rndc-confgen.docbook revision bfeb2af9cf4564c00a0e1100744cf5acd3b1d5ea
1687985cdfc3a4c330c5bdb02c131835f8756e3cBob Halley<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
7d98a1783f222964bcde7d56dab77b822706204dBob Halley "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence [<!ENTITY mdash "&#8212;">]>
1687985cdfc3a4c330c5bdb02c131835f8756e3cBob Halley<!--
1687985cdfc3a4c330c5bdb02c131835f8756e3cBob Halley - Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC")
1687985cdfc3a4c330c5bdb02c131835f8756e3cBob Halley - Copyright (C) 2001, 2003 Internet Software Consortium.
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence -
15a44745412679c30a6d022733925af70a38b715David Lawrence - Permission to use, copy, modify, and/or distribute this software for any
15a44745412679c30a6d022733925af70a38b715David Lawrence - purpose with or without fee is hereby granted, provided that the above
15a44745412679c30a6d022733925af70a38b715David Lawrence - copyright notice and this permission notice appear in all copies.
15a44745412679c30a6d022733925af70a38b715David Lawrence -
15a44745412679c30a6d022733925af70a38b715David Lawrence - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
15a44745412679c30a6d022733925af70a38b715David Lawrence - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
15a44745412679c30a6d022733925af70a38b715David Lawrence - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
15a44745412679c30a6d022733925af70a38b715David Lawrence - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
1687985cdfc3a4c330c5bdb02c131835f8756e3cBob Halley - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
1687985cdfc3a4c330c5bdb02c131835f8756e3cBob Halley - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
8f7cae3d7b0c122c3b17e8409bbb80005433acd2Brian Wellington - PERFORMANCE OF THIS SOFTWARE.
9c3531d72aeaad6c5f01efe6a1c82023e1379e4dDavid Lawrence-->
1687985cdfc3a4c330c5bdb02c131835f8756e3cBob Halley
1687985cdfc3a4c330c5bdb02c131835f8756e3cBob Halley<!-- $Id: rndc-confgen.docbook,v 1.4 2009/06/15 23:47:59 tbox Exp $ -->
8f7cae3d7b0c122c3b17e8409bbb80005433acd2Brian Wellington<refentry id="man.rndc-confgen">
8f7cae3d7b0c122c3b17e8409bbb80005433acd2Brian Wellington <refentryinfo>
1687985cdfc3a4c330c5bdb02c131835f8756e3cBob Halley <date>Aug 27, 2001</date>
1687985cdfc3a4c330c5bdb02c131835f8756e3cBob Halley </refentryinfo>
1687985cdfc3a4c330c5bdb02c131835f8756e3cBob Halley
1687985cdfc3a4c330c5bdb02c131835f8756e3cBob Halley <refmeta>
1687985cdfc3a4c330c5bdb02c131835f8756e3cBob Halley <refentrytitle><application>rndc-confgen</application></refentrytitle>
1687985cdfc3a4c330c5bdb02c131835f8756e3cBob Halley <manvolnum>8</manvolnum>
1687985cdfc3a4c330c5bdb02c131835f8756e3cBob Halley <refmiscinfo>BIND9</refmiscinfo>
5fe5a0c02634eaadfcbc3528bf2c184557110a3bAndreas Gustafsson </refmeta>
1687985cdfc3a4c330c5bdb02c131835f8756e3cBob Halley
1687985cdfc3a4c330c5bdb02c131835f8756e3cBob Halley <refnamediv>
8327c62a49a2487d29a37acbed6b602e629fc0eeAndreas Gustafsson <refname><application>rndc-confgen</application></refname>
1687985cdfc3a4c330c5bdb02c131835f8756e3cBob Halley <refpurpose>rndc key generation tool</refpurpose>
1687985cdfc3a4c330c5bdb02c131835f8756e3cBob Halley </refnamediv>
1687985cdfc3a4c330c5bdb02c131835f8756e3cBob Halley
1687985cdfc3a4c330c5bdb02c131835f8756e3cBob Halley <docinfo>
1687985cdfc3a4c330c5bdb02c131835f8756e3cBob Halley <copyright>
1687985cdfc3a4c330c5bdb02c131835f8756e3cBob Halley <year>2004</year>
