ddns-confgen.html revision 9d557856c2a19ec95ee73245f60a92f8675cf5ba
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt - Copyright (C) 2009, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt - Permission to use, copy, modify, and/or distribute this software for any
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt - purpose with or without fee is hereby granted, provided that the above
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt - copyright notice and this permission notice appear in all copies.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt - PERFORMANCE OF THIS SOFTWARE.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<a name="man.ddns-confgen"></a><div class="titlepage"></div>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<p><span class="application">ddns-confgen</span> — ddns key generation tool</p>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<div class="cmdsynopsis"><p><code class="command">tsig-keygen</code> [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-h</code>] [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>] [name]</p></div>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<div class="cmdsynopsis"><p><code class="command">ddns-confgen</code> [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>keyname</code></em></code>] [<code class="option">-q</code>] [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>] [ -s <em class="replaceable"><code>name</code></em> | -z <em class="replaceable"><code>zone</code></em> ]</p></div>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <span class="command"><strong>tsig-keygen</strong></span> and <span class="command"><strong>ddns-confgen</strong></span>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt are invocation methods for a utility that generates keys for use
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt in TSIG signing. The resulting keys can be used, for example,
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt to secure dynamic DNS updates to a zone or for the
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <span class="command"><strong>rndc</strong></span> command channel.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt When run as <span class="command"><strong>tsig-keygen</strong></span>, a domain name
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt can be specified on the command line which will be used as
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt the name of the generated key. If no name is specified,
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt the default is <code class="constant">tsig-key</code>.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt When run as <span class="command"><strong>ddns-confgen</strong></span>, the generated
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt key is accompanied by configuration text and instructions
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt that can be used with <span class="command"><strong>nsupdate</strong></span> and
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <span class="command"><strong>named</strong></span> when setting up dynamic DNS,
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt including an example <span class="command"><strong>update-policy</strong></span>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt statement. (This usage similar to the
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <span class="command"><strong>rndc-confgen</strong></span> command for setting
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt up command channel security.)
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt Note that <span class="command"><strong>named</strong></span> itself can configure a
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt local DDNS key for use with <span class="command"><strong>nsupdate -l</strong></span>:
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt it does this when a zone is configured with
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <span class="command"><strong>update-policy local;</strong></span>.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <span class="command"><strong>ddns-confgen</strong></span> is only needed when a
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt more elaborate configuration is required: for instance,
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt if <span class="command"><strong>nsupdate</strong></span> is to be used from a remote
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<div class="variablelist"><dl class="variablelist">
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt Specifies the algorithm to use for the TSIG key. Available
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt choices are: hmac-md5, hmac-sha1, hmac-sha224, hmac-sha256,
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt hmac-sha384 and hmac-sha512. The default is hmac-sha256.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt Options are case-insensitive, and the "hmac-" prefix
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt may be omitted.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt Prints a short summary of options and arguments.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dt><span class="term">-k <em class="replaceable"><code>keyname</code></em></span></dt>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt Specifies the key name of the DDNS authentication key.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt The default is <code class="constant">ddns-key</code> when neither
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt the <code class="option">-s</code> nor <code class="option">-z</code> option is
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt specified; otherwise, the default
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt is <code class="constant">ddns-key</code> as a separate label
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt followed by the argument of the option, e.g.,
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <code class="constant">ddns-key.example.com.</code>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt The key name must have the format of a valid domain name,
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt consisting of letters, digits, hyphens and periods.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt (<span class="command"><strong>ddns-confgen</strong></span> only.) Quiet mode: Print
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt only the key, with no explanatory text or usage examples;
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt This is essentially identical to <span class="command"><strong>tsig-keygen</strong></span>.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dt><span class="term">-r <em class="replaceable"><code>randomfile</code></em></span></dt>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt Specifies a source of random data for generating the
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt authorization. If the operating system does not provide a
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <code class="filename">/dev/random</code> or equivalent device, the
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt default source of randomness is keyboard input.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <code class="filename">randomdev</code> specifies the name of a
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt character device or file containing random data to be used
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt instead of the default. The special value
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <code class="filename">keyboard</code> indicates that keyboard input
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt should be used.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dt><span class="term">-s <em class="replaceable"><code>name</code></em></span></dt>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt (<span class="command"><strong>ddns-confgen</strong></span> only.)
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt Generate configuration example to allow dynamic updates
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt of a single hostname. The example <span class="command"><strong>named.conf</strong></span>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt text shows how to set an update policy for the specified
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt using the "name" nametype. The default key name is
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt ddns-key.<em class="replaceable"><code>name</code></em>.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt Note that the "self" nametype cannot be used, since
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt the name to be updated may differ from the key name.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt This option cannot be used with the <code class="option">-z</code> option.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<dt><span class="term">-z <em class="replaceable"><code>zone</code></em></span></dt>
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt (<span class="command"><strong>ddns-confgen</strong></span> only.)
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt Generate configuration example to allow dynamic updates
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt of a zone: The example <span class="command"><strong>named.conf</strong></span> text
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt shows how to set an update policy for the specified
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt using the "zonesub" nametype, allowing updates to
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt all subdomain names within that
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt This option cannot be used with the <code class="option">-s</code> option.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt<p><span class="citerefentry"><span class="refentrytitle">nsupdate</span>(1)</span>,
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <span class="citerefentry"><span class="refentrytitle">named.conf</span>(5)</span>,
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt <em class="citetitle">BIND 9 Administrator Reference Manual</em>.