141 lines
4.4 KiB
Text
141 lines
4.4 KiB
Text
.\" Man page generated from reStructuredText.
|
|
.
|
|
.
|
|
.nr rst2man-indent-level 0
|
|
.
|
|
.de1 rstReportMargin
|
|
\\$1 \\n[an-margin]
|
|
level \\n[rst2man-indent-level]
|
|
level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
|
|
-
|
|
\\n[rst2man-indent0]
|
|
\\n[rst2man-indent1]
|
|
\\n[rst2man-indent2]
|
|
..
|
|
.de1 INDENT
|
|
.\" .rstReportMargin pre:
|
|
. RS \\$1
|
|
. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
|
|
. nr rst2man-indent-level +1
|
|
.\" .rstReportMargin post:
|
|
..
|
|
.de UNINDENT
|
|
. RE
|
|
.\" indent \\n[an-margin]
|
|
.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
|
|
.nr rst2man-indent-level -1
|
|
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
|
|
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
|
|
..
|
|
.TH "RNDC-CONFGEN" "8" "@RELEASE_DATE@" "@PACKAGE_VERSION@" "BIND 9"
|
|
.SH NAME
|
|
rndc-confgen \- rndc key generation tool
|
|
.SH SYNOPSIS
|
|
.sp
|
|
\fBrndc\-confgen\fP [\fB\-a\fP] [\fB\-A\fP algorithm] [\fB\-b\fP keysize] [\fB\-c\fP keyfile] [\fB\-h\fP] [\fB\-k\fP keyname] [\fB\-p\fP port] [\fB\-s\fP address] [\fB\-t\fP chrootdir] [\fB\-u\fP user]
|
|
.SH DESCRIPTION
|
|
.sp
|
|
\fBrndc\-confgen\fP generates configuration files for \fI\%rndc\fP\&. It can be
|
|
used as a convenient alternative to writing the \fI\%rndc.conf\fP file and
|
|
the corresponding \fBcontrols\fP and \fBkey\fP statements in \fI\%named.conf\fP
|
|
by hand. Alternatively, it can be run with the \fI\%\-a\fP option to set up a
|
|
\fBrndc.key\fP file and avoid the need for a \fI\%rndc.conf\fP file and a
|
|
\fBcontrols\fP statement altogether.
|
|
.SH OPTIONS
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \-a
|
|
This option sets automatic \fI\%rndc\fP configuration, which creates a file
|
|
\fB@sysconfdir@/rndc.key\fP that is read by both \fI\%rndc\fP and \fI\%named\fP on startup.
|
|
The \fBrndc.key\fP file defines a default command channel and
|
|
authentication key allowing \fI\%rndc\fP to communicate with \fI\%named\fP on
|
|
the local host with no further configuration.
|
|
.sp
|
|
If a more elaborate configuration than that generated by
|
|
\fI\%rndc\-confgen \-a\fP is required, for example if rndc is to be used
|
|
remotely, run \fBrndc\-confgen\fP without the \fI\%\-a\fP option
|
|
and set up \fI\%rndc.conf\fP and \fI\%named.conf\fP as directed.
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \-A algorithm
|
|
This option specifies the algorithm to use for the TSIG key. Available choices
|
|
are: hmac\-md5, hmac\-sha1, hmac\-sha224, hmac\-sha256, hmac\-sha384, and
|
|
hmac\-sha512. The default is hmac\-sha256.
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \-b keysize
|
|
This option specifies the size of the authentication key in bits. The size must be between
|
|
1 and 512 bits; the default is the hash size.
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \-c keyfile
|
|
This option is used with the \fI\%\-a\fP option to specify an alternate location for
|
|
\fBrndc.key\fP\&.
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \-h
|
|
This option prints a short summary of the options and arguments to
|
|
\fBrndc\-confgen\fP\&.
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \-k keyname
|
|
This option specifies the key name of the \fI\%rndc\fP authentication key. This must be a
|
|
valid domain name. The default is \fBrndc\-key\fP\&.
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \-p port
|
|
This option specifies the command channel port where \fI\%named\fP listens for
|
|
connections from \fI\%rndc\fP\&. The default is 953.
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \-q
|
|
This option prevets printing the written path in automatic configuration mode.
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \-s address
|
|
This option specifies the IP address where \fI\%named\fP listens for command\-channel
|
|
connections from \fI\%rndc\fP\&. The default is the loopback address
|
|
127.0.0.1.
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \-t chrootdir
|
|
This option is used with the \fI\%\-a\fP option to specify a directory where \fI\%named\fP
|
|
runs chrooted. An additional copy of the \fBrndc.key\fP is
|
|
written relative to this directory, so that it is found by the
|
|
chrooted \fI\%named\fP\&.
|
|
.UNINDENT
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \-u user
|
|
This option is used with the \fI\%\-a\fP option to set the owner of the generated \fBrndc.key\fP file.
|
|
If \fI\%\-t\fP is also specified, only the file in the chroot
|
|
area has its owner changed.
|
|
.UNINDENT
|
|
.SH EXAMPLES
|
|
.sp
|
|
To allow \fI\%rndc\fP to be used with no manual configuration, run:
|
|
.sp
|
|
\fBrndc\-confgen \-a\fP
|
|
.sp
|
|
To print a sample \fI\%rndc.conf\fP file and the corresponding \fBcontrols\fP and
|
|
\fBkey\fP statements to be manually inserted into \fI\%named.conf\fP, run:
|
|
.sp
|
|
\fBrndc\-confgen\fP
|
|
.SH SEE ALSO
|
|
.sp
|
|
\fI\%rndc(8)\fP, \fI\%rndc.conf(5)\fP, \fI\%named(8)\fP, BIND 9 Administrator Reference Manual.
|
|
.SH AUTHOR
|
|
Internet Systems Consortium
|
|
.SH COPYRIGHT
|
|
2025, Internet Systems Consortium
|
|
.\" Generated by docutils manpage writer.
|
|
.
|