bin/confgen/rndc-confgen.html

	rndc-confgen.html revision 5347c0fcb04eaea19d9f39795646239f487c6207
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg<!--
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg - Copyright (C) 2001, 2003-2005, 2007, 2009, 2013-2016 Internet Systems Consortium, Inc. ("ISC")
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg -
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg - This Source Code Form is subject to the terms of the Mozilla Public
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg - License, v. 2.0. If a copy of the MPL was not distributed with this
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg - file, You can obtain one at http://mozilla.org/MPL/2.0/.
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg-->
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg<html>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg<head>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg<title>rndc-confgen</title>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
0662ed52e814f8f08ef0e09956413a792584eddffuankg</head>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg<a name="man.rndc-confgen"></a><div class="titlepage"></div>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg<div class="refnamediv">
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg<h2>Name</h2>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg<p><span class="application">rndc-confgen</span> &#8212; rndc key generation tool</p>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg</div>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg<div class="refsynopsisdiv">
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg<h2>Synopsis</h2>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg<div class="cmdsynopsis"><p><code class="command">rndc-confgen</code>  [<code class="option">-a</code>] [<code class="option">-A <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-b <em class="replaceable"><code>keysize</code></em></code>] [<code class="option">-c <em class="replaceable"><code>keyfile</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>keyname</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>] [<code class="option">-s <em class="replaceable"><code>address</code></em></code>] [<code class="option">-t <em class="replaceable"><code>chrootdir</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>]</p></div>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg</div>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg<div class="refsection">
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg<a name="id-1.7"></a><h2>DESCRIPTION</h2>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg<p><span class="command"><strong>rndc-confgen</strong></span>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg      generates configuration files
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg      for <span class="command"><strong>rndc</strong></span>.  It can be used as a
44f575c8cb19a7a5cd61664a7848be6bc197df02fuankg      convenient alternative to writing the
16b55a35cff91315d261d1baa776138af465c4e4fuankg      <code class="filename">rndc.conf</code> file
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg      and the corresponding <span class="command"><strong>controls</strong></span>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg      and <span class="command"><strong>key</strong></span>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg      statements in <code class="filename">named.conf</code> by hand.
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg      Alternatively, it can be run with the <span class="command"><strong>-a</strong></span>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg      option to set up a <code class="filename">rndc.key</code> file and
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg      avoid the need for a <code class="filename">rndc.conf</code> file
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg      and a <span class="command"><strong>controls</strong></span> statement altogether.
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg    </p>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg</div>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg<div class="refsection">
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg<a name="id-1.8"></a><h2>OPTIONS</h2>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg<div class="variablelist"><dl class="variablelist">
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg<dt><span class="term">-a</span></dt>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg<dd>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg<p>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg            Do automatic <span class="command"><strong>rndc</strong></span> configuration.
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg            This creates a file <code class="filename">rndc.key</code>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg            in <code class="filename">/etc</code> (or whatever
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg            <code class="varname">sysconfdir</code>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg            was specified as when <acronym class="acronym">BIND</acronym> was
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg            built)
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg            that is read by both <span class="command"><strong>rndc</strong></span>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg            and <span class="command"><strong>named</strong></span> on startup.  The
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg            <code class="filename">rndc.key</code> file defines a default
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg            command channel and authentication key allowing
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg            <span class="command"><strong>rndc</strong></span> to communicate with
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg            <span class="command"><strong>named</strong></span> on the local host
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg            with no further configuration.
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg          </p>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg<p>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg            Running <span class="command"><strong>rndc-confgen -a</strong></span> allows
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg            BIND 9 and <span class="command"><strong>rndc</strong></span> to be used as
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg            drop-in
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg            replacements for BIND 8 and <span class="command"><strong>ndc</strong></span>,
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg            with no changes to the existing BIND 8
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg            <code class="filename">named.conf</code> file.
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg          </p>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg<p>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg            If a more elaborate configuration than that
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg            generated by <span class="command"><strong>rndc-confgen -a</strong></span>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg            is required, for example if rndc is to be used remotely,
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg            you should run <span class="command"><strong>rndc-confgen</strong></span> without
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg            the
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg            <span class="command"><strong>-a</strong></span> option and set up a
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg            <code class="filename">rndc.conf</code> and
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg            <code class="filename">named.conf</code>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg            as directed.
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg          </p>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg</dd>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg<dt><span class="term">-A <em class="replaceable"><code>algorithm</code></em></span></dt>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg<dd><p>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg            Specifies the algorithm to use for the TSIG key.  Available
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg            choices are: hmac-md5, hmac-sha1, hmac-sha224, hmac-sha256,
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg            hmac-sha384 and hmac-sha512.  The default is hmac-md5.
