bin/confgen/ddns-confgen.docbook

	ddns-confgen.docbook revision 30eec077db2bdcb6f2a0dc388a3cdde2ede75ec1
2N/A<!--
2N/A - Copyright (C) 2009, 2014, 2015  Internet Systems Consortium, Inc. ("ISC")
2N/A -
2N/A - Permission to use, copy, modify, and/or distribute this software for any
2N/A - purpose with or without fee is hereby granted, provided that the above
2N/A - copyright notice and this permission notice appear in all copies.
2N/A -
2N/A - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
2N/A - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
2N/A - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
2N/A - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
2N/A - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
2N/A - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
2N/A - PERFORMANCE OF THIS SOFTWARE.
2N/A-->
2N/A
2N/A<!-- Converted by db4-upgrade version 1.0 -->
2N/A<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="man.ddns-confgen">
2N/A  <info>
2N/A    <date>2014-03-06</date>
2N/A  </info>
2N/A  <refentryinfo>
2N/A    <corpname>ISC</corpname>
2N/A    <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
2N/A  </refentryinfo>
2N/A
2N/A  <refmeta>
2N/A    <refentrytitle><application>ddns-confgen</application></refentrytitle>
2N/A    <manvolnum>8</manvolnum>
2N/A    <refmiscinfo>BIND9</refmiscinfo>
2N/A  </refmeta>
2N/A
2N/A  <refnamediv>
2N/A    <refname><application>ddns-confgen</application></refname>
2N/A    <refpurpose>ddns key generation tool</refpurpose>
2N/A  </refnamediv>
2N/A
2N/A  <docinfo>
2N/A    <copyright>
2N/A      <year>2009</year>
2N/A      <year>2014</year>
2N/A      <year>2015</year>
2N/A      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
2N/A    </copyright>
2N/A  </docinfo>
2N/A
2N/A  <refsynopsisdiv>
2N/A    <cmdsynopsis sepchar=" ">
2N/A      <command>tsig-keygen</command>
2N/A      <arg choice="opt" rep="norepeat"><option>-a <replaceable class="parameter">algorithm</replaceable></option></arg>
2N/A      <arg choice="opt" rep="norepeat"><option>-h</option></arg>
2N/A      <arg choice="opt" rep="norepeat"><option>-r <replaceable class="parameter">randomfile</replaceable></option></arg>
2N/A      <arg choice="opt" rep="norepeat">name</arg>
2N/A    </cmdsynopsis>
2N/A    <cmdsynopsis sepchar=" ">
2N/A      <command>ddns-confgen</command>
2N/A      <arg choice="opt" rep="norepeat"><option>-a <replaceable class="parameter">algorithm</replaceable></option></arg>
2N/A      <arg choice="opt" rep="norepeat"><option>-h</option></arg>
2N/A      <arg choice="opt" rep="norepeat"><option>-k <replaceable class="parameter">keyname</replaceable></option></arg>
2N/A      <arg choice="opt" rep="norepeat"><option>-q</option></arg>
2N/A      <arg choice="opt" rep="norepeat"><option>-r <replaceable class="parameter">randomfile</replaceable></option></arg>
2N/A      <group choice="opt" rep="norepeat">
2N/A        <arg choice="plain" rep="norepeat">-s <replaceable class="parameter">name</replaceable></arg>
2N/A        <arg choice="plain" rep="norepeat">-z <replaceable class="parameter">zone</replaceable></arg>
2N/A      </group>
2N/A    </cmdsynopsis>
2N/A  </refsynopsisdiv>
2N/A
2N/A  <refsection><info><title>DESCRIPTION</title></info>
2N/A
2N/A    <para>
2N/A      <command>tsig-keygen</command> and <command>ddns-confgen</command>
2N/A      are invocation methods for a utility that generates keys for use
2N/A      in TSIG signing.  The resulting keys can be used, for example,
2N/A      to secure dynamic DNS updates to a zone or for the
2N/A      <command>rndc</command> command channel.
2N/A    </para>
2N/A
2N/A    <para>
2N/A      When run as <command>tsig-keygen</command>, a domain name
2N/A      can be specified on the command line which will be used as
2N/A      the name of the generated key.  If no name is specified,
2N/A      the default is <constant>tsig-key</constant>.
2N/A    </para>
2N/A
2N/A    <para>
2N/A      When run as <command>ddns-confgen</command>, the generated
2N/A      key is accompanied by configuration text and instructions
2N/A      that can be used with <command>nsupdate</command> and
2N/A      <command>named</command> when setting up dynamic DNS,
2N/A      including an example <command>update-policy</command>
2N/A      statement.  (This usage similar to the
2N/A      <command>rndc-confgen</command> command for setting
2N/A      up command channel security.)
2N/A    </para>
2N/A
2N/A    <para>
2N/A      Note that <command>named</command> itself can configure a
2N/A      local DDNS key for use with <command>nsupdate -l</command>:
2N/A      it does this when a zone is configured with
2N/A      <command>update-policy local;</command>.
2N/A      <command>ddns-confgen</command> is only needed when a
2N/A      more elaborate configuration is required: for instance,
2N/A      if <command>nsupdate</command> is to be used from a remote
2N/A      system.
