man.rndc-confgen.html revision a24330c4805a224191ab687d0291963062fe3355
816e576f77e2c46df3e3d97d65822aa8aded7c4bDavid Lawrence - Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
2d54cf04fc02db7c369592b6f91bbd1330df3387Andreas Gustafsson - Copyright (C) 2000-2003 Internet Software Consortium.
9c3531d72aeaad6c5f01efe6a1c82023e1379e4dDavid Lawrence - Permission to use, copy, modify, and/or distribute this software for any
2d54cf04fc02db7c369592b6f91bbd1330df3387Andreas Gustafsson - purpose with or without fee is hereby granted, provided that the above
2d54cf04fc02db7c369592b6f91bbd1330df3387Andreas Gustafsson - copyright notice and this permission notice appear in all copies.
2d54cf04fc02db7c369592b6f91bbd1330df3387Andreas Gustafsson - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
2d54cf04fc02db7c369592b6f91bbd1330df3387Andreas Gustafsson - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
2d54cf04fc02db7c369592b6f91bbd1330df3387Andreas Gustafsson - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
2d54cf04fc02db7c369592b6f91bbd1330df3387Andreas Gustafsson - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
36bc6a0a8312de762caf1e984efe15c8e7170d9dAndreas Gustafsson - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
36bc6a0a8312de762caf1e984efe15c8e7170d9dAndreas Gustafsson - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
36bc6a0a8312de762caf1e984efe15c8e7170d9dAndreas Gustafsson - PERFORMANCE OF THIS SOFTWARE.
2d54cf04fc02db7c369592b6f91bbd1330df3387Andreas Gustafsson<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
77527513f94fe78413221a63fd6d383cec32bcafAndreas Gustafsson<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
76458ec215a57c6806afdd831b9c9a30b93344b0Andreas Gustafsson<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
021a3183ec1db24e2b9627bdd059a121c56ab886Andreas Gustafsson<link rel="up" href="Bv9ARM.ch10.html" title="Manual pages">
021a3183ec1db24e2b9627bdd059a121c56ab886Andreas Gustafsson<link rel="prev" href="man.rndc.conf.html" title="rndc.conf">
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence<link rel="next" href="man.ddns-confgen.html" title="ddns-confgen">
76458ec215a57c6806afdd831b9c9a30b93344b0Andreas Gustafsson<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
72e278abc7c73059de68017eceae7d5138ee98c1Andreas Gustafsson<table width="100%" summary="Navigation header">
76458ec215a57c6806afdd831b9c9a30b93344b0Andreas Gustafsson<tr><th colspan="3" align="center"><span class="application">rndc-confgen</span></th></tr>
a1bb4b0e4f71fb2878050905087d279cfa87b786Andreas Gustafsson<a accesskey="p" href="man.rndc.conf.html">Prev</a>�</td>
a1bb4b0e4f71fb2878050905087d279cfa87b786Andreas Gustafsson<th width="60%" align="center">Manual pages</th>
b976f9c60a09f4a098852d0653ad5df6842557a7Andreas Gustafsson<td width="20%" align="right">�<a accesskey="n" href="man.ddns-confgen.html">Next</a>
63404af69b0b99b8fa551e92702921f01c3bbfd7Andreas Gustafsson<a name="man.rndc-confgen"></a><div class="titlepage"></div>
f7aa8ce0b3cf7f5df618a42beecf8d5517c000acAndreas Gustafsson<p><span class="application">rndc-confgen</span> — rndc key generation tool</p>
63404af69b0b99b8fa551e92702921f01c3bbfd7Andreas Gustafsson<div class="cmdsynopsis"><p><code class="command">rndc-confgen</code> [<code class="option">-a</code>] [<code class="option">-A <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-b <em class="replaceable"><code>keysize</code></em></code>] [<code class="option">-c <em class="replaceable"><code>keyfile</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>keyname</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>] [<code class="option">-s <em class="replaceable"><code>address</code></em></code>] [<code class="option">-t <em class="replaceable"><code>chrootdir</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>]</p></div>
