ddns-confgen.html revision f5ae3cca1d2832239cc821bdef77e90c1739e66d
794b79e6bbc3f5db1ea6ae154d739b9f1ef1a375Tinderbox User - Copyright (C) 2009, 2014 Internet Systems Consortium, Inc. ("ISC")
4a14ce5ba00ab7bc55c99ffdcf59c7a4ab902721Automatic Updater - Permission to use, copy, modify, and/or distribute this software for any
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt - purpose with or without fee is hereby granted, provided that the above
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt - copyright notice and this permission notice appear in all copies.
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
9210d8796eaf4125ac58c034f9b5ca167857a55aAutomatic Updater - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt - PERFORMANCE OF THIS SOFTWARE.
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
852ccdd42a71550c974111b49415204ffeca6573Automatic Updater<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt<a name="man.ddns-confgen"></a><div class="titlepage"></div>
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt<p><span class="application">ddns-confgen</span> — ddns key generation tool</p>
ec899c963c91c16c393e067996400ae244921110Tinderbox User<div class="cmdsynopsis"><p><code class="command">tsig-keygen</code> [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-h</code>] [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>] [name]</p></div>
ec899c963c91c16c393e067996400ae244921110Tinderbox User<div class="cmdsynopsis"><p><code class="command">ddns-confgen</code> [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>keyname</code></em></code>] [<code class="option">-q</code>] [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>] [ -s <em class="replaceable"><code>name</code></em> | -z <em class="replaceable"><code>zone</code></em> ]</p></div>
ec899c963c91c16c393e067996400ae244921110Tinderbox User <span><strong class="command">tsig-keygen</strong></span> and <span><strong class="command">ddns-confgen</strong></span>
f5ae3cca1d2832239cc821bdef77e90c1739e66dTinderbox User are invocation methods for a utility that generates keys for use
ec899c963c91c16c393e067996400ae244921110Tinderbox User in TSIG signing. The resulting keys can be used, for example,
ec899c963c91c16c393e067996400ae244921110Tinderbox User to secure dynamic DNS updates to a zone or for the
ec899c963c91c16c393e067996400ae244921110Tinderbox User <span><strong class="command">rndc</strong></span> command channel.
ec899c963c91c16c393e067996400ae244921110Tinderbox User When run as <span><strong class="command">tsig-keygen</strong></span>, a domain name
ec899c963c91c16c393e067996400ae244921110Tinderbox User can be specified on the command line which will be used as
ec899c963c91c16c393e067996400ae244921110Tinderbox User the name of the generated key. If no name is specified,
ec899c963c91c16c393e067996400ae244921110Tinderbox User the default is <code class="constant">tsig-key</code>.
ec899c963c91c16c393e067996400ae244921110Tinderbox User When run as <span><strong class="command">ddns-confgen</strong></span>, the generated
ec899c963c91c16c393e067996400ae244921110Tinderbox User key is accompanied by configuration text and instructions
ec899c963c91c16c393e067996400ae244921110Tinderbox User that can be used with <span><strong class="command">nsupdate</strong></span> and
ec899c963c91c16c393e067996400ae244921110Tinderbox User <span><strong class="command">named</strong></span> when setting up dynamic DNS,
ec899c963c91c16c393e067996400ae244921110Tinderbox User including an example <span><strong class="command">update-policy</strong></span>
ec899c963c91c16c393e067996400ae244921110Tinderbox User statement. (This usage similar to the
ec899c963c91c16c393e067996400ae244921110Tinderbox User <span><strong class="command">rndc-confgen</strong></span> command for setting
ec899c963c91c16c393e067996400ae244921110Tinderbox User up command channel security.)
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt Note that <span><strong class="command">named</strong></span> itself can configure a
ec899c963c91c16c393e067996400ae244921110Tinderbox User local DDNS key for use with <span><strong class="command">nsupdate -l</strong></span>:
ec899c963c91c16c393e067996400ae244921110Tinderbox User it does this when a zone is configured with
ec899c963c91c16c393e067996400ae244921110Tinderbox User <span><strong class="command">update-policy local;</strong></span>.
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt <span><strong class="command">ddns-confgen</strong></span> is only needed when a
ec899c963c91c16c393e067996400ae244921110Tinderbox User more elaborate configuration is required: for instance,
ec899c963c91c16c393e067996400ae244921110Tinderbox User if <span><strong class="command">nsupdate</strong></span> is to be used from a remote
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt Specifies the algorithm to use for the TSIG key. Available
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt choices are: hmac-md5, hmac-sha1, hmac-sha224, hmac-sha256,
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt hmac-sha384 and hmac-sha512. The default is hmac-sha256.
ec899c963c91c16c393e067996400ae244921110Tinderbox User Options are case-insensitive, and the "hmac-" prefix
ec899c963c91c16c393e067996400ae244921110Tinderbox User may be omitted.
ec899c963c91c16c393e067996400ae244921110Tinderbox User Prints a short summary of options and arguments.
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt<dt><span class="term">-k <em class="replaceable"><code>keyname</code></em></span></dt>
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt Specifies the key name of the DDNS authentication key.