2N/A    </para>
2N/A  </refsection>
2N/A
2N/A  <refsection><info><title>OPTIONS</title></info>
2N/A
2N/A
2N/A    <variablelist>
2N/A      <varlistentry>
2N/A    <term>-a <replaceable class="parameter">algorithm</replaceable></term>
2N/A    <listitem>
2N/A      <para>
2N/A            Specifies the algorithm to use for the TSIG key.  Available
2N/A            choices are: hmac-md5, hmac-sha1, hmac-sha224, hmac-sha256,
2N/A            hmac-sha384 and hmac-sha512.  The default is hmac-sha256.
2N/A            Options are case-insensitive, and the "hmac-" prefix
2N/A            may be omitted.
2N/A      </para>
2N/A    </listitem>
2N/A      </varlistentry>
2N/A
2N/A      <varlistentry>
2N/A    <term>-h</term>
2N/A    <listitem>
2N/A      <para>
2N/A        Prints a short summary of options and arguments.
2N/A      </para>
2N/A    </listitem>
2N/A      </varlistentry>
2N/A
2N/A      <varlistentry>
2N/A    <term>-k <replaceable class="parameter">keyname</replaceable></term>
2N/A    <listitem>
2N/A      <para>
2N/A        Specifies the key name of the DDNS authentication key.
2N/A        The default is <constant>ddns-key</constant> when neither
2N/A        the <option>-s</option> nor <option>-z</option> option is
2N/A        specified; otherwise, the default
2N/A        is <constant>ddns-key</constant> as a separate label
2N/A        followed by the argument of the option, e.g.,
2N/A        <constant>ddns-key.example.com.</constant>
2N/A        The key name must have the format of a valid domain name,
2N/A        consisting of letters, digits, hyphens and periods.
2N/A      </para>
2N/A    </listitem>
2N/A      </varlistentry>
2N/A
2N/A      <varlistentry>
2N/A    <term>-q</term>
2N/A    <listitem>
2N/A      <para>
2N/A        (<command>ddns-confgen</command> only.) Quiet mode:  Print
2N/A            only the key, with no explanatory text or usage examples;
2N/A            This is essentially identical to <command>tsig-keygen</command>.
2N/A      </para>
2N/A    </listitem>
2N/A      </varlistentry>
2N/A
2N/A      <varlistentry>
2N/A    <term>-r <replaceable class="parameter">randomfile</replaceable></term>
2N/A    <listitem>
2N/A      <para>
2N/A            Specifies a source of random data for generating the
2N/A            authorization.  If the operating system does not provide a
2N/A            <filename>/dev/random</filename> or equivalent device, the
2N/A            default source of randomness is keyboard input.
2N/A            <filename>randomdev</filename> specifies the name of a
2N/A            character device or file containing random data to be used
2N/A            instead of the default.  The special value
2N/A            <filename>keyboard</filename> indicates that keyboard input
2N/A            should be used.
2N/A      </para>
2N/A    </listitem>
2N/A      </varlistentry>
2N/A
2N/A      <varlistentry>
2N/A    <term>-s <replaceable class="parameter">name</replaceable></term>
2N/A    <listitem>
2N/A      <para>
2N/A            (<command>ddns-confgen</command> only.)
2N/A        Generate configuration example to allow dynamic updates
2N/A            of a single hostname.  The example <command>named.conf</command>
2N/A            text shows how to set an update policy for the specified
2N/A            <replaceable class="parameter">name</replaceable>
2N/A        using the "name" nametype.  The default key name is
2N/A        ddns-key.<replaceable class="parameter">name</replaceable>.
2N/A        Note that the "self" nametype cannot be used, since
2N/A        the name to be updated may differ from the key name.
2N/A        This option cannot be used with the <option>-z</option> option.
2N/A      </para>
2N/A    </listitem>
2N/A      </varlistentry>
2N/A
2N/A      <varlistentry>
2N/A    <term>-z <replaceable class="parameter">zone</replaceable></term>
2N/A    <listitem>
2N/A      <para>
2N/A            (<command>ddns-confgen</command> only.)
2N/A        Generate configuration example to allow dynamic updates
2N/A            of a zone:  The example <command>named.conf</command> text
2N/A            shows how to set an update policy for the specified
2N/A        <replaceable class="parameter">zone</replaceable>
2N/A        using the "zonesub" nametype, allowing updates to
2N/A            all subdomain names within that
2N/A            <replaceable class="parameter">zone</replaceable>.
2N/A        This option cannot be used with the <option>-s</option> option.
2N/A      </para>
2N/A    </listitem>
2N/A      </varlistentry>
2N/A    </variablelist>
2N/A  </refsection>
2N/A
2N/A  <refsection><info><title>SEE ALSO</title></info>
2N/A
2N/A    <para><citerefentry>
2N/A    <refentrytitle>nsupdate</refentrytitle><manvolnum>1</manvolnum>
2N/A      </citerefentry>,
2N/A      <citerefentry>
2N/A    <refentrytitle>named.conf</refentrytitle><manvolnum>5</manvolnum>
2N/A      </citerefentry>,
2N/A      <citerefentry>
    <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
      <citetitle>BIND 9 Administrator Reference Manual</citetitle>.
    </para>
  </refsection>

</refentry>