1687985cdfc3a4c330c5bdb02c131835f8756e3cBob Halley <year>2005</year>
1687985cdfc3a4c330c5bdb02c131835f8756e3cBob Halley <year>2007</year>
1687985cdfc3a4c330c5bdb02c131835f8756e3cBob Halley <year>2009</year>
1687985cdfc3a4c330c5bdb02c131835f8756e3cBob Halley <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
1687985cdfc3a4c330c5bdb02c131835f8756e3cBob Halley </copyright>
1687985cdfc3a4c330c5bdb02c131835f8756e3cBob Halley <copyright>
1687985cdfc3a4c330c5bdb02c131835f8756e3cBob Halley <year>2001</year>
8327c62a49a2487d29a37acbed6b602e629fc0eeAndreas Gustafsson <year>2003</year>
8327c62a49a2487d29a37acbed6b602e629fc0eeAndreas Gustafsson <holder>Internet Software Consortium.</holder>
8327c62a49a2487d29a37acbed6b602e629fc0eeAndreas Gustafsson </copyright>
608f870f4821972313eadc5388a42fa55b6279d1Mark Andrews </docinfo>
878d3073b13833ee1a50dfeabf8e400b6fdfc754Brian Wellington
878d3073b13833ee1a50dfeabf8e400b6fdfc754Brian Wellington <refsynopsisdiv>
1687985cdfc3a4c330c5bdb02c131835f8756e3cBob Halley <cmdsynopsis>
1687985cdfc3a4c330c5bdb02c131835f8756e3cBob Halley <command>rndc-confgen</command>
1687985cdfc3a4c330c5bdb02c131835f8756e3cBob Halley <arg><option>-a</option></arg>
1687985cdfc3a4c330c5bdb02c131835f8756e3cBob Halley <arg><option>-b <replaceable class="parameter">keysize</replaceable></option></arg>
7193a1762e428cfba06907e51fa9e4bce3b5569aAndreas Gustafsson <arg><option>-c <replaceable class="parameter">keyfile</replaceable></option></arg>
1687985cdfc3a4c330c5bdb02c131835f8756e3cBob Halley <arg><option>-h</option></arg>
edcd1247ad7e81bb8b430e610d9718f64c70f05dDavid Lawrence <arg><option>-k <replaceable class="parameter">keyname</replaceable></option></arg>
1687985cdfc3a4c330c5bdb02c131835f8756e3cBob Halley <arg><option>-p <replaceable class="parameter">port</replaceable></option></arg>
1687985cdfc3a4c330c5bdb02c131835f8756e3cBob Halley <arg><option>-r <replaceable class="parameter">randomfile</replaceable></option></arg>
1687985cdfc3a4c330c5bdb02c131835f8756e3cBob Halley <arg><option>-s <replaceable class="parameter">address</replaceable></option></arg>
1687985cdfc3a4c330c5bdb02c131835f8756e3cBob Halley <arg><option>-t <replaceable class="parameter">chrootdir</replaceable></option></arg>
8582a1e113c13886ccbd1b534d6c240315767be6Bob Halley <arg><option>-u <replaceable class="parameter">user</replaceable></option></arg>
8582a1e113c13886ccbd1b534d6c240315767be6Bob Halley </cmdsynopsis>
8582a1e113c13886ccbd1b534d6c240315767be6Bob Halley </refsynopsisdiv>
edcd1247ad7e81bb8b430e610d9718f64c70f05dDavid Lawrence
1687985cdfc3a4c330c5bdb02c131835f8756e3cBob Halley <refsect1>
1687985cdfc3a4c330c5bdb02c131835f8756e3cBob Halley <title>DESCRIPTION</title>
edcd1247ad7e81bb8b430e610d9718f64c70f05dDavid Lawrence <para><command>rndc-confgen</command>
edcd1247ad7e81bb8b430e610d9718f64c70f05dDavid Lawrence generates configuration files
1687985cdfc3a4c330c5bdb02c131835f8756e3cBob Halley for <command>rndc</command>. It can be used as a
c90f5e8d1edbd5c277f2ee320167a12a30ba7c7bMichael Graff convenient alternative to writing the
edcd1247ad7e81bb8b430e610d9718f64c70f05dDavid Lawrence <filename>rndc.conf</filename> file
c90f5e8d1edbd5c277f2ee320167a12a30ba7c7bMichael Graff and the corresponding <command>controls</command>
8582a1e113c13886ccbd1b534d6c240315767be6Bob Halley and <command>key</command>
7193a1762e428cfba06907e51fa9e4bce3b5569aAndreas Gustafsson statements in <filename>named.conf</filename> by hand.
