rndc-confgen

+ + + + + +

Name

+ rndc-confgen + — rndc key generation tool +

+ + + +

Synopsis

+ rndc-confgen + [-a] + [-A algorithm] + [-b keysize] + [-c keyfile] + [-h] + [-k keyname] + [-p port] + [-r randomfile] + [-s address] + [-t chrootdir] + [-u user] +

+ +

DESCRIPTION

+ +

rndc-confgen + generates configuration files + for rndc. It can be used as a + convenient alternative to writing the + rndc.conf file + and the corresponding controls + and key + statements in named.conf by hand. + Alternatively, it can be run with the -a + option to set up a rndc.key file and + avoid the need for a rndc.conf file + and a controls statement altogether. +

+ +

OPTIONS

+ + +

-a

+ Do automatic rndc configuration. + This creates a file rndc.key + in /etc (or whatever + sysconfdir + was specified as when BIND was + built) + that is read by both rndc + and named on startup. The + rndc.key file defines a default + command channel and authentication key allowing + rndc to communicate with + named on the local host + with no further configuration. +

+ Running rndc-confgen -a allows + BIND 9 and rndc to be used as + drop-in + replacements for BIND 8 and ndc, + with no changes to the existing BIND 8 + named.conf file. +

+ If a more elaborate configuration than that + generated by rndc-confgen -a + is required, for example if rndc is to be used remotely, + you should run rndc-confgen without + the + -a option and set up a + rndc.conf and + named.conf + as directed. +

-A algorithm

+ Specifies the algorithm to use for the TSIG key. Available + choices are: hmac-md5, hmac-sha1, hmac-sha224, hmac-sha256, + hmac-sha384 and hmac-sha512. The default is hmac-md5 or + if MD5 was disabled hmac-sha256. +

-b keysize

+ Specifies the size of the authentication key in bits. + Must be between 1 and 512 bits; the default is the + hash size. +

-c keyfile

+ Used with the -a option to specify + an alternate location for rndc.key. +

-h

+ Prints a short summary of the options and arguments to + rndc-confgen. +

-k keyname

+ Specifies the key name of the rndc authentication key. + This must be a valid domain name. + The default is rndc-key. +

-p port

+ Specifies the command channel port where named + listens for connections from rndc. + The default is 953. +

-r randomfile

+ Specifies a source of random data for generating the + authorization. If the operating + system does not provide a /dev/random + or equivalent device, the default source of randomness + is keyboard input. randomdev + specifies + the name of a character device or file containing random + data to be used instead of the default. The special value + keyboard indicates that keyboard + input should be used. +

-s address

+ Specifies the IP address where named + listens for command channel connections from + rndc. The default is the loopback + address 127.0.0.1. +

-t chrootdir

+ Used with the -a option to specify + a directory where named will run + chrooted. An additional copy of the rndc.key + will be written relative to this directory so that + it will be found by the chrooted named. +

-u user

+ Used with the -a option to set the + owner + of the rndc.key file generated. + If + -t is also specified only the file + in + the chroot area has its owner changed. +

+ +

EXAMPLES

+ +

+ To allow rndc to be used with + no manual configuration, run +

rndc-confgen -a +

+ To print a sample rndc.conf file and + corresponding controls and key + statements to be manually inserted into named.conf, + run +

rndc-confgen +

+ +

Name

Synopsis

DESCRIPTION

OPTIONS

EXAMPLES

SEE ALSO