d6fa26d0adaec6c910115be34fe7a5a5f402c14fMark Andrews<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
33d0a7767d53cb366039fd0ac4f63cf8a9c351b0Tinderbox User - Copyright (C) 2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User - This Source Code Form is subject to the terms of the Mozilla Public
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User - License, v. 2.0. If a copy of the MPL was not distributed with this
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User - file, You can obtain one at http://mozilla.org/MPL/2.0/.
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt<a name="man.ddns-confgen"></a><div class="titlepage"></div>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <span class="application">ddns-confgen</span>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User — ddns key generation tool
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>]
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>]
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>]
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User [<code class="option">-k <em class="replaceable"><code>keyname</code></em></code>]
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>]
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User -s <em class="replaceable"><code>name</code></em>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User | -z <em class="replaceable"><code>zone</code></em>
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User <span class="command"><strong>tsig-keygen</strong></span> and <span class="command"><strong>ddns-confgen</strong></span>
f5ae3cca1d2832239cc821bdef77e90c1739e66dTinderbox User are invocation methods for a utility that generates keys for use
ec899c963c91c16c393e067996400ae244921110Tinderbox User in TSIG signing. The resulting keys can be used, for example,
ec899c963c91c16c393e067996400ae244921110Tinderbox User to secure dynamic DNS updates to a zone or for the
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User <span class="command"><strong>rndc</strong></span> command channel.
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User When run as <span class="command"><strong>tsig-keygen</strong></span>, a domain name
ec899c963c91c16c393e067996400ae244921110Tinderbox User can be specified on the command line which will be used as
ec899c963c91c16c393e067996400ae244921110Tinderbox User the name of the generated key. If no name is specified,
ec899c963c91c16c393e067996400ae244921110Tinderbox User the default is <code class="constant">tsig-key</code>.
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User When run as <span class="command"><strong>ddns-confgen</strong></span>, the generated
ec899c963c91c16c393e067996400ae244921110Tinderbox User key is accompanied by configuration text and instructions
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User that can be used with <span class="command"><strong>nsupdate</strong></span> and
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User <span class="command"><strong>named</strong></span> when setting up dynamic DNS,
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User including an example <span class="command"><strong>update-policy</strong></span>
ec899c963c91c16c393e067996400ae244921110Tinderbox User statement. (This usage similar to the
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User <span class="command"><strong>rndc-confgen</strong></span> command for setting
ec899c963c91c16c393e067996400ae244921110Tinderbox User up command channel security.)
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User Note that <span class="command"><strong>named</strong></span> itself can configure a
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User local DDNS key for use with <span class="command"><strong>nsupdate -l</strong></span>:
ec899c963c91c16c393e067996400ae244921110Tinderbox User it does this when a zone is configured with
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User <span class="command"><strong>update-policy local;</strong></span>.
9d557856c2a19ec95ee73245f60a92f8675cf5baTinderbox User <span class="command"><strong>ddns-confgen</strong></span> is only needed when a
ec899c963c91c16c393e067996400ae244921110Tinderbox User more elaborate configuration is required: for instance,
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User if <span class="command"><strong>nsupdate</strong></span> is to be used from a remote
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <div class="variablelist"><dl class="variablelist">
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt Specifies the algorithm to use for the TSIG key. Available
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt choices are: hmac-md5, hmac-sha1, hmac-sha224, hmac-sha256,
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt hmac-sha384 and hmac-sha512. The default is hmac-sha256.
ec899c963c91c16c393e067996400ae244921110Tinderbox User Options are case-insensitive, and the "hmac-" prefix
ec899c963c91c16c393e067996400ae244921110Tinderbox User may be omitted.
ec899c963c91c16c393e067996400ae244921110Tinderbox User Prints a short summary of options and arguments.
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt<dt><span class="term">-k <em class="replaceable"><code>keyname</code></em></span></dt>
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt Specifies the key name of the DDNS authentication key.