7ae7246a6339bb3a79ffc9f2f9c486de9a2bf65eAutomatic Updater The default is <code class="constant">ddns-key</code> when neither
2cbb4ab75757fbb656997a82c14ca07db37d481aAutomatic Updater the <code class="option">-s</code> nor <code class="option">-z</code> option is
7ae7246a6339bb3a79ffc9f2f9c486de9a2bf65eAutomatic Updater specified; otherwise, the default
7ae7246a6339bb3a79ffc9f2f9c486de9a2bf65eAutomatic Updater is <code class="constant">ddns-key</code> as a separate label
7ae7246a6339bb3a79ffc9f2f9c486de9a2bf65eAutomatic Updater followed by the argument of the option, e.g.,
7ae7246a6339bb3a79ffc9f2f9c486de9a2bf65eAutomatic Updater <code class="constant">ddns-key.example.com.</code>
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt The key name must have the format of a valid domain name,
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt consisting of letters, digits, hyphens and periods.
ec899c963c91c16c393e067996400ae244921110Tinderbox User (<span><strong class="command">ddns-confgen</strong></span> only.) Quiet mode: Print
ec899c963c91c16c393e067996400ae244921110Tinderbox User only the key, with no explanatory text or usage examples;
ec899c963c91c16c393e067996400ae244921110Tinderbox User This is essentially identical to <span><strong class="command">tsig-keygen</strong></span>.
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt<dt><span class="term">-r <em class="replaceable"><code>randomfile</code></em></span></dt>
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt Specifies a source of random data for generating the
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt authorization. If the operating system does not provide a
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt <code class="filename">/dev/random</code> or equivalent device, the
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt default source of randomness is keyboard input.
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt <code class="filename">randomdev</code> specifies the name of a
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt character device or file containing random data to be used
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt instead of the default. The special value
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt <code class="filename">keyboard</code> indicates that keyboard input
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt should be used.
7ae7246a6339bb3a79ffc9f2f9c486de9a2bf65eAutomatic Updater<dt><span class="term">-s <em class="replaceable"><code>name</code></em></span></dt>
ec899c963c91c16c393e067996400ae244921110Tinderbox User (<span><strong class="command">ddns-confgen</strong></span> only.)
ec899c963c91c16c393e067996400ae244921110Tinderbox User Generate configuration example to allow dynamic updates
ec899c963c91c16c393e067996400ae244921110Tinderbox User of a single hostname. The example <span><strong class="command">named.conf</strong></span>
ec899c963c91c16c393e067996400ae244921110Tinderbox User text shows how to set an update policy for the specified
ec899c963c91c16c393e067996400ae244921110Tinderbox User <em class="replaceable"><code>name</code></em>
ec899c963c91c16c393e067996400ae244921110Tinderbox User using the "name" nametype. The default key name is
2cbb4ab75757fbb656997a82c14ca07db37d481aAutomatic Updater ddns-key.<em class="replaceable"><code>name</code></em>.
2cbb4ab75757fbb656997a82c14ca07db37d481aAutomatic Updater Note that the "self" nametype cannot be used, since
2cbb4ab75757fbb656997a82c14ca07db37d481aAutomatic Updater the name to be updated may differ from the key name.
2cbb4ab75757fbb656997a82c14ca07db37d481aAutomatic Updater This option cannot be used with the <code class="option">-z</code> option.
7ae7246a6339bb3a79ffc9f2f9c486de9a2bf65eAutomatic Updater<dt><span class="term">-z <em class="replaceable"><code>zone</code></em></span></dt>
ec899c963c91c16c393e067996400ae244921110Tinderbox User (<span><strong class="command">ddns-confgen</strong></span> only.)
ec899c963c91c16c393e067996400ae244921110Tinderbox User Generate configuration example to allow dynamic updates
ec899c963c91c16c393e067996400ae244921110Tinderbox User of a zone: The example <span><strong class="command">named.conf</strong></span> text
7ae7246a6339bb3a79ffc9f2f9c486de9a2bf65eAutomatic Updater shows how to set an update policy for the specified
7ae7246a6339bb3a79ffc9f2f9c486de9a2bf65eAutomatic Updater <em class="replaceable"><code>zone</code></em>
ec899c963c91c16c393e067996400ae244921110Tinderbox User using the "zonesub" nametype, allowing updates to
ec899c963c91c16c393e067996400ae244921110Tinderbox User all subdomain names within that
ec899c963c91c16c393e067996400ae244921110Tinderbox User <em class="replaceable"><code>zone</code></em>.
2cbb4ab75757fbb656997a82c14ca07db37d481aAutomatic Updater This option cannot be used with the <code class="option">-s</code> option.
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt<p><span class="citerefentry"><span class="refentrytitle">nsupdate</span>(1)</span>,
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt <span class="citerefentry"><span class="refentrytitle">named.conf</span>(5)</span>,
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
351b62535d4c4f89883bfdba025999dd32490266Evan Hunt<p><span class="corpauthor">Internet Systems Consortium</span>