de28fMark Andrews - purpose with or without fee is hereby granted, provided that the above
689023771c563d8660e45d439a207e06e96de28fMark Andrews - copyright notice and this permission notice appear in all copies.
689023771c563d8660e45d439a207e06e96de28fMark Andrews - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
689023771c563d8660e45d439a207e06e96de28fMark Andrews - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
689023771c563d8660e45d439a207e06e96de28fMark Andrews - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
689023771c563d8660e45d439a207e06e96de28fMark Andrews - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
689023771c563d8660e45d439a207e06e96de28fMark Andrews - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
689023771c563d8660e45d439a207e06e96de28fMark Andrews - PERFORMANCE OF THIS SOFTWARE.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<!-- Converted by db4-upgrade version 1.0 -->
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="man.ddns-confgen">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <refentryinfo>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </refentryinfo>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <refentrytitle><application>ddns-confgen</application></refentrytitle>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <refnamediv>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <refname><application>ddns-confgen</application></refname>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <refpurpose>ddns key generation tool</refpurpose>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </refnamediv>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </copyright>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <refsynopsisdiv>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <arg choice="opt" rep="norepeat"><option>-a <replaceable class="parameter">algorithm</replaceable></option></arg>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <arg choice="opt" rep="norepeat"><option>-h</option></arg>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <arg choice="opt" rep="norepeat"><option>-r <replaceable class="parameter">randomfile</replaceable></option></arg>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </cmdsynopsis>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <arg choice="opt" rep="norepeat"><option>-a <replaceable class="parameter">algorithm</replaceable></option></arg>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <arg choice="opt" rep="norepeat"><option>-h</option></arg>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <arg choice="opt" rep="norepeat"><option>-k <replaceable class="parameter">keyname</replaceable></option></arg>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <arg choice="opt" rep="norepeat"><option>-q</option></arg>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <arg choice="opt" rep="norepeat"><option>-r <replaceable class="parameter">randomfile</replaceable></option></arg>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <arg choice="plain" rep="norepeat">-s <replaceable class="parameter">name</replaceable></arg>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <arg choice="plain" rep="norepeat">-z <replaceable class="parameter">zone</replaceable></arg>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </cmdsynopsis>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </refsynopsisdiv>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <refsection><info><title>DESCRIPTION</title></info>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <command>tsig-keygen</command> and <command>ddns-confgen</command>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein are invocation methods for a utility that generates keys for use
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein in TSIG signing. The resulting keys can be used, for example,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein to secure dynamic DNS updates to a zone or for the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein When run as <command>tsig-keygen</command>, a domain name
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein can be specified on the command line which will be used as
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein the name of the generated key. If no name is specified,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein When run as <command>ddns-confgen</command>, the generated
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein key is accompanied by configuration text and instructions
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein that can be used with <command>nsupdate</command> and
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <command>named</command> when setting up dynamic DNS,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein including an example <command>update-policy</command>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein statement. (This usage similar to the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <command>rndc-confgen</command> command for setting
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein up command channel security.)
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Note that <command>named</command> itself can configure a
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein local DDNS key for use with <command>nsupdate -l</command>:
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein it does this when a zone is configured with
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <command>ddns-confgen</command> is only needed when a
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein more elaborate configuration is required: for instance,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein if <command>nsupdate</command> is to be used from a remote
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </refsection>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <variablelist>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <term>-a <replaceable class="parameter">algorithm</replaceable></term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Specifies the algorithm to use for the TSIG key. Available
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein choices are: hmac-md5, hmac-sha1, hmac-sha224, hmac-sha256,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein hmac-sha384 and hmac-sha512. The default is hmac-sha256.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Options are case-insensitive, and the "hmac-" prefix
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein may be omitted.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </varlistentry>
4f6469885c3d66367e3f8fb94e1f3c66115990b0Mark Andrews <varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Prints a short summary of options and arguments.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <term>-k <replaceable class="parameter">keyname</replaceable></term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Specifies the key name of the DDNS authentication key.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein The default is <constant>ddns-key</constant> when neither
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein the <option>-s</option> nor <option>-z</option> option is
4f6469885c3d66367e3f8fb94e1f3c66115990b0Mark Andrews specified; otherwise, the default
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein is <constant>ddns-key</constant> as a separate label
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein followed by the argument of the option, e.g.,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein The key name must have the format of a valid domain name,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein consisting of letters, digits, hyphens and periods.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein (<command>ddns-confgen</command> only.) Quiet mode: Print
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein only the key, with no explanatory text or usage examples;
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein This is essentially identical to <command>tsig-keygen</command>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <term>-r <replaceable class="parameter">randomfile</replaceable></term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Specifies a source of random data for generating the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein authorization. If the operating system does not provide a
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <filename>/dev/random</filename> or equivalent device, the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein default source of randomness is keyboard input.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <filename>randomdev</filename> specifies the name of a
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein character device or file containing random data to be used
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein instead of the default. The special value
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <filename>keyboard</filename> indicates that keyboard input
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein should be used.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <term>-s <replaceable class="parameter">name</replaceable></term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Generate configuration example to allow dynamic updates
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein of a single hostname. The example <command>named.conf</command>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein text shows how to set an update policy for the specified
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <replaceable class="parameter">name</replaceable>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein using the "name" nametype. The default key name is
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein ddns-key.<replaceable class="parameter">name</replaceable>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Note that the "self" nametype cannot be used, since
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein the name to be updated may differ from the key name.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein This option cannot be used with the <option>-z</option> option.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <term>-z <replaceable class="parameter">zone</replaceable></term>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Generate configuration example to allow dynamic updates
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein of a zone: The example <command>named.conf</command> text
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein shows how to set an update policy for the specified
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <replaceable class="parameter">zone</replaceable>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein using the "zonesub" nametype, allowing updates to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein all subdomain names within that
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <replaceable class="parameter">zone</replaceable>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein This option cannot be used with the <option>-s</option> option.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </varlistentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </variablelist>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </refsection>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <refsection><info><title>SEE ALSO</title></info>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <refentrytitle>nsupdate</refentrytitle><manvolnum>1</manvolnum>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </citerefentry>,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <citerefentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <refentrytitle>named.conf</refentrytitle><manvolnum>5</manvolnum>
689023771c563d8660e45d439a207e06e96de28fMark Andrews </citerefentry>,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <citerefentry>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </citerefentry>,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <citetitle>BIND 9 Administrator Reference Manual</citetitle>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein </refsection>