7ae7246a6339bb3a79ffc9f2f9c486de9a2bf65eAutomatic Updater The default is <code class="constant">ddns-key</code> when neither
2cbb4ab75757fbb656997a82c14ca07db37d481aAutomatic Updater the <code class="option">-s</code> nor <code class="option">-z</code> option is
7ae7246a6339bb3a79ffc9f2f9c486de9a2bf65eAutomatic Updater specified; otherwise, the default
7ae7246a6339bb3a79ffc9f2f9c486de9a2bf65eAutomatic Updater is <code class="constant">ddns-key</code> as a separate label
7ae7246a6339bb3a79ffc9f2f9c486de9a2bf65eAutomatic Updater followed by the argument of the option, e.g.,
7ae7246a6339bb3a79ffc9f2f9c486de9a2bf65eAutomatic Updater <code class="constant">ddns-key.example.com.</code>
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt The key name must have the format of a valid domain name,
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt consisting of letters, digits, hyphens and periods.
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User (<span class="command"><strong>ddns-confgen</strong></span> only.) Quiet mode: Print
ec899c963c91c16c393e067996400ae244921110Tinderbox User only the key, with no explanatory text or usage examples;
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User This is essentially identical to <span class="command"><strong>tsig-keygen</strong></span>.
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt<dt><span class="term">-r <em class="replaceable"><code>randomfile</code></em></span></dt>
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt Specifies a source of random data for generating the
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt authorization. If the operating system does not provide a
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt <code class="filename">/dev/random</code> or equivalent device, the
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt default source of randomness is keyboard input.
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt <code class="filename">randomdev</code> specifies the name of a
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt character device or file containing random data to be used
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt instead of the default. The special value
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt <code class="filename">keyboard</code> indicates that keyboard input
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt should be used.
7ae7246a6339bb3a79ffc9f2f9c486de9a2bf65eAutomatic Updater<dt><span class="term">-s <em class="replaceable"><code>name</code></em></span></dt>
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User (<span class="command"><strong>ddns-confgen</strong></span> only.)
ec899c963c91c16c393e067996400ae244921110Tinderbox User Generate configuration example to allow dynamic updates
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User of a single hostname. The example <span class="command"><strong>named.conf</strong></span>
ec899c963c91c16c393e067996400ae244921110Tinderbox User text shows how to set an update policy for the specified
ec899c963c91c16c393e067996400ae244921110Tinderbox User <em class="replaceable"><code>name</code></em>
ec899c963c91c16c393e067996400ae244921110Tinderbox User using the "name" nametype. The default key name is
2cbb4ab75757fbb656997a82c14ca07db37d481aAutomatic Updater ddns-key.<em class="replaceable"><code>name</code></em>.
2cbb4ab75757fbb656997a82c14ca07db37d481aAutomatic Updater Note that the "self" nametype cannot be used, since
2cbb4ab75757fbb656997a82c14ca07db37d481aAutomatic Updater the name to be updated may differ from the key name.
2cbb4ab75757fbb656997a82c14ca07db37d481aAutomatic Updater This option cannot be used with the <code class="option">-z</code> option.
7ae7246a6339bb3a79ffc9f2f9c486de9a2bf65eAutomatic Updater<dt><span class="term">-z <em class="replaceable"><code>zone</code></em></span></dt>
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User (<span class="command"><strong>ddns-confgen</strong></span> only.)
ec899c963c91c16c393e067996400ae244921110Tinderbox User Generate configuration example to allow dynamic updates
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User of a zone: The example <span class="command"><strong>named.conf</strong></span> text
7ae7246a6339bb3a79ffc9f2f9c486de9a2bf65eAutomatic Updater shows how to set an update policy for the specified
7ae7246a6339bb3a79ffc9f2f9c486de9a2bf65eAutomatic Updater <em class="replaceable"><code>zone</code></em>
ec899c963c91c16c393e067996400ae244921110Tinderbox User using the "zonesub" nametype, allowing updates to
ec899c963c91c16c393e067996400ae244921110Tinderbox User all subdomain names within that
ec899c963c91c16c393e067996400ae244921110Tinderbox User <em class="replaceable"><code>zone</code></em>.
2cbb4ab75757fbb656997a82c14ca07db37d481aAutomatic Updater This option cannot be used with the <code class="option">-s</code> option.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <span class="refentrytitle">nsupdate</span>(1)
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <span class="refentrytitle">named.conf</span>(5)
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt <em class="citetitle">BIND 9 Administrator Reference Manual</em>.