rndc-confgen.docbook revision dafcb997e390efa4423883dafd100c975c4095d6
43b4c41fbb07705c9df321221ab9cb9832460407Christian Maeder<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
456238178f89e5a3de2988ee6c8af924297d52d9Christian Maeder - Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maeder - Copyright (C) 2001, 2003 Internet Software Consortium.
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maeder - Permission to use, copy, modify, and distribute this software for any
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maeder - purpose with or without fee is hereby granted, provided that the above
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maeder - copyright notice and this permission notice appear in all copies.
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maeder - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
f4a2a20e49f41b2afa657e5e64d9e349c7faa091Christian Maeder - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
f2f9df2e17e70674f0bf426ed1763c973ee4cde0Christian Maeder - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
c9a7e6af169a2adfb92f42331cd578065ed83a2bChristian Maeder - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
c9a7e6af169a2adfb92f42331cd578065ed83a2bChristian Maeder - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
456238178f89e5a3de2988ee6c8af924297d52d9Christian Maeder - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maeder - PERFORMANCE OF THIS SOFTWARE.
a53841f6d6e86ac751c12a33dc8aadf53f59d977Klaus Luettich<!-- $Id: rndc-confgen.docbook,v 1.6 2004/03/05 04:58:20 marka Exp $ -->
a737caf82de97c1907027c03e4b4509eb492b4b8Christian Maeder <refentryinfo>
68d10d143f29fcff3c637ba24f90e983995ceae6Christian Maeder </refentryinfo>
3b06e23643a9f65390cb8c1caabe83fa7e87a708Till Mossakowski <refentrytitle><application>rndc-confgen</application></refentrytitle>
e7757995211bd395dc79d26fe017d99375f7d2a6Christian Maeder <refname><application>rndc-confgen</application></refname>
63f0e65a37b95621334db9ee4ba0cd9d826f5c0fChristian Maeder <refpurpose>rndc key generation tool</refpurpose>
63f0e65a37b95621334db9ee4ba0cd9d826f5c0fChristian Maeder </refnamediv>
c0c2380bced8159ff0297ece14eba948bd236471Christian Maeder <refsynopsisdiv>
404166b9366552e9ec5abb87a37c76ec8a815fb7Klaus Luettich <cmdsynopsis>
4d56f2fa72e4aec20eb827c11ed49c8cbb7014bdChristian Maeder <arg><option>-b <replaceable class="parameter">keysize</replaceable></option></arg>
4cb215739e9ab13447fa21162482ebe485b47455Christian Maeder <arg><option>-c <replaceable class="parameter">keyfile</replaceable></option></arg>
404166b9366552e9ec5abb87a37c76ec8a815fb7Klaus Luettich <arg><option>-k <replaceable class="parameter">keyname</replaceable></option></arg>
63f0e65a37b95621334db9ee4ba0cd9d826f5c0fChristian Maeder <arg><option>-p <replaceable class="parameter">port</replaceable></option></arg>
74eed04be26f549d2f7ca35c370e1c03879b28b1Christian Maeder <arg><option>-r <replaceable class="parameter">randomfile</replaceable></option></arg>
d23b0cc79c0d204e6ec758dff8d0ba71c9f693f7Christian Maeder <arg><option>-s <replaceable class="parameter">address</replaceable></option></arg>
8d97ef4f234681b11bb5924bd4d03adef858d2d2Christian Maeder <arg><option>-t <replaceable class="parameter">chrootdir</replaceable></option></arg>
f4a2a20e49f41b2afa657e5e64d9e349c7faa091Christian Maeder <arg><option>-u <replaceable class="parameter">user</replaceable></option></arg>
254df6f22d01eacf7c57b85729e0445747b630d9Christian Maeder </cmdsynopsis>
254df6f22d01eacf7c57b85729e0445747b630d9Christian Maeder </refsynopsisdiv>
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maeder <command>rndc-confgen</command> generates configuration files
7cc09dd93962a2155c34d209d1d4cd7d7b838264Christian Maeder for <command>rndc</command>. It can be used as a
1aee4aaddde105264c1faf394d88e302c05094ffChristian Maeder convenient alternative to writing the
51d769d55d88dfa88bdf54bee78d8fa85a2deba8Christian Maeder and the corresponding <command>controls</command>
7cc09dd93962a2155c34d209d1d4cd7d7b838264Christian Maeder statements in <filename>named.conf</filename> by hand.
