rndc-confgen (8)
Leading comments
Copyright (C) 2004, 2005, 2007, 2009, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
Copyright (C) 2001, 2003 Internet Software Consortium.
Permission to use, copy, modify, and/or distribute this software for any
purpose with or without fee is hereby granted, provided that the above
copyright notice and this permission notice appear in all copies.
THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANT...
NAME
rndc-confgen - rndc key generation toolSYNOPSIS
- rndc-confgen [-a] [-A algorithm] [-b keysize] [-c keyfile] [-h] [-k keyname] [-p port] [-r randomfile] [-s address] [-t chrootdir] [-u user]
DESCRIPTION
rndc-confgen
OPTIONS
-a
-
Do automatic
rndc
configuration. This creates a file
rndc.key
in
/etc
(or whatever
sysconfdir
was specified as when
BIND
was built) that is read by both
rndc
and
named
on startup. The
rndc.key
file defines a default command channel and authentication key allowing
rndc
to communicate with
named
on the local host with no further configuration.
Running rndc-confgen -a allows BIND 9 and rndc to be used as drop-in replacements for BIND 8 and ndc, with no changes to the existing BIND 8 named.conf file.
If a more elaborate configuration than that generated by rndc-confgen -a is required, for example if rndc is to be used remotely, you should run rndc-confgen without the -a option and set up a rndc.conf and named.conf as directed.
-A algorithm
- Specifies the algorithm to use for the TSIG key. Available choices are: hmac-md5, hmac-sha1, hmac-sha224, hmac-sha256, hmac-sha384 and hmac-sha512. The default is hmac-md5.
-b keysize
- Specifies the size of the authentication key in bits. Must be between 1 and 512 bits; the default is the hash size.
-c keyfile
- Used with the -a option to specify an alternate location for rndc.key.
-h
- Prints a short summary of the options and arguments to rndc-confgen.
-k keyname
- Specifies the key name of the rndc authentication key. This must be a valid domain name. The default is rndc-key.
-p port
- Specifies the command channel port where named listens for connections from rndc. The default is 953.
-r randomfile
- Specifies a source of random data for generating the authorization. If the operating system does not provide a /dev/random or equivalent device, the default source of randomness is keyboard input. randomdev specifies the name of a character device or file containing random data to be used instead of the default. The special value keyboard indicates that keyboard input should be used.
-s address
- Specifies the IP address where named listens for command channel connections from rndc. The default is the loopback address 127.0.0.1.
-t chrootdir
- Used with the -a option to specify a directory where named will run chrooted. An additional copy of the rndc.key will be written relative to this directory so that it will be found by the chrooted named.
-u user
- Used with the -a option to set the owner of the rndc.key file generated. If -t is also specified only the file in the chroot area has its owner changed.
EXAMPLES
To allow rndc to be used with no manual configuration, run
rndc-confgen -a
To print a sample rndc.conf file and corresponding controls and key statements to be manually inserted into named.conf, run
rndc-confgen
SEE ALSO
rndc(8), rndc.conf(5), named(8), BIND 9 Administrator Reference Manual.
AUTHOR
Internet Systems Consortium
COPYRIGHT
Copyright © 2004, 2005, 2007, 2009, 2013, 2014 Internet Systems Consortium, Inc. ("ISC")Copyright © 2001, 2003 Internet Software Consortium.