man.rndc-confgen.html revision aa6c5a3e331958d3c92c2facdbd2b8daa55b5959
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce - Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC")
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce - Copyright (C) 2000-2003 Internet Software Consortium.
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce - Permission to use, copy, modify, and/or distribute this software for any
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce - purpose with or without fee is hereby granted, provided that the above
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce - copyright notice and this permission notice appear in all copies.
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce - PERFORMANCE OF THIS SOFTWARE.
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce<!-- $Id$ -->
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce<link rel="up" href="Bv9ARM.ch13.html" title="Manual pages">
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce<link rel="prev" href="man.rndc.conf.html" title="rndc.conf">
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce<link rel="next" href="man.ddns-confgen.html" title="ddns-confgen">
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
edaadf8de0c86a2cfff2d29215775d42919476f3Pavel Březina<table width="100%" summary="Navigation header">
edaadf8de0c86a2cfff2d29215775d42919476f3Pavel Březina<tr><th colspan="3" align="center"><span class="application">rndc-confgen</span></th></tr>
c1058e96679c7ed1372825bf5226ce7d28a8e6ffPavel Březina<a accesskey="p" href="man.rndc.conf.html">Prev</a>�</td>
dee7a89098b698e756f63e4041734d7322ad8b1ePavel Březina<th width="60%" align="center">Manual pages</th>
ab967283b710dfa05d11ee5b30c7ac916486ceecSimo Sorce<td width="20%" align="right">�<a accesskey="n" href="man.ddns-confgen.html">Next</a>
b9c563c29243291f40489bb0dcbf3946fca72d58Jakub Hrozek<a name="man.rndc-confgen"></a><div class="titlepage"></div>
c6872e79e8496fd075e20aec0343ade99cca725cSimo Sorce<p><span class="application">rndc-confgen</span> — rndc key generation tool</p>
233a3c6c48972b177e60d6ef4cecfacd3cf31659Simo Sorce<div class="cmdsynopsis"><p><code class="command">rndc-confgen</code> [<code class="option">-a</code>] [<code class="option">-A <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-b <em class="replaceable"><code>keysize</code></em></code>] [<code class="option">-c <em class="replaceable"><code>keyfile</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>keyname</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>] [<code class="option">-s <em class="replaceable"><code>address</code></em></code>] [<code class="option">-t <em class="replaceable"><code>chrootdir</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>]</p></div>
7c69221077c780e62f6c536e78675f2dc1c131bcMichal Zidek<p><span><strong class="command">rndc-confgen</strong></span>
aa7202c8ae677becd6c91d6a27a607fe0f3995eePavel Březina generates configuration files
f9961e5f82e0ef474d6492371bfdf9e74e208a99Pavel Březina for <span><strong class="command">rndc</strong></span>. It can be used as a
f9961e5f82e0ef474d6492371bfdf9e74e208a99Pavel Březina convenient alternative to writing the
7a4e3e29196e3abc1746714fcf93624edae89f93Lukas Slebodnik <code class="filename">rndc.conf</code> file
9cb46bc62f22e0104f1b41a423b014c281ef5fc2Jakub Hrozek and the corresponding <span><strong class="command">controls</strong></span>
9cb46bc62f22e0104f1b41a423b014c281ef5fc2Jakub Hrozek and <span><strong class="command">key</strong></span>
9cb46bc62f22e0104f1b41a423b014c281ef5fc2Jakub Hrozek statements in <code class="filename">named.conf</code> by hand.
7caf7ed4f2eae1ec1c0717b4ee6ce78bdacd5926Jakub Hrozek Alternatively, it can be run with the <span><strong class="command">-a</strong></span>
dcc6877aa2e2dd63a9dc9c411a9c58feaeb36b9aStephen Gallagher option to set up a <code class="filename">rndc.key</code> file and
bc30ce9b7d588a17e58012e699986f0d6898b791Pavel Březina avoid the need for a <code class="filename">rndc.conf</code> file
2a96981a0ac781d01e5bba473409ed2bdf4cd4e0Jakub Hrozek and a <span><strong class="command">controls</strong></span> statement altogether.