51d769d55d88dfa88bdf54bee78d8fa85a2deba8Christian Maeder Alternatively, it can be run with the <command>-a</command>
1aee4aaddde105264c1faf394d88e302c05094ffChristian Maeder option to set up a <filename>rndc.key</filename> file and
1aee4aaddde105264c1faf394d88e302c05094ffChristian Maeder avoid the need for a <filename>rndc.conf</filename> file
c3053d57f642ca507cdf79512e604437c4546cb9Christian Maeder and a <command>controls</command> statement altogether.
8b767d09a78927b111f5596fdff9ca7d2c1a439fChristian Maeder <variablelist>
8b767d09a78927b111f5596fdff9ca7d2c1a439fChristian Maeder <varlistentry>
8b767d09a78927b111f5596fdff9ca7d2c1a439fChristian Maeder Do automatic <command>rndc</command> configuration.
456238178f89e5a3de2988ee6c8af924297d52d9Christian Maeder This creates a file <filename>rndc.key</filename>
23b4e542dca35852f58d1fb3f7d9078c1de5ab06Christian Maeder was specified as when <acronym>BIND</acronym> was built)
8cacad2a09782249243b80985f28e9387019fe40Christian Maeder that is read by both <command>rndc</command>
363939beade943a02b31004cea09dec34fa8a6d9Christian Maeder and <command>named</command> on startup. The
a7c27282e71cf4505026645f96d4f5cb8a284e32Christian Maeder <filename>rndc.key</filename> file defines a default
363939beade943a02b31004cea09dec34fa8a6d9Christian Maeder command channel and authentication key allowing
8a28707e9155465c6f2236a06eac6580a65c7025Christian Maeder <command>rndc</command> to communicate with
797ccd67cb8ae127be097cd43448801b673e3b69Christian Maeder with no further configuration.
f1541d4a151dbd08002dbd14e7eb1d5dde253689Christian Maeder Running <command>rndc-confgen -a</command> allows
498aa48bdb931ab50990d3b74318a5db2312186cChristian Maeder BIND 9 and <command>rndc</command> to be used as drop-in
f1541d4a151dbd08002dbd14e7eb1d5dde253689Christian Maeder replacements for BIND 8 and <command>ndc</command>,
6dc9bc98d0854fe2e3dd3bfc4275096a0c28ee1cChristian Maeder with no changes to the existing BIND 8
61fa0ac06ede811c7aad54ec4c4202346727368eChristian Maeder If a more elaborate configuration than that
c0c2380bced8159ff0297ece14eba948bd236471Christian Maeder generated by <command>rndc-confgen -a</command>
63f0e65a37b95621334db9ee4ba0cd9d826f5c0fChristian Maeder is required, for example if rndc is to be used remotely,
63f0e65a37b95621334db9ee4ba0cd9d826f5c0fChristian Maeder you should run <command>rndc-confgen</command> without the
6a79849bed67264c396dddb3e9c184bdfc1a1bc9Christian Maeder </varlistentry>
ca074a78b8dcccbb8c419586787882f98d0c6163Christian Maeder <varlistentry>
63f0e65a37b95621334db9ee4ba0cd9d826f5c0fChristian Maeder <term>-b <replaceable class="parameter">keysize</replaceable></term>
bc8cbf12aa172bf5673b92a9e7a0151d4aa4c315Christian Maeder Specifies the size of the authentication key in bits.
2d130d212db7208777ca896a7ecad619a8944971Christian Maeder Must be between 1 and 512 bits; the default is 128.
a5e5b8c3e5c11177e5034ef2423813a5d28979edChristian Maeder </varlistentry>
bc8cbf12aa172bf5673b92a9e7a0151d4aa4c315Christian Maeder <varlistentry>
2d130d212db7208777ca896a7ecad619a8944971Christian Maeder <term>-c <replaceable class="parameter">keyfile</replaceable></term>
2d130d212db7208777ca896a7ecad619a8944971Christian Maeder Used with the <command>-a</command> option to specify
6a79849bed67264c396dddb3e9c184bdfc1a1bc9Christian Maeder an alternate location for <filename>rndc.key</filename>.