f7aa8ce0b3cf7f5df618a42beecf8d5517c000acAndreas Gustafsson<a name="id2657958"></a><h2>DESCRIPTION</h2>
63404af69b0b99b8fa551e92702921f01c3bbfd7Andreas Gustafsson<p><span><strong class="command">rndc-confgen</strong></span>
63404af69b0b99b8fa551e92702921f01c3bbfd7Andreas Gustafsson generates configuration files
63404af69b0b99b8fa551e92702921f01c3bbfd7Andreas Gustafsson for <span><strong class="command">rndc</strong></span>. It can be used as a
63404af69b0b99b8fa551e92702921f01c3bbfd7Andreas Gustafsson convenient alternative to writing the
63404af69b0b99b8fa551e92702921f01c3bbfd7Andreas Gustafsson <code class="filename">rndc.conf</code> file
72e278abc7c73059de68017eceae7d5138ee98c1Andreas Gustafsson and the corresponding <span><strong class="command">controls</strong></span>
72e278abc7c73059de68017eceae7d5138ee98c1Andreas Gustafsson and <span><strong class="command">key</strong></span>
2d54cf04fc02db7c369592b6f91bbd1330df3387Andreas Gustafsson statements in <code class="filename">named.conf</code> by hand.
3d4a70fe38769e42b943717256208b63fec05f32Andreas Gustafsson Alternatively, it can be run with the <span><strong class="command">-a</strong></span>
3d4a70fe38769e42b943717256208b63fec05f32Andreas Gustafsson option to set up a <code class="filename">rndc.key</code> file and
36bc6a0a8312de762caf1e984efe15c8e7170d9dAndreas Gustafsson avoid the need for a <code class="filename">rndc.conf</code> file
36bc6a0a8312de762caf1e984efe15c8e7170d9dAndreas Gustafsson and a <span><strong class="command">controls</strong></span> statement altogether.
04bdb234571448ed6194e1d4048e6512f2446f1cDavid Lawrence Do automatic <span><strong class="command">rndc</strong></span> configuration.
f7aa8ce0b3cf7f5df618a42beecf8d5517c000acAndreas Gustafsson This creates a file <code class="filename">rndc.key</code>
f7aa8ce0b3cf7f5df618a42beecf8d5517c000acAndreas Gustafsson in <code class="filename">/etc</code> (or whatever
04bdb234571448ed6194e1d4048e6512f2446f1cDavid Lawrence was specified as when <acronym class="acronym">BIND</acronym> was
021a3183ec1db24e2b9627bdd059a121c56ab886Andreas Gustafsson that is read by both <span><strong class="command">rndc</strong></span>
021a3183ec1db24e2b9627bdd059a121c56ab886Andreas Gustafsson and <span><strong class="command">named</strong></span> on startup. The
04bdb234571448ed6194e1d4048e6512f2446f1cDavid Lawrence <code class="filename">rndc.key</code> file defines a default
1ae59f0202d4dd5f41f978804b092115c6e053eaDavid Lawrence command channel and authentication key allowing
04bdb234571448ed6194e1d4048e6512f2446f1cDavid Lawrence <span><strong class="command">rndc</strong></span> to communicate with
04bdb234571448ed6194e1d4048e6512f2446f1cDavid Lawrence <span><strong class="command">named</strong></span> on the local host
04bdb234571448ed6194e1d4048e6512f2446f1cDavid Lawrence with no further configuration.
1ae59f0202d4dd5f41f978804b092115c6e053eaDavid Lawrence Running <span><strong class="command">rndc-confgen -a</strong></span> allows
04bdb234571448ed6194e1d4048e6512f2446f1cDavid Lawrence BIND 9 and <span><strong class="command">rndc</strong></span> to be used as
04bdb234571448ed6194e1d4048e6512f2446f1cDavid Lawrence replacements for BIND 8 and <span><strong class="command">ndc</strong></span>,
04bdb234571448ed6194e1d4048e6512f2446f1cDavid Lawrence with no changes to the existing BIND 8
04bdb234571448ed6194e1d4048e6512f2446f1cDavid Lawrence <code class="filename">named.conf</code> file.
