ddns-confgen.html revision 7911e6f9de303bca5a3d8b34f4330c8f7cecffae
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw - Copyright (C) 2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw - This Source Code Form is subject to the terms of the Mozilla Public
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw - License, v. 2.0. If a copy of the MPL was not distributed with this
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw - file, You can obtain one at http://mozilla.org/MPL/2.0/.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw<a name="man.ddns-confgen"></a><div class="titlepage"></div>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw — ddns key generation tool
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>]
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>]
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>]
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw [<code class="option">-k <em class="replaceable"><code>keyname</code></em></code>]
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>]
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego | -z <em class="replaceable"><code>zone</code></em>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw <span class="command"><strong>tsig-keygen</strong></span> and <span class="command"><strong>ddns-confgen</strong></span>
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego are invocation methods for a utility that generates keys for use
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego in TSIG signing. The resulting keys can be used, for example,
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego to secure dynamic DNS updates to a zone or for the
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego <span class="command"><strong>rndc</strong></span> command channel.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw When run as <span class="command"><strong>tsig-keygen</strong></span>, a domain name
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw can be specified on the command line which will be used as
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw the name of the generated key. If no name is specified,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw When run as <span class="command"><strong>ddns-confgen</strong></span>, the generated
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw key is accompanied by configuration text and instructions
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw that can be used with <span class="command"><strong>nsupdate</strong></span> and
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw <span class="command"><strong>named</strong></span> when setting up dynamic DNS,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw including an example <span class="command"><strong>update-policy</strong></span>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw statement. (This usage similar to the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw <span class="command"><strong>rndc-confgen</strong></span> command for setting
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw up command channel security.)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw Note that <span class="command"><strong>named</strong></span> itself can configure a
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw local DDNS key for use with <span class="command"><strong>nsupdate -l</strong></span>:
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw it does this when a zone is configured with
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego <span class="command"><strong>update-policy local;</strong></span>.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego <span class="command"><strong>ddns-confgen</strong></span> is only needed when a
8d7e41661dc4633488e93b13363137523ce59977jose borrego more elaborate configuration is required: for instance,
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego if <span class="command"><strong>nsupdate</strong></span> is to be used from a remote
8d7e41661dc4633488e93b13363137523ce59977jose borrego <div class="variablelist"><dl class="variablelist">
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw Specifies the algorithm to use for the TSIG key. Available
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States choices are: hmac-md5, hmac-sha1, hmac-sha224, hmac-sha256,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw hmac-sha384 and hmac-sha512. The default is hmac-sha256.
8d7e41661dc4633488e93b13363137523ce59977jose borrego Options are case-insensitive, and the "hmac-" prefix
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego may be omitted.
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as Prints a short summary of options and arguments.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw<dt><span class="term">-k <em class="replaceable"><code>keyname</code></em></span></dt>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw Specifies the key name of the DDNS authentication key.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw The default is <code class="constant">ddns-key</code> when neither
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as the <code class="option">-s</code> nor <code class="option">-z</code> option is
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw specified; otherwise, the default
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw is <code class="constant">ddns-key</code> as a separate label
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw followed by the argument of the option, e.g.,
b1352070d318187b41b088da3533692976f3f225Alan Wright <code class="constant">ddns-key.example.com.</code>
b1352070d318187b41b088da3533692976f3f225Alan Wright The key name must have the format of a valid domain name,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw consisting of letters, digits, hyphens and periods.
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego (<span class="command"><strong>ddns-confgen</strong></span> only.) Quiet mode: Print
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego only the key, with no explanatory text or usage examples;
c8ec8eea9849cac239663c46be8a7f5d2ba7ca00jose borrego This is essentially identical to <span class="command"><strong>tsig-keygen</strong></span>.
8d7e41661dc4633488e93b13363137523ce59977jose borrego<dt><span class="term">-r <em class="replaceable"><code>randomfile</code></em></span></dt>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw Specifies a source of random data for generating the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw authorization. If the operating system does not provide a
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw <code class="filename">/dev/random</code> or equivalent device, the
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw default source of randomness is keyboard input.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw <code class="filename">randomdev</code> specifies the name of a
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw character device or file containing random data to be used
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw instead of the default. The special value
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw <code class="filename">keyboard</code> indicates that keyboard input
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw should be used.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw<dt><span class="term">-s <em class="replaceable"><code>name</code></em></span></dt>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw (<span class="command"><strong>ddns-confgen</strong></span> only.)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw Generate configuration example to allow dynamic updates
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw of a single hostname. The example <span class="command"><strong>named.conf</strong></span>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw text shows how to set an update policy for the specified
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw using the "name" nametype. The default key name is
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego ddns-key.<em class="replaceable"><code>name</code></em>.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego Note that the "self" nametype cannot be used, since
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego the name to be updated may differ from the key name.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw This option cannot be used with the <code class="option">-z</code> option.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego<dt><span class="term">-z <em class="replaceable"><code>zone</code></em></span></dt>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw (<span class="command"><strong>ddns-confgen</strong></span> only.)
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego Generate configuration example to allow dynamic updates
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw of a zone: The example <span class="command"><strong>named.conf</strong></span> text
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego shows how to set an update policy for the specified
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw using the "zonesub" nametype, allowing updates to
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw all subdomain names within that
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego <em class="replaceable"><code>zone</code></em>.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego This option cannot be used with the <code class="option">-s</code> option.
7f667e74610492ddbce8ce60f52ece95d2401949jose borrego <span class="refentrytitle">named.conf</span>(5)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw <em class="citetitle">BIND 9 Administrator Reference Manual</em>.