rndc-confgen.docbook revision c40906dfad6dd6e3a3e3c94b8c8847bc9bc064e5
137N/A<!--
137N/A - Copyright (C) 2001, 2003-2005, 2007, 2009, 2013-2016 Internet Systems Consortium, Inc. ("ISC")
137N/A -
137N/A - This Source Code Form is subject to the terms of the Mozilla Public
137N/A - License, v. 2.0. If a copy of the MPL was not distributed with this
137N/A - file, You can obtain one at http://mozilla.org/MPL/2.0/.
137N/A-->
137N/A
6982N/A<!-- Converted by db4-upgrade version 1.0 -->
6982N/A<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="man.rndc-confgen">
137N/A <info>
137N/A <date>2013-03-14</date>
137N/A </info>
137N/A <refentryinfo>
6982N/A <corpname>ISC</corpname>
6982N/A <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
6982N/A </refentryinfo>
6982N/A
137N/A <refmeta>
137N/A <refentrytitle><application>rndc-confgen</application></refentrytitle>
137N/A <manvolnum>8</manvolnum>
137N/A <refmiscinfo>BIND9</refmiscinfo>
137N/A </refmeta>
3232N/A
6795N/A <refnamediv>
137N/A <refname><application>rndc-confgen</application></refname>
137N/A <refpurpose>rndc key generation tool</refpurpose>
137N/A </refnamediv>
1552N/A
1552N/A <docinfo>
1552N/A <copyright>
1552N/A <year>2001</year>
1552N/A <year>2003</year>
137N/A <year>2004</year>
1552N/A <year>2005</year>
1552N/A <year>2007</year>
1552N/A <year>2009</year>
1689N/A <year>2013</year>
1552N/A <year>2014</year>
3853N/A <year>2015</year>
1552N/A <year>2016</year>
1552N/A <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
1552N/A </copyright>
1552N/A </docinfo>
1552N/A
137N/A <refsynopsisdiv>
137N/A <cmdsynopsis sepchar=" ">
137N/A <command>rndc-confgen</command>
2128N/A <arg choice="opt" rep="norepeat"><option>-a</option></arg>
137N/A <arg choice="opt" rep="norepeat"><option>-A <replaceable class="parameter">algorithm</replaceable></option></arg>
2342N/A <arg choice="opt" rep="norepeat"><option>-b <replaceable class="parameter">keysize</replaceable></option></arg>
137N/A <arg choice="opt" rep="norepeat"><option>-c <replaceable class="parameter">keyfile</replaceable></option></arg>
1552N/A <arg choice="opt" rep="norepeat"><option>-h</option></arg>
1552N/A <arg choice="opt" rep="norepeat"><option>-k <replaceable class="parameter">keyname</replaceable></option></arg>
1552N/A <arg choice="opt" rep="norepeat"><option>-p <replaceable class="parameter">port</replaceable></option></arg>
2128N/A <arg choice="opt" rep="norepeat"><option>-r <replaceable class="parameter">randomfile</replaceable></option></arg>
1552N/A <arg choice="opt" rep="norepeat"><option>-s <replaceable class="parameter">address</replaceable></option></arg>
1552N/A <arg choice="opt" rep="norepeat"><option>-t <replaceable class="parameter">chrootdir</replaceable></option></arg>
1552N/A <arg choice="opt" rep="norepeat"><option>-u <replaceable class="parameter">user</replaceable></option></arg>
3601N/A </cmdsynopsis>
1552N/A </refsynopsisdiv>
1552N/A
1552N/A <refsection><info><title>DESCRIPTION</title></info>
2342N/A
2128N/A <para><command>rndc-confgen</command>
2128N/A generates configuration files
1552N/A for <command>rndc</command>. It can be used as a
1552N/A convenient alternative to writing the
1552N/A <filename>rndc.conf</filename> file
1552N/A and the corresponding <command>controls</command>
1552N/A and <command>key</command>
1552N/A statements in <filename>named.conf</filename> by hand.
1552N/A Alternatively, it can be run with the <command>-a</command>
1552N/A option to set up a <filename>rndc.key</filename> file and
1552N/A avoid the need for a <filename>rndc.conf</filename> file
1552N/A and a <command>controls</command> statement altogether.
1552N/A </para>
1552N/A
1552N/A </refsection>
2128N/A
6795N/A <refsection><info><title>OPTIONS</title></info>
1552N/A
1552N/A
1552N/A <variablelist>
1552N/A <varlistentry>
1552N/A <term>-a</term>
1552N/A <listitem>
1552N/A <para>
1552N/A Do automatic <command>rndc</command> configuration.
