de47fb992b4c3414ac5b445d5cab364b0b8b8b43Mark de Reeper<html>

de47fb992b4c3414ac5b445d5cab364b0b8b8b43Mark de Reeper<head>

de47fb992b4c3414ac5b445d5cab364b0b8b8b43Mark de Reeper<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">

de47fb992b4c3414ac5b445d5cab364b0b8b8b43Mark de Reeper<title>ddns-confgen</title>

de47fb992b4c3414ac5b445d5cab364b0b8b8b43Mark de Reeper<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">

de47fb992b4c3414ac5b445d5cab364b0b8b8b43Mark de Reeper<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">

de47fb992b4c3414ac5b445d5cab364b0b8b8b43Mark de Reeper<link rel="up" href="Bv9ARM.ch13.html" title="Manual pages">

de47fb992b4c3414ac5b445d5cab364b0b8b8b43Mark de Reeper<link rel="prev" href="man.rndc-confgen.html" title="rndc-confgen">

de47fb992b4c3414ac5b445d5cab364b0b8b8b43Mark de Reeper<link rel="next" href="man.arpaname.html" title="arpaname">

de47fb992b4c3414ac5b445d5cab364b0b8b8b43Mark de Reeper</head>

de47fb992b4c3414ac5b445d5cab364b0b8b8b43Mark de Reeper<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">

de47fb992b4c3414ac5b445d5cab364b0b8b8b43Mark de Reeper<div class="navheader">

de47fb992b4c3414ac5b445d5cab364b0b8b8b43Mark de Reeper<table width="100%" summary="Navigation header">

de47fb992b4c3414ac5b445d5cab364b0b8b8b43Mark de Reeper<tr><th colspan="3" align="center"><span class="application">ddns-confgen</span></th></tr>

de47fb992b4c3414ac5b445d5cab364b0b8b8b43Mark de Reeper<tr>

de47fb992b4c3414ac5b445d5cab364b0b8b8b43Mark de Reeper<td width="20%" align="left">

de47fb992b4c3414ac5b445d5cab364b0b8b8b43Mark de Reeper<a accesskey="p" href="man.rndc-confgen.html">Prev</a>�</td>

de47fb992b4c3414ac5b445d5cab364b0b8b8b43Mark de Reeper<th width="60%" align="center">Manual pages</th>

de47fb992b4c3414ac5b445d5cab364b0b8b8b43Mark de Reeper<td width="20%" align="right">�<a accesskey="n" href="man.arpaname.html">Next</a>

de47fb992b4c3414ac5b445d5cab364b0b8b8b43Mark de Reeper</td>

de47fb992b4c3414ac5b445d5cab364b0b8b8b43Mark de Reeper</tr>

de47fb992b4c3414ac5b445d5cab364b0b8b8b43Mark de Reeper</table>

de47fb992b4c3414ac5b445d5cab364b0b8b8b43Mark de Reeper<hr>

de47fb992b4c3414ac5b445d5cab364b0b8b8b43Mark de Reeper</div>

de47fb992b4c3414ac5b445d5cab364b0b8b8b43Mark de Reeper<div class="refentry">

de47fb992b4c3414ac5b445d5cab364b0b8b8b43Mark de Reeper<a name="man.ddns-confgen"></a><div class="titlepage"></div>

de47fb992b4c3414ac5b445d5cab364b0b8b8b43Mark de Reeper<div class="refnamediv">

de47fb992b4c3414ac5b445d5cab364b0b8b8b43Mark de Reeper<h2>Name</h2>

de47fb992b4c3414ac5b445d5cab364b0b8b8b43Mark de Reeper<p><span class="application">ddns-confgen</span> &#8212; ddns key generation tool</p>

de47fb992b4c3414ac5b445d5cab364b0b8b8b43Mark de Reeper</div>

de47fb992b4c3414ac5b445d5cab364b0b8b8b43Mark de Reeper<div class="refsynopsisdiv">

de47fb992b4c3414ac5b445d5cab364b0b8b8b43Mark de Reeper<h2>Synopsis</h2>

de47fb992b4c3414ac5b445d5cab364b0b8b8b43Mark de Reeper<div class="cmdsynopsis"><p><code class="command">tsig-keygen</code> [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-h</code>] [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>] [name]</p></div>

de47fb992b4c3414ac5b445d5cab364b0b8b8b43Mark de Reeper<div class="cmdsynopsis"><p><code class="command">ddns-confgen</code> [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>keyname</code></em></code>] [<code class="option">-q</code>] [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>] [ -s <em class="replaceable"><code>name</code></em> | -z <em class="replaceable"><code>zone</code></em> ]</p></div>