0c1d65998907930678da2d091789446f2c344d5dJakub Hrozek Do automatic <span><strong class="command">rndc</strong></span> configuration.
a2ea3f5d9ef9f17efbb61e942c2bc6cff7d1ebf2Jakub Hrozek This creates a file <code class="filename">rndc.key</code>
f3a25949de81f80c136bb073e4a8f504b080c20cJakub Hrozek in <code class="filename">/etc</code> (or whatever
8394eddba54b5d3e3fda868145e3751247bdbdb2Michal Zidek was specified as when <acronym class="acronym">BIND</acronym> was
7a4e3e29196e3abc1746714fcf93624edae89f93Lukas Slebodnik that is read by both <span><strong class="command">rndc</strong></span>
1243e093fd31c5660adf1bb3dd477d6935a755beJakub Hrozek and <span><strong class="command">named</strong></span> on startup. The
1243e093fd31c5660adf1bb3dd477d6935a755beJakub Hrozek <code class="filename">rndc.key</code> file defines a default
7a4e3e29196e3abc1746714fcf93624edae89f93Lukas Slebodnik command channel and authentication key allowing
979e8d8d6ed444007eeff6be5269e8dc5d2bdf68Pavel Reichl <span><strong class="command">rndc</strong></span> to communicate with
05d935cc9d04f03522d0bb44598d22d99b085926Jakub Hrozek <span><strong class="command">named</strong></span> on the local host
64ea4127f463798410a2c20e0261c6b15f60257fJakub Hrozek with no further configuration.
b42bf6c0c01db08208fb81d8295a2909d307284aPavel Reichl Running <span><strong class="command">rndc-confgen -a</strong></span> allows
9118a539a5d59f669f551114f880fe91d6bb8741Jakub Hrozek BIND 9 and <span><strong class="command">rndc</strong></span> to be used as
19e44537c28f6d5f011cd7ac885c74c1e892605fSimo Sorce replacements for BIND 8 and <span><strong class="command">ndc</strong></span>,
5f7cd30c865046a7ea69944f7e07c85b4c43465aSumit Bose with no changes to the existing BIND 8
dd285415d7a8d8376207960cfa3e977524c3b98cJakub Hrozek If a more elaborate configuration than that
dd285415d7a8d8376207960cfa3e977524c3b98cJakub Hrozek generated by <span><strong class="command">rndc-confgen -a</strong></span>
beec1ee5799570f34a51ea57674c7291c15f7022Jakub Hrozek is required, for example if rndc is to be used remotely,
fcbcfa69f9291936f01f24b5fcb5a7672dca46f3Jakub Hrozek you should run <span><strong class="command">rndc-confgen</strong></span> without
efc65e78fa4e01e6cecc8690a9899af61213be62Fabiano Fidêncio <span><strong class="command">-a</strong></span> option and set up a
b9c563c29243291f40489bb0dcbf3946fca72d58Jakub Hrozek<dt><span class="term">-A <em class="replaceable"><code>algorithm</code></em></span></dt>
b9c563c29243291f40489bb0dcbf3946fca72d58Jakub Hrozek Specifies the algorithm to use for the TSIG key. Available
b9c563c29243291f40489bb0dcbf3946fca72d58Jakub Hrozek choices are: hmac-md5, hmac-sha1, hmac-sha224, hmac-sha256,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek hmac-sha384 and hmac-sha512. The default is hmac-md5.
300b9e9217ee1ed8d845ed2370c5ccf5c87afb36Pavel Březina<dt><span class="term">-b <em class="replaceable"><code>keysize</code></em></span></dt>
300b9e9217ee1ed8d845ed2370c5ccf5c87afb36Pavel Březina Specifies the size of the authentication key in bits.
300b9e9217ee1ed8d845ed2370c5ccf5c87afb36Pavel Březina Must be between 1 and 512 bits; the default is the
2af80640f18966d65cf82106059ce3c060df93bfamitkuma<dt><span class="term">-c <em class="replaceable"><code>keyfile</code></em></span></dt>
7650ded4ffa87fcf7ce5adf00920fecf89cffcf5Michal Zidek Used with the <span><strong class="command">-a</strong></span> option to specify
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce an alternate location for <code class="filename">rndc.key</code>.
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce Prints a short summary of the options and arguments to
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce <span><strong class="command">rndc-confgen</strong></span>.
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce<dt><span class="term">-k <em class="replaceable"><code>keyname</code></em></span></dt>
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce Specifies the key name of the rndc authentication key.
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce This must be a valid domain name.
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce The default is <code class="constant">rndc-key</code>.