6a79849bed67264c396dddb3e9c184bdfc1a1bc9Christian Maeder </varlistentry>
4017ebc0f692820736d796af3110c3b3018c108aChristian Maeder <varlistentry>
6a79849bed67264c396dddb3e9c184bdfc1a1bc9Christian Maeder Prints a short summary of the options and arguments to
dc679edd4ca027663212afdf00926ae2ce19b555Christian Maeder </varlistentry>
ca074a78b8dcccbb8c419586787882f98d0c6163Christian Maeder <varlistentry>
63f0e65a37b95621334db9ee4ba0cd9d826f5c0fChristian Maeder <term>-k <replaceable class="parameter">keyname</replaceable></term>
ca074a78b8dcccbb8c419586787882f98d0c6163Christian Maeder Specifies the key name of the rndc authentication key.
4017ebc0f692820736d796af3110c3b3018c108aChristian Maeder This must be a valid domain name.
b568982efd0997d877286faa592d81b03c8c67b8Christian Maeder The default is <constant>rndc-key</constant>.
ca074a78b8dcccbb8c419586787882f98d0c6163Christian Maeder </varlistentry>
63f0e65a37b95621334db9ee4ba0cd9d826f5c0fChristian Maeder <varlistentry>
63f0e65a37b95621334db9ee4ba0cd9d826f5c0fChristian Maeder <term>-p <replaceable class="parameter">port</replaceable></term>
d946c1bfdd7d58aa7c023efe864d5999eb44a61bChristian Maeder Specifies the command channel port where <command>named</command>
d946c1bfdd7d58aa7c023efe864d5999eb44a61bChristian Maeder listens for connections from <command>rndc</command>.
d946c1bfdd7d58aa7c023efe864d5999eb44a61bChristian Maeder The default is 953.
d23b0cc79c0d204e6ec758dff8d0ba71c9f693f7Christian Maeder </varlistentry>
63f0e65a37b95621334db9ee4ba0cd9d826f5c0fChristian Maeder <varlistentry>
ca074a78b8dcccbb8c419586787882f98d0c6163Christian Maeder <term>-r <replaceable class="parameter">randomfile</replaceable></term>
63f0e65a37b95621334db9ee4ba0cd9d826f5c0fChristian Maeder Specifies a source of random data for generating the
ca074a78b8dcccbb8c419586787882f98d0c6163Christian Maeder authorization. If the operating
ca074a78b8dcccbb8c419586787882f98d0c6163Christian Maeder system does not provide a <filename>/dev/random</filename>
d23b0cc79c0d204e6ec758dff8d0ba71c9f693f7Christian Maeder or equivalent device, the default source of randomness
d23b0cc79c0d204e6ec758dff8d0ba71c9f693f7Christian Maeder is keyboard input. <filename>randomdev</filename> specifies
f1541d4a151dbd08002dbd14e7eb1d5dde253689Christian Maeder the name of a character device or file containing random
6dc9bc98d0854fe2e3dd3bfc4275096a0c28ee1cChristian Maeder data to be used instead of the default. The special value
d946c1bfdd7d58aa7c023efe864d5999eb44a61bChristian Maeder <filename>keyboard</filename> indicates that keyboard
e6d5dbbc3308f05197868806e0b860f4f53875f1Christian Maeder input should be used.
eb74267cf39e4e95f9eeb5c765f4c8dac33971b4Christian Maeder </varlistentry>
e4f4d096e5e6d60dd91c746d0e833d0ac7a29c50Christian Maeder <varlistentry>
61fa0ac06ede811c7aad54ec4c4202346727368eChristian Maeder <term>-s <replaceable class="parameter">address</replaceable></term>
363939beade943a02b31004cea09dec34fa8a6d9Christian Maeder Specifies the IP address where <command>named</command>
456238178f89e5a3de2988ee6c8af924297d52d9Christian Maeder listens for command channel connections from
c9a7e6af169a2adfb92f42331cd578065ed83a2bChristian Maeder <command>rndc</command>. The default is the loopback
c9a7e6af169a2adfb92f42331cd578065ed83a2bChristian Maeder address 127.0.0.1.