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg          </p></dd>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg<dt><span class="term">-b <em class="replaceable"><code>keysize</code></em></span></dt>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg<dd><p>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg            Specifies the size of the authentication key in bits.
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg            Must be between 1 and 512 bits; the default is the
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg            hash size.
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg          </p></dd>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg<dt><span class="term">-c <em class="replaceable"><code>keyfile</code></em></span></dt>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg<dd><p>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg            Used with the <span class="command"><strong>-a</strong></span> option to specify
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg            an alternate location for <code class="filename">rndc.key</code>.
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg          </p></dd>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg<dt><span class="term">-h</span></dt>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg<dd><p>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg            Prints a short summary of the options and arguments to
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg            <span class="command"><strong>rndc-confgen</strong></span>.
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg          </p></dd>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg<dt><span class="term">-k <em class="replaceable"><code>keyname</code></em></span></dt>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg<dd><p>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg            Specifies the key name of the rndc authentication key.
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg            This must be a valid domain name.
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg            The default is <code class="constant">rndc-key</code>.
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg          </p></dd>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg<dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg<dd><p>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg            Specifies the command channel port where <span class="command"><strong>named</strong></span>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg            listens for connections from <span class="command"><strong>rndc</strong></span>.
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg            The default is 953.
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg          </p></dd>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg<dt><span class="term">-r <em class="replaceable"><code>randomfile</code></em></span></dt>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg<dd><p>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg            Specifies a source of random data for generating the
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg            authorization.  If the operating
0662ed52e814f8f08ef0e09956413a792584eddffuankg            system does not provide a <code class="filename">/dev/random</code>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg            or equivalent device, the default source of randomness
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg            is keyboard input.  <code class="filename">randomdev</code>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg            specifies
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg            the name of a character device or file containing random
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg            data to be used instead of the default.  The special value
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg            <code class="filename">keyboard</code> indicates that keyboard
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg            input should be used.
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg          </p></dd>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg<dt><span class="term">-s <em class="replaceable"><code>address</code></em></span></dt>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg<dd><p>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg            Specifies the IP address where <span class="command"><strong>named</strong></span>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg            listens for command channel connections from
0662ed52e814f8f08ef0e09956413a792584eddffuankg            <span class="command"><strong>rndc</strong></span>.  The default is the loopback
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg            address 127.0.0.1.
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg          </p></dd>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg<dt><span class="term">-t <em class="replaceable"><code>chrootdir</code></em></span></dt>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg<dd><p>
0662ed52e814f8f08ef0e09956413a792584eddffuankg            Used with the <span class="command"><strong>-a</strong></span> option to specify
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg            a directory where <span class="command"><strong>named</strong></span> will run
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg            chrooted.  An additional copy of the <code class="filename">rndc.key</code>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg            will be written relative to this directory so that
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg            it will be found by the chrooted <span class="command"><strong>named</strong></span>.
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg          </p></dd>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg<dt><span class="term">-u <em class="replaceable"><code>user</code></em></span></dt>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg<dd><p>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg            Used with the <span class="command"><strong>-a</strong></span> option to set the
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg            owner
0662ed52e814f8f08ef0e09956413a792584eddffuankg            of the <code class="filename">rndc.key</code> file generated.
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg            If
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg            <span class="command"><strong>-t</strong></span> is also specified only the file
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg            in
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg            the chroot area has its owner changed.
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg          </p></dd>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg</dl></div>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg</div>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg<div class="refsection">
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg<a name="id-1.9"></a><h2>EXAMPLES</h2>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg<p>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg      To allow <span class="command"><strong>rndc</strong></span> to be used with
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg      no manual configuration, run
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg    </p>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg<p><strong class="userinput"><code>rndc-confgen -a</code></strong>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg    </p>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg<p>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg      To print a sample <code class="filename">rndc.conf</code> file and
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg      corresponding <span class="command"><strong>controls</strong></span> and <span class="command"><strong>key</strong></span>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg      statements to be manually inserted into <code class="filename">named.conf</code>,
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg      run
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg    </p>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg<p><strong class="userinput"><code>rndc-confgen</code></strong>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg    </p>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg</div>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg<div class="refsection">
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg<a name="id-1.10"></a><h2>SEE ALSO</h2>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg<p><span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg      <span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>,
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg      <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg      <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg    </p>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg</div>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg</div></body>
ff7e89a077d93c243bd8261cf3c72b13732ab5b4fuankg</html>
cf7ca2f9eaa6523fefcccba4287b91637391fb51fuankg