04bdb234571448ed6194e1d4048e6512f2446f1cDavid Lawrence If a more elaborate configuration than that
04bdb234571448ed6194e1d4048e6512f2446f1cDavid Lawrence generated by <span><strong class="command">rndc-confgen -a</strong></span>
04bdb234571448ed6194e1d4048e6512f2446f1cDavid Lawrence is required, for example if rndc is to be used remotely,
04bdb234571448ed6194e1d4048e6512f2446f1cDavid Lawrence you should run <span><strong class="command">rndc-confgen</strong></span> without
04bdb234571448ed6194e1d4048e6512f2446f1cDavid Lawrence <span><strong class="command">-a</strong></span> option and set up a
04bdb234571448ed6194e1d4048e6512f2446f1cDavid Lawrence<dt><span class="term">-A <em class="replaceable"><code>algorithm</code></em></span></dt>
04bdb234571448ed6194e1d4048e6512f2446f1cDavid Lawrence Specifies the algorithm to use for the TSIG key. Available
04bdb234571448ed6194e1d4048e6512f2446f1cDavid Lawrence choices are: hmac-md5, hmac-sha1, hmac-sha224, hmac-sha256,
04bdb234571448ed6194e1d4048e6512f2446f1cDavid Lawrence hmac-sha384 and hmac-sha512. The default is hmac-md5.
1ae59f0202d4dd5f41f978804b092115c6e053eaDavid Lawrence<dt><span class="term">-b <em class="replaceable"><code>keysize</code></em></span></dt>
1ae59f0202d4dd5f41f978804b092115c6e053eaDavid Lawrence Specifies the size of the authentication key in bits.
1ae59f0202d4dd5f41f978804b092115c6e053eaDavid Lawrence Must be between 1 and 512 bits; the default is the
1ae59f0202d4dd5f41f978804b092115c6e053eaDavid Lawrence<dt><span class="term">-c <em class="replaceable"><code>keyfile</code></em></span></dt>
1ae59f0202d4dd5f41f978804b092115c6e053eaDavid Lawrence Used with the <span><strong class="command">-a</strong></span> option to specify
1ae59f0202d4dd5f41f978804b092115c6e053eaDavid Lawrence an alternate location for <code class="filename">rndc.key</code>.
f5eb48652c7ec98514256b5b6e6fd7cbc22b1916Andreas Gustafsson Prints a short summary of the options and arguments to
76458ec215a57c6806afdd831b9c9a30b93344b0Andreas Gustafsson <span><strong class="command">rndc-confgen</strong></span>.
f7aa8ce0b3cf7f5df618a42beecf8d5517c000acAndreas Gustafsson<dt><span class="term">-k <em class="replaceable"><code>keyname</code></em></span></dt>
36bc6a0a8312de762caf1e984efe15c8e7170d9dAndreas Gustafsson Specifies the key name of the rndc authentication key.
36bc6a0a8312de762caf1e984efe15c8e7170d9dAndreas Gustafsson This must be a valid domain name.
36bc6a0a8312de762caf1e984efe15c8e7170d9dAndreas Gustafsson The default is <code class="constant">rndc-key</code>.
20df5357b17d31a3adc4d6f7cfdd9d4f1c5addf2Andreas Gustafsson<dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt>
f7aa8ce0b3cf7f5df618a42beecf8d5517c000acAndreas Gustafsson Specifies the command channel port where <span><strong class="command">named</strong></span>
f7aa8ce0b3cf7f5df618a42beecf8d5517c000acAndreas Gustafsson listens for connections from <span><strong class="command">rndc</strong></span>.
f7aa8ce0b3cf7f5df618a42beecf8d5517c000acAndreas Gustafsson The default is 953.