c9a7e6af169a2adfb92f42331cd578065ed83a2bChristian Maeder </varlistentry>
456238178f89e5a3de2988ee6c8af924297d52d9Christian Maeder <varlistentry>
0e5b095a19790411e5352fa7cf57cb0388e70472Christian Maeder <term>-t <replaceable class="parameter">chrootdir</replaceable></term>
c9a7e6af169a2adfb92f42331cd578065ed83a2bChristian Maeder Used with the <command>-a</command> option to specify
c9a7e6af169a2adfb92f42331cd578065ed83a2bChristian Maeder a directory where <command>named</command> will run
456238178f89e5a3de2988ee6c8af924297d52d9Christian Maeder chrooted. An additional copy of the <filename>rndc.key</filename>
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maeder will be written relative to this directory so that
456238178f89e5a3de2988ee6c8af924297d52d9Christian Maeder it will be found by the chrooted <command>named</command>.
63f0e65a37b95621334db9ee4ba0cd9d826f5c0fChristian Maeder </varlistentry>
6a79849bed67264c396dddb3e9c184bdfc1a1bc9Christian Maeder <varlistentry>
63f0e65a37b95621334db9ee4ba0cd9d826f5c0fChristian Maeder <term>-u <replaceable class="parameter">user</replaceable></term>
93f5b72fdb9ee734caa750b43dd79bbb590dcd73Christian Maeder Used with the <command>-a</command> option to set the owner
93f5b72fdb9ee734caa750b43dd79bbb590dcd73Christian Maeder of the <filename>rndc.key</filename> file generated. If
93f5b72fdb9ee734caa750b43dd79bbb590dcd73Christian Maeder <command>-t</command> is also specified only the file in
93f5b72fdb9ee734caa750b43dd79bbb590dcd73Christian Maeder the chroot area has its owner changed.
06dd4e7c29f33f6122a910719e3bd9062256e397Andy Gimblett </varlistentry>
5b818f10e11fc79def1fdd5c8a080d64a6438d87Christian Maeder </variablelist>
a14767aeac3e78ed100f5b75e210ba563ee10dbaChristian Maeder To allow <command>rndc</command> to be used with
a14767aeac3e78ed100f5b75e210ba563ee10dbaChristian Maeder no manual configuration, run
456238178f89e5a3de2988ee6c8af924297d52d9Christian Maeder To print a sample <filename>rndc.conf</filename> file and
383aa66e5142365fe9b1f88b18c1da5b27cc8c04Christian Maeder corresponding <command>controls</command> and <command>key</command>
383aa66e5142365fe9b1f88b18c1da5b27cc8c04Christian Maeder statements to be manually inserted into <filename>named.conf</filename>,
697e63e30aa3c309a1ef1f9357745111f8dfc5a9Christian Maeder <citerefentry>
f9e0b18852b238ddb649d341194e05d7200d1bbeChristian Maeder </citerefentry>,
f9e0b18852b238ddb649d341194e05d7200d1bbeChristian Maeder <citerefentry>
819e29dba060687cf391e444e0f6ff88c1908cc3Christian Maeder </citerefentry>,
819e29dba060687cf391e444e0f6ff88c1908cc3Christian Maeder <citerefentry>
d23b0cc79c0d204e6ec758dff8d0ba71c9f693f7Christian Maeder </citerefentry>,
d23b0cc79c0d204e6ec758dff8d0ba71c9f693f7Christian Maeder <citetitle>BIND 9 Administrator Reference Manual</citetitle>.
d23b0cc79c0d204e6ec758dff8d0ba71c9f693f7Christian Maeder <corpauthor>Internet Software Consortium</corpauthor>
254df6f22d01eacf7c57b85729e0445747b630d9Christian Maeder - Local variables: