644N/A - Copyright (C) 2004, 2005, 2007, 2009, 2013, 2014 Internet Systems Consortium, Inc. ("ISC") 644N/A - Copyright (C) 2001, 2003 Internet Software Consortium. 688N/A - Permission to use, copy, modify, and/or distribute this software for any 644N/A - purpose with or without fee is hereby granted, provided that the above 644N/A - copyright notice and this permission notice appear in all copies. 644N/A - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 644N/A - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 644N/A - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 644N/A - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 644N/A - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 644N/A - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 644N/A - PERFORMANCE OF THIS SOFTWARE. 644N/A<
meta http-
equiv="Content-Type" content="text/html; charset=ISO-8859-1">
644N/A<
title>rndc-confgen</
title>
644N/A<
meta name="generator" content="DocBook XSL Stylesheets V1.76.1">
644N/A<
body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><
div class="refentry" title="rndc-confgen">
644N/A <
div class="refnamediv">
644N/A <
span class="application">rndc-confgen</
span>
644N/A — rndc key generation tool
644N/A <
div class="refsynopsisdiv" title="Synopsis">
641N/A <
div class="cmdsynopsis"><
p>
693N/A <
code class="command">rndc-confgen</
code>
641N/A [<
code class="option">-a</
code>]
641N/A [<
code class="option">-A <
em class="replaceable"><
code>algorithm</
code></
em></
code>]
641N/A [<
code class="option">-b <
em class="replaceable"><
code>keysize</
code></
em></
code>]
641N/A [<
code class="option">-c <
em class="replaceable"><
code>keyfile</
code></
em></
code>]
641N/A [<
code class="option">-h</
code>]
641N/A [<
code class="option">-k <
em class="replaceable"><
code>keyname</
code></
em></
code>]
641N/A [<
code class="option">-p <
em class="replaceable"><
code>port</
code></
em></
code>]
641N/A [<
code class="option">-r <
em class="replaceable"><
code>randomfile</
code></
em></
code>]
641N/A [<
code class="option">-s <
em class="replaceable"><
code>address</
code></
em></
code>]
641N/A [<
code class="option">-t <
em class="replaceable"><
code>chrootdir</
code></
em></
code>]
641N/A [<
code class="option">-u <
em class="replaceable"><
code>user</
code></
em></
code>]
641N/A <
div class="refsection" title="DESCRIPTION">
699N/A<
a name="idp60934224"></
a><
h2>DESCRIPTION</
h2>
699N/A <
p><
span class="command"><
strong>rndc-confgen</
strong></
span>
699N/A generates configuration files
699N/A for <
span class="command"><
strong>rndc</
strong></
span>. It can be used as a
699N/A convenient alternative to writing the
641N/A and the corresponding <
span class="command"><
strong>controls</
strong></
span>
641N/A and <
span class="command"><
strong>key</
strong></
span>
646N/A Alternatively, it can be run with the <
span class="command"><
strong>-a</
strong></
span>
646N/A option to set up a <
code class="filename">
rndc.key</
code> file and
641N/A and a <
span class="command"><
strong>controls</
strong></
span> statement altogether.
641N/A <
div class="refsection" title="OPTIONS">
641N/A<
a name="idp60939344"></
a><
h2>OPTIONS</
h2>
688N/A <
div class="variablelist"><
dl>
688N/A<
dt><
span class="term">-a</
span></
dt>
728N/A Do automatic <
span class="command"><
strong>rndc</
strong></
span> configuration.
641N/A in <
code class="filename">/etc</
code> (or whatever
641N/A <
code class="varname">sysconfdir</
code>
641N/A was specified as when <
acronym class="acronym">BIND</
acronym> was
641N/A that is read by both <
span class="command"><
strong>rndc</
strong></
span>
641N/A and <
span class="command"><
strong>named</
strong></
span> on startup. The
641N/A command channel and authentication key allowing
641N/A <
span class="command"><
strong>rndc</
strong></
span> to communicate with
641N/A <
span class="command"><
strong>named</
strong></
span> on the local host
641N/A with no further configuration.
641N/A Running <
span class="command"><
strong>rndc-confgen -a</
strong></
span> allows
641N/A BIND 9 and <
span class="command"><
strong>rndc</
strong></
span> to be used as
641N/A replacements for BIND 8 and <
span class="command"><
strong>ndc</
strong></
span>,
641N/A with no changes to the existing BIND 8
641N/A If a more elaborate configuration than that
641N/A generated by <
span class="command"><
strong>rndc-confgen -a</
strong></
span>
641N/A is required, for example if rndc is to be used remotely,
641N/A you should run <
span class="command"><
strong>rndc-confgen</
strong></
span> without
641N/A <
span class="command"><
strong>-a</
strong></
span> option and set up a
728N/A<
dt><
span class="term">-A <
em class="replaceable"><
code>algorithm</
code></
em></
span></
dt>
728N/A Specifies the algorithm to use for the TSIG key. Available
728N/A choices are: hmac-md5, hmac-sha1, hmac-sha224, hmac-sha256,
641N/A hmac-sha384 and hmac-sha512. The default is hmac-md5.