7193a1762e428cfba06907e51fa9e4bce3b5569aAndreas Gustafsson Alternatively, it can be run with the <command>-a</command>
7193a1762e428cfba06907e51fa9e4bce3b5569aAndreas Gustafsson option to set up a <filename>rndc.key</filename> file and
7193a1762e428cfba06907e51fa9e4bce3b5569aAndreas Gustafsson avoid the need for a <filename>rndc.conf</filename> file
a0f6cda5fd9f2fcc4154bb63628f849b639a40caAndreas Gustafsson and a <command>controls</command> statement altogether.
a0f6cda5fd9f2fcc4154bb63628f849b639a40caAndreas Gustafsson </para>
7193a1762e428cfba06907e51fa9e4bce3b5569aAndreas Gustafsson
a0f6cda5fd9f2fcc4154bb63628f849b639a40caAndreas Gustafsson </refsect1>
e02c696ea586f8dcc7c6145cc0f143f887960cd4Andreas Gustafsson
e02c696ea586f8dcc7c6145cc0f143f887960cd4Andreas Gustafsson <refsect1>
e02c696ea586f8dcc7c6145cc0f143f887960cd4Andreas Gustafsson <title>OPTIONS</title>
e02c696ea586f8dcc7c6145cc0f143f887960cd4Andreas Gustafsson
e02c696ea586f8dcc7c6145cc0f143f887960cd4Andreas Gustafsson <variablelist>
e02c696ea586f8dcc7c6145cc0f143f887960cd4Andreas Gustafsson <varlistentry>
e02c696ea586f8dcc7c6145cc0f143f887960cd4Andreas Gustafsson <term>-a</term>
e02c696ea586f8dcc7c6145cc0f143f887960cd4Andreas Gustafsson <listitem>
e02c696ea586f8dcc7c6145cc0f143f887960cd4Andreas Gustafsson <para>
e02c696ea586f8dcc7c6145cc0f143f887960cd4Andreas Gustafsson Do automatic <command>rndc</command> configuration.
e02c696ea586f8dcc7c6145cc0f143f887960cd4Andreas Gustafsson This creates a file <filename>rndc.key</filename>
e02c696ea586f8dcc7c6145cc0f143f887960cd4Andreas Gustafsson in <filename>/etc</filename> (or whatever
a0f6cda5fd9f2fcc4154bb63628f849b639a40caAndreas Gustafsson <varname>sysconfdir</varname>
e02c696ea586f8dcc7c6145cc0f143f887960cd4Andreas Gustafsson was specified as when <acronym>BIND</acronym> was
e02c696ea586f8dcc7c6145cc0f143f887960cd4Andreas Gustafsson built)
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence that is read by both <command>rndc</command>
8582a1e113c13886ccbd1b534d6c240315767be6Bob Halley and <command>named</command> on startup. The
11d435aa4cf77e035445978f7e3776a3589715fdAndreas Gustafsson <filename>rndc.key</filename> file defines a default
11d435aa4cf77e035445978f7e3776a3589715fdAndreas Gustafsson command channel and authentication key allowing
11d435aa4cf77e035445978f7e3776a3589715fdAndreas Gustafsson <command>rndc</command> to communicate with
8582a1e113c13886ccbd1b534d6c240315767be6Bob Halley <command>named</command> on the local host
11d435aa4cf77e035445978f7e3776a3589715fdAndreas Gustafsson with no further configuration.
11d435aa4cf77e035445978f7e3776a3589715fdAndreas Gustafsson </para>
11d435aa4cf77e035445978f7e3776a3589715fdAndreas Gustafsson <para>
44fee668021c7ceef4ee1c848031d883a508b359James Brister Running <command>rndc-confgen -a</command> allows
44fee668021c7ceef4ee1c848031d883a508b359James Brister BIND 9 and <command>rndc</command> to be used as
11d435aa4cf77e035445978f7e3776a3589715fdAndreas Gustafsson drop-in
11d435aa4cf77e035445978f7e3776a3589715fdAndreas Gustafsson replacements for BIND 8 and <command>ndc</command>,
11d435aa4cf77e035445978f7e3776a3589715fdAndreas Gustafsson with no changes to the existing BIND 8
11d435aa4cf77e035445978f7e3776a3589715fdAndreas Gustafsson <filename>named.conf</filename> file.