de47fb992b4c3414ac5b445d5cab364b0b8b8b43Mark de Reeper</div>

de47fb992b4c3414ac5b445d5cab364b0b8b8b43Mark de Reeper<div class="refsection">

de47fb992b4c3414ac5b445d5cab364b0b8b8b43Mark de Reeper<a name="id-1.14.28.7"></a><h2>DESCRIPTION</h2>

de47fb992b4c3414ac5b445d5cab364b0b8b8b43Mark de Reeper<p>

de47fb992b4c3414ac5b445d5cab364b0b8b8b43Mark de Reeper <span class="command"><strong>tsig-keygen</strong></span> and <span class="command"><strong>ddns-confgen</strong></span>

de47fb992b4c3414ac5b445d5cab364b0b8b8b43Mark de Reeper are invocation methods for a utility that generates keys for use

de47fb992b4c3414ac5b445d5cab364b0b8b8b43Mark de Reeper in TSIG signing. The resulting keys can be used, for example,

de47fb992b4c3414ac5b445d5cab364b0b8b8b43Mark de Reeper to secure dynamic DNS updates to a zone or for the

de47fb992b4c3414ac5b445d5cab364b0b8b8b43Mark de Reeper <span class="command"><strong>rndc</strong></span> command channel.

de47fb992b4c3414ac5b445d5cab364b0b8b8b43Mark de Reeper </p>

de47fb992b4c3414ac5b445d5cab364b0b8b8b43Mark de Reeper<p>

de47fb992b4c3414ac5b445d5cab364b0b8b8b43Mark de Reeper When run as <span class="command"><strong>tsig-keygen</strong></span>, a domain name

de47fb992b4c3414ac5b445d5cab364b0b8b8b43Mark de Reeper can be specified on the command line which will be used as

de47fb992b4c3414ac5b445d5cab364b0b8b8b43Mark de Reeper the name of the generated key. If no name is specified,

de47fb992b4c3414ac5b445d5cab364b0b8b8b43Mark de Reeper the default is <code class="constant">tsig-key</code>.

de47fb992b4c3414ac5b445d5cab364b0b8b8b43Mark de Reeper </p>

de47fb992b4c3414ac5b445d5cab364b0b8b8b43Mark de Reeper<p>

de47fb992b4c3414ac5b445d5cab364b0b8b8b43Mark de Reeper When run as <span class="command"><strong>ddns-confgen</strong></span>, the generated

de47fb992b4c3414ac5b445d5cab364b0b8b8b43Mark de Reeper key is accompanied by configuration text and instructions

de47fb992b4c3414ac5b445d5cab364b0b8b8b43Mark de Reeper that can be used with <span class="command"><strong>nsupdate</strong></span> and

de47fb992b4c3414ac5b445d5cab364b0b8b8b43Mark de Reeper <span class="command"><strong>named</strong></span> when setting up dynamic DNS,

de47fb992b4c3414ac5b445d5cab364b0b8b8b43Mark de Reeper including an example <span class="command"><strong>update-policy</strong></span>

de47fb992b4c3414ac5b445d5cab364b0b8b8b43Mark de Reeper statement. (This usage similar to the

de47fb992b4c3414ac5b445d5cab364b0b8b8b43Mark de Reeper <span class="command"><strong>rndc-confgen</strong></span> command for setting

de47fb992b4c3414ac5b445d5cab364b0b8b8b43Mark de Reeper up command channel security.)

de47fb992b4c3414ac5b445d5cab364b0b8b8b43Mark de Reeper </p>

de47fb992b4c3414ac5b445d5cab364b0b8b8b43Mark de Reeper<p>

de47fb992b4c3414ac5b445d5cab364b0b8b8b43Mark de Reeper Note that <span class="command"><strong>named</strong></span> itself can configure a

de47fb992b4c3414ac5b445d5cab364b0b8b8b43Mark de Reeper local DDNS key for use with <span class="command"><strong>nsupdate -l</strong></span>:

de47fb992b4c3414ac5b445d5cab364b0b8b8b43Mark de Reeper it does this when a zone is configured with

de47fb992b4c3414ac5b445d5cab364b0b8b8b43Mark de Reeper <span class="command"><strong>update-policy local;</strong></span>.

de47fb992b4c3414ac5b445d5cab364b0b8b8b43Mark de Reeper <span class="command"><strong>ddns-confgen</strong></span> is only needed when a

de47fb992b4c3414ac5b445d5cab364b0b8b8b43Mark de Reeper more elaborate configuration is required: for instance,

if <span class="command"><strong>nsupdate</strong></span> is to be used from a remote

system.

</p>

</div>

<div class="refsection">

<a name="id-1.14.28.8"></a><h2>OPTIONS</h2>

<div class="variablelist"><dl class="variablelist">

<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>

<dd><p>

Specifies the algorithm to use for the TSIG key. Available

choices are: hmac-md5, hmac-sha1, hmac-sha224, hmac-sha256,

hmac-sha384 and hmac-sha512. The default is hmac-sha256.

Options are case-insensitive, and the "hmac-" prefix

may be omitted.

</p></dd>

<dt><span class="term">-h</span></dt>

<dd><p>

Prints a short summary of options and arguments.

</p></dd>

<dt><span class="term">-k <em class="replaceable"><code>keyname</code></em></span></dt>

<dd><p>

Specifies the key name of the DDNS authentication key.

The default is <code class="constant">ddns-key</code> when neither

the <code class="option">-s</code> nor <code class="option">-z</code> option is

specified; otherwise, the default

is <code class="constant">ddns-key</code> as a separate label

followed by the argument of the option, e.g.,

<code class="constant">ddns-key.example.com.</code>

The key name must have the format of a valid domain name,

consisting of letters, digits, hyphens and periods.

</p></dd>

<dt><span class="term">-q</span></dt>

<dd><p>

(<span class="command"><strong>ddns-confgen</strong></span> only.) Quiet mode: Print

only the key, with no explanatory text or usage examples;

This is essentially identical to <span class="command"><strong>tsig-keygen</strong></span>.

</p></dd>

<dt><span class="term">-r <em class="replaceable"><code>randomfile</code></em></span></dt>

<dd><p>

Specifies a source of random data for generating the

authorization. If the operating system does not provide a

<code class="filename">/dev/random</code> or equivalent device, the

default source of randomness is keyboard input.

<code class="filename">randomdev</code> specifies the name of a

character device or file containing random data to be used

instead of the default. The special value

<code class="filename">keyboard</code> indicates that keyboard input

should be used.

</p></dd>

<dt><span class="term">-s <em class="replaceable"><code>name</code></em></span></dt>

<dd><p>

(<span class="command"><strong>ddns-confgen</strong></span> only.)

Generate configuration example to allow dynamic updates

of a single hostname. The example <span class="command"><strong>named.conf</strong></span>

text shows how to set an update policy for the specified

<em class="replaceable"><code>name</code></em>

using the "name" nametype. The default key name is

ddns-key.<em class="replaceable"><code>name</code></em>.

Note that the "self" nametype cannot be used, since

the name to be updated may differ from the key name.

This option cannot be used with the <code class="option">-z</code> option.

</p></dd>

<dt><span class="term">-z <em class="replaceable"><code>zone</code></em></span></dt>

<dd><p>

(<span class="command"><strong>ddns-confgen</strong></span> only.)

Generate configuration example to allow dynamic updates

of a zone: The example <span class="command"><strong>named.conf</strong></span> text

shows how to set an update policy for the specified

<em class="replaceable"><code>zone</code></em>

using the "zonesub" nametype, allowing updates to

all subdomain names within that

<em class="replaceable"><code>zone</code></em>.

This option cannot be used with the <code class="option">-s</code> option.

</p></dd>

</dl></div>

</div>

<div class="refsection">

<a name="id-1.14.28.9"></a><h2>SEE ALSO</h2>

<p><span class="citerefentry"><span class="refentrytitle">nsupdate</span>(1)</span>,

<span class="citerefentry"><span class="refentrytitle">named.conf</span>(5)</span>,

<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,

<em class="citetitle">BIND 9 Administrator Reference Manual</em>.

</p>

</div>

</div>

<div class="navfooter">

<hr>

<table width="100%" summary="Navigation footer">

<tr>

<td width="40%" align="left">

<a accesskey="p" href="man.rndc-confgen.html">Prev</a>�</td>

<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch13.html">Up</a></td>

<td width="40%" align="right">�<a accesskey="n" href="man.arpaname.html">Next</a>

</td>

</tr>

<tr>

<td width="40%" align="left" valign="top">

<span class="application">rndc-confgen</span>�</td>

<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>

<td width="40%" align="right" valign="top">�<span class="application">arpaname</span>

</td>

</tr>

</table>

</div>

<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.0b3</p>

</body>

</html>