641N/A<
dt><
span class="term">-b <
em class="replaceable"><
code>keysize</
code></
em></
span></
dt>
728N/A Specifies the size of the authentication key in bits.
641N/A Must be between 1 and 512 bits; the default is the
641N/A<
dt><
span class="term">-c <
em class="replaceable"><
code>keyfile</
code></
em></
span></
dt>
641N/A Used with the <
span class="command"><
strong>-a</
strong></
span> option to specify
641N/A an alternate location for <
code class="filename">
rndc.key</
code>.
646N/A<
dt><
span class="term">-h</
span></
dt>
641N/A Prints a short summary of the options and arguments to
641N/A <
span class="command"><
strong>rndc-confgen</
strong></
span>.
641N/A<
dt><
span class="term">-k <
em class="replaceable"><
code>keyname</
code></
em></
span></
dt>
641N/A Specifies the key name of the rndc authentication key.
641N/A This must be a valid domain name.
644N/A The default is <
code class="constant">rndc-key</
code>.
646N/A<
dt><
span class="term">-p <
em class="replaceable"><
code>port</
code></
em></
span></
dt>
641N/A Specifies the command channel port where <
span class="command"><
strong>named</
strong></
span>
641N/A listens for connections from <
span class="command"><
strong>rndc</
strong></
span>.
641N/A<
dt><
span class="term">-r <
em class="replaceable"><
code>randomfile</
code></
em></
span></
dt>
641N/A Specifies a source of random data for generating the
641N/A authorization. If the operating
646N/A or equivalent device, the default source of randomness
646N/A is keyboard input. <
code class="filename">randomdev</
code>
644N/A the name of a character device or file containing random
641N/A data to be used instead of the default. The special value
641N/A <
code class="filename">keyboard</
code> indicates that keyboard
641N/A<
dt><
span class="term">-s <
em class="replaceable"><
code>address</
code></
em></
span></
dt>
641N/A Specifies the IP address where <
span class="command"><
strong>named</
strong></
span>
641N/A listens for command channel connections from
641N/A <
span class="command"><
strong>rndc</
strong></
span>. The default is the loopback
641N/A<
dt><
span class="term">-t <
em class="replaceable"><
code>chrootdir</
code></
em></
span></
dt>
641N/A Used with the <
span class="command"><
strong>-a</
strong></
span> option to specify
641N/A a directory where <
span class="command"><
strong>named</
strong></
span> will run
641N/A chrooted. An additional copy of the <
code class="filename">
rndc.key</
code>
641N/A will be written relative to this directory so that
641N/A it will be found by the chrooted <
span class="command"><
strong>named</
strong></
span>.
641N/A<
dt><
span class="term">-u <
em class="replaceable"><
code>user</
code></
em></
span></
dt>
641N/A Used with the <
span class="command"><
strong>-a</
strong></
span> option to set the
641N/A <
span class="command"><
strong>-t</
strong></
span> is also specified only the file
641N/A the chroot area has its owner changed.
641N/A <
div class="refsection" title="EXAMPLES">
641N/A<
a name="idp61021776"></
a><
h2>EXAMPLES</
h2>
641N/A To allow <
span class="command"><
strong>rndc</
strong></
span> to be used with
641N/A no manual configuration, run
646N/A <
p><
strong class="userinput"><
code>rndc-confgen -a</
code></
strong>
641N/A corresponding <
span class="command"><
strong>controls</
strong></
span> and <
span class="command"><
strong>key</
strong></
span>
641N/A statements to be manually inserted into <
code class="filename">
named.conf</
code>,
641N/A <
p><
strong class="userinput"><
code>rndc-confgen</
code></
strong>
728N/A <
div class="refsection" title="SEE ALSO">
728N/A<
a name="idp61026896"></
a><
h2>SEE ALSO</
h2>
641N/A <
p><
span class="citerefentry">
641N/A <
span class="refentrytitle">rndc</
span>(8)
641N/A <
span class="citerefentry">
641N/A <
span class="citerefentry">
641N/A <
span class="refentrytitle">named</
span>(8)
641N/A <
em class="citetitle">BIND 9 Administrator Reference Manual</
em>.