11d435aa4cf77e035445978f7e3776a3589715fdAndreas Gustafsson </para>
11d435aa4cf77e035445978f7e3776a3589715fdAndreas Gustafsson <para>
11d435aa4cf77e035445978f7e3776a3589715fdAndreas Gustafsson If a more elaborate configuration than that
11d435aa4cf77e035445978f7e3776a3589715fdAndreas Gustafsson generated by <command>rndc-confgen -a</command>
44fee668021c7ceef4ee1c848031d883a508b359James Brister is required, for example if rndc is to be used remotely,
11d435aa4cf77e035445978f7e3776a3589715fdAndreas Gustafsson you should run <command>rndc-confgen</command> without
a0f6cda5fd9f2fcc4154bb63628f849b639a40caAndreas Gustafsson the
a0f6cda5fd9f2fcc4154bb63628f849b639a40caAndreas Gustafsson <command>-a</command> option and set up a
a0f6cda5fd9f2fcc4154bb63628f849b639a40caAndreas Gustafsson <filename>rndc.conf</filename> and
a0f6cda5fd9f2fcc4154bb63628f849b639a40caAndreas Gustafsson <filename>named.conf</filename>
a0f6cda5fd9f2fcc4154bb63628f849b639a40caAndreas Gustafsson as directed.
a0f6cda5fd9f2fcc4154bb63628f849b639a40caAndreas Gustafsson </para>
a0f6cda5fd9f2fcc4154bb63628f849b639a40caAndreas Gustafsson </listitem>
a0f6cda5fd9f2fcc4154bb63628f849b639a40caAndreas Gustafsson </varlistentry>
a0f6cda5fd9f2fcc4154bb63628f849b639a40caAndreas Gustafsson
a0f6cda5fd9f2fcc4154bb63628f849b639a40caAndreas Gustafsson <varlistentry>
a0f6cda5fd9f2fcc4154bb63628f849b639a40caAndreas Gustafsson <term>-b <replaceable class="parameter">keysize</replaceable></term>
7193a1762e428cfba06907e51fa9e4bce3b5569aAndreas Gustafsson <listitem>
7193a1762e428cfba06907e51fa9e4bce3b5569aAndreas Gustafsson <para>
7193a1762e428cfba06907e51fa9e4bce3b5569aAndreas Gustafsson Specifies the size of the authentication key in bits.
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence Must be between 1 and 512 bits; the default is 128.
7193a1762e428cfba06907e51fa9e4bce3b5569aAndreas Gustafsson </para>
7193a1762e428cfba06907e51fa9e4bce3b5569aAndreas Gustafsson </listitem>
7193a1762e428cfba06907e51fa9e4bce3b5569aAndreas Gustafsson </varlistentry>
7193a1762e428cfba06907e51fa9e4bce3b5569aAndreas Gustafsson
7193a1762e428cfba06907e51fa9e4bce3b5569aAndreas Gustafsson <varlistentry>
7193a1762e428cfba06907e51fa9e4bce3b5569aAndreas Gustafsson <term>-c <replaceable class="parameter">keyfile</replaceable></term>
7193a1762e428cfba06907e51fa9e4bce3b5569aAndreas Gustafsson <listitem>
7193a1762e428cfba06907e51fa9e4bce3b5569aAndreas Gustafsson <para>
7193a1762e428cfba06907e51fa9e4bce3b5569aAndreas Gustafsson Used with the <command>-a</command> option to specify
7193a1762e428cfba06907e51fa9e4bce3b5569aAndreas Gustafsson an alternate location for <filename>rndc.key</filename>.
7193a1762e428cfba06907e51fa9e4bce3b5569aAndreas Gustafsson </para>
7193a1762e428cfba06907e51fa9e4bce3b5569aAndreas Gustafsson </listitem>
7193a1762e428cfba06907e51fa9e4bce3b5569aAndreas Gustafsson </varlistentry>
7193a1762e428cfba06907e51fa9e4bce3b5569aAndreas Gustafsson
7193a1762e428cfba06907e51fa9e4bce3b5569aAndreas Gustafsson <varlistentry>
7193a1762e428cfba06907e51fa9e4bce3b5569aAndreas Gustafsson <term>-h</term>
7193a1762e428cfba06907e51fa9e4bce3b5569aAndreas Gustafsson <listitem>
7193a1762e428cfba06907e51fa9e4bce3b5569aAndreas Gustafsson <para>
7193a1762e428cfba06907e51fa9e4bce3b5569aAndreas Gustafsson Prints a short summary of the options and arguments to
7193a1762e428cfba06907e51fa9e4bce3b5569aAndreas Gustafsson <command>rndc-confgen</command>.
7193a1762e428cfba06907e51fa9e4bce3b5569aAndreas Gustafsson </para>
a0f6cda5fd9f2fcc4154bb63628f849b639a40caAndreas Gustafsson </listitem>
a0f6cda5fd9f2fcc4154bb63628f849b639a40caAndreas Gustafsson </varlistentry>
a0f6cda5fd9f2fcc4154bb63628f849b639a40caAndreas Gustafsson
a0f6cda5fd9f2fcc4154bb63628f849b639a40caAndreas Gustafsson <varlistentry>
5542df09597c479be604da0ece8271cbc6fd9c4aDavid Lawrence <term>-k <replaceable class="parameter">keyname</replaceable></term>
5542df09597c479be604da0ece8271cbc6fd9c4aDavid Lawrence <listitem>
1687985cdfc3a4c330c5bdb02c131835f8756e3cBob Halley <para>
1687985cdfc3a4c330c5bdb02c131835f8756e3cBob Halley Specifies the key name of the rndc authentication key.
11d435aa4cf77e035445978f7e3776a3589715fdAndreas Gustafsson This must be a valid domain name.
5542df09597c479be604da0ece8271cbc6fd9c4aDavid Lawrence The default is <constant>rndc-key</constant>.
5542df09597c479be604da0ece8271cbc6fd9c4aDavid Lawrence </para>
1687985cdfc3a4c330c5bdb02c131835f8756e3cBob Halley </listitem>
1687985cdfc3a4c330c5bdb02c131835f8756e3cBob Halley </varlistentry>
8582a1e113c13886ccbd1b534d6c240315767be6Bob Halley
a0f6cda5fd9f2fcc4154bb63628f849b639a40caAndreas Gustafsson <varlistentry>
1687985cdfc3a4c330c5bdb02c131835f8756e3cBob Halley <term>-p <replaceable class="parameter">port</replaceable></term>
1687985cdfc3a4c330c5bdb02c131835f8756e3cBob Halley <listitem>
1687985cdfc3a4c330c5bdb02c131835f8756e3cBob Halley <para>
1687985cdfc3a4c330c5bdb02c131835f8756e3cBob Halley Specifies the command channel port where <command>named</command>
1687985cdfc3a4c330c5bdb02c131835f8756e3cBob Halley listens for connections from <command>rndc</command>.
1687985cdfc3a4c330c5bdb02c131835f8756e3cBob Halley The default is 953.
1687985cdfc3a4c330c5bdb02c131835f8756e3cBob Halley </para>
1687985cdfc3a4c330c5bdb02c131835f8756e3cBob Halley </listitem>
1687985cdfc3a4c330c5bdb02c131835f8756e3cBob Halley </varlistentry>
<varlistentry>
<term>-r <replaceable class="parameter">randomfile</replaceable></term>
<listitem>
<para>
Specifies a source of random data for generating the
authorization. If the operating
system does not provide a <filename>/dev/random</filename>
or equivalent device, the default source of randomness
is keyboard input. <filename>randomdev</filename>
specifies
the name of a character device or file containing random
data to be used instead of the default. The special value
<filename>keyboard</filename> indicates that keyboard
input should be used.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-s <replaceable class="parameter">address</replaceable></term>
<listitem>
<para>
Specifies the IP address where <command>named</command>
listens for command channel connections from
<command>rndc</command>. The default is the loopback
address 127.0.0.1.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-t <replaceable class="parameter">chrootdir</replaceable></term>
<listitem>
<para>
Used with the <command>-a</command> option to specify
a directory where <command>named</command> will run
chrooted. An additional copy of the <filename>rndc.key</filename>
will be written relative to this directory so that
it will be found by the chrooted <command>named</command>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-u <replaceable class="parameter">user</replaceable></term>
<listitem>
<para>
Used with the <command>-a</command> option to set the
owner
of the <filename>rndc.key</filename> file generated.
If
<command>-t</command> is also specified only the file
in
the chroot area has its owner changed.
</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>EXAMPLES</title>
<para>
To allow <command>rndc</command> to be used with
no manual configuration, run
</para>
<para><userinput>rndc-confgen -a</userinput>
</para>
<para>
To print a sample <filename>rndc.conf</filename> file and
corresponding <command>controls</command> and <command>key</command>
statements to be manually inserted into <filename>named.conf</filename>,
run
</para>
<para><userinput>rndc-confgen</userinput>
</para>
</refsect1>
<refsect1>
<title>SEE ALSO</title>
<para><citerefentry>
<refentrytitle>rndc</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>rndc.conf</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citetitle>BIND 9 Administrator Reference Manual</citetitle>.
</para>
</refsect1>
<refsect1>
<title>AUTHOR</title>
<para><corpauthor>Internet Systems Consortium</corpauthor>
</para>
</refsect1>
</refentry><!--
- Local variables:
- mode: sgml
- End:
-->