1552N/A This creates a file <filename>rndc.key</filename>
1552N/A in <filename>/etc</filename> (or whatever
1552N/A <varname>sysconfdir</varname>
1552N/A was specified as when <acronym>BIND</acronym> was
1552N/A built)
1552N/A that is read by both <command>rndc</command>
1552N/A and <command>named</command> on startup. The
1552N/A <filename>rndc.key</filename> file defines a default
1552N/A command channel and authentication key allowing
1552N/A <command>rndc</command> to communicate with
1552N/A <command>named</command> on the local host
1552N/A with no further configuration.
6795N/A </para>
1552N/A <para>
1552N/A Running <command>rndc-confgen -a</command> allows
1552N/A BIND 9 and <command>rndc</command> to be used as
1552N/A drop-in
1552N/A replacements for BIND 8 and <command>ndc</command>,
1552N/A with no changes to the existing BIND 8
1552N/A <filename>named.conf</filename> file.
1552N/A </para>
1552N/A <para>
1552N/A If a more elaborate configuration than that
4428N/A generated by <command>rndc-confgen -a</command>
1552N/A is required, for example if rndc is to be used remotely,
1552N/A you should run <command>rndc-confgen</command> without
1552N/A the
1552N/A <command>-a</command> option and set up a
1552N/A <filename>rndc.conf</filename> and
2128N/A <filename>named.conf</filename>
1552N/A as directed.
1552N/A </para>
1552N/A </listitem>
1552N/A </varlistentry>
1552N/A
1552N/A <varlistentry>
1552N/A <term>-A <replaceable class="parameter">algorithm</replaceable></term>
1552N/A <listitem>
1552N/A <para>
1552N/A Specifies the algorithm to use for the TSIG key. Available
3853N/A choices are: hmac-md5, hmac-sha1, hmac-sha224, hmac-sha256,
2624N/A hmac-sha384 and hmac-sha512. The default is hmac-md5 or
1689N/A if MD5 was disabled hmac-sha256.
1552N/A </para>
5902N/A </listitem>
5902N/A </varlistentry>
1552N/A
1552N/A <varlistentry>
1552N/A <term>-b <replaceable class="parameter">keysize</replaceable></term>
1552N/A <listitem>
1552N/A <para>
1552N/A Specifies the size of the authentication key in bits.
1552N/A Must be between 1 and 512 bits; the default is the
hash size.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-c <replaceable class="parameter">keyfile</replaceable></term>
<listitem>
<para>
Used with the <command>-a</command> option to specify
an alternate location for <filename>rndc.key</filename>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-h</term>
<listitem>
<para>
Prints a short summary of the options and arguments to
<command>rndc-confgen</command>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-k <replaceable class="parameter">keyname</replaceable></term>
<listitem>
<para>
Specifies the key name of the rndc authentication key.
This must be a valid domain name.
The default is <constant>rndc-key</constant>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-p <replaceable class="parameter">port</replaceable></term>
<listitem>
<para>
Specifies the command channel port where <command>named</command>
listens for connections from <command>rndc</command>.
The default is 953.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-r <replaceable class="parameter">randomfile</replaceable></term>
<listitem>
<para>
Specifies a source of random data for generating the
authorization. If the operating
system does not provide a <filename>/dev/random</filename>
or equivalent device, the default source of randomness
is keyboard input. <filename>randomdev</filename>
specifies
the name of a character device or file containing random
data to be used instead of the default. The special value
<filename>keyboard</filename> indicates that keyboard
input should be used.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-s <replaceable class="parameter">address</replaceable></term>
<listitem>
<para>
Specifies the IP address where <command>named</command>
listens for command channel connections from
<command>rndc</command>. The default is the loopback
address 127.0.0.1.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-t <replaceable class="parameter">chrootdir</replaceable></term>
<listitem>
<para>
Used with the <command>-a</command> option to specify
a directory where <command>named</command> will run
chrooted. An additional copy of the <filename>rndc.key</filename>
will be written relative to this directory so that
it will be found by the chrooted <command>named</command>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-u <replaceable class="parameter">user</replaceable></term>
<listitem>
<para>
Used with the <command>-a</command> option to set the
owner
of the <filename>rndc.key</filename> file generated.
If
<command>-t</command> is also specified only the file
in
the chroot area has its owner changed.
</para>
</listitem>
</varlistentry>
</variablelist>
</refsection>
<refsection><info><title>EXAMPLES</title></info>
<para>
To allow <command>rndc</command> to be used with
no manual configuration, run
</para>
<para><userinput>rndc-confgen -a</userinput>
</para>
<para>
To print a sample <filename>rndc.conf</filename> file and
corresponding <command>controls</command> and <command>key</command>
statements to be manually inserted into <filename>named.conf</filename>,
run
</para>
<para><userinput>rndc-confgen</userinput>
</para>
</refsection>
<refsection><info><title>SEE ALSO</title></info>
<para><citerefentry>
<refentrytitle>rndc</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>rndc.conf</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citetitle>BIND 9 Administrator Reference Manual</citetitle>.
</para>
</refsection>
</refentry>