diff options
Diffstat (limited to '')
-rw-r--r-- | bin/confgen/ddns-confgen.rst | 88 |
1 files changed, 88 insertions, 0 deletions
diff --git a/bin/confgen/ddns-confgen.rst b/bin/confgen/ddns-confgen.rst new file mode 100644 index 0000000..52ae412 --- /dev/null +++ b/bin/confgen/ddns-confgen.rst @@ -0,0 +1,88 @@ +.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") +.. +.. SPDX-License-Identifier: MPL-2.0 +.. +.. This Source Code Form is subject to the terms of the Mozilla Public +.. License, v. 2.0. If a copy of the MPL was not distributed with this +.. file, you can obtain one at https://mozilla.org/MPL/2.0/. +.. +.. See the COPYRIGHT file distributed with this work for additional +.. information regarding copyright ownership. + +.. highlight: console + +.. BEWARE: Do not forget to edit also tsig-keygen.rst! + +.. _man_ddns-confgen: + +ddns-confgen - TSIG key generation tool +--------------------------------------- + +Synopsis +~~~~~~~~ +:program:`ddns-confgen` [**-a** algorithm] [**-h**] [**-k** keyname] [**-q**] [**-s** name] [**-z** zone] + +Description +~~~~~~~~~~~ + +``ddns-confgen`` is an utility that generates keys for use in TSIG signing. +The resulting keys can be used, for example, to secure dynamic DNS updates +to a zone, or for the ``rndc`` command channel. + +The key name can specified using ``-k`` parameter and defaults to ``ddns-key``. +The generated key is accompanied by configuration text and instructions that +can be used with ``nsupdate`` and ``named`` when setting up dynamic DNS, +including an example ``update-policy`` statement. +(This usage is similar to the ``rndc-confgen`` command for setting up +command-channel security.) + +Note that ``named`` itself can configure a local DDNS key for use with +``nsupdate -l``; it does this when a zone is configured with +``update-policy local;``. ``ddns-confgen`` is only needed when a more +elaborate configuration is required: for instance, if ``nsupdate`` is to +be used from a remote system. + +Options +~~~~~~~ + +``-a algorithm`` + This option specifies the algorithm to use for the TSIG key. Available + choices are: hmac-md5, hmac-sha1, hmac-sha224, hmac-sha256, hmac-sha384, + and hmac-sha512. The default is hmac-sha256. Options are + case-insensitive, and the "hmac-" prefix may be omitted. + +``-h`` + This option prints a short summary of options and arguments. + +``-k keyname`` + This option specifies the key name of the DDNS authentication key. The + default is ``ddns-key`` when neither the ``-s`` nor ``-z`` option is + specified; otherwise, the default is ``ddns-key`` as a separate label + followed by the argument of the option, e.g., ``ddns-key.example.com.`` + The key name must have the format of a valid domain name, consisting of + letters, digits, hyphens, and periods. + +``-q`` + This option enables quiet mode, which prints only the key, with no + explanatory text or usage examples. This is essentially identical to + ``tsig-keygen``. + +``-s name`` + This option generates a configuration example to allow dynamic updates + of a single hostname. The example ``named.conf`` text shows how to set + an update policy for the specified name using the "name" nametype. The + default key name is ``ddns-key.name``. Note that the "self" nametype + cannot be used, since the name to be updated may differ from the key + name. This option cannot be used with the ``-z`` option. + +``-z zone`` + This option generates a configuration example to allow + dynamic updates of a zone. The example ``named.conf`` text shows how + to set an update policy for the specified zone using the "zonesub" + nametype, allowing updates to all subdomain names within that zone. + This option cannot be used with the ``-s`` option. + +See Also +~~~~~~~~ + +:manpage:`nsupdate(1)`, :manpage:`named.conf(5)`, :manpage:`named(8)`, BIND 9 Administrator Reference Manual. |