.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") .. .. SPDX-License-Identifier: MPL-2.0 .. .. This Source Code Form is subject to the terms of the Mozilla Public .. License, v. 2.0. If a copy of the MPL was not distributed with this .. file, you can obtain one at https://mozilla.org/MPL/2.0/. .. .. See the COPYRIGHT file distributed with this work for additional .. information regarding copyright ownership. .. highlight: console .. _man_rndc-confgen: rndc-confgen - rndc key generation tool --------------------------------------- Synopsis ~~~~~~~~ :program:`rndc-confgen` [**-a**] [**-A** algorithm] [**-b** keysize] [**-c** keyfile] [**-h**] [**-k** keyname] [**-p** port] [**-s** address] [**-t** chrootdir] [**-u** user] Description ~~~~~~~~~~~ ``rndc-confgen`` generates configuration files for ``rndc``. It can be used as a convenient alternative to writing the ``rndc.conf`` file and the corresponding ``controls`` and ``key`` statements in ``named.conf`` by hand. Alternatively, it can be run with the ``-a`` option to set up a ``rndc.key`` file and avoid the need for a ``rndc.conf`` file and a ``controls`` statement altogether. Options ~~~~~~~ ``-a`` This option sets automatic ``rndc`` configuration, which creates a file ``rndc.key`` in ``/etc`` (or a different ``sysconfdir`` specified when BIND was built) that is read by both ``rndc`` and ``named`` on startup. The ``rndc.key`` file defines a default command channel and authentication key allowing ``rndc`` to communicate with ``named`` on the local host with no further configuration. If a more elaborate configuration than that generated by ``rndc-confgen -a`` is required, for example if rndc is to be used remotely, run ``rndc-confgen`` without the ``-a`` option and set up ``rndc.conf`` and ``named.conf`` as directed. ``-A algorithm`` This option specifies the algorithm to use for the TSIG key. Available choices are: hmac-md5, hmac-sha1, hmac-sha224, hmac-sha256, hmac-sha384, and hmac-sha512. The default is hmac-sha256. ``-b keysize`` This option specifies the size of the authentication key in bits. The size must be between 1 and 512 bits; the default is the hash size. ``-c keyfile`` This option is used with the ``-a`` option to specify an alternate location for ``rndc.key``. ``-h`` This option prints a short summary of the options and arguments to ``rndc-confgen``. ``-k keyname`` This option specifies the key name of the ``rndc`` authentication key. This must be a valid domain name. The default is ``rndc-key``. ``-p port`` This option specifies the command channel port where ``named`` listens for connections from ``rndc``. The default is 953. ``-s address`` This option specifies the IP address where ``named`` listens for command-channel connections from ``rndc``. The default is the loopback address 127.0.0.1. ``-t chrootdir`` This option is used with the ``-a`` option to specify a directory where ``named`` runs chrooted. An additional copy of the ``rndc.key`` is written relative to this directory, so that it is found by the chrooted ``named``. ``-u user`` This option is used with the ``-a`` option to set the owner of the generated ``rndc.key`` file. If ``-t`` is also specified, only the file in the chroot area has its owner changed. Examples ~~~~~~~~ To allow ``rndc`` to be used with no manual configuration, run: ``rndc-confgen -a`` To print a sample ``rndc.conf`` file and the corresponding ``controls`` and ``key`` statements to be manually inserted into ``named.conf``, run: ``rndc-confgen`` See Also ~~~~~~~~ :manpage:`rndc(8)`, :manpage:`rndc.conf(5)`, :manpage:`named(8)`, BIND 9 Administrator Reference Manual.