ddns-confgen.html revision ec899c963c91c16c393e067996400ae244921110
3b4098640dd85040270f39b9a5ee5e22de99d3d6Mark Andrews - Copyright (C) 2009, 2014 Internet Systems Consortium, Inc. ("ISC")
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - Permission to use, copy, modify, and/or distribute this software for any
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - purpose with or without fee is hereby granted, provided that the above
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - copyright notice and this permission notice appear in all copies.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - PERFORMANCE OF THIS SOFTWARE.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<!-- $Id$ -->
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="man.ddns-confgen"></a><div class="titlepage"></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p><span class="application">ddns-confgen</span> — ddns key generation tool</p>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="cmdsynopsis"><p><code class="command">tsig-keygen</code> [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-h</code>] [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>] [name]</p></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<div class="cmdsynopsis"><p><code class="command">ddns-confgen</code> [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>keyname</code></em></code>] [<code class="option">-q</code>] [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>] [ -s <em class="replaceable"><code>name</code></em> | -z <em class="replaceable"><code>zone</code></em> ]</p></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span><strong class="command">tsig-keygen</strong></span> and <span><strong class="command">ddns-confgen</strong></span>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein are invokation methods for a utility that generates keys for use
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein in TSIG signing. The resulting keys can be used, for example,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein to secure dynamic DNS updates to a zone or for the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span><strong class="command">rndc</strong></span> command channel.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein When run as <span><strong class="command">tsig-keygen</strong></span>, a domain name
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein can be specified on the command line which will be used as
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein the name of the generated key. If no name is specified,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein the default is <code class="constant">tsig-key</code>.
3b4098640dd85040270f39b9a5ee5e22de99d3d6Mark Andrews When run as <span><strong class="command">ddns-confgen</strong></span>, the generated
3b4098640dd85040270f39b9a5ee5e22de99d3d6Mark Andrews key is accompanied by configuration text and instructions
3b4098640dd85040270f39b9a5ee5e22de99d3d6Mark Andrews that can be used with <span><strong class="command">nsupdate</strong></span> and
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span><strong class="command">named</strong></span> when setting up dynamic DNS,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein including an example <span><strong class="command">update-policy</strong></span>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein statement. (This usage similar to the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span><strong class="command">rndc-confgen</strong></span> command for setting
3b4098640dd85040270f39b9a5ee5e22de99d3d6Mark Andrews up command channel security.)
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Note that <span><strong class="command">named</strong></span> itself can configure a
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein local DDNS key for use with <span><strong class="command">nsupdate -l</strong></span>:
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein it does this when a zone is configured with
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span><strong class="command">update-policy local;</strong></span>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span><strong class="command">ddns-confgen</strong></span> is only needed when a
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews more elaborate configuration is required: for instance,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein if <span><strong class="command">nsupdate</strong></span> is to be used from a remote
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Specifies the algorithm to use for the TSIG key. Available
3b4098640dd85040270f39b9a5ee5e22de99d3d6Mark Andrews choices are: hmac-md5, hmac-sha1, hmac-sha224, hmac-sha256,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein hmac-sha384 and hmac-sha512. The default is hmac-sha256.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Options are case-insensitive, and the "hmac-" prefix
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein may be omitted.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Prints a short summary of options and arguments.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term">-k <em class="replaceable"><code>keyname</code></em></span></dt>
3b4098640dd85040270f39b9a5ee5e22de99d3d6Mark Andrews Specifies the key name of the DDNS authentication key.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein The default is <code class="constant">ddns-key</code> when neither
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein the <code class="option">-s</code> nor <code class="option">-z</code> option is
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein specified; otherwise, the default
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein is <code class="constant">ddns-key</code> as a separate label
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein followed by the argument of the option, e.g.,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <code class="constant">ddns-key.example.com.</code>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein The key name must have the format of a valid domain name,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein consisting of letters, digits, hyphens and periods.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein (<span><strong class="command">ddns-confgen</strong></span> only.) Quiet mode: Print
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein only the key, with no explanatory text or usage examples;
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein This is essentially identical to <span><strong class="command">tsig-keygen</strong></span>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term">-r <em class="replaceable"><code>randomfile</code></em></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Specifies a source of random data for generating the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein authorization. If the operating system does not provide a
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <code class="filename">/dev/random</code> or equivalent device, the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein default source of randomness is keyboard input.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <code class="filename">randomdev</code> specifies the name of a
3b4098640dd85040270f39b9a5ee5e22de99d3d6Mark Andrews character device or file containing random data to be used
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein instead of the default. The special value
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <code class="filename">keyboard</code> indicates that keyboard input
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein should be used.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term">-s <em class="replaceable"><code>name</code></em></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein (<span><strong class="command">ddns-confgen</strong></span> only.)
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Generate configuration example to allow dynamic updates
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein of a single hostname. The example <span><strong class="command">named.conf</strong></span>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein text shows how to set an update policy for the specified
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein using the "name" nametype. The default key name is
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein ddns-key.<em class="replaceable"><code>name</code></em>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Note that the "self" nametype cannot be used, since
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein the name to be updated may differ from the key name.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein This option cannot be used with the <code class="option">-z</code> option.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term">-z <em class="replaceable"><code>zone</code></em></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein (<span><strong class="command">ddns-confgen</strong></span> only.)
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews Generate configuration example to allow dynamic updates
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews of a zone: The example <span><strong class="command">named.conf</strong></span> text
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein shows how to set an update policy for the specified
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein using the "zonesub" nametype, allowing updates to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein all subdomain names within that
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein This option cannot be used with the <code class="option">-s</code> option.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p><span class="citerefentry"><span class="refentrytitle">nsupdate</span>(1)</span>,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span class="citerefentry"><span class="refentrytitle">named.conf</span>(5)</span>,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p><span class="corpauthor">Internet Systems Consortium</span>