021a3183ec1db24e2b9627bdd059a121c56ab886Andreas Gustafsson<dt><span class="term">-r <em class="replaceable"><code>randomfile</code></em></span></dt>
36bc6a0a8312de762caf1e984efe15c8e7170d9dAndreas Gustafsson Specifies a source of random data for generating the
f7aa8ce0b3cf7f5df618a42beecf8d5517c000acAndreas Gustafsson authorization. If the operating
36bc6a0a8312de762caf1e984efe15c8e7170d9dAndreas Gustafsson system does not provide a <code class="filename">/dev/random</code>
36bc6a0a8312de762caf1e984efe15c8e7170d9dAndreas Gustafsson or equivalent device, the default source of randomness
36bc6a0a8312de762caf1e984efe15c8e7170d9dAndreas Gustafsson is keyboard input. <code class="filename">randomdev</code>
f7aa8ce0b3cf7f5df618a42beecf8d5517c000acAndreas Gustafsson the name of a character device or file containing random
f7aa8ce0b3cf7f5df618a42beecf8d5517c000acAndreas Gustafsson data to be used instead of the default. The special value
2d54cf04fc02db7c369592b6f91bbd1330df3387Andreas Gustafsson <code class="filename">keyboard</code> indicates that keyboard
021a3183ec1db24e2b9627bdd059a121c56ab886Andreas Gustafsson input should be used.
bc13425bc389e526329bff6164952c4e3841cb70Andreas Gustafsson<dt><span class="term">-s <em class="replaceable"><code>address</code></em></span></dt>
20df5357b17d31a3adc4d6f7cfdd9d4f1c5addf2Andreas Gustafsson Specifies the IP address where <span><strong class="command">named</strong></span>
2d54cf04fc02db7c369592b6f91bbd1330df3387Andreas Gustafsson listens for command channel connections from
bc13425bc389e526329bff6164952c4e3841cb70Andreas Gustafsson <span><strong class="command">rndc</strong></span>. The default is the loopback
f7aa8ce0b3cf7f5df618a42beecf8d5517c000acAndreas Gustafsson address 127.0.0.1.
c7d445ce7f4db5262ba3412eac7b1ee9d053b93dAndreas Gustafsson<dt><span class="term">-t <em class="replaceable"><code>chrootdir</code></em></span></dt>
2d54cf04fc02db7c369592b6f91bbd1330df3387Andreas Gustafsson Used with the <span><strong class="command">-a</strong></span> option to specify
36bc6a0a8312de762caf1e984efe15c8e7170d9dAndreas Gustafsson a directory where <span><strong class="command">named</strong></span> will run
2d54cf04fc02db7c369592b6f91bbd1330df3387Andreas Gustafsson chrooted. An additional copy of the <code class="filename">rndc.key</code>
b976f9c60a09f4a098852d0653ad5df6842557a7Andreas Gustafsson will be written relative to this directory so that
2d54cf04fc02db7c369592b6f91bbd1330df3387Andreas Gustafsson it will be found by the chrooted <span><strong class="command">named</strong></span>.
36bc6a0a8312de762caf1e984efe15c8e7170d9dAndreas Gustafsson<dt><span class="term">-u <em class="replaceable"><code>user</code></em></span></dt>
20df5357b17d31a3adc4d6f7cfdd9d4f1c5addf2Andreas Gustafsson Used with the <span><strong class="command">-a</strong></span> option to set the
36bc6a0a8312de762caf1e984efe15c8e7170d9dAndreas Gustafsson of the <code class="filename">rndc.key</code> file generated.
2d54cf04fc02db7c369592b6f91bbd1330df3387Andreas Gustafsson <span><strong class="command">-t</strong></span> is also specified only the file
2d54cf04fc02db7c369592b6f91bbd1330df3387Andreas Gustafsson the chroot